From c059c278203881766018e2565f46de7b197d31bf Mon Sep 17 00:00:00 2001 From: knottnt Date: Mon, 12 May 2025 10:49:26 -0700 Subject: [PATCH 1/4] Update go.mod --- go.mod | 1 + 1 file changed, 1 insertion(+) diff --git a/go.mod b/go.mod index ad60959..264febe 100644 --- a/go.mod +++ b/go.mod @@ -13,4 +13,5 @@ require ( k8s.io/apimachinery v0.32.1 k8s.io/client-go v0.32.1 sigs.k8s.io/controller-runtime v0.20.4 + ) From 01844884dbca5dfd912b6763f04590c0c6fd335c Mon Sep 17 00:00:00 2001 From: knottnt Date: Mon, 12 May 2025 10:52:21 -0700 Subject: [PATCH 2/4] Update go.mod --- go.mod | 1 - 1 file changed, 1 deletion(-) diff --git a/go.mod b/go.mod index 264febe..ad60959 100644 --- a/go.mod +++ b/go.mod @@ -13,5 +13,4 @@ require ( k8s.io/apimachinery v0.32.1 k8s.io/client-go v0.32.1 sigs.k8s.io/controller-runtime v0.20.4 - ) From 231d9cda4a0de76df2fe10106d661c9bd8e41ae4 Mon Sep 17 00:00:00 2001 From: knottnt Date: Tue, 13 May 2025 10:16:46 -0700 Subject: [PATCH 3/4] Generate empty controller - Generate Helm files - Generate basic controller Go code - Generate deployment files for controller - Generated changes to project files --- CONTRIBUTING.md | 74 ++- GOVERNANCE.md | 20 +- NOTICE | 3 +- apis/v1alpha1/ack-generate-metadata.yaml | 13 + apis/v1alpha1/doc.go | 4 + apis/v1alpha1/enums.go | 513 ++++++++++++++++++ apis/v1alpha1/generator.yaml | 14 + apis/v1alpha1/groupversion_info.go | 32 ++ apis/v1alpha1/types.go | 29 + cmd/controller/main.go | 206 +++++++ config/controller/deployment.yaml | 110 ++++ config/controller/kustomization.yaml | 9 + config/controller/service.yaml | 14 + .../services.k8s.aws_adoptedresources.yaml | 249 +++++++++ .../bases/services.k8s.aws_fieldexports.yaml | 144 +++++ config/crd/common/kustomization.yaml | 7 + config/crd/kustomization.yaml | 4 + config/default/kustomization.yaml | 20 + config/overlays/namespaced/kustomization.yaml | 15 + config/overlays/namespaced/role-binding.json | 3 + config/overlays/namespaced/role.json | 2 + config/rbac/cluster-role-binding.yaml | 12 + config/rbac/cluster-role-controller.yaml | 46 ++ config/rbac/kustomization.yaml | 8 + config/rbac/leader-election-role-binding.yaml | 14 + config/rbac/leader-election-role.yaml | 26 + config/rbac/role-reader.yaml | 15 + config/rbac/role-writer.yaml | 26 + config/rbac/service-account.yaml | 6 + go.mod | 81 ++- go.sum | 242 +++++++++ helm/Chart.yaml | 18 + .../services.k8s.aws_adoptedresources.yaml | 249 +++++++++ helm/crds/services.k8s.aws_fieldexports.yaml | 144 +++++ helm/templates/NOTES.txt | 16 + helm/templates/_helpers.tpl | 103 ++++ helm/templates/caches-role-binding.yaml | 26 + helm/templates/caches-role.yaml | 28 + helm/templates/cluster-role-binding.yaml | 36 ++ helm/templates/cluster-role-controller.yaml | 29 + helm/templates/deployment.yaml | 206 +++++++ .../leader-election-role-binding.yaml | 18 + helm/templates/leader-election-role.yaml | 30 + helm/templates/metrics-service.yaml | 29 + helm/templates/role-reader.yaml | 15 + helm/templates/role-writer.yaml | 26 + helm/templates/service-account.yaml | 18 + helm/values.schema.json | 301 ++++++++++ helm/values.yaml | 177 ++++++ pkg/resource/registry.go | 45 ++ pkg/version/version.go | 22 + 51 files changed, 3462 insertions(+), 35 deletions(-) create mode 100755 apis/v1alpha1/ack-generate-metadata.yaml create mode 100644 apis/v1alpha1/doc.go create mode 100644 apis/v1alpha1/enums.go create mode 100644 apis/v1alpha1/generator.yaml create mode 100644 apis/v1alpha1/groupversion_info.go create mode 100644 apis/v1alpha1/types.go create mode 100644 cmd/controller/main.go create mode 100644 config/controller/deployment.yaml create mode 100644 config/controller/kustomization.yaml create mode 100644 config/controller/service.yaml create mode 100644 config/crd/common/bases/services.k8s.aws_adoptedresources.yaml create mode 100644 config/crd/common/bases/services.k8s.aws_fieldexports.yaml create mode 100644 config/crd/common/kustomization.yaml create mode 100644 config/crd/kustomization.yaml create mode 100644 config/default/kustomization.yaml create mode 100644 config/overlays/namespaced/kustomization.yaml create mode 100644 config/overlays/namespaced/role-binding.json create mode 100644 config/overlays/namespaced/role.json create mode 100644 config/rbac/cluster-role-binding.yaml create mode 100644 config/rbac/cluster-role-controller.yaml create mode 100644 config/rbac/kustomization.yaml create mode 100644 config/rbac/leader-election-role-binding.yaml create mode 100644 config/rbac/leader-election-role.yaml create mode 100644 config/rbac/role-reader.yaml create mode 100644 config/rbac/role-writer.yaml create mode 100644 config/rbac/service-account.yaml create mode 100644 helm/Chart.yaml create mode 100644 helm/crds/services.k8s.aws_adoptedresources.yaml create mode 100644 helm/crds/services.k8s.aws_fieldexports.yaml create mode 100644 helm/templates/NOTES.txt create mode 100644 helm/templates/_helpers.tpl create mode 100644 helm/templates/caches-role-binding.yaml create mode 100644 helm/templates/caches-role.yaml create mode 100644 helm/templates/cluster-role-binding.yaml create mode 100644 helm/templates/cluster-role-controller.yaml create mode 100644 helm/templates/deployment.yaml create mode 100644 helm/templates/leader-election-role-binding.yaml create mode 100644 helm/templates/leader-election-role.yaml create mode 100644 helm/templates/metrics-service.yaml create mode 100644 helm/templates/role-reader.yaml create mode 100644 helm/templates/role-writer.yaml create mode 100644 helm/templates/service-account.yaml create mode 100644 helm/values.schema.json create mode 100644 helm/values.yaml create mode 100644 pkg/resource/registry.go create mode 100644 pkg/version/version.go diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 99fd57d..9da1461 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,59 +1,85 @@ # Contributing Guidelines -Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional -documentation, we greatly value feedback and contributions from our community. - -Please read through this document before submitting any issues or pull requests to ensure we have all the necessary -information to effectively respond to your bug report or contribution. +Thank you for your interest in contributing to our project. Whether it's a bug +report, new feature, correction, or additional documentation, we greatly value +feedback and contributions from our community. +Please read through this document before submitting any issues or pull requests +to ensure we have all the necessary information to effectively respond to your +bug report or contribution. ## Reporting Bugs/Feature Requests -We welcome you to use the GitHub issue tracker to report bugs or suggest features. +We welcome you to use the GitHub issue tracker to report bugs or suggest +features. -When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already -reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: +When filing an issue, please check existing open, or recently closed, issues to +make sure somebody else hasn't already reported the issue. Please try to +include as much information as you can. Details like these are incredibly +useful: * A reproducible test case or series of steps * The version of our code being used * Any modifications you've made relevant to the bug * Anything unusual about your environment or deployment - ## Contributing via Pull Requests -Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: + +Contributions via pull requests are much appreciated. Before sending us a pull +request, please ensure that: 1. You are working against the latest source on the *main* branch. -2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. -3. You open an issue to discuss any significant work - we would hate for your time to be wasted. +2. You check existing open, and recently merged, pull requests to make sure + someone else hasn't addressed the problem already. +3. You open an issue to discuss any significant work - we would hate for your + time to be wasted. To send us a pull request, please: 1. Fork the repository. -2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. +2. Modify the source; please focus on the specific change you are contributing. + If you also reformat all the code, it will be hard for us to focus on your + change. 3. Ensure local tests pass. 4. Commit to your fork using clear commit messages. -5. Send us a pull request, answering any default questions in the pull request interface. -6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. +5. Send us a pull request, answering any default questions in the pull request + interface. +6. Pay attention to any automated CI failures reported in the pull request, and + stay involved in the conversation. -GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and -[creating a pull request](https://help.github.com/articles/creating-a-pull-request/). +GitHub provides additional document on [forking a repository][fork] and +[creating a pull request][pr]. +[fork]: https://help.github.com/articles/fork-a-repo/ +[pr]: https://help.github.com/articles/creating-a-pull-request/ ## Finding contributions to work on -Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. +Looking at the existing issues is a great way to find something to contribute +on. As our projects, by default, use the default GitHub issue labels +(enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at +any 'help wanted' issues is a great place to start. + +## Developer documentation + +[See the documentation][dev-docs] for detailed development information. + +[dev-docs]: https://aws-controllers-k8s.github.io/community/docs/contributor-docs/overview/ ## Code of Conduct -This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). -For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact -opensource-codeofconduct@amazon.com with any additional questions or comments. +We adhere to the [Amazon Open Source Code of Conduct][coc]. + +[coc]: https://aws.github.io/code-of-conduct ## Security issue notifications -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. +If you discover a potential security issue in this project we ask that you +notify AWS/Amazon Security via our [vulnerability reporting page][vuln]. Please +do **not** create a public Github issue. + +[vuln]: http://aws.amazon.com/security/vulnerability-reporting/ -## Licensing +## License -See the [LICENSE](/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. +This project is [licensed][./LICENSE] under the Apache-2.0 License. diff --git a/GOVERNANCE.md b/GOVERNANCE.md index da749a9..c37b88a 