Add 1.8.6

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/aws-services/aws-services-overlay.yaml

@@ -0,0 +1,41 @@
+#@ load("@ytt:data", "data")
+
+
+#@ def overlay():
+yaml: |
+  #! Placeholder CRD that allows us to create a ProviderConfig
+  #! before the actual Provider has been installed. Uses "exists"
+  #! annotation so that the real CRD can be installed by the Provider.
+  apiVersion: apiextensions.k8s.io/v1
+  kind: CustomResourceDefinition
+  metadata:
+    name: providerconfigs.aws.upbound.io
+    annotations:
+      kapp.k14s.io/exists: ""
+  spec:
+    group: aws.upbound.io
+    versions:
+      - name: v1beta1
+    names:
+      kind: ProviderConfig
+  ---
+  apiVersion: aws.upbound.io/v1beta1
+  kind: ProviderConfig
+  metadata:
+    name: aws-provider
+  spec:
+    credentials:
+      source: IRSA
+#@ end
+
+#@ eks_role  = "arn:aws:iam::" + data.values.aws_services.account_id + ":role/tap-aws-services"
+#@ overlay_file = overlay()['yaml'].replace("EKSROLE", eks_role)
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-services-overlay
+  namespace: tap-install
+stringData:
+  overlay.yaml: #@ overlay_file
+

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/aws-services/aws-services-values.yaml

@@ -0,0 +1,10 @@
+#@ load("/values-template/aws-services-values.lib.yaml", "aws_services_values")
+#@ load("@ytt:yaml", "yaml")
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-services-values
+  namespace: tap-install
+stringData:
+  values.yaml: #@ yaml.encode(aws_services_values())

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/aws-services/pkgi.yaml

@@ -0,0 +1,24 @@
+#@ load("@ytt:data", "data")
+
+#@ if data.values.aws_services.rds.enabled:
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: aws-services
+  namespace: tap-install
+  annotations:
+    kapp.k14s.io/change-group: aws-pkgi
+    kapp.k14s.io/change-rule.0: "upsert after upserting tap-pkgi"
+    kapp.k14s.io/change-rule.1: "delete before deleting tap-pkgi"
+    ext.packaging.carvel.dev/ytt-paths-from-secret-name.0: "aws-services-overlay"
+spec:
+  serviceAccountName: tap-installer-sa
+  packageRef:
+    refName: aws.services.tanzu.vmware.com
+    versionSelection:
+      constraints: #@ data.values.aws_services.rds.version.package_version
+  values:
+    - secretRef:
+        name: aws-services-values
+#@ end

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/contour/acm.yaml

@@ -0,0 +1,21 @@
+#@ load("@ytt:data", "data")
+
+#@ if data.values.aws_services.acm.enabled:
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: overlay-contour-acm
+  namespace: tap-install
+stringData:
+  overlay-contour-acm.yml: |
+    #@ load("@ytt:overlay", "overlay")
+    
+    #@overlay/match by=overlay.subset({"kind": "Service", "metadata": {"name": "envoy"}})
+    ---
+    spec:
+      ports:
+      #@overlay/match by=overlay.subset({"name":"https"})
+      -
+        targetPort: 8080
+#@ end

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/contour/contour-overlay.yaml

@@ -0,0 +1,24 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@ def overlay():
+yaml: |
+  #@ load("@ytt:overlay", "overlay")
+  #@overlay/match by=overlay.subset({"kind": "Service", "metadata": {"name": "envoy"}})
+  ---
+  spec:
+    #@overlay/match missing_ok=True
+    loadBalancerSourceRanges: [ SOURCERANGES ]
+#@ end
+
+#@ if hasattr(data.values.aws_services, "source_ranges"):
+#@ overlay_file = overlay()['yaml'].replace("SOURCERANGES", ", ".join(data.values.aws_services.source_ranges))
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: contour-envoy-lb-source-ranges
+  namespace: tap-install
+stringData:
+  overlay.yaml: #@ overlay_file
+#@ end

