diff --git a/go.mod b/go.mod index 418024ce10..d3f939cfef 100644 --- a/go.mod +++ b/go.mod @@ -26,6 +26,9 @@ require ( golang.org/x/term v0.17.0 google.golang.org/api v0.149.0 gopkg.in/yaml.v3 v3.0.1 + k8s.io/api v0.26.3 // indirect + k8s.io/apimachinery v0.26.3 + k8s.io/client-go v0.26.1 sigs.k8s.io/yaml v1.4.0 ) @@ -39,49 +42,56 @@ require ( ) require ( - github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect - github.com/cilium/ebpf v0.7.0 // indirect - github.com/containerd/console v1.0.3 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.1.9 // indirect github.com/containers/storage v1.51.0 // indirect - github.com/coreos/go-systemd/v22 v22.5.0 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect - github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/distribution/reference v0.5.0 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v24.0.7+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/godbus/dbus/v5 v5.1.0 // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect + github.com/go-logr/logr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.4 // indirect + github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.0.0 // indirect + github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.1.0 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/imdario/mergo v0.3.6 // indirect + github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.3 // indirect github.com/klauspost/pgzip v1.2.6 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/moby/sys/mountinfo v0.7.1 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/mrunalp/fileutils v0.5.1 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0-rc5 // indirect github.com/opencontainers/runc v1.1.12 // indirect github.com/opencontainers/runtime-spec v1.1.0 // indirect - github.com/opencontainers/selinux v1.11.0 // indirect - github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/seccomp/libseccomp-golang v0.10.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect github.com/ulikunitz/xz v0.5.11 // indirect - github.com/urfave/cli v1.22.12 // indirect github.com/vbatts/tar-split v0.11.5 // indirect - github.com/vishvananda/netlink v1.2.1-beta.2 // indirect - github.com/vishvananda/netns v0.0.4 // indirect + golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + k8s.io/klog/v2 v2.80.1 // indirect + k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect + k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect + sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) require ( diff --git a/go.sum b/go.sum index 084a21eb07..d6f23fcc2f 100644 --- a/go.sum +++ b/go.sum @@ -20,12 +20,10 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.2 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 h1:7CBQ+Ei8SP2c6ydQTGCCrS35bDxgTMfoP2miAwK++OU= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armsubscriptions v1.2.0 h1:Pmy0+3ox1IC3sp6musv87BFPIdQbqyPFjn7I8I0o2Js= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armsubscriptions v1.2.0/go.mod h1:ThfyMjs6auYrWPnYJjI3H4H++oVPrz01pizpu8lfl3A= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 h1:WpB/QDNLpMw72xHJc34BNNykqSOeEJDAWkhf0u12/Jk= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= -github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= @@ -64,15 +62,11 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 h1:rIFn5J3yDoeuKCE9sESXqM5POTAh github.com/aws/aws-sdk-go-v2/service/sts v1.18.6/go.mod h1:48WJ9l3dwP0GSHWGc5sFGGlCkuA82Mc2xnw+T6Q8aDw= github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/checkpoint-restore/go-criu/v5 v5.3.0 h1:wpFFOoomK3389ue2lAb0Boag6XPht5QYpipxmSNL4d8= -github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= -github.com/cilium/ebpf v0.7.0 h1:1k/q3ATgxSXRdrmPfH8d7YK0GfqVsEKZAX9dQZvs56k= -github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= -github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/containers/common v0.57.4 h1:kmfBad92kUjP5X44BPpOwMe+eZQqaKETfS+ASeL0g+g= github.com/containers/common v0.57.4/go.mod h1:o3L3CyOI9yr+JC8l4dZgvqTxcjs3qdKmkek00uchgvw= github.com/containers/image/v5 v5.29.2 h1:b8U0XYWhaQbKucK73IbmSm8WQyKAhKDbAHQc45XlsOw= @@ -83,21 +77,15 @@ github.com/containers/ocicrypt v1.1.9 h1:2Csfba4jse85Raxk5HIyEk8OwZNjRvfkhEGijOj github.com/containers/ocicrypt v1.1.9/go.mod h1:dTKx1918d8TDkxXvarscpNVY+lyPakPNFN4jwA9GBys= github.com/containers/storage v1.51.0 h1:AowbcpiWXzAjHosKz7MKvPEqpyX+ryZA/ZurytRrFNA= github.com/containers/storage v1.51.0/go.mod h1:ybl8a3j1PPtpyaEi/5A6TOFs+5TrEyObeKJzVtkUlfc= -github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= -github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= +github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= @@ -106,8 +94,12 @@ github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E1 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -116,7 +108,16 @@ github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU= @@ -125,9 +126,9 @@ github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/j github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ= github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= -github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -148,18 +149,23 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= +github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20230323073829-e72429f035bd h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= @@ -178,8 +184,8 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= @@ -187,13 +193,18 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA= github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= @@ -205,31 +216,34 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98= github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= -github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= +github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM= github.com/oleiade/reflections v1.0.1/go.mod h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60= +github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= -github.com/opencontainers/runc v1.1.10 h1:EaL5WeO9lv9wmS6SASjszOeQdSctvpbu0DdBQBizE40= -github.com/opencontainers/runc v1.1.10/go.mod h1:+/R6+KmDlh+hOO8NkjmgkG9Qzvypzk0yXxAPYYR65+M= github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss= github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg= github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= -github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= @@ -240,31 +254,30 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= +github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= -github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= -github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= -github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sosedoff/ansible-vault-go v0.1.1 h1:3yU5yxPnK70Exemc0FKFPYCul7YB1EM9Of1Dd7xBzFI= github.com/sosedoff/ansible-vault-go v0.1.1/go.mod h1:u74h49t5XRrBQpubnCr8PXRABdzTEuM+nHUn1mGYgtI= -github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -275,33 +288,29 @@ github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtse github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8= -github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= -github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs= -github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= -github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= -github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 h1:5llv2sWeaMSnA3w2kS57ouQQ4pudlXrR0dCgw51QK9o= -golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -309,6 +318,8 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -321,21 +332,19 @@ golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74Ow golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -353,15 +362,22 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY= google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -371,6 +387,7 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo= google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= @@ -390,27 +407,46 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU= +k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE= +k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k= +k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= +k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= +k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/cluster/internal/create/actions/createworker/aws.go b/pkg/cluster/internal/create/actions/createworker/aws.go index d85207fae7..76bdf599a4 100644 --- a/pkg/cluster/internal/create/actions/createworker/aws.go +++ b/pkg/cluster/internal/create/actions/createworker/aws.go @@ -20,13 +20,19 @@ import ( "context" _ "embed" "encoding/base64" + "fmt" "regexp" "strconv" "strings" + "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/ec2" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/aws/aws-sdk-go-v2/service/ecr" "gopkg.in/yaml.v3" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/kubernetes" "sigs.k8s.io/kind/pkg/cluster/nodes" "sigs.k8s.io/kind/pkg/commons" "sigs.k8s.io/kind/pkg/errors" @@ -39,22 +45,43 @@ var awsInternalIngress []byte //go:embed files/aws/public-ingress-nginx.yaml var awsPublicIngress []byte +//go:embed files/aws/compositeresourcedefinition-hostedzones-aws.yaml +var awsCRDHostedZones []byte + +//go:embed files/aws/compositeresourcedefinition-hostedzones-eks.yaml +var eksCRDHostedZones []byte + type AWSBuilder struct { - capxProvider string - capxVersion string - capxImageVersion string - capxManaged bool - capxName string - capxEnvVars []string - scParameters commons.SCParameters - scProvisioner string - csiNamespace string + capxProvider string + capxVersion string + capxImageVersion string + capxManaged bool + capxName string + capxEnvVars []string + scParameters commons.SCParameters + scProvisioner string + csiNamespace string + crossplaneProviders map[string]string } func newAWSBuilder() *AWSBuilder { return &AWSBuilder{} } +type CrossplaneAwsParams struct { + Region string + VPCId string + ClusterName string + ExternalDomain string + CreateCredentials bool + Addon string + AccountID string + OIDCProviderID string +} + +var crossplaneAwsAddons = []string{"external-dns"} +var crossplaneEKSAddons = []string{"external-dns"} + func (b *AWSBuilder) setCapx(managed bool) { b.capxProvider = "aws" b.capxVersion = "v2.2.1" @@ -100,6 +127,26 @@ func (b *AWSBuilder) setSC(p ProviderParams) { } } +func (b *AWSBuilder) setCrossplaneProviders(addons []string) { + + b.crossplaneProviders = map[string]string{ + "provider-family-aws": "v1.8.0", + } + + for _, addon := range addons { + switch addon { + case "external-dns": + b.crossplaneProviders["provider-aws-route53"] = "v1.8.0" + b.crossplaneProviders["provider-aws-iam"] = "v1.8.0" + } + } +} + +func (b *AWSBuilder) getCrossplaneProviders(addons []string) map[string]string { + b.setCrossplaneProviders(addons) + return b.crossplaneProviders +} + func (b *AWSBuilder) getProvider() Provider { return Provider{ capxProvider: b.capxProvider, @@ -370,3 +417,204 @@ func (b *AWSBuilder) postInstallPhase(n nodes.Node, k string) error { return nil } + +func (b *AWSBuilder) getCrossplaneProviderConfigContent(credentials map[string]*map[string]string, addon string, clusterName string, kubeconfigString string) (string, bool, error) { + credentialsFound := true + addonCredentials := credentials[addon] + if isEmptyCredsMap(*addonCredentials, b.capxProvider) { + credentialsFound = false + addonCredentials = credentials["crossplane"] + } + awsCredentials := "[default]\naws_access_key_id = " + (*addonCredentials)["AccessKey"] + "\naws_secret_access_key = " + (*addonCredentials)["SecretKey"] + "\n" + return awsCredentials, credentialsFound, nil +} + +func (b *AWSBuilder) getAddons(clusterManaged bool, addonsParams map[string]*bool) []string { + var addons []string + addonsReference := crossplaneEKSAddons + if !clusterManaged { + addonsReference = crossplaneAwsAddons + } + for _, addon := range addonsReference { + enabled := addonsParams[addon] + if (enabled != nil && *enabled) || enabled == nil { + addons = append(addons, addon) + } + } + + return addons +} + +func (b *AWSBuilder) getCrossplaneCRManifests(keosCluster commons.KeosCluster, credentials map[string]string, workloadClusterInstallation bool, credentialsFound bool, addon string, customParams map[string]string) ([]string, map[string]string, error) { + var manifests = []string{} + compositionsToWait := make(map[string]string) + var err error = nil + params := CrossplaneAwsParams{ + Region: keosCluster.Spec.Region, + ClusterName: keosCluster.Metadata.Name, + ExternalDomain: keosCluster.Spec.ExternalDomain, + CreateCredentials: !credentialsFound, + Addon: addon, + AccountID: credentials["AccountID"], + } + + switch addon { + case "external-dns": + vpcId := keosCluster.Spec.Networks.VPCID + + if vpcId == "" { + vpcId, err = getVpcId(keosCluster, credentials) + if err != nil { + return nil, nil, err + } + } + + params.VPCId = vpcId + if !keosCluster.Spec.ControlPlane.Managed { + manifests = append(manifests, string(awsCRDHostedZones)) + compositionsToWait["xAWSZonesConfig"] = keosCluster.Metadata.Name + "-zones-config" + compositionHostedZones, err := getManifest("aws", "composition-hostedzones-aws.tmpl", params) + if err != nil { + return nil, nil, err + } + manifests = append(manifests, compositionHostedZones) + hostedZone, err := getManifest("aws", "hostedzone.aws.tmpl", params) + if err != nil { + return nil, nil, err + } + manifests = append(manifests, hostedZone) + } else { + params.OIDCProviderID = customParams["oidcProviderId"] + manifests = append(manifests, string(eksCRDHostedZones)) + compositionsToWait["xAWSZonesConfig"] = keosCluster.Metadata.Name + "-zones-config" + compositionHostedZones, err := getManifest("aws", "composition-hostedzones-eks.tmpl", params) + if err != nil { + return nil, nil, err + } + manifests = append(manifests, compositionHostedZones) + hostedZone, err := getManifest("aws", "hostedzone.eks.tmpl", params) + if err != nil { + return nil, nil, err + } + manifests = append(manifests, hostedZone) + } + + } + + return manifests, compositionsToWait, nil +} + +func getAWSVPCByName(config aws.Config, vpcName string) ([]string, error) { + vpcs := []string{} + + client := ec2.NewFromConfig(config) + DescribeVpcOpts := &ec2.DescribeVpcsInput{Filters: []types.Filter{ + { + Name: aws.String("tag:Name"), + Values: []string{vpcName}, + }, + }} + output, err := client.DescribeVpcs(context.Background(), DescribeVpcOpts) + if err != nil { + return []string{}, err + } + for _, vpc := range output.Vpcs { + vpcs = append(vpcs, *vpc.VpcId) + } + return vpcs, nil +} + +func (b *AWSBuilder) getExternalDNSCreds(n nodes.Node, clusterName string, clientset *kubernetes.Clientset, credentials map[string]string) (map[string]string, error) { + + secret, err := clientset.CoreV1().Secrets("crossplane-system").Get(context.TODO(), clusterName+"-external-dns-accesskey-secret", metav1.GetOptions{}) + if err != nil { + return nil, errors.Wrap(err, "failed to get external-dns credentials secret") + } + accessKey := string(secret.Data["username"]) + secretKey := string(secret.Data["password"]) + externalDnsCredsMap := map[string]string{ + "AccessKey": accessKey, + "SecretKey": secretKey, + } + return externalDnsCredsMap, nil +} + +func (b *AWSBuilder) getAddonsReleaseInstallation(addon string) []InstallationReleases { + switch addon { + case "external-dns": + return []InstallationReleases{{Provider: "aws", Releases: []string{"external-dns"}}} + } + return []InstallationReleases{} +} + +func (b *AWSBuilder) createExternalDNSCredsSecret(n nodes.Node, kubeconfigPath string, credentials map[string]string, managed bool, clusterName string) error { + if !managed { + c := "echo '[default]\naws_access_key_id = " + credentials["AccessKey"] + "\naws_secret_access_key = " + credentials["SecretKey"] + "\n' > " + externalDnsWorkloadCredsFile + // Create secret for AWS credentials + _, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to create external-dns credentials secret") + } + + c = "kubectl --kubeconfig " + kubeconfigPath + " -n external-dns create secret generic external-dns-creds" + + " --from-file=credentials=" + externalDnsWorkloadCredsFile + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to create external-dns-creds credentials secret") + } + } + return nil +} + +func getRoleArn(clusterName string, kubeconfigString string) (string, error) { + gvr := schema.GroupVersionResource{ + Group: "configs.stratio.io", + Version: "v1alpha1", + Resource: "xawszonesconfigs", + } + xAWSZonesConfig, err := getObject(clusterName+"-zones-config", kubeconfigString, gvr, false, "") + if err != nil { + return "", err + } + roleArn := xAWSZonesConfig["status"].