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -1,18 +1,30 @@ # Project governance -This document lays out the guidelines under which the AWS Controllers for Kubernetes (ACK) project will be governed. +This document lays out the guidelines under which the AWS Controllers for Kubernetes (ACK) project will be governed. The goal is to make sure that the roles and responsibilities are well defined and clarify on how decisions are made. +## Roles + +In the context of ACK, we consider the following roles: + +* __Users__ ... everyone using ACK, typically willing to provide feedback on ACK by proposing features and/or filing issues. +* __Contributors__ ... everyone contributing code, documentation, examples, testing infra, and participating in feature proposals as well as design discussions. Code contributions will require a Developer Certificate of Origin (DCO). +* __Maintainers__ ... are responsible for engaging with and assisting contributors to iterate on the contributions until it reaches acceptable quality. Maintainers can decide whether the contributions can be accepted into the project or rejected. Any active contributor meeting the project quality can be made a Maintainer by the Advisory Board. +* __Advisory Board__ ... is responsible for defining the guidelines and processes that the project operates under. + +The initial members of the Advisory Board are `@jaypipes` and `@mhausenblas`. + + ## Communication -The primary mechanism for communication will be via the `#aws-controllers-k8s` channel on the Kubernetes Slack community. +The primary mechanism for communication will be via the `#provider-aws` channel on the Kubernetes Slack community. All features and bug fixes will be tracked as issues in GitHub. All decisions will be documented in GitHub issues. -In the future, we may consider using a public mailing list, which can be better archived. +In the future, we may consider using a public mailing list, which can be better archived. ## Roadmap Planning -Maintainers will share roadmap and release versions as milestones in GitHub. +Maintainers will share roadmap and release versions as milestones in GitHub. ## Release Management diff --git a/NOTICE b/NOTICE index cbf924b..b8d0d46 100644 --- a/NOTICE +++ b/NOTICE @@ -1,2 +1 @@ -Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. - +Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml new file mode 100755 index 0000000..8c1ad2e --- /dev/null +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -0,0 +1,13 @@ +ack_generate_info: + build_date: "2025-05-13T17:11:19Z" + build_hash: 55bf57b2806c33a7fcd074be403f26ce3f8e58db + go_version: go1.24.2 + version: v0.46.2 +api_directory_checksum: 41657ca253250d607ba6cf907c5a3b7f5a0874f9 +api_version: v1alpha1 +aws_sdk_go_version: v1.36.3 +generator_config_info: + file_checksum: 36ba09879a1cc17f57512f2a863484093ab8d975 + original_file_name: generator.yaml +last_modification: + reason: API generation diff --git a/apis/v1alpha1/doc.go b/apis/v1alpha1/doc.go new file mode 100644 index 0000000..a6508e4 --- /dev/null +++ b/apis/v1alpha1/doc.go @@ -0,0 +1,4 @@ +// +k8s:deepcopy-gen=package +// Package v1alpha1 is the v1alpha1 version of the bedrockagent.services.k8s.aws API. +// +groupName=bedrockagent.services.k8s.aws +package v1alpha1 diff --git a/apis/v1alpha1/enums.go b/apis/v1alpha1/enums.go new file mode 100644 index 0000000..ca16356 --- /dev/null +++ b/apis/v1alpha1/enums.go @@ -0,0 +1,513 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package v1alpha1 + +type ActionGroupSignature string + +const ( + ActionGroupSignature_AMAZON_CodeInterpreter ActionGroupSignature = "AMAZON.CodeInterpreter" + ActionGroupSignature_AMAZON_UserInput ActionGroupSignature = "AMAZON.UserInput" +) + +type ActionGroupState string + +const ( + ActionGroupState_DISABLED ActionGroupState = "DISABLED" + ActionGroupState_ENABLED ActionGroupState = "ENABLED" +) + +type AgentAliasStatus string + +const ( + AgentAliasStatus_CREATING AgentAliasStatus = "CREATING" + AgentAliasStatus_DELETING AgentAliasStatus = "DELETING" + AgentAliasStatus_DISSOCIATED AgentAliasStatus = "DISSOCIATED" + AgentAliasStatus_FAILED AgentAliasStatus = "FAILED" + AgentAliasStatus_PREPARED AgentAliasStatus = "PREPARED" + AgentAliasStatus_UPDATING AgentAliasStatus = "UPDATING" +) + +type AgentCollaboration string + +const ( + AgentCollaboration_DISABLED AgentCollaboration = "DISABLED" + AgentCollaboration_SUPERVISOR AgentCollaboration = "SUPERVISOR" + AgentCollaboration_SUPERVISOR_ROUTER AgentCollaboration = "SUPERVISOR_ROUTER" +) + +type AgentStatus string + +const ( + AgentStatus_CREATING AgentStatus = "CREATING" + AgentStatus_DELETING AgentStatus = "DELETING" + AgentStatus_FAILED AgentStatus = "FAILED" + AgentStatus_NOT_PREPARED AgentStatus = "NOT_PREPARED" + AgentStatus_PREPARED AgentStatus = "PREPARED" + AgentStatus_PREPARING AgentStatus = "PREPARING" + AgentStatus_UPDATING AgentStatus = "UPDATING" + AgentStatus_VERSIONING AgentStatus = "VERSIONING" +) + +type CachePointType string + +const ( + CachePointType_default CachePointType = "default" +) + +type ChunkingStrategy string + +const ( + ChunkingStrategy_FIXED_SIZE ChunkingStrategy = "FIXED_SIZE" + ChunkingStrategy_HIERARCHICAL ChunkingStrategy = "HIERARCHICAL" + ChunkingStrategy_NONE ChunkingStrategy = "NONE" + ChunkingStrategy_SEMANTIC ChunkingStrategy = "SEMANTIC" +) + +type ConfluenceAuthType string + +const ( + ConfluenceAuthType_BASIC ConfluenceAuthType = "BASIC" + ConfluenceAuthType_OAUTH2_CLIENT_CREDENTIALS ConfluenceAuthType = "OAUTH2_CLIENT_CREDENTIALS" +) + +type ConfluenceHostType string + +const ( + ConfluenceHostType_SAAS ConfluenceHostType = "SAAS" +) + +type ContentDataSourceType string + +const ( + ContentDataSourceType_CUSTOM ContentDataSourceType = "CUSTOM" + ContentDataSourceType_S3 ContentDataSourceType = "S3" +) + +type ConversationRole string + +const ( + ConversationRole_assistant ConversationRole = "assistant" + ConversationRole_user ConversationRole = "user" +) + +type CrawlFilterConfigurationType string + +const ( + CrawlFilterConfigurationType_PATTERN CrawlFilterConfigurationType = "PATTERN" +) + +type CreationMode string + +const ( + CreationMode_DEFAULT CreationMode = "DEFAULT" + CreationMode_OVERRIDDEN CreationMode = "OVERRIDDEN" +) + +type CustomControlMethod string + +const ( + CustomControlMethod_RETURN_CONTROL CustomControlMethod = "RETURN_CONTROL" +) + +type CustomSourceType string + +const ( + CustomSourceType_IN_LINE CustomSourceType = "IN_LINE" + CustomSourceType_S3_LOCATION CustomSourceType = "S3_LOCATION" +) + +type DataDeletionPolicy string + +const ( + DataDeletionPolicy_DELETE DataDeletionPolicy = "DELETE" + DataDeletionPolicy_RETAIN DataDeletionPolicy = "RETAIN" +) + +type DataSourceStatus string + +const ( + DataSourceStatus_AVAILABLE DataSourceStatus = "AVAILABLE" + DataSourceStatus_DELETE_UNSUCCESSFUL DataSourceStatus = "DELETE_UNSUCCESSFUL" + DataSourceStatus_DELETING DataSourceStatus = "DELETING" +) + +type DataSourceType string + +const ( + DataSourceType_CONFLUENCE DataSourceType = "CONFLUENCE" + DataSourceType_CUSTOM DataSourceType = "CUSTOM" + DataSourceType_REDSHIFT_METADATA DataSourceType = "REDSHIFT_METADATA" + DataSourceType_S3 DataSourceType = "S3" + DataSourceType_SALESFORCE DataSourceType = "SALESFORCE" + DataSourceType_SHAREPOINT DataSourceType = "SHAREPOINT" + DataSourceType_WEB DataSourceType = "WEB" +) + +type DocumentStatus string + +const ( + DocumentStatus_DELETE_IN_PROGRESS DocumentStatus = "DELETE_IN_PROGRESS" + DocumentStatus_DELETING DocumentStatus = "DELETING" + DocumentStatus_FAILED DocumentStatus = "FAILED" + DocumentStatus_IGNORED DocumentStatus = "IGNORED" + DocumentStatus_INDEXED DocumentStatus = "INDEXED" + DocumentStatus_IN_PROGRESS DocumentStatus = "IN_PROGRESS" + DocumentStatus_METADATA_PARTIALLY_INDEXED DocumentStatus = "METADATA_PARTIALLY_INDEXED" + DocumentStatus_METADATA_UPDATE_FAILED DocumentStatus = "METADATA_UPDATE_FAILED" + DocumentStatus_NOT_FOUND DocumentStatus = "NOT_FOUND" + DocumentStatus_PARTIALLY_INDEXED DocumentStatus = "PARTIALLY_INDEXED" + DocumentStatus_PENDING DocumentStatus = "PENDING" + DocumentStatus_STARTING DocumentStatus = "STARTING" +) + +type EmbeddingDataType string + +const ( + EmbeddingDataType_BINARY EmbeddingDataType = "BINARY" + EmbeddingDataType_FLOAT32 EmbeddingDataType = "FLOAT32" +) + +type FlowConnectionType string + +const ( + FlowConnectionType_Conditional FlowConnectionType = "Conditional" + FlowConnectionType_Data FlowConnectionType = "Data" +) + +type FlowNodeIODataType string + +const ( + FlowNodeIODataType_Array FlowNodeIODataType = "Array" + FlowNodeIODataType_Boolean FlowNodeIODataType = "Boolean" + FlowNodeIODataType_Number FlowNodeIODataType = "Number" + FlowNodeIODataType_Object FlowNodeIODataType = "Object" + FlowNodeIODataType_String FlowNodeIODataType = "String" +) + +type FlowNodeType string + +const ( + FlowNodeType_Agent FlowNodeType = "Agent" + FlowNodeType_Collector FlowNodeType = "Collector" + FlowNodeType_Condition FlowNodeType = "Condition" + FlowNodeType_Input FlowNodeType = "Input" + FlowNodeType_Iterator FlowNodeType = "Iterator" + FlowNodeType_KnowledgeBase FlowNodeType = "KnowledgeBase" + FlowNodeType_LambdaFunction FlowNodeType = "LambdaFunction" + FlowNodeType_Lex FlowNodeType = "Lex" + FlowNodeType_Output FlowNodeType = "Output" + FlowNodeType_Prompt FlowNodeType = "Prompt" + FlowNodeType_Retrieval FlowNodeType = "Retrieval" + FlowNodeType_Storage FlowNodeType = "Storage" +) + +type FlowStatus string + +const ( + FlowStatus_Failed FlowStatus = "Failed" + FlowStatus_NotPrepared FlowStatus = "NotPrepared" + FlowStatus_Prepared FlowStatus = "Prepared" + FlowStatus_Preparing FlowStatus = "Preparing" +) + +type FlowValidationSeverity string + +const ( + FlowValidationSeverity_Error FlowValidationSeverity = "Error" + FlowValidationSeverity_Warning FlowValidationSeverity = "Warning" +) + +type FlowValidationType string + +const ( + FlowValidationType_CyclicConnection FlowValidationType = "CyclicConnection" + FlowValidationType_DuplicateConditionExpression FlowValidationType = "DuplicateConditionExpression" + FlowValidationType_DuplicateConnections FlowValidationType = "DuplicateConnections" + FlowValidationType_IncompatibleConnectionDataType FlowValidationType = "IncompatibleConnectionDataType" + FlowValidationType_MalformedConditionExpression FlowValidationType = "MalformedConditionExpression" + FlowValidationType_MalformedNodeInputExpression FlowValidationType = "MalformedNodeInputExpression" + FlowValidationType_MismatchedNodeInputType FlowValidationType = "MismatchedNodeInputType" + FlowValidationType_MismatchedNodeOutputType