Merge pull request k0rdent#363 from a13x5/aws-provider-cluster-identity

Make AWS provider use only cluster identity

Makefile

@@ -296,8 +296,8 @@ dev-templates: templates-generate
 	$(KUBECTL) -n $(NAMESPACE) apply -f $(PROVIDER_TEMPLATES_DIR)/hmc-templates/files/templates
 
 .PHONY: dev-aws-creds
-dev-aws-creds: yq
-	@$(YQ) e ".stringData.AWS_B64ENCODED_CREDENTIALS = \"${AWS_CREDENTIALS}\"" config/dev/awscredentials.yaml | $(KUBECTL) -n $(NAMESPACE) apply -f -
+dev-aws-creds: envsubst
+	@NAMESPACE=$(NAMESPACE) $(ENVSUBST) -no-unset -i config/dev/aws-credentials.yaml | $(KUBECTL) apply -f -
 
 .PHONY: dev-azure-creds
 dev-azure-creds: envsubst
@@ -315,9 +315,6 @@ dev-destroy: kind-undeploy registry-undeploy ## Destroy the development environm
 
 .PHONY: dev-mcluster-apply
 dev-mcluster-apply: envsubst
-	@if [ $(DEV_PROVIDER) = "aws" ]; then \
-		$(MAKE) dev-aws-creds; \
-	fi
 	@NAMESPACE=$(NAMESPACE) $(ENVSUBST) -no-unset -i config/dev/$(DEV_PROVIDER)-managedcluster.yaml | $(KUBECTL) apply -f -
 
 .PHONY: dev-mcluster-delete

api/v1alpha1/common.go

@@ -26,8 +26,7 @@ type Providers struct {
 
 const (
 	// Provider CAPA
-	ProviderCAPAName       = "cluster-api-provider-aws"
-	ProviderCAPASecretName = "aws-variables"
+	ProviderCAPAName = "cluster-api-provider-aws"
 	// Provider Azure
 	ProviderAzureName   = "cluster-api-provider-azure"
 	ProviderVSphereName = "cluster-api-provider-vsphere"

config/dev/aws-credentials.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
+kind: AWSClusterStaticIdentity
+metadata:
+  name: aws-cluster-identity
+  namespace: ${NAMESPACE}
+spec:
+  secretRef: aws-cluster-identity-secret
+  allowedNamespaces:
+    selector:
+      matchLabels: {}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-cluster-identity-secret
+  namespace: ${NAMESPACE}
+type: Opaque
+stringData:
+  AccessKeyID: ${AWS_ACCESS_KEY_ID}
+  SecretAccessKey: ${AWS_SECRET_ACCESS_KEY}

config/dev/aws-managedcluster.yaml

@@ -5,6 +5,9 @@ metadata:
   namespace: ${NAMESPACE}
 spec:
   config:
+    clusterIdentity:
+      name: aws-cluster-identity
+      namespace: ${NAMESPACE}
     controlPlane:
       instanceType: t3.small
     controlPlaneNumber: 1

docs/dev.md

@@ -23,6 +23,11 @@ make cli-install
 
 Follow the instruction to configure AWS Provider: [AWS Provider Setup](aws/main.md#prepare-the-aws-infra-provider)
 
+The following env variables must be set in order to deploy dev cluster on AWS:
+
+- `AWS_ACCESS_KEY_ID`
+- `AWS_SECRET_ACCESS_KEY`
+
 ### Azure Provider Setup
 
 Follow the instruction on how to configure [Azure Provider](azure/main.md).

