From 0d178c39e61e92be7181a87de7415e58a6118416 Mon Sep 17 00:00:00 2001 From: Sebastian Domarecki Date: Thu, 13 Mar 2025 14:06:39 +0100 Subject: [PATCH 01/94] reuse --- .reuse/dep5 | 29 ----------------------------- REUSE.toml | 11 +++++++++++ reuse.spdx | 28 ++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 29 deletions(-) delete mode 100644 .reuse/dep5 create mode 100644 REUSE.toml create mode 100644 reuse.spdx diff --git a/.reuse/dep5 b/.reuse/dep5 deleted file mode 100644 index 6586e1e..0000000 --- a/.reuse/dep5 +++ /dev/null @@ -1,29 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: blueprint-building-blocks -Upstream-Contact: ospo@sap.com -Source: https://github.com/openmcp-project/blueprint-building-blocks -Disclaimer: The code in this project may include calls to APIs ("API Calls") of - SAP or third-party products or services developed outside of this project - ("External Products"). - "APIs" means application programming interfaces, as well as their respective - specifications and implementing code that allows software to communicate with - other software. - API Calls to External Products are not licensed under the open source license - that governs this project. The use of such API Calls and related External - Products are subject to applicable additional agreements with the relevant - provider of the External Products. In no event shall the open source license - that governs this project grant any rights in or to any External Products,or - alter, expand or supersede any terms of the applicable additional agreements. - If you have a valid license agreement with SAP for the use of a particular SAP - External Product, then you may make use of any API Calls included in this - project's code for that SAP External Product, subject to the terms of such - license agreement. If you do not have a valid license agreement for the use of - a particular SAP External Product, then you may only make use of any API Calls - in this project for that SAP External Product for your internal, non-productive - and non-commercial test and evaluation of such API Calls. Nothing herein grants - you any rights to use or access any SAP External Product, or provide any third - parties the right to use of access any SAP External Product, through API Calls. - -Files: * -Copyright: 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors -License: Apache-2.0 \ No newline at end of file diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 0000000..efecdd3 --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,11 @@ +version = 1 +SPDX-PackageName = "blueprint-building-blocks" +SPDX-PackageSupplier = "ospo@sap.com" +SPDX-PackageDownloadLocation = "https://github.com/openmcp-project/blueprint-building-blocks" +SPDX-PackageComment = "The code in this project may include calls to APIs (\"API Calls\") of\n SAP or third-party products or services developed outside of this project\n (\"External Products\").\n \"APIs\" means application programming interfaces, as well as their respective\n specifications and implementing code that allows software to communicate with\n other software.\n API Calls to External Products are not licensed under the open source license\n that governs this project. The use of such API Calls and related External\n Products are subject to applicable additional agreements with the relevant\n provider of the External Products. In no event shall the open source license\n that governs this project grant any rights in or to any External Products,or\n alter, expand or supersede any terms of the applicable additional agreements.\n If you have a valid license agreement with SAP for the use of a particular SAP\n External Product, then you may make use of any API Calls included in this\n project's code for that SAP External Product, subject to the terms of such\n license agreement. If you do not have a valid license agreement for the use of\n a particular SAP External Product, then you may only make use of any API Calls\n in this project for that SAP External Product for your internal, non-productive\n and non-commercial test and evaluation of such API Calls. Nothing herein grants\n you any rights to use or access any SAP External Product, or provide any third\n parties the right to use of access any SAP External Product, through API Calls." + +[[annotations]] +path = "**" +precedence = "aggregate" +SPDX-FileCopyrightText = "2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors" +SPDX-License-Identifier = "Apache-2.0" diff --git a/reuse.spdx b/reuse.spdx new file mode 100644 index 0000000..1a88664 --- /dev/null +++ b/reuse.spdx @@ -0,0 +1,28 @@ +SPDXVersion: SPDX-2.1 +DataLicense: CC0-1.0 +SPDXID: SPDXRef-DOCUMENT +DocumentName: blueprint-building-blocks +DocumentNamespace: http://spdx.org/spdxdocs/spdx-v2.1-d8ff899e-62fa-42dd-a1aa-fcd06c45b1db +Creator: Person: Anonymous () +Creator: Organization: Anonymous () +Creator: Tool: reuse-5.0.2 +Created: 2025-03-13T13:04:04Z +CreatorComment: This document was created automatically using available reuse information consistent with REUSE. +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-4838f7c16598a2da436b28259c93e38b +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-828bf8e1370ac6feaed9d6ebb8aa3737 + +FileName: ./CONTRIBUTING.md +SPDXID: SPDXRef-4838f7c16598a2da436b28259c93e38b +FileChecksum: SHA1: 517f021cf975adeb467e195b785b775ab133a1e7 +LicenseConcluded: NOASSERTION +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors + +FileName: ./README.md +SPDXID: SPDXRef-828bf8e1370ac6feaed9d6ebb8aa3737 +FileChecksum: SHA1: 9f9ce2dc7f6cf67abda08a0eec169e933a00aa59 +LicenseConcluded: NOASSERTION +LicenseInfoInFile: Apache-2.0 +FileCopyrightText: 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors +Copyright 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors. Please see our [LICENSE](LICENSE) for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/openmcp-project/blueprint-building-blocks). + From 50be4e9fadae5bd2875f5a5cb38a2167636e841f Mon Sep 17 00:00:00 2001 From: Sebastian Domarecki Date: Thu, 13 Mar 2025 14:24:48 +0100 Subject: [PATCH 02/94] License update --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 261eeb9..89c143f 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright [yyyy] [name of copyright owner] + Copyright 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. From 36eb194064fe3164476b1134d109443dfd6bfe48 Mon Sep 17 00:00:00 2001 From: Sebastian Domarecki Date: Wed, 19 Mar 2025 10:06:29 +0100 Subject: [PATCH 03/94] Migration --- .github/.yamllint.config.yaml | 46 ++ .github/ISSUE_TEMPLATE/bug_report.md | 16 + .github/ISSUE_TEMPLATE/enhancement_request.md | 10 + .github/actions/git-release-create/action.yml | 40 ++ .../git-release-create/git-release-fix.sh | 50 ++ .../git-tag-modified-helm-chart/action.yml | 40 ++ .../git-tag-modified-helm-chart.sh | 112 ++++ .github/actions/shared-variables.sh | 52 ++ .github/renovate.json | 37 ++ .github/workflows/gh-pages-release.yml | 27 + .github/workflows/git-pr-status-checks.yml | 13 + .github/workflows/git-release-create.yml | 21 + .../workflows/git-tag-modified-helm-chart.yml | 15 + .../pr-status-checks-workflow-call-fork.yml | 16 + .../pr-status-checks-workflow-call.yml | 16 + .github/workflows/release.yml | 54 ++ .github/workflows/shellcheck.yaml | 95 ++++ .github/workflows/yamllint.yml | 120 +++++ .gitignore | 40 ++ .releaserc.yml | 43 ++ Makefile | 52 ++ helm/charts/_templates_footer.gotmpl | 9 + helm/charts/_templates_header.gotmpl | 30 ++ .../.ci.config.yaml | 19 + .../.helmignore | 23 + .../crossplane-gardener-core-cloud/Chart.yaml | 28 + .../crossplane-gardener-core-cloud/README.md | 27 + .../README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../garden-manifests/secret-binding.yaml | 36 ++ .../values.ci.yaml | 31 ++ .../values.yaml | 21 + .../.ci.config.yaml | 19 + .../.helmignore | 23 + .../Chart.yaml | 27 + .../README.md | 51 ++ .../README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 62 +++ .../garden-manifests/audit-policy.yaml | 26 + .../garden-k8s-manifest-audit-log-secret.yaml | 27 + .../gardener-shoot-cluster-alicloud.yaml | 9 + .../gardener-shoot-cluster-aws.yaml | 63 +++ .../gardener-shoot-cluster-azure.yaml | 66 +++ .../gardener-shoot-cluster-gcp.yaml | 63 +++ .../gardener-shoot-cluster-openstack.yaml | 9 + .../admin-kubeconfig-request.yaml | 21 + .../values.ci.yaml | 50 ++ .../values.yaml | 213 ++++++++ .../.ci.config.yaml | 19 + .../.helmignore | 23 + .../Chart.yaml | 27 + .../README.md | 18 + .../README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 62 +++ .../admin-kubeconfig-request.yaml | 24 + .../values.ci.yaml | 8 + .../values.yaml | 11 + .../.ci.config.yaml | 19 + .../.helmignore | 23 + .../Chart.yaml | 32 ++ .../README.md | 35 ++ .../templates/NOTES.txt | 0 ...mpostions-apiextensions-crossplane-io.yaml | 52 ++ .../values.ci.yaml | 478 ++++++++++++++++++ .../values.yaml | 25 + .../.ci.config.yaml | 19 + .../.helmignore | 23 + .../Chart.yaml | 32 ++ .../README.md | 26 + .../templates/NOTES.txt | 0 ...nt-config-apiextensions-crossplane-io.yaml | 25 + .../usage-apiextensions-crossplane-io.yaml | 25 + .../values.ci.yaml | 38 ++ .../values.yaml | 25 + .../.ci.config.yaml | 19 + .../crossplane-provider-aws-ec2/.helmignore | 23 + .../crossplane-provider-aws-ec2/Chart.yaml | 34 ++ .../mcp/crossplane-provider-aws-ec2/README.md | 84 +++ .../templates/NOTES.txt | 0 .../templates/eip-ec2-aws-upbound-io.yaml | 37 ++ .../internet-gateway-ec2-aws-upbound-io.yaml | 37 ++ ...-rable-association-ec2-aws-upbound-io.yaml | 37 ++ .../nat-gateway-ec2-aws-upbound-io.yaml | 37 ++ .../templates/route-ec2-aws-upbound-io.yaml | 37 ++ ...-table-association-ec2-aws-upbound-io.yaml | 37 ++ .../route-table-ec2-aws-upbound-io.yaml | 37 ++ .../security-group-ec2-aws-upbound-io.yaml | 37 ++ ...ecurity-group-rule-ec2-aws-upbound-io.yaml | 37 ++ .../templates/subnet-ec2-aws-upbound-io.yaml | 37 ++ .../templates/vpc-ec2-aws-upbound-io.yaml | 37 ++ .../values.ci.yaml | 109 ++++ .../crossplane-provider-aws-ec2/values.yaml | 205 ++++++++ .../.ci.config.yaml | 21 + .../crossplane-provider-aws-eks/.helmignore | 23 + .../crossplane-provider-aws-eks/Chart.yaml | 35 ++ .../mcp/crossplane-provider-aws-eks/README.md | 40 ++ .../templates/NOTES.txt | 0 .../templates/cluster-eks-aws-upbound-io.yaml | 35 ++ .../node-group-eks-aws-upbound-io.yaml | 37 ++ .../values.ci.yaml | 61 +++ .../crossplane-provider-aws-eks/values.yaml | 45 ++ .../.ci.config.yaml | 21 + .../crossplane-provider-aws-iam/.helmignore | 23 + .../crossplane-provider-aws-iam/Chart.yaml | 34 ++ .../mcp/crossplane-provider-aws-iam/README.md | 60 +++ .../templates/NOTES.txt | 0 .../access-key-iam-aws-upbound-io.yaml | 37 ++ .../templates/policy-iam-aws-upbound-io.yaml | 37 ++ .../templates/role-iam-aws-upbound-io.yaml | 37 ++ ...-policy-attachment-iam-aws-upbound-io.yaml | 37 ++ .../templates/user-iam-aws-upbound-io.yaml | 37 ++ ...-policy-attachment-iam-aws-upbound-io.yaml | 37 ++ .../values.ci.yaml | 121 +++++ .../crossplane-provider-aws-iam/values.yaml | 137 +++++ .../.ci.config.yaml | 21 + .../crossplane-provider-aws-rdr/.helmignore | 23 + .../crossplane-provider-aws-rdr/Chart.yaml | 34 ++ .../mcp/crossplane-provider-aws-rdr/README.md | 34 ++ .../templates/NOTES.txt | 0 .../instance-rdr-aws-upbound-io.yaml | 37 ++ .../values.ci.yaml | 37 ++ .../crossplane-provider-aws-rdr/values.yaml | 27 + .../.ci.config.yaml | 20 + .../Chart.yaml | 33 ++ .../README.md | 38 ++ .../templates/NOTES.txt | 0 .../globalaccount-trust-configuration.yaml | 21 + .../templates/role-collection-assignment.yaml | 25 + .../subaccount-trust-configuration.yaml | 21 + .../values.ci.yaml | 65 +++ .../values.yaml | 43 ++ .../.ci.config.yaml | 21 + .../crossplane-provider-configs/.helmignore | 23 + .../crossplane-provider-configs/Chart.yaml | 26 + .../mcp/crossplane-provider-configs/README.md | 66 +++ .../README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 62 +++ .../mcp/providerConfigs/aws-upbound-io.yaml | 15 + .../mcp/providerConfigs/azure-upbound-io.yaml | 15 + .../btp.sap.crossplane.io.yaml | 19 + .../gardener-orchestrate-cloud-sap.yaml | 15 + .../mcp/providerConfigs/gcp-upbound-io.yaml | 15 + .../providerConfigs/helm-crossplane-io.yaml | 15 + .../kubernetes-crossplane-io.yaml | 15 + .../mcp/providerConfigs/vault-upbound-io.yaml | 14 + .../templates/mcp/secrets/generic-secret.yaml | 24 + .../values.ci.yaml | 134 +++++ .../crossplane-provider-configs/values.yaml | 169 +++++++ .../crossplane-provider-gcp/.ci.config.yaml | 19 + .../mcp/crossplane-provider-gcp/.helmignore | 23 + .../mcp/crossplane-provider-gcp/Chart.yaml | 34 ++ .../mcp/crossplane-provider-gcp/README.md | 54 ++ ...service-account-iam-gcp-crossplane-io.yaml | 37 ++ ...ice-account-key-iam-gcp-crossplane-io.yaml | 37 ++ ...ount-key-policy-iam-gcp-crossplane-io.yaml | 37 ++ .../crossplane-provider-gcp/values.ci.yaml | 126 +++++ .../mcp/crossplane-provider-gcp/values.yaml | 60 +++ .../crossplane-provider-helm/.ci.config.yaml | 21 + .../mcp/crossplane-provider-helm/.helmignore | 23 + .../mcp/crossplane-provider-helm/Chart.yaml | 34 ++ .../mcp/crossplane-provider-helm/README.md | 35 ++ .../crossplane-provider-helm/README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/helm-release.yaml | 36 ++ .../crossplane-provider-helm/values.ci.yaml | 36 ++ .../mcp/crossplane-provider-helm/values.yaml | 48 ++ .../.ci.config.yaml | 21 + .../.helmignore | 23 + .../crossplane-provider-kubernetes/Chart.yaml | 33 ++ .../crossplane-provider-kubernetes/README.md | 32 ++ .../README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/kubernetes.yaml | 40 ++ .../values.ci.yaml | 46 ++ .../values.yaml | 32 ++ .../crossplane-provider-pkgs/.ci.config.yaml | 19 + .../mcp/crossplane-provider-pkgs/.helmignore | 23 + .../mcp/crossplane-provider-pkgs/Chart.yaml | 33 ++ .../mcp/crossplane-provider-pkgs/README.md | 58 +++ .../templates/NOTES.txt | 0 ...kg-crossplane-DeploymentRuntimeConfig.yaml | 14 + .../pkg-crossplane-configuration.yaml | 14 + .../templates/pkg-crossplane-functions.yaml | 14 + .../pkg-crossplane-image-config.yaml | 14 + .../templates/pkg-crossplane-provider.yaml | 14 + .../crossplane-provider-pkgs/values.ci.yaml | 83 +++ .../mcp/crossplane-provider-pkgs/values.yaml | 104 ++++ .../.ci.config.yaml | 19 + .../.helmignore | 23 + .../Chart.yaml | 28 + .../README.md | 61 +++ .../README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 83 +++ .../mcp/btp-accounts/sub-accounts.yaml | 19 + .../btp-subscriptions/cloud-management.yaml | 36 ++ .../mcp/btp-subscriptions/entitlements.yaml | 31 ++ .../mcp/btp-subscriptions/servicemanager.yaml | 32 ++ .../mcp/btp-subscriptions/subscription.yaml | 34 ++ .../templates/mcp/directory-entitlement.yaml | 21 + .../templates/mcp/directory.yaml | 21 + .../mcp/subaccount-service-broker.yaml | 21 + .../values.ci.yaml | 147 ++++++ .../values.yaml | 125 +++++ .../.ci.config.yaml | 21 + .../.helmignore | 23 + .../Chart.yaml | 34 ++ .../README.md | 28 + .../README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/cloud-foundry-environment.yaml | 25 + .../templates/kyma-environment.yaml | 25 + .../values.ci.yaml | 47 ++ .../values.yaml | 50 ++ .../external-secrets-config/.ci.config.yaml | 21 + .../mcp/external-secrets-config/.helmignore | 23 + .../mcp/external-secrets-config/Chart.yaml | 32 ++ .../mcp/external-secrets-config/README.md | 91 ++++ .../external-secrets-config/README.md.gotmpl | 0 .../templates/NOTES.txt | 0 .../templates/cluster-external-secret.yaml | 23 + .../templates/cluster-secret-store.yaml | 18 + .../templates/external-secret.yaml | 35 ++ .../templates/push-secret.yaml | 15 + .../templates/secret-store.yaml | 16 + .../templates/secrets/generic-secret.yaml | 24 + .../external-secrets-config/values.ci.yaml | 157 ++++++ .../mcp/external-secrets-config/values.yaml | 184 +++++++ helm/charts/mcp/flux-config/.ci.config.yaml | 21 + helm/charts/mcp/flux-config/.helmignore | 23 + helm/charts/mcp/flux-config/Chart.yaml | 33 ++ helm/charts/mcp/flux-config/README.md | 88 ++++ helm/charts/mcp/flux-config/README.md.gotmpl | 0 .../mcp/flux-config/templates/NOTES.txt | 0 .../templates/flux-kustomization-obj.yml | 83 +++ .../templates/git-repo-kustomization.yml | 87 ++++ .../flux-config/templates/git-repository.yml | 15 + .../templates/secrets/generic-secret.yaml | 24 + helm/charts/mcp/flux-config/values.ci.yaml | 228 +++++++++ helm/charts/mcp/flux-config/values.yaml | 145 ++++++ .../.ci.config.yaml | 21 + .../.helmignore | 23 + .../Chart.yaml | 31 ++ .../k8s-validating-admission-policy/README.md | 29 ++ .../templates/ValidatingAdmissionPolicy.yaml | 14 + .../ValidatingAdmissionPolicyBinding.yaml | 14 + .../values.ci.yaml | 38 ++ .../values.yaml | 22 + .../mcp/sap-btp-services/.ci.config.yaml | 21 + helm/charts/mcp/sap-btp-services/.helmignore | 23 + helm/charts/mcp/sap-btp-services/Chart.yaml | 33 ++ helm/charts/mcp/sap-btp-services/README.md | 38 ++ .../services-binding-services-cloud-sap.yaml | 24 + .../services-instance-services-cloud-sap.yaml | 18 + .../mcp/sap-btp-services/values.ci.yaml | 310 ++++++++++++ helm/charts/mcp/sap-btp-services/values.yaml | 23 + helm/charts/test-custom-chart/.ci.config.yaml | 37 ++ helm/charts/test-custom-chart/.helmignore | 23 + helm/charts/test-custom-chart/Chart.yaml | 33 ++ helm/charts/test-custom-chart/README.md | 83 +++ .../test-custom-chart/templates/NOTES.txt | 22 + .../test-custom-chart/templates/_helpers.tpl | 62 +++ .../templates/deployment.yaml | 70 +++ .../test-custom-chart/templates/hpa.yaml | 34 ++ .../test-custom-chart/templates/ingress.yaml | 63 +++ .../test-custom-chart/templates/service.yaml | 17 + .../templates/serviceaccount.yaml | 15 + .../templates/tests/test-connection.yaml | 17 + helm/charts/test-custom-chart/values.yaml | 136 +++++ .../services-binding-services-cloud-sap.yaml | 19 + .../services-instance-services-cloud-sap.yaml | 23 + .../templates/deployment.yaml | 52 ++ .../test-custom-chart/templates/service.yaml | 24 + .../templates/serviceaccount.yaml | 15 + .../templates/tests/test-connection.yaml | 23 + scripts/ci/git-tags-rename.sh | 27 + scripts/ci/github-releases-delete.sh | 40 ++ scripts/ci/shellcheck-install.sh | 37 ++ scripts/ci/shellcheck.sh | 69 +++ scripts/ci/test-parse-yamllint-output.sh | 36 ++ scripts/ci/yamllint.sh | 99 ++++ 285 files changed, 11235 insertions(+) create mode 100644 .github/.yamllint.config.yaml create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/enhancement_request.md create mode 100644 .github/actions/git-release-create/action.yml create mode 100755 .github/actions/git-release-create/git-release-fix.sh create mode 100644 .github/actions/git-tag-modified-helm-chart/action.yml create mode 100755 .github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh create mode 100755 .github/actions/shared-variables.sh create mode 100644 .github/renovate.json create mode 100644 .github/workflows/gh-pages-release.yml create mode 100644 .github/workflows/git-pr-status-checks.yml create mode 100644 .github/workflows/git-release-create.yml create mode 100644 .github/workflows/git-tag-modified-helm-chart.yml create mode 100644 .github/workflows/pr-status-checks-workflow-call-fork.yml create mode 100644 .github/workflows/pr-status-checks-workflow-call.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/shellcheck.yaml create mode 100644 .github/workflows/yamllint.yml create mode 100644 .gitignore create mode 100644 .releaserc.yml create mode 100644 Makefile create mode 100644 helm/charts/_templates_footer.gotmpl create mode 100644 helm/charts/_templates_header.gotmpl create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/.helmignore create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/README.md create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/README.md.gotmpl create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/templates/_helpers.tpl create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/templates/garden-manifests/secret-binding.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/.helmignore create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md.gotmpl create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/_helpers.tpl create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/audit-policy.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/garden-k8s-manifest-audit-log-secret.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-alicloud.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-aws.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-azure.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-gcp.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-openstack.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/mcp-manifests/admin-kubeconfig-request.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.helmignore create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md.gotmpl create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/_helpers.tpl create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/mcp-manifests/admin-kubeconfig-request.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions-composition/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions-composition/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/compostions-apiextensions-crossplane-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/README.md create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/templates/environment-config-apiextensions-crossplane-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/templates/usage-apiextensions-crossplane-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-apiextensions/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/README.md create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/eip-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/internet-gateway-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/main-route-rable-association-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/nat-gateway-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-association-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-rule-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/subnet-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/templates/vpc-ec2-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-ec2/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/README.md create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/templates/cluster-eks-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/templates/node-group-eks-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-eks/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/README.md create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/templates/access-key-iam-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/templates/policy-iam-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/templates/role-iam-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/templates/role-policy-attachment-iam-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/templates/user-iam-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/templates/user-policy-attachment-iam-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-iam/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-rdr/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-rdr/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-rdr/README.md create mode 100644 helm/charts/mcp/crossplane-provider-aws-rdr/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-aws-rdr/templates/instance-rdr-aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-aws-rdr/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/README.md create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/templates/globalaccount-trust-configuration.yaml create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/templates/role-collection-assignment.yaml create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/templates/subaccount-trust-configuration.yaml create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-btp-security/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-configs/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/README.md create mode 100644 helm/charts/mcp/crossplane-provider-configs/README.md.gotmpl create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/_helpers.tpl create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/aws-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/azure-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/btp.sap.crossplane.io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gardener-orchestrate-cloud-sap.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gcp-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/helm-crossplane-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/kubernetes-crossplane-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/vault-upbound-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/templates/mcp/secrets/generic-secret.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-configs/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-gcp/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-gcp/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-gcp/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-gcp/README.md create mode 100644 helm/charts/mcp/crossplane-provider-gcp/templates/service-account-iam-gcp-crossplane-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-iam-gcp-crossplane-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-policy-iam-gcp-crossplane-io.yaml create mode 100644 helm/charts/mcp/crossplane-provider-gcp/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-gcp/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-helm/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-helm/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-helm/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-helm/README.md create mode 100644 helm/charts/mcp/crossplane-provider-helm/README.md.gotmpl create mode 100644 helm/charts/mcp/crossplane-provider-helm/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-helm/templates/helm-release.yaml create mode 100644 helm/charts/mcp/crossplane-provider-helm/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-helm/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/README.md create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/README.md.gotmpl create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/templates/kubernetes.yaml create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-kubernetes/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/README.md create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-DeploymentRuntimeConfig.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-configuration.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-functions.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-image-config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-provider.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-pkgs/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/README.md create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/README.md.gotmpl create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/_helpers.tpl create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-accounts/sub-accounts.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/cloud-management.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/entitlements.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/servicemanager.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/subscription.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory-entitlement.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/subaccount-service-broker.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/.ci.config.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/.helmignore create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md.gotmpl create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/NOTES.txt create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/cloud-foundry-environment.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/kyma-environment.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/values.ci.yaml create mode 100644 helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml create mode 100644 helm/charts/mcp/external-secrets-config/.ci.config.yaml create mode 100644 helm/charts/mcp/external-secrets-config/.helmignore create mode 100644 helm/charts/mcp/external-secrets-config/Chart.yaml create mode 100644 helm/charts/mcp/external-secrets-config/README.md create mode 100644 helm/charts/mcp/external-secrets-config/README.md.gotmpl create mode 100644 helm/charts/mcp/external-secrets-config/templates/NOTES.txt create mode 100644 helm/charts/mcp/external-secrets-config/templates/cluster-external-secret.yaml create mode 100644 helm/charts/mcp/external-secrets-config/templates/cluster-secret-store.yaml create mode 100644 helm/charts/mcp/external-secrets-config/templates/external-secret.yaml create mode 100644 helm/charts/mcp/external-secrets-config/templates/push-secret.yaml create mode 100644 helm/charts/mcp/external-secrets-config/templates/secret-store.yaml create mode 100644 helm/charts/mcp/external-secrets-config/templates/secrets/generic-secret.yaml create mode 100644 helm/charts/mcp/external-secrets-config/values.ci.yaml create mode 100644 helm/charts/mcp/external-secrets-config/values.yaml create mode 100644 helm/charts/mcp/flux-config/.ci.config.yaml create mode 100644 helm/charts/mcp/flux-config/.helmignore create mode 100644 helm/charts/mcp/flux-config/Chart.yaml create mode 100644 helm/charts/mcp/flux-config/README.md create mode 100644 helm/charts/mcp/flux-config/README.md.gotmpl create mode 100644 helm/charts/mcp/flux-config/templates/NOTES.txt create mode 100644 helm/charts/mcp/flux-config/templates/flux-kustomization-obj.yml create mode 100644 helm/charts/mcp/flux-config/templates/git-repo-kustomization.yml create mode 100644 helm/charts/mcp/flux-config/templates/git-repository.yml create mode 100644 helm/charts/mcp/flux-config/templates/secrets/generic-secret.yaml create mode 100644 helm/charts/mcp/flux-config/values.ci.yaml create mode 100644 helm/charts/mcp/flux-config/values.yaml create mode 100644 helm/charts/mcp/k8s-validating-admission-policy/.ci.config.yaml create mode 100644 helm/charts/mcp/k8s-validating-admission-policy/.helmignore create mode 100644 helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml create mode 100644 helm/charts/mcp/k8s-validating-admission-policy/README.md create mode 100644 helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicy.yaml create mode 100644 helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicyBinding.yaml create mode 100644 helm/charts/mcp/k8s-validating-admission-policy/values.ci.yaml create mode 100644 helm/charts/mcp/k8s-validating-admission-policy/values.yaml create mode 100644 helm/charts/mcp/sap-btp-services/.ci.config.yaml create mode 100644 helm/charts/mcp/sap-btp-services/.helmignore create mode 100644 helm/charts/mcp/sap-btp-services/Chart.yaml create mode 100644 helm/charts/mcp/sap-btp-services/README.md create mode 100644 helm/charts/mcp/sap-btp-services/templates/services-binding-services-cloud-sap.yaml create mode 100644 helm/charts/mcp/sap-btp-services/templates/services-instance-services-cloud-sap.yaml create mode 100644 helm/charts/mcp/sap-btp-services/values.ci.yaml create mode 100644 helm/charts/mcp/sap-btp-services/values.yaml create mode 100644 helm/charts/test-custom-chart/.ci.config.yaml create mode 100644 helm/charts/test-custom-chart/.helmignore create mode 100644 helm/charts/test-custom-chart/Chart.yaml create mode 100644 helm/charts/test-custom-chart/README.md create mode 100644 helm/charts/test-custom-chart/templates/NOTES.txt create mode 100644 helm/charts/test-custom-chart/templates/_helpers.tpl create mode 100644 helm/charts/test-custom-chart/templates/deployment.yaml create mode 100644 helm/charts/test-custom-chart/templates/hpa.yaml create mode 100644 helm/charts/test-custom-chart/templates/ingress.yaml create mode 100644 helm/charts/test-custom-chart/templates/service.yaml create mode 100644 helm/charts/test-custom-chart/templates/serviceaccount.yaml create mode 100644 helm/charts/test-custom-chart/templates/tests/test-connection.yaml create mode 100644 helm/charts/test-custom-chart/values.yaml create mode 100644 manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml create mode 100644 manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml create mode 100644 manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml create mode 100644 manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml create mode 100644 manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml create mode 100644 manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml create mode 100755 scripts/ci/git-tags-rename.sh create mode 100755 scripts/ci/github-releases-delete.sh create mode 100755 scripts/ci/shellcheck-install.sh create mode 100755 scripts/ci/shellcheck.sh create mode 100755 scripts/ci/test-parse-yamllint-output.sh create mode 100755 scripts/ci/yamllint.sh diff --git a/.github/.yamllint.config.yaml b/.github/.yamllint.config.yaml new file mode 100644 index 0000000..90f18b6 --- /dev/null +++ b/.github/.yamllint.config.yaml @@ -0,0 +1,46 @@ +--- +# Default configuration https://yamllint.readthedocs.io/en/stable/configuration.html +yaml-files: + - '*.yaml' + - '*.yml' + - '.yamllint' + +rules: + anchors: enable + braces: enable + brackets: enable + colons: enable + commas: enable + comments: + level: warning + min-spaces-from-content: 1 + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: #disable + forbid-in-block-mappings: true + forbid-in-flow-mappings: true + float-values: disable + hyphens: enable + indentation: #enable + spaces: consistent + indent-sequences: whatever + check-multi-line-strings: false + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: enable + new-lines: enable + octal-values: disable + quoted-strings: disable + # quote-type: double + # required: true + # extra-required: [] + # extra-allowed: [] + # allow-quoted-quotes: false + trailing-spaces: enable + truthy: + level: warning \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..7457664 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,16 @@ +--- +name: Bug Report +about: Report a bug +labels: kind/bug + +--- + +**What happened**: + +**What you expected to happen**: + +**How to reproduce it (as minimally and precisely as possible)**: + +**Anything else we need to know**: + +**Environment**: diff --git a/.github/ISSUE_TEMPLATE/enhancement_request.md b/.github/ISSUE_TEMPLATE/enhancement_request.md new file mode 100644 index 0000000..5bae8cd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement_request.md @@ -0,0 +1,10 @@ + --- +name: Enhancement Request +about: Suggest an enhancement +labels: kind/enhancement + +--- + +**What would you like to be added**: + +**Why is this needed**: diff --git a/.github/actions/git-release-create/action.yml b/.github/actions/git-release-create/action.yml new file mode 100644 index 0000000..c9086c7 --- /dev/null +++ b/.github/actions/git-release-create/action.yml @@ -0,0 +1,40 @@ +name: "Helm Chart Release Tag" +description: "Generates release notes and creates a new GitHub release for a Helm Chart tag" + +runs: + using: "composite" + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Print commit SHA + shell: bash + run: echo ${{ github.sha }} + - name: Tag modified Helm Chart + shell: bash + run: | + set +e + ${GITHUB_ACTION_PATH}/git-release-fix.sh &> ${GITHUB_WORKSPACE}/bash_output.txt + env: + COMMIT_HASH: ${{ github.sha }} + + - name: Bash Output + shell: bash + if: always() + run: | + if [ -f "${GITHUB_WORKSPACE}/bash_output.txt" ]; then + echo "::group:: Bash Script Output" + cat ${GITHUB_WORKSPACE}/bash_output.txt + echo "::endgroup::" + fi + + if [ -f "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" ]; then + echo "::group:: PR Status Check Human Friendly Output" + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" + echo "::endgroup::" + fi + + if [ -f "${GITHUB_WORKSPACE}/github-workflow-commands.txt" ]; then + cat "${GITHUB_WORKSPACE}/github-workflow-commands.txt" + fi diff --git a/.github/actions/git-release-create/git-release-fix.sh b/.github/actions/git-release-create/git-release-fix.sh new file mode 100755 index 0000000..9f913d5 --- /dev/null +++ b/.github/actions/git-release-create/git-release-fix.sh @@ -0,0 +1,50 @@ +#!/bin/bash +################################################################### +# Script Name : github release create +# Description : This script fetches all Git tags, checks if a GitHub release already exists for +# each tag, and if not, generates release notes and creates a new GitHub release +# for the tag. It searches for a previous tag that starts with the same name as the +# current tag but has a lower semantic version. +# Args : - +# Hint : This script is not meant for any pipeline just for cleanup! +################################################################### +set +e + +# Fetch all tags from the remote +gh auth status + +git fetch --tags + +# Get all tags +tags=$(git tag) + +# Fetch all existing releases +existing_releases=$(gh release list --limit 99999 --json tagName --jq '.[].tagName') + +# Loop through each tag +for tag in $tags; do + if echo "$existing_releases" | grep -q "^$tag$"; then + echo "Release for tag $tag already exists. Skipping..." + continue + fi + + # Find the previous tag with the same prefix but lower semantic version + previous_tag="" + prefix="" + prefix=$(echo "$tag" | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+)$//') + previous_tag=$(git tag -l "${prefix}*" | sort -V | grep -B1 "$tag" | head -n 1) + + release_notes="" + # Generate release notes using the GitHub CLI + if [ -n "$previous_tag" ] && [ "$previous_tag" != "$tag" ]; then + release_notes=$(gh api repos/:owner/:repo/releases/generate-notes -f tag_name="$tag" -f previous_tag_name="$previous_tag" -q '.body') + printf 'tag: %s != previous_tag: %s \n %s' "$tag" "$previous_tag" "$release_notes" + else + release_notes=$(gh api repos/:owner/:repo/releases/generate-notes -f tag_name="$tag" -q '.body') + printf 'tag: %s == previous_tag: %s \n %s' "$tag" "$previous_tag" "$release_notes" + fi + + # Create a release for each tag + gh release create "$tag" --title "$tag" --notes "$release_notes" --verify-tag --latest=false + +done diff --git a/.github/actions/git-tag-modified-helm-chart/action.yml b/.github/actions/git-tag-modified-helm-chart/action.yml new file mode 100644 index 0000000..675748c --- /dev/null +++ b/.github/actions/git-tag-modified-helm-chart/action.yml @@ -0,0 +1,40 @@ +name: 'Tag modified Helm Chart' +description: 'Create Git Tag for every modified Helm Chart' + +runs: + using: "composite" + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Print commit SHA + shell: bash + run: echo ${{ github.sha }} + - name: Tag modified Helm Chart + shell: bash + run: | + set +e + ${GITHUB_ACTION_PATH}/git-tag-modified-helm-chart.sh &> ${GITHUB_WORKSPACE}/bash_output.txt + env: + COMMIT_HASH: ${{ github.sha }} + + - name: Bash Output + shell: bash + if: always() + run: | + if [ -f "${GITHUB_WORKSPACE}/bash_output.txt" ]; then + echo "::group:: Bash Script Output" + cat ${GITHUB_WORKSPACE}/bash_output.txt + echo "::endgroup::" + fi + + if [ -f "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" ]; then + echo "::group:: PR Status Check Human Friendly Output" + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" + echo "::endgroup::" + fi + + if [ -f "${GITHUB_WORKSPACE}/github-workflow-commands.txt" ]; then + cat "${GITHUB_WORKSPACE}/github-workflow-commands.txt" + fi \ No newline at end of file diff --git a/.github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh b/.github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh new file mode 100755 index 0000000..aac3899 --- /dev/null +++ b/.github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh @@ -0,0 +1,112 @@ +#!/bin/bash +################################################################### +#Script Name : git tag modified helm chart +#Description : creates a git tag for each modified helm chart +#Args : - +#Hint : Only works with Helm Chart Version compare +################################################################### +SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) +# shellcheck disable=SC1091 +source "$SCRIPT_DIR"/../shared-variables.sh + +declare resultPwd exitCode + +set +e +echo "The script you are running has:" +echo "basename: [$(basename "$0")]" +echo "dirname : [$(dirname "$0")]" +echo "pwd : [$(pwd)]" + +declare -a filesToRemove=("pr-status-check-human-friendly.txt" "modified_files.txt") +REMOVE_FILES_IF_EXISTS "$resultPwd" "${filesToRemove[@]}" +################################################################### +if [ -z "$COMMIT_HASH" ]; then + COMMIT_HASH="89b624080bb62e7f5ac340d81fef96c9d6446d22" + echo "!!! WARNING: \$COMMIT_HASH NEEDS TO BE SET e.g. Default set COMMIT_HASH=${COMMIT_HASH}! \"export COMMIT_HASH=${COMMIT_HASH}\"!!!" + exit 1 +fi + + +################################################################### +# Function to print a row with fixed-width columns +print_row() { + printf "%-70s %-50s %-15s %-15s\n" "$1" "$2" "$3" "$4" +} + +git_tag_check() { + local tag=$1 + git rev-parse -q --verify "refs/tags/$tag" &>/dev/null +} +################################################################### + +# List modified files of commit +git diff-tree --no-commit-id --name-only -r "$COMMIT_HASH" >modified_files.txt +# shellcheck disable=SC2181 +if [ $? != 0 ]; then + exit 1 +fi +# Iterate over the array of paths with filenames and extract the directory paths +unique_paths=() +while IFS= read -r path; do + + dir=$(dirname "$path") + + if [[ "$dir" == *templates ]]; then + dir=${dir%/*} + fi + dir=${dir%*/templates*} # retain the part before "/templates" + + if [ -f "$dir/Chart.yaml" ] || [ -f "$dir/Chart.yml" ]; then + unique_paths+=("$dir") + fi +done <"modified_files.txt" + +if [ ${#unique_paths[@]} -eq 0 ]; then + echo -e "No Helm Charts have been modified!\n" + echo -e "List of Modified files:" + cat "modified_files.txt" + exit "$exitCode" +fi + +# Sort and remove duplicates from the list of paths +# shellcheck disable=SC2207 +unique_paths=($(echo "${unique_paths[@]}" | tr ' ' '\n' | sort -u)) +{ + # Header row + printf "%-70s %-50s %-15s %-15s\n" "Modified Helm Chart:" "Name:" "Version:" "Status:" + + git checkout "$COMMIT_HASH" + + for helmChart in "${unique_paths[@]}"; do + chartVersion=$(yq -r eval '.version' "$helmChart/Chart.yaml") + chartName=$(yq -r eval '.name' "$helmChart/Chart.yaml") + gitTag="$chartName-$chartVersion" + if git_tag_check "$gitTag"; then + print_row "$helmChart" "$chartName" "$chartVersion" "-" + else + + git tag "$gitTag" "$COMMIT_HASH" + # shellcheck disable=SC2181 + if [ $? != 0 ]; then + print_row "$helmChart" "$chartName" "$chartVersion" "ERROR: git tag $gitTag" + exit 1 + fi + + git push origin "$gitTag" + # shellcheck disable=SC2181 + if [ $? != 0 ]; then + print_row "$helmChart" "$chartName" "$chartVersion" "ERROR: git push origin $gitTag" + exit 1 + fi + + print_row "$helmChart" "$chartName" "$chartVersion" "git tagged&pushed $gitTag" + + fi + + done + +} >>"$resultPwd/pr-status-check-human-friendly.txt" + +cat "$resultPwd/pr-status-check-human-friendly.txt" + +exit "$exitCode" diff --git a/.github/actions/shared-variables.sh b/.github/actions/shared-variables.sh new file mode 100755 index 0000000..587ddce --- /dev/null +++ b/.github/actions/shared-variables.sh @@ -0,0 +1,52 @@ +#!/bin/bash +################################################################### +#Script Name : +#Description : +#Args : - +#Hint : +################################################################### +set -e +resultPwd=$(pwd) +helmChartListingFileName="helm-charts-templated.yaml" +emptyManifestString="WARNING: This chart is deprecated" +newLineString="-------------------------------------------------------------------------------------------------------------------------" +msgHelpStart="" +#msgEverythingIsFine="/人◕ __ ◕人\ Everything seems to be all right (⌐⊙_⊙)" +msgEverythingIsFine="☺ √" +exitCode=0 +# Define color escape codes +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[0;33m' +BLUE='\033[0;34m' +BOLD='\033[1m' +UNDERLINE='\033[4m' +REVERSE='\033[7m' +RESET='\033[0m' # Reset color +################################################################### +declare -a filesToRemove=("pr-status-check-human-friendly.txt" "github-workflow-commands.txt") +################################################################### +function REMOVE_FILES_IF_EXISTS { + arr=("$@") + for fileToRemove in "${arr[@]}" + do + if [ -f "$1/$fileToRemove" ]; then + rm "$1/$fileToRemove" + #echo "removed $1/$fileToRemove" + fi + done +} +function ASSERT_FILE_EXISTS_WITH_MSG { + if [ ! -f "$1/$2" ]; then + echo "!! ERROR missing file $1/$2 !!$3" + exit 1 + fi +} +################################################################### +if [ -n "$GITHUB_WORKSPACE" ]; then + cd "$GITHUB_WORKSPACE" || exit + resultPwd=$GITHUB_WORKSPACE +fi +REMOVE_FILES_IF_EXISTS "$resultPwd" "${filesToRemove[@]}" +################################################################### +export helmChartListingFileName emptyManifestString newLineString exitCode resultPwd helmChartListTemplatedManifestsFileName msgHelpStart msgEverythingIsFine RED GREEN YELLOW BLUE BOLD UNDERLINE RESET REVERSE \ No newline at end of file diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..f4e003b --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,37 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + ":prImmediately", + ":prHourlyLimitNone", + ":prConcurrentLimitNone", + ":label(renovate)", + ":separateMultipleMajorReleases", + ":separatePatchReleases", + ":enableVulnerabilityAlertsWithLabel(security)", + ":dependencyDashboard", + ":semanticCommits" + ], + "assignees": [ + "I540484" + ], + "timezone": "Europe/Berlin", + "semanticCommitType": "chore", + "semanticCommitScope": "deps", + "automerge": true, + "automergeType": "pr", + "automergeStrategy": "squash", + "platformAutomerge": true, + "rebaseWhen": "auto", + "packageRules": [ + { + "matchUpdateTypes": [ + "minor", + "patch", + "pin", + "digest" + ], + "automerge": true + } + ] +} diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml new file mode 100644 index 0000000..f0138d4 --- /dev/null +++ b/.github/workflows/gh-pages-release.yml @@ -0,0 +1,27 @@ +name: Release Charts + +on: + push: + branches: + - main + +jobs: + release: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.7.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/.github/workflows/git-pr-status-checks.yml b/.github/workflows/git-pr-status-checks.yml new file mode 100644 index 0000000..1b640f3 --- /dev/null +++ b/.github/workflows/git-pr-status-checks.yml @@ -0,0 +1,13 @@ +name: PR Status Checks + +on: + workflow_call: {} + +concurrency: + group: building-blocks-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + pr-status-check: + uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@main" + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/git-release-create.yml b/.github/workflows/git-release-create.yml new file mode 100644 index 0000000..00195d9 --- /dev/null +++ b/.github/workflows/git-release-create.yml @@ -0,0 +1,21 @@ +name: Helm Chart Release Tag + +on: + workflow_call: {} + workflow_dispatch: {} + + + +jobs: + git-release-create: + name: Helm Chart Release Tag + runs-on: [solinas] + steps: + - name: Login to GitHub Enterprise with token + run: | + env + gh version + echo ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} | gh auth login --with-token + + - name: Create Github Releases for Helm Chart Tags + uses: openmcp-project/blueprint-building-blocks/.github/actions/git-release-create@main \ No newline at end of file diff --git a/.github/workflows/git-tag-modified-helm-chart.yml b/.github/workflows/git-tag-modified-helm-chart.yml new file mode 100644 index 0000000..a2368be --- /dev/null +++ b/.github/workflows/git-tag-modified-helm-chart.yml @@ -0,0 +1,15 @@ +name: Tag modified Helm Chart + +on: + workflow_call: {} + +permissions: + contents: write # to be able to publish a GitHub release + id-token: write # to enable use of OIDC for npm provenance + +jobs: + git-tag-modified-helm-chart: + name: Tag modified Helm Chart + runs-on: [solinas] + steps: + - uses: openmcp-project/blueprint-building-blocks/.github/actions/git-tag-modified-helm-chart@main \ No newline at end of file diff --git a/.github/workflows/pr-status-checks-workflow-call-fork.yml b/.github/workflows/pr-status-checks-workflow-call-fork.yml new file mode 100644 index 0000000..04de248 --- /dev/null +++ b/.github/workflows/pr-status-checks-workflow-call-fork.yml @@ -0,0 +1,16 @@ +name: PR Status Checks Forks + +on: + pull_request_target: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + pr-status-check: + if: ${{ github.event.pull_request.head.repo.full_name != 'openmcp-project/blueprint-building-blocks' }} + uses: "openmcp-project/blueprint-building-blocks/.github/workflows/git-pr-status-checks.yml@main" + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pr-status-checks-workflow-call.yml b/.github/workflows/pr-status-checks-workflow-call.yml new file mode 100644 index 0000000..f6988de --- /dev/null +++ b/.github/workflows/pr-status-checks-workflow-call.yml @@ -0,0 +1,16 @@ +name: PR Status Checks + +on: + pull_request: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + pr-status-check: + if: ${{ github.event.pull_request.head.repo.full_name == 'openmcp-project/blueprint-building-blocks' }} + uses: "openmcp-project/blueprint-building-blocks/.github/workflows/git-pr-status-checks.yml@main" + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..f43abdc --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,54 @@ +name: Semantic Release + +on: + workflow_dispatch: {} + push: + branches: + - main + +permissions: + contents: write # to be able to publish a GitHub release + id-token: write # to enable use of OIDC for npm provenance + +jobs: + git-tag-modify-helm-chart: + name: Helm Chart Github Tags + uses: "openmcp-project/blueprint-building-blocks/.github/workflows/git-tag-modified-helm-chart.yml@main" + secrets: inherit + release: + name: Release + runs-on: [solinas] + permissions: + contents: write # to be able to publish a GitHub release + issues: write # to be able to comment on released issues + pull-requests: write # to be able to comment on released pull requests + id-token: write # to enable use of OIDC for npm provenance + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: ">=20.8" + check-latest: true + - name: Install dependencies + run: | + npm install semantic-release + npm install @semantic-release/changelog + npm install conventional-changelog-conventionalcommits + npm install @semantic-release/git + env: + GITHUB_TOKEN: ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} + - name: Release + env: + GITHUB_TOKEN: ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} + run: npx semantic-release + git-release-create: + uses: "openmcp-project/blueprint-building-blocks/.github/workflows/git-release-create.yml@main" + name: Helm Chart Github Releases + needs: release + secrets: inherit + \ No newline at end of file diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml new file mode 100644 index 0000000..c3f103d --- /dev/null +++ b/.github/workflows/shellcheck.yaml @@ -0,0 +1,95 @@ +# This is a basic workflow to help you get started with Actions +name: Shell Check + +# Controls when the workflow will run +on: + workflow_call: + pull_request: + paths-ignore: + - '**/Chart.yaml' + - '**/README.md' + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +env: + VERSION: "0.9.0" + BASH_SCRIPT: "shellcheck.sh" + BASH_SCRIPT_INSTALL: "shellcheck-install.sh" + BASH_SCRIPT_RESULT: 0 + MESSAGE_HEADER: "Shell Check" + MESSAGE: "" + +jobs: + shellcheck: + runs-on: [solinas] + steps: + - name: Checkout repo + uses: actions/checkout@v4 + - name: Setup + id: "setup" + shell: bash + env: + VERSION: ${{ env.VERSION }} + run: | + ${GITHUB_WORKSPACE}/scripts/ci/${{ env.BASH_SCRIPT_INSTALL }} + - name: Shell Check + id: "shell-check" + shell: bash + env: + VERSION: ${{ env.VERSION }} + run: | + set +e + ${GITHUB_WORKSPACE}/scripts/ci/${{ env.BASH_SCRIPT }} &> bash_output.txt + echo "BASH_SCRIPT_RESULT=$?" >> "$GITHUB_ENV" + + # https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings + echo 'MESSAGE<> $GITHUB_ENV + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + + echo "::group:: Bash Script Output" + cat bash_output.txt + echo "::endgroup::" + - if: env.BASH_SCRIPT_RESULT == 0 + name: "Remove Sticky Pull Request Comment" + uses: marocchino/sticky-pull-request-comment@v2.9.1 + with: + header: ":star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision:" + delete: true + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Workflow Commands" + shell: bash + run: | + if [ -f "${GITHUB_WORKSPACE}/github-workflow-commands.txt" ]; then + cat "${GITHUB_WORKSPACE}/github-workflow-commands.txt" + fi + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Add Sticky Pull Request Comment" + uses: marocchino/sticky-pull-request-comment@v2.9.1 + with: + recreate: true + header: ":star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision:" + message: | + ## :star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision: +
+ detail + + ```bash + + ${{ env.MESSAGE }} + + ``` + +
+ - if: env.BASH_SCRIPT_RESULT != 0 + name: Throw Error + id: "throw-error" + run: | + echo "::group:: human readable validation result" + echo -e "${{ env.MESSAGE }}" + echo "::endgroup::" + exit 1 \ No newline at end of file diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml new file mode 100644 index 0000000..48e4a48 --- /dev/null +++ b/.github/workflows/yamllint.yml @@ -0,0 +1,120 @@ +# Workflow is deactivated +name: Yamllint + +# Controls when the workflow will run +on: + workflow_dispatch: + # Triggers the workflow on push or pull request events but only for the "main" branch + pull_request: + branches: + - "main-not-activated-yet" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +env: + BASH_SCRIPT: "yamllint.sh" + BASH_SCRIPT_RESULT: 0 + MESSAGE_HEADER: "Yaml Lint Validation" + MESSAGE: "" + + +jobs: + yamllint: + runs-on: [solinas] + steps: + - name: Checkout repo + uses: actions/checkout@v4 + - name: Gather Helm Chart Folders + shell: bash + run: | + ${GITHUB_WORKSPACE}/scripts/ci/helm-chart-listing.sh + echo "::group:: Found Helm Chart Folders" + cat "${GITHUB_WORKSPACE}/helm-charts-templated.yaml" + echo "::endgroup::" + env: + BASH_SCRIPT: ${{ env.BASH_SCRIPT }} + - name: Dependency Build + run: bash ${GITHUB_WORKSPACE}/scripts/ci/helm-dep-build.sh + - name: Manifest Linting + Validation + run: | + set +e + ${GITHUB_WORKSPACE}/scripts/ci/helm-chart-linting-manifest-validation.sh &> bash_output.txt + echo "BASH_SCRIPT_RESULT=$?" >> "$GITHUB_ENV" + + echo "::group:: Bash Script Output" + cat bash_output.txt + echo "::endgroup::" + env: + BASH_SCRIPT: ${{ env.BASH_SCRIPT }} + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Set Message" + shell: bash + run: | + # https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings + echo 'MESSAGE<> $GITHUB_ENV + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + + - if: env.BASH_SCRIPT_RESULT == 0 + name: yamllint + id: "yamllint" + shell: bash + run: | + set +e + echo "/home/runner/.local/bin" >> $GITHUB_PATH + + ${GITHUB_WORKSPACE}/scripts/ci/${{ env.BASH_SCRIPT }} &> bash_output.txt + echo "BASH_SCRIPT_RESULT=$?" >> "$GITHUB_ENV" + + echo "::group:: Bash Script Output" + cat bash_output.txt + echo "::endgroup::" + + # https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings + echo 'MESSAGE<> $GITHUB_ENV + cat "${GITHUB_WORKSPACE}/pr-status-check-human-friendly.txt" >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + + + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Workflow Commands" + shell: bash + run: | + if [ -f "${GITHUB_WORKSPACE}/github-workflow-commands.txt" ]; then + cat "${GITHUB_WORKSPACE}/github-workflow-commands.txt" + fi + + - if: env.BASH_SCRIPT_RESULT != 0 + name: "Add Sticky Pull Request Comment" + uses: marocchino/sticky-pull-request-comment@v2.9.1 + with: + recreate: true + header: ":star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision:" + message: | + ## :star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision: + :collision: TRY TO FIX AS MANY ERRORS/WARNINGS AS POSSIBLE! :collision: +