FlowValidationType = "MismatchedNodeOutputType" + FlowValidationType_MissingConnectionConfiguration FlowValidationType = "MissingConnectionConfiguration" + FlowValidationType_MissingDefaultCondition FlowValidationType = "MissingDefaultCondition" + FlowValidationType_MissingEndingNodes FlowValidationType = "MissingEndingNodes" + FlowValidationType_MissingNodeConfiguration FlowValidationType = "MissingNodeConfiguration" + FlowValidationType_MissingNodeInput FlowValidationType = "MissingNodeInput" + FlowValidationType_MissingNodeOutput FlowValidationType = "MissingNodeOutput" + FlowValidationType_MissingStartingNodes FlowValidationType = "MissingStartingNodes" + FlowValidationType_MultipleNodeInputConnections FlowValidationType = "MultipleNodeInputConnections" + FlowValidationType_UnfulfilledNodeInput FlowValidationType = "UnfulfilledNodeInput" + FlowValidationType_UnknownConnectionCondition FlowValidationType = "UnknownConnectionCondition" + FlowValidationType_UnknownConnectionSource FlowValidationType = "UnknownConnectionSource" + FlowValidationType_UnknownConnectionSourceOutput FlowValidationType = "UnknownConnectionSourceOutput" + FlowValidationType_UnknownConnectionTarget FlowValidationType = "UnknownConnectionTarget" + FlowValidationType_UnknownConnectionTargetInput FlowValidationType = "UnknownConnectionTargetInput" + FlowValidationType_UnknownNodeInput FlowValidationType = "UnknownNodeInput" + FlowValidationType_UnknownNodeOutput FlowValidationType = "UnknownNodeOutput" + FlowValidationType_UnreachableNode FlowValidationType = "UnreachableNode" + FlowValidationType_UnsatisfiedConnectionConditions FlowValidationType = "UnsatisfiedConnectionConditions" + FlowValidationType_Unspecified FlowValidationType = "Unspecified" +) + +type IncludeExclude string + +const ( + IncludeExclude_EXCLUDE IncludeExclude = "EXCLUDE" + IncludeExclude_INCLUDE IncludeExclude = "INCLUDE" +) + +type IngestionJobFilterAttribute string + +const ( + IngestionJobFilterAttribute_STATUS IngestionJobFilterAttribute = "STATUS" +) + +type IngestionJobFilterOperator string + +const ( + IngestionJobFilterOperator_EQ IngestionJobFilterOperator = "EQ" +) + +type IngestionJobSortByAttribute string + +const ( + IngestionJobSortByAttribute_STARTED_AT IngestionJobSortByAttribute = "STARTED_AT" + IngestionJobSortByAttribute_STATUS IngestionJobSortByAttribute = "STATUS" +) + +type IngestionJobStatus string + +const ( + IngestionJobStatus_COMPLETE IngestionJobStatus = "COMPLETE" + IngestionJobStatus_FAILED IngestionJobStatus = "FAILED" + IngestionJobStatus_IN_PROGRESS IngestionJobStatus = "IN_PROGRESS" + IngestionJobStatus_STARTING IngestionJobStatus = "STARTING" + IngestionJobStatus_STOPPED IngestionJobStatus = "STOPPED" + IngestionJobStatus_STOPPING IngestionJobStatus = "STOPPING" +) + +type InlineContentType string + +const ( + InlineContentType_BYTE InlineContentType = "BYTE" + InlineContentType_TEXT InlineContentType = "TEXT" +) + +type KnowledgeBaseState string + +const ( + KnowledgeBaseState_DISABLED KnowledgeBaseState = "DISABLED" + KnowledgeBaseState_ENABLED KnowledgeBaseState = "ENABLED" +) + +type KnowledgeBaseStatus string + +const ( + KnowledgeBaseStatus_ACTIVE KnowledgeBaseStatus = "ACTIVE" + KnowledgeBaseStatus_CREATING KnowledgeBaseStatus = "CREATING" + KnowledgeBaseStatus_DELETE_UNSUCCESSFUL KnowledgeBaseStatus = "DELETE_UNSUCCESSFUL" + KnowledgeBaseStatus_DELETING KnowledgeBaseStatus = "DELETING" + KnowledgeBaseStatus_FAILED KnowledgeBaseStatus = "FAILED" + KnowledgeBaseStatus_UPDATING KnowledgeBaseStatus = "UPDATING" +) + +type KnowledgeBaseStorageType string + +const ( + KnowledgeBaseStorageType_MONGO_DB_ATLAS KnowledgeBaseStorageType = "MONGO_DB_ATLAS" + KnowledgeBaseStorageType_OPENSEARCH_SERVERLESS KnowledgeBaseStorageType = "OPENSEARCH_SERVERLESS" + KnowledgeBaseStorageType_PINECONE KnowledgeBaseStorageType = "PINECONE" + KnowledgeBaseStorageType_RDS KnowledgeBaseStorageType = "RDS" + KnowledgeBaseStorageType_REDIS_ENTERPRISE_CLOUD KnowledgeBaseStorageType = "REDIS_ENTERPRISE_CLOUD" +) + +type KnowledgeBaseType string + +const ( + KnowledgeBaseType_KENDRA KnowledgeBaseType = "KENDRA" + KnowledgeBaseType_SQL KnowledgeBaseType = "SQL" + KnowledgeBaseType_VECTOR KnowledgeBaseType = "VECTOR" +) + +type MemoryType string + +const ( + MemoryType_SESSION_SUMMARY MemoryType = "SESSION_SUMMARY" +) + +type MetadataSourceType string + +const ( + MetadataSourceType_IN_LINE_ATTRIBUTE MetadataSourceType = "IN_LINE_ATTRIBUTE" + MetadataSourceType_S3_LOCATION MetadataSourceType = "S3_LOCATION" +) + +type MetadataValueType string + +const ( + MetadataValueType_BOOLEAN MetadataValueType = "BOOLEAN" + MetadataValueType_NUMBER MetadataValueType = "NUMBER" + MetadataValueType_STRING MetadataValueType = "STRING" + MetadataValueType_STRING_LIST MetadataValueType = "STRING_LIST" +) + +type OrchestrationType string + +const ( + OrchestrationType_CUSTOM_ORCHESTRATION OrchestrationType = "CUSTOM_ORCHESTRATION" + OrchestrationType_DEFAULT OrchestrationType = "DEFAULT" +) + +type ParsingModality string + +const ( + ParsingModality_MULTIMODAL ParsingModality = "MULTIMODAL" +) + +type ParsingStrategy string + +const ( + ParsingStrategy_BEDROCK_DATA_AUTOMATION ParsingStrategy = "BEDROCK_DATA_AUTOMATION" + ParsingStrategy_BEDROCK_FOUNDATION_MODEL ParsingStrategy = "BEDROCK_FOUNDATION_MODEL" +) + +type PromptState string + +const ( + PromptState_DISABLED PromptState = "DISABLED" + PromptState_ENABLED PromptState = "ENABLED" +) + +type PromptTemplateType string + +const ( + PromptTemplateType_CHAT PromptTemplateType = "CHAT" + PromptTemplateType_TEXT PromptTemplateType = "TEXT" +) + +type PromptType string + +const ( + PromptType_KNOWLEDGE_BASE_RESPONSE_GENERATION PromptType = "KNOWLEDGE_BASE_RESPONSE_GENERATION" + PromptType_MEMORY_SUMMARIZATION PromptType = "MEMORY_SUMMARIZATION" + PromptType_ORCHESTRATION PromptType = "ORCHESTRATION" + PromptType_POST_PROCESSING PromptType = "POST_PROCESSING" + PromptType_PRE_PROCESSING PromptType = "PRE_PROCESSING" +) + +type QueryEngineType string + +const ( + QueryEngineType_REDSHIFT QueryEngineType = "REDSHIFT" +) + +type RedshiftProvisionedAuthType string + +const ( + RedshiftProvisionedAuthType_IAM RedshiftProvisionedAuthType = "IAM" + RedshiftProvisionedAuthType_USERNAME RedshiftProvisionedAuthType = "USERNAME" + RedshiftProvisionedAuthType_USERNAME_PASSWORD RedshiftProvisionedAuthType = "USERNAME_PASSWORD" +) + +type RedshiftQueryEngineStorageType string + +const ( + RedshiftQueryEngineStorageType_AWS_DATA_CATALOG RedshiftQueryEngineStorageType = "AWS_DATA_CATALOG" + RedshiftQueryEngineStorageType_REDSHIFT RedshiftQueryEngineStorageType = "REDSHIFT" +) + +type RedshiftQueryEngineType string + +const ( + RedshiftQueryEngineType_PROVISIONED RedshiftQueryEngineType = "PROVISIONED" + RedshiftQueryEngineType_SERVERLESS RedshiftQueryEngineType = "SERVERLESS" +) + +type RedshiftServerlessAuthType string + +const ( + RedshiftServerlessAuthType_IAM RedshiftServerlessAuthType = "IAM" + RedshiftServerlessAuthType_USERNAME_PASSWORD RedshiftServerlessAuthType = "USERNAME_PASSWORD" +) + +type RelayConversationHistory string + +const ( + RelayConversationHistory_DISABLED RelayConversationHistory = "DISABLED" + RelayConversationHistory_TO_COLLABORATOR RelayConversationHistory = "TO_COLLABORATOR" +) + +type RequireConfirmation string + +const ( + RequireConfirmation_DISABLED RequireConfirmation = "DISABLED" + RequireConfirmation_ENABLED RequireConfirmation = "ENABLED" +) + +type SalesforceAuthType string + +const ( + SalesforceAuthType_OAUTH2_CLIENT_CREDENTIALS SalesforceAuthType = "OAUTH2_CLIENT_CREDENTIALS" +) + +type SharePointAuthType string + +const ( + SharePointAuthType_OAUTH2_CLIENT_CREDENTIALS SharePointAuthType = "OAUTH2_CLIENT_CREDENTIALS" + SharePointAuthType_OAUTH2_SHAREPOINT_APP_ONLY_CLIENT_CREDENTIALS SharePointAuthType = "OAUTH2_SHAREPOINT_APP_ONLY_CLIENT_CREDENTIALS" +) + +type SharePointHostType string + +const ( + SharePointHostType_ONLINE SharePointHostType = "ONLINE" +) + +type SortOrder string + +const ( + SortOrder_ASCENDING SortOrder = "ASCENDING" + SortOrder_DESCENDING SortOrder = "DESCENDING" +) + +type StepType string + +const ( + StepType_POST_CHUNKING StepType = "POST_CHUNKING" +) + +type SupplementalDataStorageLocationType string + +const ( + SupplementalDataStorageLocationType_S3 SupplementalDataStorageLocationType = "S3" +) + +type Type string + +const ( + Type_array Type = "array" + Type_boolean Type = "boolean" + Type_integer Type = "integer" + Type_number Type = "number" + Type_string Type = "string" +) + +type WebScopeType string + +const ( + WebScopeType_HOST_ONLY WebScopeType = "HOST_ONLY" + WebScopeType_SUBDOMAINS WebScopeType = "SUBDOMAINS" +) diff --git a/apis/v1alpha1/generator.yaml b/apis/v1alpha1/generator.yaml new file mode 100644 index 0000000..7c1acdc --- /dev/null +++ b/apis/v1alpha1/generator.yaml @@ -0,0 +1,14 @@ +sdk_names: + model_name: bedrock-agent +ignore: + resource_names: + - Agent + - AgentActionGroup + - AgentAlias + - DataSource + - Flow + - FlowAlias + - FlowVersion + - KnowledgeBase + - Prompt + - PromptVersion diff --git a/apis/v1alpha1/groupversion_info.go b/apis/v1alpha1/groupversion_info.go new file mode 100644 index 0000000..55c992a --- /dev/null +++ b/apis/v1alpha1/groupversion_info.go @@ -0,0 +1,32 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is the API Group Version used to register the objects + GroupVersion = schema.GroupVersion{Group: "bedrockagent.services.k8s.aws", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/v1alpha1/types.go b/apis/v1alpha1/types.go new file mode 100644 index 0000000..9b23f5e --- /dev/null +++ b/apis/v1alpha1/types.go @@ -0,0 +1,29 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package v1alpha1 + +import ( + ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" + "github.com/aws/aws-sdk-go/aws" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// Hack to avoid import errors during build... +var ( + _ = &metav1.Time{} + _ = &aws.JSONValue{} + _ = ackv1alpha1.AWSAccountID("") +) diff --git a/cmd/controller/main.go b/cmd/controller/main.go new file mode 100644 index 0000000..66b81e1 --- /dev/null +++ b/cmd/controller/main.go @@ -0,0 +1,206 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package main + +import ( + "context" + "os" + + ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" + ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" + ackrt "github.com/aws-controllers-k8s/runtime/pkg/runtime" + acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" + ackrtutil "github.com/aws-controllers-k8s/runtime/pkg/util" + ackrtwebhook "github.com/aws-controllers-k8s/runtime/pkg/webhook" + flag "github.com/spf13/pflag" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrlrt "sigs.k8s.io/controller-runtime" + ctrlrtcache "sigs.k8s.io/controller-runtime/pkg/cache" + ctrlrthealthz "sigs.k8s.io/controller-runtime/pkg/healthz" + ctrlrtmetrics "sigs.k8s.io/controller-runtime/pkg/metrics" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + ctrlrtwebhook "sigs.k8s.io/controller-runtime/pkg/webhook" + + svctypes "github.com/aws-controllers-k8s/bedrockagent-controller/apis/v1alpha1" + svcresource "github.com/aws-controllers-k8s/bedrockagent-controller/pkg/resource" + + "github.com/aws-controllers-k8s/bedrockagent-controller/pkg/version" +) + +var ( + awsServiceAPIGroup = "bedrockagent.services.k8s.aws" + awsServiceAlias = "bedrockagent" + scheme = runtime.NewScheme() + setupLog = ctrlrt.Log.WithName("setup") +) + +func init() { + _ = clientgoscheme.AddToScheme(scheme) + + _ = svctypes.AddToScheme(scheme) + _ = ackv1alpha1.AddToScheme(scheme) +} + +func main() { + var ackCfg ackcfg.Config + ackCfg.BindFlags() + flag.Parse() + ackCfg.SetupLogger() + + managerFactories := svcresource.GetManagerFactories() + resourceGVKs := make([]schema.GroupVersionKind, 0, len(managerFactories)) + for _, mf := range managerFactories { + resourceGVKs = append(resourceGVKs, mf.ResourceDescriptor().GroupVersionKind()) + } + + ctx := context.Background() + if err := ackCfg.Validate(ctx, ackcfg.WithGVKs(resourceGVKs)); err != nil { + setupLog.Error( + err, "Unable to create controller manager", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + host, port, err := ackrtutil.GetHostPort(ackCfg.WebhookServerAddr) + if err != nil { + setupLog.Error( + err, "Unable to parse webhook server address.", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + watchNamespaces := make(map[string]ctrlrtcache.Config, 0) + namespaces, err := ackCfg.GetWatchNamespaces() + if err != nil { + setupLog.Error( + err, "Unable to parse watch namespaces.", + "aws.service", ackCfg.WatchNamespace, + ) + os.Exit(1) + } + + for _, namespace := range namespaces { + watchNamespaces[namespace] = ctrlrtcache.Config{} + } + watchSelectors, err := ackCfg.ParseWatchSelectors() + if err != nil { + setupLog.Error( + err, "Unable to parse watch selectors.", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + mgr, err := ctrlrt.NewManager(ctrlrt.GetConfigOrDie(), ctrlrt.Options{ + Scheme: scheme, + Cache: ctrlrtcache.Options{ + Scheme: scheme, + DefaultNamespaces: watchNamespaces, + DefaultLabelSelector: watchSelectors, + }, + WebhookServer: &ctrlrtwebhook.DefaultServer{ + Options: ctrlrtwebhook.Options{ + Port: port, + Host: host, + }, + }, + Metrics: metricsserver.Options{BindAddress: ackCfg.MetricsAddr}, + LeaderElection: ackCfg.EnableLeaderElection, + LeaderElectionID: "ack-" + awsServiceAPIGroup, + LeaderElectionNamespace: ackCfg.LeaderElectionNamespace, + HealthProbeBindAddress: ackCfg.HealthzAddr, + LivenessEndpointName: "/healthz", + ReadinessEndpointName: "/readyz", + }) + if err != nil { + setupLog.Error( + err, "unable to create controller manager", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + stopChan := ctrlrt.SetupSignalHandler() + + setupLog.Info( + "initializing service controller", + "aws.service", awsServiceAlias, + ) + sc := ackrt.NewServiceController( + awsServiceAlias, awsServiceAPIGroup, + acktypes.VersionInfo{ + version.GitCommit, + version.GitVersion, + version.BuildDate, + }, + ).WithLogger( + ctrlrt.Log, + ).WithResourceManagerFactories( + svcresource.GetManagerFactories(), + ).WithPrometheusRegistry( + ctrlrtmetrics.Registry, + ) + + if ackCfg.EnableWebhookServer { + webhooks := ackrtwebhook.GetWebhooks() + for _, webhook := range webhooks { + if err := webhook.Setup(mgr); err != nil { + setupLog.Error( + err, "unable to register webhook "+webhook.UID(), + "aws.service", awsServiceAlias, + ) + } + } + } + + if err = sc.BindControllerManager(mgr, ackCfg); err != nil { + setupLog.Error( + err, "unable bind to controller manager to service controller", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + if err = mgr.AddHealthzCheck("health", ctrlrthealthz.Ping); err != nil { + setupLog.Error( + err, "unable to set up health check", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + if err = mgr.AddReadyzCheck("check", ctrlrthealthz.Ping); err != nil { + setupLog.Error( + err, "unable to set up ready check", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + setupLog.Info( + "starting manager", + "aws.service", awsServiceAlias, + ) + if err := mgr.Start(stopChan); err != nil { + setupLog.Error( + err, "unable to start controller manager", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } +} diff --git a/config/controller/deployment.yaml b/config/controller/deployment.yaml new file mode 100644 index 0000000..ab105a1 --- /dev/null +++ b/config/controller/deployment.yaml @@ -0,0 +1,110 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ack-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ack-bedrockagent-controller + namespace: ack-system + labels: + app.kubernetes.io/name: ack-bedrockagent-controller + app.kubernetes.io/part-of: ack-system +spec: + selector: + matchLabels: + app.kubernetes.io/name: ack-bedrockagent-controller + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: ack-bedrockagent-controller + spec: + containers: + - command: + - ./bin/controller + args: + - --aws-region + - "$(AWS_REGION)" + - --aws-endpoint-url + - "$(AWS_ENDPOINT_URL)" + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - "$(ACK_LOG_LEVEL)" + - --resource-tags + - "$(ACK_RESOURCE_TAGS)" + - --watch-namespace + - "$(ACK_WATCH_NAMESPACE)" + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - "$(LEADER_ELECTION_NAMESPACE)" + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" + - --feature-gates + - "$(FEATURE_GATES)" + image: controller:latest + name: controller + ports: + - name: http + containerPort: 8080 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AWS_REGION + value: "" + - name: AWS_ENDPOINT_URL + value: "" + - name: ACK_WATCH_NAMESPACE + value: "" + - name: ACK_ENABLE_DEVELOPMENT_LOGGING + value: "false" + - name: ACK_LOG_LEVEL + value: "info" + - name: ACK_RESOURCE_TAGS + value: "services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION%,services.k8s.aws/namespace=%K8S_NAMESPACE%" + - name: ENABLE_LEADER_ELECTION + value: "false" + - name: LEADER_ELECTION_NAMESPACE + value: "ack-system" + - name: "RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS" + value: "1" + - name: "FEATURE_GATES" + value: "" + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + capabilities: + drop: + - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 10 + serviceAccountName: ack-bedrockagent-controller + hostIPC: false + hostPID: false + hostNetwork: false + dnsPolicy: ClusterFirst diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml new file mode 100644 index 0000000..f5c091d --- /dev/null +++ b/config/controller/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: public.ecr.aws/aws-controllers-k8s/bedrockagent-controller + newTag: 0.0.0-non-release-version diff --git a/config/controller/service.yaml b/config/controller/service.yaml new file mode 100644 index 0000000..d4ec8e3 --- /dev/null +++ b/config/controller/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: ack-bedrockagent-metrics-service + namespace: ack-system +spec: + selector: + app.kubernetes.io/name: ack-bedrockagent-controller + ports: + - name: metricsport + port: 8080 + targetPort: http + protocol: TCP + type: NodePort diff --git a/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml b/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml new file mode 100644 index 0000000..b7be322 --- /dev/null +++ b/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml @@ -0,0 +1,249 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: adoptedresources.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: AdoptedResource + listKind: AdoptedResourceList + plural: adoptedresources + singular: adoptedresource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AdoptedResource is the schema for the AdoptedResource API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AdoptedResourceSpec defines the desired state of the AdoptedResource. + properties: + aws: + description: AWSIdentifiers provide all unique ways to reference an + AWS resource. + properties: + additionalKeys: + additionalProperties: + type: string + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. + type: object + arn: + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. + type: string + nameOrID: + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. + type: string + type: object + kubernetes: + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. + properties: + group: + type: string + kind: + type: string + metadata: + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + type: string + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. + items: + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - group + - kind + type: object + required: + - aws + - kubernetes + type: object + status: + description: AdoptedResourceStatus defines the observed status of the + AdoptedResource. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/common/bases/services.k8s.aws_fieldexports.yaml b/config/crd/common/bases/services.k8s.aws_fieldexports.yaml new file mode 100644 index 0000000..49b4f38 --- /dev/null +++ b/config/crd/common/bases/services.k8s.aws_fieldexports.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: fieldexports.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: FieldExport + listKind: FieldExportList + plural: fieldexports + singular: fieldexport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FieldExport is the schema for the FieldExport API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FieldExportSpec defines the desired state of the FieldExport. + properties: + from: + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. + properties: + path: + type: string + resource: + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - group + - kind + - name + type: object + required: + - path + - resource + type: object + to: + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. + properties: + key: + description: Key overrides the default value (`.