This repository was archived by the owner on Dec 10, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathcomposition.yaml
More file actions
126 lines (117 loc) · 6.28 KB
/
composition.yaml
File metadata and controls
126 lines (117 loc) · 6.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: eksclusters.pythonic.fortra.com
spec:
compositeTypeRef:
apiVersion: pythonic.fortra.com/v1alpha1
kind: EksCluster
mode: Pipeline
pipeline:
- step: render-templates
functionRef:
name: function-pythonic
input:
apiVersion: pythonic.fn.fortra.com/v1alpha1
kind: Composite
composite: |
class Composite(BaseComposite):
def compose(self):
self.usages = True
v = self.resources.VPC('ec2.aws.crossplane.io/v1beta1', 'VPC')
v.spec.forProvider.region = self.spec.cluster.region
v.spec.forProvider.enableDnsHostNames = True
v.spec.forProvider.enableDnsSupport = True
v.spec.forProvider.cidrBlock = '10.0.0.0/16'
v.spec.forProvider.tags = self.tags(Name=self.spec.cluster.name)
self.status.vpcId = v.status.atProvider.vpcId
publicTableId, publicSubnetIds = self.compose_network(
True, '10.0.0.0/20', '10.0.16.0/20', '10.0.32.0/20',
)
g = self.resources.InternetGateway('ec2.aws.crossplane.io/v1beta1', 'InternetGateway')
g.spec.forProvider.region = self.spec.cluster.region
g.spec.forProvider.vpcId = self.status.vpcId
g.spec.forProvider.tags = self.tags(Name=self.spec.cluster.name)
r = self.resources.RoutePublic('ec2.aws.crossplane.io/v1alpha1', 'Route').spec.forProvider
r.region = self.spec.cluster.region
r.routeTableId = publicTableId
r.destinationCIDRBlock = '0.0.0.0/0'
r.gatewayId = g.status.atProvider.internetGatewayId
privateTableId, privateSubnetIds = self.compose_network(
False, '10.0.64.0/18', '10.0.128.0/18', '10.0.192.0/18',
)
a = self.resources.Address('ec2.aws.crossplane.io/v1beta1', 'Address')
a.spec.forProvider.region = self.spec.cluster.region
a.spec.forProvider.tags = self.tags(Name=self.spec.cluster.name)
g = self.resources.NATGateway('ec2.aws.crossplane.io/v1beta1', 'NATGateway')
g.spec.forProvider.region = self.spec.cluster.region
g.spec.forProvider.allocationId = a.status.atProvider.allocationId
g.spec.forProvider.subnetId = publicSubnetIds[0]
g.spec.forProvider.tags = self.tags(Name=self.spec.cluster.name)
r = self.resources.RoutePrivate('ec2.aws.crossplane.io/v1alpha1', 'Route').spec.forProvider
r.region = self.spec.cluster.region
r.routeTableId = privateTableId
r.destinationCIDRBlock = '0.0.0.0/0'
r.natGatewayId = g.status.atProvider.natGatewayId
c = self.resources.Cluster('eks.aws.crossplane.io/v1beta1', 'Cluster')
c.externalName = self.spec.cluster.name
c.spec.forProvider.region = self.spec.cluster.region
c.spec.forProvider.roleArn = self.compose_cluster_role()
c.spec.forProvider.version = self.spec.cluster.version
c.spec.forProvider.resourcesVpcConfig.subnetIds = publicSubnetIds + privateSubnetIds
c.spec.forProvider.tags = self.mtags()
def compose_network(self, public, *subnets):
access = 'public' if public else 'private'
subnetIds = []
for ix, subnet in enumerate(subnets):
zone = chr(ord('a') + ix)
s = self.resources[f"Subnet{access.capitalize()}{zone.capitalize()}"](
'ec2.aws.crossplane.io/v1beta1', 'Subnet'
)
s.spec.forProvider.region = self.spec.cluster.region
s.spec.forProvider.vpcId = self.status.vpcId
s.spec.forProvider.availabilityZone = f"{self.spec.cluster.region}{zone}"
s.spec.forProvider.cidrBlock = subnet
s.spec.forProvider.mapPublicIPOnLaunch = public
s.spec.forProvider.tags = self.tags(
f"Name = {self.spec.cluster.name}-{access}-{zone}",
f"kubernetes.io/cluster/{self.spec.cluster.name} = owned",
f"topology.kubernetes.io/zone = {self.spec.cluster.region}{zone}",
f"kubernetes.io/role/{'elb' if public else 'internal-elb'} = 1",
)
subnetIds.append(s.status.atProvider.subnetId)
t = self.resources[f"RouteTable{access.capitalize()}"](
'ec2.aws.crossplane.io/v1beta1', 'RouteTable'
)
t.spec.forProvider.region = self.spec.cluster.region
t.spec.forProvider.vpcId = self.status.vpcId
t.spec.forProvider.associations = [{'subnetId': subnetId} for subnetId in subnetIds]
t.spec.forProvider.ignoreRoutes = True
t.spec.forProvider.tags = self.tags(Name=f"{self.spec.cluster.name}-{access}")
return t.status.atProvider.routeTableId, subnetIds
def compose_cluster_role(self):
name = f"{self.spec.cluster.name}-cluster"
d = Map(Version='2012-10-17')
d.Statement[0].Effect = 'Allow'
d.Statement[0].Principal.Service = 'eks.amazonaws.com'
d.Statement[0].Action = 'sts:AssumeRole'
r = self.resources.RoleCluster('iam.aws.crossplane.io/v1beta1', 'Role')
r.externalName = name
r.spec.forProvider.assumeRolePolicyDocument = format(d, 'json')
r.spec.forProvider.tags = self.tags()
for policy in ('ClusterPolicy', 'VPCResourceController'):
a = self.resources[f"Rpa{policy}"]('iam.aws.crossplane.io/v1beta1', 'RolePolicyAttachment').spec.forProvider
a.roleName = r.status.atProvider.roleID and name
a.policyArn = f"arn:aws:iam::aws:policy/AmazonEKS{policy}"
return r.status.atProvider.arn
def tags(self, *args, **kwargs):
tags = []
for arg in args:
arg = arg.split('=', 1)
tags.append({'key': arg[0].strip(), 'value': arg[1].lstrip()})
tags.extend([{'key': k, 'value': v} for k,v in kwargs.items()])
if self.spec.tags:
tags.extend([{'key': k, 'value': v} for k,v in self.spec.tags])
return tags
def mtags(self, *args, **kwargs):
return {tag['key']: tag['value'] for tag in self.tags(*args, **kwargs)}