From 5592987301820c6772a1955802c3be44a663bc20 Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Thu, 18 Aug 2022 18:45:32 +0200 Subject: [PATCH 1/2] Add: initalize ACK control plane Signed-off-by: Nicolas Lamirault --- krm/ack/README.md | 42 +++++++++++++++++++++++++++++++++++++++++ krm/ack/ecr-values.yaml | 36 +++++++++++++++++++++++++++++++++++ krm/ack/eks-values.yaml | 36 +++++++++++++++++++++++++++++++++++ krm/ack/iam-values.yaml | 36 +++++++++++++++++++++++++++++++++++ krm/ack/s3-values.yaml | 36 +++++++++++++++++++++++++++++++++++ 5 files changed, 186 insertions(+) create mode 100644 krm/ack/README.md create mode 100644 krm/ack/ecr-values.yaml create mode 100644 krm/ack/eks-values.yaml create mode 100644 krm/ack/iam-values.yaml create mode 100644 krm/ack/s3-values.yaml diff --git a/krm/ack/README.md b/krm/ack/README.md new file mode 100644 index 0000000..c8744c2 --- /dev/null +++ b/krm/ack/README.md @@ -0,0 +1,42 @@ +### KRM / ACK + +* Create Kind cluster : + +```shell +> make kind-create ENV=aws +``` + +* Install ACK: + +```shell +> make ack-controlplane ENV=aws +``` + +### Cloud provider credentials + +* AWS + +```shell +> make crossplane-aws-credentials AWS_ACCESS_KEY=xxxxxx AWS_SECRET_KEY=xxxxxxxxx +``` + +* GCP + +```shell +> make crossplane-gcp-credentials GCP_PROJECT_ID=myproject-prod GCP_SERVICE_ACCOUNT_NAME=kubernetes-krm +``` + +* Azure + +```shell +> make crossplane-azure-credentials AZURE_SUBSCRIPTION_ID=xxxxxxx AZURE_PROJECT_NAME=xxxxxx +``` + +### Crossplane Cloud Provider configuration + +* Install ACK controllers: + +```shell +> make ack-controlplane +``` + diff --git a/krm/ack/ecr-values.yaml b/krm/ack/ecr-values.yaml new file mode 100644 index 0000000..ff75dea --- /dev/null +++ b/krm/ack/ecr-values.yaml @@ -0,0 +1,36 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +metrics: + service: + create: true + +resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +aws: + region: "us-west-2" + credentials: + # If specified, Secret with shared credentials file to use. + secretName: "ack-aws-credentials" + # Secret stringData key that contains the credentials + secretKey: "credentials" + # Profile used for AWS credentials + # profile: "default" diff --git a/krm/ack/eks-values.yaml b/krm/ack/eks-values.yaml new file mode 100644 index 0000000..ff75dea --- /dev/null +++ b/krm/ack/eks-values.yaml @@ -0,0 +1,36 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +metrics: + service: + create: true + +resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +aws: + region: "us-west-2" + credentials: + # If specified, Secret with shared credentials file to use. + secretName: "ack-aws-credentials" + # Secret stringData key that contains the credentials + secretKey: "credentials" + # Profile used for AWS credentials + # profile: "default" diff --git a/krm/ack/iam-values.yaml b/krm/ack/iam-values.yaml new file mode 100644 index 0000000..ff75dea --- /dev/null +++ b/krm/ack/iam-values.yaml @@ -0,0 +1,36 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +metrics: + service: + create: true + +resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +aws: + region: "us-west-2" + credentials: + # If specified, Secret with shared