diff --git a/.github/.yamllint.config.yaml b/.github/.yamllint.config.yaml new file mode 100644 index 0000000..90f18b6 --- /dev/null +++ b/.github/.yamllint.config.yaml @@ -0,0 +1,46 @@ +--- +# Default configuration https://yamllint.readthedocs.io/en/stable/configuration.html +yaml-files: + - '*.yaml' + - '*.yml' + - '.yamllint' + +rules: + anchors: enable + braces: enable + brackets: enable + colons: enable + commas: enable + comments: + level: warning + min-spaces-from-content: 1 + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: #disable + forbid-in-block-mappings: true + forbid-in-flow-mappings: true + float-values: disable + hyphens: enable + indentation: #enable + spaces: consistent + indent-sequences: whatever + check-multi-line-strings: false + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: enable + new-lines: enable + octal-values: disable + quoted-strings: disable + # quote-type: double + # required: true + # extra-required: [] + # extra-allowed: [] + # allow-quoted-quotes: false + trailing-spaces: enable + truthy: + level: warning \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..7457664 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,16 @@ +--- +name: Bug Report +about: Report a bug +labels: kind/bug + +--- + +**What happened**: + +**What you expected to happen**: + +**How to reproduce it (as minimally and precisely as possible)**: + +**Anything else we need to know**: + +**Environment**: diff --git a/.github/ISSUE_TEMPLATE/enhancement_request.md b/.github/ISSUE_TEMPLATE/enhancement_request.md new file mode 100644 index 0000000..5bae8cd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement_request.md @@ -0,0 +1,10 @@ + --- +name: Enhancement Request +about: Suggest an enhancement +labels: kind/enhancement + +--- + +**What would you like to be added**: + +**Why is this needed**: diff --git a/.github/actions/git-release-create/action.yml b/.github/actions/git-release-create/action.yml new file mode 100644 index 0000000..c9086c7 --- /dev/null +++ b/.github/actions/git-release-create/action.yml @@ -0,0 +1,40 @@ +name: "Helm Chart Release Tag" +description: "Generates release notes and creates a new GitHub release for a Helm Chart tag" + +runs: + using: "composite" + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Print commit SHA + shell: bash + run: echo ${{ github.sha }} + - name: Tag modified Helm Chart + shell: bash + run: | + set +e + ${GITHUB_ACTION_PATH}/git-release-fix.sh &> ${GITHUB_WORKSPACE}/bash_output.txt + env: + COMMIT_HASH: ${{ github.sha }} + + - name: Bash Output + shell: bash + if: always() + run: | + if [ -f "${GITHUB_WORKSPACE}/bash_output.txt" ]; then + echo "::group:: Bash Script Output" + cat ${GITHUB_WORKSPACE}/bash_output.txt + echo "::endgroup::" + fi + + if [ -f "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" ]; then + echo "::group:: PR Status Check Human Friendly Output" + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" + echo "::endgroup::" + fi + + if [ -f "${GITHUB_WORKSPACE}/github-workflow-commands.txt" ]; then + cat "${GITHUB_WORKSPACE}/github-workflow-commands.txt" + fi diff --git a/.github/actions/git-release-create/git-release-fix.sh b/.github/actions/git-release-create/git-release-fix.sh new file mode 100755 index 0000000..9f913d5 --- /dev/null +++ b/.github/actions/git-release-create/git-release-fix.sh @@ -0,0 +1,50 @@ +#!/bin/bash +################################################################### +# Script Name : github release create +# Description : This script fetches all Git tags, checks if a GitHub release already exists for +# each tag, and if not, generates release notes and creates a new GitHub release +# for the tag. It searches for a previous tag that starts with the same name as the +# current tag but has a lower semantic version. +# Args : - +# Hint : This script is not meant for any pipeline just for cleanup! +################################################################### +set +e + +# Fetch all tags from the remote +gh auth status + +git fetch --tags + +# Get all tags +tags=$(git tag) + +# Fetch all existing releases +existing_releases=$(gh release list --limit 99999 --json tagName --jq '.[].tagName') + +# Loop through each tag +for tag in $tags; do + if echo "$existing_releases" | grep -q "^$tag$"; then + echo "Release for tag $tag already exists. Skipping..." + continue + fi + + # Find the previous tag with the same prefix but lower semantic version + previous_tag="" + prefix="" + prefix=$(echo "$tag" | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+)$//') + previous_tag=$(git tag -l "${prefix}*" | sort -V | grep -B1 "$tag" | head -n 1) + + release_notes="" + # Generate release notes using the GitHub CLI + if [ -n "$previous_tag" ] && [ "$previous_tag" != "$tag" ]; then + release_notes=$(gh api repos/:owner/:repo/releases/generate-notes -f tag_name="$tag" -f previous_tag_name="$previous_tag" -q '.body') + printf 'tag: %s != previous_tag: %s \n %s' "$tag" "$previous_tag" "$release_notes" + else + release_notes=$(gh api repos/:owner/:repo/releases/generate-notes -f tag_name="$tag" -q '.body') + printf 'tag: %s == previous_tag: %s \n %s' "$tag" "$previous_tag" "$release_notes" + fi + + # Create a release for each tag + gh release create "$tag" --title "$tag" --notes "$release_notes" --verify-tag --latest=false + +done diff --git a/.github/actions/git-tag-modified-helm-chart/action.yml b/.github/actions/git-tag-modified-helm-chart/action.yml new file mode 100644 index 0000000..675748c --- /dev/null +++ b/.github/actions/git-tag-modified-helm-chart/action.yml @@ -0,0 +1,40 @@ +name: 'Tag modified Helm Chart' +description: 'Create Git Tag for every modified Helm Chart' + +runs: + using: "composite" + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Print commit SHA + shell: bash + run: echo ${{ github.sha }} + - name: Tag modified Helm Chart + shell: bash + run: | + set +e + ${GITHUB_ACTION_PATH}/git-tag-modified-helm-chart.sh &> ${GITHUB_WORKSPACE}/bash_output.txt + env: + COMMIT_HASH: ${{ github.sha }} + + - name: Bash Output + shell: bash + if: always() + run: | + if [ -f "${GITHUB_WORKSPACE}/bash_output.txt" ]; then + echo "::group:: Bash Script Output" + cat ${GITHUB_WORKSPACE}/bash_output.txt + echo "::endgroup::" + fi + + if [ -f "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" ]; then + echo "::group:: PR Status Check Human Friendly Output" + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" + echo "::endgroup::" + fi + + if [ -f "${GITHUB_WORKSPACE}/github-workflow-commands.txt" ]; then + cat "${GITHUB_WORKSPACE}/github-workflow-commands.txt" + fi \ No newline at end of file diff --git a/.github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh b/.github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh new file mode 100755 index 0000000..aac3899 --- /dev/null +++ b/.github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh @@ -0,0 +1,112 @@ +#!/bin/bash +################################################################### +#Script Name : git tag modified helm chart +#Description : creates a git tag for each modified helm chart +#Args : - +#Hint : Only works with Helm Chart Version compare +################################################################### +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +# shellcheck disable=SC1091 +source "$SCRIPT_DIR"/../shared-variables.sh + +declare resultPwd exitCode + +set +e +echo "The script you are running has:" +echo "basename: [$(basename "$0")]" +echo "dirname : [$(dirname "$0")]" +echo "pwd : [$(pwd)]" + +declare -a filesToRemove=("pr-status-check-human-friendly.txt" "modified_files.txt") +REMOVE_FILES_IF_EXISTS "$resultPwd" "${filesToRemove[@]}" +################################################################### +if [ -z "$COMMIT_HASH" ]; then + COMMIT_HASH="89b624080bb62e7f5ac340d81fef96c9d6446d22" + echo "!!! WARNING: \$COMMIT_HASH NEEDS TO BE SET e.g. Default set COMMIT_HASH=${COMMIT_HASH}! \"export COMMIT_HASH=${COMMIT_HASH}\"!!!" + exit 1 +fi + + +################################################################### +# Function to print a row with fixed-width columns +print_row() { + printf "%-70s %-50s %-15s %-15s\n" "$1" "$2" "$3" "$4" +} + +git_tag_check() { + local tag=$1 + git rev-parse -q --verify "refs/tags/$tag" &>/dev/null +} +################################################################### + +# List modified files of commit +git diff-tree --no-commit-id --name-only -r "$COMMIT_HASH" >modified_files.txt +# shellcheck disable=SC2181 +if [ $? != 0 ]; then + exit 1 +fi +# Iterate over the array of paths with filenames and extract the directory paths +unique_paths=() +while IFS= read -r path; do + + dir=$(dirname "$path") + + if [[ "$dir" == *templates ]]; then + dir=${dir%/*} + fi + dir=${dir%*/templates*} # retain the part before "/templates" + + if [ -f "$dir/Chart.yaml" ] || [ -f "$dir/Chart.yml" ]; then + unique_paths+=("$dir") + fi +done <"modified_files.txt" + +if [ ${#unique_paths[@]} -eq 0 ]; then + echo -e "No Helm Charts have been modified!\n" + echo -e "List of Modified files:" + cat "modified_files.txt" + exit "$exitCode" +fi + +# Sort and remove duplicates from the list of paths +# shellcheck disable=SC2207 +unique_paths=($(echo "${unique_paths[@]}" | tr ' ' '\n' | sort -u)) +{ + # Header row + printf "%-70s %-50s %-15s %-15s\n" "Modified Helm Chart:" "Name:" "Version:" "Status:" + + git checkout "$COMMIT_HASH" + + for helmChart in "${unique_paths[@]}"; do + chartVersion=$(yq -r eval '.version' "$helmChart/Chart.yaml") + chartName=$(yq -r eval '.name' "$helmChart/Chart.yaml") + gitTag="$chartName-$chartVersion" + if git_tag_check "$gitTag"; then + print_row "$helmChart" "$chartName" "$chartVersion" "-" + else + + git tag "$gitTag" "$COMMIT_HASH" + # shellcheck disable=SC2181 + if [ $? != 0 ]; then + print_row "$helmChart" "$chartName" "$chartVersion" "ERROR: git tag $gitTag" + exit 1 + fi + + git push origin "$gitTag" + # shellcheck disable=SC2181 + if [ $? != 0 ]; then + print_row "$helmChart" "$chartName" "$chartVersion" "ERROR: git push origin $gitTag" + exit 1 + fi + + print_row "$helmChart" "$chartName" "$chartVersion" "git tagged&pushed $gitTag" + + fi + + done + +} >>"$resultPwd/pr-status-check-human-friendly.txt" + +cat "$resultPwd/pr-status-check-human-friendly.txt" + +exit "$exitCode" diff --git a/.github/actions/shared-variables.sh b/.github/actions/shared-variables.sh new file mode 100755 index 0000000..587ddce --- /dev/null +++ b/.github/actions/shared-variables.sh @@ -0,0 +1,52 @@ +#!/bin/bash +################################################################### +#Script Name : +#Description : +#Args : - +#Hint : +################################################################### +set -e +resultPwd=$(pwd) +helmChartListingFileName="helm-charts-templated.yaml" +emptyManifestString="WARNING: This chart is deprecated" +newLineString="-------------------------------------------------------------------------------------------------------------------------" +msgHelpStart="" +#msgEverythingIsFine="/人◕ __ ◕人\ Everything seems to be all right (⌐⊙_⊙)" +msgEverythingIsFine="☺ √" +exitCode=0 +# Define color escape codes +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[0;33m' +BLUE='\033[0;34m' +BOLD='\033[1m' +UNDERLINE='\033[4m' +REVERSE='\033[7m' +RESET='\033[0m' # Reset color +################################################################### +declare -a filesToRemove=("pr-status-check-human-friendly.txt" "github-workflow-commands.txt") +################################################################### +function REMOVE_FILES_IF_EXISTS { + arr=("$@") + for fileToRemove in "${arr[@]}" + do + if [ -f "$1/$fileToRemove" ]; then + rm "$1/$fileToRemove" + #echo "removed $1/$fileToRemove" + fi + done +} +function ASSERT_FILE_EXISTS_WITH_MSG { + if [ ! -f "$1/$2" ]; then + echo "!! ERROR missing file $1/$2 !!$3" + exit 1 + fi +} +################################################################### +if [ -n "$GITHUB_WORKSPACE" ]; then + cd "$GITHUB_WORKSPACE" || exit + resultPwd=$GITHUB_WORKSPACE +fi +REMOVE_FILES_IF_EXISTS "$resultPwd" "${filesToRemove[@]}" +################################################################### +export helmChartListingFileName emptyManifestString newLineString exitCode resultPwd helmChartListTemplatedManifestsFileName msgHelpStart msgEverythingIsFine RED GREEN YELLOW BLUE BOLD UNDERLINE RESET REVERSE \ No newline at end of file diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..f4e003b --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,37 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + ":prImmediately", + ":prHourlyLimitNone", + ":prConcurrentLimitNone", + ":label(renovate)", + ":separateMultipleMajorReleases", + ":separatePatchReleases", + ":enableVulnerabilityAlertsWithLabel(security)", + ":dependencyDashboard", + ":semanticCommits" + ], + "assignees": [ + "I540484" + ], + "timezone": "Europe/Berlin", + "semanticCommitType": "chore", + "semanticCommitScope": "deps", + "automerge": true, + "automergeType": "pr", + "automergeStrategy": "squash", + "platformAutomerge": true, + "rebaseWhen": "auto", + "packageRules": [ + { + "matchUpdateTypes": [ + "minor", + "patch", + "pin", + "digest" + ], + "automerge": true + } + ] +} diff --git a/.github/workflows/git-pr-status-checks.yml b/.github/workflows/git-pr-status-checks.yml new file mode 100644 index 0000000..494a085 --- /dev/null +++ b/.github/workflows/git-pr-status-checks.yml @@ -0,0 +1,26 @@ +name: PR Status Checks + +on: + workflow_call: {} + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write + +jobs: + pr-status-check: + uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@chore/os_preparations" + with: + HELM_OCI_REGISTRY: 'ghcr.io' + BUILDING_BLOCKS_GIT_REPO_URL: 'https://github.com/openmcp-project/blueprint-building-blocks.git' + secrets: + HELM_REPO_USERNAME: "${{ secrets.GITHUB_TOKEN }}" + HELM_REPO_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/git-release-create.yml b/.github/workflows/git-release-create.yml new file mode 100644 index 0000000..04b1ba1 --- /dev/null +++ b/.github/workflows/git-release-create.yml @@ -0,0 +1,21 @@ +name: Helm Chart Release Tag + +on: + workflow_call: {} + workflow_dispatch: {} + + + +jobs: + git-release-create: + name: Helm Chart Release Tag + runs-on: ubuntu-latest + steps: + - name: Login to GitHub Enterprise with token + run: | + env + gh version + echo ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} | gh auth login --with-token + + - name: Create Github Releases for Helm Chart Tags + uses: openmcp-project/blueprint-building-blocks/.github/actions/git-release-create@main \ No newline at end of file diff --git a/.github/workflows/git-tag-modified-helm-chart.yml b/.github/workflows/git-tag-modified-helm-chart.yml new file mode 100644 index 0000000..a4df887 --- /dev/null +++ b/.github/workflows/git-tag-modified-helm-chart.yml @@ -0,0 +1,15 @@ +name: Tag modified Helm Chart + +on: + workflow_call: {} + +permissions: + contents: write # to be able to publish a GitHub release + id-token: write # to enable use of OIDC for npm provenance + +jobs: + git-tag-modified-helm-chart: + name: Tag modified Helm Chart + runs-on: ubuntu-latest + steps: + - uses: openmcp-project/blueprint-building-blocks/.github/actions/git-tag-modified-helm-chart@main \ No newline at end of file diff --git a/.github/workflows/helm-charts-release-to-gh-oci.yml b/.github/workflows/helm-charts-release-to-gh-oci.yml new file mode 100644 index 0000000..520ead6 --- /dev/null +++ b/.github/workflows/helm-charts-release-to-gh-oci.yml @@ -0,0 +1,37 @@ +name: Release Charts + +on: + workflow_call: {} + workflow_dispatch: {} + +jobs: + release: + permissions: + contents: write + packages: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.7.0 + with: + charts_dir: helm/charts + env: + CR_GENERATE_RELEASE_NOTES: true + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Upload to OCI-based registry + run: | + if [ -d ".cr-release-packages" ]; then + helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} + find .cr-release-packages/ -name *.tgz -exec helm push {} oci://ghcr.io/openmcp-project \; + fi diff --git a/.github/workflows/pr-status-checks-workflow-call-fork.yml b/.github/workflows/pr-status-checks-workflow-call-fork.yml new file mode 100644 index 0000000..e769868 --- /dev/null +++ b/.github/workflows/pr-status-checks-workflow-call-fork.yml @@ -0,0 +1,29 @@ +name: PR Status Checks Forks + +on: + pull_request_target: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write + +jobs: + pr-status-check: + if: ${{ github.event.pull_request.head.repo.full_name != 'openmcp-project/blueprint-building-blocks' }} + uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@chore/os_preparations" + with: + HELM_OCI_REGISTRY: 'ghcr.io' + BUILDING_BLOCKS_GIT_REPO_URL: 'https://github.com/openmcp-project/blueprint-building-blocks.git' + secrets: + HELM_REPO_USERNAME: "${{ secrets.GITHUB_TOKEN }}" + HELM_REPO_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-status-checks-workflow-call.yml b/.github/workflows/pr-status-checks-workflow-call.yml new file mode 100644 index 0000000..5b3a2a8 --- /dev/null +++ b/.github/workflows/pr-status-checks-workflow-call.yml @@ -0,0 +1,29 @@ +name: PR Status Checks + +on: + pull_request: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write + +jobs: + pr-status-check: + if: ${{ github.event.pull_request.head.repo.full_name == 'openmcp-project/blueprint-building-blocks' }} + uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@chore/os_preparations" + with: + HELM_OCI_REGISTRY: 'ghcr.io' + BUILDING_BLOCKS_GIT_REPO_URL: 'https://github.com/openmcp-project/blueprint-building-blocks.git' + secrets: + HELM_REPO_USERNAME: "${{ secrets.GITHUB_TOKEN }}" + HELM_REPO_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..02a4cee --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,55 @@ +name: Semantic Release + +on: + workflow_dispatch: {} + push: + branches: + - main + +permissions: + contents: write # to be able to publish a GitHub release + id-token: write # to enable use of OIDC for npm provenance + +jobs: + git-tag-modify-helm-chart: + name: Helm Chart Github Tags + uses: "openmcp-project/blueprint-building-blocks/.github/workflows/git-tag-modified-helm-chart.yml@main" + secrets: inherit + release: + name: Release + runs-on: ubuntu-latest + permissions: + contents: write # to be able to publish a GitHub release + issues: write # to be able to comment on released issues + pull-requests: write # to be able to comment on released pull requests + id-token: write # to enable use of OIDC for npm provenance + packages: write # to be able to publish a GitHub Packages + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: ">=20.8" + check-latest: true + - name: Install dependencies + run: | + npm install semantic-release + npm install @semantic-release/changelog + npm install conventional-changelog-conventionalcommits + npm install @semantic-release/git + env: + GITHUB_TOKEN: ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} + - name: Release + env: + GITHUB_TOKEN: ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} + run: npx semantic-release + git-release-create: + uses: "openmcp-project/blueprint-building-blocks/.github/workflows/gh-pages-release.yml@main" + name: Helm Chart Github Releases + needs: release + secrets: inherit + \ No newline at end of file diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml new file mode 100644 index 0000000..26c09ef --- /dev/null +++ b/.github/workflows/shellcheck.yaml @@ -0,0 +1,103 @@ +# This is a basic workflow to help you get started with Actions +name: Shell Check + +# Controls when the workflow will run +on: + workflow_call: + pull_request: + paths-ignore: + - '**/Chart.yaml' + - '**/README.md' + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +env: + VERSION: "0.9.0" + BASH_SCRIPT: "shellcheck.sh" + BASH_SCRIPT_INSTALL: "shellcheck-install.sh" + BASH_SCRIPT_RESULT: 0 + MESSAGE_HEADER: "Shell Check" + MESSAGE: "" + +permissions: + pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write + +jobs: + shellcheck: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v4 + - name: Setup + id: "setup" + shell: bash + env: + VERSION: ${{ env.VERSION }} + run: | + ${GITHUB_WORKSPACE}/scripts/ci/${{ env.BASH_SCRIPT_INSTALL }} + - name: Shell Check + id: "shell-check" + shell: bash + env: + VERSION: ${{ env.VERSION }} + run: | + set +e + ${GITHUB_WORKSPACE}/scripts/ci/${{ env.BASH_SCRIPT }} &> bash_output.txt + echo "BASH_SCRIPT_RESULT=$?" >> "$GITHUB_ENV" + + # https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings + echo 'MESSAGE<> $GITHUB_ENV + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + + echo "::group:: Bash Script Output" + cat bash_output.txt + echo "::endgroup::" + - if: env.BASH_SCRIPT_RESULT == 0 + name: "Remove Sticky Pull Request Comment" + uses: marocchino/sticky-pull-request-comment@v2.9.1 + with: + header: ":star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision:" + delete: true + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Workflow Commands" + shell: bash + run: | + if [ -f "${GITHUB_WORKSPACE}/github-workflow-commands.txt" ]; then + cat "${GITHUB_WORKSPACE}/github-workflow-commands.txt" + fi + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Add Sticky Pull Request Comment" + uses: marocchino/sticky-pull-request-comment@v2.9.1 + with: + recreate: true + header: ":star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision:" + message: | + ## :star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision: +
+ detail + + ```bash + + ${{ env.MESSAGE }} + + ``` + +
+ - if: env.BASH_SCRIPT_RESULT != 0 + name: Throw Error + id: "throw-error" + run: | + echo "::group:: human readable validation result" + echo -e "${{ env.MESSAGE }}" + echo "::endgroup::" + exit 1 \ No newline at end of file diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml new file mode 100644 index 0000000..7a430e3 --- /dev/null +++ b/.github/workflows/yamllint.yml @@ -0,0 +1,120 @@ +# Workflow is deactivated +name: Yamllint + +# Controls when the workflow will run +on: + workflow_dispatch: + # Triggers the workflow on push or pull request events but only for the "main" branch + pull_request: + branches: + - "main-branch-not-activated-yet" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +env: + BASH_SCRIPT: "yamllint.sh" + BASH_SCRIPT_RESULT: 0 + MESSAGE_HEADER: "Yaml Lint Validation" + MESSAGE: "" + + +jobs: + yamllint: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v4 + - name: Gather Helm Chart Folders + shell: bash + run: | + ${GITHUB_WORKSPACE}/scripts/ci/helm-chart-listing.sh + echo "::group:: Found Helm Chart Folders" + cat "${GITHUB_WORKSPACE}/helm-charts-templated.yaml" + echo "::endgroup::" + env: + BASH_SCRIPT: ${{ env.BASH_SCRIPT }} + - name: Dependency Build + run: bash ${GITHUB_WORKSPACE}/scripts/ci/helm-dep-build.sh + - name: Manifest Linting + Validation + run: | + set +e + ${GITHUB_WORKSPACE}/scripts/ci/helm-chart-linting-manifest-validation.sh &> bash_output.txt + echo "BASH_SCRIPT_RESULT=$?" >> "$GITHUB_ENV" + + echo "::group:: Bash Script Output" + cat bash_output.txt + echo "::endgroup::" + env: + BASH_SCRIPT: ${{ env.BASH_SCRIPT }} + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Set Message" + shell: bash + run: | + # https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings + echo 'MESSAGE<> $GITHUB_ENV + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + + - if: env.BASH_SCRIPT_RESULT == 0 + name: yamllint + id: "yamllint" + shell: bash + run: | + set +e + echo "/home/runner/.local/bin" >> $GITHUB_PATH + + ${GITHUB_WORKSPACE}/scripts/ci/${{ env.BASH_SCRIPT }} &> bash_output.txt + echo "BASH_SCRIPT_RESULT=$?" >> "$GITHUB_ENV" + + echo "::group:: Bash Script Output" + cat bash_output.txt + echo "::endgroup::" + + # https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings + echo 'MESSAGE<> $GITHUB_ENV + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + + + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Workflow Commands" + shell: bash + run: | + if [ -f "${GITHUB_WORKSPACE}/github-workflow-commands.txt" ]; then + cat "${GITHUB_WORKSPACE}/github-workflow-commands.txt" + fi + + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Add Sticky Pull Request Comment" + uses: marocchino/sticky-pull-request-comment@v2.9.1 + with: + recreate: true + header: ":star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision:" + message: | + ## :star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision: + :collision: TRY TO FIX AS MANY ERRORS/WARNINGS AS POSSIBLE! :collision: +
+ detail + + ```bash + + ${{ env.MESSAGE }} + + ``` +
+ - if: env.BASH_SCRIPT_RESULT == 0 + name: "Remove Sticky Pull Request Comment" + uses: marocchino/sticky-pull-request-comment@v2.9.1 + with: + header: ":star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision:" + delete: true + - if: env.BASH_SCRIPT_RESULT != 0 + name: Throw Error + id: "throw-error" + run: | + echo "::group:: human readable validation result" + echo -e "${{ env.MESSAGE }}" + echo "::endgroup::" + exit 1 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3ef751d --- /dev/null +++ b/.gitignore @@ -0,0 +1,39 @@ +### Helm Chart ### +*Chart.lock +*.tgz +*values.local.yaml +/*.txt +/helm-packages/* +/helm-template-*.yaml +helm-charts-templated.yaml +### IntelliJ IDEA ### +out/ +!**/src/main/**/out/ +!**/src/test/**/out/ + +### Eclipse ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache +bin/ +!**/src/main/**/bin/ +!**/src/test/**/bin/ + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ + +### VS Code ### +.vscode/ + +### Mac OS ### +.DS_Store +/.idea/ +**/*/values-credentials.yaml diff --git a/.releaserc.yml b/.releaserc.yml new file mode 100644 index 0000000..b9899b0 --- /dev/null +++ b/.releaserc.yml @@ -0,0 +1,43 @@ +repositoryUrl: "https://github.com/openmcp-project/blueprint-building-blocks" +githubUrl: "https://github.com" +githubApiPathPrefix: "/api/v3" +debug: true + +branches: + - main + +plugins: + - [ + "@semantic-release/commit-analyzer", + { + # default rule: https://github.com/semantic-release/commit-analyzer/blob/master/lib/default-release-rules.js + "releaseRules": + [ + { "type": "docs", "release": "patch" }, + { "type": "refactor", "release": "patch" }, + { "type": "style", "release": "patch" }, + { "type": "build", "release": "patch" }, + { "type": "ci", "release": "patch" }, + { "tag": "no-release", "release": false }, + { "tag": "kind/feature", "release": "minor" }, + { "tag": "kind/bug", "release": "patch" }, + { "tag": "kind/deprecation", "release": "patch" }, + { "tag": "kind/chore", "release": "patch" }, + { "tag": "kind/security", "release": "patch" }, + { "tag": "kind/documentation", "release": "patch" }, + { "tag": "kind/cleanup", "release": "patch" }, + ], + # https://github.com/semantic-release/commit-analyzer#usage + "parserOpts": + { "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES"] }, + "preset": "conventionalcommits" + }, + ] + - [ + "@semantic-release/release-notes-generator", + { + parserOpts: { noteKeywords: ["BREAKING CHANGE", "BREAKING CHANGES"] }, + "preset": "conventionalcommits" + }, + ] + - ["@semantic-release/github"] diff --git a/LICENSE b/LICENSE index 261eeb9..89c143f 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright [yyyy] [name of copyright owner] + Copyright 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..439cbd3 --- /dev/null +++ b/Makefile @@ -0,0 +1,52 @@ + +# Image URL to use all building/pushing image targets +#IMG_VERSION ?= dev + +SET_BASE_DIR := $(eval BASE_DIR=$(shell git rev-parse --show-toplevel)) + +# Setting SHELL to bash allows bash commands to be executed by recipes. +# Options are set to exit when a recipe line exits non-zero or a piped command fails. +SHELL = /usr/bin/env bash -o pipefail +.SHELLFLAGS = -ec + +.PHONY: git-tags-modified-helm-charts +git-tags-modified-helm-charts: + $(PWD)/.github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh; + +.PHONY: shell-check +shell-check: + $(PWD)/scripts/ci/shellcheck.sh + +.PHONY: clean +clean: + rm -rf helm-template-*.yaml + rm -rf pr-status-check-*.txt + rm -rf helm-charts-*.yaml + rm -rf modified_files.txt + rm -rf helm-packages + +.PHONY: release-to-jfrog +release-to-jfrog: + $(PWD)/scripts/cd/JFROG.sh + + + +.PHONY: all +all: clean + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk command is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) diff --git a/README.md b/README.md index bbe755a..c8124b2 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,139 @@ ## About this project -Helm chart building blocks for Cloud Orchestrator MCP Blueprints +This repositry contains [sub helm charts](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/) of the [OpenMCP](https://github.com/openmcp-project) which are the building blocks for the OpenMCP Blueprints. To start your [Infrastructure as Data]() Cloud Journey with the OpenMCP Blueprint, visit this [repository](https://github.com/openmcp-project/blueprints) and follow `Getting Started` section. ## Requirements and Setup -*Insert a short description what is required to get your project running...* +### Helm Charts +[Helm Charts](http://helm.sh) located at [`./helm/charts`](./helm/charts) are build with various purpose in mind. Please consult `README.md` file of each Helm Chart to discover its purpose, `values.yaml` structure and intended puropse. + +### Continous Delivery +All [Helm Charts](http://helm.sh) located in this repository will be [automatically versioned](https://github.com/openmcp-project/blueprint-workflows/tree/main/.github/actions/helm-chart/version-bump) and [pushed](.github/workflows/gh-pages-release.yml) into [Projects OCI registry](https://github.com/orgs/openmcp-project/packages?repo_name=blueprint-building-blocks) and Helm Repositry [cloud-orchestrator-mcp-blueprint-building-blocks](https://openmcp-project.github.io/blueprint-building-blocks). + + +### [Github Workflows](#github-workflows) +#### [`PR Status Checks`](#github-workflow-git-pr-status-checks) +More details see Github Workflow [`.github/workflows/git-pr-status-checks.yml`](https://github.com/openmcp-project/blueprint-workflows/tree/main/.github/workflows/git-pr-status-checks.yml) of [blueprint-workflows](https://github.com/openmcp-project/blueprint-workflows/tree/main/) + +#### [`.ci.config.yaml`](#github-workflow-ci-config-yaml) + +File `chart-abc/.ci.config.yaml` is optional for every Helm Chart and influences execution of [`.github/workflows/git-pr-status-checks.yml`](.github/workflows/git-pr-status-checks.yml). + +You can enable or disable processing of certain Github Workflows for certain Helm Charts via [`.ci.config.yaml`](helm/charts/test-custom-chart/.ci.config.yaml)! + +```yaml +helm-chart-dependency-update: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! +helm-chart-linting: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! + options: + --strict: true # fail on lint warnings (default true) + --with-subcharts: false # lint dependent charts (default false) +helm-chart-validation: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! + options: + --skip-crds: false # if set true, no CRDs will be templated. By default, CRDs are templated (default false) + --skip-tests: false # skip tests from templated output (default false) + --include-crds: false # include CRDs in the templated output (default false) + --debug: false # enable verbose output (default false) + --dependency-update: true # update dependencies if they are missing before installing the chart (default true) +helm-docs: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! + options: + --badge-style: "flat-square" # badge style to use for charts (default "flat-square") + --document-dependency-values: true # For charts with dependencies, include the dependency values in the chart values documentation + --documentation-strict-mode: false # Fail the generation of docs if there are undocumented values + --skip-version-footer: false # if true the helm-docs version footer will not be shown in the default README template + --sort-values-order: "file" # order in which to sort the values table ("alphanum" or "file") (default "alphanum") + --output-file: "README.md" # markdown file path relative to each chart directory to which rendered documentation will be written (default "README.md") +helm-chart-version-bump: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! +k8s-manifest-templating: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! + options: + --skip-crds: false # if set true, no CRDs will be templated. By default, CRDs are templated (default false) +``` + +:bangbang: It is **HIGHLY** recommended **NOT** to `enabled: false`for `helm-chart-linting-manifest-validation.sh` :bangbang: + +### [Deletion Dependency Graph](#helm-chart-dependencies-deletion-dependency-graph) +:bangbang: **DO NOT DELETE** / **DISABLE** your [Umbrella Helm Chart](https://github.com/openmcp-project/blueprints) Dependencies all at ONCE :bangbang: +If you want to clean-up / deprovision / delete SAP & Hyperscaler Resources, you need to follow a certain order! + +We recommend to delete / disable the Helm Chart Dependencies in the following order: *read from right to left* +``` +flux-config +└── crossplane-provider-pkgs + └── external-secrets-config + ├── crossplane-provider-configs + └── crossplane-provider-apiextensions-composition + ├── crossplane-gardener-shoot-clusters + │ ├── crossplane-provider-helm + │ └── crossplane-provider-kubernetes + ├── crossplane-gardener-shoot-kubeconfigs + │ ├── crossplane-provider-helm + │ └── crossplane-provider-kubernetes + ├── crossplane-provider-aws-* + ├── crossplane-provider-btp-accounts + └── crossplane-provider-dynatrace +``` +E.g.: The `flux-config` dependency shall be deleted / disabled as last. + +#### Example +Lets have a look at the [`Chart.yaml`](https://github.com/openmcp-project/blueprints/blob/main/helm/umbrella/blueprints/provider-gardener.abc.shoot.live.k8s-hana.ondemand.com/Chart.yaml) of the template [`provider-gardener.abc.shoot.live.k8s-hana.ondemand.com`](https://github.com/openmcp-project/blueprints/blob/main/helm/umbrella/blueprints/provider-gardener.abc.shoot.live.k8s-hana.ondemand.com). + +```yaml +dependencies: + - name: crossplane-provider-configs + alias: crossplane-provider-configs + version: .... + repository: "oci://ghcr.io/openmcp-project" + tags: + - crossplane-provider-configs + - name: external-secrets-config + alias: external-secrets-config + version: ... + repository: "oci://ghcr.io/openmcp-project" + tags: + - external-secrets-config + - name: crossplane-gardener-shoot-clusters + alias: crossplane-gardener-shoot-clusters + version: ... + repository: "oci://ghcr.io/openmcp-project" + tags: + - crossplane-gardener-shoot-clusters + - name: crossplane-provider-helm + alias: crossplane-provider-helm + version: ... + repository: "oci://ghcr.io/openmcp-project" + tags: + - crossplane-provider-helm +``` + +```yaml +# values.yaml +tags: + external-secrets-config: true + crossplane-provider-configs: true + crossplane-gardener-shoot-clusters: true + crossplane-provider-helm: true +``` +According to the `Deletion Dependency Graph` section, the order of **deletion / disabling** the Helm Chart dependency is: +1. crossplane-provider-helm +2. crossplane-gardener-shoot-clusters +3. crossplane-provider-configs +4. external-secrets-config + +**Why in this order**? +1. crossplane-provider-helm +> This Helm Chart is used to orchestrate the k8s stack on your Gardener / Kyma Cluster. +2. crossplane-gardener-shoot-clusters +> This Helm Chart is used to orchestrate Gardener Shoot Clusters. +3. crossplane-provider-configs +> This Helm Chart is used to create `crossplane` k8s manifests `kind: ProviderConfig` (e.g. `apiVersion: account.btp.sap.crossplane.io/v1alpha1`) for `crossplane providers` in order to orchestrate (cloud) service providers (e.g. BTP Accounts) +4. external-secrets-config +> This Helm Chart is used to establish a connection to SAP HashiCorp Vault in order to pull/push credentials of (cloud) service providers. ## Support, Feedback, Contributing diff --git a/helm/charts/_templates_footer.gotmpl b/helm/charts/_templates_footer.gotmpl new file mode 100644 index 0000000..21db850 --- /dev/null +++ b/helm/charts/_templates_footer.gotmpl @@ -0,0 +1,9 @@ +{{/* +This file defines textblocks which are used by multiple README go templates. +Use this command from ./helm/charts/ folder to programatically create README.md for every sub helm chart. +$ helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl --chart-search-root=. +*/}} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} \ No newline at end of file diff --git a/helm/charts/_templates_header.gotmpl b/helm/charts/_templates_header.gotmpl new file mode 100644 index 0000000..a6b881f --- /dev/null +++ b/helm/charts/_templates_header.gotmpl @@ -0,0 +1,30 @@ +{{/* +This file defines textblocks which are used by multiple README go templates. +Use this command from ./helm/charts/ folder to programatically create README.md for every sub helm chart. +$ helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl --chart-search-root=. +*/}} + +{{ define "sap.helm.valuesModificationInfo" -}} +Modify [values.yaml](./values.yaml) file to change any available variable to your needs. It is mandatory to modify at least `domain` variable via values.yaml or `--set domain='...'` during helm chart execution. [See official helm chart template guide...](https://helm.sh/docs/chart_template_guide/values_files/) +{{- end }} + +{{ define "sap.classification" -}} +> Classification: INTERNAL + +*The keywords "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://www.ietf.org/rfc/rfc2119.txt).* +{{- end }} + +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/.ci.config.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/.helmignore b/helm/charts/mcp/crossplane-gardener-core-cloud/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml new file mode 100644 index 0000000..eae63af --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: v2 +name: crossplane-gardener-core-cloud +description: A Helm chart to template crossplane manifests to manage core.gardener.cloud resources. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://gardener.cloud/images/lp/gardener-logo.svg" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.3 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +home: "https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md new file mode 100644 index 0000000..7efaf7c --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md @@ -0,0 +1,30 @@ + + +# crossplane-gardener-core-cloud + +![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane manifests to manage core.gardener.cloud resources. + +**Homepage:** + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| secretBindings | list | - | [secretBindings](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) represents a binding to a secret in the same or another namespace. | +| secretBindings[0].cloudProfile | string | `""` | cloudProfile is a name (field `type`) of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws | +| secretBindings[0].kubernetesCrossplaneProviderConfigRefName | string | `""` | kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) | +| secretBindings[0].labels | list | `[]` | [labels](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | +| secretBindings[0].name | string | `""` | name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! | +| secretBindings[0].projectnamespace | string | `"ns1"` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | +| secretBindings[0].quotas | object | `{}` | *(Optional)* [quotas](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a list of references to Quota objects in the same or another namespace. This field is immutable. | +| secretBindings[0].secretBindingName | string | `""` | secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) | +| secretBindings[0].secretRef | list | `[]` | [secretRef](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a reference to a secret object in the same or another namespace. This field is immutable. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md.gotmpl b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/templates/NOTES.txt b/helm/charts/mcp/crossplane-gardener-core-cloud/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/templates/_helpers.tpl b/helm/charts/mcp/crossplane-gardener-core-cloud/templates/_helpers.tpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/templates/garden-manifests/secret-binding.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/templates/garden-manifests/secret-binding.yaml new file mode 100644 index 0000000..f5d0141 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/templates/garden-manifests/secret-binding.yaml @@ -0,0 +1,36 @@ +{{- range $item := .Values.secretBindings}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.secretBindings[].name)" $item.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.secretBindings[].kubernetesCrossplaneProviderConfigRefName)" $item.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding + apiVersion: core.gardener.cloud/v1beta1 + kind: SecretBinding + metadata: + labels: + cloudprofile.garden.sapcloud.io/name: {{required "A valid Cloud Profile is required! (.Values.secretBindings[].cloudProfile)" $item.cloudProfile}} + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 10 }} + {{- end }} + name: {{required "A valid Secret Binding Name is required! (.Values.secretBindings[].secretBindingName)" $item.secretBindingName}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.secretBindings[].projectNamespace)" $item.projectNamespace}} + provider: + type: {{required "A valid Cloud Profile is required! (.Values.secretBindings[].cloudProfile)" $item.cloudProfile}} + {{- if $item.quotas}} + quotas: + {{- $item.quotas | toYaml | nindent 8 }} + {{- end }} + secretRef: + {{- required "A valid value is required! (.Values.secretBindings[].secretRef)" $item.secretRef | toYaml | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/values.ci.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/values.ci.yaml new file mode 100644 index 0000000..2d3b7d2 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/values.ci.yaml @@ -0,0 +1,31 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################### +secretBindings: + - name: "my-aws-secret-binding" + projectNamespace: "garden-mcp-blueprints" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + secretBindingName: "my-aws-secret-binding" + cloudProfile: "aws" + labels: + additional: "labels" + quotas: + - apiVersion: "apiVersion" + kind: "kind" + name: "name" + namespace: "namespace" + resourceVersion: "resourceVersion" + uid: "uid" + secretRef: + name: my-aws-secret + namespace: garden-mcp-blueprints + - name: "my-gcp-secret-binding" + projectNamespace: "garden-mcp-blueprints" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + secretBindingName: "my-gcp-secret-binding" + cloudProfile: "gcp" + secretRef: + name: my-gcp-secret + namespace: garden-mcp-blueprints +######################################################################################################### diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml new file mode 100644 index 0000000..9032f3d --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml @@ -0,0 +1,21 @@ +--- +######################################################################################################### +# -- [secretBindings](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) represents a binding to a secret in the same or another namespace. +# @default -- - +secretBindings: + # secretBindings[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! + - name: "" + # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" + projectnamespace: "ns1" + # -- kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) + kubernetesCrossplaneProviderConfigRefName: "" + # -- secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) + secretBindingName: "" + # -- cloudProfile is a name (field `type`) of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws + cloudProfile: "" + # -- [labels](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + labels: [] + # -- *(Optional)* [quotas](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a list of references to Quota objects in the same or another namespace. This field is immutable. + quotas: {} + # -- [secretRef](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a reference to a secret object in the same or another namespace. This field is immutable. + secretRef: [] \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/.ci.config.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/.helmignore b/helm/charts/mcp/crossplane-gardener-shoot-clusters/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml new file mode 100644 index 0000000..4e8aa52 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: v2 +name: crossplane-gardener-shoot-clusters +description: A Helm chart to template crossplane manifests to manage Gardener Shoot resources. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md new file mode 100644 index 0000000..e6ab1b7 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md @@ -0,0 +1,55 @@ + + +# crossplane-gardener-shoot-clusters + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane manifests to manage Gardener Shoot resources. + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults | object | - | defaults contains default values which should NOT be overriden by upstream helm chart! | +| defaults.addons | object | `{"kubernetesDashboard":{"enabled":false},"nginxIngress":{"enabled":false}}` | [addons](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Addons) contains information about enabled/disabled addons and their configuration. | +| defaults.aws | object | - | aws contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. | +| defaults.aws.controlPlaneConfig | object | `{"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1","cloudControllerManager":{"useCustomRouteController":true},"kind":"ControlPlaneConfig","storage":{"managedDefaultClass":true}}` | [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-aws/blob/master/docs/usage/usage.md) | +| defaults.aws.infrastructureConfig | object | `{"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1","kind":"InfrastructureConfig","networks":{"vpc":{"cidr":"10.180.0.0/16"},"zones":[{"internal":"10.180.48.0/20","name":"eu-central-1a","public":"10.180.32.0/20","workers":"10.180.0.0/19"}]}}` | [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-aws/blob/master/docs/usage/usage.md) | +| defaults.aws.workers | list | `[{"cri":{"name":"containerd"},"machine":{"architecture":"amd64","image":{"name":"gardenlinux","version":"1312.3.0"},"type":"c3.2xlarge"},"maxSurge":1,"maximum":4,"minimum":1,"name":"worker-hmyoy","providerConfig":{"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1","instanceMetadataOptions":{"httpPutResponseHopLimit":2,"httpTokens":"required"},"kind":"WorkerConfig"},"volume":{"size":"50Gi","type":"gp3"},"zones":["eu-central-1a"]}]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. | +| defaults.azure | object | - | azure contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. | +| defaults.azure.controlPlaneConfig | object | `{"apiVersion":"azure.provider.extensions.gardener.cloud/v1alpha1","kind":"ControlPlaneConfig"}` | [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#controlplaneconfig) | +| defaults.azure.infrastructureConfig | object | `{"apiVersion":"azure.provider.extensions.gardener.cloud/v1alpha1","kind":"InfrastructureConfig","networks":{"vnet":{"cidr":"10.180.0.0/16"},"workers":"10.180.0.0/16"},"zoned":true}` | [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#infrastructureconfig) | +| defaults.azure.workerSettings | object | `{"sshAccess":{"enabled":true}}` | [](https://github.com/gardener/gardener-extension-provider-azure/tree/master) | +| defaults.azure.workers | list | `[{"cri":{"name":"containerd"},"machine":{"architecture":"amd64","image":{"name":"gardenlinux","version":"1312.3.0"},"type":"Standard_A4_v2"},"maxSurge":1,"maximum":2,"minimum":1,"name":"worker-qrnz5","volume":{"size":"50Gi","type":"StandardSSD_LRS"},"zones":["1"]}]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. | +| defaults.gcp | object | - | gcp contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. | +| defaults.gcp.controlPlaneConfig | object | `{"apiVersion":"gcp.provider.extensions.gardener.cloud/v1alpha1","kind":"ControlPlaneConfig","zone":"europe-west1-b"}` | [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/docs/usage/usage.md) | +| defaults.gcp.infrastructureConfig | object | `{"apiVersion":"gcp.provider.extensions.gardener.cloud/v1alpha1","kind":"InfrastructureConfig","networks":{"workers":"10.180.0.0/16"}}` | [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/docs/usage/usage.md) | +| defaults.gcp.workers | list | `[{"machine":{"image":{"name":"gardenlinux","version":"1312.3.0"},"type":"n2-standard-8"},"maxSurge":1,"maxUnavailable":0,"maximum":3,"minimum":1,"name":"worker","volume":{"encrypted":true,"size":"50Gi","type":"pd-standard"},"zones":["europe-west1-b"]}]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. | +| defaults.hibernation | object | - | [hibernation](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Hibernation) contains information whether the Shoot is suspended or not. | +| defaults.hibernation.schedules | list | `[{"end":"00 08 * * 1,2,3,4,5","location":"Europe/Berlin","start":"00 21 * * 1,2,3,4,5"}]` | [schedules](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.HibernationSchedule) determines the hibernation schedule of a Shoot. A Shoot will be regularly hibernated at each start time and will be woken up at each end time. Start or End can be omitted, though at least one of each has to be specified. | +| defaults.maintenance | object | `{"autoUpdate":{"kubernetesVersion":false,"machineImageVersion":true},"confineSpecUpdateRollout":true,"timeWindow":{"begin":"120000+0000","end":"130000+0000"}}` | [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. | +| defaults.networking | object | `{"nodes":"10.180.0.0/16","type":"calico"}` | [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. | +| kubernetesVersion | string | `"1.30.3"` | kubernetesVersion defines gardener shoot cluster kubernetes version. | +| shootClusters | list | - | shootClusters contains information and configuration of Gardener shoot clusters. | +| shootClusters[0].addons | list | `[]` | [addons](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Addons) contains information about enabled/disabled addons and their configuration. Setting this value will override .gardener.defaults.addons for this shoot cluster! | +| shootClusters[0].cloudProfile | string | `""` | cloudProfile is a name of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws | +| shootClusters[0].gardenerOrchestrateCloudProviderConfigRefName | string | `""` | gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) | +| shootClusters[0].hibernation | list | `[]` | [hibernation](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Hibernation) contains information whether the Shoot is suspended or not. Setting this value will override .gardener.defaults.hibernation for this shoot cluster! | +| shootClusters[0].kubernetesCrossplaneProviderConfigRefName | string | `""` | kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) | +| shootClusters[0].kubernetesVersion | string | `"1.30.3"` | kubernetes[Version](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Kubernetes) is the semantic Kubernetes version to use for the Shoot cluster. Defaults to the highest supported minor and patch version given in the referenced cloud profile. The version can be omitted completely or partially specified, e.g. .. | +| shootClusters[0].maintenance | list | `[]` | [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. Setting this value will override .gardener.defaults.maintenance for this shoot cluster! | +| shootClusters[0].name | string | `""` | name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! | +| shootClusters[0].networking | list | `[]` | [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. Setting this value will override .gardener.defaults.networking for this shoot cluster! | +| shootClusters[0].projectnamespace | string | `"ns1"` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | +| shootClusters[0].providerInfrastructureConfig | list | `[]` | [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. Setting this value will override .gardener.defaults.infrastructureConfig for this shoot cluster! | +| shootClusters[0].purpose | string | `""` | [purpose](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is the purpose class for this cluster. e.g. evaluation / development / testing / production | +| shootClusters[0].region | string | `"eu01"` | [region](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is a name of a region. This field is immutable and content is [cloud profile](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile) specific. | +| shootClusters[0].secretBindingName | string | `""` | secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) | +| shootClusters[0].workers | list | `[]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. Setting this value will override .gardener.defaults.workers for this shoot cluster! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md.gotmpl b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/NOTES.txt b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/_helpers.tpl b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/_helpers.tpl new file mode 100644 index 0000000..944976c --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cloud-orchestration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-orchestration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-orchestration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-orchestration.labels" -}} +helm.sh/chart: {{ include "cloud-orchestration.chart" . }} +{{ include "cloud-orchestration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-orchestration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-orchestration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-orchestration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-orchestration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/audit-policy.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/audit-policy.yaml new file mode 100644 index 0000000..9a49c17 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/audit-policy.yaml @@ -0,0 +1,26 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if $shootCluster.auditLog}} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: audit-log-policy-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: v1 + kind: ConfigMap + metadata: + name: audit-log-policy-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[]..projectNamespace)" $shootCluster.projectNamespace}} + data: + policy: | + {{- $shootCluster.auditLog.policy | default $.Values.defaults.auditPolicy | toYaml | nindent 10 }} + {{- end}} +{{- end}} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/garden-k8s-manifest-audit-log-secret.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/garden-k8s-manifest-audit-log-secret.yaml new file mode 100644 index 0000000..53f0955 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/garden-k8s-manifest-audit-log-secret.yaml @@ -0,0 +1,27 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if $shootCluster.auditLog}} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: audit-log-credentials-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: v1 + kind: Secret + type: Opaque + metadata: + name: audit-log-credentials-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name }} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[]..projectNamespace)" $shootCluster.projectNamespace}} + stringData: + user: {{required "A valid user is required! (.Values.shootClusters[].auditLog.user)" $shootCluster.auditLog.user}} + password: {{required "A valid password is required! (.Values.shootClusters[].auditLog.password)" $shootCluster.auditLog.password}} + {{- end}} +{{- end}} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-alicloud.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-alicloud.yaml new file mode 100644 index 0000000..ccc11e2 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-alicloud.yaml @@ -0,0 +1,9 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end}} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "alicloud") }} + {{- fail "ali cloud not implemented yet!"}} +--- + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-aws.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-aws.yaml new file mode 100644 index 0000000..30cf456 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-aws.yaml @@ -0,0 +1,63 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end}} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "aws") }} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: core.gardener.cloud/v1beta1 + kind: Shoot + metadata: + annotations: + confirmation.gardener.cloud/deletion: "true" # otherwise it can't be destroyed using IAD + name: {{required "A valid Gardener Shoot Name is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[].projectNamespace)" $shootCluster.projectNamespace}} + + spec: + secretBindingName: {{required "A valid Secret Binding Name is required! (.Values.shootClusters[].secretBindingName)" $shootCluster.secretBindingName}} ## Set your SecretBinding name + cloudProfileName: aws + region: {{required "A valid value is required! (.Values.shootClusters[].region)" $shootCluster.region | quote}} + purpose: {{required "A valid value is required! (.Values.shootClusters[].purpose)" $shootCluster.purpose | quote}} + #### START hyperscaler specific stuff START #### + provider: + type: aws + infrastructureConfig: + {{- $shootCluster.providerInfrastructureConfig | default $.Values.defaults.aws.infrastructureConfig | toYaml | nindent 12 }} + controlPlaneConfig: + {{- $shootCluster.providerControlPlaneConfig | default $.Values.defaults.aws.controlPlaneConfig | toYaml | nindent 12 }} + workers: + {{- $shootCluster.workers | default $.Values.defaults.aws.workers | toYaml | nindent 12 }} + #### END hyperscaler specific stuff END #### + kubernetes: + version: {{required "A valid value is required! (.Values.shootClusters[].kubernetesVersion)" $shootCluster.kubernetesVersion | quote}} + kubeAPIServer: + {{- $shootCluster.kubernetesKubeAPIServer | default $.Values.defaults.kubernetesKubeAPIServer | toYaml | nindent 12 }} + kubeControllerManager: + nodeCIDRMaskSize: 24 + clusterAutoscaler: + {{- $shootCluster.kubernetesClusterAutoscaler | default $.Values.defaults.kubernetesClusterAutoscaler | toYaml | nindent 12 }} + extensions: {{ $shootCluster.extensions | default $.Values.defaults.extensions | toYaml | nindent 10 }} + networking: + {{- $shootCluster.networking | default $.Values.defaults.networking | toYaml | nindent 10 }} + maintenance: + {{- $shootCluster.maintenance | default $.Values.defaults.maintenance | toYaml | nindent 10 }} + hibernation: + {{- $shootCluster.hibernation | default $.Values.defaults.hibernation | toYaml | nindent 10 }} + addons: + {{- $shootCluster.addons | default $.Values.defaults.addons | toYaml | nindent 10 }} + resources: + {{- $shootCluster.resources | default $.Values.defaults.resources | toYaml | nindent 10 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-azure.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-azure.yaml new file mode 100644 index 0000000..8ffd57a --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-azure.yaml @@ -0,0 +1,66 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end}} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "azure") }} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: core.gardener.cloud/v1beta1 + kind: Shoot + metadata: + annotations: + confirmation.gardener.cloud/deletion: "true" # otherwise it can't be destroyed using IAD + name: {{required "A valid Gardener Shoot Name is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[]..projectNamespace)" $shootCluster.projectNamespace}} + + spec: + secretBindingName: {{required "A valid Secret Binding Name is required! (.Values.shootClusters[]..secretBindingName)" $shootCluster.secretBindingName}} ## Set your SecretBinding name + cloudProfileName: az + region: {{required "A valid value is required! (.Values.shootClusters[].region)" $shootCluster.region | quote}} + purpose: {{required "A valid value is required! (.Values.shootClusters[].purpose)" $shootCluster.purpose | quote}} + #### START hyperscaler specific stuff START #### + provider: + type: azure + # https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#infrastructureconfig + infrastructureConfig: + {{- $shootCluster.providerInfrastructureConfig | default $.Values.defaults.azure.infrastructureConfig | toYaml | nindent 12 }} + controlPlaneConfig: + {{- $shootCluster.providerControlPlaneConfig | default $.Values.defaults.azure.controlPlaneConfig | toYaml | nindent 12 }} + workers: + {{- $shootCluster.workers | default $.Values.defaults.azure.workers | toYaml | nindent 12 }} + workerSettings: + {{- $shootCluster.providerWorkerSettings | default $.Values.defaults.azure.workerSettings | toYaml | nindent 12 }} + #### END hyperscaler specific stuff END #### + kubernetes: + version: {{required "A valid value is required! (.Values.shootClusters[].kubernetesVersion)" $shootCluster.kubernetesVersion | quote}} + kubeAPIServer: + {{- $shootCluster.kubernetesKubeAPIServer | default $.Values.defaults.kubernetesKubeAPIServer | toYaml | nindent 12 }} + kubeControllerManager: + nodeCIDRMaskSize: 24 + clusterAutoscaler: + {{- $shootCluster.kubernetesClusterAutoscaler | default $.Values.defaults.kubernetesClusterAutoscaler | toYaml | nindent 12 }} + extensions: {{ $shootCluster.extensions | default $.Values.defaults.extensions | toYaml | nindent 10 }} + networking: + {{- $shootCluster.networking | default $.Values.defaults.networking | toYaml | nindent 10 }} + maintenance: + {{- $shootCluster.maintenance | default $.Values.defaults.maintenance | toYaml | nindent 10 }} + hibernation: + {{- $shootCluster.hibernation | default $.Values.defaults.hibernation | toYaml | nindent 10 }} + addons: + {{- $shootCluster.addons | default $.Values.defaults.addons | toYaml | nindent 10 }} + resources: + {{- $shootCluster.resources | default $.Values.defaults.resources | toYaml | nindent 10 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-gcp.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-gcp.yaml new file mode 100644 index 0000000..1fd832c --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-gcp.yaml @@ -0,0 +1,63 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end }} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "gcp") }} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: core.gardener.cloud/v1beta1 + kind: Shoot + metadata: + annotations: + confirmation.gardener.cloud/deletion: "true" # otherwise it can't be destroyed using IAD + name: {{required "A valid Gardener Shoot Name is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[].projectNamespace)" $shootCluster.projectNamespace}} + + spec: + secretBindingName: {{required "A valid Secret Binding Name is required! (.Values.shootClusters[].secretBindingName)" $shootCluster.secretBindingName}} # Set your SecretBinding name + cloudProfileName: gcp + region: {{required "A valid value is required! (.Values.shootClusters[].region)" $shootCluster.region | quote}} + purpose: {{required "A valid value is required! (.Values.shootClusters[].purpose)" $shootCluster.purpose | quote}} + #### START hyperscaler specific stuff START #### + provider: + type: gcp + infrastructureConfig: + {{- $shootCluster.providerInfrastructureConfig | default $.Values.defaults.gcp.infrastructureConfig | toYaml | nindent 12 }} + controlPlaneConfig: + {{- $shootCluster.providerControlPlaneConfig | default $.Values.defaults.gcp.controlPlaneConfig | toYaml | nindent 12 }} + workers: + {{- $shootCluster.workers | default $.Values.defaults.gcp.workers | toYaml | nindent 12 }} + #### END hyperscaler specific stuff END #### + kubernetes: + version: {{required "A valid value is required! (.Values.shootClusters[].kubernetesVersion)" $shootCluster.kubernetesVersion | quote}} + kubeAPIServer: + {{- $shootCluster.kubernetesKubeAPIServer | default $.Values.defaults.kubernetesKubeAPIServer | toYaml | nindent 12 }} + kubeControllerManager: + nodeCIDRMaskSize: 24 + clusterAutoscaler: + {{- $shootCluster.kubernetesClusterAutoscaler | default $.Values.defaults.kubernetesClusterAutoscaler | toYaml | nindent 12 }} + extensions: {{ $shootCluster.extensions | default $.Values.defaults.extensions | toYaml | nindent 10 }} + networking: + {{- $shootCluster.networking | default $.Values.defaults.networking | toYaml | nindent 10 }} + maintenance: + {{- $shootCluster.maintenance | default $.Values.defaults.maintenance | toYaml | nindent 10 }} + hibernation: + {{- $shootCluster.hibernation | default $.Values.defaults.hibernation | toYaml | nindent 10 }} + addons: + {{- $shootCluster.addons | default $.Values.defaults.addons | toYaml | nindent 10 }} + resources: + {{- $shootCluster.resources | default $.Values.defaults.resources | toYaml | nindent 10 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-openstack.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-openstack.yaml new file mode 100644 index 0000000..97ff8b4 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-openstack.yaml @@ -0,0 +1,9 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end}} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "openstack") }} + {{- fail "openstack not implemented yet!"}} +--- + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/mcp-manifests/admin-kubeconfig-request.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/mcp-manifests/admin-kubeconfig-request.yaml new file mode 100644 index 0000000..67dddef --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/mcp-manifests/admin-kubeconfig-request.yaml @@ -0,0 +1,21 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if $shootCluster}} +--- +apiVersion: gardener.orchestrate.cloud.sap/v1alpha1 +kind: AdminKubeconfigRequest +metadata: + name: {{ required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower | quote }} +spec: + forProvider: + validFor: 1h0s + renewAfter: 45m0s + shootRef: + name: {{ required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | quote}} + namespace: {{ required "A valid value is required! (.Values.shootClusters[].projectNamespace)" $shootCluster.projectNamespace | quote}} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.shootClusters[].gardenerOrchestrateCloudProviderConfigRefName)" $shootCluster.gardenerOrchestrateCloudProviderConfigRefName | quote}} + writeConnectionSecretToRef: + name: gardener-shoot-kubeconfig-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: default + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.ci.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.ci.yaml new file mode 100644 index 0000000..68e0881 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.ci.yaml @@ -0,0 +1,50 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +kubernetesVersion: &kubernetesVersion "1.30.3" +######################################################################################################### +shootClusters: + - name: "name" + projectNamespace: "projectNamespace" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + gardenerOrchestrateCloudProviderConfigRefName: "gardenerOrchestrateCloudProviderConfigRefName" + secretBindingName: "secretBindingName" + cloudProfile: "cloudProfile" + region: "region" + purpose: "purpose" + kubernetesVersion: *kubernetesVersion + workers: {} + hibernation: {} + maintenance: {} + addons: {} + networking: {} + infrastructureConfig: {} + - name: "iad-test-gcp" + kubernetesCrossplaneProviderConfigRefName: "garden-co-golden" + gardenerOrchestrateCloudProviderConfigRefName: "garden-co-golden" + projectNamespace: "garden-co-golden" + secretBindingName: "gcp-sa-garden-co-golden" + cloudProfile: "gcp" + region: "europe-west1" + purpose: "testing" + kubernetesVersion: *kubernetesVersion + - name: "iad-test-aws" + kubernetesCrossplaneProviderConfigRefName: "garden-co-golden" + gardenerOrchestrateCloudProviderConfigRefName: "garden-co-golden" + projectNamespace: "garden-co-golden" + secretBindingName: "trial-secretbinding-aws" + cloudProfile: "aws" + region: "eu-central-1" + purpose: "testing" + kubernetesVersion: *kubernetesVersion + - name: "iad-test-az" + kubernetesCrossplaneProviderConfigRefName: "garden-co-golden" + gardenerOrchestrateCloudProviderConfigRefName: "garden-co-golden" + projectNamespace: "garden-co-golden" + secretBindingName: "trial-secretbinding-az" + cloudProfile: "azure" + region: "germanywestcentral" + purpose: "testing" + kubernetesVersion: *kubernetesVersion +######################################################################################################### diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml new file mode 100644 index 0000000..166d725 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml @@ -0,0 +1,213 @@ +--- +######################################################################################################### +# -- kubernetesVersion defines gardener shoot cluster kubernetes version. +kubernetesVersion: &kubernetesVersion "1.30.3" +######################################################################################################### +# -- defaults contains default values which should NOT be overriden by upstream helm chart! +# @default -- - +defaults: + # -- [hibernation](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Hibernation) contains information whether the Shoot is suspended or not. + # @default -- - + hibernation: + # -- [schedules](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.HibernationSchedule) determines the hibernation schedule of a Shoot. A Shoot will be regularly hibernated at each start time and will be woken up at each end time. Start or End can be omitted, though at least one of each has to be specified. + schedules: + - start: 00 21 * * 1,2,3,4,5 + end: 00 08 * * 1,2,3,4,5 + location: Europe/Berlin + # -- [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. + maintenance: + timeWindow: + begin: 120000+0000 + end: 130000+0000 + autoUpdate: + kubernetesVersion: false + machineImageVersion: true + confineSpecUpdateRollout: true + # -- [addons](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Addons) contains information about enabled/disabled addons and their configuration. + addons: + nginxIngress: + enabled: false + kubernetesDashboard: + enabled: false + # -- [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. + networking: + type: calico + nodes: 10.180.0.0/16 + # -- + extensions: [] + # -- + resources: [] + # -- + kubernetesKubeAPIServer: + runtimeConfig: + scheduling.k8s.io/v1alpha1: true + enableAnonymousAuthentication: false # See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ + kubernetesClusterAutoscaler: + scaleDownUtilizationThreshold: 0.5 + scaleDownUnneededTime: 30m0s + scaleDownDelayAfterAdd: 1h0m0s + scaleDownDelayAfterFailure: 10m0s + scaleDownDelayAfterDelete: 10s + scanInterval: 10s + # -- gcp contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. + # @default -- - + gcp: + # -- [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/docs/usage/usage.md) + infrastructureConfig: + # https://github.com/gardener/gardener-extension-provider-gcp/blob/master/example/30-infrastructure.yaml#L51-L68 + apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1 + kind: InfrastructureConfig + networks: + workers: 10.180.0.0/16 + # -- [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/docs/usage/usage.md) + controlPlaneConfig: + # https://github.com/gardener/gardener-extension-provider-gcp/blob/master/example/30-controlplane.yaml#L57-L62 + apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1 + kind: ControlPlaneConfig + zone: europe-west1-b + # -- [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. + workers: + - name: worker + minimum: 1 + maximum: 3 + maxSurge: 1 + maxUnavailable: 0 + machine: + type: n2-standard-8 + image: + name: gardenlinux + version: 1312.3.0 + volume: + type: pd-standard + size: 50Gi + encrypted: true + zones: + - europe-west1-b + # -- azure contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. + # @default -- - + azure: + # -- [](https://github.com/gardener/gardener-extension-provider-azure/tree/master) + workerSettings: + sshAccess: + enabled: true + # -- [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. + # [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#infrastructureconfig) + infrastructureConfig: + apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 + kind: InfrastructureConfig + networks: + vnet: + cidr: 10.180.0.0/16 + workers: 10.180.0.0/16 + zoned: true + # -- [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#controlplaneconfig) + controlPlaneConfig: + apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 + kind: ControlPlaneConfig + # -- [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. + workers: + - name: worker-qrnz5 + minimum: 1 + maximum: 2 + maxSurge: 1 + machine: + type: Standard_A4_v2 + image: + name: gardenlinux + version: 1312.3.0 + architecture: amd64 + zones: + - "1" + cri: + name: containerd + volume: + type: StandardSSD_LRS + size: 50Gi + # -- aws contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. + # @default -- - + aws: + # -- [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-aws/blob/master/docs/usage/usage.md) + infrastructureConfig: + apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1 + kind: InfrastructureConfig + networks: + vpc: + cidr: 10.180.0.0/16 + zones: + - name: eu-central-1a + workers: 10.180.0.0/19 + public: 10.180.32.0/20 + internal: 10.180.48.0/20 + # -- [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-aws/blob/master/docs/usage/usage.md) + controlPlaneConfig: + apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1 + cloudControllerManager: + useCustomRouteController: true + kind: ControlPlaneConfig + storage: + managedDefaultClass: true + # -- [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. + workers: + - name: worker-hmyoy + providerConfig: + apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1 + kind: WorkerConfig + instanceMetadataOptions: + httpTokens: required + httpPutResponseHopLimit: 2 + minimum: 1 + maximum: 4 + maxSurge: 1 + machine: + type: c3.2xlarge + image: + name: gardenlinux + version: 1312.3.0 + architecture: amd64 + zones: + - "eu-central-1a" + cri: + name: containerd + volume: + type: gp3 + size: 50Gi +######################################################################################################### +# -- shootClusters contains information and configuration of Gardener shoot clusters. +# @default -- - +shootClusters: + # shootClusters[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! + - name: "" + # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" + projectnamespace: "ns1" + # -- kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) + kubernetesCrossplaneProviderConfigRefName: "" + # -- gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) + gardenerOrchestrateCloudProviderConfigRefName: "" + # -- secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) + secretBindingName: "" + # -- cloudProfile is a name of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws + cloudProfile: "" + # -- [region](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is a name of a region. This field is immutable and content is [cloud profile](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile) specific. + region: "eu01" + # -- [purpose](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is the purpose class for this cluster. e.g. evaluation / development / testing / production + purpose: "" + # -- kubernetes[Version](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Kubernetes) is the semantic Kubernetes version to use for the Shoot cluster. Defaults to the highest supported minor and patch version given in the referenced cloud profile. The version can be omitted completely or partially specified, e.g. .. + kubernetesVersion: *kubernetesVersion + # -- [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. Setting this value will override .gardener.defaults.workers for this shoot cluster! + workers: [] + # -- [hibernation](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Hibernation) contains information whether the Shoot is suspended or not. Setting this value will override .gardener.defaults.hibernation for this shoot cluster! + hibernation: [] + # -- [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. Setting this value will override .gardener.defaults.maintenance for this shoot cluster! + maintenance: [] + # -- [addons](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Addons) contains information about enabled/disabled addons and their configuration. Setting this value will override .gardener.defaults.addons for this shoot cluster! + addons: [] + # -- [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. Setting this value will override .gardener.defaults.networking for this shoot cluster! + networking: [] + # -- [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. Setting this value will override .gardener.defaults.infrastructureConfig for this shoot cluster! + providerInfrastructureConfig: [] + # -- + providerControlPlaneConfig: [] + # -- + extensions: [] + # -- + resources: [] \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.ci.config.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.ci.config.yaml new file mode 100644 index 0000000..c8de61f --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.helmignore b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml new file mode 100644 index 0000000..3ba7cc1 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: v2 +name: crossplane-gardener-shoot-kubeconfigs +description: A Helm chart to template crossplane manifests to request kubeconfigs of existing Gardener Shoots. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.8 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md new file mode 100644 index 0000000..66b9732 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md @@ -0,0 +1,22 @@ + + +# crossplane-gardener-shoot-kubeconfigs + +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane manifests to request kubeconfigs of existing Gardener Shoots. + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| shootClusters | list | - | shootClusters contains information and configuration of Gardener shoot clusters. | +| shootClusters[0].gardenerOrchestrateCloudProviderConfigRefName | string | `""` | gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.gardener.controlPlane.shootClusters[*].gardenerOrchestrateCloudProviderConfigRefName) | +| shootClusters[0].projectnamespace | string | `"ns1"` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md.gotmpl b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/NOTES.txt b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/_helpers.tpl b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/_helpers.tpl new file mode 100644 index 0000000..944976c --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cloud-orchestration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-orchestration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-orchestration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-orchestration.labels" -}} +helm.sh/chart: {{ include "cloud-orchestration.chart" . }} +{{ include "cloud-orchestration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-orchestration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-orchestration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-orchestration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-orchestration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/mcp-manifests/admin-kubeconfig-request.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/mcp-manifests/admin-kubeconfig-request.yaml new file mode 100644 index 0000000..6933337 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/mcp-manifests/admin-kubeconfig-request.yaml @@ -0,0 +1,24 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if $shootCluster}} +--- +apiVersion: gardener.orchestrate.cloud.sap/v1alpha1 +kind: AdminKubeconfigRequest +metadata: + name: {{ required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].name)" $shootCluster.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + forProvider: + validFor: 1h0s + renewAfter: 45m0s + shootRef: + name: {{ required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].name)" $shootCluster.name | quote}} + namespace: {{ required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].projectNamespace)" $shootCluster.projectNamespace | quote}} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].gardenerOrchestrateCloudProviderConfigRefName)" $shootCluster.gardenerOrchestrateCloudProviderConfigRefName | quote}} + writeConnectionSecretToRef: + name: gardener-shoot-kubeconfig-{{required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].name)" $shootCluster.name}} + namespace: default + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.ci.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.ci.yaml new file mode 100644 index 0000000..1220f4d --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.ci.yaml @@ -0,0 +1,8 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +shootClusters: + - name: "name" + projectNamespace: "projectNamespace" + gardenerOrchestrateCloudProviderConfigRefName: "gardenerOrchestrateCloudProviderConfigRefName" \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml new file mode 100644 index 0000000..71ccd96 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml @@ -0,0 +1,11 @@ +--- +######################################################################################################### +# -- shootClusters contains information and configuration of Gardener shoot clusters. +# @default -- - +shootClusters: + # gardener.controlPlane.shootClusters[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! + - name: "" + # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" + projectnamespace: "ns1" + # -- gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.gardener.controlPlane.shootClusters[*].gardenerOrchestrateCloudProviderConfigRefName) + gardenerOrchestrateCloudProviderConfigRefName: "" \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/.ci.config.yaml new file mode 100644 index 0000000..c8de61f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/.helmignore b/helm/charts/mcp/crossplane-provider-apiextensions-composition/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml new file mode 100644 index 0000000..d25c5a1 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml @@ -0,0 +1,32 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-apiextensions-composition +description: A Helm Chart to template crossplane API extensions compositions. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://doc.crds.dev/github.com/crossplane/crossplane/apiextensions.crossplane.io/Composition/v1 +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md b/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md new file mode 100644 index 0000000..8d4cc2d --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md @@ -0,0 +1,35 @@ + + +# crossplane-provider-apiextensions-composition + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane API extensions compositions. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| compositions[0].annotations | list | `[]` | | +| compositions[0].labels | list | `[]` | | +| compositions[0].name | string | `""` | | +| compositions[0].ownerReferences | list | `[]` | | +| compositions[0].spec.compositeTypeRef | list | `[]` | | +| compositions[0].spec.environment | list | `[]` | | +| compositions[0].spec.mode | string | `""` | | +| compositions[0].spec.patchSets | list | `[]` | | +| compositions[0].spec.pipeline | list | `[]` | | +| compositions[0].spec.resources | list | `[]` | | +| compositions[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| compositions[0].spec.writeConnectionSecretsTonamespace | string | `"ns1"` | | +| defaults | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/compostions-apiextensions-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/compostions-apiextensions-crossplane-io.yaml new file mode 100644 index 0000000..2de0320 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/compostions-apiextensions-crossplane-io.yaml @@ -0,0 +1,52 @@ +{{- range $item := .Values.compositions}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: {{required "A valid value is required! (.Values.compositions[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + compositeTypeRef: + {{- required "A valid value is required! (.Values.compositions[].spec.compositeTypeRef)" $item.spec.compositeTypeRef | toYaml | nindent 4 }} + {{- if $item.spec.mode}} + mode: {{ $item.spec.mode | quote }} + {{- end }} + {{- if $item.spec.writeConnectionSecretsToNamespace}} + writeConnectionSecretsToNamespace: {{ $item.spec.writeConnectionSecretsToNamespace | quote }} + {{- end }} + {{- if $item.spec.environment}} + environment: + {{- $item.spec.environment | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.patchSets}} + patchSets: + {{- $item.spec.patchSets | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.pipeline}} + pipeline: + {{- $item.spec.pipeline | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.resources}} + resources: + {{- $item.spec.resources | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml new file mode 100644 index 0000000..2b5547b --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml @@ -0,0 +1,803 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +compositions: +- name: "nosqls.aws.api.example" + spec: + compositeTypeRef: + apiVersion: aws.api.example/v1alpha1 + kind: NoSQL + resources: + - name: s3Bucket + base: + apiVersion: s3.aws.upbound.io/v1beta1 + kind: Bucket + metadata: + name: basic-bucket + spec: + forProvider: + region: us-east-2 + providerConfigRef: + name: default + patches: + - type: FromCompositeFieldPath + fromFieldPath: "spec.location" + toFieldPath: "spec.forProvider.region" + transforms: + - type: map + map: + EU: "eu-north-1" + US: "us-east-2" + - name: dynamoDB + base: + apiVersion: dynamodb.aws.upbound.io/v1beta1 + kind: Table + metadata: + name: nosql-database + spec: + forProvider: + region: "us-east-2" + writeCapacity: 1 + readCapacity: 1 + attribute: + - name: S3ID + type: S + hashKey: S3ID + patches: + - type: FromCompositeFieldPath + fromFieldPath: "spec.location" + toFieldPath: "spec.forProvider.region" + transforms: + - type: map + map: + EU: "eu-north-1" + US: "us-east-2" +- name: "eks-cluster" + spec: + compositeTypeRef: + apiVersion: api.example/v1alpha1 + kind: XEKSCluster + mode: "Pipeline" + writeConnectionSecretsToNamespace: "crossplane-system" + pipeline: + - functionRef: + name: patch-and-transform + input: + apiVersion: pt.fn.crossplane.io/v1beta1 + kind: Resources + patchSets: + - name: common-parameters + patches: + - fromFieldPath: spec.parameters.region + toFieldPath: spec.forProvider.region + type: FromCompositeFieldPath + resources: + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: VPC + spec: + forProvider: + enableDnsHostnames: true + enableDnsSupport: true + providerConfigRef: + name: dev-us-aws + name: vpc + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.vpc-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: InternetGateway + metadata: + labels: + type: igw + spec: + forProvider: + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + name: internetgateway + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + type: subnet + visibility: public + spec: + forProvider: + mapPublicIpOnLaunch: true + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + name: subnet-public-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet1-public-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet1-public-availabilityZone + toFieldPath: spec.forProvider.availabilityZone + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet1-public-availabilityZone + toFieldPath: metadata.labels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + type: subnet + visibility: public + spec: + forProvider: + mapPublicIpOnLaunch: true + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + name: subnet-public-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet2-public-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet2-public-availabilityZone + toFieldPath: spec.forProvider.availabilityZone + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet2-public-availabilityZone + toFieldPath: metadata.labels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + type: subnet + visibility: private + spec: + forProvider: + mapPublicIpOnLaunch: false + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + name: subnet-private-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet1-private-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet1-private-availabilityZone + toFieldPath: spec.forProvider.availabilityZone + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet1-private-availabilityZone + toFieldPath: metadata.labels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + type: subnet + visibility: private + spec: + forProvider: + mapPublicIpOnLaunch: false + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + name: subnet-private-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet2-private-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet2-private-availabilityZone + toFieldPath: spec.forProvider.availabilityZone + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet2-private-availabilityZone + toFieldPath: metadata.labels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: EIP + metadata: + labels: + type: eip-1 + spec: + forProvider: + domain: vpc + providerConfigRef: + name: dev-us-aws + name: elastic-ip-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: EIP + metadata: + labels: + type: eip-2 + spec: + forProvider: + domain: vpc + providerConfigRef: + name: dev-us-aws + name: elastic-ip-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: NATGateway + metadata: + labels: + type: natgw-1 + spec: + forProvider: + allocationIdSelector: + matchLabels: + type: eip-1 + subnetIdSelector: + matchLabels: + type: subnet + visibility: public + providerConfigRef: + name: dev-us-aws + name: natgateway-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet1-public-availabilityZone + toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: NATGateway + metadata: + labels: + type: natgw-2 + spec: + forProvider: + allocationIdSelector: + matchLabels: + type: eip-2 + subnetIdSelector: + matchLabels: + type: subnet + visibility: public + providerConfigRef: + name: dev-us-aws + name: natgateway-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet2-public-availabilityZone + toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTable + spec: + forProvider: + region: PATCHED + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + name: routetable-public + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTable + spec: + forProvider: + region: PATCHED + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + name: routetable-private-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTable + spec: + forProvider: + region: PATCHED + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + name: routetable-private-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: Cluster + spec: + providerConfigRef: + name: dev-us-aws + forProvider: + vpcConfig: + - endpointPrivateAccess: false + endpointPublicAccess: true + subnetIdSelector: + matchLabels: + type: subnet + visibility: private + writeConnectionSecretToRef: + namespace: crossplane-system + name: dev-us-connection-secret + connectionDetails: + - fromConnectionSecretKey: kubeconfig + name: kubeconfig-value + type: FromConnectionSecretKey + name: eks-cluster + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.k8s-version + toFieldPath: spec.forProvider.version + type: FromCompositeFieldPath + - fromFieldPath: metadata.uid + toFieldPath: spec.writeConnectionSecretToRef.name + transforms: + - string: + fmt: '%s-ekscluster-connection' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.cluster-role + toFieldPath: spec.forProvider.roleArn + type: FromCompositeFieldPath + - base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: Role + spec: + forProvider: + assumeRolePolicy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + providerConfigRef: + name: dev-us-aws + name: role + - base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: RolePolicyAttachment + spec: + forProvider: + roleSelector: + matchControllerRef: true + policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy + providerConfigRef: + name: dev-us-aws + name: rolePolicyAttachment + - base: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: NodeGroup + spec: + forProvider: + clusterNameSelector: + matchControllerRef: true + instanceTypes: + - t3.medium + scalingConfig: + - minSize: 1 + subnetIdSelector: + matchControllerRef: true + matchLabels: + type: subnet + visibility: private + providerConfigRef: + name: dev-us-aws + name: eks-nodegroup + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.workers-size + toFieldPath: spec.forProvider.scalingConfig[0].desiredSize + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.workers-size + toFieldPath: spec.forProvider.scalingConfig[0].maxSize + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.workload-type + toFieldPath: spec.forProvider.amiType + transforms: + - map: + gpu: AL2_x86_64_GPU + non-gpu: AL2_x86_64 + type: map + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.workernode-role + toFieldPath: spec.forProvider.nodeRoleArn + type: FromCompositeFieldPath + step: patch-and-transform +- name: "vpc" + spec: + compositeTypeRef: + apiVersion: api.example/v1alpha1 + kind: XVPC + mode: "Pipeline" + pipeline: + - step: compose-resources + functionRef: + name: go-templating + input: + apiVersion: gotemplating.fn.crossplane.io/v1beta1 + kind: GoTemplate + source: Inline + inline: + template: | + {{ $claimNamespace := index $.observed.composite.resource.metadata.labels "crossplane.io/claim-namespace" }} + {{ $tenantAwsProviderConfigRef := printf "%s-aws" $claimNamespace }} + {{ $params := get .observed.composite.resource.spec "parameters" | default dict }} + --- + apiVersion: ec2.aws.crossplane.io/v1beta1 + kind: VPC + metadata: + annotations: + {{ setResourceNameAnnotation "vpc" }} + crossplane.io/external-name: {{ get $params "id" | default ( print $claimNamespace "-vpc" ) }} + spec: + forProvider: + region: {{ get $params "region" | default "us-east-1" }} + vpcCidrBlock: {{ get $params "vpcCIDRBlock" | default "192.168.0.0/16" }} + enableDnsSupport: true + enableDnsHostNames: true + instanceTenancy: default + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef }} +- name: "rdsinstance" + spec: + compositeTypeRef: + apiVersion: api.example/v1alpha1 + kind: XRDSInstance + mode: "Pipeline" + pipeline: + - step: compose-resources + functionRef: + name: go-templating + input: + apiVersion: gotemplating.fn.crossplane.io/v1beta1 + kind: GoTemplate + source: Inline + inline: + template: | + {{ $claimNamespace := index $.observed.composite.resource.metadata.labels "crossplane.io/claim-namespace" }} + {{ $claimNamespaceTrimmed := $claimNamespace | replace "-" "" }} + {{ $tenantAwsProviderConfigRef := printf "%s-aws" $claimNamespace }} + {{ $params := get .observed.composite.resource.spec "parameters" | default dict }} + --- + apiVersion: rds.aws.upbound.io/v1beta2 + kind: Instance + metadata: + annotations: + {{ setResourceNameAnnotation "rdsInstance" }} + crossplane.io/external-name: {{ get $params "id" | default ( print $claimNamespace "-rds-instance" ) }} + spec: + forProvider: + allocatedStorage: {{ get $params "storage" | default 20 }} + autoGeneratePassword: true + autoMinorVersionUpgrade: true + backupRetentionPeriod: 14 + backupWindow: "09:46-10:16" + dbName: {{ get $params "name" | default ( print $claimNamespaceTrimmed "db" ) }} + engine: postgres + engineVersion: "16.1" # 16.3? console shows RDS 16.1-R2 (PostgreSQL 13.1-R2) + instanceClass: {{ printf "db.t3.