diff --git a/.bazelrc b/.bazelrc index f2febd90ee..e26922fd95 100644 --- a/.bazelrc +++ b/.bazelrc @@ -1,3 +1,8 @@ +build --define=MANAGER_IMAGE_NAME=cluster-api-aws-controller +build --define=MANAGER_IMAGE_TAG=0.1.0 +build --define=REGISTRY_STABLE=gcr.io/cluster-api-provider-aws +build --define=REGISTRY_TEST_SHIM=bazel/cmd + build --workspace_status_command=./hack/print-workspace-status.sh build --verbose_failures diff --git a/.gitignore b/.gitignore index 1bd1209816..cb4c322f23 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,6 @@ kubeconfig # vscode .vscode + +# Ignore dev manifests +cmd/clusterctl/examples/aws/provider-components-base-dev.yaml diff --git a/Makefile b/Makefile index 0de572966b..63990d2051 100644 --- a/Makefile +++ b/Makefile @@ -20,12 +20,10 @@ FASTBUILD ?= n ## Set FASTBUILD=y (case-sensitive) to skip some slow tasks ## Image URL to use all building/pushing image targets -STABLE_DOCKER_REPO ?= gcr.io/cluster-api-provider-aws -MANAGER_IMAGE_NAME ?= cluster-api-aws-controller -MANAGER_IMAGE_TAG ?= 0.0.4 -MANAGER_IMAGE ?= $(STABLE_DOCKER_REPO)/$(MANAGER_IMAGE_NAME):$(MANAGER_IMAGE_TAG) -DEV_DOCKER_REPO ?= gcr.io/$(shell gcloud config get-value project) -DEV_MANAGER_IMAGE ?= $(DEV_DOCKER_REPO)/$(MANAGER_IMAGE_NAME):$(MANAGER_IMAGE_TAG) +REGISTRY_DEV ?= gcr.io/$(shell gcloud config get-value project) +DEPCACHEAGE ?= 24h # Enables caching for Dep +BAZEL_ARGS ?= +BAZEL_DOCKER_ARGS := --define=REGISTRY_DEV=$(REGISTRY_DEV) $(BAZEL_ARGS) DEPCACHEAGE ?= 24h # Enables caching for Dep BAZEL_ARGS ?= @@ -85,15 +83,17 @@ clusterawsadm: dep-ensure ## Build clusterawsadm binary. bazel build --workspace_status_command=./hack/print-workspace-status.sh //cmd/clusterawsadm $(BAZEL_ARGS) install bazel-bin/cmd/clusterawsadm/${BINARYPATHPATTERN}/clusterawsadm $(shell go env GOPATH)/bin/clusterawsadm -.PHONY: release-binaries -release-binaries: ## Build release binaries +.PHONY: release-artifacts +release-artifacts: ## Build release artifacts bazel build --platforms=@io_bazel_rules_go//go/toolchain:linux_amd64 //cmd/clusterctl //cmd/clusterawsadm bazel build --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64 //cmd/clusterctl //cmd/clusterawsadm + bazel build //cmd/clusterctl/examples/aws mkdir -p out install bazel-bin/cmd/clusterawsadm/darwin_amd64_pure_stripped/clusterawsadm out/clusterawsadm-darwin-amd64 install bazel-bin/cmd/clusterawsadm/linux_amd64_pure_stripped/clusterawsadm out/clusterawsadm-linux-amd64 install bazel-bin/cmd/clusterctl/darwin_amd64_pure_stripped/clusterctl out/clusterctl-darwin-amd64 install bazel-bin/cmd/clusterctl/linux_amd64_pure_stripped/clusterctl out/clusterctl-linux-amd64 + install bazel-bin/cmd/clusterctl/examples/aws/aws.tar out/cluster-api-provider-aws-examples.tar .PHONY: test verify test: generate verify ## Run tests @@ -106,17 +106,13 @@ verify: copy-genmocks: ## Copies generated mocks into the repository cp -Rf bazel-genfiles/pkg/* pkg/ -BAZEL_DOCKER_ARGS_COMMON := --define=MANAGER_IMAGE_NAME=$(MANAGER_IMAGE_NAME) --define=MANAGER_IMAGE_TAG=$(MANAGER_IMAGE_TAG) $(BAZEL_ARGS) -BAZEL_DOCKER_ARGS := --define=DOCKER_REPO=$(STABLE_DOCKER_REPO) $(BAZEL_DOCKER_ARGS_COMMON) -BAZEL_DOCKER_ARGS_DEV := --define=DOCKER_REPO=$(DEV_DOCKER_REPO) $(BAZEL_DOCKER_ARGS_COMMON) - .PHONY: docker-build docker-build: generate ## Build the production docker image bazel run //cmd/manager:manager-image $(BAZEL_DOCKER_ARGS) .PHONY: docker-build-dev docker-build-dev: generate ## Build the development docker image - bazel run //cmd/manager:manager-image $(BAZEL_DOCKER_ARGS_DEV) + bazel run //cmd/manager:manager-image-dev $(BAZEL_DOCKER_ARGS) .PHONY: docker-push docker-push: generate ## Push production docker image @@ -124,7 +120,7 @@ docker-push: generate ## Push production docker image .PHONY: docker-push-dev docker-push-dev: generate ## Push development image - bazel run //cmd/manager:manager-push $(BAZEL_DOCKER_ARGS_DEV) + bazel run //cmd/manager:manager-push-dev $(BAZEL_DOCKER_ARGS) .PHONY: clean clean: ## Remove all generated files @@ -133,35 +129,27 @@ clean: ## Remove all generated files rm -f minikube.kubeconfig rm -f bazel-* rm -rf out/ + rm -f cmd/clusterctl/examples/aws/provider-components-base-dev.yaml .PHONY: reset-bazel reset-bazel: ## Deep cleaning for bazel bazel clean --expunge -.PHONY: cmd/clusterctl/examples/aws/out -cmd/clusterctl/examples/aws/out: +.PHONY: manifests +manifests: cmd/clusterctl/examples/aws/provider-components-base.yaml ./cmd/clusterctl/examples/aws/generate-yaml.sh -cmd/clusterctl/examples/aws/out/credentials: cmd/clusterctl/examples/aws/out ## Generate k8s secret for AWS credentials - clusterawsadm alpha bootstrap generate-aws-default-profile > cmd/clusterctl/examples/aws/out/credentials - -.PHONY: examples -examples: ## Generate example output - $(MAKE) cmd/clusterctl/examples/aws/out MANAGER_IMAGE=${MANAGER_IMAGE} - -.PHONY: examples-dev -examples-dev: ## Generate example output with developer image - $(MAKE) cmd/clusterctl/examples/aws/out MANAGER_IMAGE=${DEV_MANAGER_IMAGE} +.PHONY: manifests-dev +manifests-dev: cmd/clusterctl/examples/aws/provider-components-base-dev.yaml ## Generate example output with developer image + $(MAKE) manifests -.PHONY: manifests -manifests: cmd/clusterctl/examples/aws/out/credentials ## Generate manifests for clusterctl - kustomize build config/default/ > cmd/clusterctl/examples/aws/out/provider-components.yaml - echo "---" >> cmd/clusterctl/examples/aws/out/provider-components.yaml - kustomize build vendor/sigs.k8s.io/cluster-api/config/default/ >> cmd/clusterctl/examples/aws/out/provider-components.yaml +cmd/clusterctl/examples/aws/provider-components-base.yaml: + bazel build //cmd/clusterctl/examples/aws:provider-components-base $(BAZEL_DOCKER_ARGS) + install bazel-genfiles/cmd/clusterctl/examples/aws/provider-components-base.yaml cmd/clusterctl/examples/aws -.PHONY: manifests-dev -manifests-dev: dep-ensure dep-install binaries-dev crds ## Builds development manifests - MANAGER_IMAGE=$(DEV_MANAGER_IMAGE) MANAGER_IMAGE_PULL_POLICY="Always" $(MAKE) manifests +cmd/clusterctl/examples/aws/provider-components-base-dev.yaml: + bazel build //cmd/clusterctl/examples/aws:provider-components-base-dev $(BAZEL_DOCKER_ARGS) + install bazel-genfiles/cmd/clusterctl/examples/aws/provider-components-base-dev.yaml cmd/clusterctl/examples/aws .PHONY: crds crds: diff --git a/build/BUILD b/build/BUILD deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/build/BUILD.bazel b/build/BUILD.bazel new file mode 100644 index 0000000000..ef4be5ec2a --- /dev/null +++ b/build/BUILD.bazel @@ -0,0 +1,17 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +exports_files([ + "stateful_set_patch.yaml", +]) diff --git a/build/stateful_set_patch.bzl b/build/stateful_set_patch.bzl new file mode 100644 index 0000000000..56b98e55e7 --- /dev/null +++ b/build/stateful_set_patch.bzl @@ -0,0 +1,57 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +Create a manager stateful set patch file for use with Kustomize +""" + +# Label of the template file to use. +_TEMPLATE = "//build:stateful_set_patch.yaml" + +def _stateful_set_patch_impl(ctx): + ctx.actions.expand_template( + template = ctx.file._template, + output = ctx.outputs.source_file, + substitutions = { + "": ctx.attr.registry, + "": ctx.attr.image_name, + "": ctx.attr.tag, + "": ctx.attr.pull_policy, + }, + ) + + return [ + OutputGroupInfo( + compilation_outputs = [ctx.outputs.source_file], + ), + DefaultInfo( + files = depset([ctx.outputs.source_file]), + runfiles = ctx.runfiles(files = [ctx.outputs.source_file]), + )] + +stateful_set_patch = rule( + attrs = { + "registry": attr.string(mandatory = True), + "pull_policy": attr.string(default = "IfNotPresent"), + "image_name": attr.string(default = "$(MANAGER_IMAGE_NAME)"), + "tag": attr.string(default = "$(MANAGER_IMAGE_TAG)"), + "_template": attr.label( + default = Label(_TEMPLATE), + allow_single_file = True, + ), + }, + output_to_genfiles = True, + outputs = {"source_file": "%{name}.yaml"}, + implementation = _stateful_set_patch_impl, +) diff --git a/build/stateful_set_patch.yaml b/build/stateful_set_patch.yaml new file mode 100644 index 0000000000..3ef3fd573c --- /dev/null +++ b/build/stateful_set_patch.yaml @@ -0,0 +1,21 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- op: replace + path: "/spec/template/spec/containers/0/image" + value: /: + +- op: replace + path: "/spec/template/spec/containers/0/imagePullPolicy" + value: diff --git a/cmd/clusterawsadm/cmd/alpha/bootstrap/bootstrap.go b/cmd/clusterawsadm/cmd/alpha/bootstrap/bootstrap.go index 763b28fc13..49f79f488c 100644 --- a/cmd/clusterawsadm/cmd/alpha/bootstrap/bootstrap.go +++ b/cmd/clusterawsadm/cmd/alpha/bootstrap/bootstrap.go @@ -37,10 +37,12 @@ import ( // KubernetesAWSSecret is the template to generate an encoded version of the // users' AWS credentials // nolint -const KubernetesAWSSecret = `apiVersion: v1 +const KubernetesAWSSecret = `--- +apiVersion: v1 kind: Secret metadata: - name: credentials.cluster-api-provider-aws.sigs.k8s.io + name: manager-bootstrap-credentials + namespace: aws-provider-system type: Opaque data: credentials: {{ .CredentialsFile }} diff --git a/cmd/clusterctl/examples/aws/BUILD b/cmd/clusterctl/examples/aws/BUILD deleted file mode 100644 index ba01d0f898..0000000000 --- a/cmd/clusterctl/examples/aws/BUILD +++ /dev/null @@ -1,36 +0,0 @@ -genrule( - name = "example-out", - srcs = glob(["*.yaml.template"]) + [ - "addons.yaml", - "//cmd/manager:manager-amd64.digest", - ], - outs = [ - "out/addons.yaml", - "out/cluster.yaml", - "out/machines.yaml", - "out/aws_manager_image_patch.yaml", - ], - cmd = " ".join([ - "ENVSUBST=$(location @com_github_a8m_envsubst//cmd/envsubst:envsubst)", - # "MANAGER_IMAGE=$$(cat $(location //cmd/manager:manager-amd64.digest))", - # TODO(EKF): This is a hack. Figure out why the above digest line doesn't work. - "MANAGER_IMAGE_PULL_POLICY=Never", - "MANAGER_IMAGE=bazel/cmd/manager:manager-amd64", - "OUTPUT_DIR=$(@D)/out", - "DIR=.", - "$(location :generate-yaml.sh) -f", - ]), - tools = [ - ":generate-yaml.sh", - "@com_github_a8m_envsubst//cmd/envsubst:envsubst", - ], - visibility = ["//visibility:public"], -) - -# TODO(EKF/liztio/randomvariable): Extracted from config/build, needs real creds -genrule( - name = "test-credentials", - outs = ["out/credentials"], - cmd = "mkdir -p