(map[string]interface{})["role"].(map[string]interface{})["arn"].(string) + if roleArn != "" { + return roleArn, nil + } + return "", errors.New("Role ARN not found") +} + +func getVpcId(keosCluster commons.KeosCluster, credentials map[string]string) (string, error) { + var ctx = context.TODO() + cfg, err := commons.AWSGetConfig(ctx, credentials, keosCluster.Spec.Region) + if err != nil { + return "", err + } + vpcs, _ := getAWSVPCByName(cfg, keosCluster.Metadata.Name+"-vpc") + if len(vpcs) == 0 { + return "", errors.New("Cannot create Crossplane Resources: No VPCs found") + } + if len(vpcs) > 1 { + return "", errors.New("Cannot create Crossplane Resources: More than one VPC found") + } + return vpcs[0], nil +} + +func getOIDCProviderId(clusterName string) (string, error) { + gvr := schema.GroupVersionResource{ + Group: "cluster.x-k8s.io", + Version: "v1beta1", + Resource: "clusters", + } + cluster, err := getObject(clusterName, "", gvr, true, "cluster-"+clusterName) + if err != nil { + return "", err + } + fmt.Println("cluster") + fmt.Println(cluster) + controlplaneHost := cluster["spec"].(map[string]interface{})["controlPlaneEndpoint"].(map[string]interface{})["host"].(string) + if controlplaneHost == "" { + return "", errors.New("oidcProviderId cannot be found") + } + oidcProviderId := strings.Split(strings.Split(controlplaneHost, "//")[1], ".")[0] + return oidcProviderId, nil +} diff --git a/pkg/cluster/internal/create/actions/createworker/azure.go b/pkg/cluster/internal/create/actions/createworker/azure.go index 4cf25cef58..2ee6981394 100644 --- a/pkg/cluster/internal/create/actions/createworker/azure.go +++ b/pkg/cluster/internal/create/actions/createworker/azure.go @@ -29,6 +29,9 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4" "gopkg.in/yaml.v3" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/kubernetes" "sigs.k8s.io/kind/pkg/cluster/nodes" "sigs.k8s.io/kind/pkg/commons" "sigs.k8s.io/kind/pkg/errors" @@ -41,18 +44,33 @@ var azureStorageClasses string //go:embed files/azure/internal-ingress-nginx.yaml var azureInternalIngress []byte +//go:embed files/azure/compositereourcedefinition-hostedzones-azure.yaml +var azureCRDHostedZones []byte + type AzureBuilder struct { - capxProvider string - capxVersion string - capxImageVersion string - capxManaged bool - capxName string - capxEnvVars []string - scParameters commons.SCParameters - scProvisioner string - csiNamespace string + capxProvider string + capxVersion string + capxImageVersion string + capxManaged bool + capxName string + capxEnvVars []string + scParameters commons.SCParameters + scProvisioner string + csiNamespace string + crossplaneProviders map[string]string +} + +type CrossplaneAzureParams struct { + ClusterName string + ExternalDomain string + Addon string + SubscriptionID string + Managed bool } +var crossplaneAzureAddons = []string{"external-dns"} +var crossplaneAKSAddons = []string{"external-dns"} + func newAzureBuilder() *AzureBuilder { return &AzureBuilder{} } @@ -359,3 +377,143 @@ func (b *AzureBuilder) postInstallPhase(n nodes.Node, k string) error { } return nil } + +func (b *AzureBuilder) getCrossplaneProviderConfigContent(credentials map[string]*map[string]string, addon string, clusterName string, kubeconfigString string) (string, bool, error) { + credentialsFound := true + addonCredentials := credentials[addon] + if isEmptyCredsMap(*addonCredentials, b.capxProvider) { + credentialsFound = false + addonCredentials = credentials["crossplane"] + } + azureCredentials := "{\n\"clientId\": \"" + (*addonCredentials)["ClientID"] + "\",\n" + "\"clientSecret\": \"" + (*addonCredentials)["ClientSecret"] + "\",\n" + "\"subscriptionId\": \"" + (*addonCredentials)["SubscriptionID"] + "\",\n" + "\"tenantId\": \"" + (*addonCredentials)["TenantID"] + "\"\n}" + return azureCredentials, credentialsFound, nil +} + +func (b *AzureBuilder) getAddons(clusterManaged bool, addonsParams map[string]*bool) []string { + var addons []string + addonsReference := crossplaneAKSAddons + if !clusterManaged { + addonsReference = crossplaneAzureAddons + } + for _, addon := range addonsReference { + enabled := addonsParams[addon] + if (enabled != nil && *enabled) || enabled == nil { + addons = append(addons, addon) + } + } + + return addons +} + +func (b *AzureBuilder) getCrossplaneCRManifests(keosCluster commons.KeosCluster, credentials map[string]string, workloadClusterInstallation bool, credentialsFound bool, addon string, customParams map[string]string) ([]string, map[string]string, error) { + var manifests = []string{} + compositionsToWait := make(map[string]string) + params := CrossplaneAzureParams{ + ClusterName: keosCluster.Metadata.Name, + ExternalDomain: keosCluster.Spec.ExternalDomain, + Addon: addon, + SubscriptionID: credentials["SubscriptionID"], + Managed: keosCluster.Spec.ControlPlane.Managed, + } + switch addon { + case "external-dns": + manifests = append(manifests, string(azureCRDHostedZones)) + compositionsToWait["xAzureZonesConfig"] = keosCluster.Metadata.Name + "-zones-config" + compositionHostedZones, err := getManifest("azure", "composition-hostedzones-azure.tmpl", params) + if err != nil { + return nil, nil, err + } + manifests = append(manifests, compositionHostedZones) + hostedZone, err := getManifest("azure", "hostedzone.azure.tmpl", params) + if err != nil { + return nil, nil, err + } + manifests = append(manifests, hostedZone) + } + + return manifests, compositionsToWait, nil +} + +func (b *AzureBuilder) setCrossplaneProviders(addons []string) { + + b.crossplaneProviders = map[string]string{ + "provider-family-azure": "v1.5.0", + } + + for _, addon := range addons { + switch addon { + case "external-dns": + b.crossplaneProviders["provider-azure-network"] = "v1.5.0" + b.crossplaneProviders["provider-azuread"] = "v1.4.0" + b.crossplaneProviders["provider-azure-authorization"] = "v1.5.0" + } + } +} + +func (b *AzureBuilder) getCrossplaneProviders(addons []string) map[string]string { + b.setCrossplaneProviders(addons) + return b.crossplaneProviders +} + +func (b *AzureBuilder) getExternalDNSCreds(n nodes.Node, clusterName string, clientset *kubernetes.Clientset, credentials map[string]string) (map[string]string, error) { + + secret, err := clientset.CoreV1().Secrets("crossplane-system").Get(context.TODO(), clusterName+"-external-dns-principal-application-secret", metav1.GetOptions{}) + if err != nil { + return nil, errors.Wrap(err, "failed to get external-dns credentials secret") + } + secretKey := string(secret.Data["attribute.value"]) + + c := "kubectl --kubeconfig " + kubeconfigPath + " get xazurezonesconfigs " + clusterName + "-zones-config -o jsonpath='{.status.application.applicationId}'" + applicationId, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return nil, errors.Wrap(err, "failed to get applicationId") + } + externalDnsCredsMap := map[string]string{ + "ClientID": applicationId, + "ClientSecret": secretKey, + "SubscriptionID": credentials["SubscriptionID"], + "TenantID": credentials["TenantID"], + } + return externalDnsCredsMap, nil +} + +func (b *AzureBuilder) getAddonsReleaseInstallation(addon string) []InstallationReleases { + switch addon { + case "external-dns": + return []InstallationReleases{{Provider: "azure", Releases: []string{"external-dns"}}, {Provider: "azure-private-dns", Releases: []string{"private-external-dns"}}} + } + return []InstallationReleases{} +} + +func (b *AzureBuilder) createExternalDNSCredsSecret(n nodes.Node, kubeconfigPath string, credentials map[string]string, managed bool, clusterName string) error { + // Create secret for Azure credentials + c := "echo \"{\n\"aadClientId\": \"" + credentials["ClientID"] + "\",\n" + "\"aadClientSecret\": \"" + credentials["ClientSecret"] + "\",\n" + "\"subscriptionId\": \"" + credentials["SubscriptionID"] + "\",\n" + "\"resourceGroup\": \"" + clusterName + "\",\n" + "\"tenantId\": \"" + credentials["TenantID"] + "\"\n}\" > " + externalDnsWorkloadCredsFile + _, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to create external-dns credentials secret") + } + c = "kubectl --kubeconfig " + kubeconfigPath + " -n external-dns create secret generic external-dns-creds" + + " --from-file=azure.json=" + externalDnsWorkloadCredsFile + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to create external-dns-creds credentials secret") + } + return nil +} + +func getApplicationId(clusterName string, kubeconfigString string) (string, error) { + gvr := schema.GroupVersionResource{ + Group: "configs.stratio.io", + Version: "v1alpha1", + Resource: "xazurezonesconfigs", + } + xAzureZonesConfig, err := getObject(clusterName+"-zones-config", kubeconfigString, gvr, false, "") + if err != nil { + return "", err + } + applicationId := xAzureZonesConfig["status"].(map[string]interface{})["application"].(map[string]interface{})["applicationId"].(string) + if applicationId != "" { + return applicationId, nil + } + return "", errors.New("ApplicationID not found") +} diff --git a/pkg/cluster/internal/create/actions/createworker/createworker.go b/pkg/cluster/internal/create/actions/createworker/createworker.go index 095546c9e9..4b9b5d3ea8 100644 --- a/pkg/cluster/internal/create/actions/createworker/createworker.go +++ b/pkg/cluster/internal/create/actions/createworker/createworker.go @@ -23,9 +23,13 @@ import ( _ "embed" "encoding/json" "os" + "reflect" "strings" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" "sigs.k8s.io/kind/pkg/cluster/internal/create/actions" + "sigs.k8s.io/kind/pkg/cluster/nodes" "sigs.k8s.io/kind/pkg/commons" "sigs.k8s.io/kind/pkg/errors" "sigs.k8s.io/kind/pkg/exec" @@ -57,6 +61,7 @@ type HelmRegistry struct { const ( kubeconfigPath = "/kind/worker-cluster.kubeconfig" + localKubeconfigPath = "/etc/kubernetes/admin.conf" workKubeconfigPath = ".kube/config" CAPILocalRepository = "/root/.cluster-api/local-repository" cloudProviderBackupPath = "/kind/backup/objects" @@ -79,6 +84,10 @@ var allowCommonEgressNetPol string //go:embed files/gcp/rbac-loadbalancing.yaml var rbacInternalLoadBalancing string +var infra *Infra + +var credentials map[string]*map[string]string + // NewAction returns a new action for installing default CAPI func NewAction(vaultPassword string, descriptorPath string, moveManagement bool, avoidCreation bool, keosCluster commons.KeosCluster, clusterCredentials commons.ClusterCredentials, clusterConfig *commons.ClusterConfig) actions.Action { return &action{ @@ -115,7 +124,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { } providerBuilder := getBuilder(a.keosCluster.Spec.InfraProvider) - infra := newInfra(providerBuilder) + infra = newInfra(providerBuilder) provider := infra.buildProvider(providerParams) for _, registry := range a.keosCluster.Spec.DockerRegistries { @@ -135,7 +144,6 @@ func (a *action) Execute(ctx *actions.ActionContext) error { keosRegistry.user = a.clusterCredentials.KeosRegistryCredentials["User"] keosRegistry.pass = a.clusterCredentials.KeosRegistryCredentials["Pass"] } - awsEKSEnabled := a.keosCluster.Spec.InfraProvider == "aws" && a.keosCluster.Spec.ControlPlane.Managed isMachinePool := a.keosCluster.Spec.InfraProvider != "aws" && a.keosCluster.Spec.ControlPlane.Managed gcpGKEEnabled := a.keosCluster.Spec.InfraProvider == "gcp" && a.keosCluster.Spec.ControlPlane.Managed @@ -409,8 +417,8 @@ func (a *action) Execute(ctx *actions.ActionContext) error { // Get the workload cluster kubeconfig c = "clusterctl -n " + capiClustersNamespace + " get kubeconfig " + a.keosCluster.Metadata.Name + " | tee " + kubeconfigPath - kubeconfig, err := commons.ExecuteCommand(n, c, 3, 5) - if err != nil || kubeconfig == "" { + kubeconfigString, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil || kubeconfigString == "" { return errors.Wrap(err, "failed to get workload cluster kubeconfig") } @@ -429,7 +437,7 @@ func (a *action) Execute(ctx *actions.ActionContext) error { return err } } - err = os.WriteFile(workKubeconfigPath, []byte(kubeconfig), 0600) + err = os.WriteFile(workKubeconfigPath, []byte(kubeconfigString), 0600) if err != nil { return errors.Wrap(err, "failed to save the workload cluster kubeconfig") } @@ -546,35 +554,35 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.End(true) // End Preparing nodes in workload cluster if awsEKSEnabled { - c = "kubectl --kubeconfig " + kubeconfigPath + " get clusterrole aws-node -o jsonpath='{.rules}'" - awsnoderules, err := commons.ExecuteCommand(n, c, 3, 5) - if err != nil { - return errors.Wrap(err, "failed to get aws-node clusterrole rules") - } - var rules []json.RawMessage - err = json.Unmarshal([]byte(awsnoderules), &rules) - if err != nil { - return errors.Wrap(err, "failed to parse aws-node clusterrole rules") - } - rules = append(rules, json.RawMessage(`{"apiGroups": [""],"resources": ["pods"],"verbs": ["patch"]}`)) - newawsnoderules, err := json.Marshal(rules) - if err != nil { - return errors.Wrap(err, "failed to marshal aws-node clusterrole rules") - } - c = "kubectl --kubeconfig " + kubeconfigPath + " patch clusterrole aws-node -p '{\"rules\": " + string(newawsnoderules) + "}'" - _, err = commons.ExecuteCommand(n, c, 3, 5) - if err != nil { - return errors.Wrap(err, "failed to patch aws-node clusterrole") - } - } - - // Ensure CoreDNS replicas are assigned to different nodes - // once more than 2 control planes