%s" (get $params "size" | default "micro") }} + maintenanceWindow: Mon:00:00-Mon:03:00 + passwordSecretRef: + key: password + name: {{ printf "%s-rds-admin-pw" $claimNamespace }} + namespace: {{ $claimNamespace }} + publiclyAccessible: false + region: {{ printf "us-%s-1" (get $params "region" | default "east") }} + skipFinalSnapshot: true + storageEncrypted: true + storageType: gp2 + username: adminuser + writeConnectionSecretToRef: + name: {{ printf "%s-rds-connection-details" $claimNamespace }} + namespace: {{ $claimNamespace }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef }} +- name: "eksnetwork.api.example" + spec: + compositeTypeRef: + apiVersion: api.example/v1alpha1 + kind: XEKSNetwork + mode: "Pipeline" + pipeline: + - step: compose-resources + functionRef: + name: go-templating + input: + apiVersion: gotemplating.fn.crossplane.io/v1beta1 + kind: GoTemplate + source: Inline + inline: + template: | + {{ $claimNamespace := index $.observed.composite.resource.metadata.labels "crossplane.io/claim-namespace" }} + {{ $tenantAwsProviderConfigRef := printf "%s-aws" $claimNamespace }} + {{ $params := get .observed.composite.resource.spec "parameters" | default dict }} + --- + {{ $vpcResourceName := "vpc" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: VPC + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $vpcResourceName }} + spec: + forProvider: + cidrBlock: {{ $params.vpcCidrBlock | toYaml }} + enableDnsHostnames: true + enableDnsSupport: true + tags: + Name: {{ printf "%s-%s" $params.id $vpcResourceName | toYaml }} + region: {{ $params.region | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $igwResourceName := "internet-gateway" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: InternetGateway + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $igwResourceName }} + spec: + forProvider: + region: {{ $params.region | toYaml }} + tags: + Name: {{ printf "%s-%s" $params.id $igwResourceName | toYaml }} + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + {{ $region := $params.region | toYaml }} + {{- range $i, $subnet := $params.subnets }} + --- + {{ $subnetResourceName := printf "subnet-%s-%s-%s" $subnet.availabilityZone $subnet.type (toString $i) }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + zone: {{ $subnet.availabilityZone }} + {{- if eq $subnet.type "private" }} + access: private + {{- else }} + access: public + {{- end }} + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $subnetResourceName }} + spec: + forProvider: + cidrBlock: {{ $subnet.cidrBlock | toYaml }} + {{ if eq $subnet.type "public" }} + mapPublicIpOnLaunch: true + {{ end }} + tags: + {{- if eq $subnet.type "private" }} + kubernetes.io/role/internal-elb: "1" + {{- else }} + kubernetes.io/role/elb: "1" + {{- end }} + Name: {{ printf "%s-%s" $params.id $subnetResourceName | toYaml }} + region: {{ $region }} + vpcIdSelector: + matchControllerRef: true + availabilityZone: {{ $subnet.availabilityZone | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + {{- end }} + --- + {{ $routeTableResourceName := "route-table" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTable + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $routeTableResourceName }} + spec: + forProvider: + vpcIdSelector: + matchControllerRef: true + region: {{ $params.region | toYaml }} + tags: + Name: {{ printf "%s-%s" $params.id $routeTableResourceName | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $publicRouteResourceName := "public-route" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Route + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $publicRouteResourceName }} + spec: + forProvider: + destinationCidrBlock: 0.0.0.0/0 + gatewayIdSelector: + matchControllerRef: true + routeTableIdSelector: + matchControllerRef: true + region: {{ $params.region | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $mainRouteTableAssociationResourceName := "main-route-table-association" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: MainRouteTableAssociation + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $mainRouteTableAssociationResourceName }} + spec: + forProvider: + region: {{ $params.region | toYaml }} + routeTableIdSelector: + matchControllerRef: true + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + {{- range $i, $subnet := $params.subnets }} + --- + {{ $routeTableAssociationResourceName := printf "route-table-association-%s-%s-%s" $subnet.availabilityZone $subnet.type (toString $i) }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTableAssociation + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $routeTableAssociationResourceName }} + spec: + forProvider: + region: {{ $region }} + routeTableIdSelector: + matchControllerRef: true + subnetIdSelector: + matchControllerRef: true + matchLabels: + {{- if eq $subnet.type "private" }} + access: private + {{- else }} + access: public + {{- end }} + zone: {{ $subnet.availabilityZone | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + {{- end }} + --- + {{ $sgResourceName := "security-group" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $sgResourceName }} + spec: + forProvider: + description: Allow access to databases + name: {{ printf "%s-%s" $params.id $sgResourceName | toYaml }} + vpcIdSelector: + matchControllerRef: true + region: {{ $params.region | toYaml }} + tags: + Name: {{ printf "%s-%s" $params.id $sgResourceName | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $sgrpRulePostGresResourceName := "security-group-rule-postgres" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $sgrpRulePostGresResourceName }} + spec: + forProvider: + cidrBlocks: + - 192.168.0.0/16 + description: Everywhere + fromPort: 5432 + protocol: tcp + securityGroupIdSelector: + matchControllerRef: true + toPort: 5432 + type: ingress + region: {{ $params.region | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $sgrpRuleMySQLResourceName := "security-group-rule-mysql" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $sgrpRuleMySQLResourceName }} + spec: + forProvider: + cidrBlocks: + - 192.168.0.0/16 + description: Everywhere + fromPort: 3306 + protocol: tcp + securityGroupIdSelector: + matchControllerRef: true + toPort: 3306 + type: ingress + region: {{ $params.region | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + - step: set-xr-status + functionRef: + name: go-templating + input: + apiVersion: gotemplating.fn.crossplane.io/v1beta1 + kind: GoTemplate + source: Inline + inline: + template: | + {{ $observedResources := get .observed "resources" | default dict }} + {{ $params := get .observed.composite.resource.spec "parameters" | default dict }} + {{ $vpcStatus := dig "vpc" "resource" "status" dict $observedResources }} + {{ $subnetsStatus := dict }} + {{ range $i, $subnet := $params.subnets }} + {{ $subnetResourceName := printf "subnet-%s-%s-%s" $subnet.availabilityZone $subnet.type (toString $i) }} + {{ $subnetStatuses := dig $subnetResourceName "resource" "status" dict $observedResources }} + {{ $subnetsStatus = merge $subnetsStatus (dict $subnetResourceName $subnetStatuses) }} + {{ end }} + apiVersion: api.example/v1alpha1 + kind: XEKSNetwork + status: + vpc: {{ $vpcStatus | toYaml | nindent 4 }} + subnets: {{ $subnetsStatus | toYaml | nindent 4 }} + - step: automatically-detect-ready-composed-resources + functionRef: + name: auto-ready +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml new file mode 100644 index 0000000..c3b86aa --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml @@ -0,0 +1,25 @@ +--- +######################################################################################################################## +# @default -- list +defaults: [] +######################################################################################################################## +# @default -- list +# https://doc.crds.dev/github.com/crossplane/crossplane/apiextensions.crossplane.io/Composition/v1 +compositions: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + mode: "" + writeConnectionSecretsTonamespace: "ns1" + compositeTypeRef: [] + environment: [] + patchSets: [] + pipeline: [] + resources: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] + +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/.ci.config.yaml new file mode 100644 index 0000000..c8de61f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/.helmignore b/helm/charts/mcp/crossplane-provider-apiextensions/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml new file mode 100644 index 0000000..bf7b965 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml @@ -0,0 +1,32 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-apiextensions +description: A Helm Chart to template crossplane API extensions compositions. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.2 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://docs.crossplane.io/latest/api/ + - https://github.com/openmcp-project/blueprint-building-blocks +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/README.md b/helm/charts/mcp/crossplane-provider-apiextensions/README.md new file mode 100644 index 0000000..1334cfe --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/README.md @@ -0,0 +1,26 @@ + + +# crossplane-provider-apiextensions + +![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane API extensions compositions. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| environmentConfigs | list | list | An [EnvironmentConfig](https://docs.crossplane.io/latest/api/) contains user-defined unstructured values for use in a Composition. Read the Crossplane documentation for [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs/). | +| environmentConfigs[0].data | list | `[]` | The data of this [EnvironmentConfig](https://docs.crossplane.io/latest/api/). This may contain any kind of structure that can be serialized into JSON. | +| usages | list | list | A Usage defines a deletion blocking relationship between two resources. Usages prevent accidental deletion of a single resource or deletion of resources with dependent resources. Read the Crossplane documentation for [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages/). | +| usages[0].spec | list | `[]` | The data of this [EnvironmentConfig](https://docs.crossplane.io/latest/api/). This may contain any kind of structure that can be serialized into JSON. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-apiextensions/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/templates/environment-config-apiextensions-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/templates/environment-config-apiextensions-crossplane-io.yaml new file mode 100644 index 0000000..42f0be5 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/templates/environment-config-apiextensions-crossplane-io.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.environmentConfigs}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: apiextensions.crossplane.io/v1beta1 +kind: EnvironmentConfig +metadata: + name: {{required "A valid value is required! (.Values.environmentConfigs[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +data: + {{- required "A valid value is required! (.Values.environmentConfigs[].data)" $item.data | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/templates/usage-apiextensions-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/templates/usage-apiextensions-crossplane-io.yaml new file mode 100644 index 0000000..aec8a87 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/templates/usage-apiextensions-crossplane-io.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.usages}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: apiextensions.crossplane.io/v1alpha1 +kind: Usage +metadata: + name: {{required "A valid value is required! (.Values.usages[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + {{- required "A valid value is required! (.Values.usages[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/values.ci.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/values.ci.yaml new file mode 100644 index 0000000..337a6ed --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/values.ci.yaml @@ -0,0 +1,38 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +environmentConfigs: +- name: "example-environment" + data: + locations: + us: us-east-2 + eu: eu-north-1 + key1: value1 + key2: value2 + key3: + - item1 + - item2 +######################################################################################################################## +usages: +- name: "protect-production-database" + spec: + of: + apiVersion: rds.aws.upbound.io/v1beta1 + kind: Instance + resourceRef: + name: my-database + reason: "Production Database - should never be deleted!" +- name: "release-uses-cluster" + spec: + of: + apiVersion: eks.upbound.io/v1beta1 + kind: Cluster + resourceRef: + name: my-cluster + by: + apiVersion: helm.crossplane.io/v1beta1 + kind: Release + resourceRef: + name: my-prometheus-chart +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/values.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/values.yaml new file mode 100644 index 0000000..248b2ea --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/values.yaml @@ -0,0 +1,25 @@ +--- +######################################################################################################################## +# -- An [EnvironmentConfig](https://docs.crossplane.io/latest/api/) contains user-defined unstructured values for use in a Composition. +# Read the Crossplane documentation for [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs/). +# @default -- list +environmentConfigs: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # -- The data of this [EnvironmentConfig](https://docs.crossplane.io/latest/api/). This may contain any kind of structure that can be serialized into JSON. + data: [] +######################################################################################################################## +# -- A Usage defines a deletion blocking relationship between two resources. +# Usages prevent accidental deletion of a single resource or deletion of resources with dependent resources. +# Read the Crossplane documentation for [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages/). +# @default -- list +usages: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # -- The data of this [EnvironmentConfig](https://docs.crossplane.io/latest/api/). This may contain any kind of structure that can be serialized into JSON. + spec: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/.helmignore b/helm/charts/mcp/crossplane-provider-aws-ec2/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml new file mode 100644 index 0000000..4d4e0e3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml @@ -0,0 +1,34 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-aws-ec2 +description: A Helm Chart to template AWS EC2 manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.10 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://marketplace.upbound.io/providers/upbound/provider-aws-ec2 + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/README.md b/helm/charts/mcp/crossplane-provider-aws-ec2/README.md new file mode 100644 index 0000000..4a766a9 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/README.md @@ -0,0 +1,84 @@ + + +# crossplane-provider-aws-ec2 + +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template AWS EC2 manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults.eips.deletionPolicy | string | `""` | | +| defaults.internetGateways.deletionPolicy | string | `""` | | +| defaults.mainRouteTableAssociations.deletionPolicy | string | `""` | | +| defaults.natGateways.deletionPolicy | string | `""` | | +| defaults.routeTableAssociations.deletionPolicy | string | `""` | | +| defaults.routeTables.deletionPolicy | string | `""` | | +| defaults.routes.deletionPolicy | string | `""` | | +| defaults.securityGroupRules.deletionPolicy | string | `""` | | +| defaults.securityGroups.deletionPolicy | string | `""` | | +| defaults.subnets.deletionPolicy | string | `""` | | +| defaults.vpcs.deletionPolicy | string | `""` | | +| eips[0].annotations | list | `[]` | | +| eips[0].labels | list | `[]` | | +| eips[0].name | string | `""` | | +| eips[0].ownerReferences | list | `[]` | | +| eips[0].spec.deletionPolicy | string | `""` | | +| eips[0].spec.forProvider | list | `[]` | | +| eips[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| eips[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| eips[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| internetGateways | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/InternetGateway/v1beta1 | +| internetGateways[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| internetGateways[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| internetGateways[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| mainRouteTableAssociations | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/MainRouteTableAssociation/v1beta1 | +| mainRouteTableAssociations[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| mainRouteTableAssociations[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| mainRouteTableAssociations[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| natGateways | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/NATGateway/v1beta1 | +| natGateways[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| natGateways[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| natGateways[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| routeTableAssociations | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTableAssociation/v1beta1 | +| routeTableAssociations[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| routeTableAssociations[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| routeTableAssociations[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| routeTables | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTable/v1beta1 | +| routeTables[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| routeTables[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| routeTables[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| routes | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Route/v1beta1 | +| routes[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| routes[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| routes[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| securityGroupRules | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/SecurityGroupRule/v1beta1 | +| securityGroupRules[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| securityGroupRules[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| securityGroupRules[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| securityGroups | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/SecurityGroup/v1beta1 | +| securityGroups[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| securityGroups[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| securityGroups[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| subnets | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Subnet/v1beta1 | +| subnets[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| subnets[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| subnets[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| vpcs | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/VPC/v1beta1 | +| vpcs[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| vpcs[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| vpcs[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/eip-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/eip-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..5872fe5 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/eip-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.eips}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: EIP +metadata: + name: {{required "A valid value is required! (.Values.eips[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.eips.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.eips[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.eips[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/internet-gateway-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/internet-gateway-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..9c4b4c3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/internet-gateway-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.internetGateways}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: InternetGateway +metadata: + name: {{required "A valid value is required! (.Values.internetGateways[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.internetGateways.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.internetGateways[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.internetGateways[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/main-route-rable-association-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/main-route-rable-association-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..36fc134 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/main-route-rable-association-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.mainRouteTableAssociations}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: MainRouteTableAssociation +metadata: + name: {{required "A valid value is required! (.Values.mainRouteTableAssociations[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.mainRouteTableAssociations.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.mainRouteTableAssociations[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.mainRouteTableAssociations[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/nat-gateway-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/nat-gateway-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..a79ae0c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/nat-gateway-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.natGateways}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: NATGateway +metadata: + name: {{required "A valid value is required! (.Values.natGateways[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.natGateways.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.natGateways[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.natGateways[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..224634d --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.routes}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: Route +metadata: + name: {{required "A valid value is required! (.Values.routes[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.routes.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.routes[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.routes[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-association-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-association-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..0eff378 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-association-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.routeTableAssociations}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: RouteTableAssociation +metadata: + name: {{required "A valid value is required! (.Values.routeTableAssociations[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.routeTableAssociations.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.routeTableAssociations[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.routeTableAssociations[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..bf005da --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.routeTables}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: RouteTable +metadata: + name: {{required "A valid value is required! (.Values.routeTables[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.routeTables.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.routeTables[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.routeTables[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..0416671 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.securityGroups}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: SecurityGroup +metadata: + name: {{required "A valid value is required! (.Values.securityGroups[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.securityGroups.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.securityGroups[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.securityGroups[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-rule-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-rule-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..7083086 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-rule-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.securityGroupRules}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: SecurityGroupRuleRule +metadata: + name: {{required "A valid value is required! (.Values.securityGroupRules[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.securityGroupRules.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.securityGroupRules[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.securityGroupRules[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/subnet-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/subnet-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..3eada5f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/subnet-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.subnets}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: Subnet +metadata: + name: {{required "A valid value is required! (.Values.subnets[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.subnets.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.subnets[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.subnets[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/vpc-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/vpc-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..213dd4c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/vpc-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.vpcs}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: VPC +metadata: + name: {{required "A valid value is required! (.Values.vpcs[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.vpcs.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.vpcs[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.vpcs[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml new file mode 100644 index 0000000..32c5966 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml @@ -0,0 +1,109 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +eips: + - name: "dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + omain: vpc + region: us-west-2 + providerConfigRef: + name: dev-us-aws + - name: "dev-us-ekscluster-2" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + omain: vpc + region: us-west-2 + providerConfigRef: + name: dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/InternetGateway/v1beta1 +internetGateways: + - name: "dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + region: us-west-2 + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/NATGateway/v1beta1 +natGateways: + - name: "dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + allocationIdSelector: + matchLabels: + type: eip-1 + region: us-west-2 + subnetIdSelector: + matchLabels: + type: subnet + visibility: public + zone: us-west-2a + providerConfigRef: + name: dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTable/v1beta1 +routeTables: + - name: "dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + region: us-west-2 + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Subnet/v1beta1 +subnets: + - name: "dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + availabilityZone: us-west-2a + cidrBlock: 192.168.50.0/24 + mapPublicIpOnLaunch: false + region: us-west-2 + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/VPC/v1beta1 +vpcs: + - name: "dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + cidrBlock: 192.168.48.0/20 + enableDnsHostnames: true + enableDnsSupport: true + region: us-west-2 + providerConfigRef: + name: dev-us-aws + +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/values.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/values.yaml new file mode 100644 index 0000000..bdfa1d9 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/values.yaml @@ -0,0 +1,205 @@ +--- +######################################################################################################################## +# @default -- list +defaults: + eips: + deletionPolicy: "" + internetGateways: + deletionPolicy: "" + natGateways: + deletionPolicy: "" + routeTables: + deletionPolicy: "" + subnets: + deletionPolicy: "" + vpcs: + deletionPolicy: "" + mainRouteTableAssociations: + deletionPolicy: "" + routes: + deletionPolicy: "" + routeTableAssociations: + deletionPolicy: "" + securityGroups: + deletionPolicy: "" + securityGroupRules: + deletionPolicy: "" +######################################################################################################################## +# @default -- list +# https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0 +eips: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/InternetGateway/v1beta1 +internetGateways: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/NATGateway/v1beta1 +natGateways: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTable/v1beta1 +routeTables: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Subnet/v1beta1 +subnets: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/VPC/v1beta1 +vpcs: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/MainRouteTableAssociation/v1beta1 +mainRouteTableAssociations: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Route/v1beta1 +routes: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTableAssociation/v1beta1 +routeTableAssociations: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/SecurityGroup/v1beta1 +securityGroups: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/SecurityGroupRule/v1beta1 +securityGroupRules: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/.ci.config.yaml new file mode 100644 index 0000000..3a7fb0f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/.helmignore b/helm/charts/mcp/crossplane-provider-aws-eks/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml new file mode 100644 index 0000000..2dbdd02 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml @@ -0,0 +1,35 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-aws-eks +description: A Helm Chart to template AWS EKS manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.10 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://marketplace.upbound.io/providers/upbound/provider-aws-eks/ + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ + - https://github.com/openmcp-project/blueprint-building-blocks + +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/README.md b/helm/charts/mcp/crossplane-provider-aws-eks/README.md new file mode 100644 index 0000000..a17c9c1 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/README.md @@ -0,0 +1,40 @@ + + +# crossplane-provider-aws-eks + +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template AWS EKS manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| clusters[0].annotations | list | `[]` | | +| clusters[0].labels | list | `[]` | | +| clusters[0].name | string | `""` | | +| clusters[0].ownerReferences | list | `[]` | | +| clusters[0].spec.deletionPolicy | string | `""` | | +| clusters[0].spec.forProvider | list | `[]` | | +| clusters[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| clusters[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| clusters[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| defaults.clusters.deletionPolicy | string | `""` | | +| defaults.nodeGroups.deletionPolicy | string | `""` | | +| nodeGroups | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/NodeGroup/v1beta1 | +| nodeGroups[0].spec | object | `{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}` | https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/Cluster/v1beta1 | +| nodeGroups[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| nodeGroups[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| nodeGroups[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-aws-eks/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/templates/cluster-eks-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/templates/cluster-eks-aws-upbound-io.yaml new file mode 100644 index 0000000..d976d8a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/templates/cluster-eks-aws-upbound-io.yaml @@ -0,0 +1,35 @@ +{{- range $item := .Values.clusters}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: eks.aws.upbound.io/v1beta1 +kind: Cluster +metadata: + name: {{required "A valid value is required! (.Values.clusters[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.clusters.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.clusters[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.clusters[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + writeConnectionSecretToRef: + {{- required "A valid value is required! (.Values.clusters[].spec.writeConnectionSecretToRef)" $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/templates/node-group-eks-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/templates/node-group-eks-aws-upbound-io.yaml new file mode 100644 index 0000000..4f77f34 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/templates/node-group-eks-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.nodeGroups}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: eks.aws.upbound.io/v1beta1 +kind: NodeGroup +metadata: + name: {{required "A valid value is required! (.Values.nodeGroups[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.nodeGroups.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.nodeGroups[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.nodeGroups[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml new file mode 100644 index 0000000..f033115 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml @@ -0,0 +1,75 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +clusters: + - name: "dev-us-ekscluster" + labels: + crossplane.io/composite: dev-us-ekscluster + crossplane.io/claim-namespace: dev-us + annotations: + crossplane.io/composition-resource-name: eks-cluster + ownerReferences: + - apiVersion: api.example/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: XEKSCluster + name: dev-us-ekscluster + uid: "" + spec: + deletionPolicy: "" + forProvider: + region: us-west-2 + roleArn: arn:aws:iam::XXXX:role/DEV-EKS-Cluster-Role + version: "1.30" + vpcConfig: + - endpointPrivateAccess: false + endpointPublicAccess: true + subnetIdSelector: + matchLabels: + type: subnet + visibility: private + providerConfigRef: + name: dev-us-aws + writeConnectionSecretToRef: + name: dev-us-connection-secret + namespace: crossplane-system + publishConnectionDetailsTo: {} +nodeGroups: + - name: "dev-us-ekscluster" + labels: + crossplane.io/composite: dev-us-ekscluster + crossplane.io/claim-namespace: dev-us + annotations: + crossplane.io/composition-resource-name: eks-nodegroup + ownerReferences: + - apiVersion: api.example/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: XEKSCluster + name: dev-us-ekscluster + uid: "" + spec: + deletionPolicy: "" + forProvider: + amiType: AL2_x86_64 + clusterNameSelector: + matchControllerRef: true + instanceTypes: + - t3.medium + nodeRoleArn: arn:aws:iam::XXXX:role/DEV-EKS-WorkerNode-Role + region: us-west-2 + scalingConfig: + - desiredSize: 2 + maxSize: 2 + minSize: 1 + subnetIdSelector: + matchControllerRef: true + matchLabels: + type: subnet + visibility: private + providerConfigRef: + name: dev-us-aws + publishConnectionDetailsTo: {} + writeConnectionSecretToRef: {} +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/values.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/values.yaml new file mode 100644 index 0000000..b262c38 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/values.yaml @@ -0,0 +1,45 @@ +--- +######################################################################################################################## +# @default -- list +defaults: + clusters: + deletionPolicy: "" + nodeGroups: + deletionPolicy: "" +######################################################################################################################## +# @default -- list +# https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/Cluster/v1beta1 +clusters: + # eks.clusters[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/NodeGroup/v1beta1 +nodeGroups: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # -- https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/Cluster/v1beta1 + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/.helmignore b/helm/charts/mcp/crossplane-provider-aws-iam/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml new file mode 100644 index 0000000..27a73eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml @@ -0,0 +1,34 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-aws-iam +description: A Helm Chart to template AWS IAM manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.11 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://marketplace.upbound.io/providers/upbound/provider-aws-iam/ + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/README.md b/helm/charts/mcp/crossplane-provider-aws-iam/README.md new file mode 100644 index 0000000..e0b0352 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/README.md @@ -0,0 +1,58 @@ + + +# crossplane-provider-aws-iam + +![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template AWS IAM manifests for its crossplane provider. + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| accessKeys | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: AccessKey](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/AccessKey/v1beta1) | +| accessKeys[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| accessKeys[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| accessKeys[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| accessKeys[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| defaults.accessKeys.deletionPolicy | string | `""` | | +| defaults.policies.deletionPolicy | string | `""` | | +| defaults.rolePolicyAttachments.deletionPolicy | string | `""` | | +| defaults.roles.deletionPolicy | string | `""` | | +| defaults.userPolicyAttachments.deletionPolicy | string | `""` | | +| defaults.users.deletionPolicy | string | `""` | | +| policies | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: Policy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/Policy/v1beta1) | +| policies[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| policies[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| policies[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| policies[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| rolePolicyAttachments | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: RolePolicyAttachment](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/RolePolicyAttachment/v1beta1) | +| rolePolicyAttachments[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| rolePolicyAttachments[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| rolePolicyAttachments[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| rolePolicyAttachments[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| roles | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: UsRoleer](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/Role/v1beta1) | +| roles[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| roles[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| roles[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| roles[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| userPolicyAttachments | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: UserPolicyAttachment](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/UserPolicyAttachment/v1beta1) | +| userPolicyAttachments[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| userPolicyAttachments[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| userPolicyAttachments[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| userPolicyAttachments[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| users | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: User](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1) | +| users[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| users[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| users[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| users[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-aws-iam/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/access-key-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/access-key-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..1519f21 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/access-key-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.accessKeys}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: AccessKey +metadata: + name: {{required "A valid value is required! (.Values.accessKeys[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.accessKeys.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.accessKeys[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.accessKeys[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/policy-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/policy-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..35a5dec --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/policy-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.policies}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + name: {{required "A valid value is required! (.Values.policies[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.policies.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.policies[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.policies[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..c569aae --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.roles}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Role +metadata: + name: {{required "A valid value is required! (.Values.roles[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.roles.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.roles[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.roles[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-policy-attachment-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-policy-attachment-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..83987cb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-policy-attachment-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.rolePolicyAttachments}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: RolePolicyAttachment +metadata: + name: {{required "A valid value is required! (.Values.rolePolicyAttachments[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.rolePolicyAttachments.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.rolePolicyAttachments[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.rolePolicyAttachments[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..e6fc9c5 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.users}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: User +metadata: + name: {{required "A valid value is required! (.Values.users[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.users.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.users[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.users[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-policy-attachment-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-policy-attachment-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..a90526e --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-policy-attachment-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.userPolicyAttachments}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: UserPolicyAttachment +metadata: + name: {{required "A valid value is required! (.Values.userPolicyAttachments[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.userPolicyAttachments.