out && touch $@", - visibility = ["//visibility:public"], -) diff --git a/cmd/clusterctl/examples/aws/BUILD.bazel b/cmd/clusterctl/examples/aws/BUILD.bazel new file mode 100644 index 0000000000..c5168e8626 --- /dev/null +++ b/cmd/clusterctl/examples/aws/BUILD.bazel @@ -0,0 +1,87 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar") + +KUSTOMIZE = "@io_k8s_sigs_kustomize//:kustomize" + +KUSTOMIZE_CMD = "$(location %s) build $(@D) > $@" % KUSTOMIZE + +genrule( + name = "provider-components-base", + srcs = [ + "//config:provider-non-stamped-base.yaml", + "provider-components-base/kustomization.yaml", + "provider-components-base/stateful-set-credentials-patch.yaml", + "//vendor/sigs.k8s.io/cluster-api/config:cluster-api-yaml", + "//cmd/manager:manager-version-patch.yaml", + ], + outs = ["provider-components-base.yaml"], + cmd = " && ".join([ + "cp -f $(SRCS) $(@D)", + KUSTOMIZE_CMD, + ]), + tools = [KUSTOMIZE], + visibility = ["//visibility:public"], +) + +genrule( + name = "provider-components-base-dev", + srcs = [ + "provider-components-base.yaml", + "provider-components-base-dev/kustomization.yaml", + "//cmd/manager:manager-version-patch-dev.yaml", + ], + outs = ["provider-components-base-dev.yaml"], + cmd = " && ".join([ + "cp -f $(SRCS) $(@D)", + KUSTOMIZE_CMD, + ]), + tools = [KUSTOMIZE], + visibility = ["//visibility:public"], +) + +exports_files([ + "addons.yaml", + "cluster.yaml.template", + "cluster-network-spec.yaml.template", + "generate-yaml.sh", + "machines.yaml.template", +]) + +pkg_tar( + name = "aws", + srcs = [ + ".gitignore", + "addons.yaml", + "cluster.yaml.template", + "cluster-network-spec.yaml.template", + "generate-yaml.sh", + "machines.yaml.template", + "provider-components-base.yaml", + "//docs:getting-started.md", + ], + modes = { + "addons.yaml": "0644", + "cluster.yaml.template": "0644", + "cluster-network-spec.yaml.template": "0644", + "generate-yaml.sh": "0755", + "machines.yaml.template": "0644", + "provider-components-base.yaml": "0644", + "//docs:getting-started.md": "0644", + ".gitignore": "0644", + }, + package_dir = "aws", + visibility = ["//visibility:public"], +) diff --git a/cmd/clusterctl/examples/aws/README.md b/cmd/clusterctl/examples/aws/README.md deleted file mode 100644 index f05b7025f2..0000000000 --- a/cmd/clusterctl/examples/aws/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# AWS Example Files - -## Contents - -*.yaml files - concrete example files that can be used as is. -*.yaml.template files - template example files that need values filled in before use. - -## Generation - -For convenience, a generation script which populates templates based on aws configuration is provided. - -1. Run the generation script. - -``` shell -./generate-yaml.sh -``` - -If yaml file already exists, you will see an error like the one below: - -``` shell -$ ./generate-yaml.sh -File provider-components.yaml already exists. Delete it manually before running this script. -``` - -## Manual Modification - -You may always manually curate files based on the examples provided. diff --git a/cmd/clusterctl/examples/aws/aws_manager_image_patch.yaml.template b/cmd/clusterctl/examples/aws/aws_manager_image_patch.yaml.template deleted file mode 100644 index 33ce3d7d76..0000000000 --- a/cmd/clusterctl/examples/aws/aws_manager_image_patch.yaml.template +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - image: ${MANAGER_IMAGE} - imagePullPolicy: ${MANAGER_IMAGE_PULL_POLICY} - name: manager diff --git a/cmd/clusterctl/examples/aws/bootstrap-cloudformation.yaml b/cmd/clusterctl/examples/aws/bootstrap-cloudformation.yaml deleted file mode 100644 index 4de2d84ceb..0000000000 --- a/cmd/clusterctl/examples/aws/bootstrap-cloudformation.yaml +++ /dev/null @@ -1,252 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Resources: - AWSIAMGroupBootstrapper: - Properties: - GroupName: bootstrapper.cluster-api-provider-aws.sigs.k8s.io - Type: AWS::IAM::Group - AWSIAMInstanceProfileClusterController: - Properties: - InstanceProfileName: cluster-controller.cluster-api-provider-aws.sigs.k8s.io - Roles: - - Ref: AWSIAMRoleClusterController - Type: AWS::IAM::InstanceProfile - AWSIAMInstanceProfileControlPlane: - Properties: - InstanceProfileName: control-plane.cluster-api-provider-aws.sigs.k8s.io - Roles: - - Ref: AWSIAMRoleControlPlane - Type: AWS::IAM::InstanceProfile - AWSIAMInstanceProfileMachineController: - Properties: - InstanceProfileName: machine-controller.cluster-api-provider-aws.sigs.k8s.io - Roles: - - Ref: AWSIAMRoleMachineController - Type: AWS::IAM::InstanceProfile - AWSIAMInstanceProfileNodes: - Properties: - InstanceProfileName: nodes.cluster-api-provider-aws.sigs.k8s.io - Roles: - - Ref: AWSIAMRoleNodes - Type: AWS::IAM::InstanceProfile - AWSIAMManagedPolicyCloudProviderControlPlane: - Properties: - Description: For the Kubernetes Cloud Provider AWS Control Plane - ManagedPolicyName: control-plane-cloud-provider-aws.k8s.io - PolicyDocument: - Statement: - - Action: - - autoscaling:DescribeAutoScalingGroups - - autoscaling:DescribeLaunchConfigurations - - autoscaling:DescribeTags - - ec2:DescribeInstances - - ec2:DescribeRegions - - ec2:DescribeRouteTables - - ec2:DescribeSecurityGroups - - ec2:DescribeSubnets - - ec2:DescribeVolumes - - ec2:CreateSecurityGroup - - ec2:CreateTags - - ec2:CreateVolume - - ec2:ModifyInstanceAttribute - - ec2:ModifyVolume - - ec2:AttachVolume - - ec2:AuthorizeSecurityGroupIngress - - ec2:CreateRoute - - ec2:DeleteRoute - - ec2:DeleteSecurityGroup - - ec2:DeleteVolume - - ec2:DetachVolume - - ec2:RevokeSecurityGroupIngress - - ec2:DescribeVpcs - - elasticloadbalancing:AddTags - - elasticloadbalancing:AttachLoadBalancerToSubnets - - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer - - elasticloadbalancing:CreateLoadBalancer - - elasticloadbalancing:CreateLoadBalancerPolicy - - elasticloadbalancing:CreateLoadBalancerListeners - - elasticloadbalancing:ConfigureHealthCheck - - elasticloadbalancing:DeleteLoadBalancer - - elasticloadbalancing:DeleteLoadBalancerListeners - - elasticloadbalancing:DescribeLoadBalancers - - elasticloadbalancing:DescribeLoadBalancerAttributes - - elasticloadbalancing:DetachLoadBalancerFromSubnets - - elasticloadbalancing:DeregisterInstancesFromLoadBalancer - - elasticloadbalancing:ModifyLoadBalancerAttributes - - elasticloadbalancing:RegisterInstancesWithLoadBalancer - - elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer - - elasticloadbalancing:AddTags - - elasticloadbalancing:CreateListener - - elasticloadbalancing:CreateTargetGroup - - elasticloadbalancing:DeleteListener - - elasticloadbalancing:DeleteTargetGroup - - elasticloadbalancing:DescribeListeners - - elasticloadbalancing:DescribeLoadBalancerPolicies - - elasticloadbalancing:DescribeTargetGroups - - elasticloadbalancing:DescribeTargetHealth - - elasticloadbalancing:ModifyListener - - elasticloadbalancing:ModifyTargetGroup - - elasticloadbalancing:RegisterTargets - - elasticloadbalancing:SetLoadBalancerPoliciesOfListener - - iam:CreateServiceLinkedRole - - kms:DescribeKey - Effect: Allow - Resource: - - '*' - Version: "2012-10-17" - Roles: - - Ref: AWSIAMRoleControlPlane - Type: AWS::IAM::ManagedPolicy - AWSIAMManagedPolicyCloudProviderNodes: - Properties: - Description: For the Kubernetes Cloud Provider AWS nodes - ManagedPolicyName: nodes.cloud-provider-aws.k8s.io - PolicyDocument: - Statement: - - Action: - - ec2:DescribeInstances - - ec2:DescribeRegions - - ecr:GetAuthorizationToken - - ecr:BatchCheckLayerAvailability - - ecr:GetDownloadUrlForLayer - - ecr:GetRepositoryPolicy - - ecr:DescribeRepositories - - ecr:ListImages - - ecr:BatchGetImage - Effect: Allow - Resource: - - '*' - Version: "2012-10-17" - Roles: - - Ref: AWSIAMRoleControlPlane - - Ref: AWSIAMRoleNodes - Type: AWS::IAM::ManagedPolicy - AWSIAMManagedPolicyClusterController: - Properties: - Description: For the Kubernetes Cluster API Provider AWS Cluster Controller - Groups: - - Ref: AWSIAMGroupBootstrapper - ManagedPolicyName: cluster-controller.cluster-api-provider-aws.sigs.k8s.io - PolicyDocument: - Statement: - - Action: - - ec2:AllocateAddress - - ec2:AssociateRouteTable - - ec2:AttachInternetGateway - - ec2:AuthorizeSecurityGroupIngress - - ec2:CreateInternetGateway - - ec2:CreateNatGateway - - ec2:CreateRoute - - ec2:CreateRouteTable - - ec2:CreateSecurityGroup - - ec2:CreateSubnet - - ec2:CreateTags - - ec2:CreateVpc - - ec2:DeleteInternetGateway - - ec2:DeleteNatGateway - - ec2:DeleteRouteTable - - ec2:DeleteSecurityGroup - - ec2:DeleteSubnet - - ec2:DeleteVpc - - ec2:DescribeAddresses - - ec2:DescribeAvailabilityZones - - ec2:DescribeInternetGateways - - ec2:DescribeNatGateways - - ec2:DescribeRouteTables - - ec2:DescribeSecurityGroups - - ec2:DescribeSubnets - - ec2:DescribeVpcs - - ec2:DetachInternetGateway - - ec2:DisassociateRouteTable - - ec2:ModifySubnetAttribute - - ec2:ReleaseAddress - - ec2:RevokeSecurityGroupIngress - - elasticloadbalancing:CreateLoadBalancer - - elasticloadbalancing:ConfigureHealthCheck - - elasticloadbalancing:DescribeLoadBalancers - Effect: Allow - Resource: - - '*' - Version: "2012-10-17" - Roles: - - Ref: AWSIAMRoleClusterController - - Ref: AWSIAMRoleControlPlane - Type: AWS::IAM::ManagedPolicy - AWSIAMManagedPolicyMachineController: - Properties: - Description: For the Kubernetes Cluster API Provider AWS Machine Controller - Groups: - - Ref: AWSIAMGroupBootstrapper - ManagedPolicyName: machine-controller.cluster-api-provider-aws.sigs.k8s.io - PolicyDocument: - Statement: - - Action: - - ec2:CreateTags - - ec2:DescribeInstances - - ec2:RunInstances - - ec2:TerminateInstances - Effect: Allow - Resource: - - '*' - Version: "2012-10-17" - Roles: - - Ref: AWSIAMRoleMachineController - - Ref: AWSIAMRoleControlPlane - Type: AWS::IAM::ManagedPolicy - AWSIAMRoleClusterController: - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - ec2.amazonaws.com - Version: "2012-10-17" - RoleName: cluster-controller.cluster-api-provider-aws.sigs.k8s.io - Type: AWS::IAM::Role - AWSIAMRoleControlPlane: - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - ec2.amazonaws.com - Version: "2012-10-17" - RoleName: control-plane.cluster-api-provider-aws.sigs.k8s.io - Type: AWS::IAM::Role - AWSIAMRoleMachineController: - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - ec2.amazonaws.com - Version: "2012-10-17" - RoleName: machine-controller.cluster-api-provider-aws.sigs.k8s.io - Type: AWS::IAM::Role - AWSIAMRoleNodes: - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: - - sts:AssumeRole - Effect: Allow - Principal: - Service: - - ec2.amazonaws.com - Version: "2012-10-17" - RoleName: nodes.cluster-api-provider-aws.sigs.k8s.io - Type: AWS::IAM::Role - AWSIAMUserBootstrapper: - Properties: - Groups: - - Ref: AWSIAMGroupBootstrapper - UserName: bootstrapper.cluster-api-provider-aws.sigs.k8s.io - Type: AWS::IAM::User diff --git a/cmd/clusterctl/examples/aws/generate-yaml.sh b/cmd/clusterctl/examples/aws/generate-yaml.sh index d4e456a8de..7aa97d24cb 100755 --- a/cmd/clusterctl/examples/aws/generate-yaml.sh +++ b/cmd/clusterctl/examples/aws/generate-yaml.sh @@ -17,17 +17,15 @@ set -o errexit set -o nounset # Directories. -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" +SOURCE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" +DIR=${DIR:=${SOURCE_DIR}} OUTPUT_DIR=${OUTPUT_DIR:-${DIR}/out} ENVSUBST=${ENVSUBST:-envsubst} +CLUSTERAWSADM=${CLUSTERAWSADM:-clusterawsadm} # Cluster name. export CLUSTER_NAME="${CLUSTER_NAME:-test1}" -# Manager image. -export MANAGER_IMAGE="${MANAGER_IMAGE:-gcr.io/cluster-api-provider-aws/cluster-api-aws-controller:0.0.4}" -export MANAGER_IMAGE_PULL_POLICY=${MANAGER_IMAGE_PULL_POLICY:-IfNotPresent} - # Machine settings. export CONTROL_PLANE_MACHINE_TYPE="${CONTROL_PLANE_MACHINE_TYPE:-t2.medium}" export NODE_MACHINE_TYPE="${CONTROL_PLANE_MACHINE_TYPE:-t2.medium}" @@ -40,9 +38,12 @@ CLUSTER_NETWORKSPEC_TEMPLATE_FILE=${DIR}/cluster-network-spec.yaml.template CLUSTER_GENERATED_FILE=${OUTPUT_DIR}/cluster.yaml MACHINES_TEMPLATE_FILE=${DIR}/machines.yaml.template MACHINES_GENERATED_FILE=${OUTPUT_DIR}/machines.yaml -MANAGER_PATCH_TEMPLATE_FILE=${DIR}/aws_manager_image_patch.yaml.template -MANAGER_PATCH_GENERATED_FILE=${OUTPUT_DIR}/aws_manager_image_patch.yaml ADDONS_FILE=${OUTPUT_DIR}/addons.yaml +PROVIDER_COMPONENTS_SRC=${DIR}/provider-components-base.yaml +PROVIDER_COMPONENTS_SRC_DEV=${DIR}/provider-components-base-dev.yaml +PROVIDER_COMPONENTS_FILE=${OUTPUT_DIR}/provider-components.yaml +PROVIDER_COMPONENTS_FILE_DEV=${OUTPUT_DIR}/provider-components-dev.yaml +CREDENTIALS_FILE=${OUTPUT_DIR}/aws-credentials.yaml # Overwrite flag. OVERWRITE=0 @@ -97,8 +98,22 @@ fi $ENVSUBST < $MACHINES_TEMPLATE_FILE > "${MACHINES_GENERATED_FILE}" echo "Done generating ${MACHINES_GENERATED_FILE}" -$ENVSUBST < $MANAGER_PATCH_TEMPLATE_FILE > "${MANAGER_PATCH_GENERATED_FILE}" -echo "Done generating ${MANAGER_PATCH_GENERATED_FILE}" - cp ${DIR}/addons.yaml ${ADDONS_FILE} echo "Done copying ${ADDONS_FILE}" + +CREDENTIALS="$(${CLUSTERAWSADM} alpha bootstrap encode-aws-credentials)" +echo "Generated credentials" + +PROVIDER_COMPONENTS="$(cat ${PROVIDER_COMPONENTS_SRC})" + +echo -e "${PROVIDER_COMPONENTS}\n${CREDENTIALS}" > "${PROVIDER_COMPONENTS_FILE}" +echo "Done writing ${PROVIDER_COMPONENTS_FILE}" +echo "WARNING: ${PROVIDER_COMPONENTS_FILE} includes credentials" + +if [ -f $PROVIDER_COMPONENTS_SRC_DEV ]; then + PROVIDER_COMPONENTS_DEV=$(cat ${PROVIDER_COMPONENTS_SRC_DEV}) + + echo -e "${PROVIDER_COMPONENTS_DEV}\n${CREDENTIALS}" > "${PROVIDER_COMPONENTS_FILE_DEV}" + echo "Done writing ${PROVIDER_COMPONENTS_FILE_DEV}" + echo "WARNING: ${PROVIDER_COMPONENTS_FILE_DEV} includes credentials" +fi diff --git a/cmd/clusterctl/examples/aws/provider-components-base-dev/kustomization.yaml b/cmd/clusterctl/examples/aws/provider-components-base-dev/kustomization.yaml new file mode 100644 index 0000000000..80857e7bc1 --- /dev/null +++ b/cmd/clusterctl/examples/aws/provider-components-base-dev/kustomization.yaml @@ -0,0 +1,10 @@ +resources: + - provider-components-base.yaml + +patchesJson6902: + - target: + group: apps + version: v1 + kind: StatefulSet + name: aws-provider-controller-manager + path: manager-version-patch-dev.yaml diff --git a/cmd/clusterctl/examples/aws/provider-components-base.yaml b/cmd/clusterctl/examples/aws/provider-components-base.yaml new file mode 100755 index 0000000000..dea4bbc6f3 --- /dev/null +++ b/cmd/clusterctl/examples/aws/provider-components-base.yaml @@ -0,0 +1,1814 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: aws-provider-system +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: cluster-api-system +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: awsclusterproviderspecs.awsprovider.k8s.io +spec: + group: awsprovider.k8s.io + names: + kind: AWSClusterProviderSpec + plural: awsclusterproviderspecs + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + caKeyPair: + description: CAKeyPair is the key pair for ca certs. + properties: + cert: + description: base64 encoded cert and key + format: byte + type: string + key: + format: byte + type: string + required: + - cert + - key + type: object + etcdCAKeyPair: + description: EtcdCAKeyPair is the key pair for etcd. + properties: + cert: + description: base64 encoded cert and key + format: byte + type: string + key: + format: byte + type: string + required: + - cert + - key + type: object + frontProxyCAKeyPair: + description: FrontProxyCAKeyPair is the key pair for FrontProxyKeyPair. + properties: + cert: + description: base64 encoded cert and key + format: byte + type: string + key: + format: byte + type: string + required: + - cert + - key + type: object + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + networkSpec: + description: NetworkSpec encapsulates all things related to AWS network. + properties: + subnets: + description: Subnets configuration. + items: + properties: + availabilityZone: + description: AvailabilityZone defines the availability zone to + use for this subnet in the cluster's region. + type: string + cidrBlock: + description: CidrBlock is the CIDR block to be used when the provider + creates a managed VPC. + type: string + id: + description: ID defines a unique identifier to reference this + resource. + type: string + isPublic: + description: IsPublic defines the subnet as a public subnet. Refer + to the AWS documentation for further information. + type: boolean + natGatewayId: + description: NatGatewayID is the NAT gateway id associated with + the subnet. Ignored if the subnet is public. + type: string + routeTableId: + description: RouteTableID is the routing table id associated with + the subnet. + type: string + tags: + description: Tags is a collection of tags describing the resource. + type: object + required: + - routeTableId + - natGatewayId + type: object + type: array + vpc: + description: VPC configuration. + properties: + cidrBlock: + description: CidrBlock is the CIDR block to be used when the provider + creates a managed VPC. Defaults to 10.0.0.0/16. + type: string + id: + description: ID is the vpc-id of the VPC this provider should use + to create resources. + type: string + internetGatewayId: + description: InternetGatewayID is the id of the internet gateway + associated with the VPC. + type: string + tags: + description: Tags is a collection of tags describing the resource. + type: object + type: object + type: object + region: + description: The AWS Region the cluster lives in. + type: string + saKeyPair: + description: SAKeyPair is the service account key pair. + properties: + cert: + description: base64 encoded cert and key + format: byte + type: string + key: + format: byte + type: string + required: + - cert + - key + type: object + sshKeyName: + description: SSHKeyName is the name of the ssh key to attach to the bastion + host. + type: string + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: awsclusterproviderstatuses.awsprovider.k8s.io +spec: + group: awsprovider.k8s.io + names: + kind: AWSClusterProviderStatus + plural: awsclusterproviderstatuses + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + bastion: + properties: + ebsOptimized: + description: Indicates whether the instance is optimized for Amazon + EBS I/O. + type: boolean + enaSupport: + description: Specifies whether enhanced networking with ENA is enabled. + type: boolean + iamProfile: + description: The name of the IAM instance profile associated with the + instance, if applicable. + type: string + id: + type: string + imageId: + description: The ID of the AMI used to launch the instance. + type: string + instanceState: + description: The current state of the instance. + type: string + keyName: + description: The name of the SSH key pair. + type: string + privateIp: + description: The private IPv4 address assigned to the instance. + type: string + publicIp: + description: The public IPv4 address assigned to the instance, if applicable. + type: string + securityGroupIds: + description: SecurityGroupIDs are one or more security group IDs this + instance belongs to. + items: + type: string + type: array + subnetId: + description: The ID of the subnet of the instance. + type: string + tags: + description: The tags associated with the instance. + type: object + type: + description: The instance type. + type: string + userData: + description: UserData is the raw data script passed to the instance + which is run upon bootstrap. This field must not be base64 encoded + and should only be used when running a new instance. + type: string + required: + - id + type: object + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + network: + properties: + apiServerElb: + description: APIServerELB is the Kubernetes api server classic load + balancer. + properties: + attributes: + description: Attributes defines extra attributes associated with + the load balancer. + properties: + idleTimeout: + description: IdleTimeout is time that the connection is allowed + to be idle (no data has been sent over the connection) before + it is closed by the load balancer. + format: int64 + type: integer + type: object + dnsName: + description: DNSName is the dns name of the load balancer. + type: string + healthChecks: + description: HealthCheck is the classic elb health check associated + with the load balancer. + properties: + healthyThreshold: + format: int64 + type: integer + interval: + format: int64 + type: integer + target: + type: string + timeout: + format: int64 + type: integer + unhealthyThreshold: + format: int64 + type: integer + required: + - target + - interval + - timeout + - healthyThreshold + - unhealthyThreshold + type: object + listeners: + description: Listeners