From d1ca56bc3aedb958ddee6dca15f8282fa7c5d1ef Mon Sep 17 00:00:00 2001 From: machih Date: Fri, 8 Dec 2023 18:21:25 +0900 Subject: [PATCH] Add tap ecs 1.7.1 --- .../1.7.1/backstage/role.yaml | 33 + .../1.7.1/backstage/workload.yaml | 39 ++ .../1.7.1/crossplane/provider-aws.yaml | 34 + .../1.7.1/crossplane/provider-config.yaml | 39 ++ .../1.7.1/supplychain/clusterconfig.yaml | 611 ++++++++++++++++++ .../1.7.1/supplychain/role.yaml | 22 + .../1.7.1/values.yaml | 34 + .../1.7.1.yaml | 121 ++++ .../1.7.1.yaml | 187 ++++++ 9 files changed, 1120 insertions(+) create mode 100644 manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/backstage/role.yaml create mode 100644 manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/backstage/workload.yaml create mode 100644 manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/crossplane/provider-aws.yaml create mode 100644 manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/crossplane/provider-config.yaml create mode 100644 manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/supplychain/clusterconfig.yaml create mode 100644 manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/supplychain/role.yaml create mode 100644 manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/values.yaml create mode 100644 packages/tap-ecs-supplychain.tanzu.japan.com/1.7.1.yaml create mode 100644 packages/tap-toolkit-starter.tanzu.japan.com/1.7.1.yaml diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/backstage/role.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/backstage/role.yaml new file mode 100644 index 0000000..db048e8 --- /dev/null +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/backstage/role.yaml @@ -0,0 +1,33 @@ +#@ load("@ytt:data", "data") + +#@ if data.values.backstage.enabled: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ecs-reader +rules: + - apiGroups: + - ec2.aws.upbound.io + - ecs.aws.upbound.io + - elbv2.aws.upbound.io + resources: + - "*" + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ecs-backstage-reader +subjects: + - kind: ServiceAccount + name: tap-gui-viewer + namespace: tap-gui +roleRef: + kind: ClusterRole + name: ecs-reader + apiGroup: rbac.authorization.k8s.io +#@ end \ No newline at end of file diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/backstage/workload.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/backstage/workload.yaml new file mode 100644 index 0000000..6d00ca2 --- /dev/null +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/backstage/workload.yaml @@ -0,0 +1,39 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:base64", "base64") +#@ load("@ytt:yaml", "yaml") + +#@ def tdp_config(): +app: + plugins: + - name: "@vmware-tanzu/tdp-plugin-techinsights" + version: "0.0.2" + +backend: + plugins: + - name: #@ data.values.backstage.plugin.name + version: #@ data.values.backstage.plugin.version +#@ end + +#@ if data.values.backstage.enabled: +--- +apiVersion: carto.run/v1alpha1 +kind: Workload +metadata: + name: tdp-configurator + namespace: #@ data.values.backstage.namespace + labels: + apps.tanzu.vmware.com/workload-type: web + app.kubernetes.io/part-of: tdp-configurator +spec: + build: + env: + - name: BP_NODE_RUN_SCRIPTS + value: "set-tdp-config,portal:pack" + - name: TPB_CONFIG + value: /tmp/tdp-config.yaml + - name: TPB_CONFIG_STRING + value: #@ base64.encode(yaml.encode(tdp_config())) + source: + image: #@ data.values.backstage.image + subPath: builder +#@ end \ No newline at end of file diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/crossplane/provider-aws.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/crossplane/provider-aws.yaml new file mode 100644 index 0000000..e14ff1a --- /dev/null +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/crossplane/provider-aws.yaml @@ -0,0 +1,34 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + annotations: + kapp.k14s.io/change-group: "crd" + name: upbound-provider-aws-ecs +spec: + package: #@ data.values.crossplane.ecs.repo + ":" + data.values.crossplane.tag + controllerConfigRef: + name: upbound-provider-aws +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + annotations: + kapp.k14s.io/change-group: "crd" + name: upbound-provider-aws-ec2 +spec: + package: #@ data.values.crossplane.ec2.repo + ":" + data.values.crossplane.tag + controllerConfigRef: + name: upbound-provider-aws +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + annotations: + kapp.k14s.io/change-group: "crd" + name: upbound-provider-aws-elbv2 +spec: + package: #@ data.values.crossplane.elbv2.repo + ":" + data.values.crossplane.tag + controllerConfigRef: + name: upbound-provider-aws diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/crossplane/provider-config.