+ detail + + ```bash + + ${{ env.MESSAGE }} + + ``` +
+ - if: env.BASH_SCRIPT_RESULT == 0 + name: "Remove Sticky Pull Request Comment" + uses: marocchino/sticky-pull-request-comment@v2.9.1 + with: + header: ":star2: :collision: :collision: [${{ env.MESSAGE_HEADER }}] :collision: :collision: :collision:" + delete: true + - if: env.BASH_SCRIPT_RESULT != 0 + name: Throw Error + id: "throw-error" + run: | + echo "::group:: human readable validation result" + echo -e "${{ env.MESSAGE }}" + echo "::endgroup::" + exit 1 \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cfb181a --- /dev/null +++ b/.gitignore @@ -0,0 +1,40 @@ +### Helm Chart ### +*Chart.lock +*.tgz +*values.local.yaml +/*.txt +/helm-packages/* +/helm-template-*.yaml +helm-charts-templated.yaml +### IntelliJ IDEA ### +out/ +!**/src/main/**/out/ +!**/src/test/**/out/ + +### Eclipse ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache +bin/ +!**/src/main/**/bin/ +!**/src/test/**/bin/ + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ + +### VS Code ### +.vscode/ + +### Mac OS ### +.DS_Store +/.idea/ +/ketos-co-helm-charts.iml +**/*/values-credentials.yaml diff --git a/.releaserc.yml b/.releaserc.yml new file mode 100644 index 0000000..b9899b0 --- /dev/null +++ b/.releaserc.yml @@ -0,0 +1,43 @@ +repositoryUrl: "https://github.com/openmcp-project/blueprint-building-blocks" +githubUrl: "https://github.com" +githubApiPathPrefix: "/api/v3" +debug: true + +branches: + - main + +plugins: + - [ + "@semantic-release/commit-analyzer", + { + # default rule: https://github.com/semantic-release/commit-analyzer/blob/master/lib/default-release-rules.js + "releaseRules": + [ + { "type": "docs", "release": "patch" }, + { "type": "refactor", "release": "patch" }, + { "type": "style", "release": "patch" }, + { "type": "build", "release": "patch" }, + { "type": "ci", "release": "patch" }, + { "tag": "no-release", "release": false }, + { "tag": "kind/feature", "release": "minor" }, + { "tag": "kind/bug", "release": "patch" }, + { "tag": "kind/deprecation", "release": "patch" }, + { "tag": "kind/chore", "release": "patch" }, + { "tag": "kind/security", "release": "patch" }, + { "tag": "kind/documentation", "release": "patch" }, + { "tag": "kind/cleanup", "release": "patch" }, + ], + # https://github.com/semantic-release/commit-analyzer#usage + "parserOpts": + { "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES"] }, + "preset": "conventionalcommits" + }, + ] + - [ + "@semantic-release/release-notes-generator", + { + parserOpts: { noteKeywords: ["BREAKING CHANGE", "BREAKING CHANGES"] }, + "preset": "conventionalcommits" + }, + ] + - ["@semantic-release/github"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..439cbd3 --- /dev/null +++ b/Makefile @@ -0,0 +1,52 @@ + +# Image URL to use all building/pushing image targets +#IMG_VERSION ?= dev + +SET_BASE_DIR := $(eval BASE_DIR=$(shell git rev-parse --show-toplevel)) + +# Setting SHELL to bash allows bash commands to be executed by recipes. +# Options are set to exit when a recipe line exits non-zero or a piped command fails. +SHELL = /usr/bin/env bash -o pipefail +.SHELLFLAGS = -ec + +.PHONY: git-tags-modified-helm-charts +git-tags-modified-helm-charts: + $(PWD)/.github/actions/git-tag-modified-helm-chart/git-tag-modified-helm-chart.sh; + +.PHONY: shell-check +shell-check: + $(PWD)/scripts/ci/shellcheck.sh + +.PHONY: clean +clean: + rm -rf helm-template-*.yaml + rm -rf pr-status-check-*.txt + rm -rf helm-charts-*.yaml + rm -rf modified_files.txt + rm -rf helm-packages + +.PHONY: release-to-jfrog +release-to-jfrog: + $(PWD)/scripts/cd/JFROG.sh + + + +.PHONY: all +all: clean + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk command is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) diff --git a/helm/charts/_templates_footer.gotmpl b/helm/charts/_templates_footer.gotmpl new file mode 100644 index 0000000..21db850 --- /dev/null +++ b/helm/charts/_templates_footer.gotmpl @@ -0,0 +1,9 @@ +{{/* +This file defines textblocks which are used by multiple README go templates. +Use this command from ./helm/charts/ folder to programatically create README.md for every sub helm chart. +$ helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl --chart-search-root=. +*/}} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} \ No newline at end of file diff --git a/helm/charts/_templates_header.gotmpl b/helm/charts/_templates_header.gotmpl new file mode 100644 index 0000000..a6b881f --- /dev/null +++ b/helm/charts/_templates_header.gotmpl @@ -0,0 +1,30 @@ +{{/* +This file defines textblocks which are used by multiple README go templates. +Use this command from ./helm/charts/ folder to programatically create README.md for every sub helm chart. +$ helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl --chart-search-root=. +*/}} + +{{ define "sap.helm.valuesModificationInfo" -}} +Modify [values.yaml](./values.yaml) file to change any available variable to your needs. It is mandatory to modify at least `domain` variable via values.yaml or `--set domain='...'` during helm chart execution. [See official helm chart template guide...](https://helm.sh/docs/chart_template_guide/values_files/) +{{- end }} + +{{ define "sap.classification" -}} +> Classification: INTERNAL + +*The keywords "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://www.ietf.org/rfc/rfc2119.txt).* +{{- end }} + +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/.ci.config.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/.helmignore b/helm/charts/mcp/crossplane-gardener-core-cloud/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml new file mode 100644 index 0000000..c286331 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: v2 +name: crossplane-gardener-core-cloud +description: A Helm chart to template crossplane manifests to manage core.gardener.cloud resources. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://gardener.cloud/images/lp/gardener-logo.svg" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.2 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +home: "https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md new file mode 100644 index 0000000..9a78922 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md @@ -0,0 +1,27 @@ + + +# crossplane-gardener-core-cloud + +![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane manifests to manage core.gardener.cloud resources. + +**Homepage:** + + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| secretBindings | list | - | [secretBindings](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) represents a binding to a secret in the same or another namespace. | +| secretBindings[0].cloudProfile | string | `""` | cloudProfile is a name (field `type`) of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws | +| secretBindings[0].kubernetesCrossplaneProviderConfigRefName | string | `""` | kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) | +| secretBindings[0].labels | list | `[]` | [labels](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | +| secretBindings[0].name | string | `""` | name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! | +| secretBindings[0].projectNamespace | string | `""` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | +| secretBindings[0].quotas | object | `{}` | *(Optional)* [quotas](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a list of references to Quota objects in the same or another namespace. This field is immutable. | +| secretBindings[0].secretBindingName | string | `""` | secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) | +| secretBindings[0].secretRef | list | `[]` | [secretRef](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a reference to a secret object in the same or another namespace. This field is immutable. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md.gotmpl b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/templates/NOTES.txt b/helm/charts/mcp/crossplane-gardener-core-cloud/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/templates/_helpers.tpl b/helm/charts/mcp/crossplane-gardener-core-cloud/templates/_helpers.tpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/templates/garden-manifests/secret-binding.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/templates/garden-manifests/secret-binding.yaml new file mode 100644 index 0000000..f5d0141 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/templates/garden-manifests/secret-binding.yaml @@ -0,0 +1,36 @@ +{{- range $item := .Values.secretBindings}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.secretBindings[].name)" $item.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.secretBindings[].kubernetesCrossplaneProviderConfigRefName)" $item.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding + apiVersion: core.gardener.cloud/v1beta1 + kind: SecretBinding + metadata: + labels: + cloudprofile.garden.sapcloud.io/name: {{required "A valid Cloud Profile is required! (.Values.secretBindings[].cloudProfile)" $item.cloudProfile}} + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 10 }} + {{- end }} + name: {{required "A valid Secret Binding Name is required! (.Values.secretBindings[].secretBindingName)" $item.secretBindingName}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.secretBindings[].projectNamespace)" $item.projectNamespace}} + provider: + type: {{required "A valid Cloud Profile is required! (.Values.secretBindings[].cloudProfile)" $item.cloudProfile}} + {{- if $item.quotas}} + quotas: + {{- $item.quotas | toYaml | nindent 8 }} + {{- end }} + secretRef: + {{- required "A valid value is required! (.Values.secretBindings[].secretRef)" $item.secretRef | toYaml | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/values.ci.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/values.ci.yaml new file mode 100644 index 0000000..2d3b7d2 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/values.ci.yaml @@ -0,0 +1,31 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################### +secretBindings: + - name: "my-aws-secret-binding" + projectNamespace: "garden-mcp-blueprints" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + secretBindingName: "my-aws-secret-binding" + cloudProfile: "aws" + labels: + additional: "labels" + quotas: + - apiVersion: "apiVersion" + kind: "kind" + name: "name" + namespace: "namespace" + resourceVersion: "resourceVersion" + uid: "uid" + secretRef: + name: my-aws-secret + namespace: garden-mcp-blueprints + - name: "my-gcp-secret-binding" + projectNamespace: "garden-mcp-blueprints" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + secretBindingName: "my-gcp-secret-binding" + cloudProfile: "gcp" + secretRef: + name: my-gcp-secret + namespace: garden-mcp-blueprints +######################################################################################################### diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml new file mode 100644 index 0000000..993a677 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml @@ -0,0 +1,21 @@ +--- +######################################################################################################### +# -- [secretBindings](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) represents a binding to a secret in the same or another namespace. +# @default -- - +secretBindings: + # secretBindings[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! + - name: "" + # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" + projectNamespace: "" + # -- kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) + kubernetesCrossplaneProviderConfigRefName: "" + # -- secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) + secretBindingName: "" + # -- cloudProfile is a name (field `type`) of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws + cloudProfile: "" + # -- [labels](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + labels: [] + # -- *(Optional)* [quotas](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a list of references to Quota objects in the same or another namespace. This field is immutable. + quotas: {} + # -- [secretRef](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a reference to a secret object in the same or another namespace. This field is immutable. + secretRef: [] \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/.ci.config.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/.helmignore b/helm/charts/mcp/crossplane-gardener-shoot-clusters/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml new file mode 100644 index 0000000..eb83521 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: v2 +name: crossplane-gardener-shoot-clusters +description: A Helm chart to template crossplane manifests to manage Gardener Shoot resources. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.8 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md new file mode 100644 index 0000000..e138ba6 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md @@ -0,0 +1,51 @@ + + +# crossplane-gardener-shoot-clusters + +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane manifests to manage Gardener Shoot resources. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults | object | - | defaults contains default values which should NOT be overriden by upstream helm chart! | +| defaults.addons | object | `{"kubernetesDashboard":{"enabled":false},"nginxIngress":{"enabled":false}}` | [addons](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Addons) contains information about enabled/disabled addons and their configuration. | +| defaults.aws | object | - | aws contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. | +| defaults.aws.controlPlaneConfig | object | `{"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1","cloudControllerManager":{"useCustomRouteController":true},"kind":"ControlPlaneConfig","storage":{"managedDefaultClass":true}}` | [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-aws/blob/master/docs/usage/usage.md) | +| defaults.aws.infrastructureConfig | object | `{"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1","kind":"InfrastructureConfig","networks":{"vpc":{"cidr":"10.180.0.0/16"},"zones":[{"internal":"10.180.48.0/20","name":"eu-central-1a","public":"10.180.32.0/20","workers":"10.180.0.0/19"}]}}` | [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-aws/blob/master/docs/usage/usage.md) | +| defaults.aws.workers | list | `[{"cri":{"name":"containerd"},"machine":{"architecture":"amd64","image":{"name":"gardenlinux","version":"1312.3.0"},"type":"c3.2xlarge"},"maxSurge":1,"maximum":4,"minimum":1,"name":"worker-hmyoy","providerConfig":{"apiVersion":"aws.provider.extensions.gardener.cloud/v1alpha1","instanceMetadataOptions":{"httpPutResponseHopLimit":2,"httpTokens":"required"},"kind":"WorkerConfig"},"volume":{"size":"50Gi","type":"gp3"},"zones":["eu-central-1a"]}]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. | +| defaults.azure | object | - | azure contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. | +| defaults.azure.controlPlaneConfig | object | `{"apiVersion":"azure.provider.extensions.gardener.cloud/v1alpha1","kind":"ControlPlaneConfig"}` | [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#controlplaneconfig) | +| defaults.azure.infrastructureConfig | object | `{"apiVersion":"azure.provider.extensions.gardener.cloud/v1alpha1","kind":"InfrastructureConfig","networks":{"vnet":{"cidr":"10.180.0.0/16"},"workers":"10.180.0.0/16"},"zoned":true}` | [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#infrastructureconfig) | +| defaults.azure.workerSettings | object | `{"sshAccess":{"enabled":true}}` | [](https://github.com/gardener/gardener-extension-provider-azure/tree/master) | +| defaults.azure.workers | list | `[{"cri":{"name":"containerd"},"machine":{"architecture":"amd64","image":{"name":"gardenlinux","version":"1312.3.0"},"type":"Standard_A4_v2"},"maxSurge":1,"maximum":2,"minimum":1,"name":"worker-qrnz5","volume":{"size":"50Gi","type":"StandardSSD_LRS"},"zones":["1"]}]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. | +| defaults.gcp | object | - | gcp contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. | +| defaults.gcp.controlPlaneConfig | object | `{"apiVersion":"gcp.provider.extensions.gardener.cloud/v1alpha1","kind":"ControlPlaneConfig","zone":"europe-west1-b"}` | [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/docs/usage/usage.md) | +| defaults.gcp.infrastructureConfig | object | `{"apiVersion":"gcp.provider.extensions.gardener.cloud/v1alpha1","kind":"InfrastructureConfig","networks":{"workers":"10.180.0.0/16"}}` | [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/docs/usage/usage.md) | +| defaults.gcp.workers | list | `[{"machine":{"image":{"name":"gardenlinux","version":"1312.3.0"},"type":"n2-standard-8"},"maxSurge":1,"maxUnavailable":0,"maximum":3,"minimum":1,"name":"worker","volume":{"encrypted":true,"size":"50Gi","type":"pd-standard"},"zones":["europe-west1-b"]}]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. | +| defaults.hibernation | object | - | [hibernation](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Hibernation) contains information whether the Shoot is suspended or not. | +| defaults.hibernation.schedules | list | `[{"end":"00 08 * * 1,2,3,4,5","location":"Europe/Berlin","start":"00 21 * * 1,2,3,4,5"}]` | [schedules](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.HibernationSchedule) determines the hibernation schedule of a Shoot. A Shoot will be regularly hibernated at each start time and will be woken up at each end time. Start or End can be omitted, though at least one of each has to be specified. | +| defaults.maintenance | object | `{"autoUpdate":{"kubernetesVersion":false,"machineImageVersion":true},"confineSpecUpdateRollout":true,"timeWindow":{"begin":"120000+0000","end":"130000+0000"}}` | [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. | +| defaults.networking | object | `{"nodes":"10.180.0.0/16","type":"calico"}` | [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. | +| kubernetesVersion | string | `"1.30.3"` | kubernetesVersion defines gardener shoot cluster kubernetes version. | +| shootClusters | list | - | shootClusters contains information and configuration of Gardener shoot clusters. | +| shootClusters[0].addons | list | `[]` | [addons](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Addons) contains information about enabled/disabled addons and their configuration. Setting this value will override .gardener.defaults.addons for this shoot cluster! | +| shootClusters[0].cloudProfile | string | `""` | cloudProfile is a name of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws | +| shootClusters[0].gardenerOrchestrateCloudProviderConfigRefName | string | `""` | gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) | +| shootClusters[0].hibernation | list | `[]` | [hibernation](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Hibernation) contains information whether the Shoot is suspended or not. Setting this value will override .gardener.defaults.hibernation for this shoot cluster! | +| shootClusters[0].kubernetesCrossplaneProviderConfigRefName | string | `""` | kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) | +| shootClusters[0].kubernetesVersion | string | `"1.30.3"` | kubernetes[Version](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Kubernetes) is the semantic Kubernetes version to use for the Shoot cluster. Defaults to the highest supported minor and patch version given in the referenced cloud profile. The version can be omitted completely or partially specified, e.g. .. | +| shootClusters[0].maintenance | list | `[]` | [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. Setting this value will override .gardener.defaults.maintenance for this shoot cluster! | +| shootClusters[0].name | string | `""` | name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! | +| shootClusters[0].networking | list | `[]` | [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. Setting this value will override .gardener.defaults.networking for this shoot cluster! | +| shootClusters[0].projectNamespace | string | `""` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | +| shootClusters[0].providerInfrastructureConfig | list | `[]` | [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. Setting this value will override .gardener.defaults.infrastructureConfig for this shoot cluster! | +| shootClusters[0].purpose | string | `""` | [purpose](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is the purpose class for this cluster. e.g. evaluation / development / testing / production | +| shootClusters[0].region | string | `""` | [region](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is a name of a region. This field is immutable and content is [cloud profile](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile) specific. | +| shootClusters[0].secretBindingName | string | `""` | secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) | +| shootClusters[0].workers | list | `[]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. Setting this value will override .gardener.defaults.workers for this shoot cluster! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md.gotmpl b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/NOTES.txt b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/_helpers.tpl b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/_helpers.tpl new file mode 100644 index 0000000..944976c --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cloud-orchestration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-orchestration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-orchestration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-orchestration.labels" -}} +helm.sh/chart: {{ include "cloud-orchestration.chart" . }} +{{ include "cloud-orchestration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-orchestration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-orchestration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-orchestration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-orchestration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/audit-policy.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/audit-policy.yaml new file mode 100644 index 0000000..9a49c17 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/audit-policy.yaml @@ -0,0 +1,26 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if $shootCluster.auditLog}} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: audit-log-policy-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: v1 + kind: ConfigMap + metadata: + name: audit-log-policy-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[]..projectNamespace)" $shootCluster.projectNamespace}} + data: + policy: | + {{- $shootCluster.auditLog.policy | default $.Values.defaults.auditPolicy | toYaml | nindent 10 }} + {{- end}} +{{- end}} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/garden-k8s-manifest-audit-log-secret.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/garden-k8s-manifest-audit-log-secret.yaml new file mode 100644 index 0000000..53f0955 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/garden-k8s-manifest-audit-log-secret.yaml @@ -0,0 +1,27 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if $shootCluster.auditLog}} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: audit-log-credentials-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: v1 + kind: Secret + type: Opaque + metadata: + name: audit-log-credentials-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name }} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[]..projectNamespace)" $shootCluster.projectNamespace}} + stringData: + user: {{required "A valid user is required! (.Values.shootClusters[].auditLog.user)" $shootCluster.auditLog.user}} + password: {{required "A valid password is required! (.Values.shootClusters[].auditLog.password)" $shootCluster.auditLog.password}} + {{- end}} +{{- end}} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-alicloud.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-alicloud.yaml new file mode 100644 index 0000000..ccc11e2 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-alicloud.yaml @@ -0,0 +1,9 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end}} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "alicloud") }} + {{- fail "ali cloud not implemented yet!"}} +--- + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-aws.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-aws.yaml new file mode 100644 index 0000000..30cf456 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-aws.yaml @@ -0,0 +1,63 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end}} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "aws") }} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: core.gardener.cloud/v1beta1 + kind: Shoot + metadata: + annotations: + confirmation.gardener.cloud/deletion: "true" # otherwise it can't be destroyed using IAD + name: {{required "A valid Gardener Shoot Name is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[].projectNamespace)" $shootCluster.projectNamespace}} + + spec: + secretBindingName: {{required "A valid Secret Binding Name is required! (.Values.shootClusters[].secretBindingName)" $shootCluster.secretBindingName}} ## Set your SecretBinding name + cloudProfileName: aws + region: {{required "A valid value is required! (.Values.shootClusters[].region)" $shootCluster.region | quote}} + purpose: {{required "A valid value is required! (.Values.shootClusters[].purpose)" $shootCluster.purpose | quote}} + #### START hyperscaler specific stuff START #### + provider: + type: aws + infrastructureConfig: + {{- $shootCluster.providerInfrastructureConfig | default $.Values.defaults.aws.infrastructureConfig | toYaml | nindent 12 }} + controlPlaneConfig: + {{- $shootCluster.providerControlPlaneConfig | default $.Values.defaults.aws.controlPlaneConfig | toYaml | nindent 12 }} + workers: + {{- $shootCluster.workers | default $.Values.defaults.aws.workers | toYaml | nindent 12 }} + #### END hyperscaler specific stuff END #### + kubernetes: + version: {{required "A valid value is required! (.Values.shootClusters[].kubernetesVersion)" $shootCluster.kubernetesVersion | quote}} + kubeAPIServer: + {{- $shootCluster.kubernetesKubeAPIServer | default $.Values.defaults.kubernetesKubeAPIServer | toYaml | nindent 12 }} + kubeControllerManager: + nodeCIDRMaskSize: 24 + clusterAutoscaler: + {{- $shootCluster.kubernetesClusterAutoscaler | default $.Values.defaults.kubernetesClusterAutoscaler | toYaml | nindent 12 }} + extensions: {{ $shootCluster.extensions | default $.Values.defaults.extensions | toYaml | nindent 10 }} + networking: + {{- $shootCluster.networking | default $.Values.defaults.networking | toYaml | nindent 10 }} + maintenance: + {{- $shootCluster.maintenance | default $.Values.defaults.maintenance | toYaml | nindent 10 }} + hibernation: + {{- $shootCluster.hibernation | default $.Values.defaults.hibernation | toYaml | nindent 10 }} + addons: + {{- $shootCluster.addons | default $.Values.defaults.addons | toYaml | nindent 10 }} + resources: + {{- $shootCluster.resources | default $.Values.defaults.resources | toYaml | nindent 10 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-azure.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-azure.yaml new file mode 100644 index 0000000..8ffd57a --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-azure.yaml @@ -0,0 +1,66 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end}} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "azure") }} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: core.gardener.cloud/v1beta1 + kind: Shoot + metadata: + annotations: + confirmation.gardener.cloud/deletion: "true" # otherwise it can't be destroyed using IAD + name: {{required "A valid Gardener Shoot Name is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[]..projectNamespace)" $shootCluster.projectNamespace}} + + spec: + secretBindingName: {{required "A valid Secret Binding Name is required! (.Values.shootClusters[]..secretBindingName)" $shootCluster.secretBindingName}} ## Set your SecretBinding name + cloudProfileName: az + region: {{required "A valid value is required! (.Values.shootClusters[].region)" $shootCluster.region | quote}} + purpose: {{required "A valid value is required! (.Values.shootClusters[].purpose)" $shootCluster.purpose | quote}} + #### START hyperscaler specific stuff START #### + provider: + type: azure + # https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#infrastructureconfig + infrastructureConfig: + {{- $shootCluster.providerInfrastructureConfig | default $.Values.defaults.azure.infrastructureConfig | toYaml | nindent 12 }} + controlPlaneConfig: + {{- $shootCluster.providerControlPlaneConfig | default $.Values.defaults.azure.controlPlaneConfig | toYaml | nindent 12 }} + workers: + {{- $shootCluster.workers | default $.Values.defaults.azure.workers | toYaml | nindent 12 }} + workerSettings: + {{- $shootCluster.providerWorkerSettings | default $.Values.defaults.azure.workerSettings | toYaml | nindent 12 }} + #### END hyperscaler specific stuff END #### + kubernetes: + version: {{required "A valid value is required! (.Values.shootClusters[].kubernetesVersion)" $shootCluster.kubernetesVersion | quote}} + kubeAPIServer: + {{- $shootCluster.kubernetesKubeAPIServer | default $.Values.defaults.kubernetesKubeAPIServer | toYaml | nindent 12 }} + kubeControllerManager: + nodeCIDRMaskSize: 24 + clusterAutoscaler: + {{- $shootCluster.kubernetesClusterAutoscaler | default $.Values.defaults.kubernetesClusterAutoscaler | toYaml | nindent 12 }} + extensions: {{ $shootCluster.extensions | default $.Values.defaults.extensions | toYaml | nindent 10 }} + networking: + {{- $shootCluster.networking | default $.Values.defaults.networking | toYaml | nindent 10 }} + maintenance: + {{- $shootCluster.maintenance | default $.Values.defaults.maintenance | toYaml | nindent 10 }} + hibernation: + {{- $shootCluster.hibernation | default $.Values.defaults.hibernation | toYaml | nindent 10 }} + addons: + {{- $shootCluster.addons | default $.Values.defaults.addons | toYaml | nindent 10 }} + resources: + {{- $shootCluster.resources | default $.Values.defaults.resources | toYaml | nindent 10 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-gcp.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-gcp.yaml new file mode 100644 index 0000000..1fd832c --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-gcp.yaml @@ -0,0 +1,63 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end }} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "gcp") }} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.shootClusters[].kubernetesCrossplaneProviderConfigRefName)" $shootCluster.kubernetesCrossplaneProviderConfigRefName | quote}} # Set to Kubernetes ProviderConfig + forProvider: + manifest: + # gardener shoot api: https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md + apiVersion: core.gardener.cloud/v1beta1 + kind: Shoot + metadata: + annotations: + confirmation.gardener.cloud/deletion: "true" # otherwise it can't be destroyed using IAD + name: {{required "A valid Gardener Shoot Name is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: {{required "A valid Gardener Project Namespace is required! (.Values.shootClusters[].projectNamespace)" $shootCluster.projectNamespace}} + + spec: + secretBindingName: {{required "A valid Secret Binding Name is required! (.Values.shootClusters[].secretBindingName)" $shootCluster.secretBindingName}} # Set your SecretBinding name + cloudProfileName: gcp + region: {{required "A valid value is required! (.Values.shootClusters[].region)" $shootCluster.region | quote}} + purpose: {{required "A valid value is required! (.Values.shootClusters[].purpose)" $shootCluster.purpose | quote}} + #### START hyperscaler specific stuff START #### + provider: + type: gcp + infrastructureConfig: + {{- $shootCluster.providerInfrastructureConfig | default $.Values.defaults.gcp.infrastructureConfig | toYaml | nindent 12 }} + controlPlaneConfig: + {{- $shootCluster.providerControlPlaneConfig | default $.Values.defaults.gcp.controlPlaneConfig | toYaml | nindent 12 }} + workers: + {{- $shootCluster.workers | default $.Values.defaults.gcp.workers | toYaml | nindent 12 }} + #### END hyperscaler specific stuff END #### + kubernetes: + version: {{required "A valid value is required! (.Values.shootClusters[].kubernetesVersion)" $shootCluster.kubernetesVersion | quote}} + kubeAPIServer: + {{- $shootCluster.kubernetesKubeAPIServer | default $.Values.defaults.kubernetesKubeAPIServer | toYaml | nindent 12 }} + kubeControllerManager: + nodeCIDRMaskSize: 24 + clusterAutoscaler: + {{- $shootCluster.kubernetesClusterAutoscaler | default $.Values.defaults.kubernetesClusterAutoscaler | toYaml | nindent 12 }} + extensions: {{ $shootCluster.extensions | default $.Values.defaults.extensions | toYaml | nindent 10 }} + networking: + {{- $shootCluster.networking | default $.Values.defaults.networking | toYaml | nindent 10 }} + maintenance: + {{- $shootCluster.maintenance | default $.Values.defaults.maintenance | toYaml | nindent 10 }} + hibernation: + {{- $shootCluster.hibernation | default $.Values.defaults.hibernation | toYaml | nindent 10 }} + addons: + {{- $shootCluster.addons | default $.Values.defaults.addons | toYaml | nindent 10 }} + resources: + {{- $shootCluster.resources | default $.Values.defaults.resources | toYaml | nindent 10 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-openstack.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-openstack.yaml new file mode 100644 index 0000000..97ff8b4 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster-openstack.yaml @@ -0,0 +1,9 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if empty $shootCluster.cloudProfile}} + {{- fail "A valid value is required! (.Values.shootClusters[].cloudProfile)"}} + {{- end}} + {{- if and ($shootCluster) (eq $shootCluster.cloudProfile "openstack") }} + {{- fail "openstack not implemented yet!"}} +--- + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/mcp-manifests/admin-kubeconfig-request.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/mcp-manifests/admin-kubeconfig-request.yaml new file mode 100644 index 0000000..67dddef --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/templates/mcp-manifests/admin-kubeconfig-request.yaml @@ -0,0 +1,21 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if $shootCluster}} +--- +apiVersion: gardener.orchestrate.cloud.sap/v1alpha1 +kind: AdminKubeconfigRequest +metadata: + name: {{ required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | lower | quote }} +spec: + forProvider: + validFor: 1h0s + renewAfter: 45m0s + shootRef: + name: {{ required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name | quote}} + namespace: {{ required "A valid value is required! (.Values.shootClusters[].projectNamespace)" $shootCluster.projectNamespace | quote}} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.shootClusters[].gardenerOrchestrateCloudProviderConfigRefName)" $shootCluster.gardenerOrchestrateCloudProviderConfigRefName | quote}} + writeConnectionSecretToRef: + name: gardener-shoot-kubeconfig-{{required "A valid value is required! (.Values.shootClusters[].name)" $shootCluster.name}} + namespace: default + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.ci.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.ci.yaml new file mode 100644 index 0000000..68e0881 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.ci.yaml @@ -0,0 +1,50 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +kubernetesVersion: &kubernetesVersion "1.30.3" +######################################################################################################### +shootClusters: + - name: "name" + projectNamespace: "projectNamespace" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + gardenerOrchestrateCloudProviderConfigRefName: "gardenerOrchestrateCloudProviderConfigRefName" + secretBindingName: "secretBindingName" + cloudProfile: "cloudProfile" + region: "region" + purpose: "purpose" + kubernetesVersion: *kubernetesVersion + workers: {} + hibernation: {} + maintenance: {} + addons: {} + networking: {} + infrastructureConfig: {} + - name: "iad-test-gcp" + kubernetesCrossplaneProviderConfigRefName: "garden-co-golden" + gardenerOrchestrateCloudProviderConfigRefName: "garden-co-golden" + projectNamespace: "garden-co-golden" + secretBindingName: "gcp-sa-garden-co-golden" + cloudProfile: "gcp" + region: "europe-west1" + purpose: "testing" + kubernetesVersion: *kubernetesVersion + - name: "iad-test-aws" + kubernetesCrossplaneProviderConfigRefName: "garden-co-golden" + gardenerOrchestrateCloudProviderConfigRefName: "garden-co-golden" + projectNamespace: "garden-co-golden" + secretBindingName: "trial-secretbinding-aws" + cloudProfile: "aws" + region: "eu-central-1" + purpose: "testing" + kubernetesVersion: *kubernetesVersion + - name: "iad-test-az" + kubernetesCrossplaneProviderConfigRefName: "garden-co-golden" + gardenerOrchestrateCloudProviderConfigRefName: "garden-co-golden" + projectNamespace: "garden-co-golden" + secretBindingName: "trial-secretbinding-az" + cloudProfile: "azure" + region: "germanywestcentral" + purpose: "testing" + kubernetesVersion: *kubernetesVersion +######################################################################################################### diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml new file mode 100644 index 0000000..383aaec --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml @@ -0,0 +1,213 @@ +--- +######################################################################################################### +# -- kubernetesVersion defines gardener shoot cluster kubernetes version. +kubernetesVersion: &kubernetesVersion "1.30.3" +######################################################################################################### +# -- defaults contains default values which should NOT be overriden by upstream helm chart! +# @default -- - +defaults: + # -- [hibernation](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Hibernation) contains information whether the Shoot is suspended or not. + # @default -- - + hibernation: + # -- [schedules](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.HibernationSchedule) determines the hibernation schedule of a Shoot. A Shoot will be regularly hibernated at each start time and will be woken up at each end time. Start or End can be omitted, though at least one of each has to be specified. + schedules: + - start: 00 21 * * 1,2,3,4,5 + end: 00 08 * * 1,2,3,4,5 + location: Europe/Berlin + # -- [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. + maintenance: + timeWindow: + begin: 120000+0000 + end: 130000+0000 + autoUpdate: + kubernetesVersion: false + machineImageVersion: true + confineSpecUpdateRollout: true + # -- [addons](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Addons) contains information about enabled/disabled addons and their configuration. + addons: + nginxIngress: + enabled: false + kubernetesDashboard: + enabled: false + # -- [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. + networking: + type: calico + nodes: 10.180.0.0/16 + # -- + extensions: [] + # -- + resources: [] + # -- + kubernetesKubeAPIServer: + runtimeConfig: + scheduling.k8s.io/v1alpha1: true + enableAnonymousAuthentication: false # See: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ + kubernetesClusterAutoscaler: + scaleDownUtilizationThreshold: 0.5 + scaleDownUnneededTime: 30m0s + scaleDownDelayAfterAdd: 1h0m0s + scaleDownDelayAfterFailure: 10m0s + scaleDownDelayAfterDelete: 10s + scanInterval: 10s + # -- gcp contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. + # @default -- - + gcp: + # -- [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/docs/usage/usage.md) + infrastructureConfig: + # https://github.com/gardener/gardener-extension-provider-gcp/blob/master/example/30-infrastructure.yaml#L51-L68 + apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1 + kind: InfrastructureConfig + networks: + workers: 10.180.0.0/16 + # -- [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-gcp/blob/master/docs/usage/usage.md) + controlPlaneConfig: + # https://github.com/gardener/gardener-extension-provider-gcp/blob/master/example/30-controlplane.yaml#L57-L62 + apiVersion: gcp.provider.extensions.gardener.cloud/v1alpha1 + kind: ControlPlaneConfig + zone: europe-west1-b + # -- [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. + workers: + - name: worker + minimum: 1 + maximum: 3 + maxSurge: 1 + maxUnavailable: 0 + machine: + type: n2-standard-8 + image: + name: gardenlinux + version: 1312.3.0 + volume: + type: pd-standard + size: 50Gi + encrypted: true + zones: + - europe-west1-b + # -- azure contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. + # @default -- - + azure: + # -- [](https://github.com/gardener/gardener-extension-provider-azure/tree/master) + workerSettings: + sshAccess: + enabled: true + # -- [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. + # [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#infrastructureconfig) + infrastructureConfig: + apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 + kind: InfrastructureConfig + networks: + vnet: + cidr: 10.180.0.0/16 + workers: 10.180.0.0/16 + zoned: true + # -- [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/usage/usage.md#controlplaneconfig) + controlPlaneConfig: + apiVersion: azure.provider.extensions.gardener.cloud/v1alpha1 + kind: ControlPlaneConfig + # -- [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. + workers: + - name: worker-qrnz5 + minimum: 1 + maximum: 2 + maxSurge: 1 + machine: + type: Standard_A4_v2 + image: + name: gardenlinux + version: 1312.3.0 + architecture: amd64 + zones: + - "1" + cri: + name: containerd + volume: + type: StandardSSD_LRS + size: 50Gi + # -- aws contains [hypescaler specific](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) information. + # @default -- - + aws: + # -- [infrastructureConfig](https://github.com/gardener/gardener-extension-provider-aws/blob/master/docs/usage/usage.md) + infrastructureConfig: + apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1 + kind: InfrastructureConfig + networks: + vpc: + cidr: 10.180.0.0/16 + zones: + - name: eu-central-1a + workers: 10.180.0.0/19 + public: 10.180.32.0/20 + internal: 10.180.48.0/20 + # -- [controlPlaneConfig](https://github.com/gardener/gardener-extension-provider-aws/blob/master/docs/usage/usage.md) + controlPlaneConfig: + apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1 + cloudControllerManager: + useCustomRouteController: true + kind: ControlPlaneConfig + storage: + managedDefaultClass: true + # -- [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. + workers: + - name: worker-hmyoy + providerConfig: + apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1 + kind: WorkerConfig + instanceMetadataOptions: + httpTokens: required + httpPutResponseHopLimit: 2 + minimum: 1 + maximum: 4 + maxSurge: 1 + machine: + type: c3.2xlarge + image: + name: gardenlinux + version: 1312.3.0 + architecture: amd64 + zones: + - "eu-central-1a" + cri: + name: containerd + volume: + type: gp3 + size: 50Gi +######################################################################################################### +# -- shootClusters contains information and configuration of Gardener shoot clusters. +# @default -- - +shootClusters: + # shootClusters[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! + - name: "" + # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" + projectNamespace: "" + # -- kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) + kubernetesCrossplaneProviderConfigRefName: "" + # -- gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) + gardenerOrchestrateCloudProviderConfigRefName: "" + # -- secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) + secretBindingName: "" + # -- cloudProfile is a name of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws + cloudProfile: "" + # -- [region](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is a name of a region. This field is immutable and content is [cloud profile](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile) specific. + region: "" + # -- [purpose](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is the purpose class for this cluster. e.g. evaluation / development / testing / production + purpose: "" + # -- kubernetes[Version](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Kubernetes) is the semantic Kubernetes version to use for the Shoot cluster. Defaults to the highest supported minor and patch version given in the referenced cloud profile. The version can be omitted completely or partially specified, e.g. .. + kubernetesVersion: *kubernetesVersion + # -- [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. Setting this value will override .gardener.defaults.workers for this shoot cluster! + workers: [] + # -- [hibernation](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Hibernation) contains information whether the Shoot is suspended or not. Setting this value will override .gardener.defaults.hibernation for this shoot cluster! + hibernation: [] + # -- [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. Setting this value will override .gardener.defaults.maintenance for this shoot cluster! + maintenance: [] + # -- [addons](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Addons) contains information about enabled/disabled addons and their configuration. Setting this value will override .gardener.defaults.addons for this shoot cluster! + addons: [] + # -- [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. Setting this value will override .gardener.defaults.networking for this shoot cluster! + networking: [] + # -- [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. Setting this value will override .gardener.defaults.infrastructureConfig for this shoot cluster! + providerInfrastructureConfig: [] + # -- + providerControlPlaneConfig: [] + # -- + extensions: [] + # -- + resources: [] \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.ci.config.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.ci.config.yaml new file mode 100644 index 0000000..c8de61f --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.helmignore b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml new file mode 100644 index 0000000..9918cc1 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: v2 +name: crossplane-gardener-shoot-kubeconfigs +description: A Helm chart to template crossplane manifests to request kubeconfigs of existing Gardener Shoots. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.7 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md new file mode 100644 index 0000000..9f57936 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md @@ -0,0 +1,18 @@ + + +# crossplane-gardener-shoot-kubeconfigs + +![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane manifests to request kubeconfigs of existing Gardener Shoots. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| shootClusters | list | - | shootClusters contains information and configuration of Gardener shoot clusters. | +| shootClusters[0].gardenerOrchestrateCloudProviderConfigRefName | string | `""` | gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.gardener.controlPlane.shootClusters[*].gardenerOrchestrateCloudProviderConfigRefName) | +| shootClusters[0].projectNamespace | string | `""` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md.gotmpl b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/NOTES.txt b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/_helpers.tpl b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/_helpers.tpl new file mode 100644 index 0000000..944976c --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cloud-orchestration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-orchestration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-orchestration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-orchestration.labels" -}} +helm.sh/chart: {{ include "cloud-orchestration.chart" . }} +{{ include "cloud-orchestration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-orchestration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-orchestration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-orchestration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-orchestration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/mcp-manifests/admin-kubeconfig-request.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/mcp-manifests/admin-kubeconfig-request.yaml new file mode 100644 index 0000000..6933337 --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/templates/mcp-manifests/admin-kubeconfig-request.yaml @@ -0,0 +1,24 @@ +{{- range $shootCluster := .Values.shootClusters}} + {{- if $shootCluster}} +--- +apiVersion: gardener.orchestrate.cloud.sap/v1alpha1 +kind: AdminKubeconfigRequest +metadata: + name: {{ required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].name)" $shootCluster.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + forProvider: + validFor: 1h0s + renewAfter: 45m0s + shootRef: + name: {{ required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].name)" $shootCluster.name | quote}} + namespace: {{ required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].projectNamespace)" $shootCluster.projectNamespace | quote}} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].gardenerOrchestrateCloudProviderConfigRefName)" $shootCluster.gardenerOrchestrateCloudProviderConfigRefName | quote}} + writeConnectionSecretToRef: + name: gardener-shoot-kubeconfig-{{required "A valid value is required! (.Values.gardener.controlPlane.shootClusters[].name)" $shootCluster.name}} + namespace: default + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.ci.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.ci.yaml new file mode 100644 index 0000000..1220f4d --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.ci.yaml @@ -0,0 +1,8 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +shootClusters: + - name: "name" + projectNamespace: "projectNamespace" + gardenerOrchestrateCloudProviderConfigRefName: "gardenerOrchestrateCloudProviderConfigRefName" \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml new file mode 100644 index 0000000..20d50ae --- /dev/null +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml @@ -0,0 +1,11 @@ +--- +######################################################################################################### +# -- shootClusters contains information and configuration of Gardener shoot clusters. +# @default -- - +shootClusters: + # gardener.controlPlane.shootClusters[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! + - name: "" + # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" + projectNamespace: "" + # -- gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.gardener.controlPlane.shootClusters[*].gardenerOrchestrateCloudProviderConfigRefName) + gardenerOrchestrateCloudProviderConfigRefName: "" \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/.ci.config.yaml new file mode 100644 index 0000000..c8de61f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/.helmignore b/helm/charts/mcp/crossplane-provider-apiextensions-composition/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml new file mode 100644 index 0000000..527259f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml @@ -0,0 +1,32 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-apiextensions-composition +description: A Helm Chart to template crossplane API extensions compositions. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.8 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://doc.crds.dev/github.com/crossplane/crossplane/apiextensions.crossplane.io/Composition/v1 +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md b/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md new file mode 100644 index 0000000..7a0fa47 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md @@ -0,0 +1,35 @@ + + +# crossplane-provider-apiextensions-composition + +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane API extensions compositions. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| compositions[0].annotations | list | `[]` | | +| compositions[0].labels | list | `[]` | | +| compositions[0].name | string | `""` | | +| compositions[0].ownerReferences | list | `[]` | | +| compositions[0].spec.compositeTypeRef | list | `[]` | | +| compositions[0].spec.environment | list | `[]` | | +| compositions[0].spec.mode | string | `""` | | +| compositions[0].spec.patchSets | list | `[]` | | +| compositions[0].spec.pipeline | list | `[]` | | +| compositions[0].spec.resources | list | `[]` | | +| compositions[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| compositions[0].spec.writeConnectionSecretsToNamespace | string | `""` | | +| defaults | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/compostions-apiextensions-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/compostions-apiextensions-crossplane-io.yaml new file mode 100644 index 0000000..2de0320 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/templates/compostions-apiextensions-crossplane-io.yaml @@ -0,0 +1,52 @@ +{{- range $item := .Values.compositions}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: {{required "A valid value is required! (.Values.compositions[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + compositeTypeRef: + {{- required "A valid value is required! (.Values.compositions[].spec.compositeTypeRef)" $item.spec.compositeTypeRef | toYaml | nindent 4 }} + {{- if $item.spec.mode}} + mode: {{ $item.spec.mode | quote }} + {{- end }} + {{- if $item.spec.writeConnectionSecretsToNamespace}} + writeConnectionSecretsToNamespace: {{ $item.spec.writeConnectionSecretsToNamespace | quote }} + {{- end }} + {{- if $item.spec.environment}} + environment: + {{- $item.spec.environment | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.patchSets}} + patchSets: + {{- $item.spec.patchSets | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.pipeline}} + pipeline: + {{- $item.spec.pipeline | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.resources}} + resources: + {{- $item.spec.resources | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml new file mode 100644 index 0000000..af99abd --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml @@ -0,0 +1,478 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +compositions: +- name: "eks-cluster" + spec: + mode: "Pipeline" + writeConnectionSecretsToNamespace: "crossplane-system" + pipeline: + - functionRef: + name: patch-and-transform + input: + apiVersion: pt.fn.crossplane.io/v1beta1 + kind: Resources + patchSets: + - name: common-parameters + patches: + - fromFieldPath: spec.parameters.region + toFieldPath: spec.forProvider.region + type: FromCompositeFieldPath + resources: + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: VPC + spec: + forProvider: + enableDnsHostnames: true + enableDnsSupport: true + providerConfigRef: + name: clops-dev-us-aws + name: vpc + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.vpc-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: InternetGateway + metadata: + labels: + type: igw + spec: + forProvider: + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + name: internetgateway + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + type: subnet + visibility: public + spec: + forProvider: + mapPublicIpOnLaunch: true + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + name: subnet-public-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet1-public-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet1-public-availabilityZone + toFieldPath: spec.forProvider.availabilityZone + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet1-public-availabilityZone + toFieldPath: metadata.labels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + type: subnet + visibility: public + spec: + forProvider: + mapPublicIpOnLaunch: true + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + name: subnet-public-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet2-public-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet2-public-availabilityZone + toFieldPath: spec.forProvider.availabilityZone + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet2-public-availabilityZone + toFieldPath: metadata.labels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + type: subnet + visibility: private + spec: + forProvider: + mapPublicIpOnLaunch: false + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + name: subnet-private-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet1-private-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet1-private-availabilityZone + toFieldPath: spec.forProvider.availabilityZone + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet1-private-availabilityZone + toFieldPath: metadata.labels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + type: subnet + visibility: private + spec: + forProvider: + mapPublicIpOnLaunch: false + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + name: subnet-private-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet2-private-cidrBlock + toFieldPath: spec.forProvider.cidrBlock + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet2-private-availabilityZone + toFieldPath: spec.forProvider.availabilityZone + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.subnet2-private-availabilityZone + toFieldPath: metadata.labels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: EIP + metadata: + labels: + type: eip-1 + spec: + forProvider: + domain: vpc + providerConfigRef: + name: clops-dev-us-aws + name: elastic-ip-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: EIP + metadata: + labels: + type: eip-2 + spec: + forProvider: + domain: vpc + providerConfigRef: + name: clops-dev-us-aws + name: elastic-ip-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: NATGateway + metadata: + labels: + type: natgw-1 + spec: + forProvider: + allocationIdSelector: + matchLabels: + type: eip-1 + subnetIdSelector: + matchLabels: + type: subnet + visibility: public + providerConfigRef: + name: clops-dev-us-aws + name: natgateway-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet1-public-availabilityZone + toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: NATGateway + metadata: + labels: + type: natgw-2 + spec: + forProvider: + allocationIdSelector: + matchLabels: + type: eip-2 + subnetIdSelector: + matchLabels: + type: subnet + visibility: public + providerConfigRef: + name: clops-dev-us-aws + name: natgateway-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.subnet2-public-availabilityZone + toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone + type: FromCompositeFieldPath + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTable + spec: + forProvider: + region: PATCHED + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + name: routetable-public + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTable + spec: + forProvider: + region: PATCHED + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + name: routetable-private-1 + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTable + spec: + forProvider: + region: PATCHED + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + name: routetable-private-2 + patches: + - patchSetName: common-parameters + type: PatchSet + - base: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: Cluster + spec: + providerConfigRef: + name: clops-dev-us-aws + forProvider: + vpcConfig: + - endpointPrivateAccess: false + endpointPublicAccess: true + subnetIdSelector: + matchLabels: + type: subnet + visibility: private + writeConnectionSecretToRef: + namespace: crossplane-system + name: clops-dev-us-connection-secret + connectionDetails: + - fromConnectionSecretKey: kubeconfig + name: kubeconfig-value + type: FromConnectionSecretKey + name: eks-cluster + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.k8s-version + toFieldPath: spec.forProvider.version + type: FromCompositeFieldPath + - fromFieldPath: metadata.uid + toFieldPath: spec.writeConnectionSecretToRef.name + transforms: + - string: + fmt: '%s-ekscluster-connection' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.cluster-role + toFieldPath: spec.forProvider.roleArn + type: FromCompositeFieldPath + - base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: Role + spec: + forProvider: + assumeRolePolicy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + providerConfigRef: + name: clops-dev-us-aws + name: role + - base: + apiVersion: iam.aws.upbound.io/v1beta1 + kind: RolePolicyAttachment + spec: + forProvider: + roleSelector: + matchControllerRef: true + policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy + providerConfigRef: + name: clops-dev-us-aws + name: rolePolicyAttachment + - base: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: NodeGroup + spec: + forProvider: + clusterNameSelector: + matchControllerRef: true + instanceTypes: + - t3.medium + scalingConfig: + - minSize: 1 + subnetIdSelector: + matchControllerRef: true + matchLabels: + type: subnet + visibility: private + providerConfigRef: + name: clops-dev-us-aws + name: eks-nodegroup + patches: + - patchSetName: common-parameters + type: PatchSet + - fromFieldPath: spec.parameters.workers-size + toFieldPath: spec.forProvider.scalingConfig[0].desiredSize + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.workers-size + toFieldPath: spec.forProvider.scalingConfig[0].maxSize + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.workload-type + toFieldPath: spec.forProvider.amiType + transforms: + - map: + gpu: AL2_x86_64_GPU + non-gpu: AL2_x86_64 + type: map + type: FromCompositeFieldPath + - fromFieldPath: spec.parameters.workernode-role + toFieldPath: spec.forProvider.nodeRoleArn + type: FromCompositeFieldPath + step: patch-and-transform +- name: "vpc" + spec: + mode: "Pipeline" + pipeline: + - step: compose-resources + functionRef: + name: go-templating + input: + apiVersion: gotemplating.fn.crossplane.io/v1beta1 + kind: GoTemplate + source: Inline + inline: + template: | + {{ $claimNamespace := index $.observed.composite.resource.metadata.labels "crossplane.io/claim-namespace" }} + {{ $tenantAwsProviderConfigRef := printf "%s-aws" $claimNamespace }} + {{ $params := get .observed.composite.resource.spec "parameters" | default dict }} + --- + apiVersion: ec2.aws.crossplane.io/v1beta1 + kind: VPC + metadata: + annotations: + {{ setResourceNameAnnotation "vpc" }} + crossplane.io/external-name: {{ get $params "id" | default ( print $claimNamespace "-vpc" ) }} + spec: + forProvider: + region: {{ get $params "region" | default "us-east-1" }} + vpcCidrBlock: {{ get $params "vpcCIDRBlock" | default "192.168.0.0/16" }} + enableDnsSupport: true + enableDnsHostNames: true + instanceTenancy: default + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef }} +- name: "rdsinstance" + spec: + mode: "Pipeline" + pipeline: + - step: compose-resources + functionRef: + name: go-templating + input: + apiVersion: gotemplating.fn.crossplane.io/v1beta1 + kind: GoTemplate + source: Inline + inline: + template: | + {{ $claimNamespace := index $.observed.composite.resource.metadata.labels "crossplane.io/claim-namespace" }} + {{ $claimNamespaceTrimmed := $claimNamespace | replace "-" "" }} + {{ $tenantAwsProviderConfigRef := printf "%s-aws" $claimNamespace }} + {{ $params := get .observed.composite.resource.spec "parameters" | default dict }} + --- + apiVersion: rds.aws.upbound.io/v1beta2 + kind: Instance + metadata: + annotations: + {{ setResourceNameAnnotation "rdsInstance" }} + crossplane.io/external-name: {{ get $params "id" | default ( print $claimNamespace "-rds-instance" ) }} + spec: + forProvider: + allocatedStorage: {{ get $params "storage" | default 20 }} + autoGeneratePassword: true + autoMinorVersionUpgrade: true + backupRetentionPeriod: 14 + backupWindow: "09:46-10:16" + dbName: {{ get $params "name" | default ( print $claimNamespaceTrimmed "db" ) }} + engine: postgres + engineVersion: "16.1" # 16.3? console shows RDS 16.1-R2 (PostgreSQL 13.1-R2) + instanceClass: {{ printf "db.t3.%s" (get $params "size" | default "micro") }} + maintenanceWindow: Mon:00:00-Mon:03:00 + passwordSecretRef: + key: password + name: {{ printf "%s-rds-admin-pw" $claimNamespace }} + namespace: {{ $claimNamespace }} + publiclyAccessible: false + region: {{ printf "us-%s-1" (get $params "region" | default "east") }} + skipFinalSnapshot: true + storageEncrypted: true + storageType: gp2 + username: adminuser + writeConnectionSecretToRef: + name: {{ printf "%s-rds-connection-details" $claimNamespace }} + namespace: {{ $claimNamespace }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef }} + +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml new file mode 100644 index 0000000..e3bbaea --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml @@ -0,0 +1,25 @@ +--- +######################################################################################################################## +# @default -- list +defaults: [] +######################################################################################################################## +# @default -- list +# https://doc.crds.dev/github.com/crossplane/crossplane/apiextensions.crossplane.io/Composition/v1 +compositions: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + mode: "" + writeConnectionSecretsToNamespace: "" + compositeTypeRef: [] + environment: [] + patchSets: [] + pipeline: [] + resources: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] + +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/.ci.config.yaml new file mode 100644 index 0000000..c8de61f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/.helmignore b/helm/charts/mcp/crossplane-provider-apiextensions/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml new file mode 100644 index 0000000..3e02de8 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml @@ -0,0 +1,32 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-apiextensions +description: A Helm Chart to template crossplane API extensions compositions. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://docs.crossplane.io/latest/api/ + - https://github.com/openmcp-project/blueprint-building-blocks +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/README.md b/helm/charts/mcp/crossplane-provider-apiextensions/README.md new file mode 100644 index 0000000..d842cc3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/README.md @@ -0,0 +1,26 @@ + + +# crossplane-provider-apiextensions + +![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane API extensions compositions. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| environmentConfigs | list | list | An [EnvironmentConfig](https://docs.crossplane.io/latest/api/) contains user-defined unstructured values for use in a Composition. Read the Crossplane documentation for [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs/). | +| environmentConfigs[0].data | list | `[]` | The data of this [EnvironmentConfig](https://docs.crossplane.io/latest/api/). This may contain any kind of structure that can be serialized into JSON. | +| usages | list | list | A Usage defines a deletion blocking relationship between two resources. Usages prevent accidental deletion of a single resource or deletion of resources with dependent resources. Read the Crossplane documentation for [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages/). | +| usages[0].spec | list | `[]` | The data of this [EnvironmentConfig](https://docs.crossplane.io/latest/api/). This may contain any kind of structure that can be serialized into JSON. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-apiextensions/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/templates/environment-config-apiextensions-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/templates/environment-config-apiextensions-crossplane-io.yaml new file mode 100644 index 0000000..42f0be5 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/templates/environment-config-apiextensions-crossplane-io.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.environmentConfigs}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: apiextensions.crossplane.io/v1beta1 +kind: EnvironmentConfig +metadata: + name: {{required "A valid value is required! (.Values.environmentConfigs[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +data: + {{- required "A valid value is required! (.Values.environmentConfigs[].data)" $item.data | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/templates/usage-apiextensions-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/templates/usage-apiextensions-crossplane-io.yaml new file mode 100644 index 0000000..aec8a87 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/templates/usage-apiextensions-crossplane-io.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.usages}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: apiextensions.crossplane.io/v1alpha1 +kind: Usage +metadata: + name: {{required "A valid value is required! (.Values.usages[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + {{- required "A valid value is required! (.Values.usages[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/values.ci.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/values.ci.yaml new file mode 100644 index 0000000..337a6ed --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/values.ci.yaml @@ -0,0 +1,38 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +environmentConfigs: +- name: "example-environment" + data: + locations: + us: us-east-2 + eu: eu-north-1 + key1: value1 + key2: value2 + key3: + - item1 + - item2 +######################################################################################################################## +usages: +- name: "protect-production-database" + spec: + of: + apiVersion: rds.aws.upbound.io/v1beta1 + kind: Instance + resourceRef: + name: my-database + reason: "Production Database - should never be deleted!" +- name: "release-uses-cluster" + spec: + of: + apiVersion: eks.upbound.io/v1beta1 + kind: Cluster + resourceRef: + name: my-cluster + by: + apiVersion: helm.crossplane.io/v1beta1 + kind: Release + resourceRef: + name: my-prometheus-chart +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/values.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/values.yaml new file mode 100644 index 0000000..248b2ea --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-apiextensions/values.yaml @@ -0,0 +1,25 @@ +--- +######################################################################################################################## +# -- An [EnvironmentConfig](https://docs.crossplane.io/latest/api/) contains user-defined unstructured values for use in a Composition. +# Read the Crossplane documentation for [more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs/). +# @default -- list +environmentConfigs: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # -- The data of this [EnvironmentConfig](https://docs.crossplane.io/latest/api/). This may contain any kind of structure that can be serialized into JSON. + data: [] +######################################################################################################################## +# -- A Usage defines a deletion blocking relationship between two resources. +# Usages prevent accidental deletion of a single resource or deletion of resources with dependent resources. +# Read the Crossplane documentation for [more information about Compositions](https://docs.crossplane.io/latest/concepts/usages/). +# @default -- list +usages: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # -- The data of this [EnvironmentConfig](https://docs.crossplane.io/latest/api/). This may contain any kind of structure that can be serialized into JSON. + spec: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/.helmignore b/helm/charts/mcp/crossplane-provider-aws-ec2/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml new file mode 100644 index 0000000..880b625 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml @@ -0,0 +1,34 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-aws-ec2 +description: A Helm Chart to template AWS EC2 manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://marketplace.upbound.io/providers/upbound/provider-aws-ec2 + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/README.md b/helm/charts/mcp/crossplane-provider-aws-ec2/README.md new file mode 100644 index 0000000..38637fd --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/README.md @@ -0,0 +1,84 @@ + + +# crossplane-provider-aws-ec2 + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template AWS EC2 manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults.eips.deletionPolicy | string | `""` | | +| defaults.internetGateways.deletionPolicy | string | `""` | | +| defaults.mainRouteTableAssociations.deletionPolicy | string | `""` | | +| defaults.natGateways.deletionPolicy | string | `""` | | +| defaults.routeTableAssociations.deletionPolicy | string | `""` | | +| defaults.routeTables.deletionPolicy | string | `""` | | +| defaults.routes.deletionPolicy | string | `""` | | +| defaults.securityGroupRules.deletionPolicy | string | `""` | | +| defaults.securityGroups.deletionPolicy | string | `""` | | +| defaults.subnets.deletionPolicy | string | `""` | | +| defaults.vpcs.deletionPolicy | string | `""` | | +| eips[0].annotations | list | `[]` | | +| eips[0].labels | list | `[]` | | +| eips[0].name | string | `""` | | +| eips[0].ownerReferences | list | `[]` | | +| eips[0].spec.deletionPolicy | string | `""` | | +| eips[0].spec.forProvider | list | `[]` | | +| eips[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| eips[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| eips[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| internetGateways | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/InternetGateway/v1beta1 | +| internetGateways[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| internetGateways[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| internetGateways[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| mainRouteTableAssociations | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/MainRouteTableAssociation/v1beta1 | +| mainRouteTableAssociations[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| mainRouteTableAssociations[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| mainRouteTableAssociations[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| natGateways | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/NATGateway/v1beta1 | +| natGateways[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| natGateways[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| natGateways[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| routeTableAssociations | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTableAssociation/v1beta1 | +| routeTableAssociations[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| routeTableAssociations[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| routeTableAssociations[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| routeTables | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTable/v1beta1 | +| routeTables[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| routeTables[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| routeTables[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| routes | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Route/v1beta1 | +| routes[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| routes[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| routes[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| securityGroupRules | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/SecurityGroupRule/v1beta1 | +| securityGroupRules[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| securityGroupRules[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| securityGroupRules[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| securityGroups | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/SecurityGroup/v1beta1 | +| securityGroups[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| securityGroups[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| securityGroups[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| subnets | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Subnet/v1beta1 | +| subnets[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| subnets[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| subnets[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| vpcs | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/VPC/v1beta1 | +| vpcs[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| vpcs[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| vpcs[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/eip-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/eip-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..5872fe5 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/eip-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.eips}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: EIP +metadata: + name: {{required "A valid value is required! (.Values.eips[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.eips.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.eips[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.eips[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/internet-gateway-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/internet-gateway-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..9c4b4c3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/internet-gateway-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.internetGateways}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: InternetGateway +metadata: + name: {{required "A valid value is required! (.Values.internetGateways[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.internetGateways.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.internetGateways[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.internetGateways[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/main-route-rable-association-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/main-route-rable-association-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..36fc134 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/main-route-rable-association-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.mainRouteTableAssociations}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: MainRouteTableAssociation +metadata: + name: {{required "A valid value is required! (.Values.mainRouteTableAssociations[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.mainRouteTableAssociations.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.mainRouteTableAssociations[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.mainRouteTableAssociations[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/nat-gateway-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/nat-gateway-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..a79ae0c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/nat-gateway-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.natGateways}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: NATGateway +metadata: + name: {{required "A valid value is required! (.Values.natGateways[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.natGateways.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.natGateways[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.natGateways[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..224634d --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.routes}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: Route +metadata: + name: {{required "A valid value is required! (.Values.routes[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.routes.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.routes[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.routes[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-association-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-association-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..0eff378 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-association-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.routeTableAssociations}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: RouteTableAssociation +metadata: + name: {{required "A valid value is required! (.Values.routeTableAssociations[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.routeTableAssociations.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.routeTableAssociations[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.routeTableAssociations[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..bf005da --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/route-table-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.routeTables}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: RouteTable +metadata: + name: {{required "A valid value is required! (.Values.routeTables[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.routeTables.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.routeTables[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.routeTables[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..0416671 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.securityGroups}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: SecurityGroup +metadata: + name: {{required "A valid value is required! (.Values.securityGroups[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.securityGroups.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.securityGroups[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.securityGroups[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-rule-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-rule-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..7083086 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/security-group-rule-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.securityGroupRules}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: SecurityGroupRuleRule +metadata: + name: {{required "A valid value is required! (.Values.securityGroupRules[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.securityGroupRules.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.securityGroupRules[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.securityGroupRules[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/subnet-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/subnet-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..3eada5f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/subnet-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.subnets}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: Subnet +metadata: + name: {{required "A valid value is required! (.Values.subnets[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.subnets.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.subnets[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.subnets[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/templates/vpc-ec2-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/vpc-ec2-aws-upbound-io.yaml new file mode 100644 index 0000000..213dd4c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/templates/vpc-ec2-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.vpcs}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: ec2.aws.upbound.io/v1beta1 +kind: VPC +metadata: + name: {{required "A valid value is required! (.Values.vpcs[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.vpcs.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.vpcs[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.vpcs[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml new file mode 100644 index 0000000..d61fa4a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml @@ -0,0 +1,109 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +eips: + - name: "clops-dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + omain: vpc + region: us-west-2 + providerConfigRef: + name: clops-dev-us-aws + - name: "clops-dev-us-ekscluster-2" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + omain: vpc + region: us-west-2 + providerConfigRef: + name: clops-dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/InternetGateway/v1beta1 +internetGateways: + - name: "clops-dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + region: us-west-2 + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/NATGateway/v1beta1 +natGateways: + - name: "clops-dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + allocationIdSelector: + matchLabels: + type: eip-1 + region: us-west-2 + subnetIdSelector: + matchLabels: + type: subnet + visibility: public + zone: us-west-2a + providerConfigRef: + name: clops-dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTable/v1beta1 +routeTables: + - name: "clops-dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + region: us-west-2 + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Subnet/v1beta1 +subnets: + - name: "clops-dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + availabilityZone: us-west-2a + cidrBlock: 192.168.50.0/24 + mapPublicIpOnLaunch: false + region: us-west-2 + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/VPC/v1beta1 +vpcs: + - name: "clops-dev-us-ekscluster" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "" + forProvider: + cidrBlock: 192.168.48.0/20 + enableDnsHostnames: true + enableDnsSupport: true + region: us-west-2 + providerConfigRef: + name: clops-dev-us-aws + +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/values.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/values.yaml new file mode 100644 index 0000000..bdfa1d9 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/values.yaml @@ -0,0 +1,205 @@ +--- +######################################################################################################################## +# @default -- list +defaults: + eips: + deletionPolicy: "" + internetGateways: + deletionPolicy: "" + natGateways: + deletionPolicy: "" + routeTables: + deletionPolicy: "" + subnets: + deletionPolicy: "" + vpcs: + deletionPolicy: "" + mainRouteTableAssociations: + deletionPolicy: "" + routes: + deletionPolicy: "" + routeTableAssociations: + deletionPolicy: "" + securityGroups: + deletionPolicy: "" + securityGroupRules: + deletionPolicy: "" +######################################################################################################################## +# @default -- list +# https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0 +eips: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/InternetGateway/v1beta1 +internetGateways: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/NATGateway/v1beta1 +natGateways: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTable/v1beta1 +routeTables: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Subnet/v1beta1 +subnets: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/VPC/v1beta1 +vpcs: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/MainRouteTableAssociation/v1beta1 +mainRouteTableAssociations: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Route/v1beta1 +routes: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTableAssociation/v1beta1 +routeTableAssociations: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/SecurityGroup/v1beta1 +securityGroups: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/SecurityGroupRule/v1beta1 +securityGroupRules: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/.ci.config.yaml new file mode 100644 index 0000000..3a7fb0f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/.helmignore b/helm/charts/mcp/crossplane-provider-aws-eks/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml new file mode 100644 index 0000000..e40df12 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml @@ -0,0 +1,35 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-aws-eks +description: A Helm Chart to template AWS EKS manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://marketplace.upbound.io/providers/upbound/provider-aws-eks/ + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ + - https://github.com/openmcp-project/blueprint-building-blocks + +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/README.md b/helm/charts/mcp/crossplane-provider-aws-eks/README.md new file mode 100644 index 0000000..b36aca1 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/README.md @@ -0,0 +1,40 @@ + + +# crossplane-provider-aws-eks + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template AWS EKS manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| clusters[0].annotations | list | `[]` | | +| clusters[0].labels | list | `[]` | | +| clusters[0].name | string | `""` | | +| clusters[0].ownerReferences | list | `[]` | | +| clusters[0].spec.deletionPolicy | string | `""` | | +| clusters[0].spec.forProvider | list | `[]` | | +| clusters[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| clusters[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| clusters[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| defaults.clusters.deletionPolicy | string | `""` | | +| defaults.nodeGroups.deletionPolicy | string | `""` | | +| nodeGroups | list | `[{"annotations":[],"labels":[],"name":"","ownerReferences":[],"spec":{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}}]` | https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/NodeGroup/v1beta1 | +| nodeGroups[0].spec | object | `{"deletionPolicy":"","forProvider":[],"providerConfigRef":[],"publishConnectionDetailsTo":[],"writeConnectionSecretToRef":[]}` | https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/Cluster/v1beta1 | +| nodeGroups[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| nodeGroups[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| nodeGroups[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-aws-eks/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/templates/cluster-eks-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/templates/cluster-eks-aws-upbound-io.yaml new file mode 100644 index 0000000..d976d8a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/templates/cluster-eks-aws-upbound-io.yaml @@ -0,0 +1,35 @@ +{{- range $item := .Values.clusters}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: eks.aws.upbound.io/v1beta1 +kind: Cluster +metadata: + name: {{required "A valid value is required! (.Values.clusters[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.clusters.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.clusters[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.clusters[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + writeConnectionSecretToRef: + {{- required "A valid value is required! (.Values.clusters[].spec.writeConnectionSecretToRef)" $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/templates/node-group-eks-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/templates/node-group-eks-aws-upbound-io.yaml new file mode 100644 index 0000000..4f77f34 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/templates/node-group-eks-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.nodeGroups}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: eks.aws.upbound.io/v1beta1 +kind: NodeGroup +metadata: + name: {{required "A valid value is required! (.Values.nodeGroups[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.nodeGroups.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.nodeGroups[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.nodeGroups[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml new file mode 100644 index 0000000..69082fa --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml @@ -0,0 +1,61 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +clusters: + - name: "clops-dev-us-ekscluster" + labels: + crossplane.io/composite: clops-dev-us-ekscluster + crossplane.io/claim-namespace: clops-dev-us + annotations: + crossplane.io/composition-resource-name: eks-cluster + spec: + deletionPolicy: "" + forProvider: + region: us-west-2 + roleArn: arn:aws:iam::XXXX:role/CLOPS-EKS-Cluster-Role + version: "1.29" + vpcConfig: + - endpointPrivateAccess: false + endpointPublicAccess: true + subnetIdSelector: + matchLabels: + type: subnet + visibility: private + providerConfigRef: + name: clops-dev-us-aws + writeConnectionSecretToRef: + name: clops-dev-us-connection-secret + namespace: crossplane-system + publishConnectionDetailsTo: {} +nodeGroups: + - name: "clops-dev-us-ekscluster" + labels: + crossplane.io/composite: clops-dev-us-ekscluster + crossplane.io/claim-namespace: clops-dev-us + annotations: + crossplane.io/composition-resource-name: eks-nodegroup + spec: + deletionPolicy: "" + forProvider: + amiType: AL2_x86_64 + clusterNameSelector: + matchControllerRef: true + instanceTypes: + - t3.medium + nodeRoleArn: arn:aws:iam::XXXX:role/CLOPS-EKS-WorkerNode-Role + region: us-west-2 + scalingConfig: + - desiredSize: 2 + maxSize: 2 + minSize: 1 + subnetIdSelector: + matchControllerRef: true + matchLabels: + type: subnet + visibility: private + providerConfigRef: + name: clops-dev-us-aws + publishConnectionDetailsTo: {} + writeConnectionSecretToRef: {} +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/values.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/values.yaml new file mode 100644 index 0000000..b262c38 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-eks/values.yaml @@ -0,0 +1,45 @@ +--- +######################################################################################################################## +# @default -- list +defaults: + clusters: + deletionPolicy: "" + nodeGroups: + deletionPolicy: "" +######################################################################################################################## +# @default -- list +# https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/Cluster/v1beta1 +clusters: + # eks.clusters[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# -- https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/NodeGroup/v1beta1 +nodeGroups: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # -- https://marketplace.upbound.io/providers/upbound/provider-aws-eks/v1.11.0/resources/eks.aws.upbound.io/Cluster/v1beta1 + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/.helmignore b/helm/charts/mcp/crossplane-provider-aws-iam/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml new file mode 100644 index 0000000..29f6920 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml @@ -0,0 +1,34 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-aws-iam +description: A Helm Chart to template AWS IAM manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.10 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://marketplace.upbound.io/providers/upbound/provider-aws-iam/ + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/README.md b/helm/charts/mcp/crossplane-provider-aws-iam/README.md new file mode 100644 index 0000000..baa357b --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/README.md @@ -0,0 +1,60 @@ + + +# crossplane-provider-aws-iam + +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template AWS IAM manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| accessKeys | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: AccessKey](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/AccessKey/v1beta1) | +| accessKeys[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| accessKeys[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| accessKeys[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| accessKeys[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| defaults.accessKeys.deletionPolicy | string | `""` | | +| defaults.policies.deletionPolicy | string | `""` | | +| defaults.rolePolicyAttachments.deletionPolicy | string | `""` | | +| defaults.roles.deletionPolicy | string | `""` | | +| defaults.userPolicyAttachments.deletionPolicy | string | `""` | | +| defaults.users.deletionPolicy | string | `""` | | +| policies | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: Policy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/Policy/v1beta1) | +| policies[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| policies[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| policies[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| policies[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| rolePolicyAttachments | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: RolePolicyAttachment](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/RolePolicyAttachment/v1beta1) | +| rolePolicyAttachments[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| rolePolicyAttachments[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| rolePolicyAttachments[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| rolePolicyAttachments[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| roles | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: UsRoleer](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/Role/v1beta1) | +| roles[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| roles[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| roles[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| roles[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| userPolicyAttachments | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: UserPolicyAttachment](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/UserPolicyAttachment/v1beta1) | +| userPolicyAttachments[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| userPolicyAttachments[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| userPolicyAttachments[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| userPolicyAttachments[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| users | list | {} | Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: User](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1) | +| users[0].spec.deletionPolicy | string | `""` | [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| users[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| users[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| users[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-aws-iam/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/access-key-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/access-key-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..1519f21 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/access-key-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.accessKeys}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: AccessKey +metadata: + name: {{required "A valid value is required! (.Values.accessKeys[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.accessKeys.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.accessKeys[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.accessKeys[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/policy-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/policy-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..35a5dec --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/policy-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.policies}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Policy +metadata: + name: {{required "A valid value is required! (.Values.policies[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.policies.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.policies[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.policies[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..c569aae --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.roles}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: Role +metadata: + name: {{required "A valid value is required! (.Values.roles[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.roles.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.roles[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.roles[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-policy-attachment-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-policy-attachment-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..83987cb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/role-policy-attachment-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.rolePolicyAttachments}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: RolePolicyAttachment +metadata: + name: {{required "A valid value is required! (.Values.rolePolicyAttachments[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.rolePolicyAttachments.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.rolePolicyAttachments[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.rolePolicyAttachments[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..e6fc9c5 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.users}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: User +metadata: + name: {{required "A valid value is required! (.Values.users[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.users.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.users[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.users[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-policy-attachment-iam-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-policy-attachment-iam-aws-upbound-io.yaml new file mode 100644 index 0000000..a90526e --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/templates/user-policy-attachment-iam-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.userPolicyAttachments}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.aws.upbound.io/v1beta1 +kind: UserPolicyAttachment +metadata: + name: {{required "A valid value is required! (.Values.userPolicyAttachments[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.labels}} + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.userPolicyAttachments.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.userPolicyAttachments[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.userPolicyAttachments[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml new file mode 100644 index 0000000..5d32166 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml @@ -0,0 +1,121 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +roles: +- name: "clops-dev-us-ekscluster" + labels: + crossplane.io/composite: clops-dev-us-ekscluster + crossplane.io/claim-namespace: clops-dev-us + annotations: + crossplane.io/composition-resource-name: role + spec: + deletionPolicy: "" + forProvider: + assumeRolePolicy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + providerConfigRef: + name: clops-dev-us-aws + publishConnectionDetailsTo: {} + writeConnectionSecretToRef: {} +rolePolicyAttachments: +- name: "clops-dev-us-ekscluster" + labels: + crossplane.io/composite: clops-dev-us-ekscluster + crossplane.io/claim-namespace: clops-dev-us + annotations: + crossplane.io/composition-resource-name: rolePolicyAttachment + spec: + deletionPolicy: "" + forProvider: + policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy + roleSelector: + matchControllerRef: true + providerConfigRef: + name: clops-dev-us-aws + publishConnectionDetailsTo: {} + writeConnectionSecretToRef: {} +policies: +- name: user-policy + labels: + testing.upbound.io/example-name: user + spec: + providerConfigRef: + name: provider-config-ref + forProvider: + policy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": "elastic-inference:Connect", + "Resource": "*" + } + ] + } +users: +- name: sample-user-RFC1123Subdomain-1 + annotations: + meta.upbound.io/example-id: iam/v1beta1/accesskey + labels: + testing.upbound.io/example-name: accesskey + spec: + providerConfigRef: + name: provider-config-ref + forProvider: {} + +userPolicyAttachments: +- name: example + spec: + providerConfigRef: + name: provider-config-ref + forProvider: + policyArnSelector: + matchLabels: + testing.upbound.io/example-name: user + userSelector: + matchLabels: + testing.upbound.io/example-name: user +accessKeys: +- name: sample-access-key-RFC1123Subdomain + annotations: + meta.upbound.io/example-id: iam/v1beta1/accesskey + labels: + testing.upbound.io/example-name: user + spec: + providerConfigRef: + name: provider-config-ref + forProvider: + userSelector: + matchLabels: + testing.upbound.io/example-name: accesskey + writeConnectionSecretToRef: + name: sample-access-key-secret + namespace: upbound-system +- name: sample-access-key + labels: + testing.upbound.io/example-name: user + spec: + providerConfigRef: + name: provider-config-ref + forProvider: + userSelector: + matchLabels: + testing.upbound.io/example-name: user + writeConnectionSecretToRef: + name: sample-access-key-secret + namespace: upbound-system +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/values.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/values.yaml new file mode 100644 index 0000000..b26dfa6 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-iam/values.yaml @@ -0,0 +1,137 @@ +--- +######################################################################################################################## +# @default -- {} +defaults: + roles: + deletionPolicy: "" + users: + deletionPolicy: "" + policies: + deletionPolicy: "" + userPolicyAttachments: + deletionPolicy: "" + rolePolicyAttachments: + deletionPolicy: "" + accessKeys: + deletionPolicy: "" +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: UsRoleer](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/Role/v1beta1) +# @default -- {} +roles: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: User](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1) +# @default -- {} +users: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: RolePolicyAttachment](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/RolePolicyAttachment/v1beta1) +# @default -- {} +rolePolicyAttachments: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: Policy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/Policy/v1beta1) +# @default -- {} +policies: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: UserPolicyAttachment](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/UserPolicyAttachment/v1beta1) +# @default -- {} +userPolicyAttachments: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- Official documentation: [AWS IAM Provider](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0) and [Kind: AccessKey](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/AccessKey/v1beta1) +# @default -- {} +accessKeys: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + # @default -- [] + spec: + # -- [DeletionPolicy](https://marketplace.upbound.io/providers/upbound/provider-aws-iam/v1.11.0/resources/iam.aws.upbound.io/User/v1beta1#doc:spec-deletionPolicy) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/.ci.config.yaml new file mode 100644 index 0000000..3a7fb0f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/.helmignore b/helm/charts/mcp/crossplane-provider-aws-rdr/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml new file mode 100644 index 0000000..4ee3ee8 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml @@ -0,0 +1,34 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-aws-rdr +description: A Helm Chart to template AWS RDR manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.8 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://marketplace.upbound.io/providers/upbound/provider-aws-iam/ + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/README.md b/helm/charts/mcp/crossplane-provider-aws-rdr/README.md new file mode 100644 index 0000000..d69491b --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/README.md @@ -0,0 +1,34 @@ + + +# crossplane-provider-aws-rdr + +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template AWS RDR manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults.instances.deletionPolicy | string | `""` | | +| instances[0].annotations | list | `[]` | | +| instances[0].labels | list | `[]` | | +| instances[0].name | string | `""` | | +| instances[0].ownerReferences | list | `[]` | | +| instances[0].spec.deletionPolicy | string | `""` | | +| instances[0].spec.forProvider | list | `[]` | | +| instances[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| instances[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| instances[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-aws-rdr/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/templates/instance-rdr-aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/templates/instance-rdr-aws-upbound-io.yaml new file mode 100644 index 0000000..c2fd80a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/templates/instance-rdr-aws-upbound-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.instances}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: rds.aws.upbound.io/v1beta2 +kind: Instance +metadata: + name: {{required "A valid value is required! (.Values.instances[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.instances.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.instances[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.instances[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml new file mode 100644 index 0000000..e3b5d88 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml @@ -0,0 +1,37 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +instances: + - name: "rds-instance" + labels: {} + annotations: {} + ownerReferences: {} + spec: + forProvider: + allocatedStorage: 20 + autoGeneratePassword: true + autoMinorVersionUpgrade: true + backupRetentionPeriod: 14 + backupWindow: 09:46-10:16 + dbName: clopsdevusdb + engine: postgres + engineVersion: "16.1" + instanceClass: db.t3.micro + maintenanceWindow: Mon:00:00-Mon:03:00 + passwordSecretRef: + key: password + name: clops-dev-us-rds-admin-pw + namespace: clops-dev-us + publiclyAccessible: false + region: us-east-1 + skipFinalSnapshot: true + storageEncrypted: true + storageType: gp2 + username: adminuser + providerConfigRef: + name: clops-dev-us-aws + writeConnectionSecretToRef: + name: clops-dev-us-rds-connection-details + namespace: clops-dev-us +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/values.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/values.yaml new file mode 100644 index 0000000..4640ea8 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/values.yaml @@ -0,0 +1,27 @@ +--- +######################################################################################################################## +# @default -- list +defaults: + instances: + deletionPolicy: "" +######################################################################################################################## +# @default -- list +# https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws/v0.36.1/resources/ec2.aws.crossplane.io/ +# https://marketplace.upbound.io/providers/crossplane-contrib/provider-aws/v0.36.1/resources/ec2.aws.crossplane.io/Instance/v1alpha1 +instances: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] + +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-btp-security/.ci.config.yaml new file mode 100644 index 0000000..b66bdbe --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/.ci.config.yaml @@ -0,0 +1,20 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml b/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml new file mode 100644 index 0000000..82d4609 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml @@ -0,0 +1,33 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-btp-security +description: A Helm Chart to template crossplane manifests to manage BTP resources such as Directory, TrustConfiguration and RoleCollection Assignment on BTP. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.10 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-btp-security/README.md b/helm/charts/mcp/crossplane-provider-btp-security/README.md new file mode 100644 index 0000000..a23d7f3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/README.md @@ -0,0 +1,38 @@ + + +# crossplane-provider-btp-security + +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane manifests to manage BTP resources such as Directory, TrustConfiguration and RoleCollection Assignment on BTP. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| globalaccountTrustConfigurations | list | object | `globalaccountTrustConfigurations[].` orchestrate [`kind: GlobalaccountTrustConfiguration`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| globalaccountTrustConfigurations[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| globalaccountTrustConfigurations[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1) CRD | +| globalaccountTrustConfigurations[0].name | string | - | Name of the GlobalaccountTrustConfiguration resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1?path=metadata). | +| globalaccountTrustConfigurations[0].writeConnectionSecretToRef | list | `[]` | optional | +| roleCollectionAssignments | list | object | `roleCollectionAssignments[].