is an array of classic elb listeners associated + with the load balancer. There must be at least one. + items: + properties: + instancePort: + format: int64 + type: integer + instanceProtocol: + type: string + port: + format: int64 + type: integer + protocol: + type: string + required: + - protocol + - port + - instanceProtocol + - instancePort + type: object + type: array + name: + description: The name of the load balancer. It must be unique within + the set of load balancers defined in the region. It also serves + as identifier. + type: string + scheme: + description: Scheme is the load balancer scheme, either internet-facing + or private. + type: string + securityGroupIds: + description: SecurityGroupIDs is an array of security groups assigned + to the load balancer. + items: + type: string + type: array + subnetIds: + description: SubnetIDs is an array of subnets in the VPC attached + to the load balancer. + items: + type: string + type: array + tags: + description: Tags is a map of tags associated with the load balancer. + type: object + type: object + securityGroups: + description: SecurityGroups is a map from the role/kind of the security + group to its unique name, if any. + type: object + type: object + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: awsmachineproviderspecs.awsprovider.k8s.io +spec: + group: awsprovider.k8s.io + names: + kind: AWSMachineProviderSpec + plural: awsmachineproviderspecs + scope: Namespaced + validation: + openAPIV3Schema: + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is an array of references to security + groups that should be applied to the instance. These security groups would + be set in addition to any security groups defined at the cluster level + or in the actuator. + items: + properties: + arn: + description: ARN of resource + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify + a resource They are applied according to the rules defined by the + AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. Filter + values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + type: array + additionalTags: + description: AdditionalTags is the set of tags to add to an instance, in + addition to the ones added by default by the actuator. These tags are + additive. The actuator will ensure these tags are present, but will not + remove any other tags that may exist on the instance. + type: object + ami: + description: AMI is the reference to the AMI from which to create the machine + instance. + properties: + arn: + description: ARN of resource + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify a + resource They are applied according to the rules defined by the AWS + API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. Filter + values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + iamInstanceProfile: + description: IAMInstanceProfile is a name of an IAM instance profile to + assign to the instance + type: string + instanceType: + description: 'InstanceType is the type of instance to create. Example: m4.xlarge' + type: string + keyName: + description: KeyName is the name of the SSH key to install on the instance. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + publicIP: + description: 'PublicIP specifies whether the instance should get a public + IP. Precedence for this setting is as follows: 1. This field if set 2. + Cluster/flavor setting 3. Subnet default' + type: boolean + subnet: + description: Subnet is a reference to the subnet to use for this instance. + If not specified, the cluster subnet will be used. + properties: + arn: + description: ARN of resource + type: string + filters: + description: 'Filters is a set of key/value pairs used to identify a + resource They are applied according to the rules defined by the AWS + API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html' + items: + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. Filter + values are case-sensitive. + items: + type: string + type: array + required: + - name + - values + type: object + type: array + id: + description: ID of resource + type: string + type: object + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: awsmachineproviderstatuses.awsprovider.k8s.io +spec: + group: awsprovider.k8s.io + names: + kind: AWSMachineProviderStatus + plural: awsmachineproviderstatuses + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + conditions: + description: Conditions is a set of conditions associated with the Machine + to indicate errors or other status + items: + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details + about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason for the + condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - type + - status + - lastProbeTime + - lastTransitionTime + - reason + - message + type: object + type: array + instanceID: + description: InstanceID is the instance ID of the machine created in AWS + type: string + instanceState: + description: InstanceState is the state of the AWS instance for this machine + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: clusters.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: Cluster + plural: clusters + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterNetwork: + description: Cluster network configuration + properties: + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + required: + - services + - pods + - serviceDomain + type: object + providerSpec: + description: Provider-specific serialized configuration to use during + cluster creation. It is recommended that providers maintain their + own versioned API types that should be serialized/deserialized from + this field. + properties: + value: + description: Value is an inlined, serialized representation of the + resource configuration. It is recommended that providers maintain + their own versioned API types that should be serialized/deserialized + from this field, akin to component config. + type: object + valueFrom: + description: Source for the provider configuration. Cannot be used + if value is not empty. + properties: + machineClass: + description: The machine class from which the provider config + should be sourced. + properties: + provider: + description: Provider is the name of the cloud-provider + which MachineClass is intended for. + type: string + type: object + type: object + type: object + required: + - clusterNetwork + type: object + status: + properties: + apiEndpoints: + description: APIEndpoint represents the endpoint to communicate with + the IP. + items: + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int64 + type: integer + required: + - host + - port + type: object + type: array + errorMessage: + description: If set, indicates that there is a problem reconciling the + state, and will be set to a descriptive error message. + type: string + errorReason: + description: If set, indicates that there is a problem reconciling the + state, and will be set to a token value suitable for programmatic + interpretation. + type: string + providerStatus: + description: Provider-specific status. It is recommended that providers + maintain their own versioned API types that should be serialized/deserialized + from this field. + type: object + type: object + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: machineclasses.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: MachineClass + plural: machineclasses + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + providerSpec: + description: Provider-specific configuration to use during node creation. + type: object + required: + - providerSpec + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: machinedeployments.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: MachineDeployment + plural: machinedeployments + scope: Namespaced + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make progress + before it is considered to be failed. The deployment controller will + continue to process failed deployments and a condition with a ProgressDeadlineExceeded + reason will be surfaced in the deployment status. Note that progress + will not be estimated during the time a deployment is paused. Defaults + to 600s. + format: int32 + type: integer + replicas: + description: Number of desired machines. Defaults to 1. This is a pointer + to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this deployment. + It must match the machine template's labels. + type: object + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: 10%). + This can not be 0 if MaxUnavailable is 0. Absolute number + is calculated from percentage by rounding up. Defaults to + 1. Example: when this is set to 30%, the new MachineSet can + be scaled up immediately when the rolling update starts, such + that the total number of old and new machines do not exceed + 130% of desired machines. Once old machines have been killed, + new MachineSet can be scaled up further, ensuring that total + number of machines running at any time during the update is + at most 130% of desired machines.' + oneOf: + - type: string + - type: integer + maxUnavailable: + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: 5) + or a percentage of desired machines (ex: 10%). Absolute number + is calculated from percentage by rounding down. This can not + be 0 if MaxSurge is 0. Defaults to 0. Example: when this is + set to 30%, the old MachineSet can be scaled down to 70% of + desired machines immediately when the rolling update starts. + Once new machines are ready, old MachineSet can be scaled + down further, followed by scaling up the new MachineSet, ensuring + that the total number of machines available at all times during + the update is at least 70% of desired machines.' + oneOf: + - type: string + - type: integer + type: object + type: + description: Type of deployment. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + properties: + configSource: + description: ConfigSource is used to populate in the associated + Node for dynamic kubelet config. This field already exists + in Node, so any updates to it in the Machine spec will be + automatically copied to the linked NodeRef from the status. + The rest of dynamic kubelet config support should then work + as-is. + type: object + metadata: + description: ObjectMeta will autopopulate the Node created. + Use this to indicate what labels, annotations, name prefix, + etc., should be used when creating the Node. + type: object + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api as + provider. Clean-up login in the autoscaler compares machines + v/s nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is + required by autoscaler to be able to have a provider view + of the list of machines. Another list of nodes is queries + from the k8s apiserver and then comparison is done to find + out unregistered machines and are marked for delete. This + field will be set by the actuators and consumed by higher + level entities like autoscaler who will be interfacing with + cluster-api as generic provider. + type: string + providerSpec: + description: ProviderSpec details Provider-specific configuration + to use during node creation. + properties: + value: + description: Value is an inlined, serialized representation + of the resource configuration. It is recommended that + providers maintain their own versioned API types that + should be serialized/deserialized from this field, akin + to component config. + type: object + valueFrom: + description: Source for the provider configuration. Cannot + be used if value is not empty. + properties: + machineClass: + description: The machine class from which the provider + config should be sourced. + properties: + provider: + description: Provider is the name of the cloud-provider + which MachineClass is intended for. + type: string + type: object + type: object + type: object + taints: + description: Taints is the full, authoritative list of taints + to apply to the corresponding Node. This list will overwrite + any modifications made to the Node on an ongoing basis. + items: + type: object + type: array + versions: + description: Versions of key software to use. This field is + optional at cluster creation time, and omitting the field + indicates that the cluster installation tool should select + defaults for the user. These defaults may differ based on + the cluster installer, but the tool should populate the values + it uses when persisting Machine objects. A Machine spec missing + this field at runtime is invalid. + properties: + controlPlane: + description: ControlPlane is the semantic version of the + Kubernetes control plane to run. This should only be populated + when the machine is a control plane. + type: string + kubelet: + description: Kubelet is the semantic version of kubelet + to run + type: string + required: + - kubelet + type: object + required: + - providerSpec + type: object + type: object + required: + - selector + - template + type: object + status: + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machines targeted by this deployment. + This is the total number of machines that are still required for the + deployment to have 100% available capacity. They may either be machines + that are running but not yet available or machines that still have + not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: machines.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: Machine + plural: machines + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configSource: + description: ConfigSource is used to populate in the associated Node + for dynamic kubelet config. This field already exists in Node, so + any updates to it in the Machine spec will be automatically copied + to the linked NodeRef from the status. The rest of dynamic kubelet + config support should then work as-is. + type: object + metadata: + description: ObjectMeta will autopopulate the Node created. Use this + to indicate what labels, annotations, name prefix, etc., should be + used when creating the Node. + type: object + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up login in the autoscaler + compares machines v/s nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of machines. + Another list of nodes is queries from the k8s apiserver and then comparison + is done to find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by higher level + entities like autoscaler who will be interfacing with cluster-api + as generic provider. + type: string + providerSpec: + description: ProviderSpec details Provider-specific configuration to + use during node creation. + properties: + value: + description: Value is an inlined, serialized representation of the + resource configuration. It is recommended that providers maintain + their own versioned API types that should be serialized/deserialized + from this field, akin to component config. + type: object + valueFrom: + description: Source for the provider configuration. Cannot be used + if value is not empty. + properties: + machineClass: + description: The machine class from which the provider config + should be sourced. + properties: + provider: + description: Provider is the name of the cloud-provider + which MachineClass is intended for. + type: string + type: object + type: object + type: object + taints: + description: Taints is the full, authoritative list of taints to apply + to the corresponding Node. This list will overwrite any modifications + made to the Node on an ongoing basis. + items: + type: object + type: array + versions: + description: Versions of key software to use. This field is optional + at cluster creation time, and omitting the field indicates that the + cluster installation tool should select defaults for the user. These + defaults may differ based on the cluster installer, but the tool should + populate the values it uses when persisting Machine objects. A Machine + spec missing this field at runtime is invalid. + properties: + controlPlane: + description: ControlPlane is the semantic version of the Kubernetes + control plane to run. This should only be populated when the machine + is a control plane. + type: string + kubelet: + description: Kubelet is the semantic version of kubelet to run + type: string + required: + - kubelet + type: object + required: + - providerSpec + type: object + status: + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + Queried from cloud provider, if available. + items: + type: object + type: array + conditions: + description: 'Conditions lists the conditions synced from the node conditions + of the corresponding node-object. Machine-controller is responsible + for keeping conditions up-to-date. MachineSet controller will be taking + these conditions as a signal to decide if machine is healthy or needs + to be replaced. Refer: https://kubernetes.io/docs/concepts/architecture/nodes/#condition' + items: + type: object + type: array + errorMessage: + description: ErrorMessage will be set in the event that there is a terminal + problem reconciling the Machine and will contain a more verbose string + suitable for logging and human consumption. This field should not + be set for transitive errors that a controller faces that are expected + to be fixed automatically over time (like service outages), but instead + indicate that something is fundamentally wrong with the Machine's + spec or the configuration of the controller, and that manual intervention + is required. Examples of terminal errors would be invalid combinations + of settings in the spec, values that are unsupported by the controller, + or the responsible controller itself being critically misconfigured. Any + transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output. + type: string + errorReason: + description: ErrorReason will be set in the event that there is a terminal + problem reconciling the Machine and will contain a succinct value + suitable for machine interpretation. This field should not be set + for transitive errors that a controller faces that are expected to + be fixed automatically over time (like service outages), but instead + indicate that something is fundamentally wrong with the Machine's + spec or the configuration of the controller, and that manual intervention + is required. Examples of terminal errors would be invalid combinations + of settings in the spec, values that are unsupported by the controller, + or the responsible controller itself being critically misconfigured. Any + transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output. + type: string + lastOperation: + description: LastOperation describes the last-operation performed by + the machine-controller. This API should be useful as a history in + terms of the latest operation performed on the specific machine. It + should also convey the state of the latest-operation for example if + it is still on-going, failed or completed successfully. + properties: + description: + description: Description is the human-readable description of the + last operation. + type: string + lastUpdated: + description: LastUpdated is the timestamp at which LastOperation + API was last-updated. + format: date-time + type: string + state: + description: State is the current status of the last performed operation. + E.g. Processing, Failed, Successful etc + type: string + type: + description: Type is the type of operation which was last performed. + E.g. Create, Delete, Update etc + type: string + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + type: object + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + providerStatus: + description: ProviderStatus details a Provider-specific status. It is + recommended that providers maintain their own versioned API types + that should be serialized/deserialized from this field. + type: object + versions: + description: 'Versions specifies the current versions of software on + the corresponding Node (if it exists). This is provided for a few + reasons: 1) It is more convenient than checking the NodeRef, traversing + it to the Node, and finding the appropriate field in Node.Status.NodeInfo (which + uses different field names and formatting). 2) It removes some of + the dependency on the structure of the Node, so that if the structure + of Node.Status.NodeInfo changes, only machine controllers need + to be updated, rather than every client of the Machines API. 3) + There is no other simple way to check the control plane version. + A client would have to connect directly to the apiserver running + on the target node in order to find out its version.' + properties: + controlPlane: + description: ControlPlane is the semantic version of the Kubernetes + control plane to run. This should only be populated when the machine + is a control plane. + type: string + kubelet: + description: Kubelet is the semantic version of kubelet to run + type: string + required: + - kubelet + type: object + type: object + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: machinesets.