credentials file to use. + secretName: "ack-aws-credentials" + # Secret stringData key that contains the credentials + secretKey: "credentials" + # Profile used for AWS credentials + # profile: "default" diff --git a/krm/ack/s3-values.yaml b/krm/ack/s3-values.yaml new file mode 100644 index 0000000..ff75dea --- /dev/null +++ b/krm/ack/s3-values.yaml @@ -0,0 +1,36 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +metrics: + service: + create: true + +resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +aws: + region: "us-west-2" + credentials: + # If specified, Secret with shared credentials file to use. + secretName: "ack-aws-credentials" + # Secret stringData key that contains the credentials + secretKey: "credentials" + # Profile used for AWS credentials + # profile: "default" From 439b63bcd9e37a929465ef2cf24a4ee97b5599cd Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Thu, 18 Aug 2022 18:45:40 +0200 Subject: [PATCH 2/2] Update: Refactoring for ACK Signed-off-by: Nicolas Lamirault --- Makefile | 78 ++++++++++++++++++++--------- README.md | 1 - hack/{kind.local.mk => kind.aws.mk} | 6 +-- hack/kind.crossplane.mk | 17 +++++++ hack/scripts/aws.sh | 18 ++++--- krm/crossplane/README.md | 4 +- 6 files changed, 86 insertions(+), 38 deletions(-) rename hack/{kind.local.mk => kind.aws.mk} (78%) create mode 100644 hack/kind.crossplane.mk diff --git a/Makefile b/Makefile index e895549..582ba79 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Nicolas Lamirault +# Copyright (C) Nicolas Lamirault # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,6 +19,16 @@ KIND_VERSION := $(shell kind --version 2>/dev/null) HELM_CROSSPLANE_VERSION=1.4.1 +KIND_VERSION = v0.14.0 + +CROSSPLANE_NAMESPACE = crossplane-system + +ACK_SYSTEM_NAMESPACE = ack-system +AWS_REGION = us-west-2 +ACK_ECR_VERSION = v0.1.5 +ACK_EKS_VERSION = v0.1.5 +ACK_IAM_VERSION = v0.0.19 +ACK_S3_VERSION = v0.1.4 # ==================================== # D E V E L O P M E N T @@ -51,7 +61,7 @@ kind-install: ## Install Kind ifdef KIND_VERSION @echo "Found version $(KIND_VERSION)" else - @curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64 + @curl -Lo ./kind https://kind.sigs.k8s.io/dl/$(KIND_VERSION)kind-linux-amd64 @chmod +x ./kind @mv ./kind /bin/kind endif @@ -63,7 +73,7 @@ kind-create: guard-ENV ## Creates a local Kubernetes cluster (ENV=xxx) .PHONY: kind-delete kind-delete: guard-ENV ## Delete a local Kubernetes cluster (ENV=xxx) - @echo -e "$(OK_COLOR)[$(APP)] Create Kubernetes cluster ${SERVICE}$(NO_COLOR)" + @echo -e "$(OK_COLOR)[$(APP)] Delete Kubernetes cluster ${SERVICE}$(NO_COLOR)" @kind delete cluster --name=$(CLUSTER) # ==================================== @@ -90,25 +100,6 @@ kubernetes-secret: guard-NAMESPACE guard-NAME guard-FILE ## Generate a Kubernete kubernetes-credentials: guard-ENV guard-CLOUD ## Generate credentials (CLOUD=xxxx ENV=xxx) @kubectl config use-context $(KUBE_CONTEXT) -# ==================================== -# C L O U D -# ==================================== - -##@ Cloud - -.PHONY: cloud-gcp-credentials -cloud-gcp-credentials: guard-GCP_PROJECT_ID guard-GCP_SERVICE_ACCOUNT_NAME ## Generate credentials for GCP (GCP_PROJECT_ID=xxx