templates/cluster/aws-hosted-cp/Chart.yaml

@@ -7,7 +7,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.3
+version: 0.1.4
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

templates/cluster/aws-hosted-cp/templates/awscluster.yaml

@@ -9,9 +9,9 @@ metadata:
   - hmc.mirantis.com/cleanup
 spec:
   region: {{ .Values.region }}
-  # identityRef:
-    # kind: AWSClusterStaticIdentity
-    # name: aws-identity-name
+  identityRef:
+    kind: {{ .Values.clusterIdentity.kind }}
+    name: {{ .Values.clusterIdentity.name }}
   network:
     vpc:
       id: {{ .Values.vpcID }}

templates/cluster/aws-hosted-cp/values.schema.json

@@ -9,7 +9,8 @@
     "amiID",
     "iamInstanceProfile",
     "instanceType",
-    "securityGroupIDs"
+    "securityGroupIDs",
+    "clusterIdentity"
   ],
   "properties": {
     "workersNumber": {
@@ -107,6 +108,24 @@
           }
       }
     },
+    "clusterIdentity": {
+      "type": "object",
+      "description": "AWS Cluster Identity object reference",
+      "required": [
+        "name",
+	"kind"
+      ],
+      "properties": {
+        "name": {
+	  "description": "AWS ClusterIdentity object name",
+          "type": "string"
+        },
+        "kind": {
+	  "description": "AWS ClusterIdentity object kind",
+          "type": "string"
+        }
+      }
+    },
     "amiID": {
       "description": "The ID of Amazon Machine Image",
       "type": "string"

templates/cluster/aws-hosted-cp/values.yaml

@@ -23,6 +23,9 @@ bastion:
   allowedCIDRBlocks: []
   instanceType: t2.micro
   ami: ""
+clusterIdentity:
+  name: ""
+  kind: "AWSClusterStaticIdentity"
 # AWS machines parameters
 amiID: ""
 imageLookup:

templates/cluster/aws-standalone-cp/Chart.yaml

@@ -6,7 +6,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.3
+version: 0.1.4
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

templates/cluster/aws-standalone-cp/templates/awscluster.yaml

@@ -6,9 +6,9 @@ metadata:
     aws.cluster.x-k8s.io/external-resource-gc: "true"
 spec:
   region: {{ .Values.region }}
-  # identityRef:
-    # kind: AWSClusterStaticIdentity
-    # name: aws-identity-name
+  identityRef:
+    kind: {{ .Values.clusterIdentity.kind }}
+    name: {{ .Values.clusterIdentity.name }}
   controlPlaneLoadBalancer:
     healthCheckProtocol: TCP
   network:

templates/cluster/aws-standalone-cp/values.schema.json

@@ -5,7 +5,8 @@
   "required": [
     "controlPlaneNumber",
     "workersNumber",
-    "region"
+    "region",
+    "clusterIdentity"
   ],
   "properties": {
     "controlPlaneNumber": {
@@ -85,6 +86,24 @@
           }
       }
     },
+    "clusterIdentity": {
+      "type": "object",
+      "description": "AWS Cluster Identity object reference",
+      "required": [
+        "name",
+	"kind"
+      ],
+      "properties": {
+        "name": {
+	  "description": "AWS ClusterIdentity object name",
+          "type": "string"
+        },
+        "kind": {
+	  "description": "AWS ClusterIdentity object kind",
+          "type": "string"
+        }
+      }
+    },
     "controlPlane": {
       "description": "The configuration of the control plane machines",
       "type": "object",

templates/cluster/aws-standalone-cp/values.yaml

@@ -20,6 +20,9 @@ bastion:
   allowedCIDRBlocks: []
   instanceType: t2.micro
   ami: ""
+clusterIdentity:
+  name: ""
+  kind: "AWSClusterStaticIdentity"
 # AWS machines parameters
 controlPlane:
   amiID: ""

templates/provider/cluster-api-provider-aws/values.yaml

@@ -1,6 +1,7 @@
 configSecret:
-  create: false
+  create: true
   name: "aws-variables"
   namespace: ""
 
-config: {}
+config:
+  AWS_B64ENCODED_CREDENTIALS: Cg==

templates/provider/hmc-templates/files/templates/aws-hosted-cp.yaml

@@ -5,4 +5,4 @@ metadata:
 spec:
   helm:
     chartName: aws-hosted-cp
-    chartVersion: 0.1.3
+    chartVersion: 0.1.4

templates/provider/hmc-templates/files/templates/aws-standalone-cp.yaml

@@ -5,4 +5,4 @@ metadata:
 spec:
   helm:
     chartName: aws-standalone-cp
-    chartVersion: 0.1.3
+    chartVersion: 0.1.4