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: MachineSet + plural: machinesets + scope: Namespaced + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for which + a newly created machine should be ready. Defaults to 0 (machine will + be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + description: Replicas is the number of desired replicas. This is a pointer + to distinguish between explicit zero and unspecified. Defaults to + 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should match + the replica count. Label keys and values that must match in order + to be controlled by this MachineSet. It must match the machine template''s + labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + type: object + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + properties: + configSource: + description: ConfigSource is used to populate in the associated + Node for dynamic kubelet config. This field already exists + in Node, so any updates to it in the Machine spec will be + automatically copied to the linked NodeRef from the status. + The rest of dynamic kubelet config support should then work + as-is. + type: object + metadata: + description: ObjectMeta will autopopulate the Node created. + Use this to indicate what labels, annotations, name prefix, + etc., should be used when creating the Node. + type: object + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api as + provider. Clean-up login in the autoscaler compares machines + v/s nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is + required by autoscaler to be able to have a provider view + of the list of machines. Another list of nodes is queries + from the k8s apiserver and then comparison is done to find + out unregistered machines and are marked for delete. This + field will be set by the actuators and consumed by higher + level entities like autoscaler who will be interfacing with + cluster-api as generic provider. + type: string + providerSpec: + description: ProviderSpec details Provider-specific configuration + to use during node creation. + properties: + value: + description: Value is an inlined, serialized representation + of the resource configuration. It is recommended that + providers maintain their own versioned API types that + should be serialized/deserialized from this field, akin + to component config. + type: object + valueFrom: + description: Source for the provider configuration. Cannot + be used if value is not empty. + properties: + machineClass: + description: The machine class from which the provider + config should be sourced. + properties: + provider: + description: Provider is the name of the cloud-provider + which MachineClass is intended for. + type: string + type: object + type: object + type: object + taints: + description: Taints is the full, authoritative list of taints + to apply to the corresponding Node. This list will overwrite + any modifications made to the Node on an ongoing basis. + items: + type: object + type: array + versions: + description: Versions of key software to use. This field is + optional at cluster creation time, and omitting the field + indicates that the cluster installation tool should select + defaults for the user. These defaults may differ based on + the cluster installer, but the tool should populate the values + it uses when persisting Machine objects. A Machine spec missing + this field at runtime is invalid. + properties: + controlPlane: + description: ControlPlane is the semantic version of the + Kubernetes control plane to run. This should only be populated + when the machine is a control plane. + type: string + kubelet: + description: Kubelet is the semantic version of kubelet + to run + type: string + required: + - kubelet + type: object + required: + - providerSpec + type: object + type: object + required: + - selector + type: object + status: + properties: + availableReplicas: + description: The number of available replicas (ready for at least minReadySeconds) + for this MachineSet. + format: int32 + type: integer + errorMessage: + type: string + errorReason: + description: In the event that there is a terminal problem reconciling + the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason + will be populated with a succinct value suitable for machine interpretation, + while ErrorMessage will contain a more verbose string suitable for + logging and human consumption. These fields should not be set for + transitive errors that a controller faces that are expected to be + fixed automatically over time (like service outages), but instead + indicate that something is fundamentally wrong with the MachineTemplate's + spec or the configuration of the machine controller, and that manual + intervention is required. Examples of terminal errors would be invalid + combinations of settings in the spec, values that are unsupported + by the machine controller, or the responsible machine controller itself + being critically misconfigured. Any transient errors that occur during + the reconciliation of Machines can be added as events to the MachineSet + object and/or logged in the controller's output. + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the labels + of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - replicas + type: object + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: aws-provider-manager-role +rules: +- apiGroups: + - awsprovider.k8s.io + resources: + - awsclusterproviderconfigs + - awsclusterproviderstatuses + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cluster.k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - awsprovider.k8s.io + resources: + - awsmachineproviderconfigs + - awsmachineproviderstatuses + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cluster.k8s.io + resources: + - machines + - machines/status + - machinedeployments + - machinedeployments/status + - machinesets + - machinesets/status + - machineclasses + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cluster.k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + - events + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: cluster-api-manager-role +rules: +- apiGroups: + - cluster.k8s.io + resources: + - clusters + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cluster.k8s.io + resources: + - machines + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cluster.k8s.io + resources: + - machinedeployments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cluster.k8s.io + resources: + - machinesets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cluster.k8s.io + resources: + - machines + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cluster.k8s.io + resources: + - machines + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: aws-provider-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aws-provider-manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: aws-provider-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: cluster-api-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-api-manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: cluster-api-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: aws-provider-controller-manager-service + namespace: aws-provider-system +spec: + ports: + - port: 443 + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: cluster-api-controller-manager-service + namespace: cluster-api-system +spec: + ports: + - port: 443 + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: aws-provider-controller-manager + namespace: aws-provider-system +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + serviceName: aws-provider-controller-manager-service + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - -v=3 + - -logtostderr=true + - -stderrthreshold=INFO + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: gcr.io/cluster-api-provider-aws/cluster-api-aws-controller:0.1.0 + imagePullPolicy: IfNotPresent + name: manager + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + volumeMounts: + mountPath: /root/.aws + name: credentials + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/notReady + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/unreachable + operator: Exists + volumes: + name: credentials + secret: + secretName: manager-bootstrap-credentials +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: cluster-api-controller-manager + namespace: cluster-api-system +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + serviceName: cluster-api-controller-manager-service + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - command: + - /manager + image: gcr.io/k8s-cluster-api/cluster-api-controller:latest + name: manager + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/notReady + operator: Exists + - effect: NoExecute + key: node.alpha.kubernetes.io/unreachable + operator: Exists diff --git a/cmd/clusterctl/examples/aws/provider-components-base/kustomization.yaml b/cmd/clusterctl/examples/aws/provider-components-base/kustomization.yaml new file mode 100644 index 0000000000..b058696ea1 --- /dev/null +++ b/cmd/clusterctl/examples/aws/provider-components-base/kustomization.yaml @@ -0,0 +1,17 @@ +resources: + - provider-non-stamped-base.yaml + - cluster_api.yaml + +patchesJson6902: + - target: + group: apps + version: v1 + kind: StatefulSet + name: aws-provider-controller-manager + path: stateful-set-credentials-patch.yaml + - target: + group: apps + version: v1 + kind: StatefulSet + name: aws-provider-controller-manager + path: manager-version-patch.yaml diff --git a/cmd/clusterctl/examples/aws/provider-components-base/stateful-set-credentials-patch.yaml b/cmd/clusterctl/examples/aws/provider-components-base/stateful-set-credentials-patch.yaml new file mode 100644 index 0000000000..ac27d778aa --- /dev/null +++ b/cmd/clusterctl/examples/aws/provider-components-base/stateful-set-credentials-patch.yaml @@ -0,0 +1,26 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- op: add + path: "/spec/template/spec/containers/0/volumeMounts" + value: + - name: credentials + mountPath: /root/.aws + +- op: add + path: "/spec/template/spec/volumes" + value: + - name: credentials + secret: + secretName: manager-bootstrap-credentials diff --git a/cmd/manager/BUILD b/cmd/manager/BUILD deleted file mode 100644 index 595e922dc7..0000000000 --- a/cmd/manager/BUILD +++ /dev/null @@ -1,33 +0,0 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("//build:cluster_api_binary_image.bzl", "cluster_api_binary_image") - -go_library( - name = "go_default_library", - srcs = ["main.go"], - importpath = "sigs.k8s.io/cluster-api-provider-aws/cmd/manager", - visibility = ["//visibility:private"], - deps = [ - "//pkg/apis:go_default_library", - "//pkg/cloud/aws/actuators/cluster:go_default_library", - "//pkg/cloud/aws/actuators/machine:go_default_library", - "//pkg/record:go_default_library", - "//vendor/k8s.io/klog:go_default_library", - "//vendor/sigs.k8s.io/cluster-api/pkg/apis:go_default_library", - "//vendor/sigs.k8s.io/cluster-api/pkg/apis/cluster/common:go_default_library", - "//vendor/sigs.k8s.io/cluster-api/pkg/client/clientset_generated/clientset:go_default_library", - "//vendor/sigs.k8s.io/cluster-api/pkg/controller/cluster:go_default_library", - "//vendor/sigs.k8s.io/cluster-api/pkg/controller/machine:go_default_library", - "//vendor/sigs.k8s.io/controller-runtime/pkg/client/config:go_default_library", - "//vendor/sigs.k8s.io/controller-runtime/pkg/manager:go_default_library", - "//vendor/sigs.k8s.io/controller-runtime/pkg/runtime/signals:go_default_library", - ], -) - -go_binary( - name = "manager", - embed = [":go_default_library"], - visibility = ["//visibility:public"], - pure = "on", -) - -cluster_api_binary_image(name = "manager") diff --git a/cmd/manager/BUILD.bazel b/cmd/manager/BUILD.bazel new file mode 100644 index 0000000000..09eea40680 --- /dev/null +++ b/cmd/manager/BUILD.bazel @@ -0,0 +1,121 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@io_bazel_rules_docker//go:image.bzl", "go_image") +load("@io_bazel_rules_docker//contrib:push-all.bzl", "docker_push") +load("@io_bazel_rules_docker//container:container.bzl", "container_bundle") +load("//build:stateful_set_patch.bzl", "stateful_set_patch") + +go_library( + name = "go_default_library", + srcs = ["main.go"], + importpath = "sigs.k8s.io/cluster-api-provider-aws/cmd/manager", + visibility = ["//visibility:private"], + deps = [ + "//pkg/apis:go_default_library", + "//pkg/cloud/aws/actuators/cluster:go_default_library", + "//pkg/cloud/aws/actuators/machine:go_default_library", + "//pkg/record:go_default_library", + "//vendor/k8s.io/klog:go_default_library", + "//vendor/sigs.k8s.io/cluster-api/pkg/apis:go_default_library", + "//vendor/sigs.k8s.io/cluster-api/pkg/apis/cluster/common:go_default_library", + "//vendor/sigs.k8s.io/cluster-api/pkg/client/clientset_generated/clientset:go_default_library", + "//vendor/sigs.k8s.io/cluster-api/pkg/controller/cluster:go_default_library", + "//vendor/sigs.k8s.io/cluster-api/pkg/controller/machine:go_default_library", + "//vendor/sigs.k8s.io/controller-runtime/pkg/client/config:go_default_library", + "//vendor/sigs.k8s.io/controller-runtime/pkg/manager:go_default_library", + "//vendor/sigs.k8s.io/controller-runtime/pkg/runtime/signals:go_default_library", + ], +) + +go_binary( + name = "manager", + embed = [":go_default_library"], + pure = "on", + visibility = ["//visibility:public"], +) + +go_image( + name = "manager-amd64", + base = "@golang-image//image", + embed = [":go_default_library"], + goarch = "amd64", + goos = "linux", + pure = "on", + visibility = ["//visibility:public"], +) + +tags = [ + "{GIT_VERSION}", + "$(MANAGER_IMAGE_TAG)", +] + +images = { + "{registry}/{name}:{tag}".format( + registry = "$(REGISTRY_STABLE)", + name = "$(MANAGER_IMAGE_NAME)", + tag = tag, + ): ":manager-amd64" + for tag in tags +} + +images_dev = { + "{registry}/{name}:{tag}".format( + registry = "$(REGISTRY_DEV)", + name = "$(MANAGER_IMAGE_NAME)", + tag = tag, + ): ":manager-amd64" + for tag in tags +} + +container_bundle( + name = "manager-image", + images = images, + tags = ["manual"], + visibility = ["//visibility:public"], +) + +container_bundle( + name = "manager-image-dev", + images = images_dev, + tags = ["manual"], + visibility = ["//visibility:public"], +) + +docker_push( + name = "manager-push", + bundle = "manager-image", + tags = ["manual"], +) + +docker_push( + name = "manager-push-dev", + bundle = "manager-image-dev", + tags = ["manual"], +) + +stateful_set_patch( + name = "manager-version-patch", + registry = "$(REGISTRY_STABLE)", + tags = ["generated"], + visibility = ["//visibility:public"], +) + +stateful_set_patch( + name = "manager-version-patch-dev", + pull_policy = "Always", + registry = "$(REGISTRY_DEV)", + visibility = ["//visibility:public"], +) diff --git a/config/BUILD.bazel b/config/BUILD.bazel index d6dbef9b99..19c5af0924 100644 --- a/config/BUILD.bazel +++ b/config/BUILD.bazel @@ -14,6 +14,8 @@ load("//build:controller_gen.bzl", "controller_gen") +KUSTOMIZE = "@io_k8s_sigs_kustomize//:kustomize" + controller_gen( name = "config", api = [ @@ -32,43 +34,24 @@ controller_gen( visibility = ["//visibility:public"], ) +# Produces a provider components manifest without image versioning +# To be used as a base for release and developer manifests genrule( - name = "aws-provider-yaml", + name = "provider-non-stamped-base", srcs = [ "//config/default:kustomization.yaml", "//config/default:rbac_role_binding_patch.yaml", "//config/manager:manager.yaml", - "//cmd/clusterctl/examples/aws:out/aws_manager_image_patch.yaml", - "//cmd/clusterctl/examples/aws:test-credentials", "config", - ":credential_file", "//:WORKSPACE", ], - outs = ["aws_provider.yaml"], - cmd = """install -D $(location :credential_file) $(@D)/../cmd/clusterctl/examples/aws/out/credentials && \\ - CONFIG_SRCDIR={root_dir}/config && \\ - cp -R $$CONFIG_SRCDIR/default $(@D)/default && \\ - cp -R $$CONFIG_SRCDIR/manager $(@D)/manager && \\ - {kustomize} build $(@D)/default > $@ - """.format( - kustomize = "$(location @io_k8s_sigs_kustomize//:kustomize)", - root_dir = "$$(dirname $(location //:WORKSPACE))", - ), - tools = ["@io_k8s_sigs_kustomize//:kustomize"], - visibility = ["//visibility:public"], -) - -genrule( - name = "credential_file", - outs = ["credentials"], - visibility = ["//visibility:public"], + outs = ["provider-non-stamped-base.yaml"], cmd = " && ".join([ - "touch $@", - "export AWS_ACCESS_KEY_ID=$$(grep ^AWS_ACCESS_KEY_ID bazel-out/volatile-status.txt | cut -f2 -d\" \")", - "export AWS_SECRET_ACCESS_KEY=$$(grep ^AWS_SECRET_ACCESS_KEY bazel-out/volatile-status.txt | cut -f2 -d\" \")", - "echo '[default]' >> $@", - "echo aws_access_key_id = $$AWS_ACCESS_KEY_ID >> $@", - "echo aws_secret_access_key = $$AWS_SECRET_ACCESS_KEY >> $@", + "CONFIG_SRCDIR=$$(dirname $(location //:WORKSPACE))/config", + "cp -R $$CONFIG_SRCDIR/default $(@D)/default", + "cp -R $$CONFIG_SRCDIR/manager $(@D)/manager", + "$(location %s) build $(@D)/default > $@" % KUSTOMIZE, ]), - stamp = 1, + tools = [KUSTOMIZE], + visibility = ["//visibility:public"], ) diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index a2258e3052..6e11ba511f 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -25,11 +25,4 @@ resources: - ../manager/manager.yaml patches: - - ../../cmd/clusterctl/examples/aws/out/aws_manager_image_patch.yaml - rbac_role_binding_patch.yaml - -secretGenerator: - - name: manager-bootstrap-credentials - type: Opaque - commands: - credentials: "cat ../../cmd/clusterctl/examples/aws/out/credentials" diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 0e116d5b0e..4dcfe235df 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -64,8 +64,6 @@ spec: mountPath: /etc/kubernetes - name: certs mountPath: /etc/ssl/certs - - name: credentials - mountPath: /root/.aws resources: limits: cpu: 100m @@ -85,7 +83,4 @@ spec: - name: certs hostPath: path: /etc/ssl/certs - - name: credentials - secret: - secretName: manager-bootstrap-credentials terminationGracePeriodSeconds: 10 diff --git a/docs/BUILD.bazel b/docs/BUILD.bazel new file mode 100644 index 0000000000..1523491180 --- /dev/null +++ b/docs/BUILD.bazel @@ -0,0 +1,17 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +exports_files([ + "getting-started.md", +]) diff --git a/docs/development.md b/docs/development.md index 83c505b2e9..cbf4d38acb 100644 --- a/docs/development.md +++ b/docs/development.md @@ -8,6 +8,7 @@ - [Setting up](#setting-up) - [Base requirements](#base-requirements) - [Get the source](#get-the-source) + - [Get familiar with basic concepts](#get-familiar-with-basic-concepts) - [Dev manifest files](#dev-manifest-files) - [Dev images](#dev-images) - [Container registry](#container-registry) @@ -92,7 +93,7 @@ started prerequisites section](./getting-started.md#Prerequisites) The dev version of the manifests can be generated with -`make manifests-dev examples-dev` +`make manifests-dev` #### Building and pushing dev images to GCR diff --git a/docs/getting-started.md b/docs/getting-started.md index 2dc1efa3e8..534dbdecf6 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -19,6 +19,8 @@ - [Deploying a cluster](#deploying-a-cluster) - [Setting up the environment](#setting-up-the-environment) - [Generating cluster manifests and example cluster](#generating-cluster-manifests-and-example-cluster) + - [Cluster name](#cluster-name) + - [Using an existing VPC](#using-an-existing-vpc) - [Creating a cluster](#creating-a-cluster) - [Using the cluster](#using-the-cluster) - [Troubleshooting](#troubleshooting) @@ -32,11 +34,7 @@ - A set of AWS credentials sufficient to bootstrap the cluster (see [bootstrapping-aws-identity-and-access-management-with-cloudformation](#bootstrapping-aws-identity-and-access-management-with-cloudformation)). - An AWS IAM role to give to the Cluster API control plane. - [KIND](https://sigs.k8s.io/kind) -- [kubectl][kubectl] -- [kustomize][kustomize] -- make - gettext (with `envsubst` in your PATH) -- bazel ### Optional @@ -153,17 +151,22 @@ these environment variables in your own way. ### Generating cluster manifests and example cluster -There is a make target `manifests` that can be used to generate the -cluster manifests. +Download the cluster-api-provider-aws-examples.tar file and unpack it. ```bash -make manifests +tar xfv cluster-api-provider-aws-examples.tar +``` + +Then run `./generate_yaml.sh` to generate manifests: + +```bash +./aws/generate_yaml.sh ``` You should not need