or workers are running - c = "kubectl --kubeconfig " + kubeconfigPath + " -n kube-system rollout restart deployment coredns" - _, err = commons.ExecuteCommand(n, c, 3, 5) - if err != nil { - return errors.Wrap(err, "failed to restart coredns deployment") - } + c = "kubectl --kubeconfig " + kubeconfigPath + " get clusterrole aws-node -o jsonpath='{.rules}'" + awsnoderules, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to get aws-node clusterrole rules") + } + var rules []json.RawMessage + err = json.Unmarshal([]byte(awsnoderules), &rules) + if err != nil { + return errors.Wrap(err, "failed to parse aws-node clusterrole rules") + } + rules = append(rules, json.RawMessage(`{"apiGroups": [""],"resources": ["pods"],"verbs": ["patch"]}`)) + newawsnoderules, err := json.Marshal(rules) + if err != nil { + return errors.Wrap(err, "failed to marshal aws-node clusterrole rules") + } + c = "kubectl --kubeconfig " + kubeconfigPath + " patch clusterrole aws-node -p '{\"rules\": " + string(newawsnoderules) + "}'" + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to patch aws-node clusterrole") + } + } + + // Ensure CoreDNS replicas are assigned to different nodes + // once more than 2 control planes or workers are running + c = "kubectl --kubeconfig " + kubeconfigPath + " -n kube-system rollout restart deployment coredns" + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to restart coredns deployment") + } // Wait for CoreDNS deployment to be ready c = "kubectl --kubeconfig " + kubeconfigPath + " -n kube-system rollout status deployment coredns" @@ -697,6 +705,101 @@ func (a *action) Execute(ctx *actions.ActionContext) error { ctx.Status.End(true) // End Installing Network Policy Engine in workload cluster } + addonEnabled := map[string]*bool{ + "external-dns": commons.ToPtr(a.keosCluster.Spec.Dns.ManageZone), + } + + addons := infra.getAddons(a.keosCluster.Spec.ControlPlane.Managed, addonEnabled) + + if len(addons) > 0 { + + credentials, err = getCredentials(a.keosCluster.Spec.Credentials, a.keosCluster.Spec.InfraProvider, providerParams.Credentials) + if err != nil { + return errors.Wrap(err, "failed to get credentials") + } + + customParams := map[string]string{} + + // Get the clientset + clientset, err := getClientSet(n, capiClustersNamespace, a.keosCluster.Metadata.Name) + if err != nil { + return errors.Wrap(err, "failed to get clientset") + } + + if awsEKSEnabled { + c = "kubectl get cluster -n cluster-" + a.keosCluster.Metadata.Name + " " + a.keosCluster.Metadata.Name + " -o jsonpath='{.spec.controlPlaneEndpoint.host}'" + controlplaneHost, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to get controlplane host") + } + oidcProviderId := strings.Split(strings.Split(controlplaneHost, "//")[1], ".")[0] + customParams["oidcProviderId"] = oidcProviderId + } + + // if a.clusterConfig.Spec.DNS.CreateInfra && (!isEmptyCredsMap(*credentials["external-dns"], a.keosCluster.Spec.InfraProvider) || !isEmptyCredsMap(*credentials["crossplane"], a.keosCluster.Spec.InfraProvider)) { + if a.clusterConfig.Spec.DNS.CreateInfra && !isEmptyCredsMap(*credentials["crossplane"], a.keosCluster.Spec.InfraProvider) { + + ctx.Status.Start("Installing Crossplane and deploying crs in workload cluster🎖️") + + _, err = installCrossplane(n, kubeconfigPath, keosRegistry.url, credentials, infra, privateParams, true, allowCommonEgressNetPolPath, &customParams, addons) + if err != nil { + return err + } + + *credentials["external-dns"], err = infra.getExternalDNSCreds(n, a.keosCluster.Metadata.Name, clientset, *credentials["crossplane"]) + if err != nil { + return errors.Wrap(err, "failed to get external-dns credentials") + } + + if awsEKSEnabled { + c = "kubectl --kubeconfig " + kubeconfigPath + " get xawszonesconfigs " + providerParams.ClusterName + "-zones-config -o jsonpath='{.status.role.arn}'" + roleArn, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to get roleArn") + } + + customParams["roleArn"] = roleArn + } + + ctx.Status.End(true) + + } + + // if a.clusterConfig.Spec.DNS.CreateInfra && !isEmptyCredsMap(*credentials["crossplane"], a.keosCluster.Spec.InfraProvider) && isEmptyCredsMap(*credentials["external-dns"], a.keosCluster.Spec.InfraProvider) { + + // *credentials["external-dns"], err = infra.getExternalDNSCreds(n, a.keosCluster.Metadata.Name, kubeconfigString, *credentials["crossplane"]) + // if err != nil { + // return errors.Wrap(err, "failed to get external-dns credentials") + // } + + // } + + for _, addon := range addons { + switch addon { + case "external-dns": + if !isEmptyCredsMap(*credentials["external-dns"], a.keosCluster.Spec.InfraProvider) || (awsEKSEnabled && customParams["roleArn"] != "") { + ctx.Status.Start("Installing External-DNS in workload cluster 🎖️") + defer ctx.Status.End(false) + // if awsEKSEnabled { + // c = "kubectl --kubeconfig " + kubeconfigPath + " get xawszonesconfigs " + providerParams.ClusterName + "-zones-config -o jsonpath='{.status.role.arn}'" + // roleArn, err := commons.ExecuteCommand(n, c, 3, 5) + // if err != nil { + // return errors.Wrap(err, "failed to get roleArn") + // } + + // customParams["roleArn"] = roleArn + // } + + err = installExternalDNS(n, kubeconfigPath, privateParams, allowCommonEgressNetPolPath, customParams, *credentials["external-dns"]) + if err != nil { + return errors.Wrap(err, "failed to install External-DNS in workload cluster") + } + ctx.Status.End(true) + } + } + } + } + if a.keosCluster.Spec.DeployAutoscaler && !isMachinePool { ctx.Status.Start("Installing cluster-autoscaler in workload cluster 🗚") defer ctx.Status.End(false) @@ -719,7 +822,10 @@ func (a *action) Execute(ctx *actions.ActionContext) error { return errors.Wrap(err, "failed to deploy cluster-autoscaler in workload cluster") } + ctx.Status.End(true) + if !a.moveManagement { + autoscalerRBACPath := "/kind/autoscaler_rbac.yaml" autoscalerRBAC, err := getManifest("common", "autoscaler_rbac.tmpl", a.keosCluster) @@ -920,3 +1026,52 @@ func (a *action) Execute(ctx *actions.ActionContext) error { return nil } + +func isEmptyCredsMap(creds map[string]string, infra string) bool { + if reflect.DeepEqual(creds, map[string]string{}) { + return true + } + switch infra { + case "aws": + if creds["AccessKey"] == "" || creds["SecretKey"] == "" { + return true + } + case "azure": + if creds["ClientID"] == "" || creds["ClientSecret"] == "" || creds["TenantID"] == "" || creds["SubscriptionID"] == "" { + return true + } + case "gcp": + if creds["gcp.json"] != "" { + return false + } + if creds["ProjectID"] == "" || creds["PrivateKeyID"] == "" || creds["PrivateKey"] == "" || creds["ClientEmail"] == "" || creds["ClientID"] == "" { + return true + } + } + return false +} + +func getClientSet(n nodes.Node, capiClustersNamespace string, clusterName string) (*kubernetes.Clientset, error) { + // Get the workload cluster kubeconfig + c := "cat " + kubeconfigPath + kubeconfigString, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil || kubeconfigString == "" { + return nil, errors.Wrap(err, "failed to get workload cluster kubeconfig") + } + if capiClustersNamespace != "" { + c := "clusterctl -n " + capiClustersNamespace + " get kubeconfig " + clusterName + " | tee " + kubeconfigPath + kubeconfigString, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil || kubeconfigString == "" { + return nil, errors.Wrap(err, "failed to get workload cluster kubeconfig") + } + } + config, err := clientcmd.RESTConfigFromKubeConfig([]byte(kubeconfigString)) + if err != nil { + return nil, err + } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + return nil, err + } + return clientset, nil +} diff --git a/pkg/cluster/internal/create/actions/createworker/crossplane.go b/pkg/cluster/internal/create/actions/createworker/crossplane.go new file mode 100644 index 0000000000..4f47595e6b --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/crossplane.go @@ -0,0 +1,300 @@ +package createworker + +import ( + "context" + _ "embed" + "fmt" + "time" + + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + "sigs.k8s.io/kind/pkg/cluster/nodes" + "sigs.k8s.io/kind/pkg/commons" + "sigs.k8s.io/kind/pkg/errors" +) + +type CrossplaneProviderParams struct { + Provider string + Package string + Image string + Private bool + Version string +} + +type CrossplaneProviderConfigParams struct { + Addon string + Secret string + ProjectID string +} + +func configureCrossPlaneProviders(n nodes.Node, kubeconfigpath string, keosRegUrl string, privateRegistry bool, infraProvider string, addons []string) error { + providers := infra.getCrossplaneProviders(addons) + for provider, version := range providers { + providerFile := "/kind/" + provider + ".yaml" + + params := CrossplaneProviderParams{ + Provider: provider, + Package: provider, + Image: keosRegUrl + "/upbound/" + provider + ":" + version, + Private: privateRegistry, + Version: version, + } + providerManifest, err := getManifest("common", "crossplane-provider.tmpl", params) + if err != nil { + return errors.Wrap(err, "failed to generate provider manifest "+provider) + } + c := "echo '" + providerManifest + "' > " + providerFile + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to create provider manifest "+provider+" file") + } + + c = "kubectl create -f " + providerFile + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to create provider "+provider) + } + + c = "kubectl wait providers.pkg.crossplane.io/" + provider + " --for=condition=healthy=True --timeout=5m" + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to wait provider "+provider) + } + + //TODO: Check if this is necessary + if privateRegistry { + time.Sleep(40 * time.Second) + + c = "kubectl patch deploy -n crossplane-system " + provider + " -p '{\"spec\": {\"template\": {\"spec\":{\"containers\":[{\"name\":\"package-runtime\",\"imagePullPolicy\":\"IfNotPresent\"}]}}}}'" + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to patch deployment provider "+provider) + } + } + + } + return nil +} + +func installCrossplane(n nodes.Node, kubeconfigpath string, keosRegUrl string, credentials map[string]*map[string]string, infra *Infra, privateParams PrivateParams, workloadClusterInstallation bool, allowAllEgressNetPolPath string, customParams *map[string]string, addons []string) (commons.KeosCluster, error) { + kubeconfigString := "" + + c := "mkdir -p " + crossplane_directoy_path + " && chmod -R 0755 " + crossplane_directoy_path + _, err := commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create crossplane directory") + } + + c = "kubectl create ns crossplane-system" + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create ns crossplane-system") + } + + if workloadClusterInstallation { + // Allow egress in CAPX's Namespace + c = "kubectl --kubeconfig " + kubeconfigPath + " -n crossplane-system apply -f " + allowAllEgressNetPolPath + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to apply CAPX's NetworkPolicy in workload cluster") + } + } + + c = "helm install crossplane /stratio/helm/crossplane" + + " --namespace crossplane-system" + + if privateParams.Private { + c += " --set image.repository=" + keosRegUrl + "/crossplane/crossplane" + } + + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + + " --set replicas=2" + + " --set rbacManager.replicas=2" + } + + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to deploy crossplane Helm Chart") + } + + c = "kubectl -n crossplane-system rollout status deploy crossplane --timeout=3m" + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to wait for the crossplane deployment") + } + + c = "kubectl -n crossplane-system rollout status deploy crossplane-rbac-manager --timeout=3m" + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to wait for the crossplane-rbac-manager deployment") + } + + // Crea los providers de Crossplane + err = configureCrossPlaneProviders(n, kubeconfigpath, keosRegUrl, privateParams.Private, privateParams.KeosCluster.Spec.InfraProvider, addons) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to configure Crossplane Provider") + } + if kubeconfigpath != "" { + + c = "cat " + kubeconfigPath + kubeconfigString, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to get kubeconfig") + } + } + + keosCluster := privateParams.KeosCluster + for _, addon := range addons { + credsAddonContent, credentialsFound, err := infra.getCrossplaneProviderConfigContent(credentials, addon, keosCluster.Metadata.Name, kubeconfigString) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to get Crossplane Provider config content") + } + + c = "echo '" + credsAddonContent + "' > " + crossplane_provider_creds_file_base + addon + "-provider-creds.txt" + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create Crossplane Provider config file") + } + + params := CrossplaneProviderConfigParams{ + Addon: addon + "-provider", + Secret: addon + "-secret", + } + + if keosCluster.Spec.InfraProvider == "gcp" { + if credentialsFound { + params.ProjectID = (*credentials[addon])["ProjectID"] + } else { + params.ProjectID = (*credentials["crossplane"])["ProjectID"] + } + } + + if !credentialsFound { + params.Secret = infra.builder.getProvider().capxProvider + "crossplane-secret" + config, err := clientcmd.RESTConfigFromKubeConfig([]byte(kubeconfigString)) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to get workload kubeconfig") + } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create clientset for workload kubeconfig") + } + _, err = clientset.CoreV1().Secrets("crossplane-system").Get(context.TODO(), infra.builder.getProvider().capxProvider+"-crossplane-secret", metav1.GetOptions{}) + if err != nil { + if apierrors.IsNotFound(err) { + c = "kubectl create secret generic " + infra.builder.getProvider().capxProvider + "-crossplane-secret -n crossplane-system --from-file=creds=" + crossplane_provider_creds_file_base + addon + "-provider-creds.txt" + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create Crossplane Provider config secret: "+infra.builder.getProvider().capxProvider+"-secret") + } + } else { + return privateParams.KeosCluster, errors.Wrap(err, "failed to get secret "+infra.builder.getProvider().capxProvider+"-crossplane-secret") + } + } + } else { + c = "kubectl create secret generic " + infra.builder.getProvider().capxProvider + "-" + addon + "-secret -n crossplane-system --from-file=creds=" + crossplane_provider_creds_file_base + addon + "-provider-creds.txt" + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create Crossplane Provider config secret: "+infra.builder.getProvider().capxProvider+"-secret") + } + } + + providerConfigManifest, err := getManifest(privateParams.KeosCluster.Spec.InfraProvider, "crossplane-provider-config.tmpl", params) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to generate provider config manifest ") + } + + c = "echo '" + providerConfigManifest + "' > " + crossplane_provider_config_file + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create provider config manifest file") + } + + c = "kubectl create -f " + crossplane_provider_config_file + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create provider config ") + } + + keosCluster, err = createCrossplaneCustomResources(n, kubeconfigpath, *credentials["provisioner"], infra, privateParams, workloadClusterInstallation, credentialsFound, addon, *customParams) + if err != nil { + return privateParams.KeosCluster, err + } + } + + return keosCluster, nil + +} + +func createCrossplaneCustomResources(n nodes.Node, kubeconfigpath string, credentials map[string]string, infra *Infra, privateParams PrivateParams, workloadClusterInstallation bool, credentialsFound bool, addon string, customParams map[string]string) (commons.KeosCluster, error) { + crossplaneCRManifests, compositionsToWait, err := infra.getCrossplaneCRManifests(privateParams.KeosCluster, credentials, workloadClusterInstallation, credentialsFound, addon, customParams) + if err != nil { + return privateParams.KeosCluster, err + } + for i, manifest := range crossplaneCRManifests { + crossplane_crs_file := crossplane_crs_file_local_base + fmt.Sprintf(""+addon+"-%d.yaml", i) + if workloadClusterInstallation { + crossplane_crs_file = crossplane_crs_file_workload_base + fmt.Sprintf(""+addon+"-%d.yaml", i) + } + + c := "echo '" + manifest + "' > " + crossplane_crs_file + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create crossplane crs file") + } + + c = "kubectl create -f " + crossplane_crs_file + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to create crossplane crs ") + } + + } + + for kind, name := range compositionsToWait { + c := "kubectl wait " + kind + "/" + name + " --for=condition=ready --timeout=10m" + if kubeconfigpath != "" { + c += " --kubeconfig " + kubeconfigpath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return privateParams.KeosCluster, errors.Wrap(err, "failed to wait for the composition "+name) + } + } + + return privateParams.KeosCluster, nil +} diff --git a/pkg/cluster/internal/create/actions/createworker/files/aws/compositeresourcedefinition-hostedzones-aws.yaml b/pkg/cluster/internal/create/actions/createworker/files/aws/compositeresourcedefinition-hostedzones-aws.yaml new file mode 100644 index 0000000000..cf3c3bb4a5 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/files/aws/compositeresourcedefinition-hostedzones-aws.yaml @@ -0,0 +1,77 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xawszonesconfigs.configs.stratio.io +spec: + group: configs.stratio.io + names: + kind: xAWSZonesConfig + plural: xawszonesconfigs + versions: + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + region: + type: string + vpcId: + type: string + externalDomain: + type: string + clusterName: + type: string + providerConfigName: + type: string + default: "default" + status: + type: object + properties: + hostedZones: + type: object + properties: + publicZoneArn: + type: string + privateZoneArn: + type: string + policy: + type: object + properties: + arn: + type: string + user: + type: object + properties: + arn: + type: string + uniqueId: + type: string + userPolicyAttachment: + type: object + properties: + id: + type: string + policyArn: + type: string + user: + type: string + accessKey: + type: object + properties: + id: + type: string + user: + type: string + connectionSecret: + type: object + properties: + name: + type: string + namespace: + type: string +--- \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/files/aws/compositeresourcedefinition-hostedzones-eks.yaml b/pkg/cluster/internal/create/actions/createworker/files/aws/compositeresourcedefinition-hostedzones-eks.yaml new file mode 100644 index 0000000000..d999252e8b --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/files/aws/compositeresourcedefinition-hostedzones-eks.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xawszonesconfigs.configs.stratio.io +spec: + group: configs.stratio.io + names: + kind: xAWSZonesConfig + plural: xawszonesconfigs + versions: + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + region: + type: string + vpcId: + type: string + externalDomain: + type: string + clusterName: + type: string + accountId: + type: integer + format: int64 + oidcProviderId: + type: string + providerConfigName: + type: string + default: "default" + status: + type: object + properties: + hostedZones: + type: object + properties: + publicZoneArn: + type: string + privateZoneArn: + type: string + policy: + type: object + properties: + arn: + type: string + role: + type: object + properties: + arn: + type: string + uniqueId: + type: string + rolePolicyAttachment: + type: object + properties: + id: + type: string + policyArn: + type: string + role: + type: string +--- \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/files/azure/compositereourcedefinition-hostedzones-azure.yaml b/pkg/cluster/internal/create/actions/createworker/files/azure/compositereourcedefinition-hostedzones-azure.yaml new file mode 100644 index 0000000000..40d75d0c5e --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/files/azure/compositereourcedefinition-hostedzones-azure.yaml @@ -0,0 +1,105 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xazurezonesconfigs.configs.stratio.io +spec: + group: configs.stratio.io + names: + kind: xAzureZonesConfig + plural: xazurezonesconfigs + versions: + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + subscriptionId: + type: string + externalDomain: + type: string + clusterName: + type: string + providerConfigName: + type: string + default: "default" + status: + type: object + properties: + dnsZones: + type: object + properties: + externalDomain: + type: string + publicDnsZoneId: + type: string + privateDnsZoneId: + type: string + resourceGroupName: + type: string + privateDnsZoneVirtualNetworkLink: + type: object + properties: + id: + type: string + privateDnsZoneName: + type: string + virtualNetworkId: + type: string + resourceGroupName: + type: string + principal: + type: object + properties: + applicationId: + type: string + tenantId: + type: string + objectId: + type: string + displayName: + type: string + application: + type: object + properties: + id: + type: string + applicationId: + type: string + clientId: + type: string + displayName: + type: string + password: + type: object + properties: + displayName: + type: string + keyId: + type: string + secretName: + type: string + secretNamespace: + type: string + roleAssignments: + type: array + items: + type: object + properties: + id: + type: string + roleDefinitionId: + type: string + principalId: + type: string + principalType: + type: string + scope: + type: string + roleDefinitionName: + type: string +--- \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/files/gcp/allow-egress-imds_gnetpol.yaml b/pkg/cluster/internal/create/actions/createworker/files/gcp/allow-egress-imds_gnetpol.yaml index 3d4d38283f..1d4cf7bb1e 100644 --- a/pkg/cluster/internal/create/actions/createworker/files/gcp/allow-egress-imds_gnetpol.yaml +++ b/pkg/cluster/internal/create/actions/createworker/files/gcp/allow-egress-imds_gnetpol.yaml @@ -11,7 +11,7 @@ spec: - 169.254.169.254/32 protocol: TCP order: 0 - namespaceSelector: kubernetes.io/metadata.name in { 'kube-system', 'capg-system' } - selector: app == 'gcp-compute-persistent-disk-csi-driver' || cluster.x-k8s.io/provider == 'infrastructure-gcp' + namespaceSelector: kubernetes.io/metadata.name in { 'kube-system', 'capg-system', 'external-dns' } + selector: app == 'gcp-compute-persistent-disk-csi-driver' || cluster.x-k8s.io/provider == 'infrastructure-gcp' || app.kubernetes.io/name == 'external-dns' types: - Egress diff --git a/pkg/cluster/internal/create/actions/createworker/files/gcp/compositereourcedefinition-hostedzones-gcp.yaml b/pkg/cluster/internal/create/actions/createworker/files/gcp/compositereourcedefinition-hostedzones-gcp.yaml new file mode 100644 index 0000000000..b142c2718d --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/files/gcp/compositereourcedefinition-hostedzones-gcp.yaml @@ -0,0 +1,82 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xgcpzonesconfigs.configs.stratio.io +spec: + group: configs.stratio.io + names: + kind: xGCPZonesConfig + plural: xgcpzonesconfigs + versions: + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + projectName: + type: string + externalDomain: + type: string + clusterName: + type: string + providerConfigName: + type: string + default: "default" + status: + type: object + properties: + publicManagedZone: + type: object + properties: + id: + type: string + dnsName: + type: string + privateManagedZone: + type: object + properties: + id: + type: string + dnsName: + type: string + serviceAccount: + type: object + properties: + id: + type: string + member: + type: string + name: + type: string + email: + type: string + serviceAccountKey: + type: object + properties: + id: + type: string + name: + type: string + secretName: + type: string + secretNamespace: + type: string + projectIAMMember: + type: object + properties: + id: + type: string + member: + type: string + project: + type: string + role: + type: string + + + \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/gcp.go b/pkg/cluster/internal/create/actions/createworker/gcp.go index c0dee11e80..23e2440c8f 100644 --- a/pkg/cluster/internal/create/actions/createworker/gcp.go +++ b/pkg/cluster/internal/create/actions/createworker/gcp.go @@ -28,6 +28,9 @@ import ( "google.golang.org/api/compute/v1" "google.golang.org/api/option" "gopkg.in/yaml.v3" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" "sigs.k8s.io/kind/pkg/cluster/nodes" "sigs.k8s.io/kind/pkg/commons" "sigs.k8s.io/kind/pkg/errors" @@ -37,18 +40,33 @@ import ( //go:embed files/gcp/internal-ingress-nginx.yaml var gcpInternalIngress []byte +//go:embed files/gcp/compositereourcedefinition-hostedzones-gcp.yaml +var gcpCRDHostedZones []byte + type GCPBuilder struct { - capxProvider string - capxVersion string - capxImageVersion string - capxManaged bool - capxName string - capxEnvVars []string - scParameters commons.SCParameters - scProvisioner string - csiNamespace string + capxProvider string + capxVersion string + capxImageVersion string + capxManaged bool + capxName string + capxEnvVars []string + scParameters commons.SCParameters + scProvisioner string + csiNamespace string + crossplaneProviders map[string]string +} + +type CrossplaneGCPParams struct { + ClusterName string + ExternalDomain string + Addon string + ProjectName string + Managed bool } +var crossplaneGCPAddons = []string{"external-dns"} +var crossplaneGKEAddons = []string{"external-dns"} + func newGCPBuilder() *GCPBuilder { return &GCPBuilder{} } @@ -267,3 +285,185 @@ func (b *GCPBuilder) postInstallPhase(n nodes.Node, k string) error { return nil } + +func (b *GCPBuilder) getCrossplaneProviderConfigContent(credentials map[string]*map[string]string, addon string, clusterName string, kubeconfigString string) (string, bool, error) { + credentialsFound := true + addonCredentials := credentials[addon] + if isEmptyCredsMap(*addonCredentials, b.capxProvider) { + credentialsFound = false + addonCredentials = credentials["crossplane"] + } + gcpCredentialsMap := map[string]interface{}{ + "type": "service_account", + "project_id": (*addonCredentials)["ProjectID"], + "private_key_id": (*addonCredentials)["PrivateKeyID"], + "private_key": formatPrivateKey((*addonCredentials)["PrivateKey"]), + "client_email": (*addonCredentials)["ClientEmail"], + "client_id": (*addonCredentials)["ClientID"], + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://accounts.google.com/o/oauth2/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/" + url.QueryEscape((*addonCredentials)["ClientEmail"]), + } + + gcpCredentials, err := json.Marshal(gcpCredentialsMap) + if err != nil { + return "", false, err + } + return string(gcpCredentials), credentialsFound, nil +} + +func (b *GCPBuilder) getAddons(clusterManaged bool, addonsParams map[string]*bool) []string { + var addons []string + addonsReference := crossplaneGKEAddons + if !clusterManaged { + addonsReference = crossplaneGCPAddons + } + for _, addon := range addonsReference { + enabled := addonsParams[addon] + if (enabled != nil && *enabled) || enabled == nil { + addons = append(addons, addon) + } + } + + return addons +} + +func (b *GCPBuilder) getCrossplaneCRManifests(keosCluster commons.KeosCluster, credentials map[string]string, workloadClusterInstallation bool, credentialsFound bool, addon string, customParams map[string]string) ([]string, map[string]string, error) { + var manifests = []string{} + compositionsToWait := make(map[string]string) + params := CrossplaneGCPParams{ + ClusterName: keosCluster.Metadata.Name, + ExternalDomain: keosCluster.Spec.ExternalDomain, + Addon: addon, + ProjectName: credentials["ProjectID"], + Managed: keosCluster.Spec.ControlPlane.Managed, + } + + switch addon { + case "external-dns": + manifests = append(manifests, string(gcpCRDHostedZones)) + compositionsToWait["xGCPZonesConfig"] = keosCluster.Metadata.Name + "-zones-config" + compositionHostedZones, err := getManifest("gcp", "composition-hostedzones-gcp.tmpl", params) + if err != nil { + return nil, nil, err + } + manifests = append(manifests, compositionHostedZones) + hostedZone, err := getManifest("gcp", "hostedzone.gcp.tmpl", params) + if err != nil { + return nil, nil, err + } + manifests = append(manifests, hostedZone) + } + + return manifests, compositionsToWait, nil +} + +func (b *GCPBuilder) setCrossplaneProviders(addons []string) { + + b.crossplaneProviders = map[string]string{ + "provider-family-gcp": "v1.7.0", + } + + for _, addon := range addons { + switch addon { + case "external-dns": + b.crossplaneProviders["provider-gcp-cloudplatform"] = "v1.7.0" + b.crossplaneProviders["provider-gcp-dns"] = "v1.7.0" + } + } +} + +func (b *GCPBuilder) getCrossplaneProviders(addons []string) map[string]string { + b.setCrossplaneProviders(addons) + return b.crossplaneProviders +} + +func (b *GCPBuilder) getExternalDNSCreds(n nodes.Node, clusterName string, clientset *kubernetes.Clientset, credentials map[string]string) (map[string]string, error) { + + secret, err := clientset.CoreV1().Secrets("crossplane-system").Get(context.Background(), "sa-key-external-dns-"+clusterName+"-secret", metav1.GetOptions{}) + if err != nil { + return nil, err + } + + externalDnsCreds := map[string]string{ + "gcp.json": string(secret.Data["private_key"]), + } + return externalDnsCreds, nil +} + +func formatPrivateKey(key string) string { + + nk := strings.TrimSpace(key) + nk = strings.ReplaceAll(nk, "\n", "\\n") + formattedKey := "-----BEGIN PRIVATE KEY-----\\n" + + nk[len("-----BEGIN PRIVATE KEY-----\\n"):len(nk)-len("\\n-----END PRIVATE KEY-----")] + + "\\n-----END PRIVATE KEY-----\\n" + + return formattedKey +} + +func (b *GCPBuilder) getAddonsReleaseInstallation(addon string) []InstallationReleases { + switch addon { + case "external-dns": + return []InstallationReleases{{Provider: "google", Releases: []string{"external-dns", "private-external-dns"}}} + } + return []InstallationReleases{} +} + +func (b *GCPBuilder) createExternalDNSCredsSecret(n nodes.Node, kubeconfigPath