Commit 35a64164 authored by malf's avatar malf
Browse files

adapt eks configuration

parent 23b313e1
apiVersion: v1
kind: Namespace
metadata:
labels:
kubernetes.io/metadata.name: sealed-secrets
name: sealed-secrets
spec:
finalizers:
- kubernetes
---
apiVersion: argoproj.io/v1alpha1
kind: Application
......
......@@ -16,3 +16,6 @@ metadata:
data:
ssh_known_hosts: |
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
git.cccfr.de ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlFInXNUYG/6gNRYWBEMrLgUvnEVmvvlYYB/10INUGnIRP+KVvP4jUf+JvkDzi6P4h5cm5Q/X9E1M+ME9XgLxgTBwmNJ4zI/J7h0Q+3Gm4KOF7RlzOM5j8A+7MCI2C8PQMaT/cwB8cNosOUfpyGf+ciSJZvnickWIrPAAMqmrtEepNTN7C4YXz0ZhNcGHqADU7O261NEqMSP+OBRUtpjI5Ls0AHWmLU9UvrXnd221A1B+8M6WjvNiDNIe2waHte7YWVaumn1rFm5CJ1ZMVRFw+pyvIKz8dFkFuzwlmJUY6pg9Bmpzf33T32btJBeugoLYhS/XxSHcslKMqknP2usxX4QM5qmJUlSKQMKEWbptxQn9LcP8H2oWOAgrCV9OdB4LCLn2FdKUcHNhbztm+yt1nvnLI3HSWbzqkYTbH9yKPKPYdrd4nJc/u09Jl3AyqypreEmiR8okLAkUGJsm9WMP0DY9gFCatgeWdq+rY5ba3ATAJAKkDtpzvzF2W7oBFRqc=
git.cccfr.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBESMA/XMkpgsgzWBQFOthXZXthYJUviBq0wtt/P3OtV
git.cccfr.de ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP5H2QzyW0EUMO3sl9AIK2mBocRBCeCUYKcK4AIWpYbyOAdUv0cPnHj1et2ycYID1/oDMft718/H1t15dqxXKSs=
......@@ -7,7 +7,7 @@ metadata:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
ignoreCrossplaneConstraints: false
package: 597766473323.dkr.ecr.eu-west-1.amazonaws.com/iac:eks-1.0
package: public.ecr.aws/z5k2d5u9/eks.cccfr.de:1.0
packagePullPolicy: IfNotPresent
revisionActivationPolicy: Automatic
revisionHistoryLimit: 0
......
---
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: eksclusters.eks.cccfr.de
spec:
group: eks.cccfr.de
names:
kind: EKSCluster
plural: eksclusters
connectionSecretKeys:
- cluster-ca
- apiserver-endpoint
- value
versions:
- name: v1beta1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
parameters:
type: object
properties:
region:
description: Geographic location of this VPC
type: string
enum: ["eu-central-1", "eu-west-1"]
vpc-cidrBlock:
description: CIDR block for VPC
type: string
vpc-name:
description: Name for VPC
type: string
subnet1-public-name:
description: Name for public subnet 1
type: string
subnet1-public-cidrBlock:
description: CIDR block for public subnet 1
type: string
subnet1-public-availabilityZone:
description: AZ for public subnet 1
type: string
subnet2-public-name:
description: Name for public subnet 2
type: string
subnet2-public-cidrBlock:
description: CIDR block for public subnet 2
type: string
subnet2-public-availabilityZone:
description: AZ for public subnet 2
type: string
subnet1-private-name:
description: Name for private subnet 1
type: string
subnet1-private-cidrBlock:
description: CIDR block for private subnet 1
type: string
subnet1-private-availabilityZone:
description: AZ for private subnet 1
type: string
subnet2-private-name:
description: Name for private subnet 2
type: string
subnet2-private-cidrBlock:
description: CIDR block for private subnet 2
type: string
subnet2-private-availabilityZone:
description: AZ for private subnet 2
type: string
cluster-role:
description: EKS cluster role
type: string
workernode-role:
description: EKS worker node role
type: string
k8s-version:
description: Kubernetes version
type: string
enum: ["1.20", "1.21", "1.22"]
workers-size:
description: Desired number of worker nodes in the cluster
type: integer
workload-type:
description: Type of workloads to be run on this cluster (GPU or non-GPU)"
type: string
enum: ["gpu", "non-gpu"]
required:
- region
- vpc-name
- vpc-cidrBlock
- subnet1-public-name
- subnet1-public-cidrBlock
- subnet1-public-availabilityZone
- subnet2-public-name
- subnet2-public-cidrBlock
- subnet2-public-availabilityZone
- subnet1-private-name
- subnet1-private-cidrBlock
- subnet1-private-availabilityZone
- subnet2-private-name
- subnet2-private-cidrBlock
- subnet2-private-availabilityZone
- k8s-version
- workers-size
- workload-type
required:
- parameters
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: amazon-eks-cluster
labels:
provider: aws