`) + for the FieldExport target + type: string + kind: + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation + enum: + - configmap + - secret + type: string + name: + type: string + namespace: + description: Namespace is marked as optional, so we cannot compose + `NamespacedName` + type: string + required: + - kind + - name + type: object + required: + - from + - to + type: object + status: + description: FieldExportStatus defines the observed status of the FieldExport. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/common/kustomization.yaml b/config/crd/common/kustomization.yaml new file mode 100644 index 0000000..96349f6 --- /dev/null +++ b/config/crd/common/kustomization.yaml @@ -0,0 +1,7 @@ +# Code generated in runtime. DO NOT EDIT. + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bases/services.k8s.aws_adoptedresources.yaml + - bases/services.k8s.aws_fieldexports.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml new file mode 100644 index 0000000..ea0b795 --- /dev/null +++ b/config/crd/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - common diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 0000000..c89f8ed --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,20 @@ +# Adds namespace to all resources. +# namespace: + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +# namePrefix: + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +resources: +- ../crd +- ../rbac +- ../controller + +patchesStrategicMerge: diff --git a/config/overlays/namespaced/kustomization.yaml b/config/overlays/namespaced/kustomization.yaml new file mode 100644 index 0000000..c7113b2 --- /dev/null +++ b/config/overlays/namespaced/kustomization.yaml @@ -0,0 +1,15 @@ +resources: +- ../../default +patches: +- path: role.json + target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: ack-bedrockagent-controller +- path: role-binding.json + target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRoleBinding + name: ack-bedrockagent-controller-rolebinding \ No newline at end of file diff --git a/config/overlays/namespaced/role-binding.json b/config/overlays/namespaced/role-binding.json new file mode 100644 index 0000000..83e46c5 --- /dev/null +++ b/config/overlays/namespaced/role-binding.json @@ -0,0 +1,3 @@ +[{"op": "replace", "path": "/kind", "value": "RoleBinding"}, +{"op": "add", "path": "/metadata/namespace", "value": "ack-system"}, +{"op": "replace", "path": "/roleRef/kind", "value": "Role"}] \ No newline at end of file diff --git a/config/overlays/namespaced/role.json b/config/overlays/namespaced/role.json new file mode 100644 index 0000000..deddee7 --- /dev/null +++ b/config/overlays/namespaced/role.json @@ -0,0 +1,2 @@ +[{"op": "replace", "path": "/kind", "value": "Role"}, +{"op": "add", "path": "/metadata/namespace", "value": "ack-system"}] \ No newline at end of file diff --git a/config/rbac/cluster-role-binding.yaml b/config/rbac/cluster-role-binding.yaml new file mode 100644 index 0000000..f699a4d --- /dev/null +++ b/config/rbac/cluster-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ack-bedrockagent-controller-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ack-bedrockagent-controller +subjects: +- kind: ServiceAccount + name: ack-bedrockagent-controller + namespace: ack-system diff --git a/config/rbac/cluster-role-controller.yaml b/config/rbac/cluster-role-controller.yaml new file mode 100644 index 0000000..b107584 --- /dev/null +++ b/config/rbac/cluster-role-controller.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-bedrockagent-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + - fieldexports/status + verbs: + - get + - patch + - update diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 0000000..d9acdee --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,8 @@ +resources: +- cluster-role-binding.yaml +- cluster-role-controller.yaml +- role-reader.yaml +- role-writer.yaml +- service-account.yaml +- leader-election-role.yaml +- leader-election-role-binding.yaml diff --git a/config/rbac/leader-election-role-binding.yaml b/config/rbac/leader-election-role-binding.yaml new file mode 100644 index 0000000..5348863 --- /dev/null +++ b/config/rbac/leader-election-role-binding.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: ack-system + name: bedrockagent-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: bedrockagent-leader-election-role +subjects: +- kind: ServiceAccount + name: ack-bedrockagent-controller + namespace: ack-system diff --git a/config/rbac/leader-election-role.yaml b/config/rbac/leader-election-role.yaml new file mode 100644 index 0000000..ec659b2 --- /dev/null +++ b/config/rbac/leader-election-role.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: bedrockagent-leader-election-role + namespace: ack-system +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/role-reader.yaml b/config/rbac/role-reader.yaml new file mode 100644 index 0000000..951f604 --- /dev/null +++ b/config/rbac/role-reader.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-bedrockagent-reader + namespace: default +rules: +- apiGroups: + - bedrockagent.services.k8s.aws + resources: + verbs: + - get + - list + - watch diff --git a/config/rbac/role-writer.yaml b/config/rbac/role-writer.yaml new file mode 100644 index 0000000..f148c09 --- /dev/null +++ b/config/rbac/role-writer.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-bedrockagent-writer + namespace: default +rules: +- apiGroups: + - bedrockagent.services.k8s.aws + resources: + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bedrockagent.services.k8s.aws + resources: + verbs: + - get + - patch + - update diff --git a/config/rbac/service-account.yaml b/config/rbac/service-account.yaml new file mode 100644 index 0000000..2c7a9bb --- /dev/null +++ b/config/rbac/service-account.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ack-bedrockagent-controller + namespace: ack-system diff --git a/go.mod b/go.mod index ad60959..954d2a3 100644 --- a/go.mod +++ b/go.mod @@ -1,16 +1,87 @@ -module github.com/aws-controllers-k8s/bedrock-agent-controller +module github.com/aws-controllers-k8s/bedrockagent-controller go 1.24.2 require ( github.com/aws-controllers-k8s/runtime v0.45.0 github.com/aws/aws-sdk-go v1.55.7 - github.com/aws/aws-sdk-go-v2 v1.36.3 - github.com/aws/smithy-go v1.22.2 - github.com/go-logr/logr v1.4.2 github.com/spf13/pflag v1.0.5 - k8s.io/api v0.32.1 k8s.io/apimachinery v0.32.1 k8s.io/client-go v0.32.1 sigs.k8s.io/controller-runtime v0.20.4 ) + +require ( + github.com/aws/aws-sdk-go-v2 v1.32.7 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.6 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.47 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect + github.com/aws/smithy-go v1.22.2 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.11 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/zapr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.1.3 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/itchyny/gojq v0.12.6 // indirect + github.com/itchyny/timefmt-go v0.1.3 // indirect + github.com/jaypipes/envutil v1.0.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/samber/lo v1.37.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/net v0.37.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sync v0.12.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/term v0.30.0 // indirect + golang.org/x/text v0.23.0 // indirect + golang.org/x/time v0.7.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/protobuf v1.35.1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.32.1 // indirect + k8s.io/apiextensions-apiserver v0.32.1 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/go.sum b/go.sum index e69de29..b9d570e 100644 --- a/go.sum +++ b/go.sum @@ -0,0 +1,242 @@ +github.com/aws-controllers-k8s/runtime v0.45.0 h1:b0xCqIE1SNve/jcJPW/QkCGkDmjxWtWTDFHKZpHJcFQ= +github.com/aws-controllers-k8s/runtime v0.45.0/go.mod h1:G2UMBKA7qgXG4JV16NTIUp715uqvUEvWaa7TG1I527U= +github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= +github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.32.7 h1:ky5o35oENWi0JYWUZkB7WYvVPP+bcRF5/Iq7JWSb5Rw= +github.com/aws/aws-sdk-go-v2 v1.32.7/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo= +github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko= +github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw= +github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 h1:I/5wmGMffY4happ8NOCuIUEWGUvvFp5NSeQcXl9RHcI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26/go.mod h1:FR8f4turZtNy6baO0KJ5FJUmXH/cSkI9fOngs0yl6mA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 h1:zXFLuEuMMUOvEARXFUVJdfqZ4bvvSgdGRq/ATcrQxzM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26/go.mod h1:3o2Wpy0bogG1kyOPrgkXA8pgIfEEv0+m19O9D5+W8y8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6/go.mod h1:URronUEGfXZN1VpdktPSD1EkAL9mfrV+2F4sjH38qOY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 h1:s4074ZO1Hk8qv65GqNXqDjmkf4HSQqJukaLuuW0TpDA= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.2/go.mod h1:mVggCnIWoM09jP71Wh+ea7+5gAp53q+49wDFs1SW5z8= +github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= +github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= +github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/itchyny/gojq v0.12.6 h1:VjaFn59Em2wTxDNGcrRkDK9ZHMNa8IksOgL13sLL4d0= +github.com/itchyny/gojq v0.12.6/go.mod h1:ZHrkfu7A+RbZLy5J1/JKpS4poEqrzItSTGDItqsfP0A= +github.com/itchyny/timefmt-go v0.1.3 h1:7M3LGVDsqcd0VZH2U+x393obrzZisp7C0uEe921iRkU= +github.com/itchyny/timefmt-go v0.1.3/go.mod h1:0osSSCQSASBJMsIZnhAaF1C2fCBTJZXrnj37mG8/c+A= +github.com/jaypipes/envutil v1.0.0 h1:u6Vwy9HwruFihoZrL0bxDLCa/YNadGVwKyPElNmZWow= +github.com/jaypipes/envutil v1.0.0/go.mod h1:vgIRDly+xgBq0eeZRcflOHMMobMwgC6MkMbxo/Nw65M= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= +github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/samber/lo v1.37.0 h1:XjVcB8g6tgUp8rsPsJ2CvhClfImrpL04YpQHXeHPhRw= +github.com/samber/lo v1.37.0/go.mod h1:9vaz2O4o8oOnK23pd2TrXufcbdbJIa3b6cstBWKpopA= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= +golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU= +golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= +k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw= +k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= +sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..09b9066 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +name: bedrockagent-chart +description: A Helm chart for the ACK service controller for Amazon Bedrock (Bedrock) +version: 0.0.0-non-release-version +appVersion: 0.0.0-non-release-version +home: https://github.com/aws-controllers-k8s/bedrockagent-controller +icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png +sources: + - https://github.com/aws-controllers-k8s/bedrockagent-controller +maintainers: + - name: ACK Admins + url: https://github.com/orgs/aws-controllers-k8s/teams/ack-admin + - name: Bedrock Admins + url: https://github.com/orgs/aws-controllers-k8s/teams/bedrockagent-maintainer +keywords: + - aws + - kubernetes + - bedrockagent diff --git a/helm/crds/services.k8s.aws_adoptedresources.yaml b/helm/crds/services.k8s.aws_adoptedresources.yaml new file mode 100644 index 0000000..b7be322 --- /dev/null +++ b/helm/crds/services.k8s.aws_adoptedresources.yaml @@ -0,0 +1,249 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: adoptedresources.