GCP_SERVICE_ACCOUNT_NAME=xxx GCP_SERVICE_ACCOUNT_KEYFILE=xxx) - @./hack/scripts/gcp.sh $(GCP_PROJECT_ID) $(GCP_SERVICE_ACCOUNT_NAME) - -.PHONY: cloud-aws-credentials -cloud-aws-credentials: guard-AWS_ACCESS_KEY guard-AWS_SECRET_KEY ## Generate credentials for AWS (AWS_ACCESS_KEY=xxx AWS_SECRET_KEY=xxx) - @./hack/scripts/aws.sh $(AWS_ACCESS_KEY) $(AWS_SECRET_KEY) - -.PHONY: cloud-azure-credentials -cloud-azure-credentials: guard-AZURE_SUBSCRIPTION_ID guard-AZURE_PROJECT_NAME ## Generate credentials for Azure - @./hack/scripts/azure.sh $(AZURE_SUBSCRIPTION_ID) $(AZURE_PROJECT_NAME) - - # ==================================== # C R O S S P L A N E # ==================================== @@ -117,10 +108,9 @@ cloud-azure-credentials: guard-AZURE_SUBSCRIPTION_ID guard-AZURE_PROJECT_NAME ## .PHONY: crossplane-controlplane crossplane-controlplane: ## Install Crossplane using Helm - @kubectl create namespace crossplane-system @helm repo add crossplane-stable https://charts.crossplane.io/stable @helm repo update - @helm install crossplane --namespace crossplane-system crossplane-stable/crossplane --version $(HELM_CROSSPLANE_VERSION) + @helm install crossplane --create-namespace --namespace $(CROSSPLANE_NAMESPACE) crossplane-stable/crossplane --version $(HELM_CROSSPLANE_VERSION) .PHONY: crossplane-provider crossplane-provider: guard-CLOUD guard-ACTION ## Setup the Crossplane provider (CLOUD=xxx ACTION=xxx) @@ -133,3 +123,43 @@ crossplane-config: guard-CLOUD guard-ACTION ## The Crossplane configuration (CLO .PHONY: crossplane-infra crossplane-infra: guard-CLOUD guard-ACTION ## The Crossplane provider (CLOUD=xxx ACTION=xxx) @kustomize build krm/$(CLOUD)/infra | kubectl $(ACTION) -f - + +.PHONY: crossplane-gcp-credentials +crossplane-gcp-credentials: guard-GCP_PROJECT_ID guard-GCP_SERVICE_ACCOUNT_NAME ## Generate credentials for GCP (GCP_PROJECT_ID=xxx GCP_SERVICE_ACCOUNT_NAME=xxx GCP_SERVICE_ACCOUNT_KEYFILE=xxx) + @./hack/scripts/gcp.sh $(GCP_PROJECT_ID) $(GCP_SERVICE_ACCOUNT_NAME) + +.PHONY: crossplane-aws-credentials +crossplane-aws-credentials: guard-AWS_ACCESS_KEY_ID guard-AWS_SECRET_ACCESS_KEY ## Generate credentials for AWS (AWS_ACCESS_KEY=xxx AWS_SECRET_ACCESS_KEY=xxx) + @./hack/scripts/aws.sh $(AWS_ACCESS_KEY_ID) $(AWS_SECRET_ACCESS_KEY) crossplane-aws-credentials crossplane-system + +.PHONY: crossplane-azure-credentials +crossplane-azure-credentials: guard-AZURE_SUBSCRIPTION_ID guard-AZURE_PROJECT_NAME ## Generate credentials for Azure + @./hack/scripts/azure.sh $(AZURE_SUBSCRIPTION_ID) $(AZURE_PROJECT_NAME) + + +# ==================================== +# ACK +# ==================================== + +.PHONY: ack-aws +ack-aws: ## Authentication on the ECR public Helm registry + aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin public.ecr.aws + +.PHONY: ack-aws-credentials +ack-aws-credentials: guard-AWS_ACCESS_KEY_ID guard-AWS_SECRET_ACCESS_KEY ## Generate credentials for AWS (AWS_ACCESS_KEY=xxx AWS_SECRET_ACCESS_KEY=xxx) + @./hack/scripts/aws.sh $(AWS_ACCESS_KEY_ID) $(AWS_SECRET_ACCESS_KEY) ack-aws-credentials ack-system + +.PHONY: ack-controlplane +ack-controlplane: ## Install the ACK controllers + helm upgrade --install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-ecr-controller \ + oci://public.ecr.aws/aws-controllers-k8s/ecr-chart --version=$(ACK_ECR_VERSION) \ + -f krm/ack/ecr-values.yaml + helm upgrade --install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-eks-controller \ + oci://public.ecr.aws/aws-controllers-k8s/eks-chart --version=$(ACK_EKS_VERSION) \ + -f krm/ack/eks-values.yaml + helm install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-iam-controller \ + oci://public.ecr.aws/aws-controllers-k8s/iam-chart --version=$(ACK_IAM_VERSION) \ + -f krm/ack/iam-values.yaml + helm install --create-namespace --namespace $(ACK_SYSTEM_NAMESPACE) ack-s3-controller \ + oci://public.ecr.aws/aws-controllers-k8s/s3-chart --version=$(ACK_S3_VERSION) \ + -f krm/ack/s3-values.yaml diff --git a/README.md b/README.md index 50e7919..6847207 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,6 @@ Tools: * [Config Connector](https://cloud.google.com/config-connector/docs/overview) * [Azure Service Operator](https://github.com/Azure/azure-service-operator) - ## Contributing See [CONTRIBUTING.md](./CONTRIBUTING.md) diff --git a/hack/kind.local.mk b/hack/kind.aws.mk similarity index 78% rename from hack/kind.local.mk rename to hack/kind.aws.mk index ce95d58..25845a4 100644 --- a/hack/kind.local.mk +++ b/hack/kind.aws.mk @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Nicolas Lamirault +# Copyright (C) Nicolas Lamirault # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -CLUSTER_local = portefaix-krm-local +CLUSTER_aws = portefaix-krm-aws -KUBE_CONTEXT_local = kind-portefaix-krm-local \ No newline at end of file +KUBE_CONTEXT_aws = kind-portefaix-krm-aws diff --git a/hack/kind.crossplane.mk b/hack/kind.crossplane.mk new file mode 100644 index 0000000..82cabe8 --- /dev/null +++ b/hack/kind.crossplane.mk @@ -0,0 +1,17 @@ +# Copyright (C) Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +CLUSTER_crossplane = portefaix-krm-crossplane + +KUBE_CONTEXT_crossplane = kind-portefaix-krm-crossplane diff --git a/hack/scripts/aws.sh b/hack/scripts/aws.sh index 13ac5b3..708cb0c 100755 --- a/hack/scripts/aws.sh +++ b/hack/scripts/aws.sh @@ -19,8 +19,8 @@ color_red="\\e[31m" color_green="\\e[32m" color_blue="\\e[36m"; -declare -r this_dir=$(cd $(dirname ${BASH_SOURCE[0]}) && pwd) -declare -r root_dir=$(cd ${this_dir}/../.. && pwd) +# declare -r this_dir=$(cd $(dirname ${BASH_SOURCE[0]}) && pwd) +# declare -r root_dir=$(cd ${this_dir}/../.. && pwd) function echo_fail { echo -e "${color_red}✖ $*${reset_color}"; } function echo_success { echo -e "${color_green}✔ $*${reset_color}"; } @@ -36,15 +36,17 @@ echo_info "[AWS] Configure AWS provider" # EOF # ) -AWS_ACCESS_KEY=$1 +AWS_ACCESS_KEY_ID=$1 AWS_SECRET_KEY=$2 -if [[ -z "${AWS_ACCESS_KEY}" || -z "${AWS_SECRET_KEY}" ]]; then +SECRET_NAME=$3 +NAMESPACE=$4 +if [[ -z "${AWS_ACCESS_KEY_ID}" || -z "${AWS_SECRET_KEY}" ]]; then echo_fail "error reading AWS credentials" exit 1 fi AWS_CREDS_ENCODED=$(cat < make kind-create ENV=local +> make kind-create ENV=crossplane ``` * Install Crossplane: ```shell -> make crossplane-controlplane ACTION=apply +> make crossplane-controlplane ENV=crossplane ``` ### Cloud provider credentials