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/ecr-repo-template/ootb-supply-chain-add-ecr-repo-template.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ootb-supply-chain-add-ecr-repo-template
+  namespace: tap-install
+type: Opaque
+stringData:
+  add-ecr-repo-template.yaml: |
+    #@ load("@ytt:overlay", "overlay")
+    #@overlay/match by=overlay.and_op(overlay.subset({"kind": "ClusterSupplyChain"}), lambda i,left,right: left["metadata"]["name"].startswith("source-")), expects="1+"
+    ---
+    spec:
+      resources:
+      #@overlay/match by=overlay.subset({"name": "source-tester"})
+      #@overlay/insert before=True
+      - name: ecr-repo
+        templateRef:
+          kind: ClusterSourceTemplate
+          name: ecr-repo-template
+        sources:
+        - resource: source-provider
+          name: source
+      #@overlay/match by="name"
+      - name: source-tester
+        sources:
+        #@overlay/match by="name"
+        - name: source
+          resource: ecr-repo

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/ecr-repo-template/ootb-templates-ecr-repo-template.yaml

@@ -0,0 +1,110 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ootb-templates-ecr-repo-template
+  namespace: tap-install
+type: Opaque
+stringData:
+  ecr-repo-template.yaml: |
+    apiVersion: v1
+    kind: Namespace
+    metadata:
+      name: tekton-tasks
+    ---
+    apiVersion: tekton.dev/v1beta1
+    kind: Task
+    metadata:
+      name: create-ecr-repo
+      namespace: tekton-tasks
+    spec:
+      params:
+      - name: namespace
+        type: string
+      - name: workload-name
+        type: string
+      steps:
+      - name: check
+        image: bitnami/aws-cli
+        script: |
+          #!/bin/bash
+
+          check_and_create_repository() {
+              local repository_name=$1
+              aws ecr describe-repositories --repository-names "$repository_name" > /dev/null 2>&1
+              if [ $? -eq 254 ]; then
+                  echo "Repository '$repository_name' does not exist. Creating repository..."
+                  aws ecr create-repository --repository-name "$repository_name"
+              else
+                  echo "Repository '$repository_name' already exists."
+              fi
+          }
+    
+          WORKLOAD_NAME="$(params.workload-name)"
+          NAMESPACE="$(params.namespace)"
+
+          check_and_create_repository tanzu-application-platform/${WORKLOAD_NAME}-${NAMESPACE}
+          check_and_create_repository tanzu-application-platform/${WORKLOAD_NAME}-${NAMESPACE}-bundle
+
+        securityContext:
+          runAsUser: 0
+    ---
+    #@ load("@ytt:data", "data")
+    apiVersion: carto.run/v1alpha1
+    kind: ClusterSourceTemplate
+    metadata:
+      name: ecr-repo-template
+    spec:
+      params:
+      - name: serviceAccount
+        default: default
+
+      urlPath: .spec.params[?(@.name=="source-url")].value
+      revisionPath: .spec.params[?(@.name=="source-revision")].value
+
+      lifecycle: tekton
+
+      #@ label_exclusions = "[\"" + "\", \"".join(data.values.label_propagation_exclusions) + "\"]"
+      #@yaml/text-templated-strings
+      ytt: |
+        #@ load("@ytt:data", "data")
+
+        #@ def merge_labels(fixed_values):
+        #@   labels = {}
+        #@   if hasattr(data.values.workload.metadata, "labels"):
+        #@     exclusions = (@= label_exclusions @)
+        #@     for k,v in dict(data.values.workload.metadata.labels).items():
+        #@       if k not in exclusions:
+        #@         labels[k] = v
+        #@       end
+        #@     end
+        #@   end
+        #@   labels.update(fixed_values)
+        #@   return labels
+        #@ end
+
+        ---
+        apiVersion: tekton.dev/v1beta1
+        kind: TaskRun
+        metadata:
+          generateName: #@ data.values.workload.metadata.name + "-ecr-repo-"
+          labels: #@ merge_labels({ "app.kubernetes.io/component": "ecr-repo" })
+        spec:
+          serviceAccountName: #@ data.values.params.serviceAccount
+          taskRef:
+            resolver: cluster
+            params:
+            - name: kind
+              value: task
+            - name: namespace
+              value: tekton-tasks
+            - name: name
+              value: create-ecr-repo
+          params:
+          - name: namespace
+            value: #@ data.values.workload.metadata.namespace
+          - name: workload-name
+            value: #@ data.values.workload.metadata.name
+          - name: source-url
+            value: #@ data.values.source.url
+          - name: source-revision
+            value: #@ data.values.source.revision