` orchestrate [`kind: RoleCollectionAssignment`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| roleCollectionAssignments[0] | object | `{"apiCredentials":[],"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| roleCollectionAssignments[0].apiCredentials | list | `[]` | [apiCredentials](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) CRD | +| roleCollectionAssignments[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) CRD | +| roleCollectionAssignments[0].name | string | - | Name of the RoleCollectionAssignment resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1?path=metadata). | +| roleCollectionAssignments[0].writeConnectionSecretToRef | list | `[]` | optional | +| subaccountTrustConfigurations | list | object | `subaccountTrustConfigurations[].` orchestrate [`kind: SubaccountTrustConfiguration`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| subaccountTrustConfigurations[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| subaccountTrustConfigurations[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1) CRD | +| subaccountTrustConfigurations[0].name | string | - | Name of the SubaccountTrustConfiguration resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1?path=metadata). | +| subaccountTrustConfigurations[0].writeConnectionSecretToRef | list | `[]` | optional | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-btp-security/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-btp-security/templates/globalaccount-trust-configuration.yaml b/helm/charts/mcp/crossplane-provider-btp-security/templates/globalaccount-trust-configuration.yaml new file mode 100644 index 0000000..e38b65c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/templates/globalaccount-trust-configuration.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.globalaccountTrustConfigurations }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: security.btp.sap.crossplane.io/v1alpha1 +kind: GlobalaccountTrustConfiguration +metadata: + name: {{required "A valid value is required! (.Values.globalaccountTrustConfigurations[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.globalaccountTrustConfigurations[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.globalaccountTrustConfigurations[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-btp-security/templates/role-collection-assignment.yaml b/helm/charts/mcp/crossplane-provider-btp-security/templates/role-collection-assignment.yaml new file mode 100644 index 0000000..a270e5c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/templates/role-collection-assignment.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.roleCollectionAssignments }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: security.btp.sap.crossplane.io/v1alpha1 +kind: RoleCollectionAssignment +metadata: + name: {{required "A valid value is required! (.Values.roleCollectionAssignments[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.roleCollectionAssignments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.roleCollectionAssignments[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.apiCredentials}} + apiCredentials: + {{- $item.apiCredentials | toYaml | nindent 4 }} + {{- end }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/templates/subaccount-trust-configuration.yaml b/helm/charts/mcp/crossplane-provider-btp-security/templates/subaccount-trust-configuration.yaml new file mode 100644 index 0000000..bf116cf --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/templates/subaccount-trust-configuration.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.subaccountTrustConfigurations }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: security.btp.sap.crossplane.io/v1alpha1 +kind: SubaccountTrustConfiguration +metadata: + name: {{required "A valid value is required! (.Values.subaccountTrustConfigurations[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.subaccountTrustConfigurations[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.subaccountTrustConfigurations[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/values.ci.yaml b/helm/charts/mcp/crossplane-provider-btp-security/values.ci.yaml new file mode 100644 index 0000000..02c5f06 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/values.ci.yaml @@ -0,0 +1,65 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +subaccountTrustConfigurations: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "subaccountTrustConfiguration" + forProvider: + autoCreateShadowUsers: true + availableForUserLogon: true + description: "description" + domain: "domain" + identityProvider: "identityProvider" + linkText: "linkText" + name: "name" + status: "status" + subaccountId: "subaccountId" + subaccountRef: + name: "name" + policy: + resolution: "resolution" + resolve: "Always" + subaccountSelector: + matchControllerRef: true + matchLabels: + policy: + resolution: "resolution" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" +######################################################################################################################## +roleCollectionAssignments: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "roleCollectionAssignments" + forProvider: + groupName: "groupName" + origin: "origin" + roleCollectionName: "roleCollectionName" + userName: "userName" + apiCredentials: + env: + name: "name" + fs: + path: "path" + secretRef: + key: "key" + name: "name" + namespace: "namespace" + source: "source" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" +######################################################################################################################## +globalaccountTrustConfigurations: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "globalaccountTrustConfiguration" + forProvider: + description: "description" + identityProvider: "identityProvider" + name: "name" + origin: "origin" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-btp-security/values.yaml b/helm/charts/mcp/crossplane-provider-btp-security/values.yaml new file mode 100644 index 0000000..f967692 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-btp-security/values.yaml @@ -0,0 +1,43 @@ +--- +######################################################################################################################## +# -- `subaccountTrustConfigurations[].` orchestrate [`kind: SubaccountTrustConfiguration`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +subaccountTrustConfigurations: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # subaccountTrustConfigurations[0].name -- Name of the SubaccountTrustConfiguration resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1?path=metadata). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/subaccounttrustconfiguration/v1alpha1) CRD + forProvider: [] + # -- optional + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- `roleCollectionAssignments[].` orchestrate [`kind: RoleCollectionAssignment`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +roleCollectionAssignments: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # roleCollectionAssignments[0].name -- Name of the RoleCollectionAssignment resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1?path=metadata). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) CRD + forProvider: [] + # -- [apiCredentials](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/rolecollectionassignment/v1alpha1) CRD + apiCredentials: [] + # -- optional + writeConnectionSecretToRef: [] +######################################################################################################################## +# -- `globalaccountTrustConfigurations[].` orchestrate [`kind: GlobalaccountTrustConfiguration`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +globalaccountTrustConfigurations: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # globalaccountTrustConfigurations[0].name -- Name of the GlobalaccountTrustConfiguration resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1?path=metadata). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/security.btp.sap.crossplane.io/globalaccounttrustconfiguration/v1alpha1) CRD + forProvider: [] + # -- optional + writeConnectionSecretToRef: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-configs/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/.helmignore b/helm/charts/mcp/crossplane-provider-configs/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-configs/Chart.yaml b/helm/charts/mcp/crossplane-provider-configs/Chart.yaml new file mode 100644 index 0000000..d23908a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/Chart.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: v2 +name: crossplane-provider-configs +description: A Helm chart to template crossplane provider config manifests to orchestrate resources. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.15 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +sources: + - https://github.com/openmcp-project/blueprint-building-blocks \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/README.md b/helm/charts/mcp/crossplane-provider-configs/README.md new file mode 100644 index 0000000..3054df5 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/README.md @@ -0,0 +1,66 @@ + + +# crossplane-provider-configs + +![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane provider config manifests to orchestrate resources. + +**Homepage:** + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| providerConfigs.accountBtpOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: account.btp.orchestrate.cloud.sap/v1alpha1` This `ProviderConfig` typically points to k8s secret in which the json credentials of a BTP's [Cloud Management Service](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#setup-btp-cloud-management-service) Binding is in order to manage [BTP Cloud Resources](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#configure-providerconfig) such as [BTP Sub-Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts), [Entitlements](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements), ect... | +| providerConfigs.accountBtpOrchestrateCloud[0].cisCredentials | object | [] | Secret which contains credentials required to authenticate to this provider. Reference to a secret containing the CIS Accounts service credentials. The Cloud Management (CIS) instance must be of plan central. The Service Binding should be created with the following parameters {"grantType": "clientCredentials"} See [Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider) and [CRD browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-cisCredentials) for more details. | +| providerConfigs.accountBtpOrchestrateCloud[0].cisCredentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.accountBtpOrchestrateCloud[0].cliServerUrl | string | `""` | contains BTP CLI server url. E.g. https://cli.btp.cloud.sap or canary: https://canary.cli.btp.int.sap/ . More landscapes see [here](https://wiki.one.int.sap/wiki/pages/viewpage.action?spaceKey=CPCLI&title=Landscapes) | +| providerConfigs.accountBtpOrchestrateCloud[0].globalAccountSubDomain | string | `""` | contains the [Global Account Subdomain](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-globalAccount). | +| providerConfigs.accountBtpOrchestrateCloud[0].serviceAccountSecret.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.awsUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v1.15.0/resources/aws.upbound.io/ProviderConfig/v1beta1) of `aws.upbound.io/v1beta1`. Additional information see [AWS Quickstart](https://docs.crossplane.io/latest/getting-started/provider-aws/#create-a-providerconfig). | +| providerConfigs.awsUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.azureUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-azure/v1.7.0/resources/azure.upbound.io/ProviderConfig/v1beta1) of `azure.upbound.io/v1beta1`. Additional information see [Azure Quickstart](https://docs.crossplane.io/latest/getting-started/provider-azure/). | +| providerConfigs.azureUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.btpSapCrossplane | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: btp.sap.crossplane.io` This `ProviderConfig` typically points to k8s secret in which the json credentials of a BTP's [Cloud Management Service](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#setup-btp-cloud-management-service) Binding is in order to manage [BTP Cloud Resources](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#configure-providerconfig) such as [BTP Sub-Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts), [Entitlements](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements), ect... | +| providerConfigs.btpSapCrossplane[0].cisCredentials | object | [] | Secret which contains credentials required to authenticate to this provider. Reference to a secret containing the CIS Accounts service credentials. The Cloud Management (CIS) instance must be of plan central. The Service Binding should be created with the following parameters `{"grantType": "clientCredentials"}` See [Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider) and [CRD browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/btp.sap.crossplane.io/providerconfig/v1alpha1?view=docs) for more details. | +| providerConfigs.btpSapCrossplane[0].cisCredentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.btpSapCrossplane[0].cliServerUrl | string | `""` | contains BTP CLI server url. E.g. https://cli.btp.cloud.sap or canary: https://canary.cli.btp.int.sap/ . More landscapes see [here](https://wiki.one.int.sap/wiki/pages/viewpage.action?spaceKey=CPCLI&title=Landscapes) | +| providerConfigs.btpSapCrossplane[0].globalAccountSubDomain | string | `""` | contains the [Global Account Subdomain](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-globalAccount). | +| providerConfigs.btpSapCrossplane[0].serviceAccountSecret | object | [] | A user available in BTP. The Credentials in the ServiceAccountSecret are relevant for two reasons (1) On environment creation (Kyma & CloudFoundry) the APIs require a users email address (2) For updating the managers of a CloudFoundry Environment it is required to have a user and a password The structure is pretty basic, a json object with email, username and password. Username & Password must not be filled if there is no need for CloudFoundry Environments. Example: { "email": "", "username": "PUserID", "password": "--" } | +| providerConfigs.btpSapCrossplane[0].serviceAccountSecret.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.cloudfoundryBtpOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: cloudfoundry.btp.orchestrate.cloud.sap/v1beta1` This [`ProviderConfig`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-cloudfoundry/cloudfoundry.btp.orchestrate.cloud.sap/providerconfig/v1beta1) typically points to k8s secret in which the credentials required for the [BTP Cloud Foundry](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/cloudfoundry/provider) provider to communicate with the Cloud Foundry Environment on BTP. | +| providerConfigs.cloudfoundryBtpOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.cloudfoundryBtpOrchestrateCloud[0].endpoint.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.dynatraceOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: dynatrace.orchestrate.cloud.sap/v1beta1` | +| providerConfigs.dynatraceOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.gardenerOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of SAP Garden k8s Service Account is located in order to create a SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your CO MCP cluster as a k8s secret. | +| providerConfigs.gardenerOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.gcpUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/gcp.crossplane.io/ProviderConfig/v1beta1) of `gcp.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). | +| providerConfigs.gcpUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.helmCrossplane | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: helm.crossplane.io/v1beta1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. The `ProviderConfig` is required to manage `Helm Charts` installations on a k8s cluster such as [`kind: ProviderConfig`](../crossplane-provider-helm/templates/helm-release.yaml) of `apiVersion: helm.crossplane.io/v1beta1` . | +| providerConfigs.helmCrossplane[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.hyperscalerOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: hyperscaler.orchestrate.cloud.sap/v1alpha1` | +| providerConfigs.hyperscalerOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.iasBtpOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of [`ias.btp.orchestrate.cloud.sap/v1alpha1`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-ias) | +| providerConfigs.iasBtpOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.kubernetesCrossplane | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: kubernetes.crossplane.io/v1alpha1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. The `ProviderConfig` is required to orchestrate SAP Gardener Shoot Clusters such as [`kind: Shoot`](../crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster.yaml) of `apiVersion: core.gardener.cloud/v1beta1` or manage plain k8s `manifests` (e.g. ConfigMap...) on a k8s cluster (e.g. SAP Gardern Shoot Cluster) [`kind: Object`](../crossplane-provider-kubernetes/templates/kubernetes.yaml) of `apiVersion: kubernetes.crossplane.io/v1alpha1` directly. See Cloud Orchestrator [SAP Gardener Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/gardener/provider#gardener-providerconfig). | +| providerConfigs.kubernetesCrossplane[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.vaultUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1) of `vault.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). | +| providerConfigs.vaultUpbound[0].spec | object | [] | A [ProviderConfigSpec]((https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1)) defines the desired state of a ProviderConfig. | +| providerConfigs.vaultUpbound[0].spec.address | string | `""` | Required origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path. | +| providerConfigs.vaultUpbound[0].spec.credentials | object | [] | Credentials required to authenticate to this provider. There are many options to authenticate. They include - token - (Optional) Vault token that will be used by Terraform to authenticate. May be set via the VAULT_TOKEN environment variable. If none is otherwise supplied, Terraform will attempt to read it from ~/.vault-token (where the vault command stores its current token). Terraform will issue itself a new token that is a child of the one given, with a short TTL to limit the exposure of any requested secrets, unless skip_child_token is set to true (see below). Note that the given token must have the update capability on the auth/token/create path in Vault in order to create child tokens. A token is required for the provider. A token can explicitly set via token argument, alternatively a token can be dynamically set via an auth_login* block. | +| providerConfigs.vaultUpbound[0].spec.credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | +| providerConfigs.vaultUpbound[0].spec.namespace | string | `""` | Set the namespace to use. | +| providerConfigs.vaultUpbound[0].spec.skip_child_token | string | `nil` | Set this to true to disable creation of an intermediate ephemeral Vault token for Terraform to use. Enabling this is strongly discouraged since it increases the potential for a renewable Vault token being exposed in clear text. Only change this setting when the provided token cannot be permitted to create child tokens and there is no risk of exposure from the output of Terraform. | +| secrets[0].data | list | [] | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | +| secrets[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | +| secrets[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| secrets[0].stringData | list | [] | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-configs/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-configs/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/_helpers.tpl b/helm/charts/mcp/crossplane-provider-configs/templates/_helpers.tpl new file mode 100644 index 0000000..944976c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cloud-orchestration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-orchestration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-orchestration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-orchestration.labels" -}} +helm.sh/chart: {{ include "cloud-orchestration.chart" . }} +{{ include "cloud-orchestration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-orchestration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-orchestration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-orchestration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-orchestration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/aws-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/aws-upbound-io.yaml new file mode 100644 index 0000000..f9dc6a9 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/aws-upbound-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.awsUpbound}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: aws.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.awsUpbound[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.awsUpbound[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/azure-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/azure-upbound-io.yaml new file mode 100644 index 0000000..22eaec0 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/azure-upbound-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.azureUpbound}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: azure.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.azureUpbound[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.azureUpbound[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/btp.sap.crossplane.io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/btp.sap.crossplane.io.yaml new file mode 100644 index 0000000..a5f875b --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/btp.sap.crossplane.io.yaml @@ -0,0 +1,19 @@ +{{- range $item := .Values.providerConfigs.btpSapCrossplane}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: btp.sap.crossplane.io/v1alpha1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + cliServerUrl: {{required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].cliServerUrl)" $item.cliServerUrl | quote}} + globalAccount: {{required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].globalAccountSubDomain)" $item.globalAccountSubDomain | lower | quote}} + cisCredentials: + {{- required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].cisCredentials)" $item.cisCredentials | toYaml | nindent 4 }} + serviceAccountSecret: + {{- required "A valid value is required! (.Values.providerConfigs.btpSapCrossplane[].serviceAccountSecret)" $item.serviceAccountSecret | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gardener-orchestrate-cloud-sap.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gardener-orchestrate-cloud-sap.yaml new file mode 100644 index 0000000..5d1eb47 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gardener-orchestrate-cloud-sap.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.gardenerOrchestrateCloud}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: gardener.orchestrate.cloud.sap/v1alpha1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.gardenerOrchestrateCloud[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.gardenerOrchestrateCloud[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gcp-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gcp-upbound-io.yaml new file mode 100644 index 0000000..6cd9f05 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/gcp-upbound-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.gcpUpbound}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: gcp.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.gcpUpbound[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.gcpUpbound[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/helm-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/helm-crossplane-io.yaml new file mode 100644 index 0000000..f5b72ea --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/helm-crossplane-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.helmCrossplane}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: helm.crossplane.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.helmCrossplane[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.helmCrossplane[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/kubernetes-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/kubernetes-crossplane-io.yaml new file mode 100644 index 0000000..9ae7043 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/kubernetes-crossplane-io.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.providerConfigs.kubernetesCrossplane}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.kubernetesCrossplane[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + credentials: + {{- required "A valid value is required! (.Values.providerConfigs.kubernetesCrossplane[].credentials)" $item.credentials | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/vault-upbound-io.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/vault-upbound-io.yaml new file mode 100644 index 0000000..c910c76 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/providerConfigs/vault-upbound-io.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.providerConfigs.vaultUpbound}} + {{- if and ($item) (ne $item.providerConfigRefName "")}} +--- +apiVersion: vault.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: {{required "A valid value is required! (.Values.providerConfigs.vaultUpbound[].providerConfigRefName)" $item.providerConfigRefName | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.providerConfigs.vaultUpbound[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/templates/mcp/secrets/generic-secret.yaml b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/secrets/generic-secret.yaml new file mode 100644 index 0000000..d645ccd --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/templates/mcp/secrets/generic-secret.yaml @@ -0,0 +1,24 @@ +{{- range $item := .Values.secrets}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{required "A valid value is required! (.Values.secrets[].name)" $item.name | lower | quote}} + namespace: {{required "A valid value is required! (.Values.secrets[].namespace)" $item.namespace | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.stringData}} +stringData: + {{- range $key, $value := $item.stringData }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if $item.data}} +data: + {{- toYaml $item.data | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml b/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml new file mode 100644 index 0000000..3eb4c06 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml @@ -0,0 +1,134 @@ +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +providerConfigs: + kubernetesCrossplane: + - providerConfigRefName: "garden-ketos-co-sa-mcp-test" + credentials: + source: "Secret" + secretRef: + name: "garden-ketos-co-sa-mcp-test" + namespace: default + key: kubeconfig + helmCrossplane: + - providerConfigRefName: "gardener-shoot-steffen-test" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "gardener-shoot-kubeconfig-steffen-test" + key: kubeconfig + gardenerOrchestrateCloud: + - providerConfigRefName: "garden-ketos-co-sa-mcp-test" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "garden-ketos-co-sa-mcp-test" + key: kubeconfig + dynatraceOrchestrateCloud: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + hyperscalerOrchestrateCloud: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + awsUpbound: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + gcpUpbound: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + azureUpbound: + - providerConfigRefName: "providerConfigRefName" + credentials: + source: "Secret" + secretRef: + namespace: default + name: "name" + key: kubeconfig + accountBtpOrchestrateCloud: + - providerConfigRefName: "ketos-kita-test" + cliServerUrl: "cliServerUrl" + globalAccountSubDomain: "globalAccountSubDomain" + cisCredentials: + source: "Secret" + secretRef: + namespace: default + name: "btp-account-ketos-kita-test" + key: btp-cis-provider-credentials + serviceAccountSecret: + source: "Secret" + secretRef: + namespace: default + name: "btp-account-ketos-kita-test" + key: btp-service-account-provider-credentials + btpSapCrossplane: + - providerConfigRefName: "ketos-kita-test" + cliServerUrl: "cliServerUrl" + globalAccountSubDomain: "globalAccountSubDomain" + cisCredentials: + source: "Secret" + secretRef: + namespace: default + name: "btp-account-ketos-kita-test" + key: btp-cis-provider-credentials + serviceAccountSecret: + source: "Secret" + secretRef: + namespace: default + name: "btp-account-ketos-kita-test" + key: btp-service-account-provider-credentials + cloudfoundryBtpOrchestrateCloud: + - providerConfigRefName: "cloudfoundryBtpOrchestrateCloud" + endpoint: + source: "Secret" + secretRef: + name: cf-environment-secret + namespace: default + key: apiEndpoint + credentials: + source: "Secret" + secretRef: + name: cf-credentials-secret + namespace: default + key: credentials + vaultUpbound: + - providerConfigRefName: "vaultUpbound" + spec: + address: https://vault.tools.sap + namespace: artificial-intelligence/aicore + skip_child_token: true + credentials: + source: Secret + secretRef: + name: vault-creds + namespace: default + key: credentials +######################################################################################################################## +secrets: + - name: "name" + namespace: "namespace" + stringData: + foo: "bar" + #data: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-configs/values.yaml b/helm/charts/mcp/crossplane-provider-configs/values.yaml new file mode 100644 index 0000000..705a887 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-configs/values.yaml @@ -0,0 +1,169 @@ +--- +######################################################################################################### +providerConfigs: + # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: kubernetes.crossplane.io/v1alpha1` + # This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. + # The `ProviderConfig` is required to orchestrate SAP Gardener Shoot Clusters such as [`kind: Shoot`](../crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster.yaml) of `apiVersion: core.gardener.cloud/v1beta1` + # or manage plain k8s `manifests` (e.g. ConfigMap...) on a k8s cluster (e.g. SAP Gardern Shoot Cluster) [`kind: Object`](../crossplane-provider-kubernetes/templates/kubernetes.yaml) of `apiVersion: kubernetes.crossplane.io/v1alpha1` directly. + # See Cloud Orchestrator [SAP Gardener Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/gardener/provider#gardener-providerconfig). + # @default -- [] + kubernetesCrossplane: + - providerConfigRefName: "" + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "kubeconfig" + ######################################################################################################################## + # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: helm.crossplane.io/v1beta1` + # This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. + # The `ProviderConfig` is required to manage `Helm Charts` installations on a k8s cluster + # such as [`kind: ProviderConfig`](../crossplane-provider-helm/templates/helm-release.yaml) of `apiVersion: helm.crossplane.io/v1beta1` . + # @default -- [] + helmCrossplane: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "kubeconfig" + ######################################################################################################################## + # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` + # This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of SAP Garden k8s Service Account + # is located in order to create a SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` + # on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your CO MCP cluster as a k8s secret. + # @default -- [] + gardenerOrchestrateCloud: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "kubeconfig" + ######################################################################################################################## + # -- creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-azure/v1.7.0/resources/azure.upbound.io/ProviderConfig/v1beta1) of `azure.upbound.io/v1beta1`. Additional information see [Azure Quickstart](https://docs.crossplane.io/latest/getting-started/provider-azure/). + # @default -- [] + azureUpbound: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" + ######################################################################################################################## + # -- creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v1.15.0/resources/aws.upbound.io/ProviderConfig/v1beta1) of `aws.upbound.io/v1beta1`. Additional information see [AWS Quickstart](https://docs.crossplane.io/latest/getting-started/provider-aws/#create-a-providerconfig). + # @default -- [] + awsUpbound: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" + ######################################################################################################################## + # -- creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/gcp.crossplane.io/ProviderConfig/v1beta1) of `gcp.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). + # @default -- [] + gcpUpbound: + - providerConfigRefName: "" + # @default -- [] + credentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" + ######################################################################################################################## + # -- creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1) of `vault.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). + # @default -- [] + vaultUpbound: + - providerConfigRefName: "" + # -- A [ProviderConfigSpec]((https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1)) defines the desired state of a ProviderConfig. + # @default -- [] + spec: + # -- Required origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path. + address: "" + # -- Set the namespace to use. + namespace: "" + # -- Set this to true to disable creation of an intermediate ephemeral Vault token for Terraform to use. Enabling this is strongly discouraged since it increases the potential for a renewable Vault token being exposed in clear text. Only change this setting when the provided token cannot be permitted to create child tokens and there is no risk of exposure from the output of Terraform. + skip_child_token: + # -- Credentials required to authenticate to this provider. There are many options to authenticate. They include - token - (Optional) Vault token that will be used by Terraform to authenticate. May be set via the VAULT_TOKEN environment variable. If none is otherwise supplied, Terraform will attempt to read it from ~/.vault-token (where the vault command stores its current token). Terraform will issue itself a new token that is a child of the one given, with a short TTL to limit the exposure of any requested secrets, unless skip_child_token is set to true (see below). Note that the given token must have the update capability on the auth/token/create path in Vault in order to create child tokens. A token is required for the provider. A token can explicitly set via token argument, alternatively a token can be dynamically set via an auth_login* block. + # @default -- [] + credentials: + source: Secret + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + name: "" + namespace: "" + key: "" + ######################################################################################################################## + # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: btp.sap.crossplane.io` + # This `ProviderConfig` typically points to k8s secret in which the json credentials of a + # BTP's [Cloud Management Service](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#setup-btp-cloud-management-service) Binding is in order to manage [BTP Cloud Resources](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#configure-providerconfig) + # such as [BTP Sub-Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts), [Entitlements](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements), ect... + # @default -- [] + btpSapCrossplane: + - providerConfigRefName: "" + # -- contains BTP CLI server url. E.g. https://cli.btp.cloud.sap or canary: https://canary.cli.btp.int.sap/ . More landscapes see [here](https://wiki.one.int.sap/wiki/pages/viewpage.action?spaceKey=CPCLI&title=Landscapes) + cliServerUrl: "" + # -- contains the [Global Account Subdomain](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-globalAccount). + globalAccountSubDomain: "" + # -- Secret which contains credentials required to authenticate to this provider. + # Reference to a secret containing the CIS Accounts service credentials. The Cloud Management (CIS) instance must be of plan central. + # The Service Binding should be created with the following parameters `{"grantType": "clientCredentials"}` + # See [Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider) and [CRD browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/btp.sap.crossplane.io/providerconfig/v1alpha1?view=docs) for more details. + # @default -- [] + cisCredentials: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" + # -- A user available in BTP. The Credentials in the ServiceAccountSecret are relevant for two reasons (1) On environment creation (Kyma & CloudFoundry) the APIs require a users email address (2) For updating the managers of a CloudFoundry Environment it is required to have a user and a password The structure is pretty basic, a json object with email, username and password. Username & Password must not be filled if there is no need for CloudFoundry Environments. Example: { "email": "", "username": "PUserID", "password": "--" } + # @default -- [] + serviceAccountSecret: + source: "Secret" + # -- A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. + # @default -- [] + secretRef: + namespace: "default" + name: "" + key: "" +######################################################################################################################## +# @secrets -- :exclamation::exclamation: never EVER PUSH confidential secrets/credentials in plain text into GIT :exclamation::exclamation: +# @default -- [] +secrets: + # secrets[0].name -- defines k8s `metadata.name` value of `kind: Secret` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` + namespace: "" + # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. + # @default -- [] + stringData: [] + # -- *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 + # @default -- [] + data: [] +######################################################################################################### diff --git a/helm/charts/mcp/crossplane-provider-gcp/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-gcp/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/.helmignore b/helm/charts/mcp/crossplane-provider-gcp/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml b/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml new file mode 100644 index 0000000..fda8814 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml @@ -0,0 +1,34 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-gcp +description: A Helm Chart to template GCP manifests for its crossplane provider. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-gcp/README.md b/helm/charts/mcp/crossplane-provider-gcp/README.md new file mode 100644 index 0000000..dd56c49 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/README.md @@ -0,0 +1,54 @@ + + +# crossplane-provider-gcp + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template GCP manifests for its crossplane provider. + +**Homepage:** + +## Source Code + +* +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults.serviceAccountKeys.deletionPolicy | string | `""` | | +| defaults.serviceAccountPolicys.deletionPolicy | string | `""` | | +| defaults.serviceAccounts.deletionPolicy | string | `""` | | +| serviceAccountKeys[0].annotations | list | `[]` | | +| serviceAccountKeys[0].labels | list | `[]` | | +| serviceAccountKeys[0].name | string | `""` | | +| serviceAccountKeys[0].ownerReferences | list | `[]` | | +| serviceAccountKeys[0].spec.deletionPolicy | string | `""` | | +| serviceAccountKeys[0].spec.forProvider | list | `[]` | | +| serviceAccountKeys[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| serviceAccountKeys[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| serviceAccountKeys[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| serviceAccountPolicys[0].annotations | list | `[]` | | +| serviceAccountPolicys[0].labels | list | `[]` | | +| serviceAccountPolicys[0].name | string | `""` | | +| serviceAccountPolicys[0].ownerReferences | list | `[]` | | +| serviceAccountPolicys[0].spec.deletionPolicy | string | `""` | | +| serviceAccountPolicys[0].spec.forProvider | list | `[]` | | +| serviceAccountPolicys[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| serviceAccountPolicys[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| serviceAccountPolicys[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| serviceAccounts[0].annotations | list | `[]` | | +| serviceAccounts[0].labels | list | `[]` | | +| serviceAccounts[0].name | string | `""` | | +| serviceAccounts[0].ownerReferences | list | `[]` | | +| serviceAccounts[0].spec.deletionPolicy | string | `""` | | +| serviceAccounts[0].spec.forProvider | list | `[]` | | +| serviceAccounts[0].spec.providerConfigRef | list | `[]` | ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. | +| serviceAccounts[0].spec.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| serviceAccounts[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-iam-gcp-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-iam-gcp-crossplane-io.yaml new file mode 100644 index 0000000..745ac25 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-iam-gcp-crossplane-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.serviceAccounts}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccount +metadata: + name: {{required "A valid value is required! (.Values.serviceAccounts[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.serviceAccounts.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.serviceAccounts[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.serviceAccounts[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-iam-gcp-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-iam-gcp-crossplane-io.yaml new file mode 100644 index 0000000..955f231 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-iam-gcp-crossplane-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.serviceAccountKeys}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccountKey +metadata: + name: {{required "A valid value is required! (.Values.serviceAccountKeys[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.serviceAccountKeys.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.serviceAccountKeys[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.serviceAccountKeys[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-policy-iam-gcp-crossplane-io.yaml b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-policy-iam-gcp-crossplane-io.yaml new file mode 100644 index 0000000..7e66f1d --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/templates/service-account-key-policy-iam-gcp-crossplane-io.yaml @@ -0,0 +1,37 @@ +{{- range $item := .Values.serviceAccountPolicys}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccountPolicy +metadata: + name: {{required "A valid value is required! (.Values.serviceAccountPolicys[].name)" $item.name | lower }} + {{- if $item.annotations}} + annotations: + {{- $item.annotations | toYaml | nindent 4 }} + {{- end }} + {{- if $item.labels}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- $item.labels | toYaml | nindent 4 }} + {{- end }} + {{- if $item.ownerReferences}} + ownerReferences: + {{- $item.ownerReferences | toYaml | nindent 4 }} + {{- end }} +spec: + deletionPolicy: {{ $item.spec.deletionPolicy | default $.Values.defaults.serviceAccountPolicys.deletionPolicy| quote }} + forProvider: + {{- required "A valid value is required! (.Values.serviceAccountPolicys[].spec.forProvider)" $item.spec.forProvider | toYaml | nindent 4 }} + providerConfigRef: + {{- required "A valid value is required! (.Values.serviceAccountPolicys[].spec.providerConfigRef)" $item.spec.providerConfigRef | toYaml | nindent 4 }} + {{- if $item.spec.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.spec.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $item.spec.writeConnectionSecretToRef}} + publishConnectionDetailsTo: + {{- $item.spec.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-gcp/values.ci.yaml b/helm/charts/mcp/crossplane-provider-gcp/values.ci.yaml new file mode 100644 index 0000000..6d4179c --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/values.ci.yaml @@ -0,0 +1,126 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +serviceAccounts: + - name: "serviceAccount-1" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + description: perfection + displayName: a beautiful service account + providerConfigRef: + name: gcp-provider + writeConnectionSecretToRef: + name: test-sakey + namespace: default + publishConnectionDetailsTo: + configRef: + name: vault + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + labels: + environment: development + team: backend + type: Opaque + name: demo-serviceaccount-key + - name: "serviceAccount-2" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + description: perfection 2 + displayName: a beautiful service account + providerConfigRef: + name: gcp-provider +serviceAccountPolicys: + - name: "serviceAccountPolicy-1" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + policy: + bindings: + - members: + - serviceAccount:PROJECT_ID.svc.id.goog[K8S_NAMESPACE/KSA_NAME] + role: roles/iam.workloadIdentityUser + serviceAccountRef: + name: perfect-test-sa + providerConfigRef: + name: gcp-provider + writeConnectionSecretToRef: + name: test-sakey + namespace: default + publishConnectionDetailsTo: + configRef: + name: vault + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + labels: + environment: development + team: backend + type: Opaque + name: demo-serviceaccount-key + - name: "serviceAccountPolicy-2" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + policy: + bindings: + - members: + - serviceAccount:PROJECT_ID.svc.id.goog[K8S_NAMESPACE/KSA_NAME] + role: roles/iam.workloadIdentityUser + serviceAccountRef: + name: perfect-test-sa + providerConfigRef: + name: gcp-provider +serviceAccountKeys: + - name: "serviceAccountKeys-1" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + serviceAccountRef: + name: perfect-test-sa + providerConfigRef: + name: gcp-provider + writeConnectionSecretToRef: + name: test-sakey + namespace: default + publishConnectionDetailsTo: + configRef: + name: vault + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + labels: + environment: development + team: backend + type: Opaque + name: demo-serviceaccount-key + - name: "serviceAccountKeys-2" + labels: {} + annotations: {} + ownerReferences: {} + spec: + deletionPolicy: "Delete" + forProvider: + serviceAccountRef: + name: perfect-test-sa + providerConfigRef: + name: gcp-provider +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-gcp/values.yaml b/helm/charts/mcp/crossplane-provider-gcp/values.yaml new file mode 100644 index 0000000..f3090bc --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-gcp/values.yaml @@ -0,0 +1,60 @@ +--- +######################################################################################################################## +# @default -- list +defaults: + serviceAccounts: + deletionPolicy: "" + serviceAccountPolicys: + deletionPolicy: "" + serviceAccountKeys: + deletionPolicy: "" +######################################################################################################################## +# @default -- list [serviceAccounts](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/iam.gcp.crossplane.io/ServiceAccount/v1alpha1) +serviceAccounts: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# @default -- list [serviceAccountPolicys](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/iam.gcp.crossplane.io/ServiceAccountPolicy/v1alpha1) +serviceAccountPolicys: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +# @default -- list [serviceAccountKeys](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/iam.gcp.crossplane.io/ServiceAccountKey/v1alpha1) +serviceAccountKeys: + - name: "" + labels: [] + annotations: [] + ownerReferences: [] + spec: + deletionPolicy: "" + forProvider: [] + # -- ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + providerConfigRef: [] + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-helm/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-helm/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-helm/.helmignore b/helm/charts/mcp/crossplane-provider-helm/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-helm/Chart.yaml b/helm/charts/mcp/crossplane-provider-helm/Chart.yaml new file mode 100644 index 0000000..651298a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/Chart.yaml @@ -0,0 +1,34 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-helm +description: A Helm Chart to template crossplane provider "helm" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.8 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.19.0" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://github.com/crossplane-contrib/provider-helm + - https://github.com/crossplane-contrib/provider-kubernetes/blob/main/docs/enhanced-provider-k8s.md +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-helm/README.md b/helm/charts/mcp/crossplane-provider-helm/README.md new file mode 100644 index 0000000..0ef0edc --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/README.md @@ -0,0 +1,35 @@ + + +# crossplane-provider-helm + +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.0](https://img.shields.io/badge/AppVersion-0.19.0-informational?style=flat-square) + +A Helm Chart to template crossplane provider "helm" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. + +**Homepage:** + +## Source Code + +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| helmReleases | object | object | helmReleases contains information and configuration of a [helm chart](https://helm.sh) to be managed by flux [Helm Controller](https://fluxcd.io/flux/components/helm/api/v2/). | +| helmReleases.helmRelease.chart | object | `{"name":"","repository":"","version":""}` | [ChartSpec](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) defines the chart spec for a Release | +| helmReleases.helmRelease.chart.name | string | `""` | [Name](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, required if ChartSpec.URL not set | +| helmReleases.helmRelease.chart.repository | string | `""` | [Repository](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go): Helm repository URL, required if ChartSpec.URL not set | +| helmReleases.helmRelease.chart.version | string | `""` | [Version](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, late initialized with latest version if not set | +| helmReleases.helmRelease.connectionDetails | list | `[{"apiVersion":"v1","fieldPath":"spec.clusterIP","kind":"Service","name":"wordpress-example","namespace":"wordpress","toConnectionSecretKey":"ip"}]` | [Crossplane connection details](https://docs.crossplane.io/v1.12/concepts/composition/#connection-details) and [FAQ](https://blog.crossplane.io/faq-2-claim-connection-details/) | +| helmReleases.helmRelease.helmCrossplaneProviderConfigRefName | string | `""` | defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.helmCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: | +| helmReleases.helmRelease.name | string | `""` | helm chart release name | +| helmReleases.helmRelease.namespace | string | `""` | [Namespace]() to install the release into. | +| helmReleases.helmRelease.setValues | list | `[{"name":"param1","value":"value2"}]` | define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | +| helmReleases.helmRelease.values | list | `[]` | define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | +| helmReleases.helmRelease.valuesFrom | list | `[{"configMapKeyRef":null,"key":"values.yaml","name":"default-vals","namespace":"wordpress","optional":false},{"key":"svalues.yaml","name":"svals","namespace":"wordpress","optional":false,"secretKeyRef":null}]` | define value overrides via k8s [downward api](https://kubernetes.io/docs/concepts/workloads/pods/downward-api/). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-helm/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-helm/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-helm/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-helm/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-helm/templates/helm-release.yaml b/helm/charts/mcp/crossplane-provider-helm/templates/helm-release.yaml new file mode 100644 index 0000000..5b20441 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/templates/helm-release.yaml @@ -0,0 +1,36 @@ +{{- range $key, $helmRelease := .Values.helmReleases }} + {{- if eq $key "helmRelease" }} + {{- else }} +--- +apiVersion: helm.crossplane.io/v1beta1 +kind: Release +metadata: + name: {{required "A valid value is required! (.Values.helmReleases[].helmCrossplaneProviderConfigRefName)" $helmRelease.helmCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.helmReleases[].name)" $helmRelease.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.helmReleases[].helmCrossplaneProviderConfigRefName)" $helmRelease.helmCrossplaneProviderConfigRefName }} + # rollbackLimit: 3 + forProvider: + chart: {{- toYaml $helmRelease.chart | nindent 6 }} + namespace: {{required "A valid value is required! (.Values.helmReleases[].namespace)" $helmRelease.namespace }} + # insecureSkipTLSVerify: true/false + # skipCreateNamespace: true/false + # wait: true/false + # skipCRDs: true/false + {{- if $helmRelease.values}} + values: {{- toYaml $helmRelease.values | nindent 6 }} + {{- end }} + {{- if $helmRelease.setValues }} + set: {{- toYaml $helmRelease.setValues | nindent 6 }} + {{- end }} + {{- if $helmRelease.valuesFrom }} + valuesFrom: {{- toYaml $helmRelease.valuesFrom | nindent 6 }} + {{- end }} + {{- if $helmRelease.connectionDetails}} + connectionDetails: {{- toYaml $helmRelease.connectionDetails | nindent 6 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-helm/values.ci.yaml b/helm/charts/mcp/crossplane-provider-helm/values.ci.yaml new file mode 100644 index 0000000..7240e36 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/values.ci.yaml @@ -0,0 +1,36 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +helmReleases: + helmReleaseTest: + name: "name" + helmCrossplaneProviderConfigRefName: "helmCrossplaneProviderConfigRefName" + chart: + name: "name" + repository: "repository" + version: "version" + namespace: "namespace" + values: {} + setValues: + - name: param1 + value: value2 + valuesFrom: + - configMapKeyRef: + key: values.yaml + name: default-vals + namespace: wordpress + optional: false + - secretKeyRef: + key: svalues.yaml + name: svals + namespace: wordpress + optional: false + connectionDetails: + - apiVersion: v1 + kind: Service + name: wordpress-example + namespace: wordpress + fieldPath: spec.clusterIP + toConnectionSecretKey: ip +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-helm/values.yaml b/helm/charts/mcp/crossplane-provider-helm/values.yaml new file mode 100644 index 0000000..e423049 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-helm/values.yaml @@ -0,0 +1,48 @@ +--- +######################################################################################################################## +# -- helmReleases contains information and configuration of a [helm chart](https://helm.sh) to be managed by flux [Helm Controller](https://fluxcd.io/flux/components/helm/api/v2/). +# @default -- object +helmReleases: + # @default -- object + helmRelease: + # -- helm chart release name + name: "" + # -- defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.helmCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: + helmCrossplaneProviderConfigRefName: "" + # -- [ChartSpec](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) defines the chart spec for a Release + chart: + # -- [Name](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, required if ChartSpec.URL not set + name: "" + # -- [Repository](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go): Helm repository URL, required if ChartSpec.URL not set + repository: "" + # -- [Version](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, late initialized with latest version if not set + version: "" + # -- [Namespace]() to install the release into. + namespace: "" + # -- define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). + values: [] + # -- define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). + setValues: + - name: param1 + value: value2 + # -- define value overrides via k8s [downward api](https://kubernetes.io/docs/concepts/workloads/pods/downward-api/). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). + valuesFrom: + - configMapKeyRef: + key: values.yaml + name: default-vals + namespace: wordpress + optional: false + - secretKeyRef: + key: svalues.yaml + name: svals + namespace: wordpress + optional: false + # -- [Crossplane connection details](https://docs.crossplane.io/v1.12/concepts/composition/#connection-details) and [FAQ](https://blog.crossplane.io/faq-2-claim-connection-details/) + connectionDetails: + - apiVersion: v1 + kind: Service + name: wordpress-example + namespace: wordpress + fieldPath: spec.clusterIP + toConnectionSecretKey: ip +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/.helmignore b/helm/charts/mcp/crossplane-provider-kubernetes/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml new file mode 100644 index 0000000..abf7ab8 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml @@ -0,0 +1,33 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-kubernetes +description: A Helm Chart to template crossplane provider "kubernetes" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.14.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://github.com/crossplane-contrib/provider-kubernetes +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/README.md b/helm/charts/mcp/crossplane-provider-kubernetes/README.md new file mode 100644 index 0000000..1e9cdbf --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/README.md @@ -0,0 +1,32 @@ + + +# crossplane-provider-kubernetes + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.1](https://img.shields.io/badge/AppVersion-0.14.1-informational?style=flat-square) + +A Helm Chart to template crossplane provider "kubernetes" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defaults.object.deletionPolicy | string | `""` | | +| kubernetesObjects | object | [] | kubernetesObjects contains information and configuration of k8s [manifest/resource](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/). Learn more with this [example](../../../../argo-cd-generator-config/remote-clusters-temp/template/template.aas-dt.shoot.canary.k8s-hana.ondemand.com.yaml.file). | +| kubernetesObjects.kubernetesObject.deletionPolicy | string | `""` | [DeletionPolicy](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes/kubernetes.crossplane.io/Object/v1alpha2@v0.11.4) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 | +| kubernetesObjects.kubernetesObject.kubernetesCrossplaneProviderConfigRefName | string | `""` | defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.kubernetesCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: | +| kubernetesObjects.kubernetesObject.managementPolicies | list | `[]` | THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md | +| kubernetesObjects.kubernetesObject.manifest | list | `[]` | defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). | +| kubernetesObjects.kubernetesObject.publishConnectionDetailsTo | list | `[]` | PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. | +| kubernetesObjects.kubernetesObject.readiness | list | `[]` | Readiness defines how the object's readiness condition should be computed, if not specified it will be considered ready as soon as the underlying external resource is considered up-to-date. | +| kubernetesObjects.kubernetesObject.references | list | `[]` | [references](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes/kubernetes.crossplane.io/Object/v1alpha2@v0.11.4#spec-references) | +| kubernetesObjects.kubernetesObject.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-kubernetes/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-kubernetes/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/templates/kubernetes.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/templates/kubernetes.yaml new file mode 100644 index 0000000..45f7365 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/templates/kubernetes.yaml @@ -0,0 +1,40 @@ +{{- range $key, $kubernetesObject := .Values.kubernetesObjects}} + {{- if eq $key "kubernetesObject" }} + {{- else }} +--- +apiVersion: kubernetes.crossplane.io/v1alpha1 +kind: Object +metadata: + name: {{required "A valid value is required! (.Values.kubernetesObjects[].kubernetesCrossplaneProviderConfigRefName)" $kubernetesObject.kubernetesCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.kubernetesObjects[].name)" $kubernetesObject.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + deletionPolicy: {{ $kubernetesObject.deletionPolicy | default $.Values.defaults.object.deletionPolicy| quote }} + providerConfigRef: + name: {{required "A valid value is required! (.Values.kubernetesObjects[].kubernetesCrossplaneProviderConfigRefName)" $kubernetesObject.kubernetesCrossplaneProviderConfigRefName}} + forProvider: + manifest: + {{- required "A valid value is required! (.Values.kubernetesObjects[].manifest)" $kubernetesObject.manifest | toYaml | nindent 6 }} + {{- if $kubernetesObject.references}} + references: + {{- $kubernetesObject.references | toYaml | nindent 4 }} + {{- end }} + {{- if $kubernetesObject.managementPolicies}} + managementPolicies: + {{- $kubernetesObject.managementPolicies | toYaml | nindent 4 }} + {{- end }} + {{- if $kubernetesObject.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $kubernetesObject.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- if $kubernetesObject.readiness}} + readiness: + {{- $kubernetesObject.readiness | toYaml | nindent 4 }} + {{- end }} + {{- if $kubernetesObject.publishConnectionDetailsTo}} + publishConnectionDetailsTo: + {{- $kubernetesObject.publishConnectionDetailsTo | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/values.ci.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/values.ci.yaml new file mode 100644 index 0000000..31d7243 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/values.ci.yaml @@ -0,0 +1,46 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +kubernetesObjects: + kubernetesObjectTest: + name: "kubernetes-objects" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + manifest: + # example [config map](https://kubernetes.io/docs/concepts/configuration/configmap/) + apiVersion: v1 + kind: ConfigMap + metadata: + name: game-demo + data: + player_initial_lives: "3" + ui_properties_file_name: "user-interface.properties" + game.properties: | + enemy.types=aliens,monsters + player.maximum-lives=5 + kubernetesObjectTest2: + name: "kubernetes-objects2" + kubernetesCrossplaneProviderConfigRefName: "kubernetesCrossplaneProviderConfigRefName" + deletionPolicy: Orphan + managementPolicies: ["Create", "Update", "Delete", "Observe", "LateInitialize"] + writeConnectionSecretToRef: + name: sample-access-key-secret + namespace: upbound-system + readiness: + policy: "" + publishConnectionDetailsTo: + name: sample-access-key-secret-2 + namespace: upbound-system + manifest: + # example [config map](https://kubernetes.io/docs/concepts/configuration/configmap/) + apiVersion: v1 + kind: ConfigMap + metadata: + name: game-demo + data: + player_initial_lives: "3" + ui_properties_file_name: "user-interface.properties" + game.properties: | + enemy.types=aliens,monsters + player.maximum-lives=5 +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/values.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/values.yaml new file mode 100644 index 0000000..93283ac --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-kubernetes/values.yaml @@ -0,0 +1,32 @@ +--- +######################################################################################################################## +# @default -- {} +defaults: + object: + deletionPolicy: "" +######################################################################################################################## +# -- kubernetesObjects contains information and configuration of k8s [manifest/resource](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/). Learn more with this [example](../../../../argo-cd-generator-config/remote-clusters-temp/template/template.aas-dt.shoot.canary.k8s-hana.ondemand.com.yaml.file). +# @default -- [] +kubernetesObjects: + # @default -- [] + kubernetesObject: + # kubernetesObjects[0].name -- kubernetes crossplane object metadata name on managed control plane. + name: "" + # -- defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.kubernetesCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: + kubernetesCrossplaneProviderConfigRefName: "" + # -- defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). + manifest: [] + # -- [references](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes/kubernetes.crossplane.io/Object/v1alpha2@v0.11.4#spec-references) + references: [] + # -- THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + managementPolicies: [] + # -- [DeletionPolicy](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes/kubernetes.crossplane.io/Object/v1alpha2@v0.11.4) specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + deletionPolicy: "" + # -- PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + publishConnectionDetailsTo: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] + # -- Readiness defines how the object's readiness condition should be computed, if not specified it will be considered ready as soon as the underlying external resource is considered up-to-date. + readiness: [] +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-pkgs/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-pkgs/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/.helmignore b/helm/charts/mcp/crossplane-provider-pkgs/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml b/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml new file mode 100644 index 0000000..53342bb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml @@ -0,0 +1,33 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-pkgs +description: A Helm Chart to template crossplane provider "kind Provider" manifests to install crossplane family providers. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.10 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://docs.upbound.io/providers/ + - https://docs.upbound.io/providers/provider-families/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-pkgs/README.md b/helm/charts/mcp/crossplane-provider-pkgs/README.md new file mode 100644 index 0000000..41ab97f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/README.md @@ -0,0 +1,58 @@ + + +# crossplane-provider-pkgs + +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane provider "kind Provider" manifests to install crossplane family providers. + +**Homepage:** + +## Source Code + +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| configurations | list | list | A [Configuration](https://docs.crossplane.io/latest/concepts/packages/) package is an [OCI container images](https://opencontainers.org/) containing a collection of [Compositions](https://docs.crossplane.io/latest/concepts/compositions/), [Composite Resource Definitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions/) and any required [Providers](https://docs.crossplane.io/latest/concepts/providers/) or [Functions](https://docs.crossplane.io/latest/concepts/compositions/). | +| configurations[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| configurations[0].spec | list | [] | [spec](https://docs.crossplane.io/latest/api/#Configuration-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). | +| deploymentRuntimeConfigs | list | list | The [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/api/) provides settings for the Kubernetes Deployment of a Provider or composition function package. Read the Crossplane documentation for [more information about DeploymentRuntimeConfigs](https://docs.crossplane.io/latest/concepts/providers/#runtime-configuration). | +| deploymentRuntimeConfigs[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| deploymentRuntimeConfigs[0].spec | list | [] | [spec/DeploymentRuntimeConfigSpec](https://docs.crossplane.io/latest/api/#DeploymentRuntimeConfig-spec) specifies the configuration for a packaged controller. Values provided will override package manager defaults. Labels and annotations are passed to both the controller Deployment and ServiceAccount. | +| functions[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| functions[0].spec | list | [] | [spec](https://docs.crossplane.io/latest/api/#Function-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). | +| imageConfigs | list | list | The [ImageConfig](https://docs.crossplane.io/latest/concepts/image-configs/) resource is used to configure settings for package images. | +| imageConfigs[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| imageConfigs[0].spec | object | [] | [spec/ImageConfigSpec](https://docs.crossplane.io/latest/api/#ImageConfig-spec) contains the configuration for matching images. | +| imageConfigs[0].spec.matchImages | list | [] | ImageMatch defines a rule for matching image. | +| imageConfigs[0].spec.matchImages[0].prefix | string | `""` | Prefix is the prefix that should be matched. (Default `Prefix``) | +| imageConfigs[0].spec.matchImages[0].type | string | `"Prefix"` | Type is the type of match. | +| imageConfigs[0].spec.registry | object | [] | Registry is the configuration for the registry. | +| imageConfigs[0].spec.registry.authentication | object | [] | Authentication is the authentication information for the registry. | +| imageConfigs[0].spec.registry.authentication.pullSecretRef | list | `[]` | PullSecretRef is a reference to a secret that contains the credentials for the registry. | +| imageConfigs[0].spec.verification | object | [] | Verification contains the configuration for verifying the image. | +| imageConfigs[0].spec.verification.cosign | object | [] | Cosign is the configuration for verifying the image using cosign. | +| imageConfigs[0].spec.verification.cosign.authorities | list | {} | Authority defines the rules for discovering and validating signatures. | +| imageConfigs[0].spec.verification.cosign.authorities[0].attestations | list | {} | Attestation defines the type of attestation to validate and optionally apply a policy decision to it. Authority block is used to verify the specified attestation types, and if Policy is specified, then it’s applied only after the validation of the Attestation signature has been verified. | +| imageConfigs[0].spec.verification.cosign.authorities[0].attestations[0].name | string | `""` | Name of the attestation. | +| imageConfigs[0].spec.verification.cosign.authorities[0].key | object | [] | Key defines the type of key to validate the image. | +| imageConfigs[0].spec.verification.cosign.authorities[0].key.hashAlgorithm | string | `""` | HashAlgorithm always defaults to sha256 if the algorithm hasn’t been explicitly set | +| imageConfigs[0].spec.verification.cosign.authorities[0].key.secretRef | list | `[]` | SecretRef sets a reference to a secret with the key. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless | object | [] | Keyless sets the configuration to verify the authority against a Fulcio instance. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities | list | {} | Identity may contain the issuer and/or the subject found in the transparency log. Issuer/Subject uses a strict match, while IssuerRegExp and SubjectRegExp apply a regexp for matching. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].issuer | string | `""` | Issuer defines the issuer for this identity. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].issuerRegExp | string | `""` | IssuerRegExp specifies a regular expression to match the issuer for this identity. This has precedence over the Issuer field. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].subject | string | `""` | Subject defines the subject for this identity. | +| imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].subjectRegExp | string | `""` | SubjectRegExp specifies a regular expression to match the subject for this identity. This has precedence over the Subject field. | +| imageConfigs[0].spec.verification.cosign.authorities[0].name | string | {} | Name is the name for this authority. | +| providers | list | list | [providers](https://docs.crossplane.io/latest/concepts/providers/) contains information and configuration of k8s [manifest/resource](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/). Learn more with this [example](../../../../argo-cd-generator-config/remote-clusters-temp/template/template.aas-dt.shoot.canary.k8s-hana.ondemand.com.yaml.file). | +| providers[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| providers[0].spec | list | [] | [spec](https://docs.crossplane.io/latest/api/#Provider-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-pkgs/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-DeploymentRuntimeConfig.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-DeploymentRuntimeConfig.yaml new file mode 100644 index 0000000..4bf74bf --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-DeploymentRuntimeConfig.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.deploymentRuntimeConfigs}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1beta1 +kind: DeploymentRuntimeConfig +metadata: + name: {{required "A valid value is required! (.Values.deploymentRuntimeConfigs[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.deploymentRuntimeConfigs[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-configuration.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-configuration.yaml new file mode 100644 index 0000000..3257319 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-configuration.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.configurations}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1 +kind: Configuration +metadata: + name: {{required "A valid value is required! (.Values.configurations[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.configurations[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-functions.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-functions.yaml new file mode 100644 index 0000000..030da7a --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-functions.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.functions}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1beta1 +kind: Function +metadata: + name: {{required "A valid value is required! (.Values.functions[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.functions[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-image-config.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-image-config.yaml new file mode 100644 index 0000000..995b27b --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-image-config.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.imageConfigs}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1alpha1 +kind: ImageConfig +metadata: + name: {{required "A valid value is required! (.Values.imageConfigs[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.imageConfigs[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-provider.yaml b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-provider.yaml new file mode 100644 index 0000000..3e70f94 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/templates/pkg-crossplane-provider.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.providers}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + name: {{required "A valid value is required! (.Values.providers[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.providers[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-pkgs/values.ci.yaml b/helm/charts/mcp/crossplane-provider-pkgs/values.ci.yaml new file mode 100644 index 0000000..fa96b10 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/values.ci.yaml @@ -0,0 +1,83 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +providers: + - name: "gcp" + spec: + package: crossplane/provider-gcp:alpha + - name: "azure" + spec: + ignoreCrossplaneConstraints: false + package: crossplane/provider-azure:v0.19.0 + packagePullPolicy: IfNotPresent + revisionActivationPolicy: Automatic + revisionHistoryLimit: 0 + skipDependencyResolution: false + - name: "aws" + spec: + package: xpkg.upbound.io/upbound/provider-aws:v0.27.0 + - name: "community-aws" + spec: + package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.40.0 +######################################################################################################################## +functions: + - name: "function-patch-and-transform" + spec: + package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.1.4 +######################################################################################################################## +configurations: + - name: "platform-ref-aws" + spec: + package: xpkg.upbound.io/upbound/platform-ref-aws:v0.6.0 +######################################################################################################################## +deploymentRuntimeConfigs: + - name: "mount-templates" + spec: + deploymentTemplate: + spec: + selector: {} + template: + spec: + containers: + - name: package-runtime + volumeMounts: + - mountPath: /templates + name: templates + readOnly: true + volumes: + - name: templates + configMap: + name: templates +######################################################################################################################## +imageConfigs: + - name: "acme-packages" + spec: + matchImages: + - type: Prefix + prefix: registry1.com/acme-co/ + registry: + authentication: + pullSecretRef: + name: acme-registry-credentials + - name: "verify-acme-packages" + spec: + matchImages: + - type: Prefix + prefix: registry1.com/acme-co/configuration-foo + - type: Prefix + prefix: registry1.com/acme-co/configuration-bar + verification: + provider: Cosign + cosign: + authorities: + - name: verify acme packages + keyless: + url: https://fulcio.sigstore.dev + identities: + - issuer: https://token.actions.githubusercontent.com + subjectRegExp: https://github.com/acme-co/crossplane-packages/* + attestations: + - name: verify attestations + predicateType: spdxjson +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-pkgs/values.yaml b/helm/charts/mcp/crossplane-provider-pkgs/values.yaml new file mode 100644 index 0000000..b198d05 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-pkgs/values.yaml @@ -0,0 +1,104 @@ +--- +######################################################################################################################## +# -- [providers](https://docs.crossplane.io/latest/concepts/providers/) contains information and configuration of k8s [manifest/resource](https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/). Learn more with this [example](../../../../argo-cd-generator-config/remote-clusters-temp/template/template.aas-dt.shoot.canary.k8s-hana.ondemand.com.yaml.file). +# @default -- list +providers: + # providers[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec](https://docs.crossplane.io/latest/api/#Provider-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). + # @default -- [] + spec: [] +######################################################################################################################## +# -- +# @default -- list +functions: + # functions[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec](https://docs.crossplane.io/latest/api/#Function-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). + # @default -- [] + spec: [] +######################################################################################################################## +# -- A [Configuration](https://docs.crossplane.io/latest/concepts/packages/) package is an [OCI container images](https://opencontainers.org/) containing a collection of [Compositions](https://docs.crossplane.io/latest/concepts/compositions/), [Composite Resource Definitions](https://docs.crossplane.io/latest/concepts/composite-resource-definitions/) and any required [Providers](https://docs.crossplane.io/latest/concepts/providers/) or [Functions](https://docs.crossplane.io/latest/concepts/compositions/). +# @default -- list +configurations: + # configurations[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec](https://docs.crossplane.io/latest/api/#Configuration-spec) defines plain kubernetes [manifest](https://monokle.io/learn/kubernetes-manifest-files-explained). + # @default -- [] + spec: [] +######################################################################################################################## +# -- The [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/api/) provides settings for the Kubernetes Deployment of a Provider or composition function package. +# Read the Crossplane documentation for [more information about DeploymentRuntimeConfigs](https://docs.crossplane.io/latest/concepts/providers/#runtime-configuration). +# @default -- list +deploymentRuntimeConfigs: + # deploymentRuntimeConfigs[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec/DeploymentRuntimeConfigSpec](https://docs.crossplane.io/latest/api/#DeploymentRuntimeConfig-spec) specifies the configuration for a packaged controller. Values provided will override package manager defaults. Labels and annotations are passed to both the controller Deployment and ServiceAccount. + # @default -- [] + spec: [] +######################################################################################################################## +# -- The [ImageConfig](https://docs.crossplane.io/latest/concepts/image-configs/) resource is used to configure settings for package images. +# @default -- list +imageConfigs: + # imageConfigs[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- [spec/ImageConfigSpec](https://docs.crossplane.io/latest/api/#ImageConfig-spec) contains the configuration for matching images. + # @default -- [] + spec: + # -- ImageMatch defines a rule for matching image. + # @default -- [] + matchImages: + # imageConfigs[0].spec.matchImages[0].type -- Type is the type of match. + - type: Prefix + # -- Prefix is the prefix that should be matched. (Default `Prefix``) + prefix: "" + # -- Registry is the configuration for the registry. + # @default -- [] + registry: + # -- Authentication is the authentication information for the registry. + # @default -- [] + authentication: + # -- PullSecretRef is a reference to a secret that contains the credentials for the registry. + pullSecretRef: [] + # -- Verification contains the configuration for verifying the image. + # @default -- [] + verification: + provider: "" + # -- Cosign is the configuration for verifying the image using cosign. + # @default -- [] + cosign: + # -- Authority defines the rules for discovering and validating signatures. + # @default -- {} + authorities: + # imageConfigs[0].spec.verification.cosign.authorities[0].name -- Name is the name for this authority. + # @default -- {} + - name: "" + # -- Key defines the type of key to validate the image. + # @default -- [] + key: + # -- HashAlgorithm always defaults to sha256 if the algorithm hasn’t been explicitly set + hashAlgorithm: "" + # -- SecretRef sets a reference to a secret with the key. + secretRef: [] + # -- Keyless sets the configuration to verify the authority against a Fulcio instance. + # @default -- [] + keyless: + # -- Identity may contain the issuer and/or the subject found in the transparency log. Issuer/Subject uses a strict match, while IssuerRegExp and SubjectRegExp apply a regexp for matching. + # @default -- {} + identities: + # imageConfigs[0].spec.verification.cosign.authorities[0].keyless.identities[0].issuer -- Issuer defines the issuer for this identity. + - issuer: "" + # -- IssuerRegExp specifies a regular expression to match the issuer for this identity. This has precedence over the Issuer field. + issuerRegExp: "" + # -- SubjectRegExp specifies a regular expression to match the subject for this identity. This has precedence over the Subject field. + subjectRegExp: "" + # -- Subject defines the subject for this identity. + subject: "" + # -- Attestation defines the type of attestation to validate and optionally apply a policy decision to it. Authority block is used to verify the specified attestation types, and if Policy is specified, then it’s applied only after the validation of the Attestation signature has been verified. + # @default -- {} + attestations: + # imageConfigs[0].spec.verification.cosign.authorities[0].attestations[0].name -- Name of the attestation. + - name: "" + # PredicateType defines which predicate type to verify. Matches cosign verify-attestation options. + predicateType: +######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/.ci.config.yaml new file mode 100644 index 0000000..8b50235 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/.ci.config.yaml @@ -0,0 +1,19 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/.helmignore b/helm/charts/mcp/crossplane-provider-sap-btp-account/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml new file mode 100644 index 0000000..52d3277 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: v2 +name: crossplane-provider-sap-btp-account +description: A Helm chart to template crossplane manifests to manage SAP BTP resources. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.6 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" +home: "https://pages.github.tools.sap/cloud-orchestration/docs/category/sap-cloud-services" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md new file mode 100644 index 0000000..8d554a9 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md @@ -0,0 +1,61 @@ + + +# crossplane-provider-sap-btp-account + +![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +A Helm chart to template crossplane manifests to manage SAP BTP resources. + +**Homepage:** + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| accounts | list | {} | accounts contains information and configuration about a specifig [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account). :exclamation::exclamation: Managing BTP Global Accounts is [NOT possible](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts#use-existing-global-account) at the moment :exclamation::exclamation: | +| accounts[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","subAccounts":[{"entitlements":[{"amount":0,"name":"","permitNumericQuota":false,"serviceName":"","servicePlanName":""}],"forProvider":{"betaEnabled":null,"description":"","displayName":"","region":"","subaccountAdmins":["your.name@sap.com"],"subdomain":"","usedForProduction":"NOT_USED_FOR_PRODUCTION"},"metadata":{"annotations":{"CloudManagement":{"crossplane.io/external-name":"..."},"ServiceManager":{"crossplane.io/external-name":"..."}}},"name":"","services":{"cloudManagement":false,"serviceManager":false},"subscriptions":[{"appName":"","name":"","planName":"","writeConnectionSecretToRef":{"name":"","namespace":""}}]}]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| accounts[0].subAccounts | list | {} | subAccounts contains information and configuration about [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | +| accounts[0].subAccounts[0].entitlements | list | {} | entitlements defines [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about managing BTP Entitlement with crossplane [here](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements). | +| accounts[0].subAccounts[0].entitlements[0].amount | int | `0` | Used when permitNumericQuota=true. Only set amount for multitenant applications and services that do not permit a numeric quota assignment! | +| accounts[0].subAccounts[0].entitlements[0].permitNumericQuota | bool | `false` | Setting a amount/quota is not supported by multitenant applications and by services that do not permit a numeric quota assignment. | +| accounts[0].subAccounts[0].entitlements[0].servicePlanName | string | `""` | servicePlanName defines Service Plan Name of this [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas). | +| accounts[0].subAccounts[0].forProvider | object | [] | SubaccountParameters are the configurable fields of a Subaccount. [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccount/v1alpha1?path=spec-forProvider) | +| accounts[0].subAccounts[0].forProvider.betaEnabled | string | `nil` | enable beta services and applications? | +| accounts[0].subAccounts[0].forProvider.description | string | `""` | description defines the description of the [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | +| accounts[0].subAccounts[0].forProvider.displayName | string | `""` | defines the display name of the [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | +| accounts[0].subAccounts[0].forProvider.region | string | `""` | [region](https://help.sap.com/docs/btp/sap-business-technology-platform/regions) contains the assigned region of this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted. Value without "cf-" prefix! e.g. "eu10-canary" | +| accounts[0].subAccounts[0].forProvider.subaccountAdmins | list | `["your.name@sap.com"]` | subaccountAdmins defines a list of Users (identified via Email Adress) with Admin Permission to this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about [BTP User and Member Management](https://help.sap.com/docs/btp/sap-business-technology-platform/user-and-member-management?locale=en-US). | +| accounts[0].subAccounts[0].forProvider.subdomain | string | `""` | This value must be unique across all BTP subaccounts | +| accounts[0].subAccounts[0].forProvider.usedForProduction | string | `"NOT_USED_FOR_PRODUCTION"` | Available options: NOT_USED_FOR_PRODUCTION, USED_FOR_PRODUCTION, UNSET | +| accounts[0].subAccounts[0].metadata | object | [] | *optional* adding custom k8s metadata to manifests | +| accounts[0].subAccounts[0].metadata.annotations | object | [] | *optional* adding custom k8s [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | +| accounts[0].subAccounts[0].services | object | [] | contains special [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services) (e.g. BTP Service Manager) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | +| accounts[0].subAccounts[0].services.cloudManagement | bool | `false` | Enable/Disable (true/false) BTP Cloud Management Service. | +| accounts[0].subAccounts[0].services.serviceManager | bool | `false` | Enable/Disable (true/false) BTP Service Manager Subscription. Please make sure the P/I/D users, used in the Secrets referenced in the `ProviderConfig` are part of your Subaccount's `subaccountAdmins``. Note: updating subaccountAdmins on an existing Subaccount is not yet supported by the provider. We are aware of this issue (see [feature request](https://github.tools.sap/cloud-orchestration/crossplane-provider-btp-account/issues/284)). | +| accounts[0].subAccounts[0].subscriptions | list | {} | Define Subscriptions for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa) to subscribe to [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services). | +| accounts[0].subAccounts[0].subscriptions[0].appName | string | `""` | AppName of the app to subscribe to | +| accounts[0].subAccounts[0].subscriptions[0].name | string | `""` | Name of the Subscription resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subscription/v1alpha1). | +| accounts[0].subAccounts[0].subscriptions[0].planName | string | `""` | PlanName to subscribe to | +| accounts[0].subAccounts[0].subscriptions[0].writeConnectionSecretToRef | object | [] | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| directories | list | object | `directories[].` orchestrate [`kind: Directory`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| directories[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| directories[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory) CRD | +| directories[0].name | string | - | Name of the Directory resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory). | +| directories[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| directoryEntitlements | list | object | `directoryEntitlements[].` orchestrate [`kind: DirectoryEntitlement`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| directoryEntitlements[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| directoryEntitlements[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1) CRD | +| directoryEntitlements[0].name | string | - | Name of the DirectoryEntitlement resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1?path=metadata). | +| directoryEntitlements[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| subaccountServiceBrokers | list | object | `subaccountServiceBrokers[].` orchestrate [`kind: SubaccountServiceBroker`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). | +| subaccountServiceBrokers[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| subaccountServiceBrokers[0].forProvider | list | `[]` | [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/) CRD | +| subaccountServiceBrokers[0].name | string | - | Name of the SubaccountServiceBroker resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/). | +| subaccountServiceBrokers[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/_helpers.tpl b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/_helpers.tpl new file mode 100644 index 0000000..e8fbe73 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/_helpers.tpl @@ -0,0 +1,83 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "CloudManagement.annotations" -}} +{{- if hasKey . "metadata" -}} +{{- if hasKey .metadata "annotations" -}} +{{- if hasKey .metadata.annotations "CloudManagement" -}} +{{- printf "annotations:" | nindent 2 }} +{{- .metadata.annotations.CloudManagement | toYaml | nindent 4 -}} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- define "ServiceManager.annotations" -}} +{{- if hasKey . "metadata" -}} +{{- if hasKey .metadata "annotations" -}} +{{- if hasKey .metadata.annotations "ServiceManager" -}} +{{- printf "annotations:" | nindent 2 }} +{{- .metadata.annotations.CloudManagement | toYaml | nindent 4 -}} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "cloud-orchestration.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloud-orchestration.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloud-orchestration.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cloud-orchestration.labels" -}} +helm.sh/chart: {{ include "cloud-orchestration.chart" . }} +{{ include "cloud-orchestration.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cloud-orchestration.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cloud-orchestration.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cloud-orchestration.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cloud-orchestration.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-accounts/sub-accounts.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-accounts/sub-accounts.yaml new file mode 100644 index 0000000..1e68fa8 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-accounts/sub-accounts.yaml @@ -0,0 +1,19 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts}} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: Subaccount +metadata: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + forProvider: + {{- required "A valid value is required! (.Values.accounts[].subAccounts[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/cloud-management.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/cloud-management.yaml new file mode 100644 index 0000000..4ce3761 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/cloud-management.yaml @@ -0,0 +1,36 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts}} + {{- if and ($item) (ne $item.name "") }} + {{- if hasKey $item "services" }} + {{- if hasKey $item.services "cloudManagement" }} + {{- if $item.services.cloudManagement}} + {{- if and (hasKey $item.services "serviceManager") (eq $item.services.serviceManager true) }} + {{- else }} + {{- fail "You need to enable BTP Service Manager for this BTP Sub-Account to be able to orchestrate BTP Subscriptions! (.Values.accounts[].subAccounts[].services.serviceManager = true)"}} + {{- end }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: CloudManagement +metadata: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- template "CloudManagement.annotations" $item }} +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName }} + forProvider: + serviceManagerRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + subaccountRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + writeConnectionSecretToRef: + name: cis-{{required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + namespace: default + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/entitlements.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/entitlements.yaml new file mode 100644 index 0000000..4210173 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/entitlements.yaml @@ -0,0 +1,31 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts }} + {{- if and ($item) (ne $item.name "") }} + {{- range $entitlement := $item.entitlements }} + {{- if and ($entitlement) (ne $entitlement.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: Entitlement +metadata: + name: {{ required "A valid value is required! (.Values.accounts[].subAccounts[].entitlements[].name)" $entitlement.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + forProvider: + serviceName: {{required "A valid value is required! (.Values.accounts[].subAccounts[].entitlements[].serviceName)" $entitlement.serviceName}} + servicePlanName: {{required "A valid value is required! (.Values.accounts[].subAccounts[].entitlements[].servicePlanName)" $entitlement.servicePlanName}} + {{- if $entitlement.permitNumericQuota}} + amount: {{required "A valid value is required! (.Values.accounts[].subAccounts[].entitlements[].amount)" $entitlement.amount}} + {{- else}} + enable: {{default $entitlement.enable true}} + {{- end }} + subaccountRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/servicemanager.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/servicemanager.yaml new file mode 100644 index 0000000..fe34a23 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/servicemanager.yaml @@ -0,0 +1,32 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts}} + {{- if and ($item) (ne $item.name "") }} + {{- if hasKey $item "services" }} + {{- if hasKey $item.services "serviceManager" }} + {{- if $item.services.serviceManager}} +--- +apiVersion: account.btp.sap.crossplane.io/v1beta1 +kind: ServiceManager +metadata: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- template "ServiceManager.annotations" $item }} +spec: + writeConnectionSecretToRef: + # !!! TODO: Make this configurable !!! + name: btp-service-manager-{{required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName}}-{{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + # !!! TODO: Make this configurable !!! + namespace: default + forProvider: + subaccountRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + providerConfigRef: + name: {{ required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/subscription.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/subscription.yaml new file mode 100644 index 0000000..47d08a0 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/btp-subscriptions/subscription.yaml @@ -0,0 +1,34 @@ +{{- range $account := .Values.accounts}} + {{- range $item := $account.subAccounts}} + {{- if and ($item) (ne $item.name "") }} + {{- if hasKey $item "subscriptions" }} + {{- range $subscription := $item.subscriptions}} + {{- if and ($item.services) (hasKey $item.services "cloudManagement") ($item.services.cloudManagement) }} + {{- else }} + {{- fail "You need to enable BTP Cloud Management Service for this BTP Sub-Account to be able to orchestrate BTP Subscriptions! (.Values.accounts[].subAccounts[].services.cloudManagement = true)"}} + {{- end }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: Subscription +metadata: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }}-{{required "A valid value is required! (.Values.accounts[].subAccounts[].subscriptions[].name)" $subscription.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.accounts[].btpSapCrossplaneProviderConfigRefName)" $account.btpSapCrossplaneProviderConfigRefName }} + forProvider: + appName: {{required "A valid value is required! (.Values.accounts[].subAccounts[].subscriptions[].appName)" $subscription.appName }} + planName: {{required "A valid value is required! (.Values.accounts[].subAccounts[].subscriptions[].planName)" $subscription.planName }} + cloudManagementRef: + name: {{required "A valid value is required! (.Values.accounts[].subAccounts[].name)" $item.name | lower }} + {{- if $subscription.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $subscription.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory-entitlement.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory-entitlement.yaml new file mode 100644 index 0000000..d608511 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory-entitlement.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.directoryEntitlements }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: DirectoryEntitlement +metadata: + name: {{required "A valid value is required! (.Values.directoryEntitlements[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.directoryEntitlements[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.directoryEntitlements[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory.yaml new file mode 100644 index 0000000..a624653 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/directory.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.directories }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: Directory +metadata: + name: {{required "A valid value is required! (.Values.directories[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.directories[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.directories[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/subaccount-service-broker.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/subaccount-service-broker.yaml new file mode 100644 index 0000000..3d60d46 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/templates/mcp/subaccount-service-broker.yaml @@ -0,0 +1,21 @@ +{{- range $item := .Values.subaccountServiceBrokers }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: account.btp.sap.crossplane.io/v1alpha1 +kind: SubaccountServiceBroker +metadata: + name: {{required "A valid value is required! (.Values.subaccountServiceBrokers[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.subaccountServiceBrokers[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- required "A valid value is required! (.Values.subaccountServiceBrokers[].forProvider)" $item.forProvider | toYaml | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/values.ci.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.ci.yaml new file mode 100644 index 0000000..602e960 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.ci.yaml @@ -0,0 +1,147 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +subaccountServiceBrokers: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "subaccountServiceBrokers" + forProvider: + description: "This is a description of the provider." + name: "example-name" + passwordSecretRef: + key: "password-key" + name: "secret-name" + namespace: "default" + subaccountId: "subaccount-12345" + subaccountRef: + name: "subaccount-ref-name" + policy: + resolution: "Required" + resolve: "Always" + subaccountSelector: + matchControllerRef: true + matchLabels: + app: "example-app" + environment: "production" + policy: + resolution: "Optional" + resolve: "IfNotPresent" + url: "https://example.com" + username: "example-username" +# ######################################################################################################################## +directories: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "directories" + forProvider: + description: "description" + directoryAdmins: + - "admin1" + - "admin2" + directoryFeatures: + - "feat1" + directoryGuid: "guid" + directoryRef: # object + name: "refName" + policy: # object + resolution: "Required" # string: Required, Optional + resolve: "Always" # string: Always, IfNotPresent + directorySelector: # object + matchControllerRef: true # boolean + policy: # object + resolution: "Required" # string: Required, Optional + resolve: "Always" # string: Always, IfNotPresent + displayName: "name to be displayed :)" # string (required) + subdomain: "subdomain123" +# ######################################################################################################################## +directoryEntitlements: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "directoryEntitlement" + forProvider: + amount: "123" + autoAssign: true + autoDistributeAmount: "123" + directoryId: "directoryId" + directoryRef: + name: "name" + policy: + resolution: "resolution" + resolve: "resolve" + directorySelector: + matchControllerRef: false + policy: + resolution: "resolution" + resolve: "Always" + distribute: true + planName: "planName" + serviceName: "serviceName" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" +######################################################################################################################## +accounts: + - btpSapCrossplaneProviderConfigRefName: "btp-sap-crossplane-cloud-provider-config-ref-name" + subAccounts: + - name: "test1" + forProvider: + displayName: "sub-account1" + description: "description" + subdomain: "subdomain" + betaEnabled: false + usedForProduction: "NOT_USED_FOR_PRODUCTION" + region: "region" + subaccountAdmins: + - your.name@sap.com + - name: "test2" + metadata: + annotations: + CloudManagement: + "crossplane.io/external-name": "e01c61b5-18dc-40d7-bba9-fd8eaaa859c8/5c9d74c7-3784-4bff-8172-ec99285f8009" + ServiceManager: + "crossplane.io/external-name": "e01c61b5-18dc-40d7-bba9-fd8eaaa859c8/5c9d74c7-3784-4bff-8172-ec99285f8009" + forProvider: + displayName: "sub-account1" + description: "description" + subdomain: "subdomain" + betaEnabled: false + usedForProduction: "NOT_USED_FOR_PRODUCTION" + region: "region" + subaccountAdmins: + - your.name@sap.com + services: + serviceManager: true + cloudManagement: true + entitlements: + - name: "entitlement-1" + serviceName: "service-name" + servicePlanName: "service-plan-name" + permitNumericQuota: false + amount: 1 + subscriptions: + - name: "name" + appName: "appName" + planName: "planName" + writeConnectionSecretToRef: + name: "name" + namespace: "namespace" + - name: "test3" + forProvider: + displayName: "sub-account2" + description: "description" + betaEnabled: true + usedForProduction: "USED_FOR_PRODUCTION" + subdomain: "subdomain" + region: "region" + subaccountAdmins: + - your.name@sap.com + entitlements: + - name: "entitlement-2" + serviceName: "service-name" + servicePlanName: "service-plan-name" + permitNumericQuota: true + amount: 1 + - name: "cis-some-name.local" + serviceName: "cis_some_name" + servicePlanName: "service-plan-name" + permitNumericQuota: false + amount: 1 +######################################################################################################### \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml new file mode 100644 index 0000000..fd75370 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml @@ -0,0 +1,125 @@ +--- +######################################################################################################### +# -- accounts contains information and configuration about a specifig [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account). :exclamation::exclamation: Managing BTP Global Accounts is [NOT possible](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts#use-existing-global-account) at the moment :exclamation::exclamation: +# @default -- {} +accounts: + # btp.accounts[0].id -- id contains technical identifier of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account). + # @default -- {} + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # -------------------------------------------------------------------------------------------------------------------------# + # -- subAccounts contains information and configuration about [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + # @default -- {} + subAccounts: + # btp.accounts[0].subAccounts[0].name -- defines k8s `metadata.name` value of `kind: Subaccount` + - name: "" + # -- *optional* adding custom k8s metadata to manifests + # @default -- [] + metadata: + # -- *optional* adding custom k8s [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + # @default -- [] + annotations: + CloudManagement: + "crossplane.io/external-name": "..." + ServiceManager: + "crossplane.io/external-name": "..." + # -- SubaccountParameters are the configurable fields of a Subaccount. [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccount/v1alpha1?path=spec-forProvider) + # @default -- [] + forProvider: + # -- defines the display name of the [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + displayName: "" + # -- description defines the description of the [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + description: "" + # -- enable beta services and applications? + betaEnabled: + # -- [region](https://help.sap.com/docs/btp/sap-business-technology-platform/regions) contains the assigned region of this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted. Value without "cf-" prefix! e.g. "eu10-canary" + region: "" + # -- This value must be unique across all BTP subaccounts + subdomain: "" + # -- Available options: NOT_USED_FOR_PRODUCTION, USED_FOR_PRODUCTION, UNSET + usedForProduction: "NOT_USED_FOR_PRODUCTION" + # -- subaccountAdmins defines a list of Users (identified via Email Adress) with Admin Permission to this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about [BTP User and Member Management](https://help.sap.com/docs/btp/sap-business-technology-platform/user-and-member-management?locale=en-US). + subaccountAdmins: + - your.name@sap.com + # -- Define Subscriptions for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa) to subscribe to [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services). + # @default -- {} + subscriptions: + # accounts[0].subAccounts[0].subscriptions[0].name -- Name of the Subscription resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subscription/v1alpha1). + - name: "" + # -- AppName of the app to subscribe to + appName: "" + # -- PlanName to subscribe to + planName: "" + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + # @default -- [] + writeConnectionSecretToRef: + name: "" + namespace: "" + # -- contains special [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services) (e.g. BTP Service Manager) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + # @default -- [] + services: + # -- Enable/Disable (true/false) BTP Service Manager Subscription. + # Please make sure the P/I/D users, used in the Secrets referenced in the `ProviderConfig` are part of your Subaccount's `subaccountAdmins``. + # Note: updating subaccountAdmins on an existing Subaccount is not yet supported by the provider. We are aware of this issue (see [feature request](https://github.tools.sap/cloud-orchestration/crossplane-provider-btp-account/issues/284)). + serviceManager: false + # -- Enable/Disable (true/false) BTP Cloud Management Service. + cloudManagement: false + # -- entitlements defines [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). + # Learn more about managing BTP Entitlement with crossplane [here](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements). + # @default -- {} + entitlements: + # btp.accounts[0].subAccounts[0].entitlements[0].name -- Name of the Entitlement resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.sap.crossplane.io/entitlement/v1alpha1). + # @default -- - + - name: "" + # serviceName defines the service name of [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas). + serviceName: "" + # -- servicePlanName defines Service Plan Name of this [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas). + servicePlanName: "" + # -- Setting a amount/quota is not supported by multitenant applications and by services that do not permit a numeric quota assignment. + permitNumericQuota: false + # -- Used when permitNumericQuota=true. Only set amount for multitenant applications and services that do not permit a numeric quota assignment! + amount: 0 +######################################################################################################################## +# -- `directoryEntitlements[].` orchestrate [`kind: DirectoryEntitlement`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +directoryEntitlements: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # directoryEntitlements[0].name -- Name of the DirectoryEntitlement resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1?path=metadata). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directoryentitlement/v1alpha1) CRD + forProvider: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################### +# -- `directories[].` orchestrate [`kind: Directory`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +directories: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # directories[0].name -- Name of the Directory resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/directory) CRD + forProvider: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################### +# -- `subaccountServiceBrokers[].` orchestrate [`kind: SubaccountServiceBroker`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/) of [BTP Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/category/account-management). +# @default -- object +subaccountServiceBrokers: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! + - btpSapCrossplaneProviderConfigRefName: "" + # subaccountServiceBrokers[0].name -- Name of the SubaccountServiceBroker resource - [CRD Browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/). + # @default -- - + name: "" + # -- [forProvider](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/account.btp.sap.crossplane.io/subaccountservicebroker/) CRD + forProvider: [] + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################### diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/.ci.config.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/.ci.config.yaml new file mode 100644 index 0000000..3a7fb0f --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/.helmignore b/helm/charts/mcp/crossplane-provider-sap-btp-environment/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml new file mode 100644 index 0000000..403640d --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml @@ -0,0 +1,34 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: crossplane-provider-sap-btp-environment +description: A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kyma environments on BTP. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.12 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/environment.btp.sap.crossplane.io/cloudfoundryenvironment/v1alpha1 + - https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp/environment.btp.sap.crossplane.io/kymaenvironment/v1alpha1 +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md new file mode 100644 index 0000000..6e870a7 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md @@ -0,0 +1,28 @@ + + +# crossplane-provider-sap-btp-environment + +![Version: 0.0.12](https://img.shields.io/badge/Version-0.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kyma environments on BTP. + +**Homepage:** + +## Source Code + +* +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cloudFoundryEnvironments | list | object | cloudFoundryEnvironments contains configuration of [cloudfoundry Environments](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/environment.btp.sap.crossplane.io/cloudfoundryenvironment/v1alpha1). | +| cloudFoundryEnvironments[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","cloudManagementRef":{"name":""},"forProvider":{"initialOrgManagers":["steffen.brunner@sap.com"],"landscape":""},"name":"","subaccountRef":{"name":""},"writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a ...! | +| cloudFoundryEnvironments[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | +| kymaEnvironments | list | `[{"btpSapCrossplaneProviderConfigRefName":"","cloudManagementRef":{"name":""},"forProvider":{"administrators":["...@sap.com"],"autoScalerMax":3,"autoScalerMin":3,"machineType":"m5.xlarge","oidc":{"clientID":"","groupsClaim":"groups","issuerURL":"https://.accounts400.ondemand.com","signingAlgs":["RS256"],"usernameClaim":"email","usernamePrefix":"-"},"parameters":null,"region":"eu-west-2"},"name":"","planName":"aws","subaccountRef":{"name":""},"writeConnectionSecretToRef":{"name":"demo-kyma-kubeconfig-local","namespace":"default"}}]` | https://pages.github.tools.sap/cloud-orchestration/docs/use-cases/workload_to_kyma | +| kymaEnvironments[0].writeConnectionSecretToRef | object | `{"name":"demo-kyma-kubeconfig-local","namespace":"default"}` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md.gotmpl b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/NOTES.txt b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/cloud-foundry-environment.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/cloud-foundry-environment.yaml new file mode 100644 index 0000000..91b9c30 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/cloud-foundry-environment.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.cloudFoundryEnvironments }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: environment.btp.sap.crossplane.io/v1alpha1 +kind: CloudFoundryEnvironment +metadata: + name: {{required "A valid value is required! (.Values.cloudFoundryEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.cloudFoundryEnvironments[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.cloudFoundryEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- toYaml $item.forProvider | nindent 4 }} + cloudManagementRef: + {{- toYaml $item.cloudManagementRef | nindent 4 }} + subaccountRef: + {{- toYaml $item.subaccountRef | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/kyma-environment.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/kyma-environment.yaml new file mode 100644 index 0000000..bc31950 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/templates/kyma-environment.yaml @@ -0,0 +1,25 @@ +{{- range $item := .Values.kymaEnvironments }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: environment.btp.sap.crossplane.io/v1alpha1 +kind: KymaEnvironment +metadata: + name: {{required "A valid value is required! (.Values.kymaEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName | lower }}-{{required "A valid value is required! (.Values.kymaEnvironments[].name)" $item.name | lower }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + providerConfigRef: + name: {{required "A valid value is required! (.Values.kymaEnvironments[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName }} + forProvider: + {{- toYaml $item.forProvider | nindent 4 }} + cloudManagementRef: + {{- toYaml $item.cloudManagementRef | nindent 4 }} + subaccountRef: + {{- toYaml $item.subaccountRef | nindent 4 }} + {{- if $item.writeConnectionSecretToRef}} + writeConnectionSecretToRef: + {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.ci.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.ci.yaml new file mode 100644 index 0000000..fd5f589 --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.ci.yaml @@ -0,0 +1,47 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +cloudFoundryEnvironments: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "name" + forProvider: + initialOrgManagers: + - "" + landscape: "landscape" + cloudManagementRef: + name: "cloudManagementRef" + subaccountRef: + name: "subaccountRef" + writeConnectionSecretToRef: + name: "demo-connection-details" + namespace: "default" +######################################################################################################################## +kymaEnvironments: + - btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName" + name: "name" + forProvider: + parameters: + administrators: + - "" + autoScalerMax: 3 + autoScalerMin: 3 + machineType: "m5.xlarge" + oidc: + clientID: "" #i.e. applicatonId + groupsClaim: "groups" #i.e. name of group + issuerURL: "https://.accounts400.ondemand.com" + signingAlgs: + - "RS256" + usernameClaim: "email" + usernamePrefix: "-" + region: "eu-west-2" + planName: "aws" + cloudManagementRef: + name: "cloudManagementRef" + subaccountRef: + name: "subaccountRef" + writeConnectionSecretToRef: + name: "demo-kyma-kubeconfig-local" + namespace: "default" +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml new file mode 100644 index 0000000..a0f6edf --- /dev/null +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml @@ -0,0 +1,50 @@ +--- +######################################################################################################################## +# -- cloudFoundryEnvironments contains configuration of [cloudfoundry Environments](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/environment.btp.sap.crossplane.io/cloudfoundryenvironment/v1alpha1). +# @default -- object +cloudFoundryEnvironments: + # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a ...! + - btpSapCrossplaneProviderConfigRefName: "" + name: "" + forProvider: + initialOrgManagers: + - "" + landscape: "" + cloudManagementRef: + name: "" + subaccountRef: + name: "" + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: [] +######################################################################################################################## +kymaEnvironments: + - btpSapCrossplaneProviderConfigRefName: "" + name: "" + forProvider: + parameters: + administrators: + - "...@sap.com" + autoScalerMax: 3 + autoScalerMin: 3 + machineType: "m5.xlarge" + oidc: + clientID: "" #i.e. applicatonId + groupsClaim: "groups" #i.e. name of group + issuerURL: "https://.accounts400.ondemand.com" + signingAlgs: + - "RS256" + usernameClaim: "email" + usernamePrefix: "-" + region: "eu-west-2" + planName: "aws" + cloudManagementRef: + name: "" + subaccountRef: + name: "" + # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. + # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! + writeConnectionSecretToRef: + name: "demo-kyma-kubeconfig-local" + namespace: "default" +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/.ci.config.yaml b/helm/charts/mcp/external-secrets-config/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/.helmignore b/helm/charts/mcp/external-secrets-config/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/external-secrets-config/Chart.yaml b/helm/charts/mcp/external-secrets-config/Chart.yaml new file mode 100644 index 0000000..d5cfbf6 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/Chart.yaml @@ -0,0 +1,32 @@ +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: external-secrets-config +description: A Helm Chart to template external-secrets.io manifests to sync credentials from remote vault (e.g. SAP HashiCorp Vault). +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://github.com/external-secrets/external-secrets/raw/main/assets/eso-logo-large.png" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.7 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.10.0" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://external-secrets.io +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/external-secrets-config/README.md b/helm/charts/mcp/external-secrets-config/README.md new file mode 100644 index 0000000..d3660a3 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/README.md @@ -0,0 +1,91 @@ + + +# external-secrets-config + +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.10.0](https://img.shields.io/badge/AppVersion-0.10.0-informational?style=flat-square) + +A Helm Chart to template external-secrets.io manifests to sync credentials from remote vault (e.g. SAP HashiCorp Vault). + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| clusterExternalSecret | list | {} | [ClusterExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the Schema for the external-secrets API. | +| clusterExternalSecret[0].externalSecretName | string | `""` | *(optional)* The name of the external secrets to be created defaults to the name of the ClusterExternalSecret | +| clusterExternalSecret[0].externalSecretSpec | object | [] | The [spec](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) for the ExternalSecrets to be created | +| clusterExternalSecret[0].externalSecretSpec.data | list | `[]` | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the connection between the Kubernetes Secret keys and the Provider data | +| clusterExternalSecret[0].externalSecretSpec.dataFrom | list | `[]` | *(optional)* [DataFrom](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef) is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order | +| clusterExternalSecret[0].externalSecretSpec.refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. | +| clusterExternalSecret[0].externalSecretSpec.secretStoreRef | optional | `[]` | - [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) defines which SecretStore to fetch the ExternalSecret data. | +| clusterExternalSecret[0].externalSecretSpec.target | list | `[]` | [ExternalSecretTarget](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. | +| clusterExternalSecret[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | +| clusterExternalSecret[0].namespaceSelectors | list | `[]` | *(optional)* [namespaceSelectors](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) defines a list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed. | +| clusterExternalSecret[0].refreshTime | string | `""` | [refreshTime](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the time in which the controller should reconcile its objects and recheck namespaces for labels. | +| clusterSecretStores[0].controller | string | `""` | *(optional)* Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property | +| clusterSecretStores[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ClusterSecretStore` | +| clusterSecretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. | +| clusterSecretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider | +| clusterSecretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. | +| clusterSecretStores[0].provider.vault.auth.appRole | object | [] | *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). | +| clusterSecretStores[0].provider.vault.auth.appRole.path | string | `"approle"` | [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” | +| clusterSecretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. | +| clusterSecretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| clusterSecretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| clusterSecretStores[0].provider.vault.namespace | string | `""` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. s4/ketos | +| clusterSecretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. | +| clusterSecretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.tools.sap/". | +| clusterSecretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. | +| credentials[0].data | list | `[]` | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | +| credentials[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | +| credentials[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| credentials[0].stringData | list | `[]` | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | +| defaults.externalSecret.secretStoreRef.kind | string | `"SecretStore"` | | +| defaults.namespace | string | `"default"` | default namespace value for optional `namespace` fields. | +| externalSecret | list | {} | [ExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the Schema for the external-secrets API. | +| externalSecret[0].creationPolicy | string | `""` | *(optional)* CreationPolicy defines rules on how to create the resulting Secret Defaults to ‘Owner’ | +| externalSecret[0].data | list | [] | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data | +| externalSecret[0].data[0].remoteRef | object | `{"key":"","property":""}` | [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch. | +| externalSecret[0].data[0].remoteRef.key | string | `""` | [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com/garden-ketos-co-sa-mcp-test" | +| externalSecret[0].data[0].remoteRef.property | string | `""` | *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig" | +| externalSecret[0].deletionPolicy | string | `""` | *(optional)* DeletionPolicy defines rules on how to delete the resulting Secret Defaults to ‘Retain’ | +| externalSecret[0].immutable | bool | `false` | *(optional)* Immutable defines if the final secret will be immutable | +| externalSecret[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | +| externalSecret[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | +| externalSecret[0].refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. | +| externalSecret[0].secretStore | object | `{"kind":"","name":""}` | [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data. | +| externalSecret[0].secretStore.kind | string | `""` | *(optional)* Kind of the SecretStore resource (`SecretStore` or `ClusterSecretStore`) Defaults to `.Values.defaults.externalSecret.secretStoreRef.kind` | +| externalSecret[0].secretStore.name | string | `""` | Name of the SecretStore resource | +| externalSecret[0].targetSecretName | string | `""` | [targetSecretName](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource | +| externalSecret[0].template | list | `[]` | *(optional)* [Template](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTemplate) defines a blueprint for the created Secret resource. | +| pushSecrets | list | {} | The [PushSecret](https://external-secrets.io/latest/api/pushsecret/) is namespaced and it describes what data should be pushed to the secret provider. - tells the operator what secrets should be pushed by using spec.selector. - you can specify what secret keys should be pushed by using spec.data. | +| pushSecrets[0].spec.data | list | `[]` | Secret Data that should be pushed to providers | +| pushSecrets[0].spec.deletionPolicy | string | `""` | *optional* The provider' secret will be deleted if the PushSecret is deleted. E.g. Delete | +| pushSecrets[0].spec.refreshInterval | string | `""` | Refresh interval for which push secret will reconcile. E.g. 1h | +| pushSecrets[0].spec.secretStoreRefs | object | `{}` | A list of secret stores to push secrets to. | +| pushSecrets[0].spec.selector | list | `[]` | The Secret Selector (k8s source) for the Push Secret | +| pushSecrets[0].spec.template | list | `[]` | *optional* Template defines a blueprint for the created Secret resource. | +| pushSecrets[0].spec.updatePolicy | string | `""` | *optional* Policy to overwrite existing secrets in the provider on sync. E.g. Replace | +| secretStores[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` | +| secretStores[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` | +| secretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. | +| secretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider | +| secretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. | +| secretStores[0].provider.vault.auth.appRole | object | [] | *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). | +| secretStores[0].provider.vault.auth.appRole.path | string | `"approle"` | [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” | +| secretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. | +| secretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| secretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| secretStores[0].provider.vault.namespace | string | `""` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. s4/ketos | +| secretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. | +| secretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.tools.sap/". | +| secretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/README.md.gotmpl b/helm/charts/mcp/external-secrets-config/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/external-secrets-config/templates/NOTES.txt b/helm/charts/mcp/external-secrets-config/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/external-secrets-config/templates/cluster-external-secret.yaml b/helm/charts/mcp/external-secrets-config/templates/cluster-external-secret.yaml new file mode 100644 index 0000000..3f4d6f7 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/cluster-external-secret.yaml @@ -0,0 +1,23 @@ +{{- range $item := .Values.clusterExternalSecret}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ClusterExternalSecret +metadata: + name: {{required "A valid value is required! (.Values.clusterSecretStores[].clusterExternalSecret[].name)" $item.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- if $item.externalSecretName}} + externalSecretName: {{ $item.externalSecretName | quote }} + {{- end }} + {{- if $item.namespaceSelectors}} + namespaceSelectors: + {{- $item.namespaceSelectors | toYaml | nindent 4 }} + {{- end }} + refreshTime: {{required "A valid value is required! (.Values.clusterSecretStores[].clusterExternalSecret[].refreshTime)" $item.refreshTime | quote}} + externalSecretSpec: + {{- required "A valid value is required! (.Values.clusterSecretStores[].clusterExternalSecret[].externalSecretSpec)" $item.externalSecretSpec | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/cluster-secret-store.yaml b/helm/charts/mcp/external-secrets-config/templates/cluster-secret-store.yaml new file mode 100644 index 0000000..4b3edf2 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/cluster-secret-store.yaml @@ -0,0 +1,18 @@ +{{- range $item := .Values.clusterSecretStores}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: {{required "A valid value is required! (.Values.clusterSecretStores[].name)" $item.name | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- if $item.controller}} + controller: {{ $item.controller | quote }} + {{- end }} + provider: + {{- required "A valid value is required! (.Values.clusterSecretStores[].provider)" $item.provider | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/external-secret.yaml b/helm/charts/mcp/external-secrets-config/templates/external-secret.yaml new file mode 100644 index 0000000..59acb25 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/external-secret.yaml @@ -0,0 +1,35 @@ +{{- range $externalSecret := .Values.externalSecret}} + {{- if and ($externalSecret) (ne $externalSecret.name "")}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{required "A valid value is required! (.Values.secretStore[].externalSecret[].name)" $externalSecret.name | lower | quote}} + namespace: {{ $externalSecret.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + refreshInterval: {{required "A valid value is required! (.Values.secretStore[].externalSecret[].refreshInterval)" $externalSecret.refreshInterval | quote}} + secretStoreRef: + name: {{required "A valid value is required! (.Values.secretStore.name)" $externalSecret.secretStore.name | quote}} + kind: {{ default $.Values.defaults.externalSecret.secretStoreRef.kind $externalSecret.secretStore.kind | quote }} + target: + name: {{required "A valid value is required! (.Values.secretStore[].externalSecret[].targetSecretName)" $externalSecret.targetSecretName | quote}} + {{- if $externalSecret.template }} + template: + {{- $externalSecret.template | toYaml | nindent 6 }} + {{- end }} + {{- if $externalSecret.creationPolicy }} + creationPolicy: {{ $externalSecret.creationPolicy | quote }} + {{- end }} + {{- if $externalSecret.deletionPolicy }} + deletionPolicy: {{ $externalSecret.deletionPolicy | quote }} + {{- end }} + {{- if $externalSecret.immutable }} + immutable: {{ $externalSecret.immutable }} + {{- end }} + data: + {{- required "A valid value is required! (.Values.secretStore[].externalSecret[].data)" $externalSecret.data | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/push-secret.yaml b/helm/charts/mcp/external-secrets-config/templates/push-secret.yaml new file mode 100644 index 0000000..4c5eb4a --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/push-secret.yaml @@ -0,0 +1,15 @@ +{{- range $item := .Values.pushSecrets}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: {{required "A valid value is required! (.Values.pushSecrets[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.pushSecrets[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/secret-store.yaml b/helm/charts/mcp/external-secrets-config/templates/secret-store.yaml new file mode 100644 index 0000000..77244d7 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/secret-store.yaml @@ -0,0 +1,16 @@ +{{- range $item := .Values.secretStores}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: {{required "A valid value is required! (.Values.secretStore[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + provider: + {{- required "A valid value is required! (.Values.secretStore[].provider)" $item.provider | toYaml | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/templates/secrets/generic-secret.yaml b/helm/charts/mcp/external-secrets-config/templates/secrets/generic-secret.yaml new file mode 100644 index 0000000..67453f5 --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/templates/secrets/generic-secret.yaml @@ -0,0 +1,24 @@ +{{- range $item := .Values.credentials}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{required "A valid value is required! (.Values.credentials[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.stringData}} +stringData: + {{- range $key, $value := $item.stringData }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if $item.data}} +data: + {{- toYaml $item.data | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/values.ci.yaml b/helm/charts/mcp/external-secrets-config/values.ci.yaml new file mode 100644 index 0000000..f6fb0ff --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/values.ci.yaml @@ -0,0 +1,157 @@ +--- +######################################################################################################################## +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +clusterSecretStores: + - name: "sap-hashicorp-vault-cluster-store" + controller: "controller" + provider: + vault: + server: "https://vault.tools.sap/" + namespace: "s4/ketos" + path: "k8s-clusters" + version: "v2" + auth: + appRole: + path: "approle" + roleId: "cf33bb15" + secretRef: + name: "sap-hashicorp-vault-token" + key: "token" +######################################################################################################################## +clusterExternalSecret: +- name: "garden-ketos-co-sa-mcp-test" + externalSecretName: "externalSecretName" + refreshTime: "1m" + namespaceSelectors: + - matchLabels: + cool: label + externalSecretSpec: + secretStoreRef: + name: secret-store-name + kind: SecretStore + refreshInterval: "1h" + target: + name: my-secret + creationPolicy: 'Merge' + template: + type: kubernetes.io/dockerconfigjson + metadata: + annotations: {} + labels: {} + data: + config.yml: | + endpoints: + - https://{{ .data.user }}:{{ .data.password }}@api.exmaple.com + templateFrom: + - configMap: + name: alertmanager + items: + - key: alertmanager.yaml + data: + - secretKey: secret-key-to-be-managed + remoteRef: + key: provider-key + version: provider-key-version + property: provider-key-property + dataFrom: + - key: provider-key + version: provider-key-version + property: provider-key-property +######################################################################################################################## +secretStores: +- name: "sap-hashicorp-vault" + namespace: "default" + provider: + vault: + server: "https://vault.tools.sap/" + namespace: "s4/ketos" + path: "k8s-clusters" + version: "v2" + auth: + appRole: + path: "approle" + roleId: "cf33bb15" + secretRef: + name: "sap-hashicorp-vault-token" + key: "token" +######################################################################################################################## +externalSecret: + - name: "garden-ketos-co-sa-mcp-test" + namespace: "default" + refreshInterval: "15m" + targetSecretName: garden-ketos-co-sa-mcp-test + secretStore: + name: "sap-hashicorp-vault" + data: + - secretKey: kubeconfig + remoteRef: + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/garden-ketos-co-sa-mcp-test" + property: kubeconfig + - name: "garden-ketos-co-sa-mcp-test-2" + namespace: "default" + refreshInterval: "15m" + targetSecretName: garden-ketos-co-sa-mcp-test-2 + secretStore: + name: "sap-hashicorp-vault" + data: + - secretKey: kubeconfig + remoteRef: + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/garden-ketos-co-sa-mcp-test" + property: kubeconfig + - name: "btp-account-ketos-kita-test" + namespace: "default" + refreshInterval: "15m" + targetSecretName: btp-account-ketos-kita-test + secretStore: + name: "sap-hashicorp-vault-cluster-store" + kind: "ClusterSecretStore" + data: + - secretKey: btp-cis-provider-credentials + remoteRef: + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/btp-accounts-ketos-kita-test" + property: btp-cis-provider-credentials + - secretKey: btp-service-account-provider-credentials + remoteRef: + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/btp-accounts-ketos-kita-test" + property: btp-service-account-provider-credentials +######################################################################################################################## +pushSecrets: + - name: "garden-ketos-co-sa-mcp-test" + namespace: "default" + spec: + updatePolicy: Replace # Policy to overwrite existing secrets in the provider on sync + deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted + refreshInterval: 1h # Refresh interval for which push secret will reconcile + secretStoreRefs: # A list of secret stores to push secrets to + - name: aws-parameterstore + kind: SecretStore + selector: + secret: + name: pokedex-credentials # Source Kubernetes secret to be pushed + # Alternatively, you can point to a generator that produces values to be pushed + generatorRef: + apiVersion: external-secrets.io/v1alpha1 + kind: ECRAuthorizationToken + name: prod-registry-credentials + template: + metadata: + annotations: { } + labels: { } + data: + best-pokemon: "{{ .best-pokemon | toString | upper }} is the really best!" + # Uses an existing template from configmap + # Secret is fetched, merged and templated within the referenced configMap data + # It does not update the configmap, it creates a secret with: data["alertmanager.yml"] = ...result... + templateFrom: + - configMap: + name: application-config-tmpl + items: + - key: config.yml + data: + - conversionStrategy: None # Also supports the ReverseUnicode strategy + match: + secretKey: best-pokemon # Source Kubernetes secret key to be pushed + remoteRef: + remoteKey: my-first-parameter # Remote reference (where the secret +######################################################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/external-secrets-config/values.yaml b/helm/charts/mcp/external-secrets-config/values.yaml new file mode 100644 index 0000000..100b9bd --- /dev/null +++ b/helm/charts/mcp/external-secrets-config/values.yaml @@ -0,0 +1,184 @@ +--- +# @default -- - +defaults: + # -- default namespace value for optional `namespace` fields. + namespace: "default" + externalSecret: + secretStoreRef: + kind: "SecretStore" +######################################################################################################################## +# @secretStores -- - +# @default -- {} +secretStores: + # secretStores[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` + namespace: "" + # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. + # @default -- [] + provider: + # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider + # @default -- [] + vault: + # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.tools.sap/". + server: "" + # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. s4/ketos + namespace: "" + # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. + path: "" + # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. + version: "v2" + # -- [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. + # @default -- [] + auth: + # -- *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). + # @default -- [] + appRole: + # -- [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” + path: "approle" + # -- *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. + roleId: "" + # *(optional)* [secretRef])(https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) to a key in a Secret that contains the App Role secret used to authenticate with Vault. The key field must be specified and denotes which entry within the Secret resource is used as the app role secret. + secretRef: + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + name: "" + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + key: "" +######################################################################################################################## +# -- [ExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the Schema for the external-secrets API. +# @default -- {} +externalSecret: +# externalSecret[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` +- name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` + namespace: "" + # -- [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data. + secretStore: + # -- Name of the SecretStore resource + name: "" + # -- *(optional)* Kind of the SecretStore resource (`SecretStore` or `ClusterSecretStore`) Defaults to `.Values.defaults.externalSecret.secretStoreRef.kind` + kind: "" + # -- [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. + refreshInterval: "" + # -- [targetSecretName](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the name of the Secret resource to be managed This field is immutable Defaults to the .metadata.name of the ExternalSecret resource + targetSecretName: "" + # -- *(optional)* [Template](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTemplate) defines a blueprint for the created Secret resource. + template: [] + # -- *(optional)* CreationPolicy defines rules on how to create the resulting Secret Defaults to ‘Owner’ + creationPolicy: "" + # -- *(optional)* DeletionPolicy defines rules on how to delete the resulting Secret Defaults to ‘Retain’ + deletionPolicy: "" + # -- *(optional)* Immutable defines if the final secret will be immutable + immutable: false + # -- *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data + # @default -- [] + data: + # secretKey -- [SecretKey](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the key in which the controller stores the value. This is the key in the Kind=Secret. e.g. "kubeconfig" + - secretKey: "" + # -- [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch. + remoteRef: + # -- [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com/garden-ketos-co-sa-mcp-test" + key: "" + # -- *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig" + property: "" +######################################################################################################################## +# @clusterSecretStores -- - +# @default -- {} +clusterSecretStores: + # clusterSecretStores[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ClusterSecretStore` + - name: "" + # -- *(optional)* Used to select the correct ESO controller (think: ingress.ingressClassName) The ESO controller is instantiated with a specific controller name and filters ES based on this property + controller: "" + # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. + # @default -- [] + provider: + # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider + # @default -- [] + vault: + # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.tools.sap/". + server: "" + # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. s4/ketos + namespace: "" + # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. + path: "" + # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. + version: "v2" + # -- [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. + # @default -- [] + auth: + # -- *(optional)* [appRole](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAuth) authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. VaultAppRole authenticates with Vault using the [App Role auth mechanism](https://www.vaultproject.io/docs/auth/approle). + # @default -- [] + appRole: + # -- [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) where the App Role authentication backend is mounted in Vault, e.g: “approle” + path: "approle" + # -- *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. + roleId: "" + # *(optional)* [secretRef])(https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) to a key in a Secret that contains the App Role secret used to authenticate with Vault. The key field must be specified and denotes which entry within the Secret resource is used as the app role secret. + # @default -- [] + secretRef: + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + name: "" + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + key: "" +######################################################################################################################## +# -- [ClusterExternalSecret](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the Schema for the external-secrets API. +# @default -- {} +clusterExternalSecret: +# clusterExternalSecret[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` +- name: "" + # -- *(optional)* The name of the external secrets to be created defaults to the name of the ClusterExternalSecret + externalSecretName: "" + # -- [refreshTime](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) is the time in which the controller should reconcile its objects and recheck namespaces for labels. + refreshTime: "" + # -- *(optional)* [namespaceSelectors](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ClusterExternalSecretSpec) defines a list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed. + namespaceSelectors: [] + # -- The [spec](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) for the ExternalSecrets to be created + # @default -- [] + externalSecretSpec: + # -- (optional) - [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretSpec) defines which SecretStore to fetch the ExternalSecret data. + secretStoreRef: [] + # -- [ExternalSecretTarget](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretTarget) defines the Kubernetes Secret to be created There can be only one target per ExternalSecret. + target: [] + # -- [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. + refreshInterval: "" + # -- *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) defines the connection between the Kubernetes Secret keys and the Provider data + data: [] + # -- *(optional)* [DataFrom](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataFromRemoteRef) is used to fetch all properties from a specific Provider data If multiple entries are specified, the Secret keys are merged in the specified order + dataFrom: [] +######################################################################################################################## +# -- The [PushSecret](https://external-secrets.io/latest/api/pushsecret/) is namespaced and it describes what data should be pushed to the secret provider. +# - tells the operator what secrets should be pushed by using spec.selector. +# - you can specify what secret keys should be pushed by using spec.data. +# @default -- {} +pushSecrets: + - name: "" + namespace: "" + # @default -- [] + spec: + # -- *optional* Policy to overwrite existing secrets in the provider on sync. E.g. Replace + updatePolicy: "" + # -- *optional* The provider' secret will be deleted if the PushSecret is deleted. E.g. Delete + deletionPolicy: "" + # -- Refresh interval for which push secret will reconcile. E.g. 1h + refreshInterval: "" + # -- A list of secret stores to push secrets to. + secretStoreRefs: {} + # -- The Secret Selector (k8s source) for the Push Secret + selector: [] + # -- *optional* Template defines a blueprint for the created Secret resource. + template: [] + # -- Secret Data that should be pushed to providers + data: [] +######################################################################################################################## +# @credentials -- :exclamation::exclamation: never EVER PUSH credentials in plain text into GIT :exclamation::exclamation: +# @default -- {} +credentials: + # credentials[0].name -- defines k8s `metadata.name` value of `kind: Secret` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` + namespace: "" + # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. + stringData: [] + # -- *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 + data: [] +######################################################################################################################## diff --git a/helm/charts/mcp/flux-config/.ci.config.yaml b/helm/charts/mcp/flux-config/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/flux-config/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/.helmignore b/helm/charts/mcp/flux-config/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/flux-config/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/flux-config/Chart.yaml b/helm/charts/mcp/flux-config/Chart.yaml new file mode 100644 index 0000000..f39b136 --- /dev/null +++ b/helm/charts/mcp/flux-config/Chart.yaml @@ -0,0 +1,33 @@ +--- +# The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file +apiVersion: v2 +name: flux-config +description: A Helm Chart to template flux manifests to leverage GitOps on a CO MCP cluster. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# A URL to an SVG or PNG image to be used as an icon +icon: "https://avatars.githubusercontent.com/u/52158677?s=200&v=4" +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.14 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.3.0" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprints" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - https://fluxcd.io/flux/releases/ +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/mcp/flux-config/README.md b/helm/charts/mcp/flux-config/README.md new file mode 100644 index 0000000..9871f15 --- /dev/null +++ b/helm/charts/mcp/flux-config/README.md @@ -0,0 +1,88 @@ + + +# flux-config + +![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) + +A Helm Chart to template flux manifests to leverage GitOps on a CO MCP cluster. + +**Homepage:** + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| credentials[0].data | list | `[]` | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | +| credentials[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | +| credentials[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| credentials[0].stringData | list | `[]` | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | +| defaults.namespace | string | `"default"` | default namespace value for *(optional)*`namespace` fields. | +| defaults.targetNamespace | string | `"default"` | targetNamespace sets or overrides the default namespace in the `kind: Kustomization` manifests. | +| gitRepositorys[0].kustomizations[0].commonMetadata | list | `[]` | [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. | +| gitRepositorys[0].kustomizations[0].components | object | `{}` | [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. | +| gitRepositorys[0].kustomizations[0].decryption | list | `[]` | [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. | +| gitRepositorys[0].kustomizations[0].dependsOn | object | `{}` | [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. | +| gitRepositorys[0].kustomizations[0].force | string | `nil` | [force](https://fluxcd.io/flux/components/kustomize/kustomizations/#force) is an *(optional)*boolean field. If set to true, the controller will replace the resources in-cluster if the patching fails due to immutable field changes. | +| gitRepositorys[0].kustomizations[0].healthChecks | object | `{}` | [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. | +| gitRepositorys[0].kustomizations[0].images | object | `{}` | [images](https://fluxcd.io/flux/components/kustomize/kustomizations/#images) is an *(optional)*list used to specify Kustomize images. This allows overwriting the name, tag or digest of container images without creating patches. | +| gitRepositorys[0].kustomizations[0].interval | string | `nil` | The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s | +| gitRepositorys[0].kustomizations[0].kubeConfig | list | `[]` | [kubeConfig](https://fluxcd.io/flux/components/kustomize/kustomizations/#kubeconfig-reference) KubeConfig reference | +| gitRepositorys[0].kustomizations[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" | +| gitRepositorys[0].kustomizations[0].namePrefix | string | `nil` | [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | +| gitRepositorys[0].kustomizations[0].nameSuffix | string | `nil` | [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | +| gitRepositorys[0].kustomizations[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` | +| gitRepositorys[0].kustomizations[0].patches | string | `nil` | [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. | +| gitRepositorys[0].kustomizations[0].path | string | `""` | *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" | +| gitRepositorys[0].kustomizations[0].postBuild | list | `[]` | [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution | +| gitRepositorys[0].kustomizations[0].prune | string | `nil` | [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false | +| gitRepositorys[0].kustomizations[0].retryInterval | string | `nil` | [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. | +| gitRepositorys[0].kustomizations[0].serviceAccountName | string | `nil` | [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. | +| gitRepositorys[0].kustomizations[0].suspend | string | `nil` | [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. | +| gitRepositorys[0].kustomizations[0].targetNamespace | string | `""` | *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. | +| gitRepositorys[0].kustomizations[0].timeout | string | `nil` | *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m | +| gitRepositorys[0].kustomizations[0].wait | string | `nil` | [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. | +| gitRepositorys[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` | +| gitRepositorys[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` | +| gitRepositorys[0].spec.interval | string | `"1m"` | [Interval](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) at which the GitRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. | +| gitRepositorys[0].spec.ref | object | `{"branch":""}` | *(optional)* Reference specifies the Git reference to resolve and monitor for changes, defaults to the ‘master’ branch. | +| gitRepositorys[0].spec.ref.branch | string | `""` | *(optional)* [branch](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositoryRef) Branch to check out, defaults to ‘master’ if no other field is defined. e.g. "main" | +| gitRepositorys[0].spec.secretRef | object | `{"name":""}` | *(optional)* [SecretRef](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) specifies the Secret containing authentication credentials for the GitRepository. For HTTPS repositories the Secret must contain ‘username’ and ‘password’ fields for basic auth or ‘bearerToken’ field for token auth. For SSH repositories the Secret must contain ‘identity’ and ‘known_hosts’ fields. | +| gitRepositorys[0].spec.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | +| gitRepositorys[0].spec.url | string | `""` | [URL]() specifies the Git repository URL, it can be an HTTP/S or SSH address. E.g. https://github.tools.sap/.../... | +| kustomizations | list | `[{"commonMetadata":[],"components":{},"decryption":[],"dependsOn":{},"force":null,"healthChecks":{},"images":{},"interval":null,"kubeConfig":[],"name":"","namePrefix":null,"nameSuffix":null,"namespace":"","patches":null,"path":"","postBuild":[],"prune":null,"retryInterval":null,"serviceAccountName":null,"sourceRef":{"apiVersion":"","kind":"GitRepository","name":"","namespace":""},"suspend":null,"targetNamespace":"","timeout":null,"wait":null}]` | defines independent [`kind: Kustomization`](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.Kustomization) manifest without the generation of `kind: GitRepository`. | +| kustomizations[0].commonMetadata | list | `[]` | [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. | +| kustomizations[0].components | object | `{}` | [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. | +| kustomizations[0].decryption | list | `[]` | [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. | +| kustomizations[0].dependsOn | object | `{}` | [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. | +| kustomizations[0].force | string | `nil` | [force](https://fluxcd.io/flux/components/kustomize/kustomizations/#force) is an *(optional)*boolean field. If set to true, the controller will replace the resources in-cluster if the patching fails due to immutable field changes. | +| kustomizations[0].healthChecks | object | `{}` | [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. | +| kustomizations[0].images | object | `{}` | [images](https://fluxcd.io/flux/components/kustomize/kustomizations/#images) is an *(optional)*list used to specify Kustomize images. This allows overwriting the name, tag or digest of container images without creating patches. | +| kustomizations[0].interval | string | `nil` | The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s | +| kustomizations[0].kubeConfig | list | `[]` | [kubeConfig](https://fluxcd.io/flux/components/kustomize/kustomizations/#kubeconfig-reference) KubeConfig reference | +| kustomizations[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" | +| kustomizations[0].namePrefix | string | `nil` | [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | +| kustomizations[0].nameSuffix | string | `nil` | [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | +| kustomizations[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` | +| kustomizations[0].patches | string | `nil` | [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. | +| kustomizations[0].path | string | `""` | *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" | +| kustomizations[0].postBuild | list | `[]` | [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution | +| kustomizations[0].prune | string | `nil` | [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false | +| kustomizations[0].retryInterval | string | `nil` | [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. | +| kustomizations[0].serviceAccountName | string | `nil` | [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. | +| kustomizations[0].sourceRef | object | `{"apiVersion":"","kind":"GitRepository","name":"","namespace":""}` | [Reference](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.CrossNamespaceSourceReference) of the source where the kustomization file is. | +| kustomizations[0].sourceRef.apiVersion | string | `""` | string (Optional) API version of the referent. | +| kustomizations[0].sourceRef.kind | string | `"GitRepository"` | string Kind of the referent. | +| kustomizations[0].sourceRef.name | string | `""` | string Name of the referent. | +| kustomizations[0].sourceRef.namespace | string | `""` | string (Optional) Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference. | +| kustomizations[0].suspend | string | `nil` | [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. | +| kustomizations[0].targetNamespace | string | `""` | *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. | +| kustomizations[0].timeout | string | `nil` | *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m | +| kustomizations[0].wait | string | `nil` | [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/README.md.gotmpl b/helm/charts/mcp/flux-config/README.md.gotmpl new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/flux-config/templates/NOTES.txt b/helm/charts/mcp/flux-config/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/helm/charts/mcp/flux-config/templates/flux-kustomization-obj.yml b/helm/charts/mcp/flux-config/templates/flux-kustomization-obj.yml new file mode 100644 index 0000000..72530a9 --- /dev/null +++ b/helm/charts/mcp/flux-config/templates/flux-kustomization-obj.yml @@ -0,0 +1,83 @@ +{{- range $item := .Values.kustomizations}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: {{required "A valid value is required! (.Values.kustomizations[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + interval: {{required "A valid value is required! (.Values.kustomizations[].interval)" $item.interval | quote}} + targetNamespace: {{ $item.targetNamespace | default $.Values.defaults.targetNamespace | lower | quote}} + sourceRef: + {{- required "A valid value is required! (.Values.kustomizations[].sourceRef)" $item.sourceRef | toYaml | nindent 4 }} + path: {{required "A valid value is required! (.Values.kustomizations[].path)" $item.path | quote}} + prune: {{required "A valid value is required! (.Values.kustomizations[].prune)" $item.prune }} + timeout: {{required "A valid value is required! (.Values.kustomizations[].timeout)" $item.timeout | quote}} + {{- if $item.dependsOn}} + dependsOn: {{ required "A valid value is required! (.Values.kustomizations[].dependsOn)" $item.dependsOn | toYaml | nindent 4 }} + {{- end }} + {{- if $item.healthChecks}} + healthChecks: {{ required "A valid value is required! (.Values.kustomizations[].healthChecks)" $item.healthChecks | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.retryInterval}} + retryInterval: {{required "A valid value is required! (.Values.gitRepositorys[].retryInterval)" $item.retryInterval }} + {{- end }} + + {{- if $item.suspend}} + suspend: {{required "A valid value is required! (.Values.gitRepositorys[].suspend)" $item.suspend }} + {{- end }} + + {{- if $item.wait}} + wait: {{required "A valid value is required! (.Values.gitRepositorys[].wait)" $item.wait }} + {{- end }} + + {{- if $item.serviceAccountName}} + serviceAccountName: {{required "A valid value is required! (.Values.gitRepositorys[].serviceAccountName)" $item.serviceAccountName | quote }} + {{- end }} + + {{- if $item.commonMetadata}} + commonMetadata: {{ required "A valid value is required! (.Values.kustomizations[].commonMetadata)" $item.commonMetadata | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.namePrefix}} + namePrefix: {{required "A valid value is required! (.Values.gitRepositorys[].namePrefix)" $item.namePrefix | quote }} + {{- end }} + + {{- if $item.nameSuffix}} + nameSuffix: {{required "A valid value is required! (.Values.gitRepositorys[].nameSuffix)" $item.nameSuffix | quote }} + {{- end }} + + {{- if $item.force}} + force: {{required "A valid value is required! (.Values.gitRepositorys[].force)" $item.force }} + {{- end }} + + {{- if $item.patches}} + patches: {{ required "A valid value is required! (.Values.kustomizations[].patches)" $item.patches | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.images}} + images: {{ required "A valid value is required! (.Values.kustomizations[].images)" $item.images | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.components}} + components: {{ required "A valid value is required! (.Values.kustomizations[].components)" $item.components | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.postBuild}} + postBuild: {{ required "A valid value is required! (.Values.kustomizations[].postBuild)" $item.postBuild | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.kubeConfig}} + kubeConfig: {{ required "A valid value is required! (.Values.kustomizations[].kubeConfig)" $item.kubeConfig | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.decryption}} + decryption: {{ required "A valid value is required! (.Values.kustomizations[].decryption)" $item.decryption | toYaml | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/templates/git-repo-kustomization.yml b/helm/charts/mcp/flux-config/templates/git-repo-kustomization.yml new file mode 100644 index 0000000..fc92f8a --- /dev/null +++ b/helm/charts/mcp/flux-config/templates/git-repo-kustomization.yml @@ -0,0 +1,87 @@ +{{- range $gitRepository := .Values.gitRepositorys}} + {{- range $item := $gitRepository.kustomizations}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + interval: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].interval)" $item.interval | quote}} + targetNamespace: {{ $item.targetNamespace | default $.Values.defaults.targetNamespace | lower | quote}} + sourceRef: + kind: GitRepository + name: {{required "A valid value is required! (.Values.gitRepositorys[].name)" $gitRepository.name | quote}} + path: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].path)" $item.path | quote}} + prune: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].prune)" $item.prune }} + timeout: {{required "A valid value is required! (.Values.gitRepositorys[].kustomizations[].timeout)" $item.timeout | quote}} + {{- if $item.healthChecks}} + healthChecks: {{ required "A valid value is required! (.Values.kustomizations[].healthChecks)" $item.healthChecks | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.dependsOn}} + dependsOn: {{ required "A valid value is required! (.Values.kustomizations[].dependsOn)" $item.dependsOn | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.retryInterval}} + retryInterval: {{required "A valid value is required! (.Values.gitRepositorys[].retryInterval)" $item.retryInterval }} + {{- end }} + + {{- if $item.suspend}} + suspend: {{required "A valid value is required! (.Values.gitRepositorys[].suspend)" $item.suspend }} + {{- end }} + + {{- if $item.wait}} + wait: {{required "A valid value is required! (.Values.gitRepositorys[].wait)" $item.wait }} + {{- end }} + + {{- if $item.serviceAccountName}} + serviceAccountName: {{required "A valid value is required! (.Values.gitRepositorys[].serviceAccountName)" $item.serviceAccountName | quote }} + {{- end }} + + {{- if $item.commonMetadata}} + commonMetadata: {{ required "A valid value is required! (.Values.kustomizations[].commonMetadata)" $item.commonMetadata | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.namePrefix}} + namePrefix: {{required "A valid value is required! (.Values.gitRepositorys[].namePrefix)" $item.namePrefix | quote }} + {{- end }} + + {{- if $item.nameSuffix}} + nameSuffix: {{required "A valid value is required! (.Values.gitRepositorys[].nameSuffix)" $item.nameSuffix | quote }} + {{- end }} + + {{- if $item.force}} + force: {{required "A valid value is required! (.Values.gitRepositorys[].force)" $item.force }} + {{- end }} + + {{- if $item.patches}} + patches: {{ required "A valid value is required! (.Values.kustomizations[].patches)" $item.patches | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.images}} + images: {{ required "A valid value is required! (.Values.kustomizations[].images)" $item.images | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.components}} + components: {{ required "A valid value is required! (.Values.kustomizations[].components)" $item.components | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.postBuild}} + postBuild: {{ required "A valid value is required! (.Values.kustomizations[].postBuild)" $item.postBuild | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.kubeConfig}} + kubeConfig: {{ required "A valid value is required! (.Values.kustomizations[].kubeConfig)" $item.kubeConfig | toYaml | nindent 4 }} + {{- end }} + + {{- if $item.decryption}} + decryption: {{ required "A valid value is required! (.Values.kustomizations[].decryption)" $item.decryption | toYaml | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/templates/git-repository.yml b/helm/charts/mcp/flux-config/templates/git-repository.yml new file mode 100644 index 0000000..f644881 --- /dev/null +++ b/helm/charts/mcp/flux-config/templates/git-repository.yml @@ -0,0 +1,15 @@ +{{- range $item := .Values.gitRepositorys}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: {{required "A valid value is required! (.Values.gitRepositorys[].name)" $item.name | lower | quote}} + namespace: {{ $item.namespace | default $.Values.defaults.namespace | lower | quote }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- toYaml $item.spec | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/templates/secrets/generic-secret.yaml b/helm/charts/mcp/flux-config/templates/secrets/generic-secret.yaml new file mode 100644 index 0000000..b82804a --- /dev/null +++ b/helm/charts/mcp/flux-config/templates/secrets/generic-secret.yaml @@ -0,0 +1,24 @@ +{{- range $item := .Values.credentials}} + {{- if and ($item) (ne $item.name "")}} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{required "A valid value is required! (.Values.credentials[].name)" $item.name | lower | quote}} + namespace: {{required "A valid value is required! (.Values.credentials[].namespace)" $item.namespace | lower | quote}} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- if $item.stringData}} +stringData: + {{- range $key, $value := $item.stringData }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if $item.data}} +data: + {{- toYaml $item.data | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/charts/mcp/flux-config/values.ci.yaml b/helm/charts/mcp/flux-config/values.ci.yaml new file mode 100644 index 0000000..eb63c8b --- /dev/null +++ b/helm/charts/mcp/flux-config/values.ci.yaml @@ -0,0 +1,228 @@ +--- +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################################## +kustomizations: + - name: nexus-cobalt-root-app + namespace: "default" + interval: "10s" + path: "manifests/application/root" + prune: true + timeout: "1m" + sourceRef: + kind: "GitRepository" + name: "mcp-blueprint-building-blocks" + dependsOn: + - name: cert-manager + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: backend + namespace: dev + retryInterval: "30s" + suspend: true + wait: false + serviceAccountName: "serviceAccountName" + commonMetadata: + labels: + a: "bc" + annotations: + d: "efg" + namePrefix: "prefix-" + nameSuffix: "-suffix" + force: true + patches: + - patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: not-used + spec: + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + target: + kind: Deployment + labelSelector: "app.kubernetes.io/part-of=my-app" + - patch: | + - op: add + path: /spec/template/spec/securityContext + value: + runAsUser: 10000 + fsGroup: 1337 + - op: add + path: /spec/template/spec/containers/0/securityContext + value: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + target: + kind: Deployment + name: podinfo + namespace: apps + images: + - name: podinfo + newName: my-registry/podinfo + newTag: v1 + - name: podinfo + newTag: 1.8.0 + - name: podinfo + newName: my-podinfo + - name: podinfo + digest: sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3 + components: + - ../ingress + - ../tls + postBuild: + substitute: + cluster_env: "prod" + cluster_region: "eu-central-1" + substituteFrom: + - kind: ConfigMap + name: cluster-vars + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true + - kind: Secret + name: cluster-secret-vars + # Fail if this Secret does not exist. + kubeConfig: + secretRef: + name: "name" + value: "value" + decryption: + provider: sops + secretRef: + name: sops-keys + - name: kustomizations-2 + namespace: "default" + interval: "10s" + path: "manifests/application/base" + prune: true + timeout: "1m" + sourceRef: + kind: "GitRepository" + name: "mcp-blueprint-building-blocks" + dependsOn: + - name: nexus-cobalt-root-app +######################################################################################################################## +gitRepositorys: + - name: "mcp-blueprint-building-blocks" + namespace: "default" + spec: + interval: 1m + url: https://github.com/openmcp-project/blueprints + ref: + branch: main + secretRef: + name: github-tools-secret + kustomizations: + - name: "mcp-blueprint-building-blocks" + namespace: "default" + interval: 10s + path: "./manifests/templates/provider-btp-accounts.abc.shoot.live.k8s-hana.ondemand.com" + prune: true + timeout: 1m + dependsOn: + - name: cert-manager + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: backend + namespace: dev + retryInterval: "30s" + suspend: true + wait: false + serviceAccountName: "serviceAccountName" + commonMetadata: + labels: + a: "bc" + annotations: + d: "efg" + namePrefix: "prefix-" + nameSuffix: "-suffix" + force: true + patches: + - patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: not-used + spec: + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + target: + kind: Deployment + labelSelector: "app.kubernetes.io/part-of=my-app" + - patch: | + - op: add + path: /spec/template/spec/securityContext + value: + runAsUser: 10000 + fsGroup: 1337 + - op: add + path: /spec/template/spec/containers/0/securityContext + value: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + target: + kind: Deployment + name: podinfo + namespace: apps + images: + - name: podinfo + newName: my-registry/podinfo + newTag: v1 + - name: podinfo + newTag: 1.8.0 + - name: podinfo + newName: my-podinfo + - name: podinfo + digest: sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d3 + components: + - ../ingress + - ../tls + postBuild: + substitute: + cluster_env: "prod" + cluster_region: "eu-central-1" + substituteFrom: + - kind: ConfigMap + name: cluster-vars + # Use this ConfigMap if it exists, but proceed if it doesn't. + optional: true + - kind: Secret + name: cluster-secret-vars + # Fail if this Secret does not exist. + kubeConfig: + secretRef: + name: "name" + value: "value" + decryption: + provider: sops + secretRef: + name: sops-keys + - name: "mcp-blueprint-building-blocks-2" + namespace: "default" + targetNamespace: "default2" + interval: 10s + path: "./manifests/templates/provider-btp-accounts.abc.shoot.live.k8s-hana.ondemand.com" + prune: true + timeout: 1m +######################################################################################################################## +credentials: + - name: "github-tools-secret" + namespace: "default" + stringData: + username: username + password: password + data: [] +######################################################################################################################## diff --git a/helm/charts/mcp/flux-config/values.yaml b/helm/charts/mcp/flux-config/values.yaml new file mode 100644 index 0000000..56d17a7 --- /dev/null +++ b/helm/charts/mcp/flux-config/values.yaml @@ -0,0 +1,145 @@ +--- +# @default -- - +defaults: + # -- default namespace value for *(optional)*`namespace` fields. + namespace: "default" + # -- targetNamespace sets or overrides the default namespace in the `kind: Kustomization` manifests. + targetNamespace: "default" +######################################################################################################################## +gitRepositorys: + # gitRepositorys[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` + namespace: "" + # spec -- defines k8s `spec` structured value of `kind: GitRepository`. See [API broswer](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) + spec: + # -- [Interval](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) at which the GitRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. + interval: 1m + # -- [URL]() specifies the Git repository URL, it can be an HTTP/S or SSH address. + url: "" + # -- *(optional)* Reference specifies the Git reference to resolve and monitor for changes, defaults to the ‘master’ branch. + ref: + # -- *(optional)* [branch](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositoryRef) Branch to check out, defaults to ‘master’ if no other field is defined. e.g. "main" + branch: "" + # -- *(optional)* [SecretRef](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) specifies the Secret containing authentication credentials for the GitRepository. For HTTPS repositories the Secret must contain ‘username’ and ‘password’ fields for basic auth or ‘bearerToken’ field for token auth. For SSH repositories the Secret must contain ‘identity’ and ‘known_hosts’ fields. + secretRef: + # -- [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) + name: "" + kustomizations: + # gitRepositorys[0].kustomizations[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` + namespace: "" + # -- *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. + targetNamespace: "" + # -- The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s + interval: + # -- *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" + path: "" + # -- [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false + prune: + # -- *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m + timeout: + # -- [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. + dependsOn: {} + # -- [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. + healthChecks: {} + # -- [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. + retryInterval: + # -- [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. + suspend: + # -- [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. + wait: + # -- [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. + serviceAccountName: + # -- [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. + commonMetadata: [] + # -- [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. + namePrefix: + # -- [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. + nameSuffix: + # -- [force](https://fluxcd.io/flux/components/kustomize/kustomizations/#force) is an *(optional)*boolean field. If set to true, the controller will replace the resources in-cluster if the patching fails due to immutable field changes. + force: + # -- [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. + patches: + # -- [images](https://fluxcd.io/flux/components/kustomize/kustomizations/#images) is an *(optional)*list used to specify Kustomize images. This allows overwriting the name, tag or digest of container images without creating patches. + images: {} + # -- [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. + components: {} + # -- [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution + postBuild: [] + # -- [kubeConfig](https://fluxcd.io/flux/components/kustomize/kustomizations/#kubeconfig-reference) KubeConfig reference + kubeConfig: [] + # -- [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. + decryption: [] +######################################################################################################################## +# -- defines independent [`kind: Kustomization`](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.Kustomization) manifest without the generation of `kind: GitRepository`. +kustomizations: + # kustomizations[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` + namespace: "" + # -- *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. + targetNamespace: "" + # -- The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s + interval: + # -- *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" + path: "" + # -- [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false + prune: + # -- *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m + timeout: + # -- [Reference](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.CrossNamespaceSourceReference) of the source where the kustomization file is. + sourceRef: + # -- string (Optional) API version of the referent. + apiVersion: "" + # -- string Kind of the referent. + kind: "GitRepository" + # -- string Name of the referent. + name: "" + # -- string (Optional) Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference. + namespace: "" + # -- [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. + dependsOn: {} + # -- [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. + healthChecks: {} + # -- [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. + retryInterval: + # -- [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. + suspend: + # -- [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. + wait: + # -- [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. + serviceAccountName: + # -- [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. + commonMetadata: [] + # -- [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. + namePrefix: + # -- [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. + nameSuffix: + # -- [force](https://fluxcd.io/flux/components/kustomize/kustomizations/#force) is an *(optional)*boolean field. If set to true, the controller will replace the resources in-cluster if the patching fails due to immutable field changes. + force: + # -- [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. + patches: + # -- [images](https://fluxcd.io/flux/components/kustomize/kustomizations/#images) is an *(optional)*list used to specify Kustomize images. This allows overwriting the name, tag or digest of container images without creating patches. + images: {} + # -- [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. + components: {} + # -- [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution + postBuild: [] + # -- [kubeConfig](https://fluxcd.io/flux/components/kustomize/kustomizations/#kubeconfig-reference) KubeConfig reference + kubeConfig: [] + # -- [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. + decryption: [] +######################################################################################################################## +# @credentials -- :exclamation::exclamation: never EVER PUSH credentials in plain text into GIT :exclamation::exclamation: +credentials: + # credentials[0].name -- defines k8s `metadata.name` value of `kind: Secret` + - name: "" + # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` + namespace: "" + # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. + stringData: [] + # -- *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 + data: [] +######################################################################################################################## diff --git a/helm/charts/mcp/k8s-validating-admission-policy/.ci.config.yaml b/helm/charts/mcp/k8s-validating-admission-policy/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/.helmignore b/helm/charts/mcp/k8s-validating-admission-policy/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml b/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml new file mode 100644 index 0000000..d418602 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: v2 +name: k8s-validating-admission-policy +description: A Helm Chart to orchestrate k8s ValidatingAdmissionPolicy & ValidatingAdmissionPolicyBinding +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.2 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - "https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/" +# A SemVer range of compatible Kubernetes versions (optional) +kubeVersion: ">=1.20.0" +# Whether this chart is deprecated (optional, boolean) +deprecated: false +icon: "https://www.svgrepo.com/show/376331/kubernetes.svg" diff --git a/helm/charts/mcp/k8s-validating-admission-policy/README.md b/helm/charts/mcp/k8s-validating-admission-policy/README.md new file mode 100644 index 0000000..e2ad841 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/README.md @@ -0,0 +1,29 @@ + + +# k8s-validating-admission-policy + +![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) + +A Helm Chart to orchestrate k8s ValidatingAdmissionPolicy & ValidatingAdmissionPolicyBinding + +## Source Code + +* + +## Requirements + +Kubernetes: `>=1.20.0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| validatingAdmissionPolicies | list | [] | [ValidatingAdmissionPolicy](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-v1/) describes the definition of an admission validation policy that accepts or rejects an object without changing it. | +| validatingAdmissionPolicies[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| validatingAdmissionPolicies[0].spec | list | [] | Specification of the desired behavior of the ValidatingAdmissionPolicy. [ValidatingAdmissionPolicySpec](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-v1/) is the specification of the desired behavior of the AdmissionPolicy. | +| validatingAdmissionPolicyBindings | list | [] | [ValidatingAdmissionPolicyBinding](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-binding-v1/) binds the ValidatingAdmissionPolicy with paramerized resources. | +| validatingAdmissionPolicyBindings[0].name | string | `""` | kubernetes crossplane object `metadata.name` on managed control plane. | +| validatingAdmissionPolicyBindings[0].spec | list | [] | Specification of the desired behavior of the ValidatingAdmissionPolicyBinding. [ValidatingAdmissionPolicyBindingSpec](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-binding-v1/) is the specification of the ValidatingAdmissionPolicyBinding. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicy.yaml b/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicy.yaml new file mode 100644 index 0000000..92e60d0 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicy.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.validatingAdmissionPolicies }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: {{required "A valid value is required (.Values.validatingAdmissionPolicies[].name)" $item.name }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.validatingAdmissionPolicies[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicyBinding.yaml b/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicyBinding.yaml new file mode 100644 index 0000000..b351d2b --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/templates/ValidatingAdmissionPolicyBinding.yaml @@ -0,0 +1,14 @@ +{{- range $item := .Values.validatingAdmissionPolicyBindings }} + {{- if and ($item) (ne $item.name "") }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: {{required "A valid value is required (.Values.validatingAdmissionPolicyBindings[].name)" $item.name }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + {{- required "A valid value is required! (.Values.validatingAdmissionPolicyBindings[].spec)" $item.spec | toYaml | nindent 2 }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/values.ci.yaml b/helm/charts/mcp/k8s-validating-admission-policy/values.ci.yaml new file mode 100644 index 0000000..58df743 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/values.ci.yaml @@ -0,0 +1,38 @@ +--- +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################### +validatingAdmissionPolicies: + - name: "crossplane-helm-provider-config-if-secret-exists" + spec: + failurePolicy: Fail + paramKind: + kind: ProviderConfig + apiVersion: helm.crossplane.io/v1beta1 + matchConstraints: + resourceRules: + - apiGroups: [""] + apiVersions: ["v1"] + resources: ["secrets"] + operations: ["DELETE"] + validations: + - expression: | + ( + has(params.spec) && + has(params.spec.credentials) && + has(params.spec.credentials.secretRef) && + has(params.spec.credentials.secretRef.name) && + oldObject.metadata.name != params.spec.credentials.secretRef.name && + oldObject.metadata.namespace != params.spec.credentials.secretRef.namespace + ) + messageExpression: "'Secret %s cannot be deleted because its referenced in Kind:%s (%s) %s'.format([oldObject.metadata.name,params.kind,params.apiVersion,params.metadata.name])" + reason: "Invalid" +######################################################################################################### +validatingAdmissionPolicyBindings: + - name: "crossplane-helm-provider-config-secret-binding" + spec: + policyName: crossplane-helm-provider-config-if-secret-exists + validationActions: [Deny] + paramRef: + selector: {} + parameterNotFoundAction: "Allow" +################################################################################## \ No newline at end of file diff --git a/helm/charts/mcp/k8s-validating-admission-policy/values.yaml b/helm/charts/mcp/k8s-validating-admission-policy/values.yaml new file mode 100644 index 0000000..93c3894 --- /dev/null +++ b/helm/charts/mcp/k8s-validating-admission-policy/values.yaml @@ -0,0 +1,22 @@ +--- +######################################################################################################### +# -- [ValidatingAdmissionPolicy](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-v1/) describes the definition of an admission validation policy that accepts or rejects an object without changing it. +# @default -- [] +validatingAdmissionPolicies: + # validatingAdmissionPolicies[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- Specification of the desired behavior of the ValidatingAdmissionPolicy. + # [ValidatingAdmissionPolicySpec](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-v1/) is the specification of the desired behavior of the AdmissionPolicy. + # @default -- [] + spec: [] +######################################################################################################### +# -- [ValidatingAdmissionPolicyBinding](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-binding-v1/) binds the ValidatingAdmissionPolicy with paramerized resources. +# @default -- [] +validatingAdmissionPolicyBindings: + # validatingAdmissionPolicyBindings[0].name -- kubernetes crossplane object `metadata.name` on managed control plane. + - name: "" + # -- Specification of the desired behavior of the ValidatingAdmissionPolicyBinding. + # [ValidatingAdmissionPolicyBindingSpec](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/validating-admission-policy-binding-v1/) is the specification of the ValidatingAdmissionPolicyBinding. + # @default -- [] + spec: [] +######################################################################################################### diff --git a/helm/charts/mcp/sap-btp-services/.ci.config.yaml b/helm/charts/mcp/sap-btp-services/.ci.config.yaml new file mode 100644 index 0000000..ea4fde3 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/.ci.config.yaml @@ -0,0 +1,21 @@ +# pipeline feature flags obsolete (Bash Scripts) + +jfrog.sh: + enabled: true + + +# pipeline feature flags +yamllint: + enable: true +helm-docs: + enable: true +helm-chart-linting: + enable: true +helm-chart-validation: + enable: true +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: false \ No newline at end of file diff --git a/helm/charts/mcp/sap-btp-services/.helmignore b/helm/charts/mcp/sap-btp-services/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/mcp/sap-btp-services/Chart.yaml b/helm/charts/mcp/sap-btp-services/Chart.yaml new file mode 100644 index 0000000..1c6b046 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/Chart.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v2 +name: sap-btp-services +description: A Helm Chart to create dynamically SAP BTP Services instances and bindings. +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.9 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.2.0" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks + - "https://github.com/SAP/sap-btp-service-operator" +# A SemVer range of compatible Kubernetes versions (optional) +kubeVersion: ">=1.20.0" +# Whether this chart is deprecated (optional, boolean) +deprecated: false +# The URL of this projects home page (optional) +home: "" +icon: "https://www.sap.com/content/dam/application/shared/logos/partner/powering-sap-btp-color-logo.svg" diff --git a/helm/charts/mcp/sap-btp-services/README.md b/helm/charts/mcp/sap-btp-services/README.md new file mode 100644 index 0000000..1fee52c --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/README.md @@ -0,0 +1,38 @@ + + +# sap-btp-services + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square) + +A Helm Chart to create dynamically SAP BTP Services instances and bindings. + +**Homepage:** + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=1.20.0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | +| services[0].bindings[0].credentialsRotationPolicy.rotatedBindingTTL | string | `"1s"` | | +| services[0].bindings[0].credentialsRotationPolicy.rotationFrequency | string | `"1s"` | | +| services[0].bindings[0].name | string | `""` | | +| services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | +| services[0].bindings[0].secretName | string | `"secretName"` | | +| services[0].instance.name | string | `"name"` | | +| services[0].instance.parameters | string | `"parameters\n"` | | +| services[0].instance.serviceOfferingName | string | `"serviceOfferingName"` | | +| services[0].instance.servicePlanName | string | `"servicePlanName"` | | +| services[0].name | string | `""` | | +| services[0].namespace | string | `"default"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/mcp/sap-btp-services/templates/services-binding-services-cloud-sap.yaml b/helm/charts/mcp/sap-btp-services/templates/services-binding-services-cloud-sap.yaml new file mode 100644 index 0000000..cee0ed4 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/templates/services-binding-services-cloud-sap.yaml @@ -0,0 +1,24 @@ +{{- range $service := .Values.services }} + {{- if and ($service) (ne $service.name "") }} + {{- range $binding := $service.bindings }} + {{- if and ($binding) (ne $binding.name "") }} +--- +apiVersion: services.cloud.sap.com/v1alpha1 +kind: ServiceBinding +metadata: + name: {{required "A valid bindingName is required (.Values.services[].bindings[].name)" $binding.name }} + namespace: {{required "A valid namespace is required (.Values.services[].bindings[].namespace)" $service.namespace }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + serviceInstanceName: {{required "A valid instanceName is required (.Values.services[].instance.name)" $service.instance.name }} + secretName: {{required "A valid secretName is required (.Values.services[].bindings[].secretName)" $binding.secretName }} + parameters: + {{- toYaml $binding.parameters | nindent 4 }} + credentialsRotationPolicy: + {{- toYaml $binding.credentialsRotationPolicy | nindent 4 }} + {{- end}} + {{- end}} + {{- end}} +{{- end}} diff --git a/helm/charts/mcp/sap-btp-services/templates/services-instance-services-cloud-sap.yaml b/helm/charts/mcp/sap-btp-services/templates/services-instance-services-cloud-sap.yaml new file mode 100644 index 0000000..1358008 --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/templates/services-instance-services-cloud-sap.yaml @@ -0,0 +1,18 @@ +{{- range $service := .Values.services }} + {{- if and ($service) (ne $service.name "") }} +--- +apiVersion: services.cloud.sap.com/v1alpha1 +kind: ServiceInstance +metadata: + name: {{required "A valid instanceName is required (.Values.services[].instance.name)" $service.instance.name }} + namespace: {{required "A valid namespace is required (.Values.services[].namespace)" $service.namespace }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" +spec: + serviceOfferingName: {{required "A valid serviceOfferingName is required (.Values.services[].instance.serviceOfferingName)" $service.instance.serviceOfferingName }} + servicePlanName: {{required "A valid servicePlanName is required (.Values.services[].instance.servicePlanName)" $service.instance.servicePlanName }} + parameters: + {{- toYaml $service.instance.parameters | nindent 4 }} + {{- end}} +{{- end}} diff --git a/helm/charts/mcp/sap-btp-services/values.ci.yaml b/helm/charts/mcp/sap-btp-services/values.ci.yaml new file mode 100644 index 0000000..5f132ea --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/values.ci.yaml @@ -0,0 +1,310 @@ +--- +###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### +######################################################################################################### +services: + - name: "identityApplication" + namespace: "default" + instance: + name: "ketos-op-cluster-ias" + serviceOfferingName: "identity" + servicePlanName: "application" + parameters: + oauth2-configuration: + redirect-uris: + - "https://*.../oauth2/callback" + - "https://*.../callback" + - "https://*.../*" + consumed-apis: [] + display-name: "" + multi-tenant: true + xsuaa-cross-consumption: true + bindings: + - name: "ketos-op-cluster-ias" + secretName: "btp-ias" + parameters: + credential-type: SECRET + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 1h + ################################################################################## + - name: "identityApplicationServiceBroker" + namespace: "default" + instance: + name: "poc-ias-service-broker" + serviceOfferingName: "identity" + servicePlanName: "application" + parameters: + oauth2-configuration: + redirect-uris: + - "http://localhost:8080/oauth2/callback/*" + #post-logout-redirect-uris: + #- "https://*.{{ required "A valid gardener domain url is required!" .Values.domain }}/oauth2/sign_out" + #- "http://localhost:8080/oauth2/sign_out/*" + consumed-apis: [] + display-name: "poc-ias-service-broker" + multi-tenant: true + xsuaa-cross-consumption: true + catalog: + services: + - name: "poc-ias-service-broker" + id: "poc-ias-service-broker" + description: "POC IAS Service Broker" + bindable: true + bindings_retrievable: true + instances_retrievable: true + allow_context_updates: false + plan_updateable: false + tags: + - "tags" + metadata: + displayName: "poc-ias-service-broker" + longDescription: "POC IAS Service Broker" + #createBindingDocumentationUrl: + #createInstanceDocumentationUrl: + #documentationUrl: + #supportUrl: + #imageUrl: + sap: + tenant_aware: true + instance_isolation: false + plans: + - id: "plan-abc" + bindable: true + name: "Plan ABC" + description: "Plan ABC description" + # Learn more about [Polling Interval and Duration](https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#polling-interval-and-duration) + maximum_polling_duration: 5 + plan_updateable: false + metadata: + bullets: + - "bullets" + supportedPlatforms: + - kubernetes + - sapbtp + bindingData: + url: "" + #auto_service: + # type: service-manager + # subscribe_with_consuming_app: true + maintenance_info: + version: 0.0.1 + description: "description" + schemas: + service_instance: + create: + parameters: + $schema: 'http://json-schema.org/draft-04/schema#' + _show_form_view: false + additionalProperties: false + type: object + properties: {} + #required: + # - provision_ids + #_controlsOrder: + # - provision_ids + update: + parameters: + $schema: 'http://json-schema.org/draft-04/schema#' + _show_form_view: false + additionalProperties: false + type: object + required: + - kubeconfig_determination + properties: {} + service_binding: + create: + parameters: + $schema: 'http://json-schema.org/draft-04/schema#' + _show_form_view: false + additionalProperties: false + type: object + properties: {} + update: + parameters: + $schema: 'http://json-schema.org/draft-04/schema#' + _show_form_view: false + additionalProperties: false + type: object + bindings: + - name: "poc-ias-service-broker" + secretName: "poc-ias-service-broker" + parameters: + # @url: https://github.com/SAP/sap-btp-service-operator#credentials-rotation + #credential-type: SECRET + credential-type: X509_GENERATED + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 1h + ################################################################################## + - name: "xsuaaBroker" + namespace: "default" + instance: + name: "poc-xsuaa-service-broker" + serviceOfferingName: "xsuaa" + servicePlanName: "broker" + parameters: + xsappname: "poc-xsuaa-service-broker" + tenant-mode: "shared" + authorities: + - $XSAPPNAME.mtcallback + - $XSAPPNAME.mtdeployment + oauth2-configuration: + redirect-uris: + - "https://*/**" + role-templates: + - name: "TOKEN_EXCHANGE" + description: "Token exchange" + scope-references: + - "uaa.user" + - name: "MultitenancyCallbackRoleTemplate" + description: "Call callback-services of applications" + scope-references: + - "$XSAPPNAME.Callback" + scopes: + - description: "UAA" + name: uaa.user + - description: "With this scope set, the callbacks for tenant onboarding, offboarding and getDependencies can be called" + grant-as-authority-to-apps: + - $XSAPPNAME(application,sap-provisioning,tenant-onboarding) + name: $XSAPPNAME.Callback + - description: "Async callback to update the saas-registry (provisioning succeeded/failed)" + name: $XSAPPNAME.service.write + - description: Deploy applications + name: $XSAPPNAME.mtdeployment + - description: "Subscribe to applications" + grant-as-authority-to-apps: + - $XSAPPNAME(application,sap-provisioning,tenant-onboarding) + name: $XSAPPNAME.mtcallback + bindings: + - name: "test-xsuaa-service-broker" + secretName: "test-xsuaa-service-broker" + parameters: {} + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 1h + ################################################################################## + - name: "cloudLoggingStandardOperationCluster" + namespace: "default" + instance: + name: "ketos-op-cluster-cls" + serviceOfferingName: "cloud-logging" + servicePlanName: "standard" + # -- cloud logging service config: list of parameter: https://pages.github.tools.sap/perfx/cloud-logging-service/consumption/service-configuration-parameters/ + parameters: + retentionPeriod: 14 + esApiEnabled: true + dataPrepperEnabled: true + ingest_otlp: + enabled: true + bindings: + - name: "ketos-op-cluster-cls" + secretName: "btp-cls" + parameters: {} + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 1h + ################################################################################## + - name: "dynatraceEnvironmentOperationCluster" + namespace: "default" + instance: + name: "ketos-op-cluster-dynatrace" + serviceOfferingName: "dynatrace" + servicePlanName: "environment" + parameters: + environment_name: "" # MUST BE SET and match the pattern ^[A-Z0-9]{1,16}$ + permission_assignments: + - name: Ketos Dynatrace Admin + roles: + - admin + - log_analytics + - name: Ketos Dynatrace Read-Only User + roles: + - user + - log_analytics + - name: Ketos Dynatrace sensitive-data User + roles: + - view_sensitive + - configure_sensitive + service_parameters: + skiperrors: 'true' + bindings: + - name: "ketos-op-cluster-dynatrace-provider" + secretName: "ketos-op-cluster-dynatrace-provider" + parameters: + tokens: + - name: apiToken + # -- https://docs.dynatrace.com/docs/manage/access-control/access-tokens#scopes + scopes: + - "entities.read" + - "entities.write" + - "metrics.read" + - "metrics.write" + - "networkZones.read" + - "networkZones.write" + - "problems.read" + - "problems.write" + - "releases.read" + - "securityProblems.read" + - "securityProblems.write" + - "settings.read" + - "settings.write" + - "slo.read" + - "slo.write" + - "releases.read" + - "auditLogs.read" + - "geographicRegions.read" + - "syntheticExecutions.read" + - "syntheticExecutions.write" + - "credentialVault.read" + - "credentialVault.write" + - "ReadConfig" + - "WriteConfig" + - "DataExport" + - "ExternalSyntheticIntegration" + - "ReadSyntheticData" + - "DataPrivacy" + - "DTAQLAccess" + - "UserSessionAnonymization" + - "DssFileManagement" + - "RumJavaScriptTagManagement" + - "ActiveGateCertManagement" + - "DataImport" + - "RestRequestForwarding" + - "CaptureRequestData" + - "LogExport" + - "RumBrowserExtension" + - "oneAgents.read" + - "oneAgents.write" + - "InstallerDownload" + credentialsRotationPolicy: + enabled: true + rotationFrequency: 2160h #90 days + rotatedBindingTTL: 48h + - enable: true + name: "ketos-op-cluster-dynatrace-operator" + secretName: "ketos-op-cluster-dynatrace-operator" + parameters: + tokens: + - name: apiToken + scopes: + - InstallerDownload + - DataExport + - entities.read + - settings.read + - settings.write + - activeGateTokenManagement.create + - name: dataIngestToken + scopes: + - events.ingest + - logs.ingest + - metrics.ingest + - openTelemetryTrace.ingest + credentialsRotationPolicy: + enabled: true + rotationFrequency: 2160h #90 days + rotatedBindingTTL: 48h + ################################################################################## diff --git a/helm/charts/mcp/sap-btp-services/values.yaml b/helm/charts/mcp/sap-btp-services/values.yaml new file mode 100644 index 0000000..7ed180c --- /dev/null +++ b/helm/charts/mcp/sap-btp-services/values.yaml @@ -0,0 +1,23 @@ +--- +######################################################################################################### +### !!! FOLLOWING serviceS SHOULD NEVER BE ENABLED BY DEFAULT! USE THEM AS TEMPLATE FOR YOUR REMOTE CLUSTER CONFIG !!! +######################################################################################################### +services: + - name: "" + namespace: "default" + instance: + name: "name" + serviceOfferingName: "serviceOfferingName" + servicePlanName: "servicePlanName" + parameters: | + parameters + bindings: + - name: "" + secretName: "secretName" + parameters: + credential-type: SECRET + credentialsRotationPolicy: + enabled: true + rotationFrequency: 1s + rotatedBindingTTL: 1s +################################################################################## diff --git a/helm/charts/test-custom-chart/.ci.config.yaml b/helm/charts/test-custom-chart/.ci.config.yaml new file mode 100644 index 0000000..a68a295 --- /dev/null +++ b/helm/charts/test-custom-chart/.ci.config.yaml @@ -0,0 +1,37 @@ +# pipeline feature flags obsolete (Bash Scripts) +jfrog.sh: + enabled: true #false + +# pipeline feature flags +yamllint: # not implemented yet! + enable: false +helm-docs: + enable: true # default is true, even if you do NOT declare this feature flag! + options: + --badge-style: "flat-square" # badge style to use for charts (default "flat-square") + --document-dependency-values: true # For charts with dependencies, include the dependency values in the chart values documentation + --documentation-strict-mode: false # Fail the generation of docs if there are undocumented values + --skip-version-footer: false # if true the helm-docs version footer will not be shown in the default README template + --sort-values-order: "file" # order in which to sort the values table ("alphanum" or "file") (default "alphanum") + --output-file: "README.md" # markdown file path relative to each chart directory to which rendered documentation will be written (default "README.md") +helm-chart-linting: + enable: true # default is true, even if you do NOT declare this feature flag! + options: + --strict: true # fail on lint warnings (default true) + --with-subcharts: false # lint dependent charts (default true) +helm-chart-validation: + enable: true # default is true, even if you do NOT declare this feature flag! + options: + --skip-crds: false # if set, no CRDs will be installed. By default, CRDs are installed if not already present (default false) + --skip-tests: false # skip tests from templated output (default false) + --include-crds: false # include CRDs in the templated output (default false) + --debug: false # enable verbose output (default false) + --dependency-update: true # update dependencies if they are missing before installing the chart (default true) +helm-chart-version-bump: + enable: true +helm-chart-dependency-update: + enable: true +k8s-manifest-templating: + enable: true + options: + --skip-crds: true # if set, no CRDs will be installed. By default, CRDs are installed if not already present (default true) \ No newline at end of file diff --git a/helm/charts/test-custom-chart/.helmignore b/helm/charts/test-custom-chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/charts/test-custom-chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/charts/test-custom-chart/Chart.yaml b/helm/charts/test-custom-chart/Chart.yaml new file mode 100644 index 0000000..c5081d4 --- /dev/null +++ b/helm/charts/test-custom-chart/Chart.yaml @@ -0,0 +1,33 @@ +apiVersion: v2 +name: test-custom-chart +description: A Helm chart to test github action and workflows. NOTHING MORE! +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.8 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" +dependencies: + # see https://helm.sh/docs/helm/helm_dependency/#synopsis + - name: sap-btp-services + version: ~0.x.x + repository: "file://../mcp/sap-btp-services" +# The URL of this projects home page (optional) +home: "https://github.com/openmcp-project/blueprint-building-blocks" +# A list of URLs to source code for this project (optional) +sources: + - https://github.com/openmcp-project/blueprint-building-blocks +# Whether this chart is deprecated (optional, boolean) +deprecated: false diff --git a/helm/charts/test-custom-chart/README.md b/helm/charts/test-custom-chart/README.md new file mode 100644 index 0000000..165c3df --- /dev/null +++ b/helm/charts/test-custom-chart/README.md @@ -0,0 +1,83 @@ + + +# test-custom-chart + +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +A Helm chart to test github action and workflows. NOTHING MORE! + +**Homepage:** + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| file://../mcp/sap-btp-services | sap-btp-services | ~0.x.x | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| sap-btp-services.services[0].name | string | `"identityApplication"` | | +| sap-btp-services.services[0].namespace | string | `"default"` | | +| sap-btp-services.services[0].instance.name | string | `"ketos-op-cluster-ias"` | | +| sap-btp-services.services[0].instance.serviceOfferingName | string | `"identity"` | | +| sap-btp-services.services[0].instance.servicePlanName | string | `"application"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[0] | string | `"https://*.../oauth2/callback"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[1] | string | `"https://*.../callback"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[2] | string | `"https://*.../*"` | | +| sap-btp-services.services[0].instance.parameters.consumed-apis | list | `[]` | | +| sap-btp-services.services[0].instance.parameters.display-name | string | `""` | | +| sap-btp-services.services[0].instance.parameters.multi-tenant | bool | `true` | | +| sap-btp-services.services[0].instance.parameters.xsuaa-cross-consumption | bool | `true` | | +| sap-btp-services.services[0].bindings[0].name | string | `"ketos-op-cluster-ias"` | | +| sap-btp-services.services[0].bindings[0].secretName | string | `"btp-ias"` | | +| sap-btp-services.services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotationFrequency | string | `"480h"` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotatedBindingTTL | string | `"2h"` | | +| replicaCount | int | `1` | replication count | +| image.repository | string | `"nginx"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| nameOverride | string | `""` | name override | +| fullnameOverride | string | `""` | full name override | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.name | string | `""` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| securityContext | object | `{}` | | +| service.type | string | `"ClusterIP"` | | +| service.port | int | `80` | | +| ingress.enabled | bool | `false` | | +| ingress.className | string | `""` | | +| ingress.annotations | object | `{}` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| resources | object | `{}` | | +| livenessProbe.httpGet.path | string | `"/"` | | +| livenessProbe.httpGet.port | string | `"http"` | | +| readinessProbe.httpGet.path | string | `"/"` | | +| readinessProbe.httpGet.port | string | `"http"` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| volumes | list | `[]` | | +| volumeMounts | list | `[]` | | +| nodeSelector | object | `{}` | | +| tolerations | list | `[]` | | +| affinity | object | `{}` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file diff --git a/helm/charts/test-custom-chart/templates/NOTES.txt b/helm/charts/test-custom-chart/templates/NOTES.txt new file mode 100644 index 0000000..d10e6ce --- /dev/null +++ b/helm/charts/test-custom-chart/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "custom-chart.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "custom-chart.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "custom-chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "custom-chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/_helpers.tpl b/helm/charts/test-custom-chart/templates/_helpers.tpl new file mode 100644 index 0000000..75c1c9d --- /dev/null +++ b/helm/charts/test-custom-chart/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "custom-chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "custom-chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "custom-chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "custom-chart.labels" -}} +helm.sh/chart: {{ include "custom-chart.chart" . }} +{{ include "custom-chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom-chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "custom-chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "custom-chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "custom-chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/deployment.yaml b/helm/charts/test-custom-chart/templates/deployment.yaml new file mode 100644 index 0000000..5d9945b --- /dev/null +++ b/helm/charts/test-custom-chart/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "custom-chart.fullname" . }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "custom-chart.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "custom-chart.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "custom-chart.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/charts/test-custom-chart/templates/hpa.yaml b/helm/charts/test-custom-chart/templates/hpa.yaml new file mode 100644 index 0000000..8c375c9 --- /dev/null +++ b/helm/charts/test-custom-chart/templates/hpa.yaml @@ -0,0 +1,34 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "custom-chart.fullname" . }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "custom-chart.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/ingress.yaml b/helm/charts/test-custom-chart/templates/ingress.yaml new file mode 100644 index 0000000..566cc82 --- /dev/null +++ b/helm/charts/test-custom-chart/templates/ingress.yaml @@ -0,0 +1,63 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "custom-chart.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/service.yaml b/helm/charts/test-custom-chart/templates/service.yaml new file mode 100644 index 0000000..a25454a --- /dev/null +++ b/helm/charts/test-custom-chart/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "custom-chart.fullname" . }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "custom-chart.selectorLabels" . | nindent 4 }} diff --git a/helm/charts/test-custom-chart/templates/serviceaccount.yaml b/helm/charts/test-custom-chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..59164a2 --- /dev/null +++ b/helm/charts/test-custom-chart/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "custom-chart.serviceAccountName" . }} + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/charts/test-custom-chart/templates/tests/test-connection.yaml b/helm/charts/test-custom-chart/templates/tests/test-connection.yaml new file mode 100644 index 0000000..d7ba2da --- /dev/null +++ b/helm/charts/test-custom-chart/templates/tests/test-connection.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "custom-chart.fullname" . }}-test-connection" + labels: + openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}" + openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}" + {{- include "custom-chart.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "custom-chart.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/charts/test-custom-chart/values.yaml b/helm/charts/test-custom-chart/values.yaml new file mode 100644 index 0000000..d20daa7 --- /dev/null +++ b/helm/charts/test-custom-chart/values.yaml @@ -0,0 +1,136 @@ +# Default values for custom-chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +sap-btp-services: + services: + - name: "identityApplication" + namespace: "default" + instance: + name: "ketos-op-cluster-ias" + serviceOfferingName: "identity" + servicePlanName: "application" + parameters: + oauth2-configuration: + redirect-uris: + - "https://*.../oauth2/callback" + - "https://*.../callback" + - "https://*.../*" + consumed-apis: [] + display-name: "" + multi-tenant: true + xsuaa-cross-consumption: true + bindings: + - name: "ketos-op-cluster-ias" + secretName: "btp-ias" + parameters: + credential-type: SECRET + credentialsRotationPolicy: + enabled: true + rotationFrequency: 480h + rotatedBindingTTL: 2h +# -- replication count +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +# -- name override +nameOverride: "" +# -- full name override +fullnameOverride: "" + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: / + port: http +readinessProbe: + httpGet: + path: / + port: http + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml new file mode 100644 index 0000000..d8a7b1e --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml @@ -0,0 +1,19 @@ +--- +# Source: test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml +apiVersion: services.cloud.sap.com/v1alpha1 +kind: ServiceBinding +metadata: + name: ketos-op-cluster-ias + namespace: default + labels: + openmcp.cloud/blueprint-building-block: "sap-btp-services" + openmcp.cloud/blueprint-building-block-version: "0.0.9" +spec: + serviceInstanceName: ketos-op-cluster-ias + secretName: btp-ias + parameters: + credential-type: SECRET + credentialsRotationPolicy: + enabled: true + rotatedBindingTTL: 2h + rotationFrequency: 480h diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml new file mode 100644 index 0000000..b3fd306 --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml @@ -0,0 +1,23 @@ +--- +# Source: test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml +apiVersion: services.cloud.sap.com/v1alpha1 +kind: ServiceInstance +metadata: + name: ketos-op-cluster-ias + namespace: default + labels: + openmcp.cloud/blueprint-building-block: "sap-btp-services" + openmcp.cloud/blueprint-building-block-version: "0.0.9" +spec: + serviceOfferingName: identity + servicePlanName: application + parameters: + consumed-apis: [] + display-name: "" + multi-tenant: true + oauth2-configuration: + redirect-uris: + - https://*.../oauth2/callback + - https://*.../callback + - https://*.../* + xsuaa-cross-consumption: true diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml new file mode 100644 index 0000000..47476eb --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml @@ -0,0 +1,52 @@ +--- +# Source: test-custom-chart/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helm-release-name-test-custom-chart + labels: + openmcp.cloud/blueprint-building-block: "test-custom-chart" + openmcp.cloud/blueprint-building-block-version: "0.0.8" + helm.sh/chart: test-custom-chart-0.0.8 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + template: + metadata: + labels: + helm.sh/chart: test-custom-chart-0.0.8 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm + spec: + serviceAccountName: helm-release-name-test-custom-chart + securityContext: + {} + containers: + - name: test-custom-chart + securityContext: + {} + image: "nginx:1.16.0" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {} diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml new file mode 100644 index 0000000..175bd22 --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml @@ -0,0 +1,24 @@ +--- +# Source: test-custom-chart/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: helm-release-name-test-custom-chart + labels: + openmcp.cloud/blueprint-building-block: "test-custom-chart" + openmcp.cloud/blueprint-building-block-version: "0.0.8" + helm.sh/chart: test-custom-chart-0.0.8 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..e385714 --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +--- +# Source: test-custom-chart/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: helm-release-name-test-custom-chart + labels: + openmcp.cloud/blueprint-building-block: "test-custom-chart" + openmcp.cloud/blueprint-building-block-version: "0.0.8" + helm.sh/chart: test-custom-chart-0.0.8 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml new file mode 100644 index 0000000..d002308 --- /dev/null +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml @@ -0,0 +1,23 @@ +--- +# Source: test-custom-chart/templates/tests/test-connection.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "helm-release-name-test-custom-chart-test-connection" + labels: + openmcp.cloud/blueprint-building-block: "test-custom-chart" + openmcp.cloud/blueprint-building-block-version: "0.0.8" + helm.sh/chart: test-custom-chart-0.0.8 + app.kubernetes.io/name: test-custom-chart + app.kubernetes.io/instance: helm-release-name + app.kubernetes.io/version: "1.16.0" + app.kubernetes.io/managed-by: Helm + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['helm-release-name-test-custom-chart:80'] + restartPolicy: Never diff --git a/scripts/ci/git-tags-rename.sh b/scripts/ci/git-tags-rename.sh new file mode 100755 index 0000000..9f7abd0 --- /dev/null +++ b/scripts/ci/git-tags-rename.sh @@ -0,0 +1,27 @@ +#!