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: AdoptedResource + listKind: AdoptedResourceList + plural: adoptedresources + singular: adoptedresource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AdoptedResource is the schema for the AdoptedResource API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AdoptedResourceSpec defines the desired state of the AdoptedResource. + properties: + aws: + description: AWSIdentifiers provide all unique ways to reference an + AWS resource. + properties: + additionalKeys: + additionalProperties: + type: string + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. + type: object + arn: + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. + type: string + nameOrID: + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. + type: string + type: object + kubernetes: + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. + properties: + group: + type: string + kind: + type: string + metadata: + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + type: string + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. + items: + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - group + - kind + type: object + required: + - aws + - kubernetes + type: object + status: + description: AdoptedResourceStatus defines the observed status of the + AdoptedResource. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/helm/crds/services.k8s.aws_fieldexports.yaml b/helm/crds/services.k8s.aws_fieldexports.yaml new file mode 100644 index 0000000..49b4f38 --- /dev/null +++ b/helm/crds/services.k8s.aws_fieldexports.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: fieldexports.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: FieldExport + listKind: FieldExportList + plural: fieldexports + singular: fieldexport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FieldExport is the schema for the FieldExport API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FieldExportSpec defines the desired state of the FieldExport. + properties: + from: + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. + properties: + path: + type: string + resource: + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - group + - kind + - name + type: object + required: + - path + - resource + type: object + to: + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. + properties: + key: + description: Key overrides the default value (`.`) + for the FieldExport target + type: string + kind: + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation + enum: + - configmap + - secret + type: string + name: + type: string + namespace: + description: Namespace is marked as optional, so we cannot compose + `NamespacedName` + type: string + required: + - kind + - name + type: object + required: + - from + - to + type: object + status: + description: FieldExportStatus defines the observed status of the FieldExport. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt new file mode 100644 index 0000000..3011e93 --- /dev/null +++ b/helm/templates/NOTES.txt @@ -0,0 +1,16 @@ +{{ .Chart.Name }} has been installed. +This chart deploys "public.ecr.aws/aws-controllers-k8s/bedrockagent-controller:0.0.0-non-release-version". + +Check its status by running: + kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" + +You are now able to create Amazon Bedrock (Bedrock) resources! + +The controller is running in "{{ .Values.installScope }}" mode. +The controller is configured to manage AWS resources in region: "{{ .Values.aws.region }}" + +Visit https://aws-controllers-k8s.github.io/community/reference/ for an API +reference of all the resources that can be created using this controller. + +For more information on the AWS Controllers for Kubernetes (ACK) project, visit: +https://aws-controllers-k8s.github.io/community/ diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 0000000..5a84fdc --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,103 @@ +{{/* The name of the application this chart installs */}} +{{- define "ack-bedrockagent-controller.app.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ack-bedrockagent-controller.app.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* The name and version as used by the chart label */}} +{{- define "ack-bedrockagent-controller.chart.name-version" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* The name of the service account to use */}} +{{- define "ack-bedrockagent-controller.service-account.name" -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} + +{{- define "ack-bedrockagent-controller.watch-namespace" -}} +{{- if eq .Values.installScope "namespace" -}} +{{ .Values.watchNamespace | default .Release.Namespace }} +{{- end -}} +{{- end -}} + +{{/* The mount path for the shared credentials file */}} +{{- define "ack-bedrockagent-controller.aws.credentials.secret_mount_path" -}} +{{- "/var/run/secrets/aws" -}} +{{- end -}} + +{{/* The path the shared credentials file is mounted */}} +{{- define "ack-bedrockagent-controller.aws.credentials.path" -}} +{{ $secret_mount_path := include "ack-bedrockagent-controller.aws.credentials.secret_mount_path" . }} +{{- printf "%s/%s" $secret_mount_path .Values.aws.credentials.secretKey -}} +{{- end -}} + +{{/* The rules a of ClusterRole or Role */}} +{{- define "ack-bedrockagent-controller.rbac-rules" -}} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + - fieldexports/status + verbs: + - get + - patch + - update +{{- end }} + +{{/* Convert k/v map to string like: "key1=value1,key2=value2,..." */}} +{{- define "ack-bedrockagent-controller.feature-gates" -}} +{{- $list := list -}} +{{- range $k, $v := .Values.featureGates -}} +{{- $list = append $list (printf "%s=%s" $k ( $v | toString)) -}} +{{- end -}} +{{ join "," $list }} +{{- end -}} diff --git a/helm/templates/caches-role-binding.yaml b/helm/templates/caches-role-binding.yaml new file mode 100644 index 0000000..0f14ed2 --- /dev/null +++ b/helm/templates/caches-role-binding.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ack-namespaces-cache-bedrockagent-controller +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: ack-namespaces-cache-bedrockagent-controller +subjects: +- kind: ServiceAccount + name: {{ include "ack-bedrockagent-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ack-configmaps-cache-bedrockagent-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: ack-configmaps-cache-bedrockagent-controller +subjects: +- kind: ServiceAccount + name: {{ include "ack-bedrockagent-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} diff --git a/helm/templates/caches-role.yaml b/helm/templates/caches-role.yaml new file mode 100644 index 0000000..54cd0d5 --- /dev/null +++ b/helm/templates/caches-role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-namespaces-cache-bedrockagent-controller +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ack-configmaps-cache-bedrockagent-controller + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/helm/templates/cluster-role-binding.yaml b/helm/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..d43f691 --- /dev/null +++ b/helm/templates/cluster-role-binding.yaml @@ -0,0 +1,36 @@ +{{ if eq .Values.installScope "cluster" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ack-bedrockagent-controller.app.fullname" . }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: ack-bedrockagent-controller +subjects: +- kind: ServiceAccount + name: {{ include "ack-bedrockagent-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-bedrockagent-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ $fullname := include "ack-bedrockagent-controller.app.fullname" . }} +{{ $releaseNamespace := .Release.Namespace }} +{{ $serviceAccountName := include "ack-bedrockagent-controller.service-account.name" . }} +{{ range $namespaces }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $fullname }} + namespace: {{ . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: ack-bedrockagent-controller +subjects: +- kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $releaseNamespace }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/helm/templates/cluster-role-controller.yaml b/helm/templates/cluster-role-controller.yaml new file mode 100644 index 0000000..3f9f4b5 --- /dev/null +++ b/helm/templates/cluster-role-controller.yaml @@ -0,0 +1,29 @@ +{{ $labels := .Values.role.labels }} +{{ $rbacRules := include "ack-bedrockagent-controller.rbac-rules" . }} +{{ if eq .Values.installScope "cluster" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-bedrockagent-controller + labels: + {{- range $key, $value := $labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{$rbacRules }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-bedrockagent-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ range $namespaces }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ack-bedrockagent-controller + namespace: {{ . }} + labels: + {{- range $key, $value := $labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{ $rbacRules }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 0000000..e6855df --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,206 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ack-bedrockagent-controller.app.