diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml new file mode 100644 index 0000000..22dbccb --- /dev/null +++ b/.github/workflows/create-release.yml @@ -0,0 +1,13 @@ +name: Create Release + +on: + push: + tags: + - "v*.*.*" + +permissions: + contents: write # For creating releases + +jobs: + call-create-release: + uses: aws-controllers-k8s/.github/.github/workflows/reusable-create-release.yaml@main diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b82694a --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +.DS_Store +*.swp +*~ +.idea +bin +build +.env +READ_BEFORE_COMMIT.md diff --git a/ATTRIBUTION.md b/ATTRIBUTION.md new file mode 100644 index 0000000..e69de29 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c4b6a1c..9da1461 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,59 +1,85 @@ # Contributing Guidelines -Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional -documentation, we greatly value feedback and contributions from our community. - -Please read through this document before submitting any issues or pull requests to ensure we have all the necessary -information to effectively respond to your bug report or contribution. +Thank you for your interest in contributing to our project. Whether it's a bug +report, new feature, correction, or additional documentation, we greatly value +feedback and contributions from our community. +Please read through this document before submitting any issues or pull requests +to ensure we have all the necessary information to effectively respond to your +bug report or contribution. ## Reporting Bugs/Feature Requests -We welcome you to use the GitHub issue tracker to report bugs or suggest features. +We welcome you to use the GitHub issue tracker to report bugs or suggest +features. -When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already -reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: +When filing an issue, please check existing open, or recently closed, issues to +make sure somebody else hasn't already reported the issue. Please try to +include as much information as you can. Details like these are incredibly +useful: * A reproducible test case or series of steps * The version of our code being used * Any modifications you've made relevant to the bug * Anything unusual about your environment or deployment - ## Contributing via Pull Requests -Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: + +Contributions via pull requests are much appreciated. Before sending us a pull +request, please ensure that: 1. You are working against the latest source on the *main* branch. -2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. -3. You open an issue to discuss any significant work - we would hate for your time to be wasted. +2. You check existing open, and recently merged, pull requests to make sure + someone else hasn't addressed the problem already. +3. You open an issue to discuss any significant work - we would hate for your + time to be wasted. To send us a pull request, please: 1. Fork the repository. -2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. +2. Modify the source; please focus on the specific change you are contributing. + If you also reformat all the code, it will be hard for us to focus on your + change. 3. Ensure local tests pass. 4. Commit to your fork using clear commit messages. -5. Send us a pull request, answering any default questions in the pull request interface. -6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. +5. Send us a pull request, answering any default questions in the pull request + interface. +6. Pay attention to any automated CI failures reported in the pull request, and + stay involved in the conversation. -GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and -[creating a pull request](https://help.github.com/articles/creating-a-pull-request/). +GitHub provides additional document on [forking a repository][fork] and +[creating a pull request][pr]. +[fork]: https://help.github.com/articles/fork-a-repo/ +[pr]: https://help.github.com/articles/creating-a-pull-request/ ## Finding contributions to work on -Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. +Looking at the existing issues is a great way to find something to contribute +on. As our projects, by default, use the default GitHub issue labels +(enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at +any 'help wanted' issues is a great place to start. + +## Developer documentation + +[See the documentation][dev-docs] for detailed development information. + +[dev-docs]: https://aws-controllers-k8s.github.io/community/docs/contributor-docs/overview/ ## Code of Conduct -This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). -For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact -opensource-codeofconduct@amazon.com with any additional questions or comments. +We adhere to the [Amazon Open Source Code of Conduct][coc]. + +[coc]: https://aws.github.io/code-of-conduct ## Security issue notifications -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. +If you discover a potential security issue in this project we ask that you +notify AWS/Amazon Security via our [vulnerability reporting page][vuln]. Please +do **not** create a public Github issue. + +[vuln]: http://aws.amazon.com/security/vulnerability-reporting/ -## Licensing +## License -See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. +This project is [licensed][./LICENSE] under the Apache-2.0 License. diff --git a/GOVERNANCE.md b/GOVERNANCE.md new file mode 100644 index 0000000..c37b88a --- /dev/null +++ b/GOVERNANCE.md @@ -0,0 +1,36 @@ +# Project governance + +This document lays out the guidelines under which the AWS Controllers for Kubernetes (ACK) project will be governed. +The goal is to make sure that the roles and responsibilities are well defined and clarify on how decisions are made. + +## Roles + +In the context of ACK, we consider the following roles: + +* __Users__ ... everyone using ACK, typically willing to provide feedback on ACK by proposing features and/or filing issues. +* __Contributors__ ... everyone contributing code, documentation, examples, testing infra, and participating in feature proposals as well as design discussions. Code contributions will require a Developer Certificate of Origin (DCO). +* __Maintainers__ ... are responsible for engaging with and assisting contributors to iterate on the contributions until it reaches acceptable quality. Maintainers can decide whether the contributions can be accepted into the project or rejected. Any active contributor meeting the project quality can be made a Maintainer by the Advisory Board. +* __Advisory Board__ ... is responsible for defining the guidelines and processes that the project operates under. + +The initial members of the Advisory Board are `@jaypipes` and `@mhausenblas`. + + +## Communication + +The primary mechanism for communication will be via the `#provider-aws` channel on the Kubernetes Slack community. +All features and bug fixes will be tracked as issues in GitHub. All decisions will be documented in GitHub issues. + +In the future, we may consider using a public mailing list, which can be better archived. + +## Roadmap Planning + +Maintainers will share roadmap and release versions as milestones in GitHub. + +## Release Management + +The Advisory Board will propose a release management proposal via a GitHub issue and resolve it there. + +## Other relevant governance resources + +* The ACK [Contributing Guidelines](CONTRIBUTING.md) +* Our [Code of Conduct](CODE_OF_CONDUCT.md) diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..0953c01 --- /dev/null +++ b/Makefile @@ -0,0 +1,23 @@ +SHELL := /bin/bash # Use bash syntax + +# Set up variables +GO111MODULE=on + +# Build ldflags +VERSION ?= "v0.0.0" +GITCOMMIT=$(shell git rev-parse HEAD) +BUILDDATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') +GO_LDFLAGS=-ldflags "-X main.version=$(VERSION) \ + -X main.buildHash=$(GITCOMMIT) \ + -X main.buildDate=$(BUILDDATE)" + +.PHONY: all test + +all: test + +test: ## Run code tests + go test -v ./... + +help: ## Show this help. + @grep -F -h "##" $(MAKEFILE_LIST) | grep -F -v grep | sed -e 's/\\$$//' \ + | awk -F'[:#]' '{print $$1 = sprintf("%-30s", $$1), $$4}' diff --git a/NOTICE b/NOTICE index 616fc58..b8d0d46 100644 --- a/NOTICE +++ b/NOTICE @@ -1 +1 @@ -Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/OWNERS b/OWNERS new file mode 100644 index 0000000..ceb3426 --- /dev/null +++ b/OWNERS @@ -0,0 +1,4 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: + - core-ack-team \ No newline at end of file diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES new file mode 100644 index 0000000..ded809f --- /dev/null +++ b/OWNERS_ALIASES @@ -0,0 +1,16 @@ +# See the OWNERS docs at https://go.k8s.io/owners#owners_aliases + +aliases: + core-ack-team: + - a-hilaly + - jlbutler + - michaelhtm + - TiberiuGC + - rushmash91 + # emeritus-core-ack-team: + # - jaypipes + # - jljaco + # - mhausenblas + # - RedbackThomson + # - vijtrip2 + # - ivelichkovich \ No newline at end of file diff --git a/README.md b/README.md index 847260c..568a7a7 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,26 @@ -## My Project +# ACK service controller for Amazon Cognito Identity -TODO: Fill this README out! +This repository contains source code for the AWS Controllers for Kubernetes +(ACK) service controller for . -Be sure to: +Please [log issues][ack-issues] and feedback on the main AWS Controllers for +Kubernetes Github project. -* Change the title in this README -* Edit your repository description on GitHub +[ack-issues]: https://github.com/aws/aws-controllers-k8s/issues -## Security +## Contributing -See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. +We welcome community contributions and pull requests. -## License +See our [contribution guide](/CONTRIBUTING.md) for more information on how to +report issues, set up a development environment, and submit code. + +We adhere to the [Amazon Open Source Code of Conduct][coc]. + +You can also learn more about our [Governance](/GOVERNANCE.md) structure. -This project is licensed under the Apache-2.0 License. +[coc]: https://aws.github.io/code-of-conduct + +## License +This project is [licensed](/LICENSE) under the Apache-2.0 License. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2c8325b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,3 @@ +# Security issue notifications + +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml new file mode 100755 index 0000000..5b43abd --- /dev/null +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -0,0 +1,13 @@ +ack_generate_info: + build_date: "2025-10-14T01:34:11Z" + build_hash: eaabefb6bd7b2be8a1baf4478f22b3310e6921c8 + go_version: go1.24.0 + version: v0.52.0-6-geaabefb-dirty +api_directory_checksum: c06e8d99c29af219e017c9d519827d168cf2d4c8 +api_version: v1alpha1 +aws_sdk_go_version: v1.39.2 +generator_config_info: + file_checksum: 10cf07101569163f4eb9545f230f040211c1a2f6 + original_file_name: generator.yaml +last_modification: + reason: API generation diff --git a/apis/v1alpha1/doc.go b/apis/v1alpha1/doc.go new file mode 100644 index 0000000..39a5937 --- /dev/null +++ b/apis/v1alpha1/doc.go @@ -0,0 +1,4 @@ +// +k8s:deepcopy-gen=package +// Package v1alpha1 is the v1alpha1 version of the bedrockagentcorecontrol.services.k8s.aws API. +// +groupName=bedrockagentcorecontrol.services.k8s.aws +package v1alpha1 diff --git a/apis/v1alpha1/enums.go b/apis/v1alpha1/enums.go new file mode 100644 index 0000000..c08a2a8 --- /dev/null +++ b/apis/v1alpha1/enums.go @@ -0,0 +1,231 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package v1alpha1 + +type APIKeyCredentialLocation string + +const ( + APIKeyCredentialLocation_HEADER APIKeyCredentialLocation = "HEADER" + APIKeyCredentialLocation_QUERY_PARAMETER APIKeyCredentialLocation = "QUERY_PARAMETER" +) + +type AgentRuntimeEndpointStatus string + +const ( + AgentRuntimeEndpointStatus_CREATE_FAILED AgentRuntimeEndpointStatus = "CREATE_FAILED" + AgentRuntimeEndpointStatus_CREATING AgentRuntimeEndpointStatus = "CREATING" + AgentRuntimeEndpointStatus_DELETING AgentRuntimeEndpointStatus = "DELETING" + AgentRuntimeEndpointStatus_READY AgentRuntimeEndpointStatus = "READY" + AgentRuntimeEndpointStatus_UPDATE_FAILED AgentRuntimeEndpointStatus = "UPDATE_FAILED" + AgentRuntimeEndpointStatus_UPDATING AgentRuntimeEndpointStatus = "UPDATING" +) + +type AgentRuntimeStatus string + +const ( + AgentRuntimeStatus_CREATE_FAILED AgentRuntimeStatus = "CREATE_FAILED" + AgentRuntimeStatus_CREATING AgentRuntimeStatus = "CREATING" + AgentRuntimeStatus_DELETING AgentRuntimeStatus = "DELETING" + AgentRuntimeStatus_READY AgentRuntimeStatus = "READY" + AgentRuntimeStatus_UPDATE_FAILED AgentRuntimeStatus = "UPDATE_FAILED" + AgentRuntimeStatus_UPDATING AgentRuntimeStatus = "UPDATING" +) + +type AuthorizerType string + +const ( + AuthorizerType_CUSTOM_JWT AuthorizerType = "CUSTOM_JWT" +) + +type BrowserNetworkMode string + +const ( + BrowserNetworkMode_PUBLIC BrowserNetworkMode = "PUBLIC" + BrowserNetworkMode_VPC BrowserNetworkMode = "VPC" +) + +type BrowserStatus string + +const ( + BrowserStatus_CREATE_FAILED BrowserStatus = "CREATE_FAILED" + BrowserStatus_CREATING BrowserStatus = "CREATING" + BrowserStatus_DELETED BrowserStatus = "DELETED" + BrowserStatus_DELETE_FAILED BrowserStatus = "DELETE_FAILED" + BrowserStatus_DELETING BrowserStatus = "DELETING" + BrowserStatus_READY BrowserStatus = "READY" +) + +type CodeInterpreterNetworkMode string + +const ( + CodeInterpreterNetworkMode_PUBLIC CodeInterpreterNetworkMode = "PUBLIC" + CodeInterpreterNetworkMode_SANDBOX CodeInterpreterNetworkMode = "SANDBOX" + CodeInterpreterNetworkMode_VPC CodeInterpreterNetworkMode = "VPC" +) + +type CodeInterpreterStatus string + +const ( + CodeInterpreterStatus_CREATE_FAILED CodeInterpreterStatus = "CREATE_FAILED" + CodeInterpreterStatus_CREATING CodeInterpreterStatus = "CREATING" + CodeInterpreterStatus_DELETED CodeInterpreterStatus = "DELETED" + CodeInterpreterStatus_DELETE_FAILED CodeInterpreterStatus = "DELETE_FAILED" + CodeInterpreterStatus_DELETING CodeInterpreterStatus = "DELETING" + CodeInterpreterStatus_READY CodeInterpreterStatus = "READY" +) + +type CredentialProviderType string + +const ( + CredentialProviderType_API_KEY CredentialProviderType = "API_KEY" + CredentialProviderType_GATEWAY_IAM_ROLE CredentialProviderType = "GATEWAY_IAM_ROLE" + CredentialProviderType_OAUTH CredentialProviderType = "OAUTH" +) + +type CredentialProviderVendorType string + +const ( + CredentialProviderVendorType_CustomOauth2 CredentialProviderVendorType = "CustomOauth2" + CredentialProviderVendorType_GithubOauth2 CredentialProviderVendorType = "GithubOauth2" + CredentialProviderVendorType_GoogleOauth2 CredentialProviderVendorType = "GoogleOauth2" + CredentialProviderVendorType_MicrosoftOauth2 CredentialProviderVendorType = "MicrosoftOauth2" + CredentialProviderVendorType_SalesforceOauth2 CredentialProviderVendorType = "SalesforceOauth2" + CredentialProviderVendorType_SlackOauth2 CredentialProviderVendorType = "SlackOauth2" +) + +type ExceptionLevel string + +const ( + ExceptionLevel_DEBUG ExceptionLevel = "DEBUG" +) + +type GatewayProtocolType string + +const ( + GatewayProtocolType_MCP GatewayProtocolType = "MCP" +) + +type GatewayStatus string + +const ( + GatewayStatus_CREATING GatewayStatus = "CREATING" + GatewayStatus_DELETING GatewayStatus = "DELETING" + GatewayStatus_FAILED GatewayStatus = "FAILED" + GatewayStatus_READY GatewayStatus = "READY" + GatewayStatus_UPDATE_UNSUCCESSFUL GatewayStatus = "UPDATE_UNSUCCESSFUL" + GatewayStatus_UPDATING GatewayStatus = "UPDATING" +) + +type KeyType string + +const ( + KeyType_CustomerManagedKey KeyType = "CustomerManagedKey" + KeyType_ServiceManagedKey KeyType = "ServiceManagedKey" +) + +type MemoryStatus string + +const ( + MemoryStatus_ACTIVE MemoryStatus = "ACTIVE" + MemoryStatus_CREATING MemoryStatus = "CREATING" + MemoryStatus_DELETING MemoryStatus = "DELETING" + MemoryStatus_FAILED MemoryStatus = "FAILED" +) + +type MemoryStrategyStatus string + +const ( + MemoryStrategyStatus_ACTIVE MemoryStrategyStatus = "ACTIVE" + MemoryStrategyStatus_CREATING MemoryStrategyStatus = "CREATING" + MemoryStrategyStatus_DELETING MemoryStrategyStatus = "DELETING" + MemoryStrategyStatus_FAILED MemoryStrategyStatus = "FAILED" +) + +type MemoryStrategyType string + +const ( + MemoryStrategyType_CUSTOM MemoryStrategyType = "CUSTOM" + MemoryStrategyType_SEMANTIC MemoryStrategyType = "SEMANTIC" + MemoryStrategyType_SUMMARIZATION MemoryStrategyType = "SUMMARIZATION" + MemoryStrategyType_USER_PREFERENCE MemoryStrategyType = "USER_PREFERENCE" +) + +type NetworkMode string + +const ( + NetworkMode_PUBLIC NetworkMode = "PUBLIC" + NetworkMode_VPC NetworkMode = "VPC" +) + +type OverrideType string + +const ( + OverrideType_SEMANTIC_OVERRIDE OverrideType = "SEMANTIC_OVERRIDE" + OverrideType_SUMMARY_OVERRIDE OverrideType = "SUMMARY_OVERRIDE" + OverrideType_USER_PREFERENCE_OVERRIDE OverrideType = "USER_PREFERENCE_OVERRIDE" +) + +type ResourceType string + +const ( + ResourceType_CUSTOM ResourceType = "CUSTOM" + ResourceType_SYSTEM ResourceType = "SYSTEM" +) + +type SchemaType string + +const ( + SchemaType_array SchemaType = "array" + SchemaType_boolean SchemaType = "boolean" + SchemaType_integer SchemaType = "integer" + SchemaType_number SchemaType = "number" + SchemaType_object SchemaType = "object" + SchemaType_string SchemaType = "string" +) + +type SearchType string + +const ( + SearchType_SEMANTIC SearchType = "SEMANTIC" +) + +type ServerProtocol string + +const ( + ServerProtocol_HTTP ServerProtocol = "HTTP" + ServerProtocol_MCP ServerProtocol = "MCP" +) + +type TargetStatus string + +const ( + TargetStatus_CREATING TargetStatus = "CREATING" + TargetStatus_DELETING TargetStatus = "DELETING" + TargetStatus_FAILED TargetStatus = "FAILED" + TargetStatus_READY TargetStatus = "READY" + TargetStatus_UPDATE_UNSUCCESSFUL TargetStatus = "UPDATE_UNSUCCESSFUL" + TargetStatus_UPDATING TargetStatus = "UPDATING" +) + +type ValidationExceptionReason string + +const ( + ValidationExceptionReason_CannotParse ValidationExceptionReason = "CannotParse" + ValidationExceptionReason_EventInOtherSession ValidationExceptionReason = "EventInOtherSession" + ValidationExceptionReason_FieldValidationFailed ValidationExceptionReason = "FieldValidationFailed" + ValidationExceptionReason_IdempotentParameterMismatchException ValidationExceptionReason = "IdempotentParameterMismatchException" + ValidationExceptionReason_ResourceConflict ValidationExceptionReason = "ResourceConflict" +) diff --git a/apis/v1alpha1/generator.yaml b/apis/v1alpha1/generator.yaml new file mode 100644 index 0000000..98bcc51 --- /dev/null +++ b/apis/v1alpha1/generator.yaml @@ -0,0 +1,15 @@ +ignore: + resource_names: + - AgentRuntime + - AgentRuntimeEndpoint + - ApiKeyCredentialProvider + - Browser + - CodeInterpreter + - Gateway + - GatewayTarget + - Memory + - Oauth2CredentialProvider + - WorkloadIdentity + +sdk_names: + model_name: bedrock-agentcore-control diff --git a/apis/v1alpha1/groupversion_info.go b/apis/v1alpha1/groupversion_info.go new file mode 100644 index 0000000..872cddc --- /dev/null +++ b/apis/v1alpha1/groupversion_info.go @@ -0,0 +1,32 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is the API Group Version used to register the objects + GroupVersion = schema.GroupVersion{Group: "bedrockagentcorecontrol.services.k8s.aws", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/v1alpha1/types.go b/apis/v1alpha1/types.go new file mode 100644 index 0000000..9b23f5e --- /dev/null +++ b/apis/v1alpha1/types.go @@ -0,0 +1,29 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package v1alpha1 + +import ( + ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" + "github.com/aws/aws-sdk-go/aws" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// Hack to avoid import errors during build... +var ( + _ = &metav1.Time{} + _ = &aws.JSONValue{} + _ = ackv1alpha1.AWSAccountID("") +) diff --git a/cmd/controller/main.go b/cmd/controller/main.go new file mode 100644 index 0000000..42af9f8 --- /dev/null +++ b/cmd/controller/main.go @@ -0,0 +1,206 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package main + +import ( + "context" + "os" + + ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" + ackcfg "github.com/aws-controllers-k8s/runtime/pkg/config" + ackrt "github.com/aws-controllers-k8s/runtime/pkg/runtime" + acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" + ackrtutil "github.com/aws-controllers-k8s/runtime/pkg/util" + ackrtwebhook "github.com/aws-controllers-k8s/runtime/pkg/webhook" + flag "github.com/spf13/pflag" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrlrt "sigs.k8s.io/controller-runtime" + ctrlrtcache "sigs.k8s.io/controller-runtime/pkg/cache" + ctrlrthealthz "sigs.k8s.io/controller-runtime/pkg/healthz" + ctrlrtmetrics "sigs.k8s.io/controller-runtime/pkg/metrics" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + ctrlrtwebhook "sigs.k8s.io/controller-runtime/pkg/webhook" + + svctypes "github.com/aws-controllers-k8s/bedrockagentcorecontrol-controller/apis/v1alpha1" + svcresource "github.com/aws-controllers-k8s/bedrockagentcorecontrol-controller/pkg/resource" + + "github.com/aws-controllers-k8s/bedrockagentcorecontrol-controller/pkg/version" +) + +var ( + awsServiceAPIGroup = "bedrockagentcorecontrol.services.k8s.aws" + awsServiceAlias = "bedrockagentcorecontrol" + scheme = runtime.NewScheme() + setupLog = ctrlrt.Log.WithName("setup") +) + +func init() { + _ = clientgoscheme.AddToScheme(scheme) + + _ = svctypes.AddToScheme(scheme) + _ = ackv1alpha1.AddToScheme(scheme) +} + +func main() { + var ackCfg ackcfg.Config + ackCfg.BindFlags() + flag.Parse() + ackCfg.SetupLogger() + + managerFactories := svcresource.GetManagerFactories() + resourceGVKs := make([]schema.GroupVersionKind, 0, len(managerFactories)) + for _, mf := range managerFactories { + resourceGVKs = append(resourceGVKs, mf.ResourceDescriptor().GroupVersionKind()) + } + + ctx := context.Background() + if err := ackCfg.Validate(ctx, ackcfg.WithGVKs(resourceGVKs)); err != nil { + setupLog.Error( + err, "Unable to create controller manager", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + host, port, err := ackrtutil.GetHostPort(ackCfg.WebhookServerAddr) + if err != nil { + setupLog.Error( + err, "Unable to parse webhook server address.", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + watchNamespaces := make(map[string]ctrlrtcache.Config, 0) + namespaces, err := ackCfg.GetWatchNamespaces() + if err != nil { + setupLog.Error( + err, "Unable to parse watch namespaces.", + "aws.service", ackCfg.WatchNamespace, + ) + os.Exit(1) + } + + for _, namespace := range namespaces { + watchNamespaces[namespace] = ctrlrtcache.Config{} + } + watchSelectors, err := ackCfg.ParseWatchSelectors() + if err != nil { + setupLog.Error( + err, "Unable to parse watch selectors.", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + mgr, err := ctrlrt.NewManager(ctrlrt.GetConfigOrDie(), ctrlrt.Options{ + Scheme: scheme, + Cache: ctrlrtcache.Options{ + Scheme: scheme, + DefaultNamespaces: watchNamespaces, + DefaultLabelSelector: watchSelectors, + }, + WebhookServer: &ctrlrtwebhook.DefaultServer{ + Options: ctrlrtwebhook.Options{ + Port: port, + Host: host, + }, + }, + Metrics: metricsserver.Options{BindAddress: ackCfg.MetricsAddr}, + LeaderElection: ackCfg.EnableLeaderElection, + LeaderElectionID: "ack-" + awsServiceAPIGroup, + LeaderElectionNamespace: ackCfg.LeaderElectionNamespace, + HealthProbeBindAddress: ackCfg.HealthzAddr, + LivenessEndpointName: "/healthz", + ReadinessEndpointName: "/readyz", + }) + if err != nil { + setupLog.Error( + err, "unable to create controller manager", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + stopChan := ctrlrt.SetupSignalHandler() + + setupLog.Info( + "initializing service controller", + "aws.service", awsServiceAlias, + ) + sc := ackrt.NewServiceController( + awsServiceAlias, awsServiceAPIGroup, + acktypes.VersionInfo{ + version.GitCommit, + version.GitVersion, + version.BuildDate, + }, + ).WithLogger( + ctrlrt.Log, + ).WithResourceManagerFactories( + svcresource.GetManagerFactories(), + ).WithPrometheusRegistry( + ctrlrtmetrics.Registry, + ) + + if ackCfg.EnableWebhookServer { + webhooks := ackrtwebhook.GetWebhooks() + for _, webhook := range webhooks { + if err := webhook.Setup(mgr); err != nil { + setupLog.Error( + err, "unable to register webhook "+webhook.UID(), + "aws.service", awsServiceAlias, + ) + } + } + } + + if err = sc.BindControllerManager(mgr, ackCfg); err != nil { + setupLog.Error( + err, "unable bind to controller manager to service controller", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + if err = mgr.AddHealthzCheck("health", ctrlrthealthz.Ping); err != nil { + setupLog.Error( + err, "unable to set up health check", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + if err = mgr.AddReadyzCheck("check", ctrlrthealthz.Ping); err != nil { + setupLog.Error( + err, "unable to set up ready check", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } + + setupLog.Info( + "starting manager", + "aws.service", awsServiceAlias, + ) + if err := mgr.Start(stopChan); err != nil { + setupLog.Error( + err, "unable to start controller manager", + "aws.service", awsServiceAlias, + ) + os.Exit(1) + } +} diff --git a/config/controller/deployment.yaml b/config/controller/deployment.yaml new file mode 100644 index 0000000..779a42d --- /dev/null +++ b/config/controller/deployment.yaml @@ -0,0 +1,110 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ack-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ack-bedrockagentcorecontrol-controller + namespace: ack-system + labels: + app.kubernetes.io/name: ack-bedrockagentcorecontrol-controller + app.kubernetes.io/part-of: ack-system +spec: + selector: + matchLabels: + app.kubernetes.io/name: ack-bedrockagentcorecontrol-controller + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: ack-bedrockagentcorecontrol-controller + spec: + containers: + - command: + - ./bin/controller + args: + - --aws-region + - "$(AWS_REGION)" + - --aws-endpoint-url + - "$(AWS_ENDPOINT_URL)" + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - "$(ACK_LOG_LEVEL)" + - --resource-tags + - "$(ACK_RESOURCE_TAGS)" + - --watch-namespace + - "$(ACK_WATCH_NAMESPACE)" + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - "$(LEADER_ELECTION_NAMESPACE)" + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" + - --feature-gates + - "$(FEATURE_GATES)" + image: controller:latest + name: controller + ports: + - name: http + containerPort: 8080 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AWS_REGION + value: "" + - name: AWS_ENDPOINT_URL + value: "" + - name: ACK_WATCH_NAMESPACE + value: "" + - name: ACK_ENABLE_DEVELOPMENT_LOGGING + value: "false" + - name: ACK_LOG_LEVEL + value: "info" + - name: ACK_RESOURCE_TAGS + value: "services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION%,services.k8s.aws/namespace=%K8S_NAMESPACE%" + - name: ENABLE_LEADER_ELECTION + value: "false" + - name: LEADER_ELECTION_NAMESPACE + value: "ack-system" + - name: "RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS" + value: "1" + - name: "FEATURE_GATES" + value: "" + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + capabilities: + drop: + - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 10 + serviceAccountName: ack-bedrockagentcorecontrol-controller + hostIPC: false + hostPID: false + hostNetwork: false + dnsPolicy: ClusterFirst diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml new file mode 100644 index 0000000..b556634 --- /dev/null +++ b/config/controller/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- deployment.yaml +- service.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: public.ecr.aws/aws-controllers-k8s/bedrockagentcorecontrol-controller + newTag: 0.0.0-non-release-version diff --git a/config/controller/service.yaml b/config/controller/service.yaml new file mode 100644 index 0000000..0c65f56 --- /dev/null +++ b/config/controller/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: ack-bedrockagentcorecontrol-metrics-service + namespace: ack-system +spec: + selector: + app.kubernetes.io/name: ack-bedrockagentcorecontrol-controller + ports: + - name: metricsport + port: 8080 + targetPort: http + protocol: TCP + type: ClusterIP diff --git a/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml b/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml new file mode 100644 index 0000000..b7be322 --- /dev/null +++ b/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml @@ -0,0 +1,249 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: adoptedresources.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: AdoptedResource + listKind: AdoptedResourceList + plural: adoptedresources + singular: adoptedresource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AdoptedResource is the schema for the AdoptedResource API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AdoptedResourceSpec defines the desired state of the AdoptedResource. + properties: + aws: + description: AWSIdentifiers provide all unique ways to reference an + AWS resource. + properties: + additionalKeys: + additionalProperties: + type: string + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. + type: object + arn: + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. + type: string + nameOrID: + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. + type: string + type: object + kubernetes: + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. + properties: + group: + type: string + kind: + type: string + metadata: + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + type: string + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. + items: + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - group + - kind + type: object + required: + - aws + - kubernetes + type: object + status: + description: AdoptedResourceStatus defines the observed status of the + AdoptedResource. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/common/bases/services.k8s.aws_fieldexports.yaml b/config/crd/common/bases/services.k8s.aws_fieldexports.yaml new file mode 100644 index 0000000..49b4f38 --- /dev/null +++ b/config/crd/common/bases/services.k8s.aws_fieldexports.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: fieldexports.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: FieldExport + listKind: FieldExportList + plural: fieldexports + singular: fieldexport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FieldExport is the schema for the FieldExport API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FieldExportSpec defines the desired state of the FieldExport. + properties: + from: + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. + properties: + path: + type: string + resource: + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - group + - kind + - name + type: object + required: + - path + - resource + type: object + to: + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. + properties: + key: + description: Key overrides the default value (`.