string, credentials map[string]string, managed bool, clusterName string) error { + clientset, err := getClientSet(n, "", "") + if err != nil { + return err + } + newSecret := &corev1.Secret{} + if credentials["gcp.json"] != "" { + newSecret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "external-dns-creds", + }, + Data: map[string][]byte{ + "gcp.json": []byte(credentials["gcp.json"]), + }, + } + } else if credentials["ProjectID"] != "" && credentials["PrivateKeyID"] != "" && credentials["PrivateKey"] != "" && credentials["ClientEmail"] != "" && credentials["ClientID"] != "" { + data := map[string]interface{}{ + "type": "service_account", + "project_id": credentials["ProjectID"], + "private_key_id": credentials["PrivateKeyID"], + "private_key": credentials["PrivateKey"], + "client_email": credentials["ClientEmail"], + "client_id": credentials["ClientID"], + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://accounts.google.com/o/oauth2/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/" + url.QueryEscape(credentials["ClientEmail"]), + } + jsonData, _ := json.Marshal(data) + newSecret = &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "external-dns-creds", + }, + Data: map[string][]byte{ + "gcp.json": jsonData, + }, + } + } else { + return errors.New("no credentials found to create external-dns-creds secret") + } + + _, err = clientset.CoreV1().Secrets("external-dns").Create(context.TODO(), newSecret, metav1.CreateOptions{}) + if err != nil { + return err + } + return nil +} + +func jsonStringToMap(jsonString string) (map[string]string, error) { + var resultMap map[string]string + err := json.Unmarshal([]byte(jsonString), &resultMap) + if err != nil { + return nil, err + } + return resultMap, nil +} diff --git a/pkg/cluster/internal/create/actions/createworker/provider.go b/pkg/cluster/internal/create/actions/createworker/provider.go index d2dd0e8a43..f5983b8ada 100644 --- a/pkg/cluster/internal/create/actions/createworker/provider.go +++ b/pkg/cluster/internal/create/actions/createworker/provider.go @@ -18,6 +18,7 @@ package createworker import ( "bytes" + "context" "embed" "encoding/base64" "encoding/json" @@ -31,7 +32,15 @@ import ( "strings" "text/template" + "github.com/fatih/structs" + "github.com/oleiade/reflections" "gopkg.in/yaml.v3" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/dynamic" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" "sigs.k8s.io/kind/pkg/cluster/nodes" "sigs.k8s.io/kind/pkg/commons" "sigs.k8s.io/kind/pkg/errors" @@ -68,6 +77,7 @@ const ( machineHealthCheckWorkerNodePath = "/kind/manifests/machinehealthcheckworkernode.yaml" machineHealthCheckControlPlaneNodePath = "/kind/manifests/machinehealthcheckcontrolplane.yaml" defaultScAnnotation = "storageclass.kubernetes.io/is-default-class" + externalDnsWorkloadCredsFile = "/kind/external-dns-creds.yaml" ) //go:embed files/common/calico-metrics.yaml @@ -79,10 +89,16 @@ type PrivateParams struct { Private bool } +type InstallationReleases struct { + Provider string + Releases []string +} + type PBuilder interface { setCapx(managed bool) setCapxEnvVars(p ProviderParams) setSC(p ProviderParams) + setCrossplaneProviders(addons []string) installCloudProvider(n nodes.Node, k string, privateParams PrivateParams) error installCSI(n nodes.Node, k string, privateParams PrivateParams) error getProvider() Provider @@ -91,18 +107,29 @@ type PBuilder interface { getOverrideVars(p ProviderParams, networks commons.Networks, clusterConfigSpec commons.ClusterConfigSpec) (map[string][]byte, error) getRegistryCredentials(p ProviderParams, u string) (string, string, error) postInstallPhase(n nodes.Node, k string) error + getCrossplaneProviderConfigContent(credentials map[string]*map[string]string, addon string, clusterName string, kubeconfigString string) (string, bool, error) + getCrossplaneCRManifests(keosCluster commons.KeosCluster, credentials map[string]string, workloadClusterInstallation bool, credentialsFound bool, addon string, customParams map[string]string) ([]string, map[string]string, error) + getCrossplaneProviders(addons []string) map[string]string + getAddons(clusterManaged bool, addonsParams map[string]*bool) []string + getExternalDNSCreds(n nodes.Node, clusterName string, clientset *kubernetes.Clientset, credentials map[string]string) (map[string]string, error) + getAddonsReleaseInstallation(addon string) []InstallationReleases + createExternalDNSCredsSecret(n nodes.Node, kubeconfigPath string, credentials map[string]string, managed bool, clusterName string) error } type Provider struct { - capxProvider string - capxVersion string - capxImageVersion string - capxManaged bool - capxName string - capxEnvVars []string - scParameters commons.SCParameters - scProvisioner string - csiNamespace string + capxProvider string + capxVersion string + capxImageVersion string + capxManaged bool + capxName string + capxEnvVars []string + scParameters commons.SCParameters + scProvisioner string + csiNamespace string + crossplaneProviders map[string]string +} + +type CrossplaneParams struct { } type Node struct { @@ -219,6 +246,34 @@ func (i *Infra) getRegistryCredentials(p ProviderParams, u string) (string, stri return i.builder.getRegistryCredentials(p, u) } +func (i *Infra) getCrossplaneProviderConfigContent(credentials map[string]*map[string]string, addon string, clusterName string, kubeconfigString string) (string, bool, error) { + return i.builder.getCrossplaneProviderConfigContent(credentials, addon, clusterName, kubeconfigString) +} + +func (i *Infra) getCrossplaneCRManifests(keosCluster commons.KeosCluster, credentials map[string]string, workloadClusterInstallation bool, credentialsFound bool, addon string, customParams map[string]string) ([]string, map[string]string, error) { + return i.builder.getCrossplaneCRManifests(keosCluster, credentials, workloadClusterInstallation, credentialsFound, addon, customParams) +} + +func (i *Infra) getExternalDNSCreds(n nodes.Node, clusterName string, clientset *kubernetes.Clientset, credentials map[string]string) (map[string]string, error) { + return i.builder.getExternalDNSCreds(n, clusterName, clientset, credentials) +} + +func (i *Infra) getAddonsReleaseInstallation(addon string) []InstallationReleases { + return i.builder.getAddonsReleaseInstallation(addon) +} + +func (i *Infra) createExternalDNSCredsSecret(n nodes.Node, kubeconfigPath string, credentials map[string]string, managed bool, clusterName string) error { + return i.builder.createExternalDNSCredsSecret(n, kubeconfigPath, credentials, managed, clusterName) +} + +func (i *Infra) getCrossplaneProviders(addons []string) map[string]string { + return i.builder.getCrossplaneProviders(addons) +} + +func (i *Infra) getAddons(clusterManaged bool, addonsParams map[string]*bool) []string { + return i.builder.getAddons(clusterManaged, addonsParams) +} + func (i *Infra) postInstallPhase(n nodes.Node, k string) error { return i.builder.postInstallPhase(n, k) } @@ -491,6 +546,171 @@ func (p *Provider) deployClusterOperator(n nodes.Node, privateParams PrivatePara return nil } +func installExternalDNS(n nodes.Node, kubeconfigPath string, privateParams PrivateParams, allowCommonEgressNetPolPath string, customParams map[string]string, credentials map[string]string) error { + var c string + var err error + + providers := map[string][]InstallationReleases{ + privateParams.KeosCluster.Spec.InfraProvider: infra.getAddonsReleaseInstallation("external-dns"), + } + + // switch privateParams.KeosCluster.Spec.InfraProvider { + // case "gcp": + // providers["gcp"] = []InstallationReleases{{Provider: "google", Releases: []string{"external-dns", "private-external-dns"}}} + // case "aws": + // providers["aws"] = []InstallationReleases{{Provider: "aws", Releases: []string{"external-dns"}}} + // case "azure": + // providers["azure"] = []InstallationReleases{{Provider: "azure", Releases: []string{"external-dns"}}, {Provider: "azure-private-dns", Releases: []string{"private-external-dns"}}} + // } + + c = "kubectl create ns external-dns" + if kubeconfigPath != "" { + c += " --kubeconfig " + kubeconfigPath + } + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to create external-dns namespace") + } + + if kubeconfigPath != "" { + // Allow egress in external-dns namespace + c = "kubectl --kubeconfig " + kubeconfigPath + " -n external-dns apply -f " + allowCommonEgressNetPolPath + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to apply external-dns egress NetworkPolicy") + } + } + err = infra.createExternalDNSCredsSecret(n, kubeconfigPath, credentials, privateParams.KeosCluster.Spec.ControlPlane.Managed, privateParams.KeosCluster.Metadata.Name) + if err != nil { + return errors.Wrap(err, "failed to create external-dns credentials secret") + } + + // switch privateParams.KeosCluster.Spec.InfraProvider { + // case "aws": + // if !privateParams.KeosCluster.Spec.ControlPlane.Managed { + // c = "echo '[default]\naws_access_key_id = " + credentials["AccessKey"] + "\naws_secret_access_key = " + credentials["SecretKey"] + "\n' > " + externalDnsWorkloadCredsFile + // // Create secret for AWS credentials + // _, err = commons.ExecuteCommand(n, c, 3, 5) + // if err != nil { + // return errors.Wrap(err, "failed to create external-dns credentials secret") + // } + + // c = "kubectl --kubeconfig " + kubeconfigPath + " -n external-dns create secret generic external-dns-creds" + + // " --from-file=credentials=" + externalDnsWorkloadCredsFile + // _, err = commons.ExecuteCommand(n, c, 3, 5) + // if err != nil { + // return errors.Wrap(err, "failed to create external-dns-creds credentials secret") + // } + // } + // case "azure": + // // Create secret for Azure credentials + // c = "echo \"{\n\"aadClientId\": \"" + credentials["ClientID"] + "\",\n" + "\"aadClientSecret\": \"" + credentials["ClientSecret"] + "\",\n" + "\"subscriptionId\": \"" + credentials["SubscriptionID"] + "\",\n" + "\"resourceGroup\": \"" + privateParams.KeosCluster.Metadata.Name + "\",\n" + "\"tenantId\": \"" + credentials["TenantID"] + "\"\n}\" > " + externalDnsWorkloadCredsFile + // _, err = commons.ExecuteCommand(n, c, 3, 5) + // if err != nil { + // return errors.Wrap(err, "failed to create external-dns credentials secret") + // } + // c = "kubectl --kubeconfig " + kubeconfigPath + " -n external-dns create secret generic external-dns-creds" + + // " --from-file=azure.json=" + externalDnsWorkloadCredsFile + // _, err = commons.ExecuteCommand(n, c, 3, 5) + // if err != nil { + // return errors.Wrap(err, "failed to create external-dns-creds credentials secret") + // } + + // case "gcp": + + // clientset, err := getClientSet(n, "", "") + // if err != nil { + // return err + // } + + // newSecret := &corev1.Secret{ + // ObjectMeta: metav1.ObjectMeta{ + // Name: "external-dns-creds", + // }, + // Data: map[string][]byte{ + // "gcp.json": []byte(credentials["gcp.json"]), + // }, + // } + + // _, err = clientset.CoreV1().Secrets("external-dns").Create(context.TODO(), newSecret, metav1.CreateOptions{}) + // if err != nil { + // return err + // } + + // } + + for _, installation := range providers[privateParams.KeosCluster.Spec.InfraProvider] { + for _, releaseName := range installation.Releases { + + c = "helm install " + releaseName + " /stratio/helm/external-dns" + + " --namespace external-dns" + + " --set provider=" + installation.Provider + + " --set domainFilters={" + privateParams.KeosCluster.Spec.ExternalDomain + "}" + + " --set image.tag=v0.13.6" + + " --set-string podAnnotations.\"cluster-autoscaler\\.kubernetes\\.io/safe-to-evict\"=true" + + " --set securityContext.runAsNonRoot=false" + + " --set replicaCount=2" + + " --set policy=sync" + + " --set securityContext.runAsUser=0" + + if privateParams.Private { + c += " --set image.repository=" + privateParams.KeosRegUrl + "/external-dns/external-dns" + } + + if kubeconfigPath != "" { + c += " --kubeconfig " + kubeconfigPath + } + + switch privateParams.KeosCluster.Spec.InfraProvider { + case "aws": + if privateParams.KeosCluster.Spec.ControlPlane.Managed { + c += " --set serviceAccount.annotations.\"eks\\.amazonaws\\.com/role-arn\"=" + customParams["roleArn"] + + " --set env[0].name=AWS_DEFAULT_REGION" + + " --set env[0].value=" + privateParams.KeosCluster.Spec.Region + } else { + c += " --set extraVolumes[0].name=aws-credentials" + + " --set extraVolumes[0].secret.secretName=external-dns-creds" + + " --set env[0].name=AWS_SHARED_CREDENTIALS_FILE" + + " --set env[0].value=/.aws/credentials" + + " --set env[1].name=AWS_DEFAULT_REGION" + + " --set env[1].value=" + privateParams.KeosCluster.Spec.Region + + " --set extraVolumeMounts[0].name=aws-credentials" + + " --set extraVolumeMounts[0].mountPath=/.aws" + + " --set extraVolumeMounts[0].readOnly=true" + } + case "azure": + c += " --set extraVolumes[0].name=azure-config" + + " --set extraVolumes[0].secret.secretName=external-dns-creds" + + " --set extraVolumeMounts[0].name=azure-config" + + " --set extraVolumeMounts[0].mountPath=/etc/kubernetes/" + + " --set extraVolumeMounts[0].readOnly=true" + case "gcp": + c += " --set extraVolumes[0].name=google-service-account" + + " --set extraVolumes[0].secret.secretName=external-dns-creds" + + " --set extraVolumeMounts[0].name=google-service-account" + + " --set extraVolumeMounts[0].mountPath=/etc/secrets/service-account/" + + " --set extraVolumeMounts[0].readOnly=true" + + " --set env[0].name=GOOGLE_APPLICATION_CREDENTIALS" + + " --set env[0].value=/etc/secrets/service-account/gcp.json" + if releaseName == "private-external-dns" { + c += " --set extraArgs[0]=\"--google-zone-visibility=private\"" + } else { + c += " --set extraArgs[0]=\"--google-zone-visibility=public\"" + } + } + + _, err = commons.ExecuteCommand(n, c, 3, 5) + if err != nil { + return errors.Wrap(err, "failed to deploy "+releaseName+" Helm Chart") + } + + } + + } + + return nil +} + func installCalico(n nodes.Node, k string, privateParams PrivateParams, allowCommonEgressNetPolPath string) error { var c string var cmd exec.Cmd @@ -1014,3 +1234,74 @@ func installCorednsPdb(n nodes.Node) error { } return nil } + +func getCredentials(creds commons.Credentials, infra string, providerCredentials map[string]string) (map[string]*map[string]string, error) { + crossplaneCredsMap, err := getAddonsCredentials(creds.Crossplane, strings.ToUpper(infra)) + if err != nil { + return nil, errors.Wrap(err, "failed to get crossplane credentials") + } + + externalDnsCredsMap, err := getAddonsCredentials(creds.ExternalDNS, strings.ToUpper(infra)) + if err != nil { + return nil, errors.Wrap(err, "failed to get external-dns credentials") + } + + credentialsMap := map[string]*map[string]string{ + "provisioner": commons.ToPtr(providerCredentials), + "crossplane": commons.ToPtr(crossplaneCredsMap), + "external-dns": commons.ToPtr(externalDnsCredsMap), + } + return credentialsMap, nil +} + +func getAddonsCredentials(addonsCredentials commons.AddonCredentials, infra string) (map[string]string, error) { + addonsCreds, err := reflections.GetField(addonsCredentials, infra) + if err != nil { + return nil, err + } + return convertToMapStringString(structs.Map(addonsCreds)), nil +} + +func convertToMapStringString(m map[string]interface{}) map[string]string { + var m2 = map[string]string{} + for k, v := range m { + m2[k] = v.