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/crossplane/provider-config.yaml new file mode 100644 index 0000000..b5aa9a4 --- /dev/null +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/crossplane/provider-config.yaml @@ -0,0 +1,39 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: providerconfigs.aws.upbound.io + annotations: + kapp.k14s.io/exists: "" + kapp.k14s.io/change-group: "crd" +spec: + group: aws.upbound.io + versions: + - name: v1beta1 + names: + kind: ProviderConfig +--- +apiVersion: aws.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: aws-provider + annotations: + kapp.k14s.io/change-rule: "upsert after upserting crd" +spec: + credentials: + source: IRSA +--- +apiVersion: pkg.crossplane.io/v1alpha1 +kind: ControllerConfig +metadata: + name: upbound-provider-aws + annotations: + eks.amazonaws.com/role-arn: #@ 'arn:aws:iam::' + data.values.aws.accountId + ':role/' + data.values.aws.roleName +spec: + podSecurityContext: + fsGroup: 2000 + args: + - '--debug' + - '--poll=2m' + - '--max-reconcile-rate=10' diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/supplychain/clusterconfig.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/supplychain/clusterconfig.yaml new file mode 100644 index 0000000..2cccdb5 --- /dev/null +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/supplychain/clusterconfig.yaml @@ -0,0 +1,611 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: carto.run/v1alpha1 +kind: ClusterConfigTemplate +metadata: + name: ecs-template +spec: + params: + - default: #@ data.values.aws.cluster + name: cluster + - default: #@ data.values.aws.region + name: region + - default: #@ data.values.aws.accountId + name: accountId + - default: #@ data.values.aws.alb + name: alb + - default: #@ data.values.aws.ecs + name: ecs + - default: #@ data.values.aws.vpcId + name: vpcId + configPath: .data + lifecycle: mutable + ytt: | + #@ load("@ytt:data", "data") + #@ load("@ytt:yaml", "yaml") + #@ load("@ytt:json", "json") + + #@ def merge_labels(fixed_values): + #@ labels = {} + #@ if hasattr(data.values.workload.metadata, "labels"): + #@ labels.update(data.values.workload.metadata.labels) + #@ end + #@ labels.update(fixed_values) + #@ return labels + #@ end + + #@ def return_annotations(config, alwaysreplace, group, upgroup): + #@ annotations = {} + #@ if hasattr(config, "metadata"): + #@ if hasattr(config.metadata, "annotations"): + #@ annotations.update(config.metadata.annotations) + #@ end + #@ end + #@ if alwaysreplace: + #@ annotations.update({ "kapp.k14s.io/update-strategy" : "always-replace" }) + #@ end + #@ if group != "": + #@ annotations.update({ "kapp.k14s.io/change-group" : group }) + #@ end + #@ if upgroup != "": + #@ annotations.update({ "kapp.k14s.io/change-rule.update" : "upsert after upserting " + upgroup }) + #@ annotations.update({ "kapp.k14s.io/change-rule.delete" : "delete before upserting " + upgroup }) + #@ end + #@ return annotations + #@ end + + #@ def verify_lb_enabled(config): + #@ enabled = False + #@ spec = config.spec + #@ workload = spec.containers[0] + #@ if data.values.params.alb.enabled and hasattr(workload, "ports") and hasattr(workload, "livenessProbe"): + #@ enabled = True + #@ end + #@ return enabled + #@ end + + #@ def return_task_cpu(config): + #@ spec = config.spec + #@ workload = spec.containers[0] + #@ resources = workload.resources + #@ cpu = 512 + #@ if hasattr(resources, "limits"): + #@ r = resources.limits + #@ if hasattr(r, "cpu"): + #@ cpu = r.cpu + #@ end + #@ end + #@ return cpu + #@ end + + #@ def return_task_memory(config): + #@ spec = config.spec + #@ workload = spec.containers[0] + #@ resources = workload.resources + #@ memory = 1024 + #@ if hasattr(resources, "limits"): + #@ r = resources.limits + #@ if hasattr(r, "memory"): + #@ memory = r.memory + #@ end + #@ end + #@ return memory + #@ end + + #@ def update_config(config): + #@ spec = config.spec + #@ workload = spec.containers[0] + #@ task = {} + #@ task["name"] = workload.name + #@ task["image"] = workload.image + #@ task["cpu"] = 0 + #@ task["essential"] = True + #@ task["mountPoints"] = [] + #@ task["volumesFrom"] = [] + #@ if hasattr(workload, "ports"): + #@ task["portMappings"] = [] + #@ for port in workload.ports: + #@ portMapping = {} + #@ for key in dict(port).keys(): + #@ if type(port[key]) == "string": + #@ portMapping.update({ key: str(port[key]).lower()}) + #@ else: + #@ portMapping.update({ key: port[key]}) + #@ end + #@ if key == "containerPort": + #@ portMapping.update({ "hostPort": port[key]}) + #@ end + #@ end + #@ task["portMappings"].append(portMapping) + #@ end + #@ end + #@ if hasattr(workload, "env"): + #@ task["environment"] = [] + #@ for e in workload["env"]: + #@ if hasattr(e, "value"): + #@ task["environment"].append(e) + #@ end + #@ if hasattr(e, "valueFrom"): + #@ name="" + #@ key="" + #@ if hasattr(e.valueFrom, "configMapKeyRef"): + #@ name = e.valueFrom.configMapKeyRef.name + #@ key = e.valueFrom.configMapKeyRef.key + #@ end + #@ if hasattr(e.valueFrom, "secretKeyRef"): + #@ name = e.valueFrom.secretKeyRef.name + #@ key = e.valueFrom.secretKeyRef.key + #@ end + #@ ssm_parameter = "/"+name+"/"+key + #@ task["secrets"] = [] + #@ task["secrets"].append({"name":e.name,"valueFrom": ssm_parameter }) + #@ end + #@ end + #@ end + #@ resources = workload.resources + #@ if hasattr(resources, "requests"): + #@ r = resources.requests + #@ if hasattr(r, "cpu"): + #@ task["cpu"] = r.cpu + #@ end + #@ if hasattr(r, "memory"): + #@ task["memoryReservation"] = r.memory + #@ end + #@ end + #@ if hasattr(workload, "securityContext"): + #@ if hasattr(workload.securityContext, "runAsUser"): + #@ task["user"] = str(workload.securityContext.runAsUser) + #@ end + #@ end + #@ if hasattr(data.values.params, "command"): + #@ task["command"]= data.values.params.command + #@ end + #@ tasks = [] + #@ tasks.append(task) + #@ return task + #@ end + + #@ def targetgroup_config(config): + #@ spec = config.spec + #@ workload = spec.containers[0] + #@ forProvider ={} + #@ forProvider["deregistrationDelay"] = "300" + #@ forProvider["ipAddressType"] = "ipv4" + #@ forProvider["loadBalancingAlgorithmType"] = "round_robin" + #@ forProvider["loadBalancingCrossZoneEnabled"] = "use_load_balancer_configuration" + #@ forProvider["stickiness"] = [ { "cookieDuration": 86400, "type": "lb_cookie"} ] + #@ forProvider["name"] = data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + #@ forProvider["region"] = data.values.params.region + #@ forProvider["targetType"] = "ip" + #@ forProvider["vpcId"] = data.values.params.vpcId + #@ if hasattr(workload, "livenessProbe"): + #@ healthCheck = {} + #@ healthCheck["enabled"] = True + #@ if hasattr(workload["livenessProbe"], "httpGet"): + #@ forProvider["port"] = workload["ports"][0]["containerPort"] + #@ forProvider["protocol"] = "HTTP" + #@ healthCheck["port"] = str(workload["livenessProbe"]["httpGet"]["port"]) + #@ healthCheck["path"] = workload["livenessProbe"]["httpGet"]["path"] + #@ healthCheck["protocol"] = workload["livenessProbe"]["httpGet"]["scheme"] + #@ end + #@ forProvider["healthCheck"] = [] + #@ forProvider["healthCheck"].append(healthCheck) + #@ end + #@ return forProvider + #@ end + + + #@ def delivery(): + --- + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: TaskDefinition + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + annotations: #@ return_annotations(data.values.config, True, "base", "") + spec: + deletionPolicy: Delete + providerConfigRef: + name: aws-provider + forProvider: + containerDefinitions: #@ json.encode([ update_config(data.values.config) ], indent=3) + family: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + region: #@ data.values.params.region + cpu: #@ str(return_task_cpu(data.values.config)) + memory: #@ str(return_task_memory(data.values.config)) + networkMode: awsvpc + requiresCompatibilities: + - FARGATE + initProvider: {} + managementPolicies: + - '*' + --- + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: Service + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + #@ if verify_lb_enabled(data.values.config): + annotations: #@ return_annotations(data.values.config, True, "", "lb") + #@ else: + annotations: #@ return_annotations(data.values.config, True, "", "base") + #@ end + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + forProvider: + deploymentCircuitBreaker: + - enable: false + rollback: false + deploymentController: + - type: ECS + deploymentMaximumPercent: 200 + deploymentMinimumHealthyPercent: 100 + desiredCount: 1 + cluster: #@ data.values.params.cluster + launchType: FARGATE + forceNewDeployment: true + platformVersion: LATEST + propagateTags: NONE + schedulingStrategy: REPLICA + region: #@ data.values.params.region + taskDefinitionRef: + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + policy: + resolution: Required + resolve: 'Always' + networkConfiguration: + - subnets: #@ data.values.params.ecs.subnets + securityGroupRefs: + - name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + #@ if data.values.params.ecs.public: + assignPublicIp: true + #@ end + #@ if verify_lb_enabled(data.values.config): + loadBalancer: + - containerName: #@ data.values.config.spec.containers[0].name + containerPort: #@ data.values.config.spec.containers[0].ports[0].containerPort + targetGroupArnRef: + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + #@ end + initProvider: {} + managementPolicies: + - '*' + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + region: #@ data.values.params.region + vpcId: #@ data.values.params.vpcId + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "ecs-outbound-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + cidrBlocks: + - 0.0.0.0/0 + fromPort: 0 + protocol: "-1" + region: #@ data.values.params.region + securityGroupIdRef: + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + toPort: 0 + type: egress + #@ if hasattr(data.values.config.spec.containers[0], "ports"): + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + cidrBlocks: + - 0.0.0.0/0 + fromPort: #@ data.values.config.spec.containers[0].ports[0].containerPort + protocol: #@ str(data.values.config.spec.containers[0].ports[0].protocol).lower() + region: #@ data.values.params.region + securityGroupIdRef: + name: #@ "ecs-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + toPort: #@ data.values.config.spec.containers[0].ports[0].containerPort + type: ingress + #@ end + #@ if verify_lb_enabled(data.values.config): + --- + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LBTargetGroup + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + forProvider: #@ targetgroup_config(data.values.config) + initProvider: {} + managementPolicies: + - '*' + --- + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LB + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + forProvider: + desyncMitigationMode: defensive + enableCrossZoneLoadBalancing: true + enableDeletionProtection: false + enableHttp2: true + idleTimeout: 60 + #@ if data.values.params.alb.public: + internal: false + #@ else: + internal: true + #@ end + ipAddressType: ipv4 + loadBalancerType: application + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + region: #@ data.values.params.region + securityGroupRefs: + - name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + subnets: #@ data.values.params.alb.subnets + xffHeaderProcessingMode: append + initProvider: {} + managementPolicies: + - '*' + --- + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LBListener + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "lb", "base") + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + forProvider: + defaultAction: + - targetGroupArnRef: + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + type: forward + loadBalancerArnRef: + name: #@ data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + port: 80 + protocol: HTTP + region: #@ data.values.params.region + initProvider: {} + managementPolicies: + - '*' + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + region: #@ data.values.params.region + vpcId: #@ data.values.params.vpcId + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + cidrBlocks: + - 0.0.0.0/0 + fromPort: 80 + protocol: tcp + region: #@ data.values.params.region + securityGroupIdRef: + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + toPort: 80 + type: ingress + --- + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + labels: #@ merge_labels({ "app.kubernetes.io/component": "run", "carto.run/workload-name": data.values.workload.metadata.name }) + annotations: #@ return_annotations(data.values.config, False, "base", "") + name: #@ "lb-outbound" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + spec: + providerConfigRef: + name: aws-provider + deletionPolicy: Delete + initProvider: {} + managementPolicies: + - '*' + forProvider: + cidrBlocks: + - 0.0.0.0/0 + fromPort: 0 + protocol: "-1" + region: #@ data.values.params.region + securityGroupIdRef: + name: #@ "lb-" + data.values.workload.metadata.name + "-" + data.values.workload.metadata.namespace + toPort: 0 + type: egress + #@ end + --- + apiVersion: kapp.k14s.io/v1alpha1 + kind: Config + + diffAgainstLastAppliedFieldExclusionRules: + - path: [metadata, annotations, crossplane.io/external-name] + resourceMatchers: &All + - apiVersionKindMatcher: + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: TaskDefinition + - apiVersionKindMatcher: + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: Service + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LBTargetGroup + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LB + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LBListener + - apiVersionKindMatcher: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + - apiVersionKindMatcher: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + + - path: [metadata, annotations, upjet.crossplane.io/provider-meta] + resourceMatchers: *All + + - path: [metadata, annotations, crossplane.io/external-create-succeeded] + resourceMatchers: *All + + - path: [spec, forProvider, tags] + resourceMatchers: *All + + - path: [spec, forProvider, iamRole] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: Service + + - path: [spec, forProvider, taskDefinition] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: Service + + - path: [spec, forProvider, networkConfiguration, {allIndexes: true}, securityGroups] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: Service + + - path: [spec, forProvider, loadBalancer, {allIndexes: true}, targetGroupArn] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ecs.aws.upbound.io/v1beta1 + kind: Service + + - path: [spec, forProvider, protocolVersion] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LBTargetGroup + + - path: [spec, forProvider, securityGroups] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LB + + - path: [spec, forProvider, subnetMapping] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LB + + - path: [spec, forProvider, defaultAction, {allIndexes: true}, targetGroupArn] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LBListener + + - path: [spec, forProvider, loadBalancerArn] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LBListener + + - path: [spec, forProvider, protocol] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: elbv2.aws.upbound.io/v1beta1 + kind: LBListener + + - path: [spec, forProvider, description] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + + - path: [spec, forProvider, securityGroupId] + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + + waitRules: + - supportsObservedGeneration: false + conditionMatchers: + - type: Ready + status: "True" + success: true + - type: LastAsyncOperation + status: "False" + failure: true + resourceMatchers: *All + #@ end + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: #@ data.values.workload.metadata.name + "-ecs" + labels: #@ merge_labels({ "app.kubernetes.io/component": "config" }) + data: + delivery.yml: #@ yaml.encode(delivery()) diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/supplychain/role.