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/full-deps/pkgi.yaml

@@ -0,0 +1,23 @@
+#@ load("@ytt:data", "data")
+
+#@ if data.values.full_deps.enabled:
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: full-deps
+  namespace: tap-install
+  annotations:
+    kapp.k14s.io/change-group: tap-pkgi
+    kapp.k14s.io/change-rule.0: "upsert after upserting pkgr"
+    kapp.k14s.io/change-rule.1: "delete before deleting pkgr"
+spec:
+  serviceAccountName: tap-installer-sa
+  packageRef:
+    refName: full-deps.buildservice.tanzu.vmware.com
+    versionSelection:
+      constraints: #@ data.values.full_deps.version.package_version
+  values:
+    - secretRef:
+        name: tap-values
+#@ end

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/full-deps/pkgr.yaml

@@ -0,0 +1,16 @@
+#@ load("@ytt:data", "data")
+
+#@ if data.values.full_deps.enabled:
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageRepository
+metadata:
+  name: full-deps-package-repo
+  namespace: tap-install
+  annotations:
+    kapp.k14s.io/change-group: pkgr
+spec:
+  fetch:
+    imgpkgBundle:
+      image: #@ "{}:{}".format(data.values.full_deps.package_repository.oci_repository, data.values.full_deps.version.package_repo_bundle_tag)
+#@ end

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/namespace/gitops.yaml

@@ -0,0 +1,24 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@ if data.values.tap_install.gitops.enabled:
+#@overlay/append
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: git-ssh-import
+  namespace: tap-install
+stringData:
+  username: #@ data.values.tap_install.gitops.username
+  password: #@ data.values.tap_install.gitops.password
+---
+apiVersion: secretgen.carvel.dev/v1alpha1
+kind: SecretExport
+metadata:
+  name: git-ssh-import
+  namespace: tap-install
+spec:
+  toNamespaces:
+  - "*"
+#@ end

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/namespace/namespace.yaml

@@ -0,0 +1,30 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:struct", "struct")
+
+#@ namespaces = data.values.tap_install.dev_namespaces
+
+#@ def additional_labels(values):
+#@   var = {}
+#@   for key in values.keys():
+#@     if key == "name":
+#@       var["apps.tanzu.vmware.com/tap-ns"]= values[key]
+#@     else:
+#@       additional_key = "tap-setup.tanzu.japan.com/" + key
+#@       var[additional_key]= values[key]
+#@     end
+#@   end
+#@   return var
+#@ end
+
+
+#@ for namespace in namespaces:
+#@overlay/append
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: #@ namespace.name
+  labels: #@ additional_labels(struct.decode(namespace))
+#@ end
+

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/tap-install/ns.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tap-install

manifests/tap-eks-opinionated.tanzu.japan.com/1.8.6/config/tap-install/pkgi.yaml

@@ -0,0 +1,20 @@
+#@ load("@ytt:data", "data")
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: tap
+  namespace: tap-install
+  annotations:
+    kapp.k14s.io/change-group: tap-pkgi
+    kapp.k14s.io/change-rule.0: "upsert after upserting pkgr"
+    kapp.k14s.io/change-rule.1: "delete before deleting pkgr"
+spec:
+  serviceAccountName: tap-installer-sa
+  packageRef:
+    refName: tap.tanzu.vmware.com
+    versionSelection:
+      constraints: #@ data.values.tap_install.version.package_version
+  values:
+    - secretRef:
+        name: tap-values