(string) + } + return m2 +} + +func getObject(name string, kubeconfigString string, gvr schema.GroupVersionResource, namespaced bool, namespace string) (map[string]interface{}, error) { + + config, err := rest.InClusterConfig() + if err != nil { + return nil, err + } + + if kubeconfigString != "" { + config, err = clientcmd.RESTConfigFromKubeConfig([]byte(kubeconfigString)) + if err != nil { + return nil, err + } + } + + dynamicClient, err := dynamic.NewForConfig(config) + if err != nil { + return nil, err + } + + resource := dynamicClient.Resource(gvr) + resourceNamespace := dynamic.ResourceInterface(resource) + if namespaced { + if namespace == "" { + resourceNamespace = resource.Namespace("default") + } else { + resourceNamespace = resource.Namespace(namespace) + } + } + object, err := resourceNamespace.Get(context.TODO(), name, metav1.GetOptions{}) + if err != nil { + return nil, err + } + + return object.Object, nil +} diff --git a/pkg/cluster/internal/create/actions/createworker/templates/aws/composition-hostedzones-aws.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/aws/composition-hostedzones-aws.tmpl new file mode 100644 index 0000000000..bbf898dfc1 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/aws/composition-hostedzones-aws.tmpl @@ -0,0 +1,269 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: xawszonesconfigs + labels: + keos.stratio.com/cluster: "{{ .ClusterName }}" +spec: + compositeTypeRef: + apiVersion: configs.stratio.io/v1alpha1 + kind: xAWSZonesConfig + resources: + - name: PrivateZone + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-private-zone" + - fromFieldPath: spec.region + toFieldPath: spec.forProvider.region + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: spec.forProvider.name + type: FromCompositeFieldPath + - fromFieldPath: spec.vpcId + toFieldPath: spec.forProvider.vpc[0].vpcId + type: FromCompositeFieldPath + - fromFieldPath: status.atProvider.arn + toFieldPath: status.hostedZones.privateZoneArn + type: ToCompositeFieldPath + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + base: + apiVersion: route53.aws.upbound.io/v1beta1 + kind: Zone + spec: + forProvider: + comment: "" + tags: + owner: stratio + - name: PublicZone + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-public-zone" + - fromFieldPath: spec.region + toFieldPath: spec.forProvider.region + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: spec.forProvider.name + type: FromCompositeFieldPath + - fromFieldPath: status.atProvider.arn + toFieldPath: status.hostedZones.publicZoneArn + type: ToCompositeFieldPath + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + base: + apiVersion: route53.aws.upbound.io/v1beta1 + kind: Zone + spec: + forProvider: + comment: "" + tags: + owner: stratio + {{- if .CreateCredentials }} + - name: User + patches: + - fromFieldPath: status.atProvider.arn + toFieldPath: status.user.arn + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.uniqueId + toFieldPath: status.user.uniqueId + type: ToCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns" + - type: CombineFromComposite + toFieldPath: metadata.labels["id"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-user" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: User + spec: + forProvider: {} + - name: UserPolicy + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-user-policy" + - fromFieldPath: status.atProvider.arn + toFieldPath: status.policy.arn + type: ToCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns" + - type: CombineFromComposite + toFieldPath: metadata.labels["id"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-policy" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.policy + combine: + variables: + - fromFieldPath: status.hostedZones.privateZoneArn + - fromFieldPath: status.hostedZones.publicZoneArn + strategy: string + string: + fmt: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "route53:ChangeResourceRecordSets", + "Resource": [ + "%s", + "%s" + ] + }, + { + "Effect": "Allow", + "Action": [ + "route53:ListHostedZones", + "route53:ListResourceRecordSets", + "route53:ListTagsForResource" + ], + "Resource": [ + "*" + ] + } + ] + } + base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: Policy + spec: + forProvider: {} + - name: UserPolicyAttachment + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-user-policy-attachment" + - fromFieldPath: status.atProvider.id + toFieldPath: status.userPolicyAttachment.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.policyArn + toFieldPath: status.userPolicyAttachment.policyArn + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.user + toFieldPath: status.userPolicyAttachment.user + type: ToCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.policyArnSelector.matchLabels.id + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-policy" + - type: CombineFromComposite + toFieldPath: spec.forProvider.userSelector.matchLabels.id + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-user" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: UserPolicyAttachment + spec: + forProvider: {} + - name: UserAccessKey + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-user-accesskey" + - fromFieldPath: status.atProvider.id + toFieldPath: status.accessKey.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.user + toFieldPath: status.accessKey.user + type: ToCompositeFieldPath + - fromFieldPath: spec.writeConnectionSecretToRef.name + toFieldPath: status.accessKey.connectionSecret.name + type: ToCompositeFieldPath + - fromFieldPath: spec.writeConnectionSecretToRef.namespace + toFieldPath: status.accessKey.connectionSecret.namespace + type: ToCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.userSelector.matchLabels.id + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-user" + - type: CombineFromComposite + toFieldPath: spec.writeConnectionSecretToRef.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-accesskey-secret" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: AccessKey + spec: + forProvider: {} + writeConnectionSecretToRef: + namespace: crossplane-system + {{- end }} \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/templates/aws/composition-hostedzones-eks.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/aws/composition-hostedzones-eks.tmpl new file mode 100644 index 0000000000..06edc981eb --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/aws/composition-hostedzones-eks.tmpl @@ -0,0 +1,252 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: xawszonesconfigs + labels: + keos.stratio.com/cluster: "{{ .ClusterName }}" +spec: + compositeTypeRef: + apiVersion: configs.stratio.io/v1alpha1 + kind: xAWSZonesConfig + resources: + - name: PrivateZone + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-private-zone" + - fromFieldPath: spec.region + toFieldPath: spec.forProvider.region + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: spec.forProvider.name + type: FromCompositeFieldPath + - fromFieldPath: spec.vpcId + toFieldPath: spec.forProvider.vpc[0].vpcId + type: FromCompositeFieldPath + - fromFieldPath: status.atProvider.arn + toFieldPath: status.hostedZones.privateZoneArn + type: ToCompositeFieldPath + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + base: + apiVersion: route53.aws.upbound.io/v1beta1 + kind: Zone + spec: + forProvider: + comment: "" + tags: + owner: stratio + - name: PublicZone + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-public-zone" + - fromFieldPath: spec.region + toFieldPath: spec.forProvider.region + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: spec.forProvider.name + type: FromCompositeFieldPath + - fromFieldPath: status.atProvider.arn + toFieldPath: status.hostedZones.publicZoneArn + type: ToCompositeFieldPath + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + base: + apiVersion: route53.aws.upbound.io/v1beta1 + kind: Zone + spec: + forProvider: + comment: "" + tags: + owner: stratio + - name: Role + patches: + - fromFieldPath: status.atProvider.arn + toFieldPath: status.role.arn + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.uniqueId + toFieldPath: status.role.uniqueId + type: ToCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns" + - type: CombineFromComposite + toFieldPath: metadata.labels["id"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-role" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.assumeRolePolicy + combine: + variables: + - fromFieldPath: spec.accountId + - fromFieldPath: spec.region + - fromFieldPath: spec.oidcProviderId + - fromFieldPath: spec.region + - fromFieldPath: spec.oidcProviderId + - fromFieldPath: spec.region + - fromFieldPath: spec.oidcProviderId + strategy: string + string: + fmt: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "arn:aws:iam::%d:oidc-provider/oidc.eks.%s.amazonaws.com/id/%s" + }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "oidc.eks.%s.amazonaws.com/id/%s:sub": "system:serviceaccount:external-dns:external-dns", + "oidc.eks.%s.amazonaws.com/id/%s:aud": "sts.amazonaws.com" + } + } + } + ] + } + base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: Role + spec: + forProvider: {} + - name: RolePolicy + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-role-policy" + - fromFieldPath: status.atProvider.arn + toFieldPath: status.policy.arn + type: ToCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns" + - type: CombineFromComposite + toFieldPath: metadata.labels["id"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-policy" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.policy + combine: + variables: + - fromFieldPath: status.hostedZones.privateZoneArn + - fromFieldPath: status.hostedZones.publicZoneArn + strategy: string + string: + fmt: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "route53:ChangeResourceRecordSets", + "Resource": [ + "%s", + "%s" + ] + }, + { + "Effect": "Allow", + "Action": [ + "route53:ListHostedZones", + "route53:ListResourceRecordSets", + "route53:ListTagsForResource" + ], + "Resource": [ + "*" + ] + } + ] + } + base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: Policy + spec: + forProvider: {} + - name: RolePolicyAttachment + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-role-policy-attachment" + - fromFieldPath: status.atProvider.id + toFieldPath: status.rolePolicyAttachment.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.policyArn + toFieldPath: status.rolePolicyAttachment.policyArn + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.role + toFieldPath: status.rolePolicyAttachment.role + type: ToCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.policyArnSelector.matchLabels.id + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-policy" + - type: CombineFromComposite + toFieldPath: spec.forProvider.roleSelector.matchLabels.id + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-prerrequisite-role" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: RolePolicyAttachment + spec: + forProvider: {} + \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/templates/aws/crossplane-provider-config.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/aws/crossplane-provider-config.tmpl new file mode 100644 index 0000000000..041fa51c8f --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/aws/crossplane-provider-config.tmpl @@ -0,0 +1,11 @@ +apiVersion: aws.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{ .Addon }} +spec: + credentials: + source: Secret + secretRef: + namespace: crossplane-system + name: {{ .Secret }} + key: creds diff --git a/pkg/cluster/internal/create/actions/createworker/templates/aws/crossplane-provider.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/aws/crossplane-provider.tmpl new file mode 100644 index 0000000000..2544a790c5 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/aws/crossplane-provider.tmpl @@ -0,0 +1,37 @@ +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + name: {{ $.Provider }} +spec: +{{- if not $.Private }} + package: xpkg.upbound.io/upbound/{{ $.Provider }}:{{ $.Version }} + runtimeConfigRef: + name: custom-config-{{ $.Provider }} +{{- else }} + package: {{ $.Provider }}:{{ $.Version }} + skipDependencyResolution: true + packagePullPolicy: Never + runtimeConfigRef: + name: custom-config-{{ $.Provider }} +{{- end }} +--- +apiVersion: pkg.crossplane.io/v1beta1 +kind: DeploymentRuntimeConfig +metadata: + name: custom-config-{{ $.Provider }} +spec: + deploymentTemplate: + metadata: + name: {{ $.Provider }} + spec: + selector: {} + template: + spec: + {{- if not $.Private }} + containers: [] + {{- else }} + containers: + - name: package-runtime + imagePullPolicy: Always + image: {{ $.Image }} + {{- end }} diff --git a/pkg/cluster/internal/create/actions/createworker/templates/aws/hostedzone.aws.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/aws/hostedzone.aws.tmpl new file mode 100644 index 0000000000..46e430322d --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/aws/hostedzone.aws.tmpl @@ -0,0 +1,12 @@ +apiVersion: configs.stratio.io/v1alpha1 +kind: xAWSZonesConfig +metadata: + name: {{ .ClusterName }}-zones-config + labels: + keos.stratio.com/cluster: "{{ .ClusterName }}" +spec: + region: {{ .Region }} + vpcId: {{ .VPCId }} + externalDomain: {{ .ExternalDomain }} + clusterName: {{ .ClusterName }} + providerConfigName: {{ .Addon }}-provider \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/templates/aws/hostedzone.eks.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/aws/hostedzone.eks.tmpl new file mode 100644 index 0000000000..9bec4cb462 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/aws/hostedzone.eks.tmpl @@ -0,0 +1,15 @@ +apiVersion: configs.stratio.io/v1alpha1 +kind: xAWSZonesConfig +metadata: + name: {{ .ClusterName }}-zones-config + labels: + keos.stratio.com/cluster: "{{ .ClusterName }}" +spec: + region: {{ .Region }} + vpcId: {{ .VPCId }} + externalDomain: {{ .ExternalDomain }} + clusterName: {{ .ClusterName }} + providerConfigName: {{ .Addon }}-provider + accountId: {{ .AccountID }} + oidcProviderId: {{ .OIDCProviderID }} + diff --git a/pkg/cluster/internal/create/actions/createworker/templates/azure/composition-hostedzones-azure.