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/supplychain/role.yaml new file mode 100644 index 0000000..9a0ae5f --- /dev/null +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/supplychain/role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: deliverable-with-ecs + labels: + apps.tanzu.vmware.com/aggregate-to-deliverable: "true" +rules: +- apiGroups: + - ec2.aws.upbound.io + - ecs.aws.upbound.io + - elbv2.aws.upbound.io + resources: + - "*" + verbs: + - get + - list + - watch + - create + - patch + - update + - delete + - deletecollection \ No newline at end of file diff --git a/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/values.yaml b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/values.yaml new file mode 100644 index 0000000..794fda1 --- /dev/null +++ b/manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1/values.yaml @@ -0,0 +1,34 @@ +#@data/values-schema +--- +backstage: + enabled: true + namespace: demo + image: registry.tanzu.vmware.com/tanzu-application-platform/tap-packages@sha256:29f978561d7d931c9a118c167eae905ce41990131013339aaff10c291ac6c42b + plugin: + name: "@mhoshi-vm/plugin-crossplane-aws" + version: 0.1.1 + +crossplane: + tag: v0.45.0 + ecs: + repo: xpkg.upbound.io/upbound/provider-aws-ecs + ec2: + repo: xpkg.upbound.io/upbound/provider-aws-ec2 + elbv2: + repo: xpkg.upbound.io/upbound/provider-aws-elbv2 + +aws: + accountId: "" + roleName: "tap-ecs" + cluster: "" + region: us-west-2 + vpcId: vpc-xxxxx + alb: + enabled: true + public: true + subnets: + - subnet1 + ecs: + public: false + subnets: + - private-subnet1 diff --git a/packages/tap-ecs-supplychain.tanzu.japan.com/1.7.1.yaml b/packages/tap-ecs-supplychain.tanzu.japan.com/1.7.1.yaml new file mode 100644 index 0000000..cf7721f --- /dev/null +++ b/packages/tap-ecs-supplychain.tanzu.japan.com/1.7.1.yaml @@ -0,0 +1,121 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + name: tap-ecs-supplychain.tanzu.japan.com.1.7.1 +spec: + refName: tap-ecs-supplychain.tanzu.japan.com + version: 1.7.1 + valuesSchema: + openAPIv3: + title: tap-ecs.tanzu-jp values schema + properties: + backstage: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + default: true + namespace: + type: string + default: demo + image: + type: string + default: registry.tanzu.vmware.com/tanzu-application-platform/tap-packages@sha256:29f978561d7d931c9a118c167eae905ce41990131013339aaff10c291ac6c42b + plugin: + type: object + additionalProperties: false + properties: + name: + type: string + default: '@mhoshi-vm/plugin-crossplane-aws' + version: + type: string + default: 0.1.1 + crossplane: + type: object + additionalProperties: false + properties: + tag: + type: string + default: v0.45.0 + ecs: + type: object + additionalProperties: false + properties: + repo: + type: string + default: xpkg.upbound.io/upbound/provider-aws-ecs + ec2: + type: object + additionalProperties: false + properties: + repo: + type: string + default: xpkg.upbound.io/upbound/provider-aws-ec2 + elbv2: + type: object + additionalProperties: false + properties: + repo: + type: string + default: xpkg.upbound.io/upbound/provider-aws-elbv2 + aws: + type: object + additionalProperties: false + properties: + accountId: + type: string + default: "" + roleName: + type: string + default: tap-ecs + cluster: + type: string + default: "" + region: + type: string + default: us-west-2 + vpcId: + type: string + default: vpc-xxxxx + alb: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + default: true + public: + type: boolean + default: true + subnets: + type: array + items: + type: string + default: subnet1 + default: [] + ecs: + type: object + additionalProperties: false + properties: + public: + type: boolean + default: false + subnets: + type: array + items: + type: string + default: private-subnet1 + default: [] + template: + spec: + fetch: + - git: + url: https://github.com/mhoshi-vm/tap-carvel + ref: origin/pkgr + subPath: manifests/tap-ecs-supplychain.tanzu.japan.com/1.7.1 + template: + - ytt: {} + deploy: + - kapp: {} diff --git a/packages/tap-toolkit-starter.tanzu.japan.com/1.7.1.yaml b/packages/tap-toolkit-starter.tanzu.japan.com/1.7.1.yaml new file mode 100644 index 0000000..28d486b --- /dev/null +++ b/packages/tap-toolkit-starter.tanzu.japan.com/1.7.1.yaml @@ -0,0 +1,187 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + name: tap-toolkit-starter.tanzu.japan.com.1.6.1 +spec: + refName: tap-toolkit-starter.tanzu.japan.com + version: 1.6.1 + valuesSchema: + openAPIv3: + title: tap-toolkit-starter.tanzu-jp values schema + properties: + rabbitmq: + type: object + additionalProperties: false + description: Rabbitmq starter + properties: + enabled: + type: boolean + description: Enable starter + default: true + package: + type: object + additionalProperties: false + description: package installation + properties: + install: + type: boolean + description: install via carvel + default: true + repo: + type: string + description: install repo + default: registry.tanzu.vmware.com/p-rabbitmq-for-kubernetes/tanzu-rabbitmq-package-repo + version: + type: string + description: install version + default: 1.5.0 + operator_version: + type: string + description: operator version + default: 1.5.0 + count: + type: integer + description: instance count + default: 0 + postgres: + type: object + additionalProperties: false + description: Postgres starter + properties: + enabled: + type: boolean + description: Enable starter + default: true + package: + type: object + additionalProperties: false + description: package installation + properties: + install: + type: boolean + description: install via carvel + default: true + repo: + type: string + description: install repo + default: registry.tanzu.vmware.com/packages-for-vmware-tanzu-data-services/tds-packages + version: + type: string + description: install version + default: 1.8.0 + operator_version: + type: string + description: operator version + default: 2.1.0 + count: + type: integer + description: instance count + default: 1 + storage_class: + type: string + description: storage class + default: default + instance_version: + type: string + description: instance version + default: postgres-14 + gemfire: + type: object + additionalProperties: false + description: Gemfire starter + properties: + enabled: + type: boolean + description: Enable starter + default: true + package: + type: object + additionalProperties: false + description: package installation + properties: + install: + type: boolean + description: install via carvel + default: true + repo: + type: string + description: install repo + default: registry.tanzu.vmware.com/tanzu-gemfire-for-kubernetes/gemfire-for-kubernetes-carvel-bundle + version: + type: string + description: install version + default: 2.2.0 + count: + type: integer + description: instance count + default: 1 + image: + type: object + additionalProperties: false + description: gemfire image + properties: + repo: + type: string + default: registry.tanzu.vmware.com/pivotal-gemfire/vmware-gemfire + version: + type: string + default: 9.15.4 + redis_adapter: + type: object + additionalProperties: false + description: redis adapter image + properties: + repo: + type: string + default: registry.tanzu.vmware.com/tanzu-gemfire-for-redis-apps/gemfire-for-redis-apps + version: + type: string + default: 1.1.0 + sso: + type: object + additionalProperties: false + description: AppSSO starter + properties: + tls: + type: object + additionalProperties: false + description: tls setting + properties: + enabled: + type: boolean + description: enable (recommended to true) + default: false + certname: + type: string + description: cert name + default: cnrs-default-tls + certnamespace: + type: string + description: cert namespace + default: tanzu-system-ingress + testuser_enabled: + type: boolean + description: Enable test users + default: true + providers: + nullable: true + description: Providers + default: [] + redirect_urls: + type: array + description: Redirect URLs + items: + type: string + default: https://example.com + default: [] + template: + spec: + fetch: + - git: + url: https://github.com/mhoshi-vm/tap-carvel + ref: origin/pkgr + subPath: manifests/tap-toolkit-starter.tanzu.japan.com/1.6.1 + template: + - ytt: {} + deploy: + - kapp: {}