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.userPolicyAttachments[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.userPolicyAttachments[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml new file mode 100644 index 0000000..6c8214b --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml @@ -0,0 +1,135 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +roles: +- name: "dev-us-ekscluster" + labels: + crossplane.io/composite: dev-us-ekscluster + crossplane.io/claim-namespace: dev-us + annotations: + crossplane.io/composition-resource-name: role + ownerReferences: + - apiVersion: api.example/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: XEKSCluster + name: dev-us-ekscluster + uid: "" + spec: + deletionPolicy: "" + forProvider: + assumeRolePolicy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + providerConfigRef: + name: dev-us-aws + publishConnectionDetailsTo: {} + writeConnectionSecretToRef: {} +rolePolicyAttachments: +- name: "dev-us-ekscluster" + labels: + crossplane.io/composite: dev-us-ekscluster + crossplane.io/claim-namespace: dev-us + annotations: + crossplane.io/composition-resource-name: rolePolicyAttachment + ownerReferences: + - apiVersion: api.example/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: XEKSCluster + name: dev-us-ekscluster + uid: "" + spec: + deletionPolicy: "" + forProvider: + policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy + roleSelector: + matchControllerRef: true + providerConfigRef: + name: dev-us-aws + publishConnectionDetailsTo: {} + writeConnectionSecretToRef: {} +policies: +- name: user-policy + labels: + testing.upbound.io/example-name: user + spec: + providerConfigRef: + name: provider-config-ref + forProvider: + policy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": "elastic-inference:Connect", + "Resource": "*" + } + ] + } +users: +- name: sample-user-RFC1123Subdomain-1 + annotations: + meta.upbound.io/example-id: iam/v1beta1/accesskey + labels: + testing.upbound.io/example-name: accesskey + spec: + providerConfigRef: + name: provider-config-ref + forProvider: {} + +userPolicyAttachments: +- name: example + spec: + providerConfigRef: + name: provider-config-ref + forProvider: + policyArnSelector: + matchLabels: + testing.upbound.io/example-name: user + userSelector: + matchLabels: + testing.upbound.io/example-name: user +accessKeys: +- name: sample-access-key-RFC1123Subdomain + annotations: + meta.upbound.io/example-id: iam/v1beta1/accesskey + labels: + testing.upbound.io/example-name: user + spec: + providerConfigRef: + name: provider-config-ref + forProvider: + userSelector: + matchLabels: + testing.upbound.io/example-name: accesskey + writeConnectionSecretToRef: + name: sample-access-key-secret + namespace: upbound-system +- name: sample-access-key + labels: + testing.upbound.io/example-name: user + spec: + providerConfigRef: + name: provider-config-ref + forProvider: + userSelector: + matchLabels: + testing.upbound.io/example-name: user + writeConnectionSecretToRef: + name: sample-access-key-secret + namespace: upbound-system +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/values.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/values.yaml new file mode 100644 index 0000000..b26dfa6 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/values.yaml @@ -0,0 +1,137 @@ +--- +######################################################################################################################## +# @default -- {} +defaults: + roles: + deletionPolicy: "" + users: + deletionPolicy: "" + policies: + deletionPolicy: "" + userPolicyAttachments: + deletionPolicy: "" + rolePolicyAttachments: + deletionPolicy: "" + accessKeys: + deletionPolicy: "" +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: UsRoleer](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/Role/v1beta1) +# @default -- {} +roles: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: User](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1) +# @default -- {} +users: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: RolePolicyAttachment](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/RolePolicyAttachment/v1beta1) +# @default -- {} +rolePolicyAttachments: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: Policy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/Policy/v1beta1) +# @default -- {} +policies: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: UserPolicyAttachment](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/UserPolicyAttachment/v1beta1) +# @default -- {} +userPolicyAttachments: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: AccessKey](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/AccessKey/v1beta1) +# @default -- {} +accessKeys: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/.ci.config.yaml new file mode 100644 index 0000000..3a7fb0f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/.helmignore b/helm/charts/mcp/crossplane-provider-aws-rdr/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml new file mode 100644 index 0000000..932159a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml @@ -0,0 +1,34 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-aws-rdr +description: A Helm Chart to template AWS RDR manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://marketplace.upbound.io/providers/upbound/provider-aws-iam/ + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/README.md b/helm/charts/mcp/crossplane-provider-aws-rdr/README.md new file mode 100644 index 0000000..f0fd902 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/README.md @@ -0,0 +1,34 @@ + + +# crossplane-provider-aws-rdr + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template AWS RDR manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults.instances.deletionPolicy | string | `""` | | +| instances[0].annotations | list | `[]` | | +| instances[0].labels | list | `[]` | | +| instances[0].name | string | `""` | | +| instances[0].ownerReferences | list | `[]` | | +| instances[0].spec.deletionPolicy | string | `""` | | +| instances[0].spec.forProvider | list | `[]` | | +| instances[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| instances[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| instances[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-aws-rdr/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/templates/instance-rdr-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/templates/instance-rdr-aws-upbound-io.yaml new file mode 100644 index 0000000..c2fd80a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/templates/instance-rdr-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.instances}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: rds.aws.upbound.io/v1beta2 +kind: Instance +metadata: + name: {{required "A valid value is required! (.Values.instances[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.instances.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.instances[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.instances[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml new file mode 100644 index 0000000..aec4af6 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml @@ -0,0 +1,37 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +instances: + - name: "rds-instance" + labels: {} + annotations: {} + ownerReferences: {} + spec: + forProvider: + allocatedStorage: 20 + autoGeneratePassword: true + autoMinorVersionUpgrade: true + backupRetentionPeriod: 14 + backupWindow: 09:46-10:16 + dbName: devusdb + engine: postgres + engineVersion: "16.1" + instanceClass: db.t3.micro + maintenanceWindow: Mon:00:00-Mon:03:00 + passwordSecretRef: + key: password + name: dev-us-rds-admin-pw + namespace: dev-us + publiclyAccessible: false + region: us-east-1 + skipFinalSnapshot: true + storageEncrypted: true + storageType: gp2 + username: adminuser + providerConfigRef: + name: dev-us-aws + writeConnectionSecretToRef: + name: dev-us-rds-connection-details + namespace: dev-us +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/values.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/values.yaml new file mode 100644 index 0000000..4640ea8 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/values.yaml @@ -0,0 +1,27 @@ +--- +######################################################################################################################## +# @default -- list +defaults: + instances: + deletionPolicy: "" +######################################################################################################################## +# @default -- list +# https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws/v0.36.1/resources/ec2.aws.crossplane.io/ +# https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws/v0.36.1/resources/ec2.aws.crossplane.io/Instance/v1alpha1 +instances: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] + +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-btp-security/.ci.config.yaml new file mode 100644 index 0000000..b66bdbe --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/.ci.config.yaml @@ -0,0 +1,20 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml b/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml new file mode 100644 index 0000000..2acd92a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml @@ -0,0 +1,33 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-btp-security +description: A Helm Chart to template crossplane manifests to manage BTP resources such as Directory, TrustConfiguration and RoleCollection Assignment on BTP. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.11 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-btp-security/README.md b/helm/charts/mcp/crossplane-provider-btp-security/README.md new file mode 100644 index 0000000..d4fb47e --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/README.md @@ -0,0 +1,38 @@ + + +# crossplane-provider-btp-security + +![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane manifests to manage BTP resources such as Directory, TrustConfiguration and RoleCollection Assignment on BTP. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| globalaccountTrustConfigurations | list | object | `globalaccountTrustConfigurations[].` orchestrate [`kind: GlobalaccountTrustConfiguration`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| globalaccountTrustConfigurations[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| globalaccountTrustConfigurations[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1) CRD | +| globalaccountTrustConfigurations[0].name | string | - | Name of the GlobalaccountTrustConfiguration resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1?path=metadata). | +| globalaccountTrustConfigurations[0].writeConnectionSecretToRef | list | `[]` | optional | +| roleCollectionAssignments | list | object | `roleCollectionAssignments[].` orchestrate [`kind: RoleCollectionAssignment`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| roleCollectionAssignments[0] | object | `{"apiCredentials":[],"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| roleCollectionAssignments[0].apiCredentials | list | `[]` | [apiCredentials](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) CRD | +| roleCollectionAssignments[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) CRD | +| roleCollectionAssignments[0].name | string | - | Name of the RoleCollectionAssignment resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1?path=metadata). | +| roleCollectionAssignments[0].writeConnectionSecretToRef | list | `[]` | optional | +| subaccountTrustConfigurations | list | object | `subaccountTrustConfigurations[].` orchestrate [`kind: SubaccountTrustConfiguration`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| subaccountTrustConfigurations[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| subaccountTrustConfigurations[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1) CRD | +| subaccountTrustConfigurations[0].name | string | - | Name of the SubaccountTrustConfiguration resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1?path=metadata). | +| subaccountTrustConfigurations[0].writeConnectionSecretToRef | list | `[]` | optional | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-btp-security/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-btp-security/templates/globalaccount-trust-configuration.yaml b/helm/charts/mcp/crossplane-provider-btp-security/templates/globalaccount-trust-configuration.yaml new file mode 100644 index 0000000..e38b65c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/templates/globalaccount-trust-configuration.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.globalaccountTrustConfigurations }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: security.btp.sap.crossplane.io/v1alpha1 +kind: GlobalaccountTrustConfiguration +metadata: + name: {{required "A valid value is required! (.Values.globalaccountTrustConfigurations[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.globalaccountTrustConfigurations[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.globalaccountTrustConfigurations[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-btp-security/templates/role-collection-assignment.yaml b/helm/charts/mcp/crossplane-provider-btp-security/templates/role-collection-assignment.yaml new file mode 100644 index 0000000..a270e5c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/templates/role-collection-assignment.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.roleCollectionAssignments }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: security.btp.sap.crossplane.io/v1alpha1 +kind: RoleCollectionAssignment +metadata: + name: {{required "A valid value is required! (.Values.roleCollectionAssignments[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.roleCollectionAssignments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.roleCollectionAssignments[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.apiCredentials}} + apiCredentials: + {{- $item.apiCredentials | toYaml | nindent 4 }} + {{- end }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/templates/subaccount-trust-configuration.yaml b/helm/charts/mcp/crossplane-provider-btp-security/templates/subaccount-trust-configuration.yaml new file mode 100644 index 0000000..bf116cf --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/templates/subaccount-trust-configuration.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.subaccountTrustConfigurations }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: security.btp.sap.crossplane.io/v1alpha1 +kind: SubaccountTrustConfiguration +metadata: + name: {{required "A valid value is required! (.Values.subaccountTrustConfigurations[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.subaccountTrustConfigurations[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.subaccountTrustConfigurations[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/values.ci.yaml b/helm/charts/mcp/crossplane-provider-btp-security/values.ci.yaml new file mode 100644 index 0000000..02c5f06 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/values.ci.yaml @@ -0,0 +1,65 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +subaccountTrustConfigurations: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "subaccountTrustConfiguration" + forProvider: + autoCreateShadowUsers: true + availableForUserLogon: true + description: "description" + domain: "domain" + identityProvider: "identityProvider" + linkText: "linkText" + name: "name" + status: "status" + subaccountId: "subaccountId" + subaccountRef: + name: "name" + policy: + resolution: "resolution" + resolve: "Always" + subaccountSelector: + matchControllerRef: true + matchLabels: + policy: + resolution: "resolution" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" +######################################################################################################################## +roleCollectionAssignments: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "roleCollectionAssignments" + forProvider: + groupName: "groupName" + origin: "origin" + roleCollectionName: "roleCollectionName" + userName: "userName" + apiCredentials: + env: + name: "name" + fs: + path: "path" + secretRef: + key: "key" + name: "name" + namespace: "namespace" + source: "source" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" +######################################################################################################################## +globalaccountTrustConfigurations: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "globalaccountTrustConfiguration" + forProvider: + description: "description" + identityProvider: "identityProvider" + name: "name" + origin: "origin" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/values.yaml b/helm/charts/mcp/crossplane-provider-btp-security/values.yaml new file mode 100644 index 0000000..f967692 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/values.yaml @@ -0,0 +1,43 @@ +--- +######################################################################################################################## +# -- `subaccountTrustConfigurations[].` orchestrate [`kind: SubaccountTrustConfiguration`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +subaccountTrustConfigurations: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # subaccountTrustConfigurations[0].name -- Name of the SubaccountTrustConfiguration resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1?path=metadata). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1) CRD + forProvider: [] + # -- optional + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- `roleCollectionAssignments[].` orchestrate [`kind: RoleCollectionAssignment`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +roleCollectionAssignments: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # roleCollectionAssignments[0].name -- Name of the RoleCollectionAssignment resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1?path=metadata). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) CRD + forProvider: [] + # -- [apiCredentials](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) CRD + apiCredentials: [] + # -- optional + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- `globalaccountTrustConfigurations[].` orchestrate [`kind: GlobalaccountTrustConfiguration`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +globalaccountTrustConfigurations: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # globalaccountTrustConfigurations[0].name -- Name of the GlobalaccountTrustConfiguration resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1?path=metadata). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1) CRD + forProvider: [] + # -- optional + writeConnectionSecretToRef: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-configs/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/.helmignore b/helm/charts/mcp/crossplane-provider-configs/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-configs/Chart.yaml b/helm/charts/mcp/crossplane-provider-configs/Chart.yaml new file mode 100644 index 0000000..344fb29 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/Chart.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: v2 +name: crossplane-provider-configs +description: A Helm chart to template crossplane provider config manifests to orchestrate resources. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.16 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +sources: + - https://github.com/openmcp-project/blueprint-building-blocks diff --git a/helm/charts/mcp/crossplane-provider-configs/README.md b/helm/charts/mcp/crossplane-provider-configs/README.md new file mode 100644 index 0000000..2f106ed --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/README.md @@ -0,0 +1,49 @@ + + +# crossplane-provider-configs + +![Version: 0.0.16](https://img.shields.io/badge/Version-0.0.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane provider config manifests to orchestrate resources. + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| providerConfigs.awsUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v1.15.0/resources/aws.upbound.io/ProviderConfig/v1beta1) of `aws.upbound.io/v1beta1`. Additional information see [AWS Quickstart](https://docs.crossplane.io/latest/getting-started/provider-aws/#create-a-providerconfig). | +| providerConfigs.awsUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.azureUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-azure/v1.7.0/resources/azure.upbound.io/ProviderConfig/v1beta1) of `azure.upbound.io/v1beta1`. Additional information see [Azure Quickstart](https://docs.crossplane.io/latest/getting-started/provider-azure/). | +| providerConfigs.azureUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.btpSapCrossplane | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: btp.sap.crossplane.io` This `ProviderConfig` typically points to k8s secret in which the json credentials of a BTP's [Cloud Management Service](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#setup-btp-cloud-management-service) Binding is in order to manage [BTP Cloud Resources](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#configure-providerconfig) such as [BTP Sub-Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts), [Entitlements](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements), ect... | +| providerConfigs.btpSapCrossplane[0].cisCredentials | object | [] | Secret which contains credentials required to authenticate to this provider. Reference to a secret containing the CIS Accounts service credentials. The Cloud Management (CIS) instance must be of plan central. The Service Binding should be created with the following parameters `{"grantType": "clientCredentials"}` See [Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider) and [CRD browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/btp.sap.crossplane.io/providerconfig/v1alpha1?view=docs) for more details. | +| providerConfigs.btpSapCrossplane[0].cisCredentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.btpSapCrossplane[0].cliServerUrl | string | `""` | contains BTP CLI server url. E.g. https://cli.btp.cloud.sap or canary: https://canary.cli.btp.int.sap/ . More landscapes see [here](https://wiki.one.int.sap/wiki/pages/viewpage.action?spaceKey=CPCLI&title=Landscapes) | +| providerConfigs.btpSapCrossplane[0].globalAccountSubDomain | string | `""` | contains the [Global Account Subdomain](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-globalAccount). | +| providerConfigs.btpSapCrossplane[0].serviceAccountSecret | object | [] | A user available in BTP. The Credentials in the ServiceAccountSecret are relevant for two reasons (1) On environment creation (Kyma & CloudFoundry) the APIs require a users email address (2) For updating the managers of a CloudFoundry Environment it is required to have a user and a password The structure is pretty basic, a json object with email, username and password. Username & Password must not be filled if there is no need for CloudFoundry Environments. Example: { "email": "", "username": "PUserID", "password": "--" } | +| providerConfigs.btpSapCrossplane[0].serviceAccountSecret.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.gardenerOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of SAP Garden k8s Service Account is located in order to create a SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your OpenMCP cluster as a k8s secret. | +| providerConfigs.gardenerOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.gcpUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/gcp.crossplane.io/ProviderConfig/v1beta1) of `gcp.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). | +| providerConfigs.gcpUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.helmCrossplane | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: helm.crossplane.io/v1beta1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. The `ProviderConfig` is required to manage `Helm Charts` installations on a k8s cluster such as [`kind: ProviderConfig`](../crossplane-provider-helm/templates/helm-release.yaml) of `apiVersion: helm.crossplane.io/v1beta1` . | +| providerConfigs.helmCrossplane[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.kubernetesCrossplane | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: kubernetes.crossplane.io/v1alpha1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. The `ProviderConfig` is required to orchestrate SAP Gardener Shoot Clusters such as [`kind: Shoot`](../crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster.yaml) of `apiVersion: core.gardener.cloud/v1beta1` or manage plain k8s `manifests` (e.g. ConfigMap...) on a k8s cluster (e.g. SAP Gardern Shoot Cluster) [`kind: Object`](../crossplane-provider-kubernetes/templates/kubernetes.yaml) of `apiVersion: kubernetes.crossplane.io/v1alpha1` directly. See Cloud Orchestrator [SAP Gardener Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/gardener/provider#gardener-providerconfig). | +| providerConfigs.kubernetesCrossplane[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.vaultUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1) of `vault.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). | +| providerConfigs.vaultUpbound[0].spec | object | [] | A [ProviderConfigSpec]((https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1)) defines the desired state of a ProviderConfig. | +| providerConfigs.vaultUpbound[0].spec.address | string | `""` | Required origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path. | +| providerConfigs.vaultUpbound[0].spec.credentials | object | [] | Credentials required to authenticate to this provider. There are many options to authenticate. They include - token - (Optional) Vault token that will be used by Terraform to authenticate. May be set via the VAULT_TOKEN environment variable. If none is otherwise supplied, Terraform will attempt to read it from ~/.vault-token (where the vault command stores its current token). Terraform will issue itself a new token that is a child of the one given, with a short TTL to limit the exposure of any requested secrets, unless skip_child_token is set to true (see below). Note that the given token must have the update capability on the auth/token/create path in Vault in order to create child tokens. A token is required for the provider. A token can explicitly set via token argument, alternatively a token can be dynamically set via an auth_login* block. | +| providerConfigs.vaultUpbound[0].spec.credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.vaultUpbound[0].spec.namespace | string | `"ns1"` | Set the namespace to use. | +| providerConfigs.vaultUpbound[0].spec.skip_child_token | string | `nil` | Set this to true to disable creation of an intermediate ephemeral Vault token for Terraform to use. Enabling this is strongly discouraged since it increases the potential for a renewable Vault token being exposed in clear text. Only change this setting when the provided token cannot be permitted to create child tokens and there is no risk of exposure from the output of Terraform. | +| secrets[0].data | list | [] | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | +| secrets[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | +| secrets[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| secrets[0].stringData | list | [] | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-configs/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-configs/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/_helpers.tpl b/helm/charts/mcp/crossplane-provider-configs/templates/_helpers.tpl new file mode 100644 index 0000000..944976c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cloud-orchestration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-orchestration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-orchestration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-orchestration.labels" -}} +helm.sh/chart: {{ include "cloud-orchestration.chart" . }} +{{ include "cloud-orchestration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-orchestration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-orchestration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-orchestration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-orchestration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/aws-upbound-io.yaml new file mode 100644 index 0000000..f9dc6a9 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/aws-upbound-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.awsUpbound}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: aws.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.awsUpbound[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.awsUpbound[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/azure-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/azure-upbound-io.yaml new file mode 100644 index 0000000..22eaec0 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/azure-upbound-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.azureUpbound}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: azure.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.azureUpbound[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.azureUpbound[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/btp.sap.crossplane.io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/btp.sap.crossplane.io.yaml new file mode 100644 index 0000000..a5f875b --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/btp.sap.crossplane.io.yaml @@ -0,0 +1,19 @@ +{{- range $item := .Values.providerConfigs.btpSapCrossplane}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: btp.sap.crossplane.io/v1alpha1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + cliServerUrl: {{required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].cliServerUrl)" $item.cliServerUrl | quote}} + globalAccount: {{required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].globalAccountSubDomain)" $item.globalAccountSubDomain | lower | quote}} + cisCredentials: + {{- required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].cisCredentials)" $item.cisCredentials | toYaml | nindent 4 }} + serviceAccountSecret: + {{- required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].serviceAccountSecret)" $item.serviceAccountSecret | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gardener-orchestrate-cloud-sap.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gardener-orchestrate-cloud-sap.yaml new file mode 100644 index 0000000..5d1eb47 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gardener-orchestrate-cloud-sap.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.gardenerOrchestrateCloud}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: gardener.orchestrate.cloud.sap/v1alpha1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.gardenerOrchestrateCloud[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.gardenerOrchestrateCloud[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gcp-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gcp-upbound-io.yaml new file mode 100644 index 0000000..6cd9f05 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gcp-upbound-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.gcpUpbound}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: gcp.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.gcpUpbound[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.gcpUpbound[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/helm-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/helm-crossplane-io.yaml new file mode 100644 index 0000000..f5b72ea --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/helm-crossplane-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.helmCrossplane}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: helm.crossplane.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.helmCrossplane[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.helmCrossplane[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/kubernetes-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/kubernetes-crossplane-io.yaml new file mode 100644 index 0000000..9ae7043 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/kubernetes-crossplane-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.kubernetesCrossplane}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.kubernetesCrossplane[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.kubernetesCrossplane[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/vault-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/vault-upbound-io.yaml new file mode 100644 index 0000000..c910c76 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/vault-upbound-io.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.providerConfigs.vaultUpbound}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: vault.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.vaultUpbound[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.providerConfigs.vaultUpbound[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/secrets/generic-secret.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/secrets/generic-secret.yaml new file mode 100644 index 0000000..d645ccd --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/secrets/generic-secret.yaml @@ -0,0 +1,24 @@ +{{- range $item := .Values.secrets}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{required "A valid value is required! (.Values.secrets[].name)" $item.name | lower | quote}} + namespace: {{required "A valid value is required! (.Values.secrets[].namespace)" $item.namespace | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.stringData}} +stringData: + {{- range $key, $value := $item.stringData }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if $item.data}} +data: + {{- toYaml $item.data | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml b/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml new file mode 100644 index 0000000..7128444 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml @@ -0,0 +1,134 @@ +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +providerConfigs: + kubernetesCrossplane: + - providerConfigRefName: "openmcp-test" + credentials: + source: "Secret" + secretRef: + name: "openmcp-test" + namespace: default + key: kubeconfig + helmCrossplane: + - providerConfigRefName: "gardener-shoot-steffen-test" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "gardener-shoot-kubeconfig-steffen-test" + key: kubeconfig + gardenerOrchestrateCloud: + - providerConfigRefName: "openmcp-test" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "openmcp-test" + key: kubeconfig + dynatraceOrchestrateCloud: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + hyperscalerOrchestrateCloud: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + awsUpbound: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + gcpUpbound: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + azureUpbound: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + accountBtpOrchestrateCloud: + - providerConfigRefName: "openmcp-test" + cliServerUrl: "cliServerUrl" + globalAccountSubDomain: "globalAccountSubDomain" + cisCredentials: + source: "Secret" + secretRef: + namespace: default + name: "btp-account-openmcp-test" + key: btp-cis-provider-credentials + serviceAccountSecret: + source: "Secret" + secretRef: + namespace: default + name: "btp-account-openmcp-test" + key: btp-service-account-provider-credentials + btpSapCrossplane: + - providerConfigRefName: "openmcp-test" + cliServerUrl: "cliServerUrl" + globalAccountSubDomain: "globalAccountSubDomain" + cisCredentials: + source: "Secret" + secretRef: + namespace: default + name: "btp-account-openmcp-test" + key: btp-cis-provider-credentials + serviceAccountSecret: + source: "Secret" + secretRef: + namespace: default + name: "btp-account-openmcp-test" + key: btp-service-account-provider-credentials + cloudfoundryBtpOrchestrateCloud: + - providerConfigRefName: "cloudfoundryBtpOrchestrateCloud" + endpoint: + source: "Secret" + secretRef: + name: cf-environment-secret + namespace: default + key: apiEndpoint + credentials: + source: "Secret" + secretRef: + name: cf-credentials-secret + namespace: default + key: credentials + vaultUpbound: + - providerConfigRefName: "vaultUpbound" + spec: + address: https://vault.tools.sap + namespace: artificial-intelligence/aicore + skip_child_token: true + credentials: + source: Secret + secretRef: + name: vault-creds + namespace: default + key: credentials +######################################################################################################################## +secrets: + - name: "name" + namespace: "namespace" + stringData: + foo: "bar" + #data: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/values.yaml b/helm/charts/mcp/crossplane-provider-configs/values.yaml new file mode 100644 index 0000000..7657973 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/values.yaml @@ -0,0 +1,169 @@ +--- +######################################################################################################### +providerConfigs: + # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: kubernetes.crossplane.io/v1alpha1` + # This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. + # The `ProviderConfig` is required to orchestrate SAP Gardener Shoot Clusters such as [`kind: Shoot`](../crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster.yaml) of `apiVersion: core.gardener.cloud/v1beta1` + # or manage plain k8s `manifests` (e.g. ConfigMap...) on a k8s cluster (e.g. SAP Gardern Shoot Cluster) [`kind: Object`](../crossplane-provider-kubernetes/templates/kubernetes.yaml) of `apiVersion: kubernetes.crossplane.io/v1alpha1` directly. + # See Cloud Orchestrator [SAP Gardener Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/gardener/provider#gardener-providerconfig). + # @default -- [] + kubernetesCrossplane: + - providerConfigRefName: "" + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "kubeconfig" + ######################################################################################################################## + # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: helm.crossplane.io/v1beta1` + # This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. + # The `ProviderConfig` is required to manage `Helm Charts` installations on a k8s cluster + # such as [`kind: ProviderConfig`](../crossplane-provider-helm/templates/helm-release.yaml) of `apiVersion: helm.crossplane.io/v1beta1` . + # @default -- [] + helmCrossplane: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "kubeconfig" + ######################################################################################################################## + # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` + # This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of SAP Garden k8s Service Account + # is located in order to create a SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` + # on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your OpenMCP cluster as a k8s secret. + # @default -- [] + gardenerOrchestrateCloud: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "kubeconfig" + ######################################################################################################################## + # -- creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-azure/v1.7.0/resources/azure.upbound.io/ProviderConfig/v1beta1) of `azure.upbound.io/v1beta1`. Additional information see [Azure Quickstart](https://docs.crossplane.io/latest/getting-started/provider-azure/). + # @default -- [] + azureUpbound: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" + ######################################################################################################################## + # -- creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v1.15.0/resources/aws.upbound.io/ProviderConfig/v1beta1) of `aws.upbound.io/v1beta1`. Additional information see [AWS Quickstart](https://docs.crossplane.io/latest/getting-started/provider-aws/#create-a-providerconfig). + # @default -- [] + awsUpbound: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" + ######################################################################################################################## + # -- creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/gcp.crossplane.io/ProviderConfig/v1beta1) of `gcp.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). + # @default -- [] + gcpUpbound: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" + ######################################################################################################################## + # -- creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1) of `vault.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). + # @default -- [] + vaultUpbound: + - providerConfigRefName: "" + # -- A [ProviderConfigSpec]((https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1)) defines the desired state of a ProviderConfig. + # @default -- [] + spec: + # -- Required origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path. + address: "" + # -- Set the namespace to use. + namespace: "ns1" + # -- Set this to true to disable creation of an intermediate ephemeral Vault token for Terraform to use. Enabling this is strongly discouraged since it increases the potential for a renewable Vault token being exposed in clear text. Only change this setting when the provided token cannot be permitted to create child tokens and there is no risk of exposure from the output of Terraform. + skip_child_token: + # -- Credentials required to authenticate to this provider. There are many options to authenticate. They include - token - (Optional) Vault token that will be used by Terraform to authenticate. May be set via the VAULT_TOKEN environment variable. If none is otherwise supplied, Terraform will attempt to read it from ~/.vault-token (where the vault command stores its current token). Terraform will issue itself a new token that is a child of the one given, with a short TTL to limit the exposure of any requested secrets, unless skip_child_token is set to true (see below). Note that the given token must have the update capability on the auth/token/create path in Vault in order to create child tokens. A token is required for the provider. A token can explicitly set via token argument, alternatively a token can be dynamically set via an auth_login* block. + # @default -- [] + credentials: + source: Secret + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + name: "" + namespace: "ns1" + key: "" + ######################################################################################################################## + # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: btp.sap.crossplane.io` + # This `ProviderConfig` typically points to k8s secret in which the json credentials of a + # BTP's [Cloud Management Service](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#setup-btp-cloud-management-service) Binding is in order to manage [BTP Cloud Resources](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#configure-providerconfig) + # such as [BTP Sub-Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts), [Entitlements](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements), ect... + # @default -- [] + btpSapCrossplane: + - providerConfigRefName: "" + # -- contains BTP CLI server url. E.g. https://cli.btp.cloud.sap or canary: https://canary.cli.btp.int.sap/ . More landscapes see [here](https://wiki.one.int.sap/wiki/pages/viewpage.action?spaceKey=CPCLI&title=Landscapes) + cliServerUrl: "" + # -- contains the [Global Account Subdomain](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-globalAccount). + globalAccountSubDomain: "" + # -- Secret which contains credentials required to authenticate to this provider. + # Reference to a secret containing the CIS Accounts service credentials. The Cloud Management (CIS) instance must be of plan central. + # The Service Binding should be created with the following parameters `{"grantType": "clientCredentials"}` + # See [Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider) and [CRD browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/btp.sap.crossplane.io/providerconfig/v1alpha1?view=docs) for more details. + # @default -- [] + cisCredentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" + # -- A user available in BTP. The Credentials in the ServiceAccountSecret are relevant for two reasons (1) On environment creation (Kyma & CloudFoundry) the APIs require a users email address (2) For updating the managers of a CloudFoundry Environment it is required to have a user and a password The structure is pretty basic, a json object with email, username and password. Username & Password must not be filled if there is no need for CloudFoundry Environments. Example: { "email": "", "username": "PUserID", "password": "--" } + # @default -- [] + serviceAccountSecret: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" +######################################################################################################################## +# @secrets -- :exclamation::exclamation: never EVER PUSH confidential secrets/credentials in plain text into GIT :exclamation::exclamation: +# @default -- [] +secrets: + # secrets[0].name -- defines k8s `metadata.name` value of `kind: Secret` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` + namespace: "ns1" + # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. + # @default -- [] + stringData: [] + # -- *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 + # @default -- [] + data: [] +######################################################################################################### diff --git a/helm/charts/mcp/crossplane-provider-gcp/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-gcp/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/.helmignore b/helm/charts/mcp/crossplane-provider-gcp/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml b/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml new file mode 100644 index 0000000..697e9b7 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml @@ -0,0 +1,34 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-gcp +description: A Helm Chart to template GCP manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.10 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-gcp/README.md b/helm/charts/mcp/crossplane-provider-gcp/README.md new file mode 100644 index 0000000..407a6bf --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/README.md @@ -0,0 +1,54 @@ + + +# crossplane-provider-gcp + +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template GCP manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults.serviceAccountKeys.deletionPolicy | string | `""` | | +| defaults.serviceAccountPolicys.deletionPolicy | string | `""` | | +| defaults.serviceAccounts.deletionPolicy | string | `""` | | +| serviceAccountKeys[0].annotations | list | `[]` | | +| serviceAccountKeys[0].labels | list | `[]` | | +| serviceAccountKeys[0].name | string | `""` | | +| serviceAccountKeys[0].ownerReferences | list | `[]` | | +| serviceAccountKeys[0].spec.deletionPolicy | string | `""` | | +| serviceAccountKeys[0].spec.forProvider | list | `[]` | | +| serviceAccountKeys[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| serviceAccountKeys[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| serviceAccountKeys[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| serviceAccountPolicys[0].annotations | list | `[]` | | +| serviceAccountPolicys[0].labels | list | `[]` | | +| serviceAccountPolicys[0].name | string | `""` | | +| serviceAccountPolicys[0].ownerReferences | list | `[]` | | +| serviceAccountPolicys[0].spec.deletionPolicy | string | `""` | | +| serviceAccountPolicys[0].spec.forProvider | list | `[]` | | +| serviceAccountPolicys[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| serviceAccountPolicys[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| serviceAccountPolicys[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| serviceAccounts[0].annotations | list | `[]` | | +| serviceAccounts[0].labels | list | `[]` | | +| serviceAccounts[0].name | string | `""` | | +| serviceAccounts[0].ownerReferences | list | `[]` | | +| serviceAccounts[0].spec.deletionPolicy | string | `""` | | +| serviceAccounts[0].spec.forProvider | list | `[]` | | +| serviceAccounts[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| serviceAccounts[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| serviceAccounts[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-iam-gcp-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-iam-gcp-crossplane-io.yaml new file mode 100644 index 0000000..745ac25 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-iam-gcp-crossplane-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.serviceAccounts}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccount +metadata: + name: {{required "A valid value is required! (.Values.serviceAccounts[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.serviceAccounts.