service: eks
compute: managed
spec:
writeConnectionSecretsToNamespace: crossplane-system
compositeTypeRef:
apiVersion: eks.sarathy.io/v1beta1
kind: EKSCluster
patchSets:
- name: common-parameters
patches:
- fromFieldPath: "spec.parameters.region"
toFieldPath: "spec.forProvider.region"
resources:
- name: vpc
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: VPC
spec:
forProvider:
enableDnsSupport: true
enableDnsHostNames: true
tags:
- key: Name
patches:
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.vpc-cidrBlock
toFieldPath: spec.forProvider.cidrBlock
- fromFieldPath: spec.parameters.vpc-name
toFieldPath: spec.forProvider.tags[0].value
- name: internetgateway
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: InternetGateway
metadata:
labels:
type: igw
spec:
forProvider:
vpcIdSelector:
matchControllerRef: true
tags:
- key: Name
patches:
- type: PatchSet
patchSetName: common-parameters
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
strategy: string
string:
fmt: "%s-igw"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- name: subnet-public-1
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: Subnet
metadata:
labels:
type: subnet
visibility: public
spec:
forProvider:
mapPublicIpOnLaunch: true
vpcIdSelector:
matchControllerRef: true
tags:
- key: Name
- key: kubernetes.io/role/elb
value: "1"
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
- fromFieldPath: spec.parameters.subnet1-public-name
strategy: string
string:
fmt: "%s-%s"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet1-public-cidrBlock
toFieldPath: spec.forProvider.cidrBlock
- fromFieldPath: spec.parameters.subnet1-public-availabilityZone
toFieldPath: spec.forProvider.availabilityZone
- fromFieldPath: spec.parameters.subnet1-public-availabilityZone
toFieldPath: metadata.labels.zone
- name: subnet-public-2
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: Subnet
metadata:
labels:
type: subnet
visibility: public
spec:
forProvider:
mapPublicIpOnLaunch: true
vpcIdSelector:
matchControllerRef: true
tags:
- key: Name
- key: kubernetes.io/role/elb
value: "1"
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
- fromFieldPath: spec.parameters.subnet2-public-name
strategy: string
string:
fmt: "%s-%s"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet2-public-cidrBlock
toFieldPath: spec.forProvider.cidrBlock
- fromFieldPath: spec.parameters.subnet2-public-availabilityZone
toFieldPath: spec.forProvider.availabilityZone
- fromFieldPath: spec.parameters.subnet2-public-availabilityZone
toFieldPath: metadata.labels.zone
- name: subnet-private-1
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: Subnet
metadata:
labels:
type: subnet
visibility: private
spec:
forProvider:
mapPublicIpOnLaunch: false
vpcIdSelector:
matchControllerRef: true
tags:
- key: Name
- key: kubernetes.io/role/internal-elb
value: "1"
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
- fromFieldPath: spec.parameters.subnet1-private-name
strategy: string
string:
fmt: "%s-%s"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet1-private-cidrBlock
toFieldPath: spec.forProvider.cidrBlock
- fromFieldPath: spec.parameters.subnet1-private-availabilityZone
toFieldPath: spec.forProvider.availabilityZone
- fromFieldPath: spec.parameters.subnet1-private-availabilityZone
toFieldPath: metadata.labels.zone
- name: subnet-private-2
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: Subnet
metadata:
labels:
type: subnet
visibility: private
spec:
forProvider:
mapPublicIpOnLaunch: false
vpcIdSelector:
matchControllerRef: true
tags:
- key: Name
- key: kubernetes.io/role/internal-elb
value: "1"
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
- fromFieldPath: spec.parameters.subnet2-private-name
strategy: string
string:
fmt: "%s-%s"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet2-private-cidrBlock
toFieldPath: spec.forProvider.cidrBlock
- fromFieldPath: spec.parameters.subnet2-private-availabilityZone
toFieldPath: spec.forProvider.availabilityZone
- fromFieldPath: spec.parameters.subnet2-private-availabilityZone