`) + for the FieldExport target + type: string + kind: + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation + enum: + - configmap + - secret + type: string + name: + type: string + namespace: + description: Namespace is marked as optional, so we cannot compose + `NamespacedName` + type: string + required: + - kind + - name + type: object + required: + - from + - to + type: object + status: + description: FieldExportStatus defines the observed status of the FieldExport. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/common/kustomization.yaml b/config/crd/common/kustomization.yaml new file mode 100644 index 0000000..96349f6 --- /dev/null +++ b/config/crd/common/kustomization.yaml @@ -0,0 +1,7 @@ +# Code generated in runtime. DO NOT EDIT. + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - bases/services.k8s.aws_adoptedresources.yaml + - bases/services.k8s.aws_fieldexports.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml new file mode 100644 index 0000000..ea0b795 --- /dev/null +++ b/config/crd/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - common diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 0000000..c89f8ed --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,20 @@ +# Adds namespace to all resources. +# namespace: + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +# namePrefix: + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +resources: +- ../crd +- ../rbac +- ../controller + +patchesStrategicMerge: diff --git a/config/overlays/namespaced/kustomization.yaml b/config/overlays/namespaced/kustomization.yaml new file mode 100644 index 0000000..c6cf6b4 --- /dev/null +++ b/config/overlays/namespaced/kustomization.yaml @@ -0,0 +1,15 @@ +resources: +- ../../default +patches: +- path: role.json + target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: ack-bedrockagentcorecontrol-controller +- path: role-binding.json + target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRoleBinding + name: ack-bedrockagentcorecontrol-controller-rolebinding \ No newline at end of file diff --git a/config/overlays/namespaced/role-binding.json b/config/overlays/namespaced/role-binding.json new file mode 100644 index 0000000..83e46c5 --- /dev/null +++ b/config/overlays/namespaced/role-binding.json @@ -0,0 +1,3 @@ +[{"op": "replace", "path": "/kind", "value": "RoleBinding"}, +{"op": "add", "path": "/metadata/namespace", "value": "ack-system"}, +{"op": "replace", "path": "/roleRef/kind", "value": "Role"}] \ No newline at end of file diff --git a/config/overlays/namespaced/role.json b/config/overlays/namespaced/role.json new file mode 100644 index 0000000..deddee7 --- /dev/null +++ b/config/overlays/namespaced/role.json @@ -0,0 +1,2 @@ +[{"op": "replace", "path": "/kind", "value": "Role"}, +{"op": "add", "path": "/metadata/namespace", "value": "ack-system"}] \ No newline at end of file diff --git a/config/rbac/cluster-role-binding.yaml b/config/rbac/cluster-role-binding.yaml new file mode 100644 index 0000000..431b106 --- /dev/null +++ b/config/rbac/cluster-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ack-bedrockagentcorecontrol-controller-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ack-bedrockagentcorecontrol-controller +subjects: +- kind: ServiceAccount + name: ack-bedrockagentcorecontrol-controller + namespace: ack-system diff --git a/config/rbac/cluster-role-controller.yaml b/config/rbac/cluster-role-controller.yaml new file mode 100644 index 0000000..1bc872c --- /dev/null +++ b/config/rbac/cluster-role-controller.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-bedrockagentcorecontrol-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + - fieldexports/status + verbs: + - get + - patch + - update diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 0000000..d9acdee --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,8 @@ +resources: +- cluster-role-binding.yaml +- cluster-role-controller.yaml +- role-reader.yaml +- role-writer.yaml +- service-account.yaml +- leader-election-role.yaml +- leader-election-role-binding.yaml diff --git a/config/rbac/leader-election-role-binding.yaml b/config/rbac/leader-election-role-binding.yaml new file mode 100644 index 0000000..089bd4c --- /dev/null +++ b/config/rbac/leader-election-role-binding.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: ack-system + name: bedrockagentcorecontrol-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: bedrockagentcorecontrol-leader-election-role +subjects: +- kind: ServiceAccount + name: ack-bedrockagentcorecontrol-controller + namespace: ack-system diff --git a/config/rbac/leader-election-role.yaml b/config/rbac/leader-election-role.yaml new file mode 100644 index 0000000..e6fbbdb --- /dev/null +++ b/config/rbac/leader-election-role.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: bedrockagentcorecontrol-leader-election-role + namespace: ack-system +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/role-reader.yaml b/config/rbac/role-reader.yaml new file mode 100644 index 0000000..2c18037 --- /dev/null +++ b/config/rbac/role-reader.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-bedrockagentcorecontrol-reader + namespace: default +rules: +- apiGroups: + - bedrockagentcorecontrol.services.k8s.aws + resources: + verbs: + - get + - list + - watch diff --git a/config/rbac/role-writer.yaml b/config/rbac/role-writer.yaml new file mode 100644 index 0000000..555eba5 --- /dev/null +++ b/config/rbac/role-writer.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-bedrockagentcorecontrol-writer + namespace: default +rules: +- apiGroups: + - bedrockagentcorecontrol.services.k8s.aws + resources: + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bedrockagentcorecontrol.services.k8s.aws + resources: + verbs: + - get + - patch + - update diff --git a/config/rbac/service-account.yaml b/config/rbac/service-account.yaml new file mode 100644 index 0000000..c14374a --- /dev/null +++ b/config/rbac/service-account.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ack-bedrockagentcorecontrol-controller + namespace: ack-system diff --git a/generator.yaml b/generator.yaml new file mode 100644 index 0000000..98bcc51 --- /dev/null +++ b/generator.yaml @@ -0,0 +1,15 @@ +ignore: + resource_names: + - AgentRuntime + - AgentRuntimeEndpoint + - ApiKeyCredentialProvider + - Browser + - CodeInterpreter + - Gateway + - GatewayTarget + - Memory + - Oauth2CredentialProvider + - WorkloadIdentity + +sdk_names: + model_name: bedrock-agentcore-control diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..5264552 --- /dev/null +++ b/go.mod @@ -0,0 +1,89 @@ +module github.com/aws-controllers-k8s/bedrockagentcorecontrol-controller + +go 1.23.0 + +toolchain go1.24.0 + +require ( + github.com/aws-controllers-k8s/runtime v0.52.0 + github.com/aws/aws-sdk-go v1.49.0 + github.com/spf13/pflag v1.0.5 + k8s.io/apimachinery v0.32.1 + k8s.io/client-go v0.32.1 + sigs.k8s.io/controller-runtime v0.20.4 +) + +require ( + github.com/aws/aws-sdk-go-v2 v1.32.7 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.6 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.47 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect + github.com/aws/smithy-go v1.22.2 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.11 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/zapr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.1.3 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/itchyny/gojq v0.12.6 // indirect + github.com/itchyny/timefmt-go v0.1.3 // indirect + github.com/jaypipes/envutil v1.0.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/samber/lo v1.37.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/net v0.38.0 // indirect + golang.org/x/oauth2 v0.27.0 // indirect + golang.org/x/sync v0.12.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/term v0.30.0 // indirect + golang.org/x/text v0.23.0 // indirect + golang.org/x/time v0.7.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/protobuf v1.35.1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.32.1 // indirect + k8s.io/apiextensions-apiserver v0.32.1 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..d4e1270 --- /dev/null +++ b/go.sum @@ -0,0 +1,242 @@ +github.com/aws-controllers-k8s/runtime v0.52.0 h1:Q5UIAn6SSBr60t/DiU/zr6NLBlUuK2AG3yy2ma/9gDU= +github.com/aws-controllers-k8s/runtime v0.52.0/go.mod h1:OkUJN+Ds799JLYZsMJrO2vDJ4snxUeHK2MgrQHbU+Qc= +github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY= +github.com/aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go-v2 v1.32.7 h1:ky5o35oENWi0JYWUZkB7WYvVPP+bcRF5/Iq7JWSb5Rw= +github.com/aws/aws-sdk-go-v2 v1.32.7/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo= +github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko= +github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw= +github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 h1:I/5wmGMffY4happ8NOCuIUEWGUvvFp5NSeQcXl9RHcI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26/go.mod h1:FR8f4turZtNy6baO0KJ5FJUmXH/cSkI9fOngs0yl6mA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 h1:zXFLuEuMMUOvEARXFUVJdfqZ4bvvSgdGRq/ATcrQxzM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26/go.mod h1:3o2Wpy0bogG1kyOPrgkXA8pgIfEEv0+m19O9D5+W8y8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6/go.mod h1:URronUEGfXZN1VpdktPSD1EkAL9mfrV+2F4sjH38qOY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 h1:s4074ZO1Hk8qv65GqNXqDjmkf4HSQqJukaLuuW0TpDA= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.2/go.mod h1:mVggCnIWoM09jP71Wh+ea7+5gAp53q+49wDFs1SW5z8= +github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= +github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= +github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/itchyny/gojq v0.12.6 h1:VjaFn59Em2wTxDNGcrRkDK9ZHMNa8IksOgL13sLL4d0= +github.com/itchyny/gojq v0.12.6/go.mod h1:ZHrkfu7A+RbZLy5J1/JKpS4poEqrzItSTGDItqsfP0A= +github.com/itchyny/timefmt-go v0.1.3 h1:7M3LGVDsqcd0VZH2U+x393obrzZisp7C0uEe921iRkU= +github.com/itchyny/timefmt-go v0.1.3/go.mod h1:0osSSCQSASBJMsIZnhAaF1C2fCBTJZXrnj37mG8/c+A= +github.com/jaypipes/envutil v1.0.0 h1:u6Vwy9HwruFihoZrL0bxDLCa/YNadGVwKyPElNmZWow= +github.com/jaypipes/envutil v1.0.0/go.mod h1:vgIRDly+xgBq0eeZRcflOHMMobMwgC6MkMbxo/Nw65M= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= +github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/samber/lo v1.37.0 h1:XjVcB8g6tgUp8rsPsJ2CvhClfImrpL04YpQHXeHPhRw= +github.com/samber/lo v1.37.0/go.mod h1:9vaz2O4o8oOnK23pd2TrXufcbdbJIa3b6cstBWKpopA= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= +golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU= +golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= +k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw= +k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= +sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..6c9fd10 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +name: bedrockagentcorecontrol-chart +description: A Helm chart for the ACK service controller for () +version: 0.0.0-non-release-version +appVersion: 0.0.0-non-release-version +home: https://github.com/aws-controllers-k8s/bedrockagentcorecontrol-controller +icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png +sources: + - https://github.com/aws-controllers-k8s/bedrockagentcorecontrol-controller +maintainers: + - name: ACK Admins + url: https://github.com/orgs/aws-controllers-k8s/teams/ack-admin + - name: Admins + url: https://github.com/orgs/aws-controllers-k8s/teams/bedrockagentcorecontrol-maintainer +keywords: + - aws + - kubernetes + - bedrockagentcorecontrol diff --git a/helm/crds/services.k8s.aws_adoptedresources.yaml b/helm/crds/services.k8s.aws_adoptedresources.yaml new file mode 100644 index 0000000..d6cdd10 --- /dev/null +++ b/helm/crds/services.k8s.aws_adoptedresources.yaml @@ -0,0 +1,249 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + name: adoptedresources.