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.serviceAccounts[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.serviceAccounts[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-iam-gcp-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-iam-gcp-crossplane-io.yaml new file mode 100644 index 0000000..955f231 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-iam-gcp-crossplane-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.serviceAccountKeys}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccountKey +metadata: + name: {{required "A valid value is required! (.Values.serviceAccountKeys[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.serviceAccountKeys.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.serviceAccountKeys[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.serviceAccountKeys[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-policy-iam-gcp-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-policy-iam-gcp-crossplane-io.yaml new file mode 100644 index 0000000..7e66f1d --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-policy-iam-gcp-crossplane-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.serviceAccountPolicys}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccountPolicy +metadata: + name: {{required "A valid value is required! (.Values.serviceAccountPolicys[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.serviceAccountPolicys.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.serviceAccountPolicys[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.serviceAccountPolicys[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/values.ci.yaml b/helm/charts/mcp/crossplane-provider-gcp/values.ci.yaml new file mode 100644 index 0000000..6d4179c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/values.ci.yaml @@ -0,0 +1,126 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +serviceAccounts: + - name: "serviceAccount-1" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + description: perfection + displayName: a beautiful service account + providerConfigRef: + name: gcp-provider + writeConnectionSecretToRef: + name: test-sakey + namespace: default + publishConnectionDetailsTo: + configRef: + name: vault + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + labels: + environment: development + team: backend + type: Opaque + name: demo-serviceaccount-key + - name: "serviceAccount-2" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + description: perfection 2 + displayName: a beautiful service account + providerConfigRef: + name: gcp-provider +serviceAccountPolicys: + - name: "serviceAccountPolicy-1" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + policy: + bindings: + - members: + - serviceAccount:PROJECT_ID.svc.id.goog[K8S_NAMESPACE/KSA_NAME] + role: roles/iam.workloadIdentityUser + serviceAccountRef: + name: perfect-test-sa + providerConfigRef: + name: gcp-provider + writeConnectionSecretToRef: + name: test-sakey + namespace: default + publishConnectionDetailsTo: + configRef: + name: vault + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + labels: + environment: development + team: backend + type: Opaque + name: demo-serviceaccount-key + - name: "serviceAccountPolicy-2" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + policy: + bindings: + - members: + - serviceAccount:PROJECT_ID.svc.id.goog[K8S_NAMESPACE/KSA_NAME] + role: roles/iam.workloadIdentityUser + serviceAccountRef: + name: perfect-test-sa + providerConfigRef: + name: gcp-provider +serviceAccountKeys: + - name: "serviceAccountKeys-1" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + serviceAccountRef: + name: perfect-test-sa + providerConfigRef: + name: gcp-provider + writeConnectionSecretToRef: + name: test-sakey + namespace: default + publishConnectionDetailsTo: + configRef: + name: vault + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + labels: + environment: development + team: backend + type: Opaque + name: demo-serviceaccount-key + - name: "serviceAccountKeys-2" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + serviceAccountRef: + name: perfect-test-sa + providerConfigRef: + name: gcp-provider +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-gcp/values.yaml b/helm/charts/mcp/crossplane-provider-gcp/values.yaml new file mode 100644 index 0000000..f3090bc --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/values.yaml @@ -0,0 +1,60 @@ +--- +######################################################################################################################## +# @default -- list +defaults: + serviceAccounts: + deletionPolicy: "" + serviceAccountPolicys: + deletionPolicy: "" + serviceAccountKeys: + deletionPolicy: "" +######################################################################################################################## +# @default -- list [serviceAccounts](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/iam.gcp.crossplane.io/ServiceAccount/v1alpha1) +serviceAccounts: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# @default -- list [serviceAccountPolicys](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/iam.gcp.crossplane.io/ServiceAccountPolicy/v1alpha1) +serviceAccountPolicys: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# @default -- list [serviceAccountKeys](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/iam.gcp.crossplane.io/ServiceAccountKey/v1alpha1) +serviceAccountKeys: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-helm/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-helm/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-helm/.helmignore b/helm/charts/mcp/crossplane-provider-helm/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-helm/Chart.yaml b/helm/charts/mcp/crossplane-provider-helm/Chart.yaml new file mode 100644 index 0000000..961e169 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/Chart.yaml @@ -0,0 +1,34 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-helm +description: A Helm Chart to template crossplane provider "helm" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.19.0" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://github.com/crossplane-contrib/provider-helm + - https://github.com/crossplane-contrib/provider-kubernetes/blob/main/docs/enhanced-provider-k8s.md +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-helm/README.md b/helm/charts/mcp/crossplane-provider-helm/README.md new file mode 100644 index 0000000..4f06c1f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/README.md @@ -0,0 +1,35 @@ + + +# crossplane-provider-helm + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.0](https://img.shields.io/badge/AppVersion-0.19.0-informational?style=flat-square) + +A Helm Chart to template crossplane provider "helm" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. + +**Homepage:** + +## Source Code + +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| helmReleases | object | object | helmReleases contains information and configuration of a [helm chart](https://helm.sh) to be managed by flux [Helm Controller](https://fluxcd.io/flux/components/helm/api/v2/). | +| helmReleases.helmRelease.chart | object | `{"name":"","repository":"","version":""}` | [ChartSpec](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) defines the chart spec for a Release | +| helmReleases.helmRelease.chart.name | string | `""` | [Name](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, required if ChartSpec.URL not set | +| helmReleases.helmRelease.chart.repository | string | `""` | [Repository](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go): Helm repository URL, required if ChartSpec.URL not set | +| helmReleases.helmRelease.chart.version | string | `""` | [Version](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, late initialized with latest version if not set | +| helmReleases.helmRelease.connectionDetails | list | `[{"apiVersion":"v1","fieldPath":"spec.clusterIP","kind":"Service","name":"wordpress-example","namespace":"wordpress","toConnectionSecretKey":"ip"}]` | [Crossplane connection details](https://docs.crossplane.io/v1.12/concepts/composition/#connection-details) and [FAQ](https://blog.crossplane.io/faq-2-claim-connection-details/) | +| helmReleases.helmRelease.helmCrossplaneProviderConfigRefName | string | `""` | defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.helmCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: | +| helmReleases.helmRelease.name | string | `""` | helm chart release name | +| helmReleases.helmRelease.namespace | string | `"ns1"` | [Namespace]() to install the release into. | +| helmReleases.helmRelease.setValues | list | `[{"name":"param1","value":"value2"}]` | define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | +| helmReleases.helmRelease.values | list | `[]` | define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | +| helmReleases.helmRelease.valuesFrom | list | `[{"configMapKeyRef":null,"key":"values.yaml","name":"default-vals","namespace":"wordpress","optional":false},{"key":"svalues.yaml","name":"svals","namespace":"wordpress","optional":false,"secretKeyRef":null}]` | define value overrides via k8s [downward api](https://kubernetes.io/docs/concepts/workloads/pods/downward-api/). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-helm/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-helm/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-helm/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-helm/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-helm/templates/helm-release.yaml b/helm/charts/mcp/crossplane-provider-helm/templates/helm-release.yaml new file mode 100644 index 0000000..5b20441 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/templates/helm-release.yaml @@ -0,0 +1,36 @@ +{{- range $key, $helmRelease := .Values.helmReleases }} + {{- if eq $key "helmRelease" }} + {{- else }} +--- +apiVersion: helm.crossplane.io/v1beta1 +kind: Release +metadata: + name: {{required "A valid value is required! (.Values.helmReleases[].helmCrossplaneProviderConfigRefName)" $helmRelease.helmCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.helmReleases[].name)" $helmRelease.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.helmReleases[].helmCrossplaneProviderConfigRefName)" $helmRelease.helmCrossplaneProviderConfigRefName }} + # rollbackLimit: 3 + forProvider: + chart: {{- toYaml $helmRelease.chart | nindent 6 }} + namespace: {{required "A valid value is required! (.Values.helmReleases[].namespace)" $helmRelease.namespace }} + # insecureSkipTLSVerify: true/false + # skipCreateNamespace: true/false + # wait: true/false + # skipCRDs: true/false + {{- if $helmRelease.values}} + values: {{- toYaml $helmRelease.values | nindent 6 }} + {{- end }} + {{- if $helmRelease.setValues }} + set: {{- toYaml $helmRelease.setValues | nindent 6 }} + {{- end }} + {{- if $helmRelease.valuesFrom }} + valuesFrom: {{- toYaml $helmRelease.valuesFrom | nindent 6 }} + {{- end }} + {{- if $helmRelease.connectionDetails}} + connectionDetails: {{- toYaml $helmRelease.connectionDetails | nindent 6 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-helm/values.ci.yaml b/helm/charts/mcp/crossplane-provider-helm/values.ci.yaml new file mode 100644 index 0000000..7240e36 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/values.ci.yaml @@ -0,0 +1,36 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +helmReleases: + helmReleaseTest: + name: "name" + helmCrossplaneProviderConfigRefName: "helmCrossplaneProviderConfigRefName" + chart: + name: "name" + repository: "repository" + version: "version" + namespace: "namespace" + values: {} + setValues: + - name: param1 + value: value2 + valuesFrom: + - configMapKeyRef: + key: values.yaml + name: default-vals + namespace: wordpress + optional: false + - secretKeyRef: + key: svalues.yaml + name: svals + namespace: wordpress + optional: false + connectionDetails: + - apiVersion: v1 + kind: Service + name: wordpress-example + namespace: wordpress + fieldPath: spec.clusterIP + toConnectionSecretKey: ip +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-helm/values.yaml b/helm/charts/mcp/crossplane-provider-helm/values.yaml new file mode 100644 index 0000000..a6a750c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/values.yaml @@ -0,0 +1,48 @@ +--- +######################################################################################################################## +# -- helmReleases contains information and configuration of a [helm chart](https://helm.sh) to be managed by flux [Helm Controller](https://fluxcd.io/flux/components/helm/api/v2/). +# @default -- object +helmReleases: + # @default -- object + helmRelease: + # -- helm chart release name + name: "" + # -- defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.helmCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: + helmCrossplaneProviderConfigRefName: "" + # -- [ChartSpec](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) defines the chart spec for a Release + chart: + # -- [Name](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, required if ChartSpec.URL not set + name: "" + # -- [Repository](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go): Helm repository URL, required if ChartSpec.URL not set + repository: "" + # -- [Version](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, late initialized with latest version if not set + version: "" + # -- [Namespace]() to install the release into. + namespace: "ns1" + # -- define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). + values: [] + # -- define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). + setValues: + - name: param1 + value: value2 + # -- define value overrides via k8s [downward api](https://kubernetes.io/docs/concepts/workloads/pods/downward-api/). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). + valuesFrom: + - configMapKeyRef: + key: values.yaml + name: default-vals + namespace: wordpress + optional: false + - secretKeyRef: + key: svalues.yaml + name: svals + namespace: wordpress + optional: false + # -- [Crossplane connection details](https://docs.crossplane.io/v1.12/concepts/composition/#connection-details) and [FAQ](https://blog.crossplane.io/faq-2-claim-connection-details/) + connectionDetails: + - apiVersion: v1 + kind: Service + name: wordpress-example + namespace: wordpress + fieldPath: spec.clusterIP + toConnectionSecretKey: ip +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/.helmignore b/helm/charts/mcp/crossplane-provider-kubernetes/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml new file mode 100644 index 0000000..8258fe7 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml @@ -0,0 +1,33 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-kubernetes +description: A Helm Chart to template crossplane provider "kubernetes" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.10 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.14.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://github.com/crossplane-contrib/provider-kubernetes +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/README.md b/helm/charts/mcp/crossplane-provider-kubernetes/README.md new file mode 100644 index 0000000..b4dff66 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/README.md @@ -0,0 +1,32 @@ + + +# crossplane-provider-kubernetes + +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.1](https://img.shields.io/badge/AppVersion-0.14.1-informational?style=flat-square) + +A Helm Chart to template crossplane provider "kubernetes" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults.object.deletionPolicy | string | `""` | | +| kubernetesObjects | object | [] | kubernetesObjects contains information and configuration of k8s [manifest/resource](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/). Learn more with this [example](../../../../argo-cd-generator-config/remote-clusters-temp/template/template.aas-dt.shoot.canary.k8s-hana.ondemand.com.yaml.file). | +| kubernetesObjects.kubernetesObject.deletionPolicy | string | `""` | [DeletionPolicy](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes/kubernetes.crossplane.io/Object/v1alpha2@v0.11.4) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| kubernetesObjects.kubernetesObject.kubernetesCrossplaneProviderConfigRefName | string | `""` | defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.kubernetesCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: | +| kubernetesObjects.kubernetesObject.managementPolicies | list | `[]` | THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md | +| kubernetesObjects.kubernetesObject.manifest | list | `[]` | defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). | +| kubernetesObjects.kubernetesObject.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| kubernetesObjects.kubernetesObject.readiness | list | `[]` | Readiness defines how the object's readiness condition should be computed, if not specified it will be considered ready as soon as the underlying external resource is considered up-to-date. | +| kubernetesObjects.kubernetesObject.references | list | `[]` | [references](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes/kubernetes.crossplane.io/Object/v1alpha2@v0.11.4#spec-references) | +| kubernetesObjects.kubernetesObject.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-kubernetes/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-kubernetes/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/templates/kubernetes.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/templates/kubernetes.yaml new file mode 100644 index 0000000..45f7365 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/templates/kubernetes.yaml @@ -0,0 +1,40 @@ +{{- range $key, $kubernetesObject := .Values.kubernetesObjects}} + {{- if eq $key "kubernetesObject" }} + {{- else }} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.kubernetesObjects[].kubernetesCrossplaneProviderConfigRefName)" $kubernetesObject.kubernetesCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.kubernetesObjects[].name)" $kubernetesObject.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + deletionPolicy: {{ $kubernetesObject.deletionPolicy | default $.Values.defaults.object.deletionPolicy| quote }} + providerConfigRef: + name: {{required "A valid value is required! (.Values.kubernetesObjects[].kubernetesCrossplaneProviderConfigRefName)" $kubernetesObject.kubernetesCrossplaneProviderConfigRefName}} + forProvider: + manifest: + {{- required "A valid value is required! (.Values.kubernetesObjects[].manifest)" $kubernetesObject.manifest | toYaml | nindent 6 }} + {{- if $kubernetesObject.references}} + references: + {{- $kubernetesObject.references | toYaml | nindent 4 }} + {{- end }} + {{- if $kubernetesObject.managementPolicies}} + managementPolicies: + {{- $kubernetesObject.managementPolicies | toYaml | nindent 4 }} + {{- end }} + {{- if $kubernetesObject.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $kubernetesObject.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $kubernetesObject.readiness}} + readiness: + {{- $kubernetesObject.readiness | toYaml | nindent 4 }} + {{- end }} + {{- if $kubernetesObject.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $kubernetesObject.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/values.ci.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/values.ci.yaml new file mode 100644 index 0000000..31d7243 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/values.ci.yaml @@ -0,0 +1,46 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +kubernetesObjects: + kubernetesObjectTest: + name: "kubernetes-objects" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + manifest: + # example [config map](https://kubernetes.io/docs/concepts/configuration/configmap/) + apiVersion: v1 + kind: ConfigMap + metadata: + name: game-demo + data: + player_initial_lives: "3" + ui_properties_file_name: "user-interface.properties" + game.properties: | + enemy.types=aliens,monsters + player.maximum-lives=5 + kubernetesObjectTest2: + name: "kubernetes-objects2" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + deletionPolicy: Orphan + managementPolicies: ["Create", "Update", "Delete", "Observe", "LateInitialize"] + writeConnectionSecretToRef: + name: sample-access-key-secret + namespace: upbound-system + readiness: + policy: "" + publishConnectionDetailsTo: + name: sample-access-key-secret-2 + namespace: upbound-system + manifest: + # example [config map](https://kubernetes.io/docs/concepts/configuration/configmap/) + apiVersion: v1 + kind: ConfigMap + metadata: + name: game-demo + data: + player_initial_lives: "3" + ui_properties_file_name: "user-interface.properties" + game.properties: | + enemy.types=aliens,monsters + player.maximum-lives=5 +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/values.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/values.yaml new file mode 100644 index 0000000..93283ac --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/values.yaml @@ -0,0 +1,32 @@ +--- +######################################################################################################################## +# @default -- {} +defaults: + object: + deletionPolicy: "" +######################################################################################################################## +# -- kubernetesObjects contains information and configuration of k8s [manifest/resource](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/). Learn more with this [example](../../../../argo-cd-generator-config/remote-clusters-temp/template/template.aas-dt.shoot.canary.k8s-hana.ondemand.com.yaml.file). +# @default -- [] +kubernetesObjects: + # @default -- [] + kubernetesObject: + # kubernetesObjects[0].name -- kubernetes crossplane object metadata name on managed control plane. + name: "" + # -- defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.kubernetesCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: + kubernetesCrossplaneProviderConfigRefName: "" + # -- defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). + manifest: [] + # -- [references](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes/kubernetes.crossplane.io/Object/v1alpha2@v0.11.4#spec-references) + references: [] + # -- THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + managementPolicies: [] + # -- [DeletionPolicy](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes/kubernetes.crossplane.io/Object/v1alpha2@v0.11.4) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] + # -- Readiness defines how the object's readiness condition should be computed, if not specified it will be considered ready as soon as the underlying external resource is considered up-to-date. + readiness: [] +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-pkgs/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-pkgs/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/.helmignore b/helm/charts/mcp/crossplane-provider-pkgs/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml b/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml new file mode 100644 index 0000000..d20ca85 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml @@ -0,0 +1,33 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-pkgs +description: A Helm Chart to template crossplane provider "kind Provider" manifests to install crossplane family providers. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.11 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-pkgs/README.md b/helm/charts/mcp/crossplane-provider-pkgs/README.md new file mode 100644 index 0000000..ea9e2d4 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/README.md @@ -0,0 +1,58 @@ + + +# crossplane-provider-pkgs + +![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane provider "kind Provider" manifests to install crossplane family providers. + +**Homepage:** + +## Source Code + +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| configurations | list | list | A [Configuration](https://docs.crossplane.io/latest/concepts/packages/) package is an [OCI container images](https://opencontainers.org/) containing a collection of [Compositions](https://docs.crossplane.io/latest/concepts/compositions/), [Composite Resource Definitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions/) and any required [Providers](https://docs.crossplane.io/latest/concepts/providers/) or [Functions](https://docs.crossplane.io/latest/concepts/compositions/). | +| configurations[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| configurations[0].spec | list | [] | [spec](https://docs.crossplane.io/latest/api/#Configuration-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). | +| deploymentRuntimeConfigs | list | list | The [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/api/) provides settings for the Kubernetes Deployment of a Provider or composition function package. Read the Crossplane documentation for [more information about DeploymentRuntimeConfigs](https://docs.crossplane.io/latest/concepts/providers/#runtime-configuration). | +| deploymentRuntimeConfigs[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| deploymentRuntimeConfigs[0].spec | list | [] | [spec/DeploymentRuntimeConfigSpec](https://docs.crossplane.io/latest/api/#DeploymentRuntimeConfig-spec) specifies the configuration for a packaged controller. Values provided will override package manager defaults. Labels and annotations are passed to both the controller Deployment and ServiceAccount. | +| functions[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| functions[0].spec | list | [] | [spec](https://docs.crossplane.io/latest/api/#Function-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). | +| imageConfigs | list | list | The [ImageConfig](https://docs.crossplane.io/latest/concepts/image-configs/) resource is used to configure settings for package images. | +| imageConfigs[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| imageConfigs[0].spec | object | [] | [spec/ImageConfigSpec](https://docs.crossplane.io/latest/api/#ImageConfig-spec) contains the configuration for matching images. | +| imageConfigs[0].spec.matchImages | list | [] | ImageMatch defines a rule for matching image. | +| imageConfigs[0].spec.matchImages[0].prefix | string | `""` | Prefix is the prefix that should be matched. (Default `Prefix``) | +| imageConfigs[0].spec.matchImages[0].type | string | `"Prefix"` | Type is the type of match. | +| imageConfigs[0].spec.registry | object | [] | Registry is the configuration for the registry. | +| imageConfigs[0].spec.registry.authentication | object | [] | Authentication is the authentication information for the registry. | +| imageConfigs[0].spec.registry.authentication.pullSecretRef | list | `[]` | PullSecretRef is a reference to a secret that contains the credentials for the registry. | +| imageConfigs[0].spec.verification | object | [] | Verification contains the configuration for verifying the image. | +| imageConfigs[0].spec.verification.cosign | object | [] | Cosign is the configuration for verifying the image using cosign. | +| imageConfigs[0].spec.verification.cosign.authorities | list | {} | Authority defines the rules for discovering and validating signatures. | +| imageConfigs[0].spec.verification.cosign.authorities[0].attestations | list | {} | Attestation defines the type of attestation to validate and optionally apply a policy decision to it. Authority block is used to verify the specified attestation types, and if Policy is specified, then it’s applied only after the validation of the Attestation signature has been verified. | +| imageConfigs[0].spec.verification.cosign.authorities[0].attestations[0].name | string | `""` | Name of the attestation. | +| imageConfigs[0].spec.verification.cosign.authorities[0].key | object | [] | Key defines the type of key to validate the image. | +| imageConfigs[0].spec.verification.cosign.authorities[0].key.hashAlgorithm | string | `""` | HashAlgorithm always defaults to sha256 if the algorithm hasn’t been explicitly set | +| imageConfigs[0].spec.verification.cosign.authorities[0].key.secretRef | list | `[]` | SecretRef sets a reference to a secret with the key. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless | object | [] | Keyless sets the configuration to verify the authority against a Fulcio instance. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities | list | {} | Identity may contain the issuer and/or the subject found in the transparency log. Issuer/Subject uses a strict match, while IssuerRegExp and SubjectRegExp apply a regexp for matching. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].issuer | string | `""` | Issuer defines the issuer for this identity. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].issuerRegExp | string | `""` | IssuerRegExp specifies a regular expression to match the issuer for this identity. This has precedence over the Issuer field. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].subject | string | `""` | Subject defines the subject for this identity. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].subjectRegExp | string | `""` | SubjectRegExp specifies a regular expression to match the subject for this identity. This has precedence over the Subject field. | +| imageConfigs[0].spec.verification.cosign.authorities[0].name | string | {} | Name is the name for this authority. | +| providers | list | list | [providers](https://docs.crossplane.io/latest/concepts/providers/) contains information and configuration of k8s [manifest/resource](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/). Learn more with this [example](../../../../argo-cd-generator-config/remote-clusters-temp/template/template.aas-dt.shoot.canary.k8s-hana.ondemand.com.yaml.file). | +| providers[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| providers[0].spec | list | [] | [spec](https://docs.crossplane.io/latest/api/#Provider-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-pkgs/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-DeploymentRuntimeConfig.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-DeploymentRuntimeConfig.yaml new file mode 100644 index 0000000..4bf74bf --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-DeploymentRuntimeConfig.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.deploymentRuntimeConfigs}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1beta1 +kind: DeploymentRuntimeConfig +metadata: + name: {{required "A valid value is required! (.Values.deploymentRuntimeConfigs[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.deploymentRuntimeConfigs[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-configuration.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-configuration.yaml new file mode 100644 index 0000000..3257319 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-configuration.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.configurations}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1 +kind: Configuration +metadata: + name: {{required "A valid value is required! (.Values.configurations[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.configurations[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-functions.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-functions.yaml new file mode 100644 index 0000000..030da7a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-functions.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.functions}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1beta1 +kind: Function +metadata: + name: {{required "A valid value is required! (.Values.functions[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.functions[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-image-config.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-image-config.yaml new file mode 100644 index 0000000..995b27b --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-image-config.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.imageConfigs}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1alpha1 +kind: ImageConfig +metadata: + name: {{required "A valid value is required! (.Values.imageConfigs[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.imageConfigs[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-provider.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-provider.yaml new file mode 100644 index 0000000..3e70f94 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-provider.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.providers}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + name: {{required "A valid value is required! (.Values.providers[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.providers[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/values.ci.yaml b/helm/charts/mcp/crossplane-provider-pkgs/values.ci.yaml new file mode 100644 index 0000000..fa96b10 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/values.ci.yaml @@ -0,0 +1,83 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +providers: + - name: "gcp" + spec: + package: crossplane/provider-gcp:alpha + - name: "azure" + spec: + ignoreCrossplaneConstraints: false + package: crossplane/provider-azure:v0.19.0 + packagePullPolicy: IfNotPresent + revisionActivationPolicy: Automatic + revisionHistoryLimit: 0 + skipDependencyResolution: false + - name: "aws" + spec: + package: xpkg.upbound.io/upbound/provider-aws:v0.27.0 + - name: "community-aws" + spec: + package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.40.0 +######################################################################################################################## +functions: + - name: "function-patch-and-transform" + spec: + package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4 +######################################################################################################################## +configurations: + - name: "platform-ref-aws" + spec: + package: xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0 +######################################################################################################################## +deploymentRuntimeConfigs: + - name: "mount-templates" + spec: + deploymentTemplate: + spec: + selector: {} + template: + spec: + containers: + - name: package-runtime + volumeMounts: + - mountPath: /templates + name: templates + readOnly: true + volumes: + - name: templates + configMap: + name: templates +######################################################################################################################## +imageConfigs: + - name: "acme-packages" + spec: + matchImages: + - type: Prefix + prefix: registry1.com/acme-co/ + registry: + authentication: + pullSecretRef: + name: acme-registry-credentials + - name: "verify-acme-packages" + spec: + matchImages: + - type: Prefix + prefix: registry1.com/acme-co/configuration-foo + - type: Prefix + prefix: registry1.com/acme-co/configuration-bar + verification: + provider: Cosign + cosign: + authorities: + - name: verify acme packages + keyless: + url: https://fulcio.sigstore.dev + identities: + - issuer: https://token.actions.githubusercontent.com + subjectRegExp: https://github.com/acme-co/crossplane-packages/* + attestations: + - name: verify attestations + predicateType: spdxjson +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-pkgs/values.yaml b/helm/charts/mcp/crossplane-provider-pkgs/values.yaml new file mode 100644 index 0000000..b198d05 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/values.yaml @@ -0,0 +1,104 @@ +--- +######################################################################################################################## +# -- [providers](https://docs.crossplane.io/latest/concepts/providers/) contains information and configuration of k8s [manifest/resource](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/). Learn more with this [example](../../../../argo-cd-generator-config/remote-clusters-temp/template/template.aas-dt.shoot.canary.k8s-hana.ondemand.com.yaml.file). +# @default -- list +providers: + # providers[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec](https://docs.crossplane.io/latest/api/#Provider-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). + # @default -- [] + spec: [] +######################################################################################################################## +# -- +# @default -- list +functions: + # functions[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec](https://docs.crossplane.io/latest/api/#Function-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). + # @default -- [] + spec: [] +######################################################################################################################## +# -- A [Configuration](https://docs.crossplane.io/latest/concepts/packages/) package is an [OCI container images](https://opencontainers.org/) containing a collection of [Compositions](https://docs.crossplane.io/latest/concepts/compositions/), [Composite Resource Definitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions/) and any required [Providers](https://docs.crossplane.io/latest/concepts/providers/) or [Functions](https://docs.crossplane.io/latest/concepts/compositions/). +# @default -- list +configurations: + # configurations[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec](https://docs.crossplane.io/latest/api/#Configuration-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). + # @default -- [] + spec: [] +######################################################################################################################## +# -- The [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/api/) provides settings for the Kubernetes Deployment of a Provider or composition function package. +# Read the Crossplane documentation for [more information about DeploymentRuntimeConfigs](https://docs.crossplane.io/latest/concepts/providers/#runtime-configuration). +# @default -- list +deploymentRuntimeConfigs: + # deploymentRuntimeConfigs[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec/DeploymentRuntimeConfigSpec](https://docs.crossplane.io/latest/api/#DeploymentRuntimeConfig-spec) specifies the configuration for a packaged controller. Values provided will override package manager defaults. Labels and annotations are passed to both the controller Deployment and ServiceAccount. + # @default -- [] + spec: [] +######################################################################################################################## +# -- The [ImageConfig](https://docs.crossplane.io/latest/concepts/image-configs/) resource is used to configure settings for package images. +# @default -- list +imageConfigs: + # imageConfigs[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec/ImageConfigSpec](https://docs.crossplane.io/latest/api/#ImageConfig-spec) contains the configuration for matching images. + # @default -- [] + spec: + # -- ImageMatch defines a rule for matching image. + # @default -- [] + matchImages: + # imageConfigs[0].spec.matchImages[0].type -- Type is the type of match. + - type: Prefix + # -- Prefix is the prefix that should be matched. (Default `Prefix``) + prefix: "" + # -- Registry is the configuration for the registry. + # @default -- [] + registry: + # -- Authentication is the authentication information for the registry. + # @default -- [] + authentication: + # -- PullSecretRef is a reference to a secret that contains the credentials for the registry. + pullSecretRef: [] + # -- Verification contains the configuration for verifying the image. + # @default -- [] + verification: + provider: "" + # -- Cosign is the configuration for verifying the image using cosign. + # @default -- [] + cosign: + # -- Authority defines the rules for discovering and validating signatures. + # @default -- {} + authorities: + # imageConfigs[0].spec.verification.cosign.authorities[0].name -- Name is the name for this authority. + # @default -- {} + - name: "" + # -- Key defines the type of key to validate the image. + # @default -- [] + key: + # -- HashAlgorithm always defaults to sha256 if the algorithm hasn’t been explicitly set + hashAlgorithm: "" + # -- SecretRef sets a reference to a secret with the key. + secretRef: [] + # -- Keyless sets the configuration to verify the authority against a Fulcio instance. + # @default -- [] + keyless: + # -- Identity may contain the issuer and/or the subject found in the transparency log. Issuer/Subject uses a strict match, while IssuerRegExp and SubjectRegExp apply a regexp for matching. + # @default -- {} + identities: + # imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].issuer -- Issuer defines the issuer for this identity. + - issuer: "" + # -- IssuerRegExp specifies a regular expression to match the issuer for this identity. This has precedence over the Issuer field. + issuerRegExp: "" + # -- SubjectRegExp specifies a regular expression to match the subject for this identity. This has precedence over the Subject field. + subjectRegExp: "" + # -- Subject defines the subject for this identity. + subject: "" + # -- Attestation defines the type of attestation to validate and optionally apply a policy decision to it. Authority block is used to verify the specified attestation types, and if Policy is specified, then it’s applied only after the validation of the Attestation signature has been verified. + # @default -- {} + attestations: + # imageConfigs[0].spec.verification.cosign.authorities[0].attestations[0].name -- Name of the attestation. + - name: "" + # PredicateType defines which predicate type to verify. Matches cosign verify-attestation options. + predicateType: +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/.helmignore b/helm/charts/mcp/crossplane-provider-sap-btp-account/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml new file mode 100644 index 0000000..6364b7c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: v2 +name: crossplane-provider-sap-btp-account +description: A Helm chart to template crossplane manifests to manage SAP BTP resources. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.7 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +home: "https://pages.github.tools.sap/cloud-orchestration/docs/category/sap-cloud-services" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md new file mode 100644 index 0000000..b843975 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md @@ -0,0 +1,61 @@ + + +# crossplane-provider-sap-btp-account + +![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane manifests to manage SAP BTP resources. + +**Homepage:** + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| accounts | list | {} | accounts contains information and configuration about a specifig [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account). :exclamation::exclamation: Managing BTP Global Accounts is [NOT possible](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts#use-existing-global-account) at the moment :exclamation::exclamation: | +| accounts[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","subAccounts":[{"entitlements":[{"amount":0,"name":"","permitNumericQuota":false,"serviceName":"","servicePlanName":""}],"forProvider":{"betaEnabled":null,"description":"","displayName":"","region":"eu01","subaccountAdmins":["your.name@sap.com"],"subdomain":"dev-eu01","usedForProduction":"NOT_USED_FOR_PRODUCTION"},"metadata":{"annotations":{"CloudManagement":{"crossplane.io/external-name":"..."},"ServiceManager":{"crossplane.io/external-name":"..."}}},"name":"","services":{"cloudManagement":false,"serviceManager":false},"subscriptions":[{"appName":"","name":"","planName":"","writeConnectionSecretToRef":{"name":"","namespace":"ns1"}}]}]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| accounts[0].subAccounts | list | {} | subAccounts contains information and configuration about [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | +| accounts[0].subAccounts[0].entitlements | list | {} | entitlements defines [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about managing BTP Entitlement with crossplane [here](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements). | +| accounts[0].subAccounts[0].entitlements[0].amount | int | `0` | Used when permitNumericQuota=true. Only set amount for multitenant applications and services that do not permit a numeric quota assignment! | +| accounts[0].subAccounts[0].entitlements[0].permitNumericQuota | bool | `false` | Setting a amount/quota is not supported by multitenant applications and by services that do not permit a numeric quota assignment. | +| accounts[0].subAccounts[0].entitlements[0].servicePlanName | string | `""` | servicePlanName defines Service Plan Name of this [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas). | +| accounts[0].subAccounts[0].forProvider | object | [] | SubaccountParameters are the configurable fields of a Subaccount. [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccount/v1alpha1?path=spec-forProvider) | +| accounts[0].subAccounts[0].forProvider.betaEnabled | string | `nil` | enable beta services and applications? | +| accounts[0].subAccounts[0].forProvider.description | string | `""` | description defines the description of the [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | +| accounts[0].subAccounts[0].forProvider.displayName | string | `""` | defines the display name of the [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | +| accounts[0].subAccounts[0].forProvider.region | string | `"eu01"` | [region](https://help.sap.com/docs/btp/sap-business-technology-platform/regions) contains the assigned region of this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted. Value without "cf-" prefix! e.g. "eu10-canary" | +| accounts[0].subAccounts[0].forProvider.subaccountAdmins | list | `["your.name@sap.com"]` | subaccountAdmins defines a list of Users (identified via Email Adress) with Admin Permission to this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about [BTP User and Member Management](https://help.sap.com/docs/btp/sap-business-technology-platform/user-and-member-management?locale=en-US). | +| accounts[0].subAccounts[0].forProvider.subdomain | string | `"dev-eu01"` | This value must be unique across all BTP subaccounts | +| accounts[0].subAccounts[0].forProvider.usedForProduction | string | `"NOT_USED_FOR_PRODUCTION"` | Available options: NOT_USED_FOR_PRODUCTION, USED_FOR_PRODUCTION, UNSET | +| accounts[0].subAccounts[0].metadata | object | [] | *optional* adding custom k8s metadata to manifests | +| accounts[0].subAccounts[0].metadata.annotations | object | [] | *optional* adding custom k8s [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| accounts[0].subAccounts[0].services | object | [] | contains special [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services) (e.g. BTP Service Manager) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | +| accounts[0].subAccounts[0].services.cloudManagement | bool | `false` | Enable/Disable (true/false) BTP Cloud Management Service. | +| accounts[0].subAccounts[0].services.serviceManager | bool | `false` | Enable/Disable (true/false) BTP Service Manager Subscription. Please make sure the P/I/D users, used in the Secrets referenced in the `ProviderConfig` are part of your Subaccount's `subaccountAdmins``. Note: updating subaccountAdmins on an existing Subaccount is not yet supported by the provider. We are aware of this issue (see [feature request](https://github.tools.sap/cloud-orchestration/crossplane-provider-btp-account/issues/284)). | +| accounts[0].subAccounts[0].subscriptions | list | {} | Define Subscriptions for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa) to subscribe to [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services). | +| accounts[0].subAccounts[0].subscriptions[0].appName | string | `""` | AppName of the app to subscribe to | +| accounts[0].subAccounts[0].subscriptions[0].name | string | `""` | Name of the Subscription resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subscription/v1alpha1). | +| accounts[0].subAccounts[0].subscriptions[0].planName | string | `""` | PlanName to subscribe to | +| accounts[0].subAccounts[0].subscriptions[0].writeConnectionSecretToRef | object | [] | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| directories | list | object | `directories[].