to edit the generated manifests, but if you want to do any customization now is the time to do it. Take a look at -`cmd/clusterctl/examples/aws/out/cluster.yaml` and -`cmd/clusterctl/examples/aws/out/machine.yaml`. +`./aws/out/cluster.yaml` and +`./aws/out/machine.yaml`. Ensure the `region` and `keyName` are set to what you expect. @@ -193,10 +196,10 @@ You can now start the Cluster API controllers and deploy a new cluster in AWS: clusterctl create cluster -v 3 \ --bootstrap-type kind \ --provider aws \ - -m ./cmd/clusterctl/examples/aws/out/machines.yaml \ - -c ./cmd/clusterctl/examples/aws/out/cluster.yaml \ - -p ./cmd/clusterctl/examples/aws/out/provider-components.yaml \ - -a ./cmd/clusterctl/examples/aws/out/addons.yaml + -m ./aws/out/machines.yaml \ + -c ./aws/out/cluster.yaml \ + -p ./aws/out/provider-components.yaml \ + -a ./aws/out/addons.yaml I0119 12:16:07.521123 38557 plugins.go:39] Registered cluster provisioner "aws" I0119 12:16:07.522563 38557 createbootstrapcluster.go:27] Creating bootstrap cluster diff --git a/hack/print-workspace-status.sh b/hack/print-workspace-status.sh index bb30e8b9eb..db6bccc1fa 100755 --- a/hack/print-workspace-status.sh +++ b/hack/print-workspace-status.sh @@ -71,7 +71,6 @@ GIT_RELEASE_TAG=$(git describe --abbrev=0 --tags) GIT_RELEASE_COMMIT=$(git rev-list -n 1 ${GIT_RELEASE_TAG} | head -c 14) cat <> $@", + "echo aws_access_key_id = $$AWS_ACCESS_KEY_ID >> $@", + "echo aws_secret_access_key = $$AWS_SECRET_ACCESS_KEY >> $@", + "echo aws_session_token = $$AWS_SESSION_TOKEN >> $@", + ]), + stamp = 1, + visibility = ["//visibility:private"], +) + +genrule( + name = "provider_credentials_env", + outs = ["manifests/provider-credentials.sh"], + cmd = " && ".join([ + "touch $@", + "export AWS_ACCESS_KEY_ID=$$(grep ^AWS_ACCESS_KEY_ID bazel-out/volatile-status.txt | cut -f2 -d\" \")", + "export AWS_SECRET_ACCESS_KEY=$$(grep ^AWS_SECRET_ACCESS_KEY bazel-out/volatile-status.txt | cut -f2 -d\" \")", + "export AWS_SESSION_TOKEN=$$(grep ^AWS_SESSION_TOKEN bazel-out/volatile-status.txt | cut -f2 -d\" \")", + "export AWS_REGION=$$(grep ^AWS_REGION bazel-out/volatile-status.txt | cut -f2 -d\" \")", + "echo export AWS_ACCESS_KEY_ID=$$AWS_ACCESS_KEY_ID >> $@", + "echo export AWS_SECRET_ACCESS_KEY=$$AWS_SECRET_ACCESS_KEY >> $@", + "echo export AWS_SESSION_TOKEN=$$AWS_SESSION_TOKEN >> $@", + "echo export AWS_REGION=$$AWS_REGION >> $@", + ]), + stamp = 1, + visibility = ["//visibility:private"], +) + +genrule( + name = "e2e-provider-components", + srcs = [ + "kustomization.yaml", + "//test:manager-version-patch.yaml", + "manifests/provider-components.yaml", + ], + outs = ["provider-components-e2e.yaml"], + cmd = " && ".join([ + "cp -f $(SRCS) $(@D)", + "$(location @io_k8s_sigs_kustomize//:kustomize) build $(@D) > $@", + ]), + tools = ["@io_k8s_sigs_kustomize//:kustomize"], + visibility = ["//visibility:public"], +) diff --git a/test/e2e/aws_test.go b/test/e2e/aws_test.go index 13806ee2fc..7e659e553c 100644 --- a/test/e2e/aws_test.go +++ b/test/e2e/aws_test.go @@ -39,6 +39,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/client-go/kubernetes" + "fmt" capa "sigs.k8s.io/cluster-api-provider-aws/pkg/apis/awsprovider/v1alpha1" "sigs.k8s.io/cluster-api-provider-aws/pkg/cloud/aws/actuators" "sigs.k8s.io/cluster-api-provider-aws/pkg/cloud/aws/actuators/machine" @@ -74,6 +75,7 @@ var _ = Describe("AWS", func() { client *clientset.Clientset ) BeforeEach(func() { + fmt.Fprintf(GinkgoWriter, "running in AWS region: %s\n", awsRegion) cluster.Setup() cfg := cluster.RestConfig() var err error diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go index 3848381f02..f6ca2530e7 100644 --- a/test/e2e/e2e_suite_test.go +++ b/test/e2e/e2e_suite_test.go @@ -25,5 +25,5 @@ import ( func TestE2e(t *testing.T) { RegisterFailHandler(Fail) - RunSpecs(t, "E2e Suite") + RunSpecs(t, "e2e Suite") } diff --git a/test/e2e/kustomization.yaml b/test/e2e/kustomization.yaml new file mode 100644 index 0000000000..b2751f4268 --- /dev/null +++ b/test/e2e/kustomization.yaml @@ -0,0 +1,24 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resources: + - provider-components.yaml + +patchesJson6902: + - target: + group: apps + version: v1 + kind: StatefulSet + name: aws-provider-controller-manager + path: manager-version-patch.yaml diff --git a/test/e2e/util/kind/BUILD.bazel b/test/e2e/util/kind/BUILD.bazel index 41bf862dbe..994ef1b0e5 100644 --- a/test/e2e/util/kind/BUILD.bazel +++ b/test/e2e/util/kind/BUILD.bazel @@ -7,6 +7,7 @@ go_library( visibility = ["//visibility:public"], deps = [ "//vendor/github.com/onsi/ginkgo:go_default_library", + "//vendor/github.com/onsi/ginkgo/config:go_default_library", "//vendor/github.com/onsi/gomega:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", "//vendor/k8s.io/client-go/rest:go_default_library", diff --git a/test/e2e/util/kind/setup.go b/test/e2e/util/kind/setup.go index 4759429d74..17f0963c7d 100644 --- a/test/e2e/util/kind/setup.go +++ b/test/e2e/util/kind/setup.go @@ -27,18 +27,28 @@ import ( "strings" "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/config" "github.com/onsi/gomega" + "k8s.io/client-go/kubernetes" restclient "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" ) +func init() { + // Turn on verbose by default to get spec names + config.DefaultReporterConfig.Verbose = true + + // Turn on EmitSpecProgress to get spec progress (especially on interrupt) + config.GinkgoConfig.EmitSpecProgress = true + +} + var ( - kindBinary = flag.String("kindBinary", "kind", "path to the kind binary") - kubectlBinary = flag.String("kubectlBinary", "kubectl", "path to the kubectl binary") - awsProviderYAML = flag.String("awsProviderYAML", "", "path to the Kubernetes YAML for the aws provider") - clusterAPIYAML = flag.String("clusterAPIYAML", "", "path to the Kubernetes YAML for the cluster API") - managerImageTar = flag.String("managerImageTar", "", "a script to load the manager Docker image into Docker") + kindBinary = flag.String("kindBinary", "kind", "path to the kind binary") + kubectlBinary = flag.String("kubectlBinary", "kubectl", "path to the kubectl binary") + providerComponentsYAML = flag.String("providerComponentsYAML", "", "path to the provider components YAML for the cluster API") + managerImageTar = flag.String("managerImageTar", "", "a script to load the manager Docker image into Docker") ) const kindContainerName = "kind-1-control-plane" @@ -55,11 +65,12 @@ func (c *Cluster) Setup() { var err error c.tmpDir, err = ioutil.TempDir("", "kind-home") gomega.Expect(err).To(gomega.BeNil()) - + fmt.Fprintln(ginkgo.GinkgoWriter, "creating Kind cluster") c.run(exec.Command(*kindBinary, "create", "cluster")) path := c.runWithOutput(exec.Command(*kindBinary, "get", "kubeconfig-path")) c.kubepath = strings.TrimSpace(string(path)) - fmt.Fprintf(ginkgo.GinkgoWriter, "kubeconfig path: %q\n", c.kubepath) + fmt.Fprintf(ginkgo.GinkgoWriter, "kubeconfig path: %q. Can use the following to access the cluster:\n", c.kubepath) + fmt.Fprintf(ginkgo.GinkgoWriter, "export KUBECONFIG=%s\n", c.kubepath) if *managerImageTar != "" { c.loadImage() @@ -70,12 +81,17 @@ func (c *Cluster) Setup() { func (c *Cluster) loadImage() { // TODO(EKF): once kind supports loading images directly, remove this hack + fmt.Fprintf( + ginkgo.GinkgoWriter, + "loading image %q into nested docker instance\n", + *managerImageTar) file, err := os.Open(*managerImageTar) gomega.Expect(err).To(gomega.BeNil()) // Pipe the tar file into the kind container then docker-load it cmd := exec.Command("docker", "exec", "--interactive", kindContainerName, "docker", "load") cmd.Stdin = file + cmd.Stdout = ginkgo.GinkgoWriter c.run(cmd) } @@ -85,14 +101,13 @@ func (c *Cluster) Teardown() { os.RemoveAll(c.tmpDir) } -// applyYAML takes the provided awsProviderYAML and clusterAPIYAML and applies them to a cluster given by the kubeconfig path kubeConfig. +// applyYAML takes the provided providerComponentsYAML applies them to a cluster given by the kubeconfig path kubeConfig. func (c *Cluster) applyYAML() { c.run(exec.Command( *kubectlBinary, "create", "--kubeconfig="+c.kubepath, - "-f", *awsProviderYAML, - "-f", *clusterAPIYAML, + "-f", *providerComponentsYAML, )) } diff --git a/test/integration/BUILD b/test/integration/BUILD index 527da44a21..ca06684c29 100644 --- a/test/integration/BUILD +++ b/test/integration/BUILD @@ -1,5 +1,24 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + load("@io_bazel_rules_go//go:def.bzl", "go_test") +alias( + name = "integration", + actual = ":go_default_test", +) + go_test( name = "go_default_test", size = "large", @@ -10,13 +29,11 @@ go_test( args = [ "-kindBinary=$(location @io_k8s_sigs_kind//:kind)", "-kubectlBinary=$(location @io_k8s_kubernetes//cmd/kubectl:kubectl)", - "-awsProviderYAML=$(location //config:aws-provider-yaml)", - "-clusterAPIYAML=$(location //vendor/sigs.k8s.io/cluster-api/config:cluster-api-yaml)", + "-providerComponentsYAML=$(location manifests/provider-components-integration.yaml)", "-managerImageTar=$(location //cmd/manager:manager-amd64.tar)", ], data = [ - "//config:aws-provider-yaml", - "//vendor/sigs.k8s.io/cluster-api/config:cluster-api-yaml", + "manifests/provider-components-integration.yaml", "//cmd/manager:manager-amd64.tar", "@io_k8s_kubernetes//cmd/kubectl:kubectl", "@io_k8s_sigs_kind//:kind", @@ -33,3 +50,19 @@ go_test( "//vendor/k8s.io/client-go/kubernetes:go_default_library", ], ) + +genrule( + name = "integration-provider-components", + srcs = [ + "kustomization.yaml", + "//test:manager-version-patch.yaml", + "//config:provider-non-stamped-base.yaml", + ], + outs = ["manifests/provider-components-integration.yaml"], + cmd = " && ".join([ + "cp -f $(SRCS) $(@D)", + "$(location @io_k8s_sigs_kustomize//:kustomize) build $(@D) > $@", + ]), + tools = ["@io_k8s_sigs_kustomize//:kustomize"], + visibility = ["//visibility:public"], +) diff --git a/test/integration/kustomization.yaml b/test/integration/kustomization.yaml new file mode 100644 index 0000000000..26bbb7834a --- /dev/null +++ b/test/integration/kustomization.yaml @@ -0,0 +1,24 @@ +# Copyright 2019 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resources: + - provider-non-stamped-base.yaml + +patchesJson6902: + - target: + group: apps + version: v1 + kind: StatefulSet + name: aws-provider-controller-manager + path: manager-version-patch.yaml