diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/crossplane/provider-aws.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/crossplane/provider-aws.yaml index 455d3b4..88fc0f8 100644 --- a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/crossplane/provider-aws.yaml +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/crossplane/provider-aws.yaml @@ -2,6 +2,17 @@ --- apiVersion: pkg.crossplane.io/v1 kind: Provider +metadata: + annotations: + kapp.k14s.io/change-group: "crd" + name: upbound-provider-family-aws +spec: + package: #@ data.values.crossplane.aws.repo + ":" + data.values.crossplane.aws.tag + controllerConfigRef: + name: upbound-provider-aws +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider metadata: annotations: kapp.k14s.io/change-group: "crd" @@ -13,6 +24,17 @@ spec: --- apiVersion: pkg.crossplane.io/v1 kind: Provider +metadata: + annotations: + kapp.k14s.io/change-group: "crd" + name: upbound-provider-aws-ec2 +spec: + package: #@ data.values.crossplane.ec2.repo + ":" + data.values.crossplane.ec2.tag + controllerConfigRef: + name: upbound-provider-aws +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider metadata: annotations: kapp.k14s.io/change-group: "crd" diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/clusterconfig.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/clusterconfig.yaml index f5a07ed..ac8120a 100644 --- a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/clusterconfig.yaml +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/clusterconfig.yaml @@ -12,18 +12,12 @@ spec: name: region - default: #@ data.values.aws.accountId name: accountId - - default: #@ data.values.aws.vpc - name: vpc - - default: #@ data.values.aws.subnets - name: subnets - - default: #@ data.values.aws.securityGroups - name: securityGroups - - default: #@ data.values.aws.accountId - name: accountId - - default: #@ data.values.aws.enableAlb - name: enableAlb - - default: #@ data.values.aws.public - name: public + - default: #@ data.values.aws.alb + name: alb + - default: #@ data.values.aws.ecs + name: ecs + - default: #@ data.values.aws.vpcId + name: vpcId configPath: .data lifecycle: mutable ytt: | @@ -64,7 +58,7 @@ spec: #@ enabled = False #@ spec = config.spec #@ workload = spec.containers[0] - #@ if data.values.params.enableAlb and hasattr(workload, "ports") and hasattr(workload, "readinessProbe"): + #@ if data.values.params.alb.enabled and hasattr(workload, "ports") and hasattr(workload, "livenessProbe"): #@ enabled = True #@ end #@ return enabled @@ -183,16 +177,16 @@ spec: #@ forProvider["name"] = data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace #@ forProvider["region"] = data.values.params.region #@ forProvider["targetType"] = "ip" - #@ forProvider["vpcId"] = data.values.params.vpc - #@ if hasattr(workload, "readinessProbe"): + #@ forProvider["vpcId"] = data.values.params.vpcId + #@ if hasattr(workload, "livenessProbe"): #@ healthCheck = {} #@ healthCheck["enabled"] = True - #@ if hasattr(workload["readinessProbe"], "httpGet"): + #@ if hasattr(workload["livenessProbe"], "httpGet"): #@ forProvider["port"] = workload["ports"][0]["containerPort"] #@ forProvider["protocol"] = "HTTP" - #@ healthCheck["port"] = str(workload["readinessProbe"]["httpGet"]["port"]) - #@ healthCheck["path"] = workload["readinessProbe"]["httpGet"]["path"] - #@ healthCheck["protocol"] = workload["readinessProbe"]["httpGet"]["scheme"] + #@ healthCheck["port"] = str(workload["livenessProbe"]["httpGet"]["port"]) + #@ healthCheck["path"] = workload["livenessProbe"]["httpGet"]["path"] + #@ healthCheck["protocol"] = workload["livenessProbe"]["httpGet"]["scheme"] #@ end #@ forProvider["healthCheck"] = [] #@ forProvider["healthCheck"].append(healthCheck) @@ -262,9 +256,10 @@ spec: resolution: Required resolve: 'Always' networkConfiguration: - - subnets: #@ data.values.params.subnets - securityGroups: #@ data.values.params.securityGroups - #@ if data.values.params.public: + - subnets: #@ data.values.params.ecs.subnets + securityGroupRefs: + - name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + #@ if data.values.params.ecs.public: assignPublicIp: true #@ end #@ if verify_lb_enabled(data.values.config): @@ -277,6 +272,48 @@ spec: initProvider: {} managementPolicies: - '*' + #@ if hasattr(data.values.config.spec.containers[0], "ports"): + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + metadata: + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + region: #@ data.values.params.region + vpcId: #@ data.values.params.vpcId + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + cidrBlocks: + - 0.0.0.0/0 + fromPort: #@ data.values.config.spec.containers[0].ports[0].containerPort + protocol: #@ data.values.config.spec.containers[0].ports[0].protocol + region: #@ data.values.params.region + securityGroupIdRef: + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + toPort: #@ data.values.config.spec.containers[0].ports[0].containerPort + type: ingress + #@ end #@ if