` orchestrate [`kind: Directory`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| directories[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| directories[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory) CRD | +| directories[0].name | string | - | Name of the Directory resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory). | +| directories[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| directoryEntitlements | list | object | `directoryEntitlements[].` orchestrate [`kind: DirectoryEntitlement`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| directoryEntitlements[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| directoryEntitlements[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1) CRD | +| directoryEntitlements[0].name | string | - | Name of the DirectoryEntitlement resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1?path=metadata). | +| directoryEntitlements[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| subaccountServiceBrokers | list | object | `subaccountServiceBrokers[].` orchestrate [`kind: SubaccountServiceBroker`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| subaccountServiceBrokers[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| subaccountServiceBrokers[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/) CRD | +| subaccountServiceBrokers[0].name | string | - | Name of the SubaccountServiceBroker resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/). | +| subaccountServiceBrokers[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/_helpers.tpl b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/_helpers.tpl new file mode 100644 index 0000000..e8fbe73 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/_helpers.tpl @@ -0,0 +1,83 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "CloudManagement.annotations" -}} +{{- if hasKey . "metadata" -}} +{{- if hasKey .metadata "annotations" -}} +{{- if hasKey .metadata.annotations "CloudManagement" -}} +{{- printf "annotations:" | nindent 2 }} +{{- .metadata.annotations.CloudManagement | toYaml | nindent 4 -}} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- define "ServiceManager.annotations" -}} +{{- if hasKey . "metadata" -}} +{{- if hasKey .metadata "annotations" -}} +{{- if hasKey .metadata.annotations "ServiceManager" -}} +{{- printf "annotations:" | nindent 2 }} +{{- .metadata.annotations.CloudManagement | toYaml | nindent 4 -}} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "cloud-orchestration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-orchestration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-orchestration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-orchestration.labels" -}} +helm.sh/chart: {{ include "cloud-orchestration.chart" . }} +{{ include "cloud-orchestration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-orchestration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-orchestration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-orchestration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-orchestration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-accounts/sub-accounts.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-accounts/sub-accounts.yaml new file mode 100644 index 0000000..1e68fa8 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-accounts/sub-accounts.yaml @@ -0,0 +1,19 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: Subaccount +metadata: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + forProvider: + {{- required "A valid value is required! (.Values.accounts[].subAccounts[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/cloud-management.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/cloud-management.yaml new file mode 100644 index 0000000..4ce3761 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/cloud-management.yaml @@ -0,0 +1,36 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts}} + {{- if and ($item) (ne $item.name "") }} + {{- if hasKey $item "services" }} + {{- if hasKey $item.services "cloudManagement" }} + {{- if $item.services.cloudManagement}} + {{- if and (hasKey $item.services "serviceManager") (eq $item.services.serviceManager true) }} + {{- else }} + {{- fail "You need to enable BTP Service Manager for this BTP Sub-Account to be able to orchestrate BTP Subscriptions! (.Values.accounts[].subAccounts[].services.serviceManager = true)"}} + {{- end }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: CloudManagement +metadata: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- template "CloudManagement.annotations" $item }} +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName }} + forProvider: + serviceManagerRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + subaccountRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + writeConnectionSecretToRef: + name: cis-{{required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + namespace: default + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/entitlements.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/entitlements.yaml new file mode 100644 index 0000000..4210173 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/entitlements.yaml @@ -0,0 +1,31 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts }} + {{- if and ($item) (ne $item.name "") }} + {{- range $entitlement := $item.entitlements }} + {{- if and ($entitlement) (ne $entitlement.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: Entitlement +metadata: + name: {{ required "A valid value is required! (.Values.accounts[].subAccounts[].entitlements[].name)" $entitlement.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + forProvider: + serviceName: {{required "A valid value is required! (.Values.accounts[].subAccounts[].entitlements[].serviceName)" $entitlement.serviceName}} + servicePlanName: {{required "A valid value is required! (.Values.accounts[].subAccounts[].entitlements[].servicePlanName)" $entitlement.servicePlanName}} + {{- if $entitlement.permitNumericQuota}} + amount: {{required "A valid value is required! (.Values.accounts[].subAccounts[].entitlements[].amount)" $entitlement.amount}} + {{- else}} + enable: {{default $entitlement.enable true}} + {{- end }} + subaccountRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/servicemanager.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/servicemanager.yaml new file mode 100644 index 0000000..fe34a23 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/servicemanager.yaml @@ -0,0 +1,32 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts}} + {{- if and ($item) (ne $item.name "") }} + {{- if hasKey $item "services" }} + {{- if hasKey $item.services "serviceManager" }} + {{- if $item.services.serviceManager}} +--- +apiVersion: account.btp.sap.crossplane.io/v1beta1 +kind: ServiceManager +metadata: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- template "ServiceManager.annotations" $item }} +spec: + writeConnectionSecretToRef: + # !!! TODO: Make this configurable !!! + name: btp-service-manager-{{required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName}}-{{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + # !!! TODO: Make this configurable !!! + namespace: default + forProvider: + subaccountRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/subscription.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/subscription.yaml new file mode 100644 index 0000000..47d08a0 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/subscription.yaml @@ -0,0 +1,34 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts}} + {{- if and ($item) (ne $item.name "") }} + {{- if hasKey $item "subscriptions" }} + {{- range $subscription := $item.subscriptions}} + {{- if and ($item.services) (hasKey $item.services "cloudManagement") ($item.services.cloudManagement) }} + {{- else }} + {{- fail "You need to enable BTP Cloud Management Service for this BTP Sub-Account to be able to orchestrate BTP Subscriptions! (.Values.accounts[].subAccounts[].services.cloudManagement = true)"}} + {{- end }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: Subscription +metadata: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }}-{{required "A valid value is required! (.Values.accounts[].subAccounts[].subscriptions[].name)" $subscription.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName }} + forProvider: + appName: {{required "A valid value is required! (.Values.accounts[].subAccounts[].subscriptions[].appName)" $subscription.appName }} + planName: {{required "A valid value is required! (.Values.accounts[].subAccounts[].subscriptions[].planName)" $subscription.planName }} + cloudManagementRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + {{- if $subscription.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $subscription.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory-entitlement.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory-entitlement.yaml new file mode 100644 index 0000000..d608511 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory-entitlement.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.directoryEntitlements }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: DirectoryEntitlement +metadata: + name: {{required "A valid value is required! (.Values.directoryEntitlements[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.directoryEntitlements[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.directoryEntitlements[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory.yaml new file mode 100644 index 0000000..a624653 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.directories }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: Directory +metadata: + name: {{required "A valid value is required! (.Values.directories[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.directories[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.directories[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/subaccount-service-broker.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/subaccount-service-broker.yaml new file mode 100644 index 0000000..3d60d46 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/subaccount-service-broker.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.subaccountServiceBrokers }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: SubaccountServiceBroker +metadata: + name: {{required "A valid value is required! (.Values.subaccountServiceBrokers[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.subaccountServiceBrokers[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.subaccountServiceBrokers[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/values.ci.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.ci.yaml new file mode 100644 index 0000000..602e960 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.ci.yaml @@ -0,0 +1,147 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +subaccountServiceBrokers: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "subaccountServiceBrokers" + forProvider: + description: "This is a description of the provider." + name: "example-name" + passwordSecretRef: + key: "password-key" + name: "secret-name" + namespace: "default" + subaccountId: "subaccount-12345" + subaccountRef: + name: "subaccount-ref-name" + policy: + resolution: "Required" + resolve: "Always" + subaccountSelector: + matchControllerRef: true + matchLabels: + app: "example-app" + environment: "production" + policy: + resolution: "Optional" + resolve: "IfNotPresent" + url: "https://example.com" + username: "example-username" +# ######################################################################################################################## +directories: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "directories" + forProvider: + description: "description" + directoryAdmins: + - "admin1" + - "admin2" + directoryFeatures: + - "feat1" + directoryGuid: "guid" + directoryRef: # object + name: "refName" + policy: # object + resolution: "Required" # string: Required, Optional + resolve: "Always" # string: Always, IfNotPresent + directorySelector: # object + matchControllerRef: true # boolean + policy: # object + resolution: "Required" # string: Required, Optional + resolve: "Always" # string: Always, IfNotPresent + displayName: "name to be displayed :)" # string (required) + subdomain: "subdomain123" +# ######################################################################################################################## +directoryEntitlements: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "directoryEntitlement" + forProvider: + amount: "123" + autoAssign: true + autoDistributeAmount: "123" + directoryId: "directoryId" + directoryRef: + name: "name" + policy: + resolution: "resolution" + resolve: "resolve" + directorySelector: + matchControllerRef: false + policy: + resolution: "resolution" + resolve: "Always" + distribute: true + planName: "planName" + serviceName: "serviceName" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" +######################################################################################################################## +accounts: + - btpSapCrossplaneProviderConfigRefName: "btp-sap-crossplane-cloud-provider-config-ref-name" + subAccounts: + - name: "test1" + forProvider: + displayName: "sub-account1" + description: "description" + subdomain: "subdomain" + betaEnabled: false + usedForProduction: "NOT_USED_FOR_PRODUCTION" + region: "region" + subaccountAdmins: + - your.name@sap.com + - name: "test2" + metadata: + annotations: + CloudManagement: + "crossplane.io/external-name": "e01c61b5-18dc-40d7-bba9-fd8eaaa859c8/5c9d74c7-3784-4bff-8172-ec99285f8009" + ServiceManager: + "crossplane.io/external-name": "e01c61b5-18dc-40d7-bba9-fd8eaaa859c8/5c9d74c7-3784-4bff-8172-ec99285f8009" + forProvider: + displayName: "sub-account1" + description: "description" + subdomain: "subdomain" + betaEnabled: false + usedForProduction: "NOT_USED_FOR_PRODUCTION" + region: "region" + subaccountAdmins: + - your.name@sap.com + services: + serviceManager: true + cloudManagement: true + entitlements: + - name: "entitlement-1" + serviceName: "service-name" + servicePlanName: "service-plan-name" + permitNumericQuota: false + amount: 1 + subscriptions: + - name: "name" + appName: "appName" + planName: "planName" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" + - name: "test3" + forProvider: + displayName: "sub-account2" + description: "description" + betaEnabled: true + usedForProduction: "USED_FOR_PRODUCTION" + subdomain: "subdomain" + region: "region" + subaccountAdmins: + - your.name@sap.com + entitlements: + - name: "entitlement-2" + serviceName: "service-name" + servicePlanName: "service-plan-name" + permitNumericQuota: true + amount: 1 + - name: "cis-some-name.local" + serviceName: "cis_some_name" + servicePlanName: "service-plan-name" + permitNumericQuota: false + amount: 1 +######################################################################################################### \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml new file mode 100644 index 0000000..5a23b5e --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml @@ -0,0 +1,125 @@ +--- +######################################################################################################### +# -- accounts contains information and configuration about a specifig [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account). :exclamation::exclamation: Managing BTP Global Accounts is [NOT possible](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts#use-existing-global-account) at the moment :exclamation::exclamation: +# @default -- {} +accounts: + # btp.accounts[0].id -- id contains technical identifier of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account). + # @default -- {} + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # -------------------------------------------------------------------------------------------------------------------------# + # -- subAccounts contains information and configuration about [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + # @default -- {} + subAccounts: + # btp.accounts[0].subAccounts[0].name -- defines k8s `metadata.name` value of `kind: Subaccount` + - name: "" + # -- *optional* adding custom k8s metadata to manifests + # @default -- [] + metadata: + # -- *optional* adding custom k8s [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + # @default -- [] + annotations: + CloudManagement: + "crossplane.io/external-name": "..." + ServiceManager: + "crossplane.io/external-name": "..." + # -- SubaccountParameters are the configurable fields of a Subaccount. [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccount/v1alpha1?path=spec-forProvider) + # @default -- [] + forProvider: + # -- defines the display name of the [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + displayName: "" + # -- description defines the description of the [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + description: "" + # -- enable beta services and applications? + betaEnabled: + # -- [region](https://help.sap.com/docs/btp/sap-business-technology-platform/regions) contains the assigned region of this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted. Value without "cf-" prefix! e.g. "eu10-canary" + region: "eu01" + # -- This value must be unique across all BTP subaccounts + subdomain: "dev-eu01" + # -- Available options: NOT_USED_FOR_PRODUCTION, USED_FOR_PRODUCTION, UNSET + usedForProduction: "NOT_USED_FOR_PRODUCTION" + # -- subaccountAdmins defines a list of Users (identified via Email Adress) with Admin Permission to this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about [BTP User and Member Management](https://help.sap.com/docs/btp/sap-business-technology-platform/user-and-member-management?locale=en-US). + subaccountAdmins: + - your.name@sap.com + # -- Define Subscriptions for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa) to subscribe to [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services). + # @default -- {} + subscriptions: + # accounts[0].subAccounts[0].subscriptions[0].name -- Name of the Subscription resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subscription/v1alpha1). + - name: "" + # -- AppName of the app to subscribe to + appName: "" + # -- PlanName to subscribe to + planName: "" + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + # @default -- [] + writeConnectionSecretToRef: + name: "" + namespace: "ns1" + # -- contains special [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services) (e.g. BTP Service Manager) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + # @default -- [] + services: + # -- Enable/Disable (true/false) BTP Service Manager Subscription. + # Please make sure the P/I/D users, used in the Secrets referenced in the `ProviderConfig` are part of your Subaccount's `subaccountAdmins``. + # Note: updating subaccountAdmins on an existing Subaccount is not yet supported by the provider. We are aware of this issue (see [feature request](https://github.tools.sap/cloud-orchestration/crossplane-provider-btp-account/issues/284)). + serviceManager: false + # -- Enable/Disable (true/false) BTP Cloud Management Service. + cloudManagement: false + # -- entitlements defines [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + # Learn more about managing BTP Entitlement with crossplane [here](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements). + # @default -- {} + entitlements: + # btp.accounts[0].subAccounts[0].entitlements[0].name -- Name of the Entitlement resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.sap.crossplane.io/entitlement/v1alpha1). + # @default -- - + - name: "" + # serviceName defines the service name of [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas). + serviceName: "" + # -- servicePlanName defines Service Plan Name of this [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas). + servicePlanName: "" + # -- Setting a amount/quota is not supported by multitenant applications and by services that do not permit a numeric quota assignment. + permitNumericQuota: false + # -- Used when permitNumericQuota=true. Only set amount for multitenant applications and services that do not permit a numeric quota assignment! + amount: 0 +######################################################################################################################## +# -- `directoryEntitlements[].` orchestrate [`kind: DirectoryEntitlement`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +directoryEntitlements: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # directoryEntitlements[0].name -- Name of the DirectoryEntitlement resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1?path=metadata). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1) CRD + forProvider: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################### +# -- `directories[].` orchestrate [`kind: Directory`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +directories: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # directories[0].name -- Name of the Directory resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory) CRD + forProvider: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################### +# -- `subaccountServiceBrokers[].` orchestrate [`kind: SubaccountServiceBroker`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +subaccountServiceBrokers: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # subaccountServiceBrokers[0].name -- Name of the SubaccountServiceBroker resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/) CRD + forProvider: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################### diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/.ci.config.yaml new file mode 100644 index 0000000..3a7fb0f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/.helmignore b/helm/charts/mcp/crossplane-provider-sap-btp-environment/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml new file mode 100644 index 0000000..3c0b343 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml @@ -0,0 +1,34 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-sap-btp-environment +description: A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kyma environments on BTP. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.13 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/environment.btp.sap.crossplane.io/cloudfoundryenvironment/v1alpha1 + - https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/environment.btp.sap.crossplane.io/kymaenvironment/v1alpha1 +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md new file mode 100644 index 0000000..4bc5983 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md @@ -0,0 +1,44 @@ + + +# crossplane-provider-sap-btp-environment + +![Version: 0.0.13](https://img.shields.io/badge/Version-0.0.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kyma environments on BTP. + +**Homepage:** + +## Source Code + +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cloudFoundryEnvironments | list | object | cloudFoundryEnvironments contains configuration of [cloudfoundry Environments](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/environment.btp.sap.crossplane.io/cloudfoundryenvironment/v1alpha1). | +| cloudFoundryEnvironments[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","cloudManagementRef":{"name":"dev-eu01"},"forProvider":{"initialOrgManagers":[""],"landscape":""},"name":"","subaccountRef":{"name":"dev-eu01"},"writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a ...! | +| cloudFoundryEnvironments[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| kymaEnvironments[0].btpSapCrossplaneProviderConfigRefName | string | `""` | | +| kymaEnvironments[0].cloudManagementRef.name | string | `"dev-eu01"` | | +| kymaEnvironments[0].forProvider.administrators[0] | string | `"...@sap.com"` | | +| kymaEnvironments[0].forProvider.autoScalerMax | int | `3` | | +| kymaEnvironments[0].forProvider.autoScalerMin | int | `3` | | +| kymaEnvironments[0].forProvider.machineType | string | `"m5.xlarge"` | | +| kymaEnvironments[0].forProvider.oidc.clientID | string | `""` | | +| kymaEnvironments[0].forProvider.oidc.groupsClaim | string | `"groups"` | | +| kymaEnvironments[0].forProvider.oidc.issuerURL | string | `"https://.accounts400.ondemand.com"` | | +| kymaEnvironments[0].forProvider.oidc.signingAlgs[0] | string | `"RS256"` | | +| kymaEnvironments[0].forProvider.oidc.usernameClaim | string | `"email"` | | +| kymaEnvironments[0].forProvider.oidc.usernamePrefix | string | `"-"` | | +| kymaEnvironments[0].forProvider.parameters | string | `nil` | | +| kymaEnvironments[0].forProvider.region | string | `"eu-west-2"` | | +| kymaEnvironments[0].name | string | `""` | | +| kymaEnvironments[0].planName | string | `"aws"` | | +| kymaEnvironments[0].subaccountRef.name | string | `"dev-eu01"` | | +| kymaEnvironments[0].writeConnectionSecretToRef | object | `{"name":"demo-kyma-kubeconfig-local","namespace":"default"}` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/cloud-foundry-environment.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/cloud-foundry-environment.yaml new file mode 100644 index 0000000..91b9c30 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/cloud-foundry-environment.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.cloudFoundryEnvironments }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: environment.btp.sap.crossplane.io/v1alpha1 +kind: CloudFoundryEnvironment +metadata: + name: {{required "A valid value is required! (.Values.cloudFoundryEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.cloudFoundryEnvironments[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.cloudFoundryEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- toYaml $item.forProvider | nindent 4 }} + cloudManagementRef: + {{- toYaml $item.cloudManagementRef | nindent 4 }} + subaccountRef: + {{- toYaml $item.subaccountRef | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/kyma-environment.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/kyma-environment.yaml new file mode 100644 index 0000000..bc31950 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/kyma-environment.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.kymaEnvironments }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: environment.btp.sap.crossplane.io/v1alpha1 +kind: KymaEnvironment +metadata: + name: {{required "A valid value is required! (.Values.kymaEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.kymaEnvironments[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.kymaEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- toYaml $item.forProvider | nindent 4 }} + cloudManagementRef: + {{- toYaml $item.cloudManagementRef | nindent 4 }} + subaccountRef: + {{- toYaml $item.subaccountRef | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.ci.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.ci.yaml new file mode 100644 index 0000000..fd5f589 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.ci.yaml @@ -0,0 +1,47 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +cloudFoundryEnvironments: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "name" + forProvider: + initialOrgManagers: + - "" + landscape: "landscape" + cloudManagementRef: + name: "cloudManagementRef" + subaccountRef: + name: "subaccountRef" + writeConnectionSecretToRef: + name: "demo-connection-details" + namespace: "default" +######################################################################################################################## +kymaEnvironments: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "name" + forProvider: + parameters: + administrators: + - "" + autoScalerMax: 3 + autoScalerMin: 3 + machineType: "m5.xlarge" + oidc: + clientID: "" #i.e. applicatonId + groupsClaim: "groups" #i.e. name of group + issuerURL: "https://.accounts400.ondemand.com" + signingAlgs: + - "RS256" + usernameClaim: "email" + usernamePrefix: "-" + region: "eu-west-2" + planName: "aws" + cloudManagementRef: + name: "cloudManagementRef" + subaccountRef: + name: "subaccountRef" + writeConnectionSecretToRef: + name: "demo-kyma-kubeconfig-local" + namespace: "default" +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml new file mode 100644 index 0000000..2e8d63f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml @@ -0,0 +1,50 @@ +--- +######################################################################################################################## +# -- cloudFoundryEnvironments contains configuration of [cloudfoundry Environments](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/environment.btp.sap.crossplane.io/cloudfoundryenvironment/v1alpha1). +# @default -- object +cloudFoundryEnvironments: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a ...! + - btpSapCrossplaneProviderConfigRefName: "" + name: "" + forProvider: + initialOrgManagers: + - "" + landscape: "" + cloudManagementRef: + name: "dev-eu01" + subaccountRef: + name: "dev-eu01" + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +kymaEnvironments: + - btpSapCrossplaneProviderConfigRefName: "" + name: "" + forProvider: + parameters: + administrators: + - "...@sap.com" + autoScalerMax: 3 + autoScalerMin: 3 + machineType: "m5.xlarge" + oidc: + clientID: "" #i.e. applicatonId + groupsClaim: "groups" #i.e. name of group + issuerURL: "https://.accounts400.ondemand.com" + signingAlgs: + - "RS256" + usernameClaim: "email" + usernamePrefix: "-" + region: "eu-west-2" + planName: "aws" + cloudManagementRef: + name: "dev-eu01" + subaccountRef: + name: "dev-eu01" + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: + name: "demo-kyma-kubeconfig-local" + namespace: "default" +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/.ci.config.yaml b/helm/charts/mcp/external-secrets-config/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/.helmignore b/helm/charts/mcp/external-secrets-config/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/external-secrets-config/Chart.yaml b/helm/charts/mcp/external-secrets-config/Chart.yaml new file mode 100644 index 0000000..f975bee --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/Chart.yaml @@ -0,0 +1,32 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: external-secrets-config +description: A Helm Chart to template external-secrets.io manifests to sync credentials from remote vault (e.g. SAP HashiCorp Vault). +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://github.com/external-secrets/external-secrets/raw/main/assets/eso-logo-large.png" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.8 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.10.0" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://external-secrets.io +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/external-secrets-config/README.md b/helm/charts/mcp/external-secrets-config/README.md new file mode 100644 index 0000000..12b3026 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/README.md @@ -0,0 +1,91 @@ + + +# external-secrets-config + +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.10.0](https://img.shields.io/badge/AppVersion-0.10.0-informational?style=flat-square) + +A Helm Chart to template external-secrets.io manifests to sync credentials from remote vault (e.g. SAP HashiCorp Vault). + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| clusterExternalSecret | list | {} | [ClusterExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the Schema for the external-secrets API. | +| clusterExternalSecret[0].externalSecretName | string | `""` | *(optional)* The name of the external secrets to be created defaults to the name of the ClusterExternalSecret | +| clusterExternalSecret[0].externalSecretSpec | object | [] | The [spec](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) for the ExternalSecrets to be created | +| clusterExternalSecret[0].externalSecretSpec.data | list | `[]` | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the connection between the Kubernetes Secret keys and the Provider data | +| clusterExternalSecret[0].externalSecretSpec.dataFrom | list | `[]` | *(optional)* [DataFrom](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef) is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order | +| clusterExternalSecret[0].externalSecretSpec.refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. | +| clusterExternalSecret[0].externalSecretSpec.secretStoreRef | optional | `[]` | - [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) defines which SecretStore to fetch the ExternalSecret data. | +| clusterExternalSecret[0].externalSecretSpec.target | list | `[]` | [ExternalSecretTarget](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. | +| clusterExternalSecret[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | +| clusterExternalSecret[0].namespaceSelectors | list | `[]` | *(optional)* [namespaceSelectors](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) defines a list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed. | +| clusterExternalSecret[0].refreshTime | string | `""` | [refreshTime](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the time in which the controller should reconcile its objects and recheck namespaces for labels. | +| clusterSecretStores[0].controller | string | `""` | *(optional)* Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property | +| clusterSecretStores[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ClusterSecretStore` | +| clusterSecretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. | +| clusterSecretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider | +| clusterSecretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. | +| clusterSecretStores[0].provider.vault.auth.appRole | object | [] | *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). | +| clusterSecretStores[0].provider.vault.auth.appRole.path | string | `"approle"` | [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” | +| clusterSecretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. | +| clusterSecretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| clusterSecretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| clusterSecretStores[0].provider.vault.namespace | string | `"ns1"` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" | +| clusterSecretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. | +| clusterSecretStores[0].provider.vault.server | string | `"https://vault.example/"` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". | +| clusterSecretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. | +| credentials[0].data | list | `[]` | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | +| credentials[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | +| credentials[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| credentials[0].stringData | list | `[]` | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | +| defaults.externalSecret.secretStoreRef.kind | string | `"SecretStore"` | | +| defaults.namespace | string | `"default"` | default namespace value for optional `namespace` fields. | +| externalSecret | list | {} | [ExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the Schema for the external-secrets API. | +| externalSecret[0].creationPolicy | string | `""` | *(optional)* CreationPolicy defines rules on how to create the resulting Secret Defaults to ‘Owner’ | +| externalSecret[0].data | list | [] | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data | +| externalSecret[0].data[0].remoteRef | object | `{"key":"","property":""}` | [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch. | +| externalSecret[0].data[0].remoteRef.key | string | `""` | [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "btp-endpoint.example/btp-account" | +| externalSecret[0].data[0].remoteRef.property | string | `""` | *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig" | +| externalSecret[0].deletionPolicy | string | `""` | *(optional)* DeletionPolicy defines rules on how to delete the resulting Secret Defaults to ‘Retain’ | +| externalSecret[0].immutable | bool | `false` | *(optional)* Immutable defines if the final secret will be immutable | +| externalSecret[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | +| externalSecret[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | +| externalSecret[0].refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. | +| externalSecret[0].secretStore | object | `{"kind":"","name":""}` | [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data. | +| externalSecret[0].secretStore.kind | string | `""` | *(optional)* Kind of the SecretStore resource (`SecretStore` or `ClusterSecretStore`) Defaults to `.Values.defaults.externalSecret.secretStoreRef.kind` | +| externalSecret[0].secretStore.name | string | `""` | Name of the SecretStore resource | +| externalSecret[0].targetSecretName | string | `""` | [targetSecretName](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource | +| externalSecret[0].template | list | `[]` | *(optional)* [Template](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTemplate) defines a blueprint for the created Secret resource. | +| pushSecrets | list | {} | The [PushSecret](https://external-secrets.io/latest/api/pushsecret/) is namespaced and it describes what data should be pushed to the secret provider. - tells the operator what secrets should be pushed by using spec.selector. - you can specify what secret keys should be pushed by using spec.data. | +| pushSecrets[0].spec.data | list | `[]` | Secret Data that should be pushed to providers | +| pushSecrets[0].spec.deletionPolicy | string | `""` | *optional* The provider' secret will be deleted if the PushSecret is deleted. E.g. Delete | +| pushSecrets[0].spec.refreshInterval | string | `""` | Refresh interval for which push secret will reconcile. E.g. 1h | +| pushSecrets[0].spec.secretStoreRefs | object | `{}` | A list of secret stores to push secrets to. | +| pushSecrets[0].spec.selector | list | `[]` | The Secret Selector (k8s source) for the Push Secret | +| pushSecrets[0].spec.template | list | `[]` | *optional* Template defines a blueprint for the created Secret resource. | +| pushSecrets[0].spec.updatePolicy | string | `""` | *optional* Policy to overwrite existing secrets in the provider on sync. E.g. Replace | +| secretStores[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` | +| secretStores[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` | +| secretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. | +| secretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider | +| secretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. | +| secretStores[0].provider.vault.auth.appRole | object | [] | *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). | +| secretStores[0].provider.vault.auth.appRole.path | string | `"approle"` | [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” | +| secretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. | +| secretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| secretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| secretStores[0].provider.vault.namespace | string | `"ns1"` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" | +| secretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. | +| secretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". | +| secretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/README.md.gotmpl b/helm/charts/mcp/external-secrets-config/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/external-secrets-config/templates/NOTES.txt b/helm/charts/mcp/external-secrets-config/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/external-secrets-config/templates/cluster-external-secret.yaml b/helm/charts/mcp/external-secrets-config/templates/cluster-external-secret.yaml new file mode 100644 index 0000000..3f4d6f7 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/cluster-external-secret.yaml @@ -0,0 +1,23 @@ +{{- range $item := .Values.clusterExternalSecret}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: {{required "A valid value is required! (.Values.clusterSecretStores[].clusterExternalSecret[].name)" $item.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- if $item.externalSecretName}} + externalSecretName: {{ $item.externalSecretName | quote }} + {{- end }} + {{- if $item.namespaceSelectors}} + namespaceSelectors: + {{- $item.namespaceSelectors | toYaml | nindent 4 }} + {{- end }} + refreshTime: {{required "A valid value is required! (.Values.clusterSecretStores[].clusterExternalSecret[].refreshTime)" $item.refreshTime | quote}} + externalSecretSpec: + {{- required "A valid value is required! (.Values.clusterSecretStores[].clusterExternalSecret[].externalSecretSpec)" $item.externalSecretSpec | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/cluster-secret-store.yaml b/helm/charts/mcp/external-secrets-config/templates/cluster-secret-store.yaml new file mode 100644 index 0000000..4b3edf2 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/cluster-secret-store.yaml @@ -0,0 +1,18 @@ +{{- range $item := .Values.clusterSecretStores}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: {{required "A valid value is required! (.Values.clusterSecretStores[].name)" $item.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- if $item.controller}} + controller: {{ $item.controller | quote }} + {{- end }} + provider: + {{- required "A valid value is required! (.Values.clusterSecretStores[].provider)" $item.provider | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/external-secret.yaml b/helm/charts/mcp/external-secrets-config/templates/external-secret.yaml new file mode 100644 index 0000000..59acb25 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/external-secret.yaml @@ -0,0 +1,35 @@ +{{- range $externalSecret := .Values.externalSecret}} + {{- if and ($externalSecret) (ne $externalSecret.name "")}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{required "A valid value is required! (.Values.secretStore[].externalSecret[].name)" $externalSecret.name | lower | quote}} + namespace: {{ $externalSecret.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + refreshInterval: {{required "A valid value is required! (.Values.secretStore[].externalSecret[].refreshInterval)" $externalSecret.refreshInterval | quote}} + secretStoreRef: + name: {{required "A valid value is required! (.Values.secretStore.name)" $externalSecret.secretStore.name | quote}} + kind: {{ default $.Values.defaults.externalSecret.secretStoreRef.kind $externalSecret.secretStore.kind | quote }} + target: + name: {{required "A valid value is required! (.Values.secretStore[].externalSecret[].targetSecretName)" $externalSecret.targetSecretName | quote}} + {{- if $externalSecret.template }} + template: + {{- $externalSecret.template | toYaml | nindent 6 }} + {{- end }} + {{- if $externalSecret.creationPolicy }} + creationPolicy: {{ $externalSecret.creationPolicy | quote }} + {{- end }} + {{- if $externalSecret.deletionPolicy }} + deletionPolicy: {{ $externalSecret.deletionPolicy | quote }} + {{- end }} + {{- if $externalSecret.immutable }} + immutable: {{ $externalSecret.immutable }} + {{- end }} + data: + {{- required "A valid value is required! (.Values.secretStore[].externalSecret[].data)" $externalSecret.data | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/push-secret.yaml b/helm/charts/mcp/external-secrets-config/templates/push-secret.yaml new file mode 100644 index 0000000..4c5eb4a --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/push-secret.