Skip to content

Commit

Permalink
Update rework of SG and LB logic
Browse files Browse the repository at this point in the history
  • Loading branch information
@mhoshi-vm
mhoshi-vm committed Aug 17, 2023
1 parent 27e4e6a commit a3682b0
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 45 deletions.
17 changes: 3 additions & 14 deletions manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/crossplane/provider-aws.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,12 @@
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
annotations:
kapp.k14s.io/change-group: "crd"
name: upbound-provider-family-aws
spec:
package: #@ data.values.crossplane.aws.repo + ":" + data.values.crossplane.aws.tag
controllerConfigRef:
name: upbound-provider-aws
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
annotations:
kapp.k14s.io/change-group: "crd"
name: upbound-provider-aws-ecs
spec:
package: #@ data.values.crossplane.ecs.repo + ":" + data.values.crossplane.ecs.tag
package: #@ data.values.crossplane.ecs.repo + ":" + data.values.crossplane.tag
controllerConfigRef:
name: upbound-provider-aws
---
Expand All @@ -29,7 +18,7 @@ metadata:
kapp.k14s.io/change-group: "crd"
name: upbound-provider-aws-ec2
spec:
package: #@ data.values.crossplane.ec2.repo + ":" + data.values.crossplane.ec2.tag
package: #@ data.values.crossplane.ec2.repo + ":" + data.values.crossplane.tag
controllerConfigRef:
name: upbound-provider-aws
---
Expand All @@ -40,6 +29,6 @@ metadata:
kapp.k14s.io/change-group: "crd"
name: upbound-provider-aws-elbv2
spec:
package: #@ data.values.crossplane.elbv2.repo + ":" + data.values.crossplane.elbv2.tag
package: #@ data.values.crossplane.elbv2.repo + ":" + data.values.crossplane.tag
controllerConfigRef:
name: upbound-provider-aws
64 changes: 58 additions & 6 deletions manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/supplychain/clusterconfig.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,9 +226,9 @@ spec:
labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name })
name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace
#@ if verify_lb_enabled(data.values.config):
annotations: #@ return_annotations(data.values.config, False, "", "lb")
annotations: #@ return_annotations(data.values.config, True, "", "lb")
#@ else:
annotations: #@ return_annotations(data.values.config, False, "", "base")
annotations: #@ return_annotations(data.values.config, True, "", "base")
#@ end
spec:
providerConfigRef:
Expand Down Expand Up @@ -272,7 +272,6 @@ spec:
initProvider: {}
managementPolicies:
- '*'
#@ if hasattr(data.values.config.spec.containers[0], "ports"):
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroup
Expand All @@ -293,6 +292,30 @@ spec:
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroupRule
metadata:
annotations: #@ return_annotations(data.values.config, False, "base", "")
name: #@ "ecs-outbound-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace
spec:
providerConfigRef:
name: aws-provider
deletionPolicy: Delete
initProvider: {}
managementPolicies:
- '*'
forProvider:
cidrBlocks:
- 0.0.0.0/0
fromPort: 0
protocol: "-1"
region: #@ data.values.params.region
securityGroupIdRef:
name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace
toPort: 0
type: egress
#@ if hasattr(data.values.config.spec.containers[0], "ports"):
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroupRule
metadata:
annotations: #@ return_annotations(data.values.config, False, "base", "")
name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace
Expand All @@ -307,7 +330,7 @@ spec:
cidrBlocks:
- 0.0.0.0/0
fromPort: #@ data.values.config.spec.containers[0].ports[0].containerPort
protocol: #@ data.values.config.spec.containers[0].ports[0].protocol
protocol: #@ str(data.values.config.spec.containers[0].ports[0].protocol).lower()
region: #@ data.values.params.region
securityGroupIdRef:
name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace
Expand Down Expand Up @@ -424,6 +447,29 @@ spec:
name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace
toPort: 80
type: ingress
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroupRule
metadata:
annotations: #@ return_annotations(data.values.config, False, "base", "")
name: #@ "lb-outbound" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace
spec:
providerConfigRef:
name: aws-provider
deletionPolicy: Delete
initProvider: {}
managementPolicies:
- '*'
forProvider:
cidrBlocks:
- 0.0.0.0/0
fromPort: 0
protocol: "-1"
region: #@ data.values.params.region
securityGroupIdRef:
name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace
toPort: 0
type: egress
#@ end
---
apiVersion: kapp.k14s.io/v1alpha1
Expand Down Expand Up @@ -475,13 +521,13 @@ spec:
apiVersion: ecs.aws.upbound.io/v1beta1
kind: Service
- path: [spec, forProvider, loadBalancer, {allIndexes: true}, targetGroupArn]
- path: [spec, forProvider, networkConfiguration, {allIndexes: true}, securityGroups]
resourceMatchers:
- apiVersionKindMatcher:
apiVersion: ecs.aws.upbound.io/v1beta1
kind: Service
- path: [spec, forProvider, , {allIndexes: true}, targetGroupArn]
- path: [spec, forProvider, loadBalancer, {allIndexes: true}, targetGroupArn]
resourceMatchers:
- apiVersionKindMatcher:
apiVersion: ecs.aws.upbound.io/v1beta1
Expand All @@ -493,6 +539,12 @@ spec:
apiVersion: elbv2.aws.upbound.io/v1beta1
kind: LBTargetGroup
- path: [spec, forProvider, securityGroups]
resourceMatchers:
- apiVersionKindMatcher:
apiVersion: elbv2.aws.upbound.io/v1beta1
kind: LB
- path: [spec, forProvider, subnetMapping]
resourceMatchers:
- apiVersionKindMatcher:
Expand Down
7 changes: 1 addition & 6 deletions manifests/tap-ecs-supplychain.tanzu.japan.com/1.6.1/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,13 @@
#@data/values-schema
---
crossplane:
aws:
repo: xpkg.upbound.io/upbound/provider-family-aws
tag: v0.38.0
tag: v0.38.0
ecs:
repo: xpkg.upbound.io/upbound/provider-aws-ecs
tag: v0.38.0
ec2:
repo: xpkg.upbound.io/upbound/provider-aws-ec2
tag: v0.38.0
elbv2:
repo: xpkg.upbound.io/upbound/provider-aws-elbv2
tag: v0.38.0

aws:
accountId: ""
Expand Down
22 changes: 3 additions & 19 deletions packages/tap-ecs-supplychain.tanzu.japan.com/1.6.1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,46 +13,30 @@ spec:
type: object
additionalProperties: false
properties:
aws:
type: object
additionalProperties: false
properties:
repo:
type: string
default: xpkg.upbound.io/upbound/provider-family-aws
tag:
type: string
default: v0.38.0
tag:
type: string
default: v0.38.0
ecs:
type: object
additionalProperties: false
properties:
repo:
type: string
default: xpkg.upbound.io/upbound/provider-aws-ecs
tag:
type: string
default: v0.38.0
ec2:
type: object
additionalProperties: false
properties:
repo:
type: string
default: xpkg.upbound.io/upbound/provider-aws-ec2
tag:
type: string
default: v0.38.0
elbv2:
type: object
additionalProperties: false
properties:
repo:
type: string
default: xpkg.upbound.io/upbound/provider-aws-elbv2
tag:
type: string
default: v0.38.0
aws:
type: object
additionalProperties: false
Expand Down

0 comments on commit a3682b0

Please sign in to comment.