verify_lb_enabled(data.values.config): --- apiVersion: elbv2.aws.upbound.io/v1beta1 @@ -308,7 +345,7 @@ spec: enableDeletionProtection: false enableHttp2: true idleTimeout: 60 - #@ if data.values.params.public: + #@ if data.values.params.alb.public: internal: false #@ else: internal: true @@ -317,8 +354,9 @@ spec: loadBalancerType: application name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace region: #@ data.values.params.region - securityGroups: #@ data.values.params.securityGroups - subnets: #@ data.values.params.subnets + securityGroupRefs: + - name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + subnets: #@ data.values.params.alb.subnets xffHeaderProcessingMode: append initProvider: {} managementPolicies: @@ -346,6 +384,46 @@ spec: initProvider: {} managementPolicies: - '*' + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + metadata: + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + region: #@ data.values.params.region + vpcId: #@ data.values.params.vpcId + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + cidrBlocks: + - 0.0.0.0/0 + fromPort: 80 + protocol: tcp + region: #@ data.values.params.region + securityGroupIdRef: + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + toPort: 80 + type: ingress #@ end --- apiVersion: kapp.k14s.io/v1alpha1 @@ -369,6 +447,12 @@ spec: - apiVersionKindMatcher: apiVersion: elbv2.aws.upbound.io/v1beta1 kind: LBListener + - apiVersionKindMatcher: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + - apiVersionKindMatcher: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule - path: [metadata, annotations, upjet.crossplane.io/provider-meta] resourceMatchers: *All @@ -397,6 +481,12 @@ spec: apiVersion: ecs.aws.upbound.io/v1beta1 kind: Service + - path: [spec, forProvider, , {allIndexes: true}, targetGroupArn] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: Service + - path: [spec, forProvider, protocolVersion] resourceMatchers: - apiVersionKindMatcher: @@ -426,6 +516,18 @@ spec: - apiVersionKindMatcher: apiVersion: elbv2.aws.upbound.io/v1beta1 kind: LBListener + + - path: [spec, forProvider, description] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + + - path: [spec, forProvider, securityGroupId] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule waitRules: - supportsObservedGeneration: false diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/role.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/role.yaml index 3065c29..fc379c0 100644 --- a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/role.yaml +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/role.yaml @@ -6,6 +6,7 @@ metadata: apps.tanzu.vmware.com/aggregate-to-deliverable: "true" rules: - apiGroups: + - ec2.aws.upbound.io - ecs.aws.upbound.io - elbv2.aws.upbound.io resources: diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/values.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/values.yaml index 5ec2d7f..d559afe 100644 --- a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/values.yaml +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/values.yaml @@ -7,6 +7,9 @@ crossplane: ecs: repo: xpkg.upbound.io/upbound/provider-aws-ecs tag: v0.38.0 + ec2: + repo: xpkg.upbound.io/upbound/provider-aws-ec2 + tag: v0.38.0 elbv2: repo: xpkg.upbound.io/upbound/provider-aws-elbv2 tag: v0.38.0 @@ -16,10 +19,13 @@ aws: roleName: "tap-ecs" cluster: "" region: us-west-2 - vpc: us-west2-VPC - subnets: - - sample-subnet1 - securityGroups: - - default - enableAlb: true - public: false + vpcId: vpc-xxxxx + alb: + enabled: true + public: true + subnets: + - subnet1 + ecs: + public: false + subnets: + - private-subnet1 diff --git a/packages/tap-ecs-supplychain.tanzu.japan.com/1.6.1.yaml b/packages/tap-ecs-supplychain.tanzu.japan.com/1.6.1.yaml index 22e0388..7afa357 100644 --- a/packages/tap-ecs-supplychain.tanzu.japan.com/1.6.1.yaml +++ b/packages/tap-ecs-supplychain.tanzu.japan.com/1.6.1.yaml @@ -33,6 +33,16 @@ spec: tag: type: string default: v0.38.0 + ec2: + type: object + additionalProperties: false + properties: + repo: + type: string + default: xpkg.upbound.io/upbound/provider-aws-ec2 + tag: + type: string + default: v0.38.0 elbv2: type: object additionalProperties: false @@ -59,27 +69,38 @@ spec: region: type: string default: us-west-2 - vpc: + vpcId: type: string - default: us-west2-VPC - subnets: - type: array - items: - type: string - default: sample-subnet1 - default: [] - securityGroups: - type: array - items: - type: string - default: default - default: [] - enableAlb: - type: boolean - default: true - public: - type: boolean - default: false + default: vpc-xxxxx + alb: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + default: true + public: + type: boolean + default: true + subnets: + type: array + items: + type: string + default: subnet1 + default: [] + ecs: + type: object + additionalProperties: false + properties: + public: + type: boolean + default: false + subnets: + type: array + items: + type: string + default: private-subnet1 + default: [] template: spec: fetch: