Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: feat(bootstrap): init cleanup bootstrap operator templating #731

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
+462 −171
Draft

WIP: feat(bootstrap): init cleanup bootstrap operator templating #731

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
369a79e
feat(bootstrap): init cleanup bootstrap operator templating
davidspek Jun 5, 2023
4cd3906
fix: update crd and bump image
davidspek Jun 5, 2023
d72bce9
tmp
davidspek Jun 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
192 changes: 101 additions & 91 deletions bootstrap/helm/bootstrap-operator/crds/bootstrap.plural.sh_bootstraps.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,107 @@ spec:
type: array
fetchConfigUrl:
type: string
iamServiceAccount:
description: IAMServiceAccount specifies the configuration
for IAM service accounts
properties:
roleNamePrefix:
description: RoleNamePrefix specifies the prefix that
will be added to the IAM role name
type: string
serviceAccounts:
description: ServiceAccounts specifies service accounts
items:
properties:
attachPolicy:
description: AttachPolicy holds a policy document
to attach to this service account
type: object
x-kubernetes-preserve-unknown-fields: true
attachPolicyARNs:
description: list of ARNs of the IAM policies to
attach
items:
type: string
type: array
attachRoleARN:
description: ARN of the role to attach to the service
account
type: string
metadata:
description: ClusterIAMMeta holds information we
can use to create ObjectMeta for service accounts
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
permissionsBoundary:
description: ARN of the permissions boundary to
associate with the service account
type: string
roleName:
description: Specific role name instead of the Cloudformation-generated
role name
type: string
roleOnly:
description: Specify if only the IAM Service Account
role should be created without creating/annotating
the service account
type: boolean
tags:
additionalProperties:
type: string
description: AWS tags for the service account
type: object
wellKnownPolicies:
description: WellKnownPolicies for attaching common
IAM policies
properties:
autoScaler:
description: AutoScaler adds policies for cluster-autoscaler.
See [autoscaler AWS docs](https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html).
type: boolean
awsLoadBalancerController:
description: AWSLoadBalancerController adds
policies for using the aws-load-balancer-controller.
See [Load Balancer docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html).
type: boolean
certManager:
description: CertManager adds cert-manager policies.
See [cert-manager docs](https://cert-manager.io/docs/configuration/acme/dns01/route53).
type: boolean
ebsCSIController:
description: EBSCSIController adds policies
for using the ebs-csi-controller. See [aws-ebs-csi-driver
docs](https://github.com/kubernetes-sigs/aws-ebs-csi-driver#set-up-driver-permission).
type: boolean
efsCSIController:
description: EFSCSIController adds policies
for using the efs-csi-controller. See [aws-efs-csi-driver
docs](https://aws.amazon.com/blogs/containers/introducing-efs-csi-dynamic-provisioning).
type: boolean
externalDNS:
description: ExternalDNS adds external-dns policies
for Amazon Route 53. See [external-dns docs](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md).
type: boolean
imageBuilder:
description: ImageBuilder allows for full ECR
(Elastic Container Registry) access.
type: boolean
type: object
type: object
type: array
type: object
machinePools:
items:
properties:
Expand Down Expand Up @@ -307,96 +408,6 @@ spec:
- key
type: object
x-kubernetes-map-type: atomic
serviceAccounts:
description: ServiceAccounts specifies service accounts
items:
properties:
attachPolicy:
description: AttachPolicy holds a policy document to
attach to this service account
type: string
attachPolicyARNs:
description: list of ARNs of the IAM policies to attach
items:
type: string
type: array
attachRoleARN:
description: ARN of the role to attach to the service
account
type: string
metadata:
description: ClusterIAMMeta holds information we can
use to create ObjectMeta for service accounts
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
name:
type: string
namespace:
type: string
type: object
permissionsBoundary:
description: ARN of the permissions boundary to associate
with the service account
type: string
roleName:
description: Specific role name instead of the Cloudformation-generated
role name
type: string
roleOnly:
description: Specify if only the IAM Service Account
role should be created without creating/annotating
the service account
type: boolean
tags:
additionalProperties:
type: string
description: AWS tags for the service account
type: object
wellKnownPolicies:
description: WellKnownPolicies for attaching common
IAM policies
properties:
autoScaler:
description: AutoScaler adds policies for cluster-autoscaler.
See [autoscaler AWS docs](https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html).
type: boolean
awsLoadBalancerController:
description: AWSLoadBalancerController adds policies
for using the aws-load-balancer-controller. See
[Load Balancer docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html).
type: boolean
certManager:
description: CertManager adds cert-manager policies.
See [cert-manager docs](https://cert-manager.io/docs/configuration/acme/dns01/route53).
type: boolean
ebsCSIController:
description: EBSCSIController adds policies for
using the ebs-csi-controller. See [aws-ebs-csi-driver
docs](https://github.com/kubernetes-sigs/aws-ebs-csi-driver#set-up-driver-permission).
type: boolean
efsCSIController:
description: EFSCSIController adds policies for
using the efs-csi-controller. See [aws-efs-csi-driver
docs](https://aws.amazon.com/blogs/containers/introducing-efs-csi-dynamic-provisioning).
type: boolean
externalDNS:
description: ExternalDNS adds external-dns policies
for Amazon Route 53. See [external-dns docs](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md).
type: boolean
imageBuilder:
description: ImageBuilder allows for full ECR (Elastic
Container Registry) access.
type: boolean
type: object
type: object
type: array
sessionTokenRef:
description: SecretKeySelector selects a key of a Secret.
properties:
Expand All @@ -421,7 +432,6 @@ spec:
required:
- accessKeyIdRef
- accountIDRef
- machinePools
- region
- secretAccessKeyRef
- sessionTokenRef
Expand Down
37 changes: 34 additions & 3 deletions bootstrap/helm/bootstrap-operator/templates/bootstrap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,37 @@ spec:
managerImage: registry.k8s.io/capi-operator/cluster-api-operator:v0.2.0
kubeRBACProxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
cloudSpec:
{{ if .Values.operator.cloud }}
{{ toYaml .Values.operator.cloud | nindent 4 }}
{{ end }}
{{- if .Values.operator.cloud.aws.enabled }}
aws:
{{- range $k, $v := .Values.operator.cloud.aws }}
{{- if ne $k "enabled" }}
{{- if or (kindIs "string" $v) (kindIs "bool" $v) (kindIs "int" $v) (kindIs "float64" $v) }}
{{ $k }}: {{ $v }}
{{- else }}
{{ $k }}: {{- toYaml $v | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- else if .Values.operator.cloud.azure.enabled }}
azure:
{{- range $k, $v := .Values.operator.cloud.azure }}
{{- if ne $k "enabled" }}
{{- if or (kindIs "string" $v) (kindIs "bool" $v) (kindIs "int" $v) (kindIs "float64" $v) }}
{{ $k }}: {{ $v }}
{{- else }}
{{ $k }}: {{- toYaml $v | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- else if .Values.operator.cloud.gcp.enabled }}
gcp:
{{- range $k, $v := .Values.operator.cloud.gcp }}
{{- if ne $k "enabled" }}
{{- if or (kindIs "string" $v) (kindIs "bool" $v) (kindIs "int" $v) (kindIs "float64" $v) }}
{{ $k }}: {{ $v }}
{{- else }}
{{ $k }}: {{- toYaml $v | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
Loading