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.pushSecrets}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: {{required "A valid value is required! (.Values.pushSecrets[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.pushSecrets[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/secret-store.yaml b/helm/charts/mcp/external-secrets-config/templates/secret-store.yaml new file mode 100644 index 0000000..77244d7 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/secret-store.yaml @@ -0,0 +1,16 @@ +{{- range $item := .Values.secretStores}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: {{required "A valid value is required! (.Values.secretStore[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + provider: + {{- required "A valid value is required! (.Values.secretStore[].provider)" $item.provider | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/secrets/generic-secret.yaml b/helm/charts/mcp/external-secrets-config/templates/secrets/generic-secret.yaml new file mode 100644 index 0000000..67453f5 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/secrets/generic-secret.yaml @@ -0,0 +1,24 @@ +{{- range $item := .Values.credentials}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{required "A valid value is required! (.Values.credentials[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.stringData}} +stringData: + {{- range $key, $value := $item.stringData }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if $item.data}} +data: + {{- toYaml $item.data | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/values.ci.yaml b/helm/charts/mcp/external-secrets-config/values.ci.yaml new file mode 100644 index 0000000..d8f69e4 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/values.ci.yaml @@ -0,0 +1,157 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +clusterSecretStores: + - name: "hashicorp-vault-cluster-store" + controller: "controller" + provider: + vault: + server: "https://vault.example/" + namespace: "ns1" + path: "k8s-clusters" + version: "v2" + auth: + appRole: + path: "approle" + roleId: "cf33bb15" + secretRef: + name: "hashicorp-vault-token" + key: "token" +######################################################################################################################## +clusterExternalSecret: +- name: "openmcp-test" + externalSecretName: "externalSecretName" + refreshTime: "1m" + namespaceSelectors: + - matchLabels: + cool: label + externalSecretSpec: + secretStoreRef: + name: secret-store-name + kind: SecretStore + refreshInterval: "1h" + target: + name: my-secret + creationPolicy: 'Merge' + template: + type: kubernetes.io/dockerconfigjson + metadata: + annotations: {} + labels: {} + data: + config.yml: | + endpoints: + - https://{{ .data.user }}:{{ .data.password }}@api.exmaple.com + templateFrom: + - configMap: + name: alertmanager + items: + - key: alertmanager.yaml + data: + - secretKey: secret-key-to-be-managed + remoteRef: + key: provider-key + version: provider-key-version + property: provider-key-property + dataFrom: + - key: provider-key + version: provider-key-version + property: provider-key-property +######################################################################################################################## +secretStores: +- name: "hashicorp-vault" + namespace: "default" + provider: + vault: + server: "https://vault.example/" + namespace: "ns1" + path: "k8s-clusters" + version: "v2" + auth: + appRole: + path: "approle" + roleId: "cf33bb15" + secretRef: + name: "hashicorp-vault-token" + key: "token" +######################################################################################################################## +externalSecret: + - name: "openmcp-test" + namespace: "default" + refreshInterval: "15m" + targetSecretName: "openmcp-test" + secretStore: + name: "hashicorp-vault" + data: + - secretKey: kubeconfig + remoteRef: + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/garden-openmcp-test" + property: kubeconfig + - name: "garden-openmcp-test-2" + namespace: "default" + refreshInterval: "15m" + targetSecretName: garden-openmcp-test-2 + secretStore: + name: "hashicorp-vault" + data: + - secretKey: kubeconfig + remoteRef: + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/garden-openmcp-test" + property: kubeconfig + - name: "btp-account-openmcp-test" + namespace: "default" + refreshInterval: "15m" + targetSecretName: btp-account-openmcp-test + secretStore: + name: "hashicorp-vault-cluster-store" + kind: "ClusterSecretStore" + data: + - secretKey: btp-cis-provider-credentials + remoteRef: + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/btp-accounts-openmcp-test" + property: btp-cis-provider-credentials + - secretKey: btp-service-account-provider-credentials + remoteRef: + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/btp-accounts-openmcp-test" + property: btp-service-account-provider-credentials +######################################################################################################################## +pushSecrets: + - name: "openmcp-test" + namespace: "default" + spec: + updatePolicy: Replace # Policy to overwrite existing secrets in the provider on sync + deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted + refreshInterval: 1h # Refresh interval for which push secret will reconcile + secretStoreRefs: # A list of secret stores to push secrets to + - name: aws-parameterstore + kind: SecretStore + selector: + secret: + name: pokedex-credentials # Source Kubernetes secret to be pushed + # Alternatively, you can point to a generator that produces values to be pushed + generatorRef: + apiVersion: external-secrets.io/v1alpha1 + kind: ECRAuthorizationToken + name: prod-registry-credentials + template: + metadata: + annotations: { } + labels: { } + data: + best-pokemon: "{{ .best-pokemon | toString | upper }} is the really best!" + # Uses an existing template from configmap + # Secret is fetched, merged and templated within the referenced configMap data + # It does not update the configmap, it creates a secret with: data["alertmanager.yml"] = ...result... + templateFrom: + - configMap: + name: application-config-tmpl + items: + - key: config.yml + data: + - conversionStrategy: None # Also supports the ReverseUnicode strategy + match: + secretKey: best-pokemon # Source Kubernetes secret key to be pushed + remoteRef: + remoteKey: my-first-parameter # Remote reference (where the secret +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/values.yaml b/helm/charts/mcp/external-secrets-config/values.yaml new file mode 100644 index 0000000..34717ad --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/values.yaml @@ -0,0 +1,184 @@ +--- +# @default -- - +defaults: + # -- default namespace value for optional `namespace` fields. + namespace: "default" + externalSecret: + secretStoreRef: + kind: "SecretStore" +######################################################################################################################## +# @secretStores -- - +# @default -- {} +secretStores: + # secretStores[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` + namespace: "ns1" + # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. + # @default -- [] + provider: + # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider + # @default -- [] + vault: + # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". + server: "" + # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" + namespace: "ns1" + # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. + path: "" + # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. + version: "v2" + # -- [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. + # @default -- [] + auth: + # -- *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). + # @default -- [] + appRole: + # -- [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” + path: "approle" + # -- *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. + roleId: "" + # *(optional)* [secretRef])(https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) to a key in a Secret that contains the App Role secret used to authenticate with Vault. The key field must be specified and denotes which entry within the Secret resource is used as the app role secret. + secretRef: + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + name: "" + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + key: "" +######################################################################################################################## +# -- [ExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the Schema for the external-secrets API. +# @default -- {} +externalSecret: +# externalSecret[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` +- name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` + namespace: "ns1" + # -- [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data. + secretStore: + # -- Name of the SecretStore resource + name: "" + # -- *(optional)* Kind of the SecretStore resource (`SecretStore` or `ClusterSecretStore`) Defaults to `.Values.defaults.externalSecret.secretStoreRef.kind` + kind: "" + # -- [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. + refreshInterval: "" + # -- [targetSecretName](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource + targetSecretName: "" + # -- *(optional)* [Template](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTemplate) defines a blueprint for the created Secret resource. + template: [] + # -- *(optional)* CreationPolicy defines rules on how to create the resulting Secret Defaults to ‘Owner’ + creationPolicy: "" + # -- *(optional)* DeletionPolicy defines rules on how to delete the resulting Secret Defaults to ‘Retain’ + deletionPolicy: "" + # -- *(optional)* Immutable defines if the final secret will be immutable + immutable: false + # -- *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data + # @default -- [] + data: + # secretKey -- [SecretKey](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the key in which the controller stores the value. This is the key in the Kind=Secret. e.g. "kubeconfig" + - secretKey: "" + # -- [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch. + remoteRef: + # -- [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "btp-endpoint.example/btp-account" + key: "" + # -- *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig" + property: "" +######################################################################################################################## +# @clusterSecretStores -- - +# @default -- {} +clusterSecretStores: + # clusterSecretStores[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ClusterSecretStore` + - name: "" + # -- *(optional)* Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property + controller: "" + # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. + # @default -- [] + provider: + # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider + # @default -- [] + vault: + # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". + server: "https://vault.example/" + # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" + namespace: "ns1" + # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. + path: "" + # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. + version: "v2" + # -- [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. + # @default -- [] + auth: + # -- *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). + # @default -- [] + appRole: + # -- [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” + path: "approle" + # -- *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. + roleId: "" + # *(optional)* [secretRef])(https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) to a key in a Secret that contains the App Role secret used to authenticate with Vault. The key field must be specified and denotes which entry within the Secret resource is used as the app role secret. + # @default -- [] + secretRef: + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + name: "" + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + key: "" +######################################################################################################################## +# -- [ClusterExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the Schema for the external-secrets API. +# @default -- {} +clusterExternalSecret: +# clusterExternalSecret[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` +- name: "" + # -- *(optional)* The name of the external secrets to be created defaults to the name of the ClusterExternalSecret + externalSecretName: "" + # -- [refreshTime](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the time in which the controller should reconcile its objects and recheck namespaces for labels. + refreshTime: "" + # -- *(optional)* [namespaceSelectors](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) defines a list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed. + namespaceSelectors: [] + # -- The [spec](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) for the ExternalSecrets to be created + # @default -- [] + externalSecretSpec: + # -- (optional) - [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) defines which SecretStore to fetch the ExternalSecret data. + secretStoreRef: [] + # -- [ExternalSecretTarget](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. + target: [] + # -- [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. + refreshInterval: "" + # -- *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the connection between the Kubernetes Secret keys and the Provider data + data: [] + # -- *(optional)* [DataFrom](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef) is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order + dataFrom: [] +######################################################################################################################## +# -- The [PushSecret](https://external-secrets.io/latest/api/pushsecret/) is namespaced and it describes what data should be pushed to the secret provider. +# - tells the operator what secrets should be pushed by using spec.selector. +# - you can specify what secret keys should be pushed by using spec.data. +# @default -- {} +pushSecrets: + - name: "" + namespace: "ns1" + # @default -- [] + spec: + # -- *optional* Policy to overwrite existing secrets in the provider on sync. E.g. Replace + updatePolicy: "" + # -- *optional* The provider' secret will be deleted if the PushSecret is deleted. E.g. Delete + deletionPolicy: "" + # -- Refresh interval for which push secret will reconcile. E.g. 1h + refreshInterval: "" + # -- A list of secret stores to push secrets to. + secretStoreRefs: {} + # -- The Secret Selector (k8s source) for the Push Secret + selector: [] + # -- *optional* Template defines a blueprint for the created Secret resource. + template: [] + # -- Secret Data that should be pushed to providers + data: [] +######################################################################################################################## +# @credentials -- :exclamation::exclamation: never EVER PUSH credentials in plain text into GIT :exclamation::exclamation: +# @default -- {} +credentials: + # credentials[0].name -- defines k8s `metadata.name` value of `kind: Secret` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` + namespace: "ns1" + # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. + stringData: [] + # -- *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 + data: [] +######################################################################################################################## diff --git a/helm/charts/mcp/flux-config/.ci.config.yaml b/helm/charts/mcp/flux-config/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/flux-config/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/.helmignore b/helm/charts/mcp/flux-config/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/flux-config/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/flux-config/Chart.yaml b/helm/charts/mcp/flux-config/Chart.yaml new file mode 100644 index 0000000..9cc076f --- /dev/null +++ b/helm/charts/mcp/flux-config/Chart.yaml @@ -0,0 +1,33 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: flux-config +description: A Helm Chart to template flux manifests to leverage GitOps on a OpenMCP cluster. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/52158677?s=200&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.15 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.3.0" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://fluxcd.io/flux/releases/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/flux-config/README.md b/helm/charts/mcp/flux-config/README.md new file mode 100644 index 0000000..864d190 --- /dev/null +++ b/helm/charts/mcp/flux-config/README.md @@ -0,0 +1,88 @@ + + +# flux-config + +![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) + +A Helm Chart to template flux manifests to leverage GitOps on a OpenMCP cluster. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| credentials[0].data | list | `[]` | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | +| credentials[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | +| credentials[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| credentials[0].stringData | list | `[]` | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | +| defaults.namespace | string | `"default"` | default namespace value for *(optional)*`namespace` fields. | +| defaults.targetNamespace | string | `"default"` | targetNamespace sets or overrides the default namespace in the `kind: Kustomization` manifests. | +| gitRepositorys[0].kustomizations[0].commonMetadata | list | `[]` | [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. | +| gitRepositorys[0].kustomizations[0].components | object | `{}` | [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. | +| gitRepositorys[0].kustomizations[0].decryption | list | `[]` | [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. | +| gitRepositorys[0].kustomizations[0].dependsOn | object | `{}` | [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. | +| gitRepositorys[0].kustomizations[0].force | string | `nil` | [force](https://fluxcd.io/flux/components/kustomize/kustomizations/#force) is an *(optional)*boolean field. If set to true, the controller will replace the resources in-cluster if the patching fails due to immutable field changes. | +| gitRepositorys[0].kustomizations[0].healthChecks | object | `{}` | [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. | +| gitRepositorys[0].kustomizations[0].images | object | `{}` | [images](https://fluxcd.io/flux/components/kustomize/kustomizations/#images) is an *(optional)*list used to specify Kustomize images. This allows overwriting the name, tag or digest of container images without creating patches. | +| gitRepositorys[0].kustomizations[0].interval | string | `nil` | The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s | +| gitRepositorys[0].kustomizations[0].kubeConfig | list | `[]` | [kubeConfig](https://fluxcd.io/flux/components/kustomize/kustomizations/#kubeconfig-reference) KubeConfig reference | +| gitRepositorys[0].kustomizations[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" | +| gitRepositorys[0].kustomizations[0].namePrefix | string | `nil` | [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | +| gitRepositorys[0].kustomizations[0].nameSuffix | string | `nil` | [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | +| gitRepositorys[0].kustomizations[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` | +| gitRepositorys[0].kustomizations[0].patches | string | `nil` | [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. | +| gitRepositorys[0].kustomizations[0].path | string | `""` | *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" | +| gitRepositorys[0].kustomizations[0].postBuild | list | `[]` | [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution | +| gitRepositorys[0].kustomizations[0].prune | string | `nil` | [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false | +| gitRepositorys[0].kustomizations[0].retryInterval | string | `nil` | [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. | +| gitRepositorys[0].kustomizations[0].serviceAccountName | string | `nil` | [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. | +| gitRepositorys[0].kustomizations[0].suspend | string | `nil` | [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. | +| gitRepositorys[0].kustomizations[0].targetnamespace | string | `"ns1"` | *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. | +| gitRepositorys[0].kustomizations[0].timeout | string | `nil` | *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m | +| gitRepositorys[0].kustomizations[0].wait | string | `nil` | [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. | +| gitRepositorys[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` | +| gitRepositorys[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` | +| gitRepositorys[0].spec.interval | string | `"1m"` | [Interval](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) at which the GitRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. | +| gitRepositorys[0].spec.ref | object | `{"branch":""}` | *(optional)* Reference specifies the Git reference to resolve and monitor for changes, defaults to the ‘master’ branch. | +| gitRepositorys[0].spec.ref.branch | string | `""` | *(optional)* [branch](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositoryRef) Branch to check out, defaults to ‘master’ if no other field is defined. e.g. "main" | +| gitRepositorys[0].spec.secretRef | object | `{"name":""}` | *(optional)* [SecretRef](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) specifies the Secret containing authentication credentials for the GitRepository. For HTTPS repositories the Secret must contain ‘username’ and ‘password’ fields for basic auth or ‘bearerToken’ field for token auth. For SSH repositories the Secret must contain ‘identity’ and ‘known_hosts’ fields. | +| gitRepositorys[0].spec.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| gitRepositorys[0].spec.url | string | `""` | [URL]() specifies the Git repository URL, it can be an HTTP/S or SSH address. | +| kustomizations | list | `[{"commonMetadata":[],"components":{},"decryption":[],"dependsOn":{},"force":null,"healthChecks":{},"images":{},"interval":null,"kubeConfig":[],"name":"","namePrefix":null,"nameSuffix":null,"namespace":"ns1","patches":null,"path":"","postBuild":[],"prune":null,"retryInterval":null,"serviceAccountName":null,"sourceRef":{"apiVersion":"","kind":"GitRepository","name":"","namespace":"ns1"},"suspend":null,"targetnamespace":"ns1","timeout":null,"wait":null}]` | defines independent [`kind: Kustomization`](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.Kustomization) manifest without the generation of `kind: GitRepository`. | +| kustomizations[0].commonMetadata | list | `[]` | [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. | +| kustomizations[0].components | object | `{}` | [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. | +| kustomizations[0].decryption | list | `[]` | [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. | +| kustomizations[0].dependsOn | object | `{}` | [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. | +| kustomizations[0].force | string | `nil` | [force](https://fluxcd.io/flux/components/kustomize/kustomizations/#force) is an *(optional)*boolean field. If set to true, the controller will replace the resources in-cluster if the patching fails due to immutable field changes. | +| kustomizations[0].healthChecks | object | `{}` | [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. | +| kustomizations[0].images | object | `{}` | [images](https://fluxcd.io/flux/components/kustomize/kustomizations/#images) is an *(optional)*list used to specify Kustomize images. This allows overwriting the name, tag or digest of container images without creating patches. | +| kustomizations[0].interval | string | `nil` | The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s | +| kustomizations[0].kubeConfig | list | `[]` | [kubeConfig](https://fluxcd.io/flux/components/kustomize/kustomizations/#kubeconfig-reference) KubeConfig reference | +| kustomizations[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" | +| kustomizations[0].namePrefix | string | `nil` | [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | +| kustomizations[0].nameSuffix | string | `nil` | [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | +| kustomizations[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` | +| kustomizations[0].patches | string | `nil` | [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. | +| kustomizations[0].path | string | `""` | *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" | +| kustomizations[0].postBuild | list | `[]` | [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution | +| kustomizations[0].prune | string | `nil` | [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false | +| kustomizations[0].retryInterval | string | `nil` | [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. | +| kustomizations[0].serviceAccountName | string | `nil` | [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. | +| kustomizations[0].sourceRef | object | `{"apiVersion":"","kind":"GitRepository","name":"","namespace":"ns1"}` | [Reference](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.CrossNamespaceSourceReference) of the source where the kustomization file is. | +| kustomizations[0].sourceRef.apiVersion | string | `""` | string (Optional) API version of the referent. | +| kustomizations[0].sourceRef.kind | string | `"GitRepository"` | string Kind of the referent. | +| kustomizations[0].sourceRef.name | string | `""` | string Name of the referent. | +| kustomizations[0].sourceRef.namespace | string | `"ns1"` | string (Optional) Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference. | +| kustomizations[0].suspend | string | `nil` | [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. | +| kustomizations[0].targetnamespace | string | `"ns1"` | *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. | +| kustomizations[0].timeout | string | `nil` | *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m | +| kustomizations[0].wait | string | `nil` | [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/README.md.gotmpl b/helm/charts/mcp/flux-config/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/flux-config/templates/NOTES.txt b/helm/charts/mcp/flux-config/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/flux-config/templates/flux-kustomization-obj.yml b/helm/charts/mcp/flux-config/templates/flux-kustomization-obj.yml new file mode 100644 index 0000000..72530a9 --- /dev/null +++ b/helm/charts/mcp/flux-config/templates/flux-kustomization-obj.yml @@ -0,0 +1,83 @@ +{{- range $item := .Values.kustomizations}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: {{required "A valid value is required! (.Values.kustomizations[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + interval: {{required "A valid value is required! (.Values.kustomizations[].interval)" $item.interval | quote}} + targetNamespace: {{ $item.targetNamespace | default $.Values.defaults.targetNamespace | lower | quote}} + sourceRef: + {{- required "A valid value is required! (.Values.kustomizations[].sourceRef)" $item.sourceRef | toYaml | nindent 4 }} + path: {{required "A valid value is required! (.Values.kustomizations[].path)" $item.path | quote}} + prune: {{required "A valid value is required! (.Values.kustomizations[].prune)" $item.prune }} + timeout: {{required "A valid value is required! (.Values.kustomizations[].timeout)" $item.timeout | quote}} + {{- if $item.dependsOn}} + dependsOn: {{ required "A valid value is required! (.Values.kustomizations[].dependsOn)" $item.dependsOn | toYaml | nindent 4 }} + {{- end }} + {{- if $item.healthChecks}} + healthChecks: {{ required "A valid value is required! (.Values.kustomizations[].healthChecks)" $item.healthChecks | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.retryInterval}} + retryInterval: {{required "A valid value is required! (.Values.gitRepositorys[].retryInterval)" $item.retryInterval }} + {{- end }} + + {{- if $item.suspend}} + suspend: {{required "A valid value is required! (.Values.gitRepositorys[].suspend)" $item.suspend }} + {{- end }} + + {{- if $item.wait}} + wait: {{required "A valid value is required! (.Values.gitRepositorys[].wait)" $item.wait }} + {{- end }} + + {{- if $item.serviceAccountName}} + serviceAccountName: {{required "A valid value is required! (.Values.gitRepositorys[].serviceAccountName)" $item.serviceAccountName | quote }} + {{- end }} + + {{- if $item.commonMetadata}} + commonMetadata: {{ required "A valid value is required! (.Values.kustomizations[].commonMetadata)" $item.commonMetadata | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.namePrefix}} + namePrefix: {{required "A valid value is required! (.Values.gitRepositorys[].namePrefix)" $item.namePrefix | quote }} + {{- end }} + + {{- if $item.nameSuffix}} + nameSuffix: {{required "A valid value is required! (.Values.gitRepositorys[].nameSuffix)" $item.nameSuffix | quote }} + {{- end }} + + {{- if $item.force}} + force: {{required "A valid value is required! (.Values.gitRepositorys[].force)" $item.force }} + {{- end }} + + {{- if $item.patches}} + patches: {{ required "A valid value is required! (.Values.kustomizations[].patches)" $item.patches | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.images}} + images: {{ required "A valid value is required! (.Values.kustomizations[].images)" $item.images | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.components}} + components: {{ required "A valid value is required! (.Values.kustomizations[].components)" $item.components | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.postBuild}} + postBuild: {{ required "A valid value is required! (.Values.kustomizations[].postBuild)" $item.postBuild | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.kubeConfig}} + kubeConfig: {{ required "A valid value is required! (.Values.kustomizations[].kubeConfig)" $item.kubeConfig | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.decryption}} + decryption: {{ required "A valid value is required! (.Values.kustomizations[].decryption)" $item.decryption | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/templates/git-repo-kustomization.yml b/helm/charts/mcp/flux-config/templates/git-repo-kustomization.yml new file mode 100644 index 0000000..fc92f8a --- /dev/null +++ b/helm/charts/mcp/flux-config/templates/git-repo-kustomization.yml @@ -0,0 +1,87 @@ +{{- range $gitRepository := .Values.gitRepositorys}} + {{- range $item := $gitRepository.kustomizations}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + interval: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].interval)" $item.interval | quote}} + targetNamespace: {{ $item.targetNamespace | default $.Values.defaults.targetNamespace | lower | quote}} + sourceRef: + kind: GitRepository + name: {{required "A valid value is required! (.Values.gitRepositorys[].name)" $gitRepository.name | quote}} + path: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].path)" $item.path | quote}} + prune: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].prune)" $item.prune }} + timeout: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].timeout)" $item.timeout | quote}} + {{- if $item.healthChecks}} + healthChecks: {{ required "A valid value is required! (.Values.kustomizations[].healthChecks)" $item.healthChecks | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.dependsOn}} + dependsOn: {{ required "A valid value is required! (.Values.kustomizations[].dependsOn)" $item.dependsOn | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.retryInterval}} + retryInterval: {{required "A valid value is required! (.Values.gitRepositorys[].retryInterval)" $item.retryInterval }} + {{- end }} + + {{- if $item.suspend}} + suspend: {{required "A valid value is required! (.Values.gitRepositorys[].suspend)" $item.suspend }} + {{- end }} + + {{- if $item.wait}} + wait: {{required "A valid value is required! (.Values.gitRepositorys[].wait)" $item.wait }} + {{- end }} + + {{- if $item.serviceAccountName}} + serviceAccountName: {{required "A valid value is required! (.Values.gitRepositorys[].serviceAccountName)" $item.serviceAccountName | quote }} + {{- end }} + + {{- if $item.commonMetadata}} + commonMetadata: {{ required "A valid value is required! (.Values.kustomizations[].commonMetadata)" $item.commonMetadata | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.namePrefix}} + namePrefix: {{required "A valid value is required! (.Values.gitRepositorys[].namePrefix)" $item.namePrefix | quote }} + {{- end }} + + {{- if $item.nameSuffix}} + nameSuffix: {{required "A valid value is required! (.Values.gitRepositorys[].nameSuffix)" $item.nameSuffix | quote }} + {{- end }} + + {{- if $item.force}} + force: {{required "A valid value is required! (.Values.gitRepositorys[].force)" $item.force }} + {{- end }} + + {{- if $item.patches}} + patches: {{ required "A valid value is required! (.Values.kustomizations[].patches)" $item.patches | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.images}} + images: {{ required "A valid value is required! (.Values.kustomizations[].images)" $item.images | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.components}} + components: {{ required "A valid value is required! (.Values.kustomizations[].components)" $item.components | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.postBuild}} + postBuild: {{ required "A valid value is required! (.Values.kustomizations[].postBuild)" $item.postBuild | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.kubeConfig}} + kubeConfig: {{ required "A valid value is required! (.Values.kustomizations[].kubeConfig)" $item.kubeConfig | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.decryption}} + decryption: {{ required "A valid value is required! (.Values.kustomizations[].decryption)" $item.decryption | toYaml | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/templates/git-repository.yml b/helm/charts/mcp/flux-config/templates/git-repository.yml new file mode 100644 index 0000000..f644881 --- /dev/null +++ b/helm/charts/mcp/flux-config/templates/git-repository.yml @@ -0,0 +1,15 @@ +{{- range $item := .Values.gitRepositorys}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: {{required "A valid value is required! (.Values.gitRepositorys[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- toYaml $item.spec | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/templates/secrets/generic-secret.yaml b/helm/charts/mcp/flux-config/templates/secrets/generic-secret.yaml new file mode 100644 index 0000000..b82804a --- /dev/null +++ b/helm/charts/mcp/flux-config/templates/secrets/generic-secret.yaml @@ -0,0 +1,24 @@ +{{- range $item := .Values.credentials}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{required "A valid value is required! (.Values.credentials[].name)" $item.name | lower | quote}} + namespace: {{required "A valid value is required! (.Values.credentials[].namespace)" $item.namespace | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.stringData}} +stringData: + {{- range $key, $value := $item.stringData }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if $item.data}} +data: + {{- toYaml $item.data | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/values.ci.yaml b/helm/charts/mcp/flux-config/values.ci.yaml new file mode 100644 index 0000000..af2fcf2 --- /dev/null +++ b/helm/charts/mcp/flux-config/values.ci.yaml @@ -0,0 +1,228 @@ +--- +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +kustomizations: + - name: chrome-hub-root-app + namespace: "default" + interval: "10s" + path: "manifests/application/root" + prune: true + timeout: "1m" + sourceRef: + kind: "GitRepository" + name: "mcp-blueprint-building-blocks" + dependsOn: + - name: cert-manager + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: backend + namespace: dev + retryInterval: "30s" + suspend: true + wait: false + serviceAccountName: "serviceAccountName" + commonMetadata: + labels: + a: "bc" + annotations: + d: "efg" + namePrefix: "prefix-" + nameSuffix: "-suffix" + force: true + patches: + - patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: not-used + spec: + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + target: + kind: Deployment + labelSelector: "app.kubernetes.io/part-of=my-app" + - patch: | + - op: add + path: /spec/template/spec/securityContext + value: + runAsUser: 10000 + fsGroup: 1337 + - op: add + path: /spec/template/spec/containers/0/securityContext + value: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + target: + kind: Deployment + name: podinfo + namespace: apps + images: + - name: podinfo + newName: my-registry/podinfo + newTag: v1 + - name: podinfo + newTag: 1.8.0 + - name: podinfo + newName: my-podinfo + - name: podinfo + digest: sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3 + components: + - ../ingress + - ../tls + postBuild: + substitute: + cluster_env: "prod" + cluster_region: "eu-central-1" + substituteFrom: + - kind: ConfigMap + name: cluster-vars + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true + - kind: Secret + name: cluster-secret-vars + # Fail if this Secret does not exist. + kubeConfig: + secretRef: + name: "name" + value: "value" + decryption: + provider: sops + secretRef: + name: sops-keys + - name: kustomizations-2 + namespace: "default" + interval: "10s" + path: "manifests/application/base" + prune: true + timeout: "1m" + sourceRef: + kind: "GitRepository" + name: "mcp-blueprint-building-blocks" + dependsOn: + - name: chrome-hub-root-app +######################################################################################################################## +gitRepositorys: + - name: "mcp-blueprint-building-blocks" + namespace: "default" + spec: + interval: 1m + url: https://github.com/openmcp-project/blueprints + ref: + branch: main + secretRef: + name: github-tools-secret + kustomizations: + - name: "mcp-blueprint-building-blocks" + namespace: "default" + interval: 10s + path: "./manifests/templates/provider-btp-accounts.abc.shoot.live.k8s-hana.ondemand.com" + prune: true + timeout: 1m + dependsOn: + - name: cert-manager + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: backend + namespace: dev + retryInterval: "30s" + suspend: true + wait: false + serviceAccountName: "serviceAccountName" + commonMetadata: + labels: + a: "bc" + annotations: + d: "efg" + namePrefix: "prefix-" + nameSuffix: "-suffix" + force: true + patches: + - patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: not-used + spec: + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + target: + kind: Deployment + labelSelector: "app.kubernetes.io/part-of=my-app" + - patch: | + - op: add + path: /spec/template/spec/securityContext + value: + runAsUser: 10000 + fsGroup: 1337 + - op: add + path: /spec/template/spec/containers/0/securityContext + value: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + target: + kind: Deployment + name: podinfo + namespace: apps + images: + - name: podinfo + newName: my-registry/podinfo + newTag: v1 + - name: podinfo + newTag: 1.8.0 + - name: podinfo + newName: my-podinfo + - name: podinfo + digest: sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3 + components: + - ../ingress + - ../tls + postBuild: + substitute: + cluster_env: "prod" + cluster_region: "eu-central-1" + substituteFrom: + - kind: ConfigMap + name: cluster-vars + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true + - kind: Secret + name: cluster-secret-vars + # Fail if this Secret does not exist. + kubeConfig: + secretRef: + name: "name" + value: "value" + decryption: + provider: sops + secretRef: + name: sops-keys + - name: "mcp-blueprint-building-blocks-2" + namespace: "default" + targetNamespace: "default2" + interval: 10s + path: "./manifests/templates/provider-btp-accounts.abc.shoot.live.k8s-hana.ondemand.com" + prune: true + timeout: 1m +######################################################################################################################## +credentials: + - name: "github-tools-secret" + namespace: "default" + stringData: + username: username + password: password + data: [] +######################################################################################################################## diff --git a/helm/charts/mcp/flux-config/values.yaml b/helm/charts/mcp/flux-config/values.yaml new file mode 100644 index 0000000..b8a271c --- /dev/null +++ b/helm/charts/mcp/flux-config/values.yaml @@ -0,0 +1,145 @@ +--- +# @default -- - +defaults: + # -- default namespace value for *(optional)*`namespace` fields. + namespace: "default" + # -- targetNamespace sets or overrides the default namespace in the `kind: Kustomization` manifests. + targetNamespace: "default" +######################################################################################################################## +gitRepositorys: + # gitRepositorys[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` + namespace: "ns1" + # spec -- defines k8s `spec` structured value of `kind: GitRepository`. See [API broswer](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) + spec: + # -- [Interval](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) at which the GitRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. + interval: 1m + # -- [URL]() specifies the Git repository URL, it can be an HTTP/S or SSH address. + url: "" + # -- *(optional)* Reference specifies the Git reference to resolve and monitor for changes, defaults to the ‘master’ branch. + ref: + # -- *(optional)* [branch](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositoryRef) Branch to check out, defaults to ‘master’ if no other field is defined. e.g. "main" + branch: "" + # -- *(optional)* [SecretRef](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) specifies the Secret containing authentication credentials for the GitRepository. For HTTPS repositories the Secret must contain ‘username’ and ‘password’ fields for basic auth or ‘bearerToken’ field for token auth. For SSH repositories the Secret must contain ‘identity’ and ‘known_hosts’ fields. + secretRef: + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + name: "" + kustomizations: + # gitRepositorys[0].kustomizations[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` + namespace: "ns1" + # -- *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. + targetnamespace: "ns1" + # -- The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s + interval: + # -- *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" + path: "" + # -- [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false + prune: + # -- *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m + timeout: + # -- [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. + dependsOn: {} + # -- [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. + healthChecks: {} + # -- [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. + retryInterval: + # -- [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. + suspend: + # -- [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. + wait: + # -- [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. + serviceAccountName: + # -- [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. + commonMetadata: [] + # -- [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. + namePrefix: + # -- [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. + nameSuffix: + # -- [force](https://fluxcd.io/flux/components/kustomize/kustomizations/#force) is an *(optional)*boolean field. If set to true, the controller will replace the resources in-cluster if the patching fails due to immutable field changes. + force: + # -- [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. + patches: + # -- [images](https://fluxcd.io/flux/components/kustomize/kustomizations/#images) is an *(optional)*list used to specify Kustomize images. This allows overwriting the name, tag or digest of container images without creating patches. + images: {} + # -- [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. + components: {} + # -- [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution + postBuild: [] + # -- [kubeConfig](https://fluxcd.io/flux/components/kustomize/kustomizations/#kubeconfig-reference) KubeConfig reference + kubeConfig: [] + # -- [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. + decryption: [] +######################################################################################################################## +# -- defines independent [`kind: Kustomization`](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.Kustomization) manifest without the generation of `kind: GitRepository`. +kustomizations: + # kustomizations[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` + namespace: "ns1" + # -- *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. + targetnamespace: "ns1" + # -- The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s + interval: + # -- *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" + path: "" + # -- [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false + prune: + # -- *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m + timeout: + # -- [Reference](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.CrossNamespaceSourceReference) of the source where the kustomization file is. + sourceRef: + # -- string (Optional) API version of the referent. + apiVersion: "" + # -- string Kind of the referent. + kind: "GitRepository" + # -- string Name of the referent. + name: "" + # -- string (Optional) Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference. + namespace: "ns1" + # -- [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. + dependsOn: {} + # -- [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. + healthChecks: {} + # -- [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. + retryInterval: + # -- [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. + suspend: + # -- [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. + wait: + # -- [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. + serviceAccountName: + # -- [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. + commonMetadata: [] + # -- [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. + namePrefix: + # -- [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. + nameSuffix: + # -- [force](https://fluxcd.io/flux/components/kustomize/kustomizations/#force) is an *(optional)*boolean field. If set to true, the controller will replace the resources in-cluster if the patching fails due to immutable field changes. + force: + # -- [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. + patches: + # -- [images](https://fluxcd.io/flux/components/kustomize/kustomizations/#images) is an *(optional)*list used to specify Kustomize images. This allows overwriting the name, tag or digest of container images without creating patches. + images: {} + # -- [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. + components: {} + # -- [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution + postBuild: [] + # -- [kubeConfig](https://fluxcd.io/flux/components/kustomize/kustomizations/#kubeconfig-reference) KubeConfig reference + kubeConfig: [] + # -- [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. + decryption: [] +######################################################################################################################## +# @credentials -- :exclamation::exclamation: never EVER PUSH credentials in plain text into GIT :exclamation::exclamation: +credentials: + # credentials[0].name -- defines k8s `metadata.name` value of `kind: Secret` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` + namespace: "ns1" + # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. + stringData: [] + # -- *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 + data: [] +######################################################################################################################## diff --git a/helm/charts/mcp/k8s-validating-admission-policy/.ci.config.yaml b/helm/charts/mcp/k8s-validating-admission-policy/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/.helmignore b/helm/charts/mcp/k8s-validating-admission-policy/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml b/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml new file mode 100644 index 0000000..36ef619 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: v2 +name: k8s-validating-admission-policy +description: A Helm Chart to orchestrate k8s ValidatingAdmissionPolicy & ValidatingAdmissionPolicyBinding +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.3 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - "https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/" +# A SemVer range of compatible Kubernetes versions (optional) +kubeVersion: ">=1.20.0" +# Whether this chart is deprecated (optional, boolean) +deprecated: false +icon: "https://www.svgrepo.com/show/376331/kubernetes.svg" diff --git a/helm/charts/mcp/k8s-validating-admission-policy/README.md b/helm/charts/mcp/k8s-validating-admission-policy/README.md new file mode 100644 index 0000000..db928b7 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/README.md @@ -0,0 +1,30 @@ + + +# k8s-validating-admission-policy + +![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to orchestrate k8s ValidatingAdmissionPolicy & ValidatingAdmissionPolicyBinding + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=1.20.0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| validatingAdmissionPolicies | list | [] | [ValidatingAdmissionPolicy](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-v1/) describes the definition of an admission validation policy that accepts or rejects an object without changing it. | +| validatingAdmissionPolicies[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| validatingAdmissionPolicies[0].spec | list | [] | Specification of the desired behavior of the ValidatingAdmissionPolicy. [ValidatingAdmissionPolicySpec](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-v1/) is the specification of the desired behavior of the AdmissionPolicy. | +| validatingAdmissionPolicyBindings | list | [] | [ValidatingAdmissionPolicyBinding](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-binding-v1/) binds the ValidatingAdmissionPolicy with paramerized resources. | +| validatingAdmissionPolicyBindings[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| validatingAdmissionPolicyBindings[0].spec | list | [] | Specification of the desired behavior of the ValidatingAdmissionPolicyBinding. [ValidatingAdmissionPolicyBindingSpec](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-binding-v1/) is the specification of the ValidatingAdmissionPolicyBinding. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicy.yaml b/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicy.yaml new file mode 100644 index 0000000..92e60d0 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicy.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.validatingAdmissionPolicies }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: {{required "A valid value is required (.Values.validatingAdmissionPolicies[].name)" $item.name }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.validatingAdmissionPolicies[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicyBinding.yaml b/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicyBinding.yaml new file mode 100644 index 0000000..b351d2b --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicyBinding.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.validatingAdmissionPolicyBindings }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: {{required "A valid value is required (.Values.validatingAdmissionPolicyBindings[].name)" $item.name }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.validatingAdmissionPolicyBindings[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/values.ci.yaml b/helm/charts/mcp/k8s-validating-admission-policy/values.ci.yaml new file mode 100644 index 0000000..58df743 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/values.ci.yaml @@ -0,0 +1,38 @@ +--- +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################### +validatingAdmissionPolicies: + - name: "crossplane-helm-provider-config-if-secret-exists" + spec: + failurePolicy: Fail + paramKind: + kind: ProviderConfig + apiVersion: helm.crossplane.io/v1beta1 + matchConstraints: + resourceRules: + - apiGroups: [""] + apiVersions: ["v1"] + resources: ["secrets"] + operations: ["DELETE"] + validations: + - expression: | + ( + has(params.spec) && + has(params.spec.credentials) && + has(params.spec.credentials.secretRef) && + has(params.spec.credentials.secretRef.name) && + oldObject.metadata.name != params.spec.credentials.secretRef.name && + oldObject.metadata.namespace != params.spec.credentials.secretRef.namespace + ) + messageExpression: "'Secret %s cannot be deleted because its referenced in Kind:%s (%s) %s'.format([oldObject.metadata.name,params.kind,params.apiVersion,params.metadata.name])" + reason: "Invalid" +######################################################################################################### +validatingAdmissionPolicyBindings: + - name: "crossplane-helm-provider-config-secret-binding" + spec: + policyName: crossplane-helm-provider-config-if-secret-exists + validationActions: [Deny] + paramRef: + selector: {} + parameterNotFoundAction: "Allow" +################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/values.yaml b/helm/charts/mcp/k8s-validating-admission-policy/values.yaml new file mode 100644 index 0000000..93c3894 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/values.yaml @@ -0,0 +1,22 @@ +--- +######################################################################################################### +# -- [ValidatingAdmissionPolicy](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-v1/) describes the definition of an admission validation policy that accepts or rejects an object without changing it. +# @default -- [] +validatingAdmissionPolicies: + # validatingAdmissionPolicies[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- Specification of the desired behavior of the ValidatingAdmissionPolicy. + # [ValidatingAdmissionPolicySpec](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-v1/) is the specification of the desired behavior of the AdmissionPolicy. + # @default -- [] + spec: [] +######################################################################################################### +# -- [ValidatingAdmissionPolicyBinding](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-binding-v1/) binds the ValidatingAdmissionPolicy with paramerized resources. +# @default -- [] +validatingAdmissionPolicyBindings: + # validatingAdmissionPolicyBindings[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- Specification of the desired behavior of the ValidatingAdmissionPolicyBinding. + # [ValidatingAdmissionPolicyBindingSpec](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-binding-v1/) is the specification of the ValidatingAdmissionPolicyBinding. + # @default -- [] + spec: [] +######################################################################################################### diff --git a/helm/charts/mcp/sap-btp-services/.ci.config.yaml b/helm/charts/mcp/sap-btp-services/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/sap-btp-services/.helmignore b/helm/charts/mcp/sap-btp-services/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/sap-btp-services/Chart.yaml b/helm/charts/mcp/sap-btp-services/Chart.yaml new file mode 100644 index 0000000..b0e0076 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/Chart.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v2 +name: sap-btp-services +description: A Helm Chart to create dynamically SAP BTP Services instances and bindings. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.10 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.2.0" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - "https://github.com/SAP/sap-btp-service-operator" +# A SemVer range of compatible Kubernetes versions (optional) +kubeVersion: ">=1.20.0" +# Whether this chart is deprecated (optional, boolean) +deprecated: false +# The URL of this projects home page (optional) +home: "" +icon: "https://www.sap.com/content/dam/application/shared/logos/partner/powering-sap-btp-color-logo.svg" diff --git a/helm/charts/mcp/sap-btp-services/README.md b/helm/charts/mcp/sap-btp-services/README.md new file mode 100644 index 0000000..09608c2 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/README.md @@ -0,0 +1,36 @@ + + +# sap-btp-services + +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square) + +A Helm Chart to create dynamically SAP BTP Services instances and bindings. + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=1.20.0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | +| services[0].bindings[0].credentialsRotationPolicy.rotatedBindingTTL | string | `"1s"` | | +| services[0].bindings[0].credentialsRotationPolicy.rotationFrequency | string | `"1s"` | | +| services[0].bindings[0].name | string | `""` | | +| services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | +| services[0].bindings[0].secretName | string | `"secretName"` | | +| services[0].instance.name | string | `"name"` | | +| services[0].instance.parameters | string | `"parameters\n"` | | +| services[0].instance.serviceOfferingName | string | `"serviceOfferingName"` | | +| services[0].instance.servicePlanName | string | `"servicePlanName"` | | +| services[0].name | string | `""` | | +| services[0].namespace | string | `"default"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/sap-btp-services/templates/services-binding-services-cloud-sap.yaml b/helm/charts/mcp/sap-btp-services/templates/services-binding-services-cloud-sap.yaml new file mode 100644 index 0000000..cee0ed4 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/templates/services-binding-services-cloud-sap.yaml @@ -0,0 +1,24 @@ +{{- range $service := .Values.services }} + {{- if and ($service) (ne $service.name "") }} + {{- range $binding := $service.bindings }} + {{- if and ($binding) (ne $binding.name "") }} +--- +apiVersion: services.cloud.sap.com/v1alpha1 +kind: ServiceBinding +metadata: + name: {{required "A valid bindingName is required (.Values.services[].bindings[].name)" $binding.name }} + namespace: {{required "A valid namespace is required (.Values.services[].bindings[].namespace)" $service.namespace }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + serviceInstanceName: {{required "A valid instanceName is required (.Values.services[].instance.name)" $service.instance.name }} + secretName: {{required "A valid secretName is required (.Values.services[].bindings[].secretName)" $binding.secretName }} + parameters: + {{- toYaml $binding.parameters | nindent 4 }} + credentialsRotationPolicy: + {{- toYaml $binding.credentialsRotationPolicy | nindent 4 }} + {{- end}} + {{- end}} + {{- end}} +{{- end}} diff --git a/helm/charts/mcp/sap-btp-services/templates/services-instance-services-cloud-sap.yaml b/helm/charts/mcp/sap-btp-services/templates/services-instance-services-cloud-sap.yaml new file mode 100644 index 0000000..1358008 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/templates/services-instance-services-cloud-sap.yaml @@ -0,0 +1,18 @@ +{{- range $service := .Values.services }} + {{- if and ($service) (ne $service.name "") }} +--- +apiVersion: services.cloud.sap.com/v1alpha1 +kind: ServiceInstance +metadata: + name: {{required "A valid instanceName is required (.Values.services[].instance.name)" $service.instance.name }} + namespace: {{required "A valid namespace is required (.Values.services[].namespace)" $service.namespace }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + serviceOfferingName: {{required "A valid serviceOfferingName is required (.Values.services[].instance.serviceOfferingName)" $service.instance.serviceOfferingName }} + servicePlanName: {{required "A valid servicePlanName is required (.Values.services[].instance.servicePlanName)" $service.instance.servicePlanName }} + parameters: + {{- toYaml $service.instance.parameters | nindent 4 }} + {{- end}} +{{- end}} diff --git a/helm/charts/mcp/sap-btp-services/values.ci.yaml b/helm/charts/mcp/sap-btp-services/values.ci.yaml new file mode 100644 index 0000000..1e4fce0 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/values.ci.yaml @@ -0,0 +1,310 @@ +--- +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################### +services: + - name: "identityApplication" + namespace: "default" + instance: + name: "openmcp-op-cluster-ias" + serviceOfferingName: "identity" + servicePlanName: "application" + parameters: + oauth2-configuration: + redirect-uris: + - "https://*.../oauth2/callback" + - "https://*.../callback" + - "https://*.../*" + consumed-apis: [] + display-name: "" + multi-tenant: true + xsuaa-cross-consumption: true + bindings: + - name: "openmcp-op-cluster-ias" + secretName: "btp-ias" + parameters: + credential-type: SECRET + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 1h + ################################################################################## + - name: "identityApplicationServiceBroker" + namespace: "default" + instance: + name: "poc-ias-service-broker" + serviceOfferingName: "identity" + servicePlanName: "application" + parameters: + oauth2-configuration: + redirect-uris: + - "http://localhost:8080/oauth2/callback/*" + #post-logout-redirect-uris: + #- "https://*.{{ required "A valid gardener domain url is required!" .Values.domain }}/oauth2/sign_out" + #- "http://localhost:8080/oauth2/sign_out/*" + consumed-apis: [] + display-name: "poc-ias-service-broker" + multi-tenant: true + xsuaa-cross-consumption: true + catalog: + services: + - name: "poc-ias-service-broker" + id: "poc-ias-service-broker" + description: "POC IAS Service Broker" + bindable: true + bindings_retrievable: true + instances_retrievable: true + allow_context_updates: false + plan_updateable: false + tags: + - "tags" + metadata: + displayName: "poc-ias-service-broker" + longDescription: "POC IAS Service Broker" + #createBindingDocumentationUrl: + #createInstanceDocumentationUrl: + #documentationUrl: + #supportUrl: + #imageUrl: + sap: + tenant_aware: true + instance_isolation: false + plans: + - id: "plan-abc" + bindable: true + name: "Plan ABC" + description: "Plan ABC description" + # Learn more about [Polling Interval and Duration](https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#polling-interval-and-duration) + maximum_polling_duration: 5 + plan_updateable: false + metadata: + bullets: + - "bullets" + supportedPlatforms: + - kubernetes + - sapbtp + bindingData: + url: "" + #auto_service: + # type: service-manager + # subscribe_with_consuming_app: true + maintenance_info: + version: 0.0.1 + description: "description" + schemas: + service_instance: + create: + parameters: + $schema: 'http://json-schema.org/draft-04/schema#' + _show_form_view: false + additionalProperties: false + type: object + properties: {} + #required: + # - provision_ids + #_controlsOrder: + # - provision_ids + update: + parameters: + $schema: 'http://json-schema.org/draft-04/schema#' + _show_form_view: false + additionalProperties: false + type: object + required: + - kubeconfig_determination + properties: {} + service_binding: + create: + parameters: + $schema: 'http://json-schema.org/draft-04/schema#' + _show_form_view: false + additionalProperties: false + type: object + properties: {} + update: + parameters: + $schema: 'http://json-schema.org/draft-04/schema#' + _show_form_view: false + additionalProperties: false + type: object + bindings: + - name: "poc-ias-service-broker" + secretName: "poc-ias-service-broker" + parameters: + # @url: https://github.com/SAP/sap-btp-service-operator#credentials-rotation + #credential-type: SECRET + credential-type: X509_GENERATED + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 1h + ################################################################################## + - name: "xsuaaBroker" + namespace: "default" + instance: + name: "poc-xsuaa-service-broker" + serviceOfferingName: "xsuaa" + servicePlanName: "broker" + parameters: + xsappname: "poc-xsuaa-service-broker" + tenant-mode: "shared" + authorities: + - $XSAPPNAME.mtcallback + - $XSAPPNAME.mtdeployment + oauth2-configuration: + redirect-uris: + - "https://*/**" + role-templates: + - name: "TOKEN_EXCHANGE" + description: "Token exchange" + scope-references: + - "uaa.user" + - name: "MultitenancyCallbackRoleTemplate" + description: "Call callback-services of applications" + scope-references: + - "$XSAPPNAME.Callback" + scopes: + - description: "UAA" + name: uaa.user + - description: "With this scope set, the callbacks for tenant onboarding, offboarding and getDependencies can be called" + grant-as-authority-to-apps: + - $XSAPPNAME(application,sap-provisioning,tenant-onboarding) + name: $XSAPPNAME.Callback + - description: "Async callback to update the saas-registry (provisioning succeeded/failed)" + name: $XSAPPNAME.service.write + - description: Deploy applications + name: $XSAPPNAME.mtdeployment + - description: "Subscribe to applications" + grant-as-authority-to-apps: + - $XSAPPNAME(application,sap-provisioning,tenant-onboarding) + name: $XSAPPNAME.mtcallback + bindings: + - name: "test-xsuaa-service-broker" + secretName: "test-xsuaa-service-broker" + parameters: {} + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 1h + ################################################################################## + - name: "cloudLoggingStandardOperationCluster" + namespace: "default" + instance: + name: "openmcp-op-cluster-cls" + serviceOfferingName: "cloud-logging" + servicePlanName: "standard" + # -- cloud logging service config: list of parameter: https://pages.github.tools.sap/perfx/cloud-logging-service/consumption/service-configuration-parameters/ + parameters: + retentionPeriod: 14 + esApiEnabled: true + dataPrepperEnabled: true + ingest_otlp: + enabled: true + bindings: + - name: "openmcp-op-cluster-cls" + secretName: "btp-cls" + parameters: {} + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 1h + ################################################################################## + - name: "dynatraceEnvironmentOperationCluster" + namespace: "default" + instance: + name: "openmcp-op-cluster-dynatrace" + serviceOfferingName: "dynatrace" + servicePlanName: "environment" + parameters: + environment_name: "" # MUST BE SET and match the pattern ^[A-Z0-9]{1,16}$ + permission_assignments: + - name: Ketos Dynatrace Admin + roles: + - admin + - log_analytics + - name: Ketos Dynatrace Read-Only User + roles: + - user + - log_analytics + - name: Ketos Dynatrace sensitive-data User + roles: + - view_sensitive + - configure_sensitive + service_parameters: + skiperrors: 'true' + bindings: + - name: "openmcp-op-cluster-dynatrace-provider" + secretName: "openmcp-op-cluster-dynatrace-provider" + parameters: + tokens: + - name: apiToken + # -- https://docs.dynatrace.com/docs/manage/access-control/access-tokens#scopes + scopes: + - "entities.read" + - "entities.write" + - "metrics.read" + - "metrics.write" + - "networkZones.read" + - "networkZones.write" + - "problems.read" + - "problems.write" + - "releases.read" + - "securityProblems.read" + - "securityProblems.write" + - "settings.read" + - "settings.write" + - "slo.read" + - "slo.write" + - "releases.read" + - "auditLogs.read" + - "geographicRegions.read" + - "syntheticExecutions.read" + - "syntheticExecutions.write" + - "credentialVault.read" + - "credentialVault.write" + - "ReadConfig" + - "WriteConfig" + - "DataExport" + - "ExternalSyntheticIntegration" + - "ReadSyntheticData" + - "DataPrivacy" + - "DTAQLAccess" + - "UserSessionAnonymization" + - "DssFileManagement" + - "RumJavaScriptTagManagement" + - "ActiveGateCertManagement" + - "DataImport" + - "RestRequestForwarding" + - "CaptureRequestData" + - "LogExport" + - "RumBrowserExtension" + - "oneAgents.read" + - "oneAgents.write" + - "InstallerDownload" + credentialsRotationPolicy: + enabled: true + rotationFrequency: 2160h #90 days + rotatedBindingTTL: 48h + - enable: true + name: "openmcp-op-cluster-dynatrace-operator" + secretName: "openmcp-op-cluster-dynatrace-operator" + parameters: + tokens: + - name: apiToken + scopes: + - InstallerDownload + - DataExport + - entities.read + - settings.read + - settings.write + - activeGateTokenManagement.create + - name: dataIngestToken + scopes: + - events.ingest + - logs.ingest + - metrics.ingest + - openTelemetryTrace.ingest + credentialsRotationPolicy: + enabled: true + rotationFrequency: 2160h #90 days + rotatedBindingTTL: 48h + ################################################################################## diff --git a/helm/charts/mcp/sap-btp-services/values.yaml b/helm/charts/mcp/sap-btp-services/values.yaml new file mode 100644 index 0000000..7ed180c --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/values.yaml @@ -0,0 +1,23 @@ +--- +######################################################################################################### +### !!! FOLLOWING serviceS SHOULD NEVER BE ENABLED BY DEFAULT! USE THEM AS TEMPLATE FOR YOUR REMOTE CLUSTER CONFIG !!! +######################################################################################################### +services: + - name: "" + namespace: "default" + instance: + name: "name" + serviceOfferingName: "serviceOfferingName" + servicePlanName: "servicePlanName" + parameters: | + parameters + bindings: + - name: "" + secretName: "secretName" + parameters: + credential-type: SECRET + credentialsRotationPolicy: + enabled: true + rotationFrequency: 1s + rotatedBindingTTL: 1s +################################################################################## diff --git a/helm/charts/test-custom-chart/.ci.config.yaml b/helm/charts/test-custom-chart/.ci.config.yaml new file mode 100644 index 0000000..a68a295 --- /dev/null +++ b/helm/charts/test-custom-chart/.ci.config.yaml @@ -0,0 +1,37 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true #false + +# pipeline feature flags +yamllint: # not implemented yet! + enable: false +helm-docs: + enable: true # default is true, even if you do NOT declare this feature flag! + options: + --badge-style: "flat-square" # badge style to use for charts (default "flat-square") + --document-dependency-values: true # For charts with dependencies, include the dependency values in the chart values documentation + --documentation-strict-mode: false # Fail the generation of docs if there are undocumented values + --skip-version-footer: false # if true the helm-docs version footer will not be shown in the default README template + --sort-values-order: "file" # order in which to sort the values table ("alphanum" or "file") (default "alphanum") + --output-file: "README.md" # markdown file path relative to each chart directory to which rendered documentation will be written (default "README.md") +helm-chart-linting: + enable: true # default is true, even if you do NOT declare this feature flag! + options: + --strict: true # fail on lint warnings (default true) + --with-subcharts: false # lint dependent charts (default true) +helm-chart-validation: + enable: true # default is true, even if you do NOT declare this feature flag! + options: + --skip-crds: false # if set, no CRDs will be installed. By default, CRDs are installed if not already present (default false) + --skip-tests: false # skip tests from templated output (default false) + --include-crds: false # include CRDs in the templated output (default false) + --debug: false # enable verbose output (default false) + --dependency-update: true # update dependencies if they are missing before installing the chart (default true) +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: true + options: + --skip-crds: true # if set, no CRDs will be installed. By default, CRDs are installed if not already present (default true) \ No newline at end of file diff --git a/helm/charts/test-custom-chart/.helmignore b/helm/charts/test-custom-chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/test-custom-chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/test-custom-chart/Chart.yaml b/helm/charts/test-custom-chart/Chart.yaml new file mode 100644 index 0000000..14d3496 --- /dev/null +++ b/helm/charts/test-custom-chart/Chart.yaml @@ -0,0 +1,33 @@ +apiVersion: v2 +name: test-custom-chart +description: A Helm chart to test github action and workflows. NOTHING MORE! +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" +dependencies: + # see https://helm.sh/docs/helm/helm_dependency/#synopsis + - name: sap-btp-services + version: ~0.x.x + repository: "file://../mcp/sap-btp-services" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprint-building-blocks" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/test-custom-chart/README.md b/helm/charts/test-custom-chart/README.md new file mode 100644 index 0000000..a3c09d3 --- /dev/null +++ b/helm/charts/test-custom-chart/README.md @@ -0,0 +1,83 @@ + + +# test-custom-chart + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +A Helm chart to test github action and workflows. NOTHING MORE! + +**Homepage:** + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../mcp/sap-btp-services | sap-btp-services | ~0.x.x | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| sap-btp-services.services[0].name | string | `"identityApplication"` | | +| sap-btp-services.services[0].namespace | string | `"default"` | | +| sap-btp-services.services[0].instance.name | string | `"openmcp-op-cluster-ias"` | | +| sap-btp-services.services[0].instance.serviceOfferingName | string | `"identity"` | | +| sap-btp-services.services[0].instance.servicePlanName | string | `"application"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[0] | string | `"https://*.../oauth2/callback"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[1] | string | `"https://*.../callback"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[2] | string | `"https://*.../*"` | | +| sap-btp-services.services[0].instance.parameters.consumed-apis | list | `[]` | | +| sap-btp-services.services[0].instance.parameters.display-name | string | `""` | | +| sap-btp-services.services[0].instance.parameters.multi-tenant | bool | `true` | | +| sap-btp-services.services[0].instance.parameters.xsuaa-cross-consumption | bool | `true` | | +| sap-btp-services.services[0].bindings[0].name | string | `"openmcp-op-cluster-ias"` | | +| sap-btp-services.services[0].bindings[0].secretName | string | `"btp-ias"` | | +| sap-btp-services.services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotationFrequency | string | `"480h"` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotatedBindingTTL | string | `"2h"` | | +| replicaCount | int | `1` | replication count | +| image.repository | string | `"nginx"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| nameOverride | string | `""` | name override | +| fullnameOverride | string | `""` | full name override | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.name | string | `""` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| securityContext | object | `{}` | | +| service.type | string | `"ClusterIP"` | | +| service.port | int | `80` | | +| ingress.enabled | bool | `false` | | +| ingress.className | string | `""` | | +| ingress.annotations | object | `{}` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| resources | object | `{}` | | +| livenessProbe.httpGet.path | string | `"/"` | | +| livenessProbe.httpGet.port | string | `"http"` | | +| readinessProbe.httpGet.path | string | `"/"` | | +| readinessProbe.httpGet.port | string | `"http"` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| volumes | list | `[]` | | +| volumeMounts | list | `[]` | | +| nodeSelector | object | `{}` | | +| tolerations | list | `[]` | | +| affinity | object | `{}` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/test-custom-chart/templates/NOTES.txt b/helm/charts/test-custom-chart/templates/NOTES.txt new file mode 100644 index 0000000..d10e6ce --- /dev/null +++ b/helm/charts/test-custom-chart/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "custom-chart.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "custom-chart.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "custom-chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "custom-chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/_helpers.tpl b/helm/charts/test-custom-chart/templates/_helpers.tpl new file mode 100644 index 0000000..75c1c9d --- /dev/null +++ b/helm/charts/test-custom-chart/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "custom-chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "custom-chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "custom-chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "custom-chart.labels" -}} +helm.sh/chart: {{ include "custom-chart.chart" . }} +{{ include "custom-chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom-chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "custom-chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "custom-chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "custom-chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/deployment.yaml b/helm/charts/test-custom-chart/templates/deployment.yaml new file mode 100644 index 0000000..5d9945b --- /dev/null +++ b/helm/charts/test-custom-chart/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "custom-chart.fullname" . }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "custom-chart.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "custom-chart.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "custom-chart.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/charts/test-custom-chart/templates/hpa.yaml b/helm/charts/test-custom-chart/templates/hpa.yaml new file mode 100644 index 0000000..8c375c9 --- /dev/null +++ b/helm/charts/test-custom-chart/templates/hpa.yaml @@ -0,0 +1,34 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "custom-chart.fullname" . }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "custom-chart.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/ingress.yaml b/helm/charts/test-custom-chart/templates/ingress.yaml new file mode 100644 index 0000000..566cc82 --- /dev/null +++ b/helm/charts/test-custom-chart/templates/ingress.yaml @@ -0,0 +1,63 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "custom-chart.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/service.yaml b/helm/charts/test-custom-chart/templates/service.yaml new file mode 100644 index 0000000..a25454a --- /dev/null +++ b/helm/charts/test-custom-chart/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "custom-chart.fullname" . }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "custom-chart.selectorLabels" . | nindent 4 }} diff --git a/helm/charts/test-custom-chart/templates/serviceaccount.yaml b/helm/charts/test-custom-chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..59164a2 --- /dev/null +++ b/helm/charts/test-custom-chart/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "custom-chart.serviceAccountName" . }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/tests/test-connection.yaml b/helm/charts/test-custom-chart/templates/tests/test-connection.yaml new file mode 100644 index 0000000..d7ba2da --- /dev/null +++ b/helm/charts/test-custom-chart/templates/tests/test-connection.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "custom-chart.fullname" . }}-test-connection" + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "custom-chart.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/charts/test-custom-chart/values.yaml b/helm/charts/test-custom-chart/values.yaml new file mode 100644 index 0000000..58c351c --- /dev/null +++ b/helm/charts/test-custom-chart/values.yaml @@ -0,0 +1,136 @@ +# Default values for custom-chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +sap-btp-services: + services: + - name: "identityApplication" + namespace: "default" + instance: + name: "openmcp-op-cluster-ias" + serviceOfferingName: "identity" + servicePlanName: "application" + parameters: + oauth2-configuration: + redirect-uris: + - "https://*.../oauth2/callback" + - "https://*.../callback" + - "https://*.../*" + consumed-apis: [] + display-name: "" + multi-tenant: true + xsuaa-cross-consumption: true + bindings: + - name: "openmcp-op-cluster-ias" + secretName: "btp-ias" + parameters: + credential-type: SECRET + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 2h +# -- replication count +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +# -- name override +nameOverride: "" +# -- full name override +fullnameOverride: "" + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: / + port: http +readinessProbe: + httpGet: + path: / + port: http + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml new file mode 100644 index 0000000..3611690 --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml @@ -0,0 +1,19 @@ +--- +# Source: test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml +apiVersion: services.cloud.sap.com/v1alpha1 +kind: ServiceBinding +metadata: + name: openmcp-op-cluster-ias + namespace: default + labels: + openmcp.cloud/blueprint-building-block: "sap-btp-services" + openmcp.cloud/blueprint-building-block-version: "0.0.10" +spec: + serviceInstanceName: openmcp-op-cluster-ias + secretName: btp-ias + parameters: + credential-type: SECRET + credentialsRotationPolicy: + enabled: true + rotatedBindingTTL: 2h + rotationFrequency: 480h diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml new file mode 100644 index 0000000..5118db8 --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml @@ -0,0 +1,23 @@ +--- +# Source: test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml +apiVersion: services.cloud.sap.com/v1alpha1 +kind: ServiceInstance +metadata: + name: openmcp-op-cluster-ias + namespace: default + labels: + openmcp.cloud/blueprint-building-block: "sap-btp-services" + openmcp.cloud/blueprint-building-block-version: "0.0.10" +spec: + serviceOfferingName: identity + servicePlanName: application + parameters: + consumed-apis: [] + display-name: "" + multi-tenant: true + oauth2-configuration: + redirect-uris: + - https://*.../oauth2/callback + - https://*.../callback + - https://*.../* + xsuaa-cross-consumption: true diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml new file mode 100644 index 0000000..030ece4 --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml @@ -0,0 +1,52 @@ +--- +# Source: test-custom-chart/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helm-release-name-test-custom-chart + labels: + openmcp.cloud/blueprint-building-block: "test-custom-chart" + openmcp.cloud/blueprint-building-block-version: "0.0.9" + helm.sh/chart: test-custom-chart-0.0.9 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + template: + metadata: + labels: + helm.sh/chart: test-custom-chart-0.0.9 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm + spec: + serviceAccountName: helm-release-name-test-custom-chart + securityContext: + {} + containers: + - name: test-custom-chart + securityContext: + {} + image: "nginx:1.16.0" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {} diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml new file mode 100644 index 0000000..258fc8b --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: test-custom-chart/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: helm-release-name-test-custom-chart + labels: + openmcp.cloud/blueprint-building-block: "test-custom-chart" + openmcp.cloud/blueprint-building-block-version: "0.0.9" + helm.sh/chart: test-custom-chart-0.0.9 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..8e4af5b --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +--- +# Source: test-custom-chart/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: helm-release-name-test-custom-chart + labels: + openmcp.cloud/blueprint-building-block: "test-custom-chart" + openmcp.cloud/blueprint-building-block-version: "0.0.9" + helm.sh/chart: test-custom-chart-0.0.9 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml new file mode 100644 index 0000000..954c6fd --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml @@ -0,0 +1,23 @@ +--- +# Source: test-custom-chart/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "helm-release-name-test-custom-chart-test-connection" + labels: + openmcp.cloud/blueprint-building-block: "test-custom-chart" + openmcp.cloud/blueprint-building-block-version: "0.0.9" + helm.sh/chart: test-custom-chart-0.0.9 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['helm-release-name-test-custom-chart:80'] + restartPolicy: Never diff --git a/scripts/ci/git-tags-rename.sh b/scripts/ci/git-tags-rename.sh new file mode 100755 index 0000000..9f7abd0 --- /dev/null +++ b/scripts/ci/git-tags-rename.sh @@ -0,0 +1,27 @@ +#!/bin/bash +################################################################### +#Script Name : Renaming Git Tags +#Description : Renames Git Tags with "/" to "-" +#Args : - +#Hint : This script is not meant for any pipeline just for cleanup! +################################################################### +# Fetch all tags from the remote +git fetch --tags + +# Get all tags +tags=$(git tag) + +# Loop through each tag +for tag in $tags; do + # Check if the tag contains "/" + if [[ "$tag" == *"/"* ]]; then + # Replace "/" with "-" + new_tag=$(echo "$tag" | tr '/' '-') + echo "new: $new_tag old: $tag" + # Rename the tag + git tag "$new_tag" "$tag" + git tag -d "$tag" + git push origin :"$tag" + git push origin "$new_tag" + fi +done diff --git a/scripts/ci/github-releases-delete.sh b/scripts/ci/github-releases-delete.sh new file mode 100755 index 0000000..8970c5b --- /dev/null +++ b/scripts/ci/github-releases-delete.sh @@ -0,0 +1,40 @@ +#!/bin/bash +################################################################### +# Script Name : github-releases-delete.sh +# Description : This script deletes all GitHub releases in a repository. +# Args : --limit (optional) - The maximum number of releases to fetch. +################################################################### + +# Default limit +LIMIT=100 + +# Parse optional arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + --limit) + LIMIT="$2" + shift + ;; + *) + echo "Unknown parameter passed: $1" + exit 1 + ;; + esac + shift +done + +# Ensure the GitHub CLI is authenticated +gh auth login --with-token <(echo "$GITHUB_TOKEN") + +echo "Fetch all releases (limit: $LIMIT)..." +releases=$(gh release list --limit "$LIMIT" --json tagName --jq '.[].tagName') + +# Loop through each release and delete it +count=0 +for release in $releases; do + echo "Deleting release: $release" + gh release delete "$release" --yes + count=$((count + 1)) +done + +echo "All $count releases have been deleted." diff --git a/scripts/ci/shellcheck-install.sh b/scripts/ci/shellcheck-install.sh new file mode 100755 index 0000000..66558b9 --- /dev/null +++ b/scripts/ci/shellcheck-install.sh @@ -0,0 +1,37 @@ +#!/bin/bash +################################################################### +#Script Name : Shell Check +#Description : Validates Bash / Shell Scripts +#Args : - +#Hint : execute this script from github repository root! +################################################################### +cmd="shellcheck" +################################################################### +# https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-commands-for-github-actions#example-grouping-log-lines +echo "::group:: $(pwd)" + +if [ -n "$GITHUB_WORKSPACE" ]; then + cd "${GITHUB_WORKSPACE}" || exit + cmd="./shellcheck-v${VERSION}/${cmd}" + + if [ -z "${VERSION}" ]; then + echo "::error file={.github/workflows/shellcheck.yaml},line={1},endLine={1},title=Setup::env.VERSION needs to be set!" + echo "::endgroup::" + exit 1 + fi + + if ! curl -sLO "https://github.com/koalaman/shellcheck/releases/download/v${VERSION}/shellcheck-v${VERSION}.linux.x86_64.tar.xz"; then + echo "::error file={.github/workflows/shellcheck.yaml},line={1},endLine={1},title=Setup::ERROR downloading https://github.com/koalaman/shellcheck/releases/download/v${VERSION}/shellcheck-v${VERSION}.linux.x86_64.tar.xz!" + echo "::endgroup::" + exit 1 + fi + + if ! tar -xf "shellcheck-v${VERSION}.linux.x86_64.tar.xz"; then + echo "::error file={.github/workflows/shellcheck.yaml},line={1},endLine={1},title=Setup::ERROR unpacking shellcheck-v${VERSION}.linux.x86_64.tar.xz!" + echo "::endgroup::" + exit 1 + fi +fi +echo "\$ ${cmd} -V" +${cmd} -V +echo "::endgroup::" \ No newline at end of file diff --git a/scripts/ci/shellcheck.sh b/scripts/ci/shellcheck.sh new file mode 100755 index 0000000..c334774 --- /dev/null +++ b/scripts/ci/shellcheck.sh @@ -0,0 +1,69 @@ +#!/bin/bash +################################################################### +#Script Name : Shell Check +#Description : Validates Bash / Shell Scripts +#Args : - +#Hint : execute this script from github repository root! +################################################################### +# shellcheck disable=SC1091 +source "$(pwd)/.github/actions/shared-variables.sh" +declare resultPwd newLineString exitCode msgEverythingIsFine + +set +e +echo "The script you are running has:" +echo "basename: [$(basename "$0")]" +echo "dirname : [$(dirname "$0")]" +echo "pwd : [$(pwd)]" + +cmd="shellcheck" +################################################################### +resultPwd=$(pwd) +if [ -n "$GITHUB_WORKSPACE" ]; then + cmd="./shellcheck-v${VERSION}/${cmd}" +fi +################################################################### +declare -a filesToRemove=("spellcheck-parsable.txt") +REMOVE_FILES_IF_EXISTS "$resultPwd" "${filesToRemove[@]}" + +################################################################### +for dir in $(find . -type f -name '*.sh' | sed -r 's|/[^/]+$||' | sort | uniq); do + cmdFat="${cmd} ${dir}/*.sh -a" + { + echo "$newLineString" + echo "Use command to run this check on your local machine!" + echo -e "$cmdFat\n" + } >> "${resultPwd}/pr-status-check-human-friendly.txt" + + echo "\$ $cmdFat" + eval "$cmdFat" >>"${resultPwd}/pr-status-check-human-friendly.txt" + tempQ=$? + if [ $tempQ != 0 ]; then + exitCode=$tempQ + jsonResult=$( ${cmd} "${dir}"/*.sh -f json -a ) + echo "$jsonResult" >> "spellcheck-parsable.txt" 2>&1 + + jq -c '.[]' <<< "$jsonResult" | while read -r i; do + # shellcheck disable=SC2001 + i=$( sed 's/"""/""/g' <<< "$i" ) + + file=$(jq -r '.file' <<< "$i"); + file=$( sed -r 's/\.\///g' <<< "$file" ) + line=$(jq -r '.line' <<< "$i"); + endLine=$(jq -r '.endLine' <<< "$i"); + level=$(jq -r '.level' <<< "$i"); + message=$(jq -r '.message' <<< "$i"); + + case $level in + info | style) + level="notice" + ;; + esac + echo "::${level} file=$file,line=$line,endLine=$endLine::$message" >> "${resultPwd}/github-workflow-commands.txt" + done + else + echo "$msgEverythingIsFine" >> "${resultPwd}/pr-status-check-human-friendly.txt" + fi + +done +exit "$exitCode" +################################################################### \ No newline at end of file diff --git a/scripts/ci/test-parse-yamllint-output.sh b/scripts/ci/test-parse-yamllint-output.sh new file mode 100755 index 0000000..b510a78 --- /dev/null +++ b/scripts/ci/test-parse-yamllint-output.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# helm-template-app-in-app.yaml +# 25:12 error trailing spaces (trailing-spaces) +# 32:16 warning too few spaces before comment (comments) +# 33:19 warning too few spaces before comment (comments) +# 34:22 warning too few spaces before comment (comments) +while read -r item +do + #echo "${item}" + # Set comma as delimiter + IFS=':' + #Read the split words into an array based on comma delimiter + read -ra strarr <<< "${item}" + msg=$(sed -E 's/^\s+//' <<<"${strarr[3]}") + #echo ${strarr[0]} ${strarr[1]} ${strarr[2]} ${strarr[3]} + line=${strarr[1]} + file=${strarr[0]} + if [ "$line" == 1 ]; then + helmChartFile=$(eval head "$file" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11-) + helmChartLine=$line + else + helmChartFile=$(eval head -"${line}" "$file" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11-) + startLine=$(eval head -"${line}" "$file" | grep "# Source:" --line-number | tac | awk '{print;exit}' | cut -d : -f 1) + # shellcheck disable=SC2003 + helmChartLine=$(expr "$line" - "$startLine") + fi + if [[ "$helmChartFile" == *"/charts/"* ]]; then + continue + fi + level=$(awk '{ sub(/.*\[/, ""); sub(/\].*/, ""); print }' <<< "$msg") + echo "$level Helm Chart File $helmChartFile Line ${helmChartLine} ($line - $startLine):${msg}" + #echo "::${level} file=helm/charts/$helmChartFile,line=$helmChartLine,endLine=$helmChartLine::$msg" + #echo "--------------------------------------" +done < "yamllint-parsable.txt" + diff --git a/scripts/ci/yamllint.sh b/scripts/ci/yamllint.sh new file mode 100755 index 0000000..4efd7f8 --- /dev/null +++ b/scripts/ci/yamllint.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +################################################################### +#script name : yamllint +#description : Install tac "brew install coreutils" +# +#args : - +################################################################### +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +# shellcheck disable=SC1091 +source "$SCRIPT_DIR"/shared-variables.sh +declare resultPwd newLineString helmChartListTemplatedManifestsFileName exitCode msgHelpStart msgEverythingIsFine + +set +e +echo "$newLineString" +echo "The script you are running has:" +echo "basename: [$(basename "$0")]" +echo "dirname : [$(dirname "$0")]" +echo "pwd : [$(pwd)]" +echo "bash -v : [$(/bin/bash --version)]" +# https://github.com/zegl/yamllint +cmd="yamllint" +################################################################### +# Check if run in Github Action Runner +if [ -n "$GITHUB_WORKSPACE" ]; then + cmd="/home/runner/.local/bin/${cmd}" + + python -m build + + if ! pip install --user "${GITHUB_WORKSPACE}/scripts/ci/yamllint-1.32.0.tar"; then + echo "!!! ERROR installing yamllint !!!" + exit 1 + fi + +fi +################################################################### +echo "$newLineString" +echo "\$ ${cmd} -v" +${cmd} -v +echo "$newLineString" +################################################################### +declare -a filesToRemove=("yamllint-parsable.txt") +REMOVE_FILES_IF_EXISTS "$resultPwd" "${filesToRemove[@]}" + +ASSERT_FILE_EXISTS_WITH_MSG "$resultPwd" "$helmChartListTemplatedManifestsFileName" "Run helm-chart-listing.sh first!!" + +echo -e "$msgHelpStart && $(dirname "$0")/$(basename "$0")" >> "${resultPwd}/pr-status-check-human-friendly.txt" + +while read -r helmManifestFile +do + + cmdFat="$cmd $helmManifestFile -c .github/.yamllint.config.yaml --strict -f standard" + echo "\$ $cmdFat" + eval "$cmdFat" + tempQ=$? + if [ $tempQ != 0 ]; then + + { + echo "$newLineString" + echo "Use command to run this check on your local machine!" + echo -e "$cmdFat\n" + } >> "${resultPwd}/pr-status-check-human-friendly.txt" + + parsableResult=$(eval ${cmd} "${helmManifestFile}" -c .github/.yamllint.config.yaml --strict -f parsable) + while read -r item + do + #Read the split words into an array based on comma delimiter + IFS=':' ; read -ra strarr <<< "$item" + msg=$(sed -E 's/^\s+//' <<<"${strarr[3]}") + line=${strarr[1]} + file=${strarr[0]} + if [ "$line" == 1 ]; then + # eval head "helm-template-cloud-orchestration-control-plane.yaml" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11- + helmChartFile=$(eval head "$file" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11-) + helmChartLine=$line + else + helmChartFile=$(eval head -"${line}" "$file" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11-) + startLine=$(eval head -"${line}" "$file" | grep "# Source:" --line-number | tac | awk '{print;exit}' | cut -d : -f 1) + # shellcheck disable=SC2003 + helmChartLine=$(expr "$line" - "$startLine") + fi + if [[ "$helmChartFile" == *"/charts/"* ]]; then + echo "$msgEverythingIsFine for $helmChartFile" >> "${resultPwd}/pr-status-check-human-friendly.txt" + continue + fi + level=$(awk '{ sub(/.*\[/, ""); sub(/\].*/, ""); print }' <<< "$msg") + echo "file: $helmChartFile line:≈±${helmChartLine} - ${msg}" >> "${resultPwd}/pr-status-check-human-friendly.txt" + echo "file: $file line:${line} - ${msg}" >> "${resultPwd}/pr-status-check-human-friendly.txt" + echo "::${level} file=helm/charts/$helmChartFile,line=$helmChartLine,endLine=$helmChartLine::$msg" >> "${resultPwd}/github-workflow-commands.txt" + exitCode=$tempQ + done <<< "${parsableResult}" + echo "${parsableResult}" >> "${resultPwd}/yamllint-parsable.txt" + fi + + echo "$newLineString" + +done < "${helmChartListTemplatedManifestsFileName}" +exit "$exitCode" +################################################################### \ No newline at end of file