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/azure/composition-hostedzones-azure.tmpl new file mode 100644 index 0000000000..5657bfefea --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/azure/composition-hostedzones-azure.tmpl @@ -0,0 +1,441 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: xazurezonesconfigs + labels: + keos.stratio.com/cluster: {{ .ClusterName }} +spec: + compositeTypeRef: + apiVersion: configs.stratio.io/v1alpha1 + kind: xAzureZonesConfig + resources: + - name: PublicDnsZone + base: + apiVersion: network.azure.upbound.io/v1beta1 + kind: DNSZone + spec: + forProvider: {} + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-public-dns-zone" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - fromFieldPath: spec.clusterName + toFieldPath: spec.forProvider.resourceGroupName + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: metadata.annotations['crossplane.io/external-name'] + type: FromCompositeFieldPath + - fromFieldPath: status.atProvider.soaRecord[0].fqdn + toFieldPath: status.dnsZones.externalDomain + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.id + toFieldPath: status.dnsZones.publicDnsZoneId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.resourceGroupName + toFieldPath: status.dnsZones.resourceGroupName + type: ToCompositeFieldPath + - name: PrivateDNSZone + base: + apiVersion: network.azure.upbound.io/v1beta1 + kind: PrivateDNSZone + spec: + forProvider: {} + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-private-dns-zone" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - fromFieldPath: spec.clusterName + toFieldPath: spec.forProvider.resourceGroupName + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: metadata.annotations['crossplane.io/external-name'] + type: FromCompositeFieldPath + - fromFieldPath: status.atProvider.id + toFieldPath: status.dnsZones.privateDnsZoneId + type: ToCompositeFieldPath + - name: PrivateDNSZoneVirtualNetworkLink + base: + apiVersion: network.azure.upbound.io/v1beta1 + kind: PrivateDNSZoneVirtualNetworkLink + spec: + forProvider: + registrationEnabled: true + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-private-dns-zone-vnlink" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - fromFieldPath: spec.clusterName + toFieldPath: spec.forProvider.resourceGroupName + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: spec.forProvider.privateDnsZoneName + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.privateDnsZoneNameRef.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-private-zone" + - type: CombineFromComposite + combine: + variables: + - fromFieldPath: spec.subscriptionId + - fromFieldPath: spec.clusterName + - fromFieldPath: spec.clusterName + strategy: string + string: + {{- if .Managed }} + fmt: "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s" + {{- else }} + fmt: "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s-vnet" + {{- end }} + toFieldPath: spec.forProvider.virtualNetworkId + - fromFieldPath: status.atProvider.id + toFieldPath: status.privateDnsZoneVirtualNetworkLink.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.privateDnsZoneName + toFieldPath: status.privateDnsZoneVirtualNetworkLink.privateDnsZoneName + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.virtualNetworkId + toFieldPath: status.privateDnsZoneVirtualNetworkLink.virtualNetworkId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.resourceGroupName + toFieldPath: status.privateDnsZoneVirtualNetworkLink.resourceGroupName + type: ToCompositeFieldPath + - name: Principal + base: + apiVersion: serviceprincipals.azuread.upbound.io/v1beta1 + kind: Principal + spec: + forProvider: + appRoleAssignmentRequired: false + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal" + - type: CombineFromComposite + toFieldPath: metadata.labels["keos.stratio.com/principal-name"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.applicationIdSelector.matchLabels['keos.stratio.com/principal-app-name'] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application" + - fromFieldPath: status.atProvider.applicationId + toFieldPath: status.principal.applicationId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.applicationTenantId + toFieldPath: status.principal.tenantId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.objectId + toFieldPath: status.principal.objectId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.displayName + toFieldPath: status.principal.displayName + type: ToCompositeFieldPath + - name: Application + base: + apiVersion: applications.azuread.upbound.io/v1beta1 + kind: Application + spec: + forProvider: {} + patches: + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application" + - type: CombineFromComposite + toFieldPath: metadata.labels["keos.stratio.com/principal-app-name"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application" + - type: CombineFromComposite + toFieldPath: spec.forProvider.displayName + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application" + - type: CombineFromComposite + toFieldPath: spec.forProvider.description + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "Application to manage DNS Zones by External-DNS in cluster %s" + - fromFieldPath: status.atProvider.applicationId + toFieldPath: status.application.applicationId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.id + toFieldPath: status.application.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.clientId + toFieldPath: status.application.clientId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.displayName + toFieldPath: status.application.displayName + type: ToCompositeFieldPath + - name: ApplicationPassword + base: + apiVersion: applications.azuread.upbound.io/v1beta1 + kind: Password + spec: + writeConnectionSecretToRef: + namespace: crossplane-system + forProvider: {} + patches: + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application-secret" + - type: CombineFromComposite + toFieldPath: metadata.labels["keos.stratio.com/principal-app-password"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application-secret" + - type: CombineFromComposite + toFieldPath: spec.writeConnectionSecretToRef.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application-secret" + - type: CombineFromComposite + toFieldPath: spec.forProvider.displayName + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application" + - type: CombineFromComposite + toFieldPath: spec.forProvider.applicationObjectIdSelector.matchLabels['keos.stratio.com/principal-app-name'] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-external-dns-principal-application" + - fromFieldPath: status.atProvider.displayName + toFieldPath: status.application.password.displayName + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.keyId + toFieldPath: status.application.password.keyId + type: ToCompositeFieldPath + - fromFieldPath: spec.writeConnectionSecretToRef.name + toFieldPath: status.application.password.secretName + type: ToCompositeFieldPath + - fromFieldPath: spec.writeConnectionSecretToRef.namespace + toFieldPath: status.application.password.secretNamespace + type: ToCompositeFieldPath + - name: RoleAssignmentDNSZoneContributorPublicDnsZone + base: + apiVersion: authorization.azure.upbound.io/v1beta1 + kind: RoleAssignment + spec: + forProvider: + skipServicePrincipalAadCheck: true + principalType: ServicePrincipal + roleDefinitionName: "DNS Zone Contributor" + patches: + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-contributor-public-dns-zone" + - fromFieldPath: status.principal.objectId + toFieldPath: spec.forProvider.principalId + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.scope + combine: + variables: + - fromFieldPath: spec.subscriptionId + - fromFieldPath: spec.clusterName + - fromFieldPath: spec.externalDomain + strategy: string + string: + fmt: "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/dnsZones/%s" + - fromFieldPath: status.atProvider.id + toFieldPath: status.roleAssignments[0].id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.roleDefinitionId + toFieldPath: status.roleAssignments[0].roleDefinitionId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.principalType + toFieldPath: status.roleAssignments[0].principalType + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.scope + toFieldPath: status.roleAssignments[0].scope + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.roleDefinitionName + toFieldPath: status.roleAssignments[0].roleDefinitionName + type: ToCompositeFieldPath + - name: RoleAssignmentReaderRG + base: + apiVersion: authorization.azure.upbound.io/v1beta1 + kind: RoleAssignment + spec: + forProvider: + skipServicePrincipalAadCheck: true + principalType: ServicePrincipal + roleDefinitionName: Reader + patches: + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-reader-rg" + - fromFieldPath: status.principal.objectId + toFieldPath: spec.forProvider.principalId + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.scope + combine: + variables: + - fromFieldPath: spec.subscriptionId + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "/subscriptions/%s/resourceGroups/%s" + - fromFieldPath: status.atProvider.id + toFieldPath: status.roleAssignments[1].id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.roleDefinitionId + toFieldPath: status.roleAssignments[1].roleDefinitionId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.principalType + toFieldPath: status.roleAssignments[1].principalType + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.scope + toFieldPath: status.roleAssignments[1].scope + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.roleDefinitionName + toFieldPath: status.roleAssignments[1].roleDefinitionName + type: ToCompositeFieldPath + - name: RoleAssignmentDNSZoneContributorPrivateDnsZone + base: + apiVersion: authorization.azure.upbound.io/v1beta1 + kind: RoleAssignment + spec: + forProvider: + skipServicePrincipalAadCheck: true + principalType: ServicePrincipal + roleDefinitionName: "DNS Zone Contributor" + patches: + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-contributor-private-dns-zone" + - fromFieldPath: status.principal.objectId + toFieldPath: spec.forProvider.principalId + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.scope + combine: + variables: + - fromFieldPath: spec.subscriptionId + - fromFieldPath: spec.clusterName + - fromFieldPath: spec.externalDomain + strategy: string + string: + fmt: "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/privateDnsZones/%s" + - fromFieldPath: status.atProvider.id + toFieldPath: status.roleAssignments[2].id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.roleDefinitionId + toFieldPath: status.roleAssignments[2].roleDefinitionId + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.principalType + toFieldPath: status.roleAssignments[2].principalType + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.scope + toFieldPath: status.roleAssignments[2].scope + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.roleDefinitionName + toFieldPath: status.roleAssignments[2].roleDefinitionName + type: ToCompositeFieldPath \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/templates/azure/crossplane-provider-config.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/azure/crossplane-provider-config.tmpl new file mode 100644 index 0000000000..718ba1e3ee --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/azure/crossplane-provider-config.tmpl @@ -0,0 +1,24 @@ +apiVersion: azure.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{ .Addon }} +spec: + credentials: + source: Secret + secretRef: + namespace: crossplane-system + name: {{ .Secret }} + key: creds +--- +apiVersion: azuread.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{ .Addon }} +spec: + credentials: + source: Secret + secretRef: + namespace: crossplane-system + name: {{ .Secret }} + key: creds +--- \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/templates/azure/hostedzone.azure.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/azure/hostedzone.azure.tmpl new file mode 100644 index 0000000000..b287d25850 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/azure/hostedzone.azure.tmpl @@ -0,0 +1,12 @@ +apiVersion: configs.stratio.io/v1alpha1 +kind: xAzureZonesConfig +metadata: + name: {{ .ClusterName }}-zones-config + labels: + keos.stratio.com/cluster: "{{ .ClusterName }}" +spec: + externalDomain: {{ .ExternalDomain }} + clusterName: {{ .ClusterName }} + providerConfigName: {{ .Addon }}-provider + subscriptionId: {{ .SubscriptionID }} + diff --git a/pkg/cluster/internal/create/actions/createworker/templates/common/crossplane-provider.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/common/crossplane-provider.tmpl new file mode 100644 index 0000000000..5490d7cdbb --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/common/crossplane-provider.tmpl @@ -0,0 +1,37 @@ +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + name: {{ $.Provider }} +spec: + skipDependencyResolution: true +{{- if not $.Private }} + package: xpkg.upbound.io/upbound/{{ $.Provider }}:{{ $.Version }} + runtimeConfigRef: + name: custom-config-{{ $.Provider }} +{{- else }} + package: {{ $.Provider }}:{{ $.Version }} + packagePullPolicy: Never + runtimeConfigRef: + name: custom-config-{{ $.Provider }} +{{- end }} +--- +apiVersion: pkg.crossplane.io/v1beta1 +kind: DeploymentRuntimeConfig +metadata: + name: custom-config-{{ $.Provider }} +spec: + deploymentTemplate: + metadata: + name: {{ $.Provider }} + spec: + selector: {} + template: + spec: + {{- if not $.Private }} + containers: [] + {{- else }} + containers: + - name: package-runtime + imagePullPolicy: Always + image: {{ $.Image }} + {{- end }} diff --git a/pkg/cluster/internal/create/actions/createworker/templates/gcp/composition-hostedzones-gcp.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/gcp/composition-hostedzones-gcp.tmpl new file mode 100644 index 0000000000..80c5160c43 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/gcp/composition-hostedzones-gcp.tmpl @@ -0,0 +1,239 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: xgcpzonesconfigs + labels: + keos.stratio.com/cluster: {{ .ClusterName }} +spec: + compositeTypeRef: + apiVersion: configs.stratio.io/v1alpha1 + kind: xGCPZonesConfig + resources: + - name: PublicManagedZone + base: + apiVersion: dns.gcp.upbound.io/v1beta1 + kind: ManagedZone + spec: + forProvider: {} + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-public-managed-zone" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: spec.forProvider.dnsName + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.description + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "Public managed zone for external-dns in cluster: %s" + - fromFieldPath: status.atProvider.id + toFieldPath: status.publicManagedZone.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.dnsName + toFieldPath: status.publicManagedZone.dnsName + type: ToCompositeFieldPath + - name: PrivateManagedZone + base: + apiVersion: dns.gcp.upbound.io/v1beta1 + kind: ManagedZone + spec: + forProvider: + visibility: private + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "%s-private-managed-zone" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - fromFieldPath: spec.externalDomain + toFieldPath: spec.forProvider.dnsName + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.description + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "Private managed zone for external-dns in cluster: %s" + - fromFieldPath: status.atProvider.id + toFieldPath: status.privateManagedZone.