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: AdoptedResource + listKind: AdoptedResourceList + plural: adoptedresources + singular: adoptedresource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AdoptedResource is the schema for the AdoptedResource API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AdoptedResourceSpec defines the desired state of the AdoptedResource. + properties: + aws: + description: AWSIdentifiers provide all unique ways to reference an + AWS resource. + properties: + additionalKeys: + additionalProperties: + type: string + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. + type: object + arn: + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. + type: string + nameOrID: + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. + type: string + type: object + kubernetes: + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. + properties: + group: + type: string + kind: + type: string + metadata: + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + type: string + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. + items: + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - group + - kind + type: object + required: + - aws + - kubernetes + type: object + status: + description: AdoptedResourceStatus defines the observed status of the + AdoptedResource. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/helm/crds/services.k8s.aws_fieldexports.yaml b/helm/crds/services.k8s.aws_fieldexports.yaml new file mode 100644 index 0000000..6e2c61e --- /dev/null +++ b/helm/crds/services.k8s.aws_fieldexports.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + name: fieldexports.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: FieldExport + listKind: FieldExportList + plural: fieldexports + singular: fieldexport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FieldExport is the schema for the FieldExport API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FieldExportSpec defines the desired state of the FieldExport. + properties: + from: + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. + properties: + path: + type: string + resource: + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - group + - kind + - name + type: object + required: + - path + - resource + type: object + to: + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. + properties: + key: + description: Key overrides the default value (`.`) + for the FieldExport target + type: string + kind: + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation + enum: + - configmap + - secret + type: string + name: + type: string + namespace: + description: Namespace is marked as optional, so we cannot compose + `NamespacedName` + type: string + required: + - kind + - name + type: object + required: + - from + - to + type: object + status: + description: FieldExportStatus defines the observed status of the FieldExport. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt new file mode 100644 index 0000000..8261ea8 --- /dev/null +++ b/helm/templates/NOTES.txt @@ -0,0 +1,16 @@ +{{ .Chart.Name }} has been installed. +This chart deploys "public.ecr.aws/aws-controllers-k8s/bedrockagentcorecontrol-controller:0.0.0-non-release-version". + +Check its status by running: + kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" + +You are now able to create () resources! + +The controller is running in "{{ .Values.installScope }}" mode. +The controller is configured to manage AWS resources in region: "{{ .Values.aws.region }}" + +Visit https://aws-controllers-k8s.github.io/community/reference/ for an API +reference of all the resources that can be created using this controller. + +For more information on the AWS Controllers for Kubernetes (ACK) project, visit: +https://aws-controllers-k8s.github.io/community/ diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 0000000..9eeeeae --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,103 @@ +{{/* The name of the application this chart installs */}} +{{- define "ack-bedrockagentcorecontrol-controller.app.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ack-bedrockagentcorecontrol-controller.app.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* The name and version as used by the chart label */}} +{{- define "ack-bedrockagentcorecontrol-controller.chart.name-version" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* The name of the service account to use */}} +{{- define "ack-bedrockagentcorecontrol-controller.service-account.name" -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} + +{{- define "ack-bedrockagentcorecontrol-controller.watch-namespace" -}} +{{- if eq .Values.installScope "namespace" -}} +{{ .Values.watchNamespace | default .Release.Namespace }} +{{- end -}} +{{- end -}} + +{{/* The mount path for the shared credentials file */}} +{{- define "ack-bedrockagentcorecontrol-controller.aws.credentials.secret_mount_path" -}} +{{- "/var/run/secrets/aws" -}} +{{- end -}} + +{{/* The path the shared credentials file is mounted */}} +{{- define "ack-bedrockagentcorecontrol-controller.aws.credentials.path" -}} +{{ $secret_mount_path := include "ack-bedrockagentcorecontrol-controller.aws.credentials.secret_mount_path" . }} +{{- printf "%s/%s" $secret_mount_path .Values.aws.credentials.secretKey -}} +{{- end -}} + +{{/* The rules a of ClusterRole or Role */}} +{{- define "ack-bedrockagentcorecontrol-controller.rbac-rules" -}} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + - fieldexports/status + verbs: + - get + - patch + - update +{{- end }} + +{{/* Convert k/v map to string like: "key1=value1,key2=value2,..." */}} +{{- define "ack-bedrockagentcorecontrol-controller.feature-gates" -}} +{{- $list := list -}} +{{- range $k, $v := .Values.featureGates -}} +{{- $list = append $list (printf "%s=%s" $k ( $v | toString)) -}} +{{- end -}} +{{ join "," $list }} +{{- end -}} diff --git a/helm/templates/caches-role-binding.yaml b/helm/templates/caches-role-binding.yaml new file mode 100644 index 0000000..6fe68de --- /dev/null +++ b/helm/templates/caches-role-binding.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-namespaces-cache + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-namespaces-cache +subjects: +- kind: ServiceAccount + name: {{ include "ack-bedrockagentcorecontrol-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-configmaps-cache + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-configmaps-cache +subjects: +- kind: ServiceAccount + name: {{ include "ack-bedrockagentcorecontrol-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} diff --git a/helm/templates/caches-role.yaml b/helm/templates/caches-role.yaml new file mode 100644 index 0000000..3e79c29 --- /dev/null +++ b/helm/templates/caches-role.yaml @@ -0,0 +1,42 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-namespaces-cache + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-configmaps-cache + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/helm/templates/cluster-role-binding.yaml b/helm/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..927cc06 --- /dev/null +++ b/helm/templates/cluster-role-binding.yaml @@ -0,0 +1,52 @@ +{{ if eq .Values.installScope "cluster" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-rolebinding + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "ack-bedrockagentcorecontrol-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-bedrockagentcorecontrol-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ $fullname := include "ack-bedrockagentcorecontrol-controller.app.fullname" . }} +{{ $releaseNamespace := .Release.Namespace }} +{{ $serviceAccountName := include "ack-bedrockagentcorecontrol-controller.service-account.name" . }} +{{ $chartVersion := include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +{{ $appVersion := .Chart.AppVersion | quote }} +{{ range $namespaces }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $fullname }}-{{ . }} + namespace: {{ . }} + labels: + app.kubernetes.io/name: {{ $fullname }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ $appVersion }} + k8s-app: {{ $fullname }} + helm.sh/chart: {{ $chartVersion }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ $fullname }}-{{ . }} +subjects: +- kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $releaseNamespace }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/helm/templates/cluster-role-controller.yaml b/helm/templates/cluster-role-controller.yaml new file mode 100644 index 0000000..dc8e57d --- /dev/null +++ b/helm/templates/cluster-role-controller.yaml @@ -0,0 +1,44 @@ +{{ $labels := .Values.role.labels }} +{{ $appVersion := .Chart.AppVersion | quote }} +{{ $rbacRules := include "ack-bedrockagentcorecontrol-controller.rbac-rules" . }} +{{ $fullname := include "ack-bedrockagentcorecontrol-controller.app.fullname" . }} +{{ $chartVersion := include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +{{ if eq .Values.installScope "cluster" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} + {{- range $key, $value := $labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{$rbacRules }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-bedrockagentcorecontrol-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ range $namespaces }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $fullname }}-{{ . }} + namespace: {{ . }} + labels: + app.kubernetes.io/name: {{ $fullname }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ $appVersion }} + k8s-app: {{ $fullname }} + helm.sh/chart: {{ $chartVersion }} + {{- range $key, $value := $labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{ $rbacRules }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 0000000..3f05938 --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,217 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +{{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: +{{- if .Values.deployment.annotations }} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} +{{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + spec: + serviceAccountName: {{ include "ack-bedrockagentcorecontrol-controller.service-account.name" . }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - command: + - ./bin/controller + args: + - --aws-region + - "$(AWS_REGION)" + - --aws-endpoint-url + - "$(AWS_ENDPOINT_URL)" +{{- if .Values.log.enable_development_logging }} + - --enable-development-logging +{{- end }} + - --log-level + - "$(ACK_LOG_LEVEL)" + - --resource-tags + - "$(ACK_RESOURCE_TAGS)" + - --watch-namespace + - "$(ACK_WATCH_NAMESPACE)" + - --watch-selectors + - "$(ACK_WATCH_SELECTORS)" + - --reconcile-resources + - "$(RECONCILE_RESOURCES)" + - --deletion-policy + - "$(DELETION_POLICY)" +{{- if .Values.leaderElection.enabled }} + - --enable-leader-election + - --leader-election-namespace + - "$(LEADER_ELECTION_NAMESPACE)" +{{- end }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} + - --reconcile-default-resync-seconds + - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)" +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} + - --reconcile-resource-resync-seconds + - "$(RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }})" +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - --reconcile-resource-max-concurrent-syncs + - "$(RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }})" +{{- end }} +{{- if .Values.featureGates}} + - --feature-gates + - "$(FEATURE_GATES)" +{{- end }} + - --enable-carm={{ .Values.enableCARM }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: controller + ports: + - name: http + containerPort: {{ .Values.deployment.containerPort }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AWS_REGION + value: {{ .Values.aws.region }} + - name: AWS_ENDPOINT_URL + value: {{ .Values.aws.endpoint_url | quote }} + - name: ACK_WATCH_NAMESPACE + value: {{ include "ack-bedrockagentcorecontrol-controller.watch-namespace" . }} + - name: ACK_WATCH_SELECTORS + value: {{ .Values.watchSelectors }} + - name: RECONCILE_RESOURCES + value: {{ join "," .Values.reconcile.resources | quote }} + - name: DELETION_POLICY + value: {{ .Values.deletionPolicy }} + - name: LEADER_ELECTION_NAMESPACE + value: {{ .Values.leaderElection.namespace | quote }} + - name: ACK_LOG_LEVEL + value: {{ .Values.log.level | quote }} + - name: ACK_RESOURCE_TAGS + value: {{ join "," .Values.resourceTags | quote }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} + - name: RECONCILE_DEFAULT_RESYNC_SECONDS + value: {{ .Values.reconcile.defaultResyncPeriod | quote }} +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} + - name: RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }} + value: {{ $key }}={{ $value }} +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - name: RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS + value: {{ .Values.reconcile.defaultMaxConcurrentSyncs | quote }} +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - name: RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }} + value: {{ $key }}={{ $value }} +{{- end }} +{{- if .Values.featureGates}} + - name: FEATURE_GATES + value: {{ include "ack-bedrockagentcorecontrol-controller.feature-gates" . }} +{{- end }} + {{- if .Values.aws.credentials.secretName }} + - name: AWS_SHARED_CREDENTIALS_FILE + value: {{ include "ack-bedrockagentcorecontrol-controller.aws.credentials.path" . }} + - name: AWS_PROFILE + value: {{ .Values.aws.credentials.profile }} + {{- end }} + {{- if .Values.deployment.extraEnvVars -}} + {{ toYaml .Values.deployment.extraEnvVars | nindent 8 }} + {{- end }} + {{- if or .Values.aws.credentials.secretName .Values.deployment.extraVolumeMounts }} + volumeMounts: + {{- if .Values.aws.credentials.secretName }} + - name: {{ .Values.aws.credentials.secretName }} + mountPath: {{ include "ack-bedrockagentcorecontrol-controller.aws.credentials.secret_mount_path" . }} + readOnly: true + {{- end }} + {{- if .Values.deployment.extraVolumeMounts -}} + {{ toYaml .Values.deployment.extraVolumeMounts | nindent 10 }} + {{- end }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 10 + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + {{ if .Values.deployment.tolerations -}} + tolerations: {{ toYaml .Values.deployment.tolerations | nindent 8 }} + {{ end -}} + {{ if .Values.deployment.affinity -}} + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + {{ end -}} + {{ if .Values.deployment.priorityClassName -}} + priorityClassName: {{ .Values.deployment.priorityClassName }} + {{ end -}} + hostIPC: false + hostPID: false + hostNetwork: {{ .Values.deployment.hostNetwork }} + dnsPolicy: {{ .Values.deployment.dnsPolicy }} + {{- if or .Values.aws.credentials.secretName .Values.deployment.extraVolumes }} + volumes: + {{- if .Values.aws.credentials.secretName }} + - name: {{ .Values.aws.credentials.secretName }} + secret: + secretName: {{ .Values.aws.credentials.secretName }} + {{- end }} + {{- if .Values.deployment.extraVolumes }} + {{- toYaml .Values.deployment.extraVolumes | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.deployment.strategy }} + strategy: {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/helm/templates/leader-election-role-binding.yaml b/helm/templates/leader-election-role-binding.yaml new file mode 100644 index 0000000..d59055c --- /dev/null +++ b/helm/templates/leader-election-role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.leaderElection.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-leaderelection +{{ if .Values.leaderElection.namespace }} + namespace: {{ .Values.leaderElection.namespace }} +{{ else }} + namespace: {{ .Release.Namespace }} +{{ end }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-leaderelection +subjects: +- kind: ServiceAccount + name: {{ include "ack-bedrockagentcorecontrol-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }}{{- end }} diff --git a/helm/templates/leader-election-role.yaml b/helm/templates/leader-election-role.yaml new file mode 100644 index 0000000..af3672b --- /dev/null +++ b/helm/templates/leader-election-role.yaml @@ -0,0 +1,37 @@ +{{ if .Values.leaderElection.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-leaderelection +{{ if .Values.leaderElection.namespace }} + namespace: {{ .Values.leaderElection.namespace }} +{{ else }} + namespace: {{ .Release.Namespace }} +{{ end }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch{{- end }} diff --git a/helm/templates/metrics-service.yaml b/helm/templates/metrics-service.yaml new file mode 100644 index 0000000..2715d8d --- /dev/null +++ b/helm/templates/metrics-service.yaml @@ -0,0 +1,29 @@ +{{- if .Values.metrics.service.create }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name | trimSuffix "-chart" | trunc 44 }}-controller-metrics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +spec: + selector: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} +{{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + type: {{ .Values.metrics.service.type }} + ports: + - name: metricsport + port: 8080 + targetPort: http + protocol: TCP +{{- end }} diff --git a/helm/templates/role-reader.yaml b/helm/templates/role-reader.yaml new file mode 100644 index 0000000..c495ea5 --- /dev/null +++ b/helm/templates/role-reader.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-reader + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +rules: +- apiGroups: + - bedrockagentcorecontrol.services.k8s.aws + resources: + verbs: + - get + - list + - watch diff --git a/helm/templates/role-writer.yaml b/helm/templates/role-writer.yaml new file mode 100644 index 0000000..b79a840 --- /dev/null +++ b/helm/templates/role-writer.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: {{ include "ack-bedrockagentcorecontrol-controller.app.fullname" . }}-writer + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} +rules: +- apiGroups: + - bedrockagentcorecontrol.services.k8s.aws + resources: + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - bedrockagentcorecontrol.services.k8s.aws + resources: + verbs: + - get + - patch + - update diff --git a/helm/templates/service-account.yaml b/helm/templates/service-account.yaml new file mode 100644 index 0000000..ea4c789 --- /dev/null +++ b/helm/templates/service-account.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-bedrockagentcorecontrol-controller.app.name" . }} + helm.sh/chart: {{ include "ack-bedrockagentcorecontrol-controller.chart.name-version" . }} + name: {{ include "ack-bedrockagentcorecontrol-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $value := .Values.