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagent-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagent-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagent-controller.chart.name-version" . }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "ack-bedrockagent-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: +{{- if .Values.deployment.annotations }} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagent-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + k8s-app: {{ include "ack-bedrockagent-controller.app.name" . }} +{{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + spec: + serviceAccountName: {{ include "ack-bedrockagent-controller.service-account.name" . }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - command: + - ./bin/controller + args: + - --aws-region + - "$(AWS_REGION)" + - --aws-endpoint-url + - "$(AWS_ENDPOINT_URL)" +{{- if .Values.log.enable_development_logging }} + - --enable-development-logging +{{- end }} + - --log-level + - "$(ACK_LOG_LEVEL)" + - --resource-tags + - "$(ACK_RESOURCE_TAGS)" + - --watch-namespace + - "$(ACK_WATCH_NAMESPACE)" + - --watch-selectors + - "$(ACK_WATCH_SELECTORS)" + - --reconcile-resources + - "$(RECONCILE_RESOURCES)" + - --deletion-policy + - "$(DELETION_POLICY)" +{{- if .Values.leaderElection.enabled }} + - --enable-leader-election + - --leader-election-namespace + - "$(LEADER_ELECTION_NAMESPACE)" +{{- end }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} + - --reconcile-default-resync-seconds + - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)" +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} + - --reconcile-resource-resync-seconds + - "$(RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }})" +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - --reconcile-resource-max-concurrent-syncs + - "$(RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }})" +{{- end }} +{{- if .Values.featureGates}} + - --feature-gates + - "$(FEATURE_GATES)" +{{- end }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: controller + ports: + - name: http + containerPort: {{ .Values.deployment.containerPort }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AWS_REGION + value: {{ .Values.aws.region }} + - name: AWS_ENDPOINT_URL + value: {{ .Values.aws.endpoint_url | quote }} + - name: ACK_WATCH_NAMESPACE + value: {{ include "ack-bedrockagent-controller.watch-namespace" . }} + - name: ACK_WATCH_SELECTORS + value: {{ .Values.watchSelectors }} + - name: RECONCILE_RESOURCES + value: {{ join "," .Values.reconcile.resources | quote }} + - name: DELETION_POLICY + value: {{ .Values.deletionPolicy }} + - name: LEADER_ELECTION_NAMESPACE + value: {{ .Values.leaderElection.namespace | quote }} + - name: ACK_LOG_LEVEL + value: {{ .Values.log.level | quote }} + - name: ACK_RESOURCE_TAGS + value: {{ join "," .Values.resourceTags | quote }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} + - name: RECONCILE_DEFAULT_RESYNC_SECONDS + value: {{ .Values.reconcile.defaultResyncPeriod | quote }} +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} + - name: RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }} + value: {{ $key }}={{ $value }} +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - name: RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS + value: {{ .Values.reconcile.defaultMaxConcurrentSyncs | quote }} +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - name: RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }} + value: {{ $key }}={{ $value }} +{{- end }} +{{- if .Values.featureGates}} + - name: FEATURE_GATES + value: {{ include "ack-bedrockagent-controller.feature-gates" . }} +{{- end }} + {{- if .Values.aws.credentials.secretName }} + - name: AWS_SHARED_CREDENTIALS_FILE + value: {{ include "ack-bedrockagent-controller.aws.credentials.path" . }} + - name: AWS_PROFILE + value: {{ .Values.aws.credentials.profile }} + {{- end }} + {{- if .Values.deployment.extraEnvVars -}} + {{ toYaml .Values.deployment.extraEnvVars | nindent 8 }} + {{- end }} + volumeMounts: + {{- if .Values.aws.credentials.secretName }} + - name: {{ .Values.aws.credentials.secretName }} + mountPath: {{ include "ack-bedrockagent-controller.aws.credentials.secret_mount_path" . }} + readOnly: true + {{- end }} + {{- if .Values.deployment.extraVolumeMounts -}} + {{ toYaml .Values.deployment.extraVolumeMounts | nindent 10 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 10 + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + {{ if .Values.deployment.tolerations -}} + tolerations: {{ toYaml .Values.deployment.tolerations | nindent 8 }} + {{ end -}} + {{ if .Values.deployment.affinity -}} + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + {{ end -}} + {{ if .Values.deployment.priorityClassName -}} + priorityClassName: {{ .Values.deployment.priorityClassName }} + {{ end -}} + hostIPC: false + hostPID: false + hostNetwork: {{ .Values.deployment.hostNetwork }} + dnsPolicy: {{ .Values.deployment.dnsPolicy }} + volumes: + {{- if .Values.aws.credentials.secretName }} + - name: {{ .Values.aws.credentials.secretName }} + secret: + secretName: {{ .Values.aws.credentials.secretName }} + {{- end }} +{{- if .Values.deployment.extraVolumes }} +{{ toYaml .Values.deployment.extraVolumes | indent 8}} +{{- end }} diff --git a/helm/templates/leader-election-role-binding.yaml b/helm/templates/leader-election-role-binding.yaml new file mode 100644 index 0000000..ad4fb99 --- /dev/null +++ b/helm/templates/leader-election-role-binding.yaml @@ -0,0 +1,18 @@ +{{ if .Values.leaderElection.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: bedrockagent-leader-election-rolebinding +{{ if .Values.leaderElection.namespace }} + namespace: {{ .Values.leaderElection.namespace }} +{{ else }} + namespace: {{ .Release.Namespace }} +{{ end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: bedrockagent-leader-election-role +subjects: +- kind: ServiceAccount + name: {{ include "ack-bedrockagent-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }}{{- end }} diff --git a/helm/templates/leader-election-role.yaml b/helm/templates/leader-election-role.yaml new file mode 100644 index 0000000..c282706 --- /dev/null +++ b/helm/templates/leader-election-role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.leaderElection.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: bedrockagent-leader-election-role +{{ if .Values.leaderElection.namespace }} + namespace: {{ .Values.leaderElection.namespace }} +{{ else }} + namespace: {{ .Release.Namespace }} +{{ end }} +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch{{- end }} diff --git a/helm/templates/metrics-service.yaml b/helm/templates/metrics-service.yaml new file mode 100644 index 0000000..d0625dc --- /dev/null +++ b/helm/templates/metrics-service.yaml @@ -0,0 +1,29 @@ +{{- if .Values.metrics.service.create }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name | trimSuffix "-chart" | trunc 44 }}-controller-metrics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagent-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagent-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagent-controller.chart.name-version" . }} +spec: + selector: + app.kubernetes.io/name: {{ include "ack-bedrockagent-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + k8s-app: {{ include "ack-bedrockagent-controller.app.name" . }} +{{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + type: {{ .Values.metrics.service.type }} + ports: + - name: metricsport + port: 8080 + targetPort: http + protocol: TCP +{{- end }} diff --git a/helm/templates/role-reader.yaml b/helm/templates/role-reader.yaml new file mode 100644 index 0000000..2f5881b --- /dev/null +++ b/helm/templates/role-reader.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-bedrockagent-reader + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - bedrockagent.services.k8s.aws + resources: + verbs: + - get + - list + - watch diff --git a/helm/templates/role-writer.yaml b/helm/templates/role-writer.yaml new file mode 100644 index 0000000..7bd128f --- /dev/null +++ b/helm/templates/role-writer.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-bedrockagent-writer + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - bedrockagent.services.k8s.aws + resources: + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bedrockagent.services.k8s.aws + resources: + verbs: + - get + - patch + - update diff --git a/helm/templates/service-account.yaml b/helm/templates/service-account.yaml new file mode 100644 index 0000000..0872653 --- /dev/null +++ b/helm/templates/service-account.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagent-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagent-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagent-controller.chart.name-version" . }} + name: {{ include "ack-bedrockagent-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $value := .Values.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} diff --git a/helm/values.schema.json b/helm/values.schema.json new file mode 100644 index 0000000..e656c74 --- /dev/null +++ b/helm/values.schema.json @@ -0,0 +1,301 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "properties": { + "image": { + "description": "Container Image", + "properties": { + "repository": { + "type": "string", + "minLength": 1 + }, + "tag": { + "type": "string", + "minLength": 1 + }, + "pullPolicy": { + "type": "string", + "enum": ["IfNotPresent", "Always", "Never"] + }, + "pullSecrets": { + "type": "array" + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "fullNameOverride": { + "type": "string" + }, + "deployment": { + "description": "Deployment settings", + "properties": { + "annotations": { + "type": "object" + }, + "labels": { + "type": "object" + }, + "containerPort": { + "type": "integer", + "minimum": 1, + "maximum": 65535 + }, + "replicas": { + "type": "integer" + }, + "nodeSelector": { + "type": "object" + }, + "tolerations": { + "type": "array" + }, + "affinity": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "extraEnvVars": { + "type": "array" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "role": { + "description": "Role settings", + "properties": { + "labels": { + "type": "object" + } + } + }, + "metrics": { + "description": "Metrics settings", + "properties": { + "service": { + "description": "Kubernetes service settings", + "properties": { + "create": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"] + } + }, + "required": [ + "create", + "type" + ], + "type": "object" + } + }, + "required": [ + "service" + ], + "type": "object" + }, + "resources": { + "description": "Kubernetes resources settings", + "properties": { + "requests": { + "description": "Kubernetes resource requests", + "properties": { + "memory": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + }, + "cpu": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + } + }, + "required": [ + "memory", + "cpu" + ], + "type": "object" + }, + "limits": { + "description": "Kubernetes resource limits", + "properties": { + "memory": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + }, + "cpu": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + } + }, + "required": [ + "memory", + "cpu" + ], + "type": "object" + } + }, + "required": [ + "requests", + "limits" + ], + "type": "object" + }, + "aws": { + "description": "AWS API settings", + "properties": { + "region": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "credentials": { + "description": "AWS credentials information", + "properties": { + "secretName": { + "type": "string" + }, + "secretKey": { + "type": "string" + }, + "profile": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "log": { + "description": "Logging settings", + "properties": { + "enable_development_logging": { + "type": "boolean" + }, + "level": { + "type": "string" + } + }, + "type": "object" + }, + "installScope": { + "type": "string", + "enum": ["cluster", "namespace"] + }, + "watchNamespace": { + "type": "string" + }, + "watchSelectors": { + "type": "string" + }, + "resourceTags": { + "type": "array", + "items": { + "type": "string", + "pattern": "(^$|^.