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.dnsName + toFieldPath: status.privateManagedZone.dnsName + type: ToCompositeFieldPath + - name: ServiceAccount + base: + apiVersion: cloudplatform.gcp.upbound.io/v1beta1 + kind: ServiceAccount + spec: + forProvider: + createIgnoreAlreadyExists: true + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "sa-external-dns-%s" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.description + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "Service Account zone for external-dns in cluster: %s" + - type: CombineFromComposite + toFieldPath: spec.forProvider.displayName + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "sa-external-dns-%s" + - type: CombineFromComposite + toFieldPath: metadata.labels["keos.stratio.com/sa-name"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "sa-external-dns-%s" + - fromFieldPath: status.atProvider.id + toFieldPath: status.serviceAccount.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.member + toFieldPath: status.serviceAccount.member + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.name + toFieldPath: status.serviceAccount.name + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.email + toFieldPath: status.serviceAccount.email + type: ToCompositeFieldPath + - name: ServiceAccountKey + base: + apiVersion: cloudplatform.gcp.upbound.io/v1beta1 + kind: ServiceAccountKey + spec: + forProvider: {} + writeConnectionSecretToRef: + namespace: crossplane-system + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "sa-key-external-dns-%s" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: metadata.labels["keos.stratio.com/sa-key-name"] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "sa-key-external-dns-%s" + - type: CombineFromComposite + toFieldPath: spec.writeConnectionSecretToRef.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "sa-key-external-dns-%s-secret" + - type: CombineFromComposite + toFieldPath: spec.forProvider.serviceAccountIdSelector.matchLabels['keos.stratio.com/sa-name'] + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "sa-external-dns-%s" + - fromFieldPath: status.atProvider.id + toFieldPath: status.serviceAccount.serviceAccountKey.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.name + toFieldPath: status.serviceAccount.serviceAccountKey.name + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.id + toFieldPath: status.serviceAccount.serviceAccountKey.id + type: ToCompositeFieldPath + - fromFieldPath: spec.writeConnectionSecretToRef.name + toFieldPath: status.serviceAccount.serviceAccountKey.secretName + type: ToCompositeFieldPath + - fromFieldPath: spec.writeConnectionSecretToRef.namespace + toFieldPath: status.serviceAccount.serviceAccountKey.secretNamespace + type: ToCompositeFieldPath + - name: ProjectIAMMember + base: + apiVersion: cloudplatform.gcp.upbound.io/v1beta1 + kind: ProjectIAMMember + spec: + forProvider: + role: roles/dns.admin + patches: + - type: CombineFromComposite + toFieldPath: metadata.name + combine: + variables: + - fromFieldPath: spec.clusterName + strategy: string + string: + fmt: "project-iam-member-external-dns-%s" + - fromFieldPath: spec.providerConfigName + toFieldPath: spec.providerConfigRef.name + type: FromCompositeFieldPath + - type: CombineFromComposite + toFieldPath: spec.forProvider.member + combine: + variables: + - fromFieldPath: spec.clusterName + - fromFieldPath: spec.projectName + strategy: string + string: + fmt: "serviceAccount:sa-external-dns-%s@%s.iam.gserviceaccount.com" + - fromFieldPath: spec.projectName + toFieldPath: spec.forProvider.project + type: FromCompositeFieldPath + - fromFieldPath: status.atProvider.id + toFieldPath: status.projectIAMMember.id + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.member + toFieldPath: status.projectIAMMember.member + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.project + toFieldPath: status.projectIAMMember.project + type: ToCompositeFieldPath + - fromFieldPath: status.atProvider.role + toFieldPath: status.projectIAMMember.role + type: ToCompositeFieldPath \ No newline at end of file diff --git a/pkg/cluster/internal/create/actions/createworker/templates/gcp/crossplane-provider-config.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/gcp/crossplane-provider-config.tmpl new file mode 100644 index 0000000000..c6ac065a22 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/gcp/crossplane-provider-config.tmpl @@ -0,0 +1,12 @@ +apiVersion: gcp.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{ .Addon }} +spec: + projectID: {{ .ProjectID }} + credentials: + source: Secret + secretRef: + namespace: crossplane-system + name: {{ .Secret }} + key: creds diff --git a/pkg/cluster/internal/create/actions/createworker/templates/gcp/hostedzone.gcp.tmpl b/pkg/cluster/internal/create/actions/createworker/templates/gcp/hostedzone.gcp.tmpl new file mode 100644 index 0000000000..1d0f436ce6 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/templates/gcp/hostedzone.gcp.tmpl @@ -0,0 +1,12 @@ +apiVersion: configs.stratio.io/v1alpha1 +kind: xGCPZonesConfig +metadata: + name: {{ .ClusterName }}-zones-config + labels: + keos.stratio.com/cluster: "{{ .ClusterName }}" +spec: + externalDomain: {{ .ExternalDomain }} + clusterName: {{ .ClusterName }} + providerConfigName: {{ .Addon }}-provider + projectName: {{ .ProjectName }} + diff --git a/pkg/cluster/internal/create/actions/createworker/variables.go b/pkg/cluster/internal/create/actions/createworker/variables.go new file mode 100644 index 0000000000..0166f339b0 --- /dev/null +++ b/pkg/cluster/internal/create/actions/createworker/variables.go @@ -0,0 +1,25 @@ +package createworker + +var ( + //External-dns variables + externalDNSAddonName = "external-dns" + externalDNSNamespace = "external-dns" + externalDNSCredsSecrets = "external-dns-creds" + externalDNSImageTag = "v0.13.6" +) + +var ( + //Crossplane variables + crossplaneAddonName = "crossplane" + crossplaneNamespace = "crossplane-system" + crossplaneCredentialsSecretName = "crossplane-creds" + + // Crossplane file variables + crossplane_folder_path = "/kind/cache" + crossplane_directoy_path = "/kind/crossplane" + crossplane_provider_creds_file_base = "/kind/crossplane/crossplane-" + crossplane_provider_config_file = "/kind/crossplane/crossplane-provider-creds.yaml" + crossplane_custom_creds_file = "/kind/crossplane/crossplane-custom-creds.yaml" + crossplane_crs_file_local_base = "/kind/crossplane/crossplane-crs-local" + crossplane_crs_file_workload_base = "/kind/crossplane/crossplane-crs-workload" +) diff --git a/pkg/cluster/internal/providers/docker/stratio/Dockerfile b/pkg/cluster/internal/providers/docker/stratio/Dockerfile index 09aec21252..942c79d9a6 100644 --- a/pkg/cluster/internal/providers/docker/stratio/Dockerfile +++ b/pkg/cluster/internal/providers/docker/stratio/Dockerfile @@ -22,6 +22,8 @@ ENV CLOUD_PROVIDER_AZURE_CHART=v1.28.5 ENV CLUSTER_AUTOSCALER_CHART=9.29.1 ENV TIGERA_OPERATOR_CHART=v3.26.1 ENV CERT_MANAGER_CHART_VERSION=v1.12.3 +ENV CROSSPLANE_CHART=1.16.0 +ENV EXTERNAL_DNS_CHART=1.12.1 # Cluster-api artifacts ENV CAPI_REPO=/root/.cluster-api/local-repository @@ -29,11 +31,23 @@ ENV CAPA=v2.2.1 ENV CAPG=v1.6.1 ENV CAPZ=v1.11.4 +# Crossplane artifacts +ENV CROSSPLANE_CACHE=/kind/cache +ENV AWS_FAMILY_PROVIDER=provider-family-aws +ENV AWS_PROVIDER_EC2=provider-aws-ec2 +ENV AWS_PROVIDER_EFS=provider-aws-efs +ENV AWS_PROVIDER_ROUTE53=provider-aws-route53 +ENV AWS_CROSSPLANE_PROVIDERS_VERSION=v1.8.0 + # Install vim RUN apt-get update && apt-get install -y \ vim python3-pip git \ && rm -rf /var/lib/apt/lists/* +# Install up +RUN curl -sL "https://cli.upbound.io" | sh \ + && mv up /usr/bin/ + # Add aliases RUN echo 'alias k="kubectl"' >> ~/.bash_aliases \ && echo 'alias capi-logs="kubectl -n capi-system logs -f deploy/capi-controller-manager"' >> ~/.bash_aliases \ @@ -71,7 +85,9 @@ RUN mkdir -p /stratio/helm \ && for i in $(seq 1 3); do timeout 5 helm pull cloud-provider-azure --version ${CLOUD_PROVIDER_AZURE_CHART} --repo https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo --untar --untardir /stratio/helm && break; done \ && for i in $(seq 1 3); do timeout 5 helm pull cluster-autoscaler --version ${CLUSTER_AUTOSCALER_CHART} --repo https://kubernetes.github.io/autoscaler --untar --untardir /stratio/helm && break; done \ && for i in $(seq 1 3); do timeout 5 helm pull tigera-operator --version ${TIGERA_OPERATOR_CHART} --repo https://docs.projectcalico.org/charts --untar --untardir /stratio/helm && break; done \ - && for i in $(seq 1 3); do timeout 5 helm pull cert-manager --version ${CERT_MANAGER_CHART_VERSION} --repo https://charts.jetstack.io --untar --untardir /stratio/helm && break; done + && for i in $(seq 1 3); do timeout 5 helm pull cert-manager --version ${CERT_MANAGER_CHART_VERSION} --repo https://charts.jetstack.io --untar --untardir /stratio/helm && break; done \ + && for i in $(seq 1 3); do timeout 5 helm pull crossplane --version ${CROSSPLANE_CHART} --repo https://charts.crossplane.io/stable --untar --untardir /stratio/helm && break; done \ + && for i in $(seq 1 3); do timeout 5 helm pull external-dns --version ${EXTERNAL_DNS_CHART} --repo https://kubernetes-sigs.github.io/external-dns --untar --untardir /stratio/helm && break; done # Prepare cluster-api private repository RUN mkdir -p ${CAPI_REPO}/infrastructure-aws/${CAPA} ${CAPI_REPO}/infrastructure-gcp/${CAPG} ${CAPI_REPO}/infrastructure-azure/${CAPZ} ${CAPI_REPO}/cluster-api/${CLUSTERCTL} ${CAPI_REPO}/bootstrap-kubeadm/${CLUSTERCTL} ${CAPI_REPO}/control-plane-kubeadm/${CLUSTERCTL} ${CROSSPLANE_CACHE} \ @@ -95,3 +111,10 @@ RUN curl -L https://github.com/kubernetes-sigs/cluster-api/releases/download/${ && curl -L https://github.com/kubernetes-sigs/cluster-api/releases/download/${CLUSTERCTL}/metadata.yaml -o ${CAPI_REPO}/cluster-api/${CLUSTERCTL}/metadata.yaml \ && cp ${CAPI_REPO}/cluster-api/${CLUSTERCTL}/metadata.yaml ${CAPI_REPO}/bootstrap-kubeadm/${CLUSTERCTL}/metadata.yaml \ && cp ${CAPI_REPO}/cluster-api/${CLUSTERCTL}/metadata.yaml ${CAPI_REPO}/control-plane-kubeadm/${CLUSTERCTL}/metadata.yaml + +RUN set -e; \ + for provider in ${AWS_FAMILY_PROVIDER} ${AWS_PROVIDER_EC2} ${AWS_PROVIDER_ROUTE53} ${AWS_PROVIDER_EFS}; do \ + up xpkg xp-extract xpkg.upbound.io/upbound/${provider}:${AWS_CROSSPLANE_PROVIDERS_VERSION} \ + && mv out.gz ${CROSSPLANE_CACHE}/${provider}.gz \ + && chmod 644 ${CROSSPLANE_CACHE}/${provider}.gz; \ + done \ No newline at end of file diff --git a/pkg/cluster/internal/validate/common.go b/pkg/cluster/internal/validate/common.go index f220f6ee62..1e6a4ebdd3 100644 --- a/pkg/cluster/internal/validate/common.go +++ b/pkg/cluster/internal/validate/common.go @@ -18,6 +18,7 @@ package validate import ( "fmt" + "reflect" "regexp" "strconv" "strings" @@ -57,6 +58,29 @@ func validateClusterConfig(spec commons.KeosSpec, clusterConfigSpec commons.Clus return errors.New("spec: Invalid value: \"controlplane_config.max_unhealthy\" in clusterConfig: This field cannot be set with managed cluster") } } + switch spec.InfraProvider { + case "aws": + if spec.ControlPlane.Managed { + if clusterConfigSpec.DNS.CreateInfra && reflect.DeepEqual(spec.Credentials.Crossplane.AWS, commons.AWSCredentials{}) { + return errors.New("spec: Invalid value: \"keoscluster.spec.credentials.crossplane.aws\" must be defined for aws infra provider") + } + if !reflect.DeepEqual(spec.Credentials.ExternalDNS.AWS, commons.AWSCredentials{}) { + return errors.New("spec: Invalid value: \"keoscluster.spec.credentials.external_dns.aws\" must not be defined for aws infra provider with eks flavour") + } + } + if reflect.DeepEqual(spec.Credentials.Crossplane.AWS, commons.AWSCredentials{}) && reflect.DeepEqual(spec.Credentials.ExternalDNS.AWS, commons.AWSCredentials{}) && clusterConfigSpec.DNS.CreateInfra { + return errors.New("spec: Invalid value: \"keoscluster.spec.credentials.crossplane.aws\" or \"keoscluster.spec.credentials.external_dns.aws\" must be defined for aws infra provider") + } + case "gcp": + if reflect.DeepEqual(spec.Credentials.Crossplane.GCP, commons.GCPCredentials{}) && reflect.DeepEqual(spec.Credentials.ExternalDNS.GCP, commons.GCPCredentials{}) && clusterConfigSpec.DNS.CreateInfra { + return errors.New("spec: Invalid value: \"keoscluster.spec.credentials.crossplane.gcp\" or \"keoscluster.spec.credentials.external_dns.gcp\" must be defined for gcp infra provider") + } + case "azure": + if reflect.DeepEqual(spec.Credentials.Crossplane.AZURE, commons.AzureCredentials{}) && reflect.DeepEqual(spec.Credentials.ExternalDNS.AZURE, commons.AzureCredentials{}) && clusterConfigSpec.DNS.CreateInfra { + return errors.New("spec: Invalid value: \"keoscluster.spec.credentials.crossplane.azure\" or \"keoscluster.spec.credentials.external_dns.azure\" must be defined for azure infra provider") + } + } + return nil } diff --git a/pkg/cluster/internal/validate/gcp.go b/pkg/cluster/internal/validate/gcp.go index 5e121e2287..f495eff15f 100644 --- a/pkg/cluster/internal/validate/gcp.go +++ b/pkg/cluster/internal/validate/gcp.go @@ -51,6 +51,11 @@ func validateGCP(spec commons.KeosSpec, providerSecrets map[string]string) error return errors.New("spec.region: " + spec.Region + " region does not exist") } + err = validateGCPExternalDomain(spec) + if err != nil { + return err + } + azs, err := getGoogleAZs(credentialsJson, spec.Region) if err != nil { return err @@ -282,6 +287,14 @@ func validateGCPNetwork(network commons.Networks, credentialsJson string, region return nil } +// checkExternalDomain ensures that the spec.externaldomain ends with a dot. +func validateGCPExternalDomain(spec commons.KeosSpec) error { + if !strings.HasSuffix(spec.ExternalDomain, ".") { + return fmt.Errorf("spec.externaldomain must end with a dot: %s", spec.ExternalDomain) + } + return nil +} + func getGCPRegions(credentialsJson string) ([]string, error) { var regions_names []string var ctx = context.Background() diff --git a/pkg/commons/cluster.go b/pkg/commons/cluster.go index 75d629494d..47e0ca167a 100644 --- a/pkg/commons/cluster.go +++ b/pkg/commons/cluster.go @@ -64,6 +64,12 @@ type ClusterConfigSpec struct { WorkersConfig WorkersConfig `yaml:"workers_config"` ClusterOperatorVersion string `yaml:"cluster_operator_version,omitempty"` ClusterOperatorImageVersion string `yaml:"cluster_operator_image_version,omitempty"` + DNS InfraConfig `yaml:"dns,omitempty"` + EFS InfraConfig `yaml:"efs,omitempty"` +} + +type InfraConfig struct { + CreateInfra bool `yaml:"create_infra"` } type ControlplaneConfig struct { @@ -229,6 +235,14 @@ type Credentials struct { GithubToken string `yaml:"github_token"` DockerRegistries []DockerRegistryCredentials `yaml:"docker_registries"` HelmRepository HelmRepositoryCredentials `yaml:"helm_repository"` + ExternalDNS AddonCredentials `yaml:"external-dns,omitempty"` + Crossplane AddonCredentials `yaml:"crossplane,omitempty"` +} + +type AddonCredentials struct { + AWS AWSCredentials `yaml:"aws" validate:"excluded_with=AZURE GCP"` + AZURE AzureCredentials `yaml:"azure" validate:"excluded_with=AWS GCP"` + GCP GCPCredentials `yaml:"gcp" validate:"excluded_with=AWS AZURE"` } type AWSCredentials struct {