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} diff --git a/helm/values.schema.json b/helm/values.schema.json new file mode 100644 index 0000000..c3f56a0 --- /dev/null +++ b/helm/values.schema.json @@ -0,0 +1,306 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "properties": { + "image": { + "description": "Container Image", + "properties": { + "repository": { + "type": "string", + "minLength": 1 + }, + "tag": { + "type": "string", + "minLength": 1 + }, + "pullPolicy": { + "type": "string", + "enum": ["IfNotPresent", "Always", "Never"] + }, + "pullSecrets": { + "type": "array" + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "fullNameOverride": { + "type": "string" + }, + "deployment": { + "description": "Deployment settings", + "properties": { + "annotations": { + "type": "object" + }, + "labels": { + "type": "object" + }, + "containerPort": { + "type": "integer", + "minimum": 1, + "maximum": 65535 + }, + "replicas": { + "type": "integer" + }, + "nodeSelector": { + "type": "object" + }, + "tolerations": { + "type": "array" + }, + "affinity": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "extraEnvVars": { + "type": "array" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "role": { + "description": "Role settings", + "properties": { + "labels": { + "type": "object" + } + } + }, + "metrics": { + "description": "Metrics settings", + "properties": { + "service": { + "description": "Kubernetes service settings", + "properties": { + "create": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"] + } + }, + "required": [ + "create", + "type" + ], + "type": "object" + } + }, + "required": [ + "service" + ], + "type": "object" + }, + "resources": { + "description": "Kubernetes resources settings", + "properties": { + "requests": { + "description": "Kubernetes resource requests", + "properties": { + "memory": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + }, + "cpu": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + } + }, + "required": [ + "memory", + "cpu" + ], + "type": "object" + }, + "limits": { + "description": "Kubernetes resource limits", + "properties": { + "memory": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + }, + "cpu": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + } + }, + "required": [ + "memory", + "cpu" + ], + "type": "object" + } + }, + "required": [ + "requests", + "limits" + ], + "type": "object" + }, + "aws": { + "description": "AWS API settings", + "properties": { + "region": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "credentials": { + "description": "AWS credentials information", + "properties": { + "secretName": { + "type": "string" + }, + "secretKey": { + "type": "string" + }, + "profile": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "log": { + "description": "Logging settings", + "properties": { + "enable_development_logging": { + "type": "boolean" + }, + "level": { + "type": "string" + } + }, + "type": "object" + }, + "installScope": { + "type": "string", + "enum": ["cluster", "namespace"] + }, + "watchNamespace": { + "type": "string" + }, + "watchSelectors": { + "type": "string" + }, + "resourceTags": { + "type": "array", + "items": { + "type": "string", + "pattern": "(^$|^.*=.*$)" + } + }, + "deletionPolicy": { + "type": "string", + "enum": ["delete", "retain"] + }, + "reconcile": { + "description": "Reconcile settings. This is used to configure the controller's reconciliation behavior. e.g resyncPeriod and maxConcurrentSyncs", + "properties": { + "defaultResyncPeriod": { + "type": "number" + }, + "resourceResyncPeriods": { + "type": "object" + }, + "defaultMaxConcurentSyncs": { + "type": "number" + }, + "resourceMaxConcurrentSyncs": { + "type": "object" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of resource kinds to reconcile. If empty, all resources will be reconciled.", + "default": [] + } + }, + "type": "object" + }, + "leaderElection": { + "description": "Parameter to configure the controller's leader election system.", + "properties": { + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "enableCARM": { + "description": "Parameter to enable or disable cross account resource management.", + "type": "boolean", + "default": true + }, + "serviceAccount": { + "description": "ServiceAccount settings", + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "annotations": { + "type": "object" + } + }, + "type": "object" + } + }, + "featureGates": { + "description": "Feature gates settings", + "type": "object", + "additionalProperties": { + "type": "boolean" + } + }, + "required": [ + "image", + "deployment", + "metrics", + "resources", + "log", + "installScope", + "resourceTags", + "serviceAccount" + ], + "title": "Values", + "type": "object" +} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000..80bb110 --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,183 @@ +# Default values for ack-bedrockagentcorecontrol-controller. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: public.ecr.aws/aws-controllers-k8s/bedrockagentcorecontrol-controller + tag: 0.0.0-non-release-version + pullPolicy: IfNotPresent + pullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +deployment: + annotations: {} + labels: {} + containerPort: 8080 + # Number of Deployment replicas + # This determines how many instances of the controller will be running. It's recommended + # to enable leader election if you need to increase the number of replicas > 1 + replicas: 1 + # Which nodeSelector to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: + kubernetes.io/os: linux + # Which tolerations to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + tolerations: [] + # What affinity to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + # Which priorityClassName to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority + priorityClassName: "" + # Specifies the hostname of the Pod. + # If not specified, the pod's hostname will be set to a system-defined value. + hostNetwork: false + # Set DNS policy for the pod. + # Defaults to "ClusterFirst". + # Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + # To have DNS options set along with hostNetwork, you have to specify DNS policy + # explicitly to 'ClusterFirstWithHostNet'. + dnsPolicy: ClusterFirst + # Set rollout strategy for deployment. + # See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + strategy: {} + extraVolumes: [] + extraVolumeMounts: [] + + # Additional server container environment variables + # + # You specify this manually like you would a raw deployment manifest. + # This means you can bind in environment variables from secrets. + # + # e.g. static environment variable: + # - name: DEMO_GREETING + # value: "Hello from the environment" + # + # e.g. secret environment variable: + # - name: USERNAME + # valueFrom: + # secretKeyRef: + # name: mysecret + # key: username + extraEnvVars: [] + + +# If "installScope: cluster" then these labels will be applied to ClusterRole +role: + labels: {} + +metrics: + service: + # Set to true to automatically create a Kubernetes Service resource for the + # Prometheus metrics server endpoint in controller + create: false + # Which Type to use for the Kubernetes Service? + # See: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: "ClusterIP" + +resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +aws: + # If specified, use the AWS region for AWS API calls + region: "" + endpoint_url: "" + credentials: + # If specified, Secret with shared credentials file to use. + secretName: "" + # Secret stringData key that contains the credentials + secretKey: "credentials" + # Profile used for AWS credentials + profile: "default" + +# log level for the controller +log: + enable_development_logging: false + level: info + +# Set to "namespace" to install the controller in a namespaced scope, will only +# watch for object creation in the namespace. By default installScope is +# cluster wide. +installScope: cluster + +# Set the value of the "namespace" to be watched by the controller +# This value is only used when the `installScope` is set to "namespace". If left empty, the default value is the release namespace for the chart. +# You can set multiple namespaces by providing a comma separated list of namespaces. e.g "namespace1,namespace2" +watchNamespace: "" + +# Set the value of labelsSelectors to be used by the controller to filter the resources to watch. +# You can set multiple labelsSelectors by providing a comma separated list of a=b arguments. e.g "label1=value1,label2=value2" +watchSelectors: "" + +resourceTags: + # Configures the ACK service controller to always set key/value pairs tags on + # resources that it manages. + - services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION% + - services.k8s.aws/namespace=%K8S_NAMESPACE% + +# Set to "retain" to keep all AWS resources intact even after the K8s resources +# have been deleted. By default, the ACK controller will delete the AWS resource +# before the K8s resource is removed. +deletionPolicy: delete + +# controller reconciliation configurations +reconcile: + # The default duration, in seconds, to wait before resyncing desired state of custom resources. + defaultResyncPeriod: 36000 # 10 Hours + # An object representing the reconcile resync configuration for each specific resource. + resourceResyncPeriods: {} + + # The default number of concurrent syncs that a reconciler can perform. + defaultMaxConcurrentSyncs: 1 + # An object representing the reconcile max concurrent syncs configuration for each specific + # resource. + resourceMaxConcurrentSyncs: {} + + # Set the value of resources to specify which resource kinds to reconcile. + # If empty, all resources will be reconciled. + # If specified, only the listed resource kinds will be reconciled. + resources: + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + name: ack-bedrockagentcorecontrol-controller + annotations: {} + # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME + +# Configuration of the leader election. Required for running multiple instances of the +# controller within the same cluster. +# See https://kubernetes.io/docs/concepts/architecture/leases/#leader-election +leaderElection: + # Enable Controller Leader Election. Set this to true to enable leader election + # for this controller. + enabled: false + # Leader election can be scoped to a specific namespace. By default, the controller + # will attempt to use the namespace of the service account mounted to the Controller + # pod. + namespace: "" + +# Enable Cross Account Resource Management (default = true). Set this to false to disable cross account resource management. +enableCARM: true + +# Configuration for feature gates. These are optional controller features that +# can be individually enabled ("true") or disabled ("false") by adding key/value +# pairs below. +featureGates: + # Enables the Service level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + ServiceLevelCARM: false + # Enables the Team level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + TeamLevelCARM: false + # Enable ReadOnlyResources feature/annotation. + ReadOnlyResources: true + # Enable ResourceAdoption feature/annotation. + ResourceAdoption: true \ No newline at end of file diff --git a/metadata.yaml b/metadata.yaml new file mode 100644 index 0000000..e2e8c61 --- /dev/null +++ b/metadata.yaml @@ -0,0 +1,8 @@ +service: + full_name: Amazon Bedrock Agent Core Control + short_name: Bedrock Agent Core