toFieldPath: metadata.labels.zone
- name: elastic-ip-1
base:
apiVersion: ec2.aws.crossplane.io/v1alpha1
kind: ElasticIP
metadata:
labels:
type: eip-1
spec:
forProvider:
domain: vpc
patches:
- type: PatchSet
patchSetName: common-parameters
- name: elastic-ip-2
base:
apiVersion: ec2.aws.crossplane.io/v1alpha1
kind: ElasticIP
metadata:
labels:
type: eip-2
spec:
forProvider:
domain: vpc
patches:
- type: PatchSet
patchSetName: common-parameters
- name: natgateway-1
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: NATGateway
metadata:
labels:
type: natgw-1
spec:
forProvider:
allocationIdSelector:
matchLabels:
type: eip-1
vpcIdSelector:
matchControllerRef: true
subnetIdSelector:
matchLabels:
type: subnet
visibility: public
tags:
- key: Name
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
strategy: string
string:
fmt: "%s-nat-gateway-1"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet1-public-availabilityZone
toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone
- name: natgateway-2
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: NATGateway
metadata:
labels:
type: natgw-2
spec:
forProvider:
allocationIdSelector:
matchLabels:
type: eip-2
vpcIdSelector:
matchControllerRef: true
subnetIdSelector:
matchLabels:
type: subnet
visibility: public
tags:
- key: Name
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
strategy: string
string:
fmt: "%s-nat-gateway-2"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet2-public-availabilityZone
toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone
- name: routetable-public
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: RouteTable
spec:
forProvider:
vpcIdSelector:
matchControllerRef: true
routes:
- destinationCidrBlock: 0.0.0.0/0
gatewayIdSelector:
matchLabels:
type: igw
associations:
- subnetIdSelector:
matchLabels:
type: subnet
visibility: public
- subnetIdSelector:
matchLabels:
type: subnet
visibility: public
tags:
- key: Name
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
strategy: string
string:
fmt: "%s-public-route-table"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet1-public-availabilityZone
toFieldPath: spec.forProvider.associations[0].subnetIdSelector.matchLabels.zone
- fromFieldPath: spec.parameters.subnet2-public-availabilityZone
toFieldPath: spec.forProvider.associations[1].subnetIdSelector.matchLabels.zone
- name: routetable-private-1
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: RouteTable
spec:
forProvider:
vpcIdSelector:
matchControllerRef: true
routes:
- destinationCidrBlock: 0.0.0.0/0
natGatewayIdSelector:
matchLabels:
type: natgw-1
associations:
- subnetIdSelector:
matchLabels:
type: subnet
visibility: private
tags:
- key: Name
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
strategy: string
string:
fmt: "%s-private-route-table-1"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet1-public-availabilityZone
toFieldPath: spec.forProvider.associations[0].subnetIdSelector.matchLabels.zone
- name: routetable-private-2
base:
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: RouteTable
spec:
forProvider:
vpcIdSelector:
matchControllerRef: true
routes:
- destinationCidrBlock: 0.0.0.0/0
natGatewayIdSelector:
matchLabels:
type: natgw-2
associations:
- subnetIdSelector:
matchLabels:
type: subnet
visibility: private
tags:
- key: Name
patches:
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.vpc-name
strategy: string
string:
fmt: "%s-private-route-table-2"
toFieldPath: spec.forProvider.tags[0].value
policy:
fromFieldPath: Required
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: spec.parameters.subnet2-public-availabilityZone
toFieldPath: spec.forProvider.associations[0].subnetIdSelector.matchLabels.zone
- name: eks-cluster
base:
apiVersion: eks.aws.crossplane.io/v1beta1
kind: Cluster
spec:
forProvider:
resourcesVpcConfig:
endpointPrivateAccess: false
endpointPublicAccess: true
subnetIdSelector:
matchLabels:
type: subnet
writeConnectionSecretToRef:
namespace: crossplane-system
patches:
- type: PatchSet
patchSetName: common-parameters
- fromFieldPath: "spec.parameters.k8s-version"