*=.*$)" + } + }, + "deletionPolicy": { + "type": "string", + "enum": ["delete", "retain"] + }, + "reconcile": { + "description": "Reconcile settings. This is used to configure the controller's reconciliation behavior. e.g resyncPeriod and maxConcurrentSyncs", + "properties": { + "defaultResyncPeriod": { + "type": "number" + }, + "resourceResyncPeriods": { + "type": "object" + }, + "defaultMaxConcurentSyncs": { + "type": "number" + }, + "resourceMaxConcurrentSyncs": { + "type": "object" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of resource kinds to reconcile. If empty, all resources will be reconciled.", + "default": [] + } + }, + "type": "object" + }, + "leaderElection": { + "description": "Parameter to configure the controller's leader election system.", + "properties": { + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "serviceAccount": { + "description": "ServiceAccount settings", + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "annotations": { + "type": "object" + } + }, + "type": "object" + } + }, + "featureGates": { + "description": "Feature gates settings", + "type": "object", + "additionalProperties": { + "type": "boolean" + } + }, + "required": [ + "image", + "deployment", + "metrics", + "resources", + "log", + "installScope", + "resourceTags", + "serviceAccount" + ], + "title": "Values", + "type": "object" +} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000..2d1931f --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,177 @@ +# Default values for ack-bedrockagent-controller. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: public.ecr.aws/aws-controllers-k8s/bedrockagent-controller + tag: 0.0.0-non-release-version + pullPolicy: IfNotPresent + pullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +deployment: + annotations: {} + labels: {} + containerPort: 8080 + # Number of Deployment replicas + # This determines how many instances of the controller will be running. It's recommended + # to enable leader election if you need to increase the number of replicas > 1 + replicas: 1 + # Which nodeSelector to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: + kubernetes.io/os: linux + # Which tolerations to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + tolerations: [] + # What affinity to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + # Which priorityClassName to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority + priorityClassName: "" + # Specifies the hostname of the Pod. + # If not specified, the pod's hostname will be set to a system-defined value. + hostNetwork: false + # Set DNS policy for the pod. + # Defaults to "ClusterFirst". + # Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + # To have DNS options set along with hostNetwork, you have to specify DNS policy + # explicitly to 'ClusterFirstWithHostNet'. + dnsPolicy: ClusterFirst + extraVolumes: [] + extraVolumeMounts: [] + + # Additional server container environment variables + # + # You specify this manually like you would a raw deployment manifest. + # This means you can bind in environment variables from secrets. + # + # e.g. static environment variable: + # - name: DEMO_GREETING + # value: "Hello from the environment" + # + # e.g. secret environment variable: + # - name: USERNAME + # valueFrom: + # secretKeyRef: + # name: mysecret + # key: username + extraEnvVars: [] + + +# If "installScope: cluster" then these labels will be applied to ClusterRole +role: + labels: {} + +metrics: + service: + # Set to true to automatically create a Kubernetes Service resource for the + # Prometheus metrics server endpoint in controller + create: false + # Which Type to use for the Kubernetes Service? + # See: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: "ClusterIP" + +resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +aws: + # If specified, use the AWS region for AWS API calls + region: "" + endpoint_url: "" + credentials: + # If specified, Secret with shared credentials file to use. + secretName: "" + # Secret stringData key that contains the credentials + secretKey: "credentials" + # Profile used for AWS credentials + profile: "default" + +# log level for the controller +log: + enable_development_logging: false + level: info + +# Set to "namespace" to install the controller in a namespaced scope, will only +# watch for object creation in the namespace. By default installScope is +# cluster wide. +installScope: cluster + +# Set the value of the "namespace" to be watched by the controller +# This value is only used when the `installScope` is set to "namespace". If left empty, the default value is the release namespace for the chart. +# You can set multiple namespaces by providing a comma separated list of namespaces. e.g "namespace1,namespace2" +watchNamespace: "" + +# Set the value of labelsSelectors to be used by the controller to filter the resources to watch. +# You can set multiple labelsSelectors by providing a comma separated list of a=b arguments. e.g "label1=value1,label2=value2" +watchSelectors: "" + +resourceTags: + # Configures the ACK service controller to always set key/value pairs tags on + # resources that it manages. + - services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION% + - services.k8s.aws/namespace=%K8S_NAMESPACE% + +# Set to "retain" to keep all AWS resources intact even after the K8s resources +# have been deleted. By default, the ACK controller will delete the AWS resource +# before the K8s resource is removed. +deletionPolicy: delete + +# controller reconciliation configurations +reconcile: + # The default duration, in seconds, to wait before resyncing desired state of custom resources. + defaultResyncPeriod: 36000 # 10 Hours + # An object representing the reconcile resync configuration for each specific resource. + resourceResyncPeriods: {} + + # The default number of concurrent syncs that a reconciler can perform. + defaultMaxConcurrentSyncs: 1 + # An object representing the reconcile max concurrent syncs configuration for each specific + # resource. + resourceMaxConcurrentSyncs: {} + + # Set the value of resources to specify which resource kinds to reconcile. + # If empty, all resources will be reconciled. + # If specified, only the listed resource kinds will be reconciled. + resources: + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + name: ack-bedrockagent-controller + annotations: {} + # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME + +# Configuration of the leader election. Required for running multiple instances of the +# controller within the same cluster. +# See https://kubernetes.io/docs/concepts/architecture/leases/#leader-election +leaderElection: + # Enable Controller Leader Election. Set this to true to enable leader election + # for this controller. + enabled: false + # Leader election can be scoped to a specific namespace. By default, the controller + # will attempt to use the namespace of the service account mounted to the Controller + # pod. + namespace: "" + +# Configuration for feature gates. These are optional controller features that +# can be individually enabled ("true") or disabled ("false") by adding key/value +# pairs below. +featureGates: + # Enables the Service level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + ServiceLevelCARM: false + # Enables the Team level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + TeamLevelCARM: false + # Enable ReadOnlyResources feature/annotation. + ReadOnlyResources: false + # Enable ResourceAdoption feature/annotation. + ResourceAdoption: false \ No newline at end of file diff --git a/pkg/resource/registry.go b/pkg/resource/registry.go new file mode 100644 index 0000000..3f3aa28 --- /dev/null +++ b/pkg/resource/registry.go @@ -0,0 +1,45 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package resource + +import ( + ackrt "github.com/aws-controllers-k8s/runtime/pkg/runtime" + acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" +) + +// +kubebuilder:rbac:groups=services.k8s.aws,resources=adoptedresources,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=services.k8s.aws,resources=adoptedresources/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=services.k8s.aws,resources=fieldexports,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=services.k8s.aws,resources=fieldexports/status,verbs=get;update;patch +// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch +// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;patch +// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;patch + +var ( + reg = ackrt.NewRegistry() +) + +// GetManagerFactories returns a slice of resource manager factories that are +// registered with this package +func GetManagerFactories() []acktypes.AWSResourceManagerFactory { + return reg.GetResourceManagerFactories() +} + +// RegisterManagerFactory registers a resource manager factory with the +// package's registry +func RegisterManagerFactory(f acktypes.AWSResourceManagerFactory) { + reg.RegisterResourceManagerFactory(f) +} diff --git a/pkg/version/version.go b/pkg/version/version.go new file mode 100644 index 0000000..de0f243 --- /dev/null +++ b/pkg/version/version.go @@ -0,0 +1,22 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package version + +var ( + GitVersion string + GitCommit string + BuildDate string +) From 43f989212cc9267c6177d49cdefb1af4d1e094b4 Mon Sep 17 00:00:00 2001 From: knottnt Date: Tue, 13 May 2025 14:10:20 -0700 Subject: [PATCH 4/4] Add AmazonBedrockFullAccess as recommended policy --- config/iam/recommended-policy-arn | 1 + 1 file changed, 1 insertion(+) create mode 100644 config/iam/recommended-policy-arn diff --git a/config/iam/recommended-policy-arn b/config/iam/recommended-policy-arn new file mode 100644 index 0000000..e5b1a82 --- /dev/null +++ b/config/iam/recommended-policy-arn @@ -0,0 +1 @@ +arn:aws:iam::aws:policy/AmazonBedrockFullAccess \ No newline at end of file