Control + link: https://docs.aws.amazon.com/bedrock-agentcore/ + documentation: https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/Welcome.html +api_versions: + - api_version: v1alpha1 + status: available diff --git a/olm/olmconfig.yaml b/olm/olmconfig.yaml new file mode 100644 index 0000000..700758f --- /dev/null +++ b/olm/olmconfig.yaml @@ -0,0 +1,33 @@ +# This configuration is a placeholder. Replace any values with relevant values for your +# service controller project. +--- +annotations: + capabilityLevel: Basic Install + shortDescription: + Amazon Bedrock Agent Core Control controller is a service controller for managing Bedrock Agent Core Control resources + in Kubernetes +displayName: AWS Controllers for Kubernetes - Amazon Bedrock Agent Core Control +description: |- + Manage Amazon Bedrock Agent Core Control resources in AWS from within your Kubernetes cluster. + + + **About Amazon Bedrock Agent Core Control** + + + Amazon Bedrock Agent Core Control is a fully managed service that makes it easy to build and scale generative AI applications. With Bedrock, you can access foundation models from leading AI companies, customize them with your own data, and integrate them into your applications. + + + **About the AWS Controllers for Kubernetes** + + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) + project. This project is currently in **developer preview**. +samples: + - kind: UserPool + spec: "{}" +maintainers: + - name: "bedrockagentcorecontrol maintainer team" + email: "ack-maintainers@amazon.com" +links: + - name: Amazon Bedrock Agent Core Control Developer Resources + url: https://aws.amazon.com/bedrock/dev-resources/ diff --git a/pkg/resource/registry.go b/pkg/resource/registry.go new file mode 100644 index 0000000..3f3aa28 --- /dev/null +++ b/pkg/resource/registry.go @@ -0,0 +1,45 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package resource + +import ( + ackrt "github.com/aws-controllers-k8s/runtime/pkg/runtime" + acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" +) + +// +kubebuilder:rbac:groups=services.k8s.aws,resources=adoptedresources,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=services.k8s.aws,resources=adoptedresources/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=services.k8s.aws,resources=fieldexports,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=services.k8s.aws,resources=fieldexports/status,verbs=get;update;patch +// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch +// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;patch +// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;patch + +var ( + reg = ackrt.NewRegistry() +) + +// GetManagerFactories returns a slice of resource manager factories that are +// registered with this package +func GetManagerFactories() []acktypes.AWSResourceManagerFactory { + return reg.GetResourceManagerFactories() +} + +// RegisterManagerFactory registers a resource manager factory with the +// package's registry +func RegisterManagerFactory(f acktypes.AWSResourceManagerFactory) { + reg.RegisterResourceManagerFactory(f) +} diff --git a/pkg/version/version.go b/pkg/version/version.go new file mode 100644 index 0000000..de0f243 --- /dev/null +++ b/pkg/version/version.go @@ -0,0 +1,22 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +// Code generated by ack-generate. DO NOT EDIT. + +package version + +var ( + GitVersion string + GitCommit string + BuildDate string +) diff --git a/templates/.gitkeep b/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/test/e2e/.gitignore b/test/e2e/.gitignore new file mode 100644 index 0000000..92c35a4 --- /dev/null +++ b/test/e2e/.gitignore @@ -0,0 +1,4 @@ +__pycache__/ +*.py[cod] +**/bootstrap.yaml +**/bootstrap.pkl diff --git a/test/e2e/__init__.py b/test/e2e/__init__.py new file mode 100644 index 0000000..5fd737d --- /dev/null +++ b/test/e2e/__init__.py @@ -0,0 +1,34 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You may +# not use this file except in compliance with the License. A copy of the +# License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +import pytest +from typing import Dict, Any +from pathlib import Path + +from acktest.resources import load_resource_file + +SERVICE_NAME = "bedrockagentcorecontrol" +CRD_GROUP = "bedrockagentcorecontrol.services.k8s.aws" +CRD_VERSION = "v1alpha1" + +# PyTest marker for the current service +service_marker = pytest.mark.service(arg=SERVICE_NAME) + +bootstrap_directory = Path(__file__).parent +resource_directory = Path(__file__).parent / "resources" + +def load_bedrockagentcorecontrol_resource(resource_name: str, additional_replacements: Dict[str, Any] = {}): + """ Overrides the default `load_resource_file` to access the specific resources + directory for the current service. + """ + return load_resource_file(resource_directory, resource_name, additional_replacements=additional_replacements) diff --git a/test/e2e/bootstrap_resources.py b/test/e2e/bootstrap_resources.py new file mode 100644 index 0000000..450a769 --- /dev/null +++ b/test/e2e/bootstrap_resources.py @@ -0,0 +1,32 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You may +# not use this file except in compliance with the License. A copy of the +# License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +"""Declares the structure of the bootstrapped resources and provides a loader +for them. +""" + +from dataclasses import dataclass +from acktest.bootstrapping import Resources +from e2e import bootstrap_directory + +@dataclass +class BootstrapResources(Resources): + pass + +_bootstrap_resources = None + +def get_bootstrap_resources(bootstrap_file_name: str = "bootstrap.pkl") -> BootstrapResources: + global _bootstrap_resources + if _bootstrap_resources is None: + _bootstrap_resources = BootstrapResources.deserialize(bootstrap_directory, bootstrap_file_name=bootstrap_file_name) + return _bootstrap_resources diff --git a/test/e2e/conftest.py b/test/e2e/conftest.py new file mode 100644 index 0000000..aed8221 --- /dev/null +++ b/test/e2e/conftest.py @@ -0,0 +1,45 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You may +# not use this file except in compliance with the License. A copy of the +# License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +import boto3 +import pytest + +from acktest import k8s + +def pytest_addoption(parser): + parser.addoption("--runslow", action="store_true", default=False, help="run slow tests") + +def pytest_configure(config): + config.addinivalue_line( + "markers", "service(arg): mark test associated with a given service" + ) + config.addinivalue_line( + "markers", "slow: mark test as slow to run" + ) + +def pytest_collection_modifyitems(config, items): + if config.getoption("--runslow"): + return + skip_slow = pytest.mark.skip(reason="need --runslow option to run") + for item in items: + if "slow" in item.keywords: + item.add_marker(skip_slow) + +# Provide a k8s client to interact with the integration test cluster +@pytest.fixture(scope='class') +def k8s_client(): + return k8s._get_k8s_api_client() + +@pytest.fixture(scope='module') +def bedrockagentcorecontrol_client(): + return boto3.client('bedrock-agentcore-control') diff --git a/test/e2e/replacement_values.py b/test/e2e/replacement_values.py new file mode 100644 index 0000000..e2f83bd --- /dev/null +++ b/test/e2e/replacement_values.py @@ -0,0 +1,18 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You may +# not use this file except in compliance with the License. A copy of the +# License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +"""Stores the values used by each of the integration tests for replacing the +Bedrock Agent Core Control-specific test variables. +""" + +REPLACEMENT_VALUES = { +} diff --git a/test/e2e/requirements.txt b/test/e2e/requirements.txt new file mode 100644 index 0000000..3108f42 --- /dev/null +++ b/test/e2e/requirements.txt @@ -0,0 +1 @@ +acktest @ git+https://github.com/aws-controllers-k8s/test-infra.git@1447a1d39a79afa23f48e2a5d8b30ecd248ee05b diff --git a/test/e2e/resources/.gitkeep b/test/e2e/resources/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/test/e2e/service_bootstrap.py b/test/e2e/service_bootstrap.py new file mode 100644 index 0000000..d51b7da --- /dev/null +++ b/test/e2e/service_bootstrap.py @@ -0,0 +1,39 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You may +# not use this file except in compliance with the License. A copy of the +# License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +"""Bootstraps the resources required to run the Bedrock Agent Core Control integration tests. +""" +import logging + +from acktest.bootstrapping import Resources, BootstrapFailureException + +from e2e import bootstrap_directory +from e2e.bootstrap_resources import BootstrapResources + +def service_bootstrap() -> Resources: + logging.getLogger().setLevel(logging.INFO) + + resources = BootstrapResources( + # TODO: Add bootstrapping when you have defined the resources + ) + + try: + resources.bootstrap() + except BootstrapFailureException as ex: + exit(254) + + return resources + +if __name__ == "__main__": + config = service_bootstrap() + # Write config to current directory by default + config.serialize(bootstrap_directory) diff --git a/test/e2e/service_cleanup.py b/test/e2e/service_cleanup.py new file mode 100644 index 0000000..d765f51 --- /dev/null +++ b/test/e2e/service_cleanup.py @@ -0,0 +1,30 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You may +# not use this file except in compliance with the License. A copy of the +# License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +"""Cleans up the resources created by the bootstrapping process. +""" + +import logging + +from acktest.bootstrapping import Resources + +from e2e import bootstrap_directory + +def service_cleanup(): + logging.getLogger().setLevel(logging.INFO) + + resources = Resources.deserialize(bootstrap_directory) + resources.cleanup() + +if __name__ == "__main__": + service_cleanup() diff --git a/test/e2e/tests/.gitkeep b/test/e2e/tests/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/test/e2e/tests/__init__.py b/test/e2e/tests/__init__.py new file mode 100644 index 0000000..97b6b43 --- /dev/null +++ b/test/e2e/tests/__init__.py @@ -0,0 +1,12 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You may +# not use this file except in compliance with the License. A copy of the +# License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License.