/bin/bash +################################################################### +#Script Name : Renaming Git Tags +#Description : Renames Git Tags with "/" to "-" +#Args : - +#Hint : This script is not meant for any pipeline just for cleanup! +################################################################### +# Fetch all tags from the remote +git fetch --tags + +# Get all tags +tags=$(git tag) + +# Loop through each tag +for tag in $tags; do + # Check if the tag contains "/" + if [[ "$tag" == *"/"* ]]; then + # Replace "/" with "-" + new_tag=$(echo "$tag" | tr '/' '-') + echo "new: $new_tag old: $tag" + # Rename the tag + git tag "$new_tag" "$tag" + git tag -d "$tag" + git push origin :"$tag" + git push origin "$new_tag" + fi +done diff --git a/scripts/ci/github-releases-delete.sh b/scripts/ci/github-releases-delete.sh new file mode 100755 index 0000000..8970c5b --- /dev/null +++ b/scripts/ci/github-releases-delete.sh @@ -0,0 +1,40 @@ +#!/bin/bash +################################################################### +# Script Name : github-releases-delete.sh +# Description : This script deletes all GitHub releases in a repository. +# Args : --limit (optional) - The maximum number of releases to fetch. +################################################################### + +# Default limit +LIMIT=100 + +# Parse optional arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + --limit) + LIMIT="$2" + shift + ;; + *) + echo "Unknown parameter passed: $1" + exit 1 + ;; + esac + shift +done + +# Ensure the GitHub CLI is authenticated +gh auth login --with-token <(echo "$GITHUB_TOKEN") + +echo "Fetch all releases (limit: $LIMIT)..." +releases=$(gh release list --limit "$LIMIT" --json tagName --jq '.[].tagName') + +# Loop through each release and delete it +count=0 +for release in $releases; do + echo "Deleting release: $release" + gh release delete "$release" --yes + count=$((count + 1)) +done + +echo "All $count releases have been deleted." diff --git a/scripts/ci/shellcheck-install.sh b/scripts/ci/shellcheck-install.sh new file mode 100755 index 0000000..66558b9 --- /dev/null +++ b/scripts/ci/shellcheck-install.sh @@ -0,0 +1,37 @@ +#!/bin/bash +################################################################### +#Script Name : Shell Check +#Description : Validates Bash / Shell Scripts +#Args : - +#Hint : execute this script from github repository root! +################################################################### +cmd="shellcheck" +################################################################### +# https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-commands-for-github-actions#example-grouping-log-lines +echo "::group:: $(pwd)" + +if [ -n "$GITHUB_WORKSPACE" ]; then + cd "${GITHUB_WORKSPACE}" || exit + cmd="./shellcheck-v${VERSION}/${cmd}" + + if [ -z "${VERSION}" ]; then + echo "::error file={.github/workflows/shellcheck.yaml},line={1},endLine={1},title=Setup::env.VERSION needs to be set!" + echo "::endgroup::" + exit 1 + fi + + if ! curl -sLO "https://github.com/koalaman/shellcheck/releases/download/v${VERSION}/shellcheck-v${VERSION}.linux.x86_64.tar.xz"; then + echo "::error file={.github/workflows/shellcheck.yaml},line={1},endLine={1},title=Setup::ERROR downloading https://github.com/koalaman/shellcheck/releases/download/v${VERSION}/shellcheck-v${VERSION}.linux.x86_64.tar.xz!" + echo "::endgroup::" + exit 1 + fi + + if ! tar -xf "shellcheck-v${VERSION}.linux.x86_64.tar.xz"; then + echo "::error file={.github/workflows/shellcheck.yaml},line={1},endLine={1},title=Setup::ERROR unpacking shellcheck-v${VERSION}.linux.x86_64.tar.xz!" + echo "::endgroup::" + exit 1 + fi +fi +echo "\$ ${cmd} -V" +${cmd} -V +echo "::endgroup::" \ No newline at end of file diff --git a/scripts/ci/shellcheck.sh b/scripts/ci/shellcheck.sh new file mode 100755 index 0000000..c334774 --- /dev/null +++ b/scripts/ci/shellcheck.sh @@ -0,0 +1,69 @@ +#!/bin/bash +################################################################### +#Script Name : Shell Check +#Description : Validates Bash / Shell Scripts +#Args : - +#Hint : execute this script from github repository root! +################################################################### +# shellcheck disable=SC1091 +source "$(pwd)/.github/actions/shared-variables.sh" +declare resultPwd newLineString exitCode msgEverythingIsFine + +set +e +echo "The script you are running has:" +echo "basename: [$(basename "$0")]" +echo "dirname : [$(dirname "$0")]" +echo "pwd : [$(pwd)]" + +cmd="shellcheck" +################################################################### +resultPwd=$(pwd) +if [ -n "$GITHUB_WORKSPACE" ]; then + cmd="./shellcheck-v${VERSION}/${cmd}" +fi +################################################################### +declare -a filesToRemove=("spellcheck-parsable.txt") +REMOVE_FILES_IF_EXISTS "$resultPwd" "${filesToRemove[@]}" + +################################################################### +for dir in $(find . -type f -name '*.sh' | sed -r 's|/[^/]+$||' | sort | uniq); do + cmdFat="${cmd} ${dir}/*.sh -a" + { + echo "$newLineString" + echo "Use command to run this check on your local machine!" + echo -e "$cmdFat\n" + } >> "${resultPwd}/pr-status-check-human-friendly.txt" + + echo "\$ $cmdFat" + eval "$cmdFat" >>"${resultPwd}/pr-status-check-human-friendly.txt" + tempQ=$? + if [ $tempQ != 0 ]; then + exitCode=$tempQ + jsonResult=$( ${cmd} "${dir}"/*.sh -f json -a ) + echo "$jsonResult" >> "spellcheck-parsable.txt" 2>&1 + + jq -c '.[]' <<< "$jsonResult" | while read -r i; do + # shellcheck disable=SC2001 + i=$( sed 's/"""/""/g' <<< "$i" ) + + file=$(jq -r '.file' <<< "$i"); + file=$( sed -r 's/\.\///g' <<< "$file" ) + line=$(jq -r '.line' <<< "$i"); + endLine=$(jq -r '.endLine' <<< "$i"); + level=$(jq -r '.level' <<< "$i"); + message=$(jq -r '.message' <<< "$i"); + + case $level in + info | style) + level="notice" + ;; + esac + echo "::${level} file=$file,line=$line,endLine=$endLine::$message" >> "${resultPwd}/github-workflow-commands.txt" + done + else + echo "$msgEverythingIsFine" >> "${resultPwd}/pr-status-check-human-friendly.txt" + fi + +done +exit "$exitCode" +################################################################### \ No newline at end of file diff --git a/scripts/ci/test-parse-yamllint-output.sh b/scripts/ci/test-parse-yamllint-output.sh new file mode 100755 index 0000000..b510a78 --- /dev/null +++ b/scripts/ci/test-parse-yamllint-output.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# helm-template-app-in-app.yaml +# 25:12 error trailing spaces (trailing-spaces) +# 32:16 warning too few spaces before comment (comments) +# 33:19 warning too few spaces before comment (comments) +# 34:22 warning too few spaces before comment (comments) +while read -r item +do + #echo "${item}" + # Set comma as delimiter + IFS=':' + #Read the split words into an array based on comma delimiter + read -ra strarr <<< "${item}" + msg=$(sed -E 's/^\s+//' <<<"${strarr[3]}") + #echo ${strarr[0]} ${strarr[1]} ${strarr[2]} ${strarr[3]} + line=${strarr[1]} + file=${strarr[0]} + if [ "$line" == 1 ]; then + helmChartFile=$(eval head "$file" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11-) + helmChartLine=$line + else + helmChartFile=$(eval head -"${line}" "$file" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11-) + startLine=$(eval head -"${line}" "$file" | grep "# Source:" --line-number | tac | awk '{print;exit}' | cut -d : -f 1) + # shellcheck disable=SC2003 + helmChartLine=$(expr "$line" - "$startLine") + fi + if [[ "$helmChartFile" == *"/charts/"* ]]; then + continue + fi + level=$(awk '{ sub(/.*\[/, ""); sub(/\].*/, ""); print }' <<< "$msg") + echo "$level Helm Chart File $helmChartFile Line ${helmChartLine} ($line - $startLine):${msg}" + #echo "::${level} file=helm/charts/$helmChartFile,line=$helmChartLine,endLine=$helmChartLine::$msg" + #echo "--------------------------------------" +done < "yamllint-parsable.txt" + diff --git a/scripts/ci/yamllint.sh b/scripts/ci/yamllint.sh new file mode 100755 index 0000000..4efd7f8 --- /dev/null +++ b/scripts/ci/yamllint.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +################################################################### +#script name : yamllint +#description : Install tac "brew install coreutils" +# +#args : - +################################################################### +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +# shellcheck disable=SC1091 +source "$SCRIPT_DIR"/shared-variables.sh +declare resultPwd newLineString helmChartListTemplatedManifestsFileName exitCode msgHelpStart msgEverythingIsFine + +set +e +echo "$newLineString" +echo "The script you are running has:" +echo "basename: [$(basename "$0")]" +echo "dirname : [$(dirname "$0")]" +echo "pwd : [$(pwd)]" +echo "bash -v : [$(/bin/bash --version)]" +# https://github.com/zegl/yamllint +cmd="yamllint" +################################################################### +# Check if run in Github Action Runner +if [ -n "$GITHUB_WORKSPACE" ]; then + cmd="/home/runner/.local/bin/${cmd}" + + python -m build + + if ! pip install --user "${GITHUB_WORKSPACE}/scripts/ci/yamllint-1.32.0.tar"; then + echo "!!! ERROR installing yamllint !!!" + exit 1 + fi + +fi +################################################################### +echo "$newLineString" +echo "\$ ${cmd} -v" +${cmd} -v +echo "$newLineString" +################################################################### +declare -a filesToRemove=("yamllint-parsable.txt") +REMOVE_FILES_IF_EXISTS "$resultPwd" "${filesToRemove[@]}" + +ASSERT_FILE_EXISTS_WITH_MSG "$resultPwd" "$helmChartListTemplatedManifestsFileName" "Run helm-chart-listing.sh first!!" + +echo -e "$msgHelpStart && $(dirname "$0")/$(basename "$0")" >> "${resultPwd}/pr-status-check-human-friendly.txt" + +while read -r helmManifestFile +do + + cmdFat="$cmd $helmManifestFile -c .github/.yamllint.config.yaml --strict -f standard" + echo "\$ $cmdFat" + eval "$cmdFat" + tempQ=$? + if [ $tempQ != 0 ]; then + + { + echo "$newLineString" + echo "Use command to run this check on your local machine!" + echo -e "$cmdFat\n" + } >> "${resultPwd}/pr-status-check-human-friendly.txt" + + parsableResult=$(eval ${cmd} "${helmManifestFile}" -c .github/.yamllint.config.yaml --strict -f parsable) + while read -r item + do + #Read the split words into an array based on comma delimiter + IFS=':' ; read -ra strarr <<< "$item" + msg=$(sed -E 's/^\s+//' <<<"${strarr[3]}") + line=${strarr[1]} + file=${strarr[0]} + if [ "$line" == 1 ]; then + # eval head "helm-template-cloud-orchestration-control-plane.yaml" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11- + helmChartFile=$(eval head "$file" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11-) + helmChartLine=$line + else + helmChartFile=$(eval head -"${line}" "$file" | grep "# Source:" | tac | awk '{print;exit}' | cut -c11-) + startLine=$(eval head -"${line}" "$file" | grep "# Source:" --line-number | tac | awk '{print;exit}' | cut -d : -f 1) + # shellcheck disable=SC2003 + helmChartLine=$(expr "$line" - "$startLine") + fi + if [[ "$helmChartFile" == *"/charts/"* ]]; then + echo "$msgEverythingIsFine for $helmChartFile" >> "${resultPwd}/pr-status-check-human-friendly.txt" + continue + fi + level=$(awk '{ sub(/.*\[/, ""); sub(/\].*/, ""); print }' <<< "$msg") + echo "file: $helmChartFile line:≈±${helmChartLine} - ${msg}" >> "${resultPwd}/pr-status-check-human-friendly.txt" + echo "file: $file line:${line} - ${msg}" >> "${resultPwd}/pr-status-check-human-friendly.txt" + echo "::${level} file=helm/charts/$helmChartFile,line=$helmChartLine,endLine=$helmChartLine::$msg" >> "${resultPwd}/github-workflow-commands.txt" + exitCode=$tempQ + done <<< "${parsableResult}" + echo "${parsableResult}" >> "${resultPwd}/yamllint-parsable.txt" + fi + + echo "$newLineString" + +done < "${helmChartListTemplatedManifestsFileName}" +exit "$exitCode" +################################################################### \ No newline at end of file From 5612fa692dd92f7d7865fb9ceeae6a008ae6b972 Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Mon, 24 Mar 2025 14:58:08 +0100 Subject: [PATCH 04/94] Updated Release Charts workflow --- .github/workflows/gh-pages-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml index f0138d4..b9d96fb 100644 --- a/.github/workflows/gh-pages-release.yml +++ b/.github/workflows/gh-pages-release.yml @@ -23,5 +23,7 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.7.0 + with: + chart_dir: helm/charts/mcp env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file From 46d008c8d6e89adc2174cbc71e1a86a62e95a14a Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Mon, 24 Mar 2025 15:19:19 +0100 Subject: [PATCH 05/94] Updated Release Charts workflow --- .github/workflows/gh-pages-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml index b9d96fb..177dcb6 100644 --- a/.github/workflows/gh-pages-release.yml +++ b/.github/workflows/gh-pages-release.yml @@ -24,6 +24,6 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.7.0 with: - chart_dir: helm/charts/mcp + charts_dir: helm/charts/mcp env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file From 057bb7def02e631dcd24e3601d42d1e7676f42d7 Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Wed, 2 Apr 2025 10:17:39 +0200 Subject: [PATCH 06/94] Added push to OCI to the release workflow (#2) --- .github/workflows/gh-pages-release.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml index 177dcb6..d1ec965 100644 --- a/.github/workflows/gh-pages-release.yml +++ b/.github/workflows/gh-pages-release.yml @@ -26,4 +26,9 @@ jobs: with: charts_dir: helm/charts/mcp env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Upload to OCI-based registry + run: | + helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} + find .cr-release-packages/ -name *.tgz -exec helm push oci://ghcr.io/openmcp-project {} \; From a61c8ae3c1a0776d155aa9ce613df8d77bc3fd96 Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Wed, 2 Apr 2025 11:17:36 +0200 Subject: [PATCH 07/94] Fix push release to OCI --- .github/workflows/gh-pages-release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml index d1ec965..d950d5e 100644 --- a/.github/workflows/gh-pages-release.yml +++ b/.github/workflows/gh-pages-release.yml @@ -30,5 +30,7 @@ jobs: - name: Upload to OCI-based registry run: | - helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} - find .cr-release-packages/ -name *.tgz -exec helm push oci://ghcr.io/openmcp-project {} \; + if [ -d ".cr-release-packages" ]; then + helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} + find .cr-release-packages/ -name *.tgz -exec helm push {} oci://ghcr.io/openmcp-project \; + fi From 01c3a886133e22331e2dbc0a2380bd5f4b3d1898 Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Wed, 2 Apr 2025 11:54:17 +0200 Subject: [PATCH 08/94] Update gh-pages-release.yml permissions --- .github/workflows/gh-pages-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml index d950d5e..571495d 100644 --- a/.github/workflows/gh-pages-release.yml +++ b/.github/workflows/gh-pages-release.yml @@ -9,6 +9,7 @@ jobs: release: permissions: contents: write + packages: write runs-on: ubuntu-latest steps: - name: Checkout From 826c9eb94e39bae27858453c0123032e8bb6bf0c Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Thu, 3 Apr 2025 12:43:19 +0200 Subject: [PATCH 09/94] Release pipeline now includes test-custom-chart --- .github/workflows/gh-pages-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml index 571495d..72d7604 100644 --- a/.github/workflows/gh-pages-release.yml +++ b/.github/workflows/gh-pages-release.yml @@ -25,7 +25,7 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.7.0 with: - charts_dir: helm/charts/mcp + charts_dir: helm/charts env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From ab092e6016424ae2fd0beae6bb84ca084412a16c Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Thu, 3 Apr 2025 13:12:06 +0200 Subject: [PATCH 10/94] Update README.md in test-custom-chart --- helm/charts/test-custom-chart/README.md | 94 ++++++++++++------------- 1 file changed, 45 insertions(+), 49 deletions(-) diff --git a/helm/charts/test-custom-chart/README.md b/helm/charts/test-custom-chart/README.md index 165c3df..f7dee73 100644 --- a/helm/charts/test-custom-chart/README.md +++ b/helm/charts/test-custom-chart/README.md @@ -1,16 +1,14 @@ - - # test-custom-chart ![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) A Helm chart to test github action and workflows. NOTHING MORE! -**Homepage:** +**Homepage:** ## Source Code -* +* ## Requirements @@ -22,62 +20,60 @@ A Helm chart to test github action and workflows. NOTHING MORE! | Key | Type | Default | Description | |-----|------|---------|-------------| -| sap-btp-services.services[0].name | string | `"identityApplication"` | | -| sap-btp-services.services[0].namespace | string | `"default"` | | -| sap-btp-services.services[0].instance.name | string | `"ketos-op-cluster-ias"` | | -| sap-btp-services.services[0].instance.serviceOfferingName | string | `"identity"` | | -| sap-btp-services.services[0].instance.servicePlanName | string | `"application"` | | -| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[0] | string | `"https://*.../oauth2/callback"` | | -| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[1] | string | `"https://*.../callback"` | | -| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[2] | string | `"https://*.../*"` | | -| sap-btp-services.services[0].instance.parameters.consumed-apis | list | `[]` | | -| sap-btp-services.services[0].instance.parameters.display-name | string | `""` | | -| sap-btp-services.services[0].instance.parameters.multi-tenant | bool | `true` | | -| sap-btp-services.services[0].instance.parameters.xsuaa-cross-consumption | bool | `true` | | -| sap-btp-services.services[0].bindings[0].name | string | `"ketos-op-cluster-ias"` | | -| sap-btp-services.services[0].bindings[0].secretName | string | `"btp-ias"` | | -| sap-btp-services.services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | -| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | -| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotationFrequency | string | `"480h"` | | -| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotatedBindingTTL | string | `"2h"` | | -| replicaCount | int | `1` | replication count | -| image.repository | string | `"nginx"` | | +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| fullnameOverride | string | `""` | full name override | | image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"nginx"` | | | image.tag | string | `""` | | | imagePullSecrets | list | `[]` | | -| nameOverride | string | `""` | name override | -| fullnameOverride | string | `""` | full name override | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.name | string | `""` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | -| securityContext | object | `{}` | | -| service.type | string | `"ClusterIP"` | | -| service.port | int | `80` | | -| ingress.enabled | bool | `false` | | -| ingress.className | string | `""` | | | ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | | ingress.hosts[0].host | string | `"chart-example.local"` | | | ingress.hosts[0].paths[0].path | string | `"/"` | | | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | | ingress.tls | list | `[]` | | -| resources | object | `{}` | | | livenessProbe.httpGet.path | string | `"/"` | | | livenessProbe.httpGet.port | string | `"http"` | | +| nameOverride | string | `""` | name override | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | | readinessProbe.httpGet.path | string | `"/"` | | | readinessProbe.httpGet.port | string | `"http"` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| volumes | list | `[]` | | -| volumeMounts | list | `[]` | | -| nodeSelector | object | `{}` | | +| replicaCount | int | `1` | replication count | +| resources | object | `{}` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotatedBindingTTL | string | `"2h"` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotationFrequency | string | `"480h"` | | +| sap-btp-services.services[0].bindings[0].name | string | `"ketos-op-cluster-ias"` | | +| sap-btp-services.services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | +| sap-btp-services.services[0].bindings[0].secretName | string | `"btp-ias"` | | +| sap-btp-services.services[0].instance.name | string | `"ketos-op-cluster-ias"` | | +| sap-btp-services.services[0].instance.parameters.consumed-apis | list | `[]` | | +| sap-btp-services.services[0].instance.parameters.display-name | string | `""` | | +| sap-btp-services.services[0].instance.parameters.multi-tenant | bool | `true` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[0] | string | `"https://*.../oauth2/callback"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[1] | string | `"https://*.../callback"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[2] | string | `"https://*.../*"` | | +| sap-btp-services.services[0].instance.parameters.xsuaa-cross-consumption | bool | `true` | | +| sap-btp-services.services[0].instance.serviceOfferingName | string | `"identity"` | | +| sap-btp-services.services[0].instance.servicePlanName | string | `"application"` | | +| sap-btp-services.services[0].name | string | `"identityApplication"` | | +| sap-btp-services.services[0].namespace | string | `"default"` | | +| securityContext | object | `{}` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | -| affinity | object | `{}` | | +| volumeMounts | list | `[]` | | +| volumes | list | `[]` | | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file From db2cde00683f8ec955d78ae8b33656ad3dac1f2b Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Fri, 11 Apr 2025 13:40:44 +0200 Subject: [PATCH 11/94] Updating values.ci and updating PR workflow --- .github/workflows/git-pr-status-checks.yml | 24 ++++++++++--- .../values.ci.yaml | 36 +++++++++---------- .../values.ci.yaml | 28 +++++++-------- .../values.ci.yaml | 22 ++++++------ .../values.ci.yaml | 16 ++++----- .../values.ci.yaml | 12 +++---- .../values.ci.yaml | 8 ++--- .../external-secrets-config/values.ci.yaml | 30 ++++++++-------- .../mcp/external-secrets-config/values.yaml | 12 +++---- 9 files changed, 101 insertions(+), 87 deletions(-) diff --git a/.github/workflows/git-pr-status-checks.yml b/.github/workflows/git-pr-status-checks.yml index 1b640f3..827f981 100644 --- a/.github/workflows/git-pr-status-checks.yml +++ b/.github/workflows/git-pr-status-checks.yml @@ -1,13 +1,27 @@ -name: PR Status Checks +name: Git PR Status Checks on: - workflow_call: {} + pull_request: {} concurrency: - group: building-blocks-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true +permissions: + pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write + jobs: pr-status-check: - uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@main" - secrets: inherit \ No newline at end of file + uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@chore/os_preparations" + with: + HELM_OCI_REGISTRY: 'ghcr.io' + BUILDING_BLOCKS_GIT_REPO_URL: 'https://github.com/openmcp-project/blueprint-building-blocks.git' + secrets: + HELM_REPO_USERNAME: "${{ secrets.GITHUB_TOKEN }}" + HELM_REPO_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + BUILDING_BLOCKS_GIT_REPO_TOKEN: "" #"${{ secrets.ORG_REPO_TOKEN }}" diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml index af99abd..8490c8c 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml @@ -28,7 +28,7 @@ compositions: enableDnsHostnames: true enableDnsSupport: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: vpc patches: - patchSetName: common-parameters @@ -47,7 +47,7 @@ compositions: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: internetgateway patches: - patchSetName: common-parameters @@ -65,7 +65,7 @@ compositions: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: subnet-public-1 patches: - patchSetName: common-parameters @@ -92,7 +92,7 @@ compositions: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: subnet-public-2 patches: - patchSetName: common-parameters @@ -119,7 +119,7 @@ compositions: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: subnet-private-1 patches: - patchSetName: common-parameters @@ -146,7 +146,7 @@ compositions: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: subnet-private-2 patches: - patchSetName: common-parameters @@ -170,7 +170,7 @@ compositions: forProvider: domain: vpc providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: elastic-ip-1 patches: - patchSetName: common-parameters @@ -185,7 +185,7 @@ compositions: forProvider: domain: vpc providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: elastic-ip-2 patches: - patchSetName: common-parameters @@ -206,7 +206,7 @@ compositions: type: subnet visibility: public providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: natgateway-1 patches: - patchSetName: common-parameters @@ -230,7 +230,7 @@ compositions: type: subnet visibility: public providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: natgateway-2 patches: - patchSetName: common-parameters @@ -247,7 +247,7 @@ compositions: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: routetable-public patches: - patchSetName: common-parameters @@ -261,7 +261,7 @@ compositions: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: routetable-private-1 patches: - patchSetName: common-parameters @@ -275,7 +275,7 @@ compositions: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: routetable-private-2 patches: - patchSetName: common-parameters @@ -285,7 +285,7 @@ compositions: kind: Cluster spec: providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws forProvider: vpcConfig: - endpointPrivateAccess: false @@ -296,7 +296,7 @@ compositions: visibility: private writeConnectionSecretToRef: namespace: crossplane-system - name: clops-dev-us-connection-secret + name: dev-us-connection-secret connectionDetails: - fromConnectionSecretKey: kubeconfig name: kubeconfig-value @@ -338,7 +338,7 @@ compositions: ] } providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: role - base: apiVersion: iam.aws.upbound.io/v1beta1 @@ -349,7 +349,7 @@ compositions: matchControllerRef: true policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: rolePolicyAttachment - base: apiVersion: eks.aws.upbound.io/v1beta1 @@ -368,7 +368,7 @@ compositions: type: subnet visibility: private providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws name: eks-nodegroup patches: - patchSetName: common-parameters diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml index d61fa4a..32c5966 100644 --- a/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/values.ci.yaml @@ -3,7 +3,7 @@ ###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### ######################################################################################################################## eips: - - name: "clops-dev-us-ekscluster" + - name: "dev-us-ekscluster" labels: {} annotations: {} ownerReferences: {} @@ -13,8 +13,8 @@ eips: omain: vpc region: us-west-2 providerConfigRef: - name: clops-dev-us-aws - - name: "clops-dev-us-ekscluster-2" + name: dev-us-aws + - name: "dev-us-ekscluster-2" labels: {} annotations: {} ownerReferences: {} @@ -24,10 +24,10 @@ eips: omain: vpc region: us-west-2 providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws # -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/InternetGateway/v1beta1 internetGateways: - - name: "clops-dev-us-ekscluster" + - name: "dev-us-ekscluster" labels: {} annotations: {} ownerReferences: {} @@ -38,10 +38,10 @@ internetGateways: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws # -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/NATGateway/v1beta1 natGateways: - - name: "clops-dev-us-ekscluster" + - name: "dev-us-ekscluster" labels: {} annotations: {} ownerReferences: {} @@ -58,10 +58,10 @@ natGateways: visibility: public zone: us-west-2a providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws # -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/RouteTable/v1beta1 routeTables: - - name: "clops-dev-us-ekscluster" + - name: "dev-us-ekscluster" labels: {} annotations: {} ownerReferences: {} @@ -72,10 +72,10 @@ routeTables: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws # -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/Subnet/v1beta1 subnets: - - name: "clops-dev-us-ekscluster" + - name: "dev-us-ekscluster" labels: {} annotations: {} ownerReferences: {} @@ -89,10 +89,10 @@ subnets: vpcIdSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws # -- https://marketplace.upbound.io/providers/upbound/provider-aws-ec2/v1.11.0/resources/ec2.aws.upbound.io/VPC/v1beta1 vpcs: - - name: "clops-dev-us-ekscluster" + - name: "dev-us-ekscluster" labels: {} annotations: {} ownerReferences: {} @@ -104,6 +104,6 @@ vpcs: enableDnsSupport: true region: us-west-2 providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws ######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml index 69082fa..c704368 100644 --- a/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml @@ -3,17 +3,17 @@ ###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### ######################################################################################################################## clusters: - - name: "clops-dev-us-ekscluster" + - name: "dev-us-ekscluster" labels: - crossplane.io/composite: clops-dev-us-ekscluster - crossplane.io/claim-namespace: clops-dev-us + crossplane.io/composite: dev-us-ekscluster + crossplane.io/claim-namespace: dev-us annotations: crossplane.io/composition-resource-name: eks-cluster spec: deletionPolicy: "" forProvider: region: us-west-2 - roleArn: arn:aws:iam::XXXX:role/CLOPS-EKS-Cluster-Role + roleArn: arn:aws:iam::XXXX:role/DEV-EKS-Cluster-Role version: "1.29" vpcConfig: - endpointPrivateAccess: false @@ -23,16 +23,16 @@ clusters: type: subnet visibility: private providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws writeConnectionSecretToRef: - name: clops-dev-us-connection-secret + name: dev-us-connection-secret namespace: crossplane-system publishConnectionDetailsTo: {} nodeGroups: - - name: "clops-dev-us-ekscluster" + - name: "dev-us-ekscluster" labels: - crossplane.io/composite: clops-dev-us-ekscluster - crossplane.io/claim-namespace: clops-dev-us + crossplane.io/composite: dev-us-ekscluster + crossplane.io/claim-namespace: dev-us annotations: crossplane.io/composition-resource-name: eks-nodegroup spec: @@ -43,7 +43,7 @@ nodeGroups: matchControllerRef: true instanceTypes: - t3.medium - nodeRoleArn: arn:aws:iam::XXXX:role/CLOPS-EKS-WorkerNode-Role + nodeRoleArn: arn:aws:iam::XXXX:role/DEV-EKS-WorkerNode-Role region: us-west-2 scalingConfig: - desiredSize: 2 @@ -55,7 +55,7 @@ nodeGroups: type: subnet visibility: private providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws publishConnectionDetailsTo: {} writeConnectionSecretToRef: {} ######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml index 5d32166..c7044ea 100644 --- a/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml @@ -3,10 +3,10 @@ ###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### ######################################################################################################################## roles: -- name: "clops-dev-us-ekscluster" +- name: "dev-us-ekscluster" labels: - crossplane.io/composite: clops-dev-us-ekscluster - crossplane.io/claim-namespace: clops-dev-us + crossplane.io/composite: dev-us-ekscluster + crossplane.io/claim-namespace: dev-us annotations: crossplane.io/composition-resource-name: role spec: @@ -26,14 +26,14 @@ roles: ] } providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws publishConnectionDetailsTo: {} writeConnectionSecretToRef: {} rolePolicyAttachments: -- name: "clops-dev-us-ekscluster" +- name: "dev-us-ekscluster" labels: - crossplane.io/composite: clops-dev-us-ekscluster - crossplane.io/claim-namespace: clops-dev-us + crossplane.io/composite: dev-us-ekscluster + crossplane.io/claim-namespace: dev-us annotations: crossplane.io/composition-resource-name: rolePolicyAttachment spec: @@ -43,7 +43,7 @@ rolePolicyAttachments: roleSelector: matchControllerRef: true providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws publishConnectionDetailsTo: {} writeConnectionSecretToRef: {} policies: diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml index e3b5d88..aec4af6 100644 --- a/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/values.ci.yaml @@ -14,15 +14,15 @@ instances: autoMinorVersionUpgrade: true backupRetentionPeriod: 14 backupWindow: 09:46-10:16 - dbName: clopsdevusdb + dbName: devusdb engine: postgres engineVersion: "16.1" instanceClass: db.t3.micro maintenanceWindow: Mon:00:00-Mon:03:00 passwordSecretRef: key: password - name: clops-dev-us-rds-admin-pw - namespace: clops-dev-us + name: dev-us-rds-admin-pw + namespace: dev-us publiclyAccessible: false region: us-east-1 skipFinalSnapshot: true @@ -30,8 +30,8 @@ instances: storageType: gp2 username: adminuser providerConfigRef: - name: clops-dev-us-aws + name: dev-us-aws writeConnectionSecretToRef: - name: clops-dev-us-rds-connection-details - namespace: clops-dev-us + name: dev-us-rds-connection-details + namespace: dev-us ######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml b/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml index 3eb4c06..62e29b8 100644 --- a/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml @@ -3,11 +3,11 @@ ######################################################################################################################## providerConfigs: kubernetesCrossplane: - - providerConfigRefName: "garden-ketos-co-sa-mcp-test" + - providerConfigRefName: "openmcp-test" credentials: source: "Secret" secretRef: - name: "garden-ketos-co-sa-mcp-test" + name: "openmcp-test" namespace: default key: kubeconfig helmCrossplane: @@ -19,12 +19,12 @@ providerConfigs: name: "gardener-shoot-kubeconfig-steffen-test" key: kubeconfig gardenerOrchestrateCloud: - - providerConfigRefName: "garden-ketos-co-sa-mcp-test" + - providerConfigRefName: "openmcp-test" credentials: source: "Secret" secretRef: namespace: default - name: "garden-ketos-co-sa-mcp-test" + name: "openmcp-test" key: kubeconfig dynatraceOrchestrateCloud: - providerConfigRefName: "providerConfigRefName" diff --git a/helm/charts/mcp/external-secrets-config/values.ci.yaml b/helm/charts/mcp/external-secrets-config/values.ci.yaml index f6fb0ff..51dc7f2 100644 --- a/helm/charts/mcp/external-secrets-config/values.ci.yaml +++ b/helm/charts/mcp/external-secrets-config/values.ci.yaml @@ -3,12 +3,12 @@ ###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### ######################################################################################################################## clusterSecretStores: - - name: "sap-hashicorp-vault-cluster-store" + - name: "hashicorp-vault-cluster-store" controller: "controller" provider: vault: - server: "https://vault.tools.sap/" - namespace: "s4/ketos" + server: "https://vault.example/" + namespace: "ns1" path: "k8s-clusters" version: "v2" auth: @@ -16,11 +16,11 @@ clusterSecretStores: path: "approle" roleId: "cf33bb15" secretRef: - name: "sap-hashicorp-vault-token" + name: "hashicorp-vault-token" key: "token" ######################################################################################################################## clusterExternalSecret: -- name: "garden-ketos-co-sa-mcp-test" +- name: "openmcp-test" externalSecretName: "externalSecretName" refreshTime: "1m" namespaceSelectors: @@ -60,12 +60,12 @@ clusterExternalSecret: property: provider-key-property ######################################################################################################################## secretStores: -- name: "sap-hashicorp-vault" +- name: "hashicorp-vault" namespace: "default" provider: vault: - server: "https://vault.tools.sap/" - namespace: "s4/ketos" + server: "https://vault.example/" + namespace: "ns1" path: "k8s-clusters" version: "v2" auth: @@ -73,16 +73,16 @@ secretStores: path: "approle" roleId: "cf33bb15" secretRef: - name: "sap-hashicorp-vault-token" + name: "hashicorp-vault-token" key: "token" ######################################################################################################################## externalSecret: - - name: "garden-ketos-co-sa-mcp-test" + - name: "openmcp-test" namespace: "default" refreshInterval: "15m" - targetSecretName: garden-ketos-co-sa-mcp-test + targetSecretName: "openmcp-test" secretStore: - name: "sap-hashicorp-vault" + name: "hashicorp-vault" data: - secretKey: kubeconfig remoteRef: @@ -93,7 +93,7 @@ externalSecret: refreshInterval: "15m" targetSecretName: garden-ketos-co-sa-mcp-test-2 secretStore: - name: "sap-hashicorp-vault" + name: "hashicorp-vault" data: - secretKey: kubeconfig remoteRef: @@ -104,7 +104,7 @@ externalSecret: refreshInterval: "15m" targetSecretName: btp-account-ketos-kita-test secretStore: - name: "sap-hashicorp-vault-cluster-store" + name: "hashicorp-vault-cluster-store" kind: "ClusterSecretStore" data: - secretKey: btp-cis-provider-credentials @@ -117,7 +117,7 @@ externalSecret: property: btp-service-account-provider-credentials ######################################################################################################################## pushSecrets: - - name: "garden-ketos-co-sa-mcp-test" + - name: "openmcp-test" namespace: "default" spec: updatePolicy: Replace # Policy to overwrite existing secrets in the provider on sync diff --git a/helm/charts/mcp/external-secrets-config/values.yaml b/helm/charts/mcp/external-secrets-config/values.yaml index 100b9bd..53222a2 100644 --- a/helm/charts/mcp/external-secrets-config/values.yaml +++ b/helm/charts/mcp/external-secrets-config/values.yaml @@ -20,9 +20,9 @@ secretStores: # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider # @default -- [] vault: - # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.tools.sap/". + # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". server: "" - # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. s4/ketos + # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" namespace: "" # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. path: "" @@ -77,7 +77,7 @@ externalSecret: - secretKey: "" # -- [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch. remoteRef: - # -- [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com/garden-ketos-co-sa-mcp-test" + # -- [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "btp-endpoint.example/btp-account" key: "" # -- *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig" property: "" @@ -95,9 +95,9 @@ clusterSecretStores: # -- *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider # @default -- [] vault: - # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.tools.sap/". - server: "" - # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. s4/ketos + # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". + server: "https://vault.example/" + # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" namespace: "" # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. path: "" From 5d82c00251f32e2466d0772d0f4846febf1ef12a Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Fri, 11 Apr 2025 14:01:06 +0200 Subject: [PATCH 12/94] Updating PR workflow (#5) Updating PR workflow --- .github/workflows/git-pr-status-checks.yml | 17 +++++++++++++++-- .../pr-status-checks-workflow-call-fork.yml | 17 +++++++++++++++-- .../pr-status-checks-workflow-call.yml | 17 +++++++++++++++-- 3 files changed, 45 insertions(+), 6 deletions(-) diff --git a/.github/workflows/git-pr-status-checks.yml b/.github/workflows/git-pr-status-checks.yml index 1b640f3..f389384 100644 --- a/.github/workflows/git-pr-status-checks.yml +++ b/.github/workflows/git-pr-status-checks.yml @@ -7,7 +7,20 @@ concurrency: group: building-blocks-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true +permissions: + pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write + jobs: pr-status-check: - uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@main" - secrets: inherit \ No newline at end of file + uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@chore/os_preparations" + with: + HELM_OCI_REGISTRY: 'ghcr.io' + BUILDING_BLOCKS_GIT_REPO_URL: 'https://github.com/openmcp-project/blueprint-building-blocks.git' + secrets: + HELM_REPO_USERNAME: "${{ secrets.GITHUB_TOKEN }}" + HELM_REPO_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-status-checks-workflow-call-fork.yml b/.github/workflows/pr-status-checks-workflow-call-fork.yml index 04de248..e769868 100644 --- a/.github/workflows/pr-status-checks-workflow-call-fork.yml +++ b/.github/workflows/pr-status-checks-workflow-call-fork.yml @@ -9,8 +9,21 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true +permissions: + pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write + jobs: pr-status-check: if: ${{ github.event.pull_request.head.repo.full_name != 'openmcp-project/blueprint-building-blocks' }} - uses: "openmcp-project/blueprint-building-blocks/.github/workflows/git-pr-status-checks.yml@main" - secrets: inherit \ No newline at end of file + uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@chore/os_preparations" + with: + HELM_OCI_REGISTRY: 'ghcr.io' + BUILDING_BLOCKS_GIT_REPO_URL: 'https://github.com/openmcp-project/blueprint-building-blocks.git' + secrets: + HELM_REPO_USERNAME: "${{ secrets.GITHUB_TOKEN }}" + HELM_REPO_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-status-checks-workflow-call.yml b/.github/workflows/pr-status-checks-workflow-call.yml index f6988de..5b3a2a8 100644 --- a/.github/workflows/pr-status-checks-workflow-call.yml +++ b/.github/workflows/pr-status-checks-workflow-call.yml @@ -9,8 +9,21 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true +permissions: + pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write + jobs: pr-status-check: if: ${{ github.event.pull_request.head.repo.full_name == 'openmcp-project/blueprint-building-blocks' }} - uses: "openmcp-project/blueprint-building-blocks/.github/workflows/git-pr-status-checks.yml@main" - secrets: inherit \ No newline at end of file + uses: "openmcp-project/blueprint-workflows/.github/workflows/git-pr-status-checks.yml@chore/os_preparations" + with: + HELM_OCI_REGISTRY: 'ghcr.io' + BUILDING_BLOCKS_GIT_REPO_URL: 'https://github.com/openmcp-project/blueprint-building-blocks.git' + secrets: + HELM_REPO_USERNAME: "${{ secrets.GITHUB_TOKEN }}" + HELM_REPO_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 151253edd33dd516ed8a7a7f48f575818e88d46f Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Mon, 14 Apr 2025 10:56:26 +0200 Subject: [PATCH 13/94] Removed confidential values from values files --- .../values.ci.yaml | 327 +++++++++++++++++- .../values.ci.yaml | 14 + .../values.ci.yaml | 16 +- 3 files changed, 355 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml index 8490c8c..2b5547b 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.ci.yaml @@ -3,8 +3,61 @@ ###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### ######################################################################################################################## compositions: +- name: "nosqls.aws.api.example" + spec: + compositeTypeRef: + apiVersion: aws.api.example/v1alpha1 + kind: NoSQL + resources: + - name: s3Bucket + base: + apiVersion: s3.aws.upbound.io/v1beta1 + kind: Bucket + metadata: + name: basic-bucket + spec: + forProvider: + region: us-east-2 + providerConfigRef: + name: default + patches: + - type: FromCompositeFieldPath + fromFieldPath: "spec.location" + toFieldPath: "spec.forProvider.region" + transforms: + - type: map + map: + EU: "eu-north-1" + US: "us-east-2" + - name: dynamoDB + base: + apiVersion: dynamodb.aws.upbound.io/v1beta1 + kind: Table + metadata: + name: nosql-database + spec: + forProvider: + region: "us-east-2" + writeCapacity: 1 + readCapacity: 1 + attribute: + - name: S3ID + type: S + hashKey: S3ID + patches: + - type: FromCompositeFieldPath + fromFieldPath: "spec.location" + toFieldPath: "spec.forProvider.region" + transforms: + - type: map + map: + EU: "eu-north-1" + US: "us-east-2" - name: "eks-cluster" spec: + compositeTypeRef: + apiVersion: api.example/v1alpha1 + kind: XEKSCluster mode: "Pipeline" writeConnectionSecretsToNamespace: "crossplane-system" pipeline: @@ -393,6 +446,9 @@ compositions: step: patch-and-transform - name: "vpc" spec: + compositeTypeRef: + apiVersion: api.example/v1alpha1 + kind: XVPC mode: "Pipeline" pipeline: - step: compose-resources @@ -425,6 +481,9 @@ compositions: name: {{ $tenantAwsProviderConfigRef }} - name: "rdsinstance" spec: + compositeTypeRef: + apiVersion: api.example/v1alpha1 + kind: XRDSInstance mode: "Pipeline" pipeline: - step: compose-resources @@ -474,5 +533,271 @@ compositions: namespace: {{ $claimNamespace }} providerConfigRef: name: {{ $tenantAwsProviderConfigRef }} - +- name: "eksnetwork.api.example" + spec: + compositeTypeRef: + apiVersion: api.example/v1alpha1 + kind: XEKSNetwork + mode: "Pipeline" + pipeline: + - step: compose-resources + functionRef: + name: go-templating + input: + apiVersion: gotemplating.fn.crossplane.io/v1beta1 + kind: GoTemplate + source: Inline + inline: + template: | + {{ $claimNamespace := index $.observed.composite.resource.metadata.labels "crossplane.io/claim-namespace" }} + {{ $tenantAwsProviderConfigRef := printf "%s-aws" $claimNamespace }} + {{ $params := get .observed.composite.resource.spec "parameters" | default dict }} + --- + {{ $vpcResourceName := "vpc" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: VPC + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $vpcResourceName }} + spec: + forProvider: + cidrBlock: {{ $params.vpcCidrBlock | toYaml }} + enableDnsHostnames: true + enableDnsSupport: true + tags: + Name: {{ printf "%s-%s" $params.id $vpcResourceName | toYaml }} + region: {{ $params.region | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $igwResourceName := "internet-gateway" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: InternetGateway + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $igwResourceName }} + spec: + forProvider: + region: {{ $params.region | toYaml }} + tags: + Name: {{ printf "%s-%s" $params.id $igwResourceName | toYaml }} + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + {{ $region := $params.region | toYaml }} + {{- range $i, $subnet := $params.subnets }} + --- + {{ $subnetResourceName := printf "subnet-%s-%s-%s" $subnet.availabilityZone $subnet.type (toString $i) }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Subnet + metadata: + labels: + zone: {{ $subnet.availabilityZone }} + {{- if eq $subnet.type "private" }} + access: private + {{- else }} + access: public + {{- end }} + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $subnetResourceName }} + spec: + forProvider: + cidrBlock: {{ $subnet.cidrBlock | toYaml }} + {{ if eq $subnet.type "public" }} + mapPublicIpOnLaunch: true + {{ end }} + tags: + {{- if eq $subnet.type "private" }} + kubernetes.io/role/internal-elb: "1" + {{- else }} + kubernetes.io/role/elb: "1" + {{- end }} + Name: {{ printf "%s-%s" $params.id $subnetResourceName | toYaml }} + region: {{ $region }} + vpcIdSelector: + matchControllerRef: true + availabilityZone: {{ $subnet.availabilityZone | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + {{- end }} + --- + {{ $routeTableResourceName := "route-table" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTable + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $routeTableResourceName }} + spec: + forProvider: + vpcIdSelector: + matchControllerRef: true + region: {{ $params.region | toYaml }} + tags: + Name: {{ printf "%s-%s" $params.id $routeTableResourceName | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $publicRouteResourceName := "public-route" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: Route + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $publicRouteResourceName }} + spec: + forProvider: + destinationCidrBlock: 0.0.0.0/0 + gatewayIdSelector: + matchControllerRef: true + routeTableIdSelector: + matchControllerRef: true + region: {{ $params.region | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $mainRouteTableAssociationResourceName := "main-route-table-association" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: MainRouteTableAssociation + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $mainRouteTableAssociationResourceName }} + spec: + forProvider: + region: {{ $params.region | toYaml }} + routeTableIdSelector: + matchControllerRef: true + vpcIdSelector: + matchControllerRef: true + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + {{- range $i, $subnet := $params.subnets }} + --- + {{ $routeTableAssociationResourceName := printf "route-table-association-%s-%s-%s" $subnet.availabilityZone $subnet.type (toString $i) }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: RouteTableAssociation + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $routeTableAssociationResourceName }} + spec: + forProvider: + region: {{ $region }} + routeTableIdSelector: + matchControllerRef: true + subnetIdSelector: + matchControllerRef: true + matchLabels: + {{- if eq $subnet.type "private" }} + access: private + {{- else }} + access: public + {{- end }} + zone: {{ $subnet.availabilityZone | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + {{- end }} + --- + {{ $sgResourceName := "security-group" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroup + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $sgResourceName }} + spec: + forProvider: + description: Allow access to databases + name: {{ printf "%s-%s" $params.id $sgResourceName | toYaml }} + vpcIdSelector: + matchControllerRef: true + region: {{ $params.region | toYaml }} + tags: + Name: {{ printf "%s-%s" $params.id $sgResourceName | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $sgrpRulePostGresResourceName := "security-group-rule-postgres" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $sgrpRulePostGresResourceName }} + spec: + forProvider: + cidrBlocks: + - 192.168.0.0/16 + description: Everywhere + fromPort: 5432 + protocol: tcp + securityGroupIdSelector: + matchControllerRef: true + toPort: 5432 + type: ingress + region: {{ $params.region | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + --- + {{ $sgrpRuleMySQLResourceName := "security-group-rule-mysql" }} + apiVersion: ec2.aws.upbound.io/v1beta1 + kind: SecurityGroupRule + metadata: + labels: + eksnetworks.api.example/network-id: {{ $params.id | toYaml }} + annotations: + {{ setResourceNameAnnotation $sgrpRuleMySQLResourceName }} + spec: + forProvider: + cidrBlocks: + - 192.168.0.0/16 + description: Everywhere + fromPort: 3306 + protocol: tcp + securityGroupIdSelector: + matchControllerRef: true + toPort: 3306 + type: ingress + region: {{ $params.region | toYaml }} + providerConfigRef: + name: {{ $tenantAwsProviderConfigRef | toYaml }} + - step: set-xr-status + functionRef: + name: go-templating + input: + apiVersion: gotemplating.fn.crossplane.io/v1beta1 + kind: GoTemplate + source: Inline + inline: + template: | + {{ $observedResources := get .observed "resources" | default dict }} + {{ $params := get .observed.composite.resource.spec "parameters" | default dict }} + {{ $vpcStatus := dig "vpc" "resource" "status" dict $observedResources }} + {{ $subnetsStatus := dict }} + {{ range $i, $subnet := $params.subnets }} + {{ $subnetResourceName := printf "subnet-%s-%s-%s" $subnet.availabilityZone $subnet.type (toString $i) }} + {{ $subnetStatuses := dig $subnetResourceName "resource" "status" dict $observedResources }} + {{ $subnetsStatus = merge $subnetsStatus (dict $subnetResourceName $subnetStatuses) }} + {{ end }} + apiVersion: api.example/v1alpha1 + kind: XEKSNetwork + status: + vpc: {{ $vpcStatus | toYaml | nindent 4 }} + subnets: {{ $subnetsStatus | toYaml | nindent 4 }} + - step: automatically-detect-ready-composed-resources + functionRef: + name: auto-ready ######################################################################################################################## diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml index c704368..223806e 100644 --- a/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml @@ -9,6 +9,13 @@ clusters: crossplane.io/claim-namespace: dev-us annotations: crossplane.io/composition-resource-name: eks-cluster + ownerReferences: + - apiVersion: api.example/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: XEKSCluster + name: dev-us-ekscluster + uid: "" spec: deletionPolicy: "" forProvider: @@ -35,6 +42,13 @@ nodeGroups: crossplane.io/claim-namespace: dev-us annotations: crossplane.io/composition-resource-name: eks-nodegroup + ownerReferences: + - apiVersion: api.example/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: XEKSCluster + name: dev-us-ekscluster + uid: "" spec: deletionPolicy: "" forProvider: diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml index c7044ea..6c8214b 100644 --- a/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-iam/values.ci.yaml @@ -8,7 +8,14 @@ roles: crossplane.io/composite: dev-us-ekscluster crossplane.io/claim-namespace: dev-us annotations: - crossplane.io/composition-resource-name: role + crossplane.io/composition-resource-name: role + ownerReferences: + - apiVersion: api.example/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: XEKSCluster + name: dev-us-ekscluster + uid: "" spec: deletionPolicy: "" forProvider: @@ -36,6 +43,13 @@ rolePolicyAttachments: crossplane.io/claim-namespace: dev-us annotations: crossplane.io/composition-resource-name: rolePolicyAttachment + ownerReferences: + - apiVersion: api.example/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: XEKSCluster + name: dev-us-ekscluster + uid: "" spec: deletionPolicy: "" forProvider: From 8c0329b9c703f10b9b7496b40cba3c9d775b9603 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:56 +0000 Subject: [PATCH 14/94] chore(ci): update helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml.version 0.0.8- >0.0.9 --- .../crossplane-provider-apiextensions-composition/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml index 527259f..d25c5a1 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.8 +version: 0.0.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 1a56ef07e267e25031f9d8468a9394774d927073 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:56 +0000 Subject: [PATCH 15/94] chore(ci): update helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml.version 0.0.9- >0.0.10 --- helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml index 880b625..4d4e0e3 100644 --- a/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.9 +version: 0.0.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From f554abb6775d72ac4a14f84b21f27b0b5363d3d5 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:56 +0000 Subject: [PATCH 16/94] chore(ci): update helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml.version 0.0.9- >0.0.10 --- helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml index e40df12..2dbdd02 100644 --- a/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-eks/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.9 +version: 0.0.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 6a14a6af87ac78045d79cc7107f7b71ddd0234c8 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:56 +0000 Subject: [PATCH 17/94] chore(ci): update helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml.version 0.0.10- >0.0.11 --- helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml index 29f6920..27a73eb 100644 --- a/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-iam/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.10 +version: 0.0.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 19dac6ff5d3ded5c79944b9810ac4e61fa77d442 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:56 +0000 Subject: [PATCH 18/94] chore(ci): update helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml.version 0.0.8- >0.0.9 --- helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml b/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml index 4ee3ee8..932159a 100644 --- a/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.8 +version: 0.0.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From d9af0dbd9ab2e45d1bf0f249738d8b0cba8b8194 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:56 +0000 Subject: [PATCH 19/94] chore(ci): update helm/charts/mcp/crossplane-provider-configs/Chart.yaml.version 0.0.15- >0.0.16 --- helm/charts/mcp/crossplane-provider-configs/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-configs/Chart.yaml b/helm/charts/mcp/crossplane-provider-configs/Chart.yaml index d23908a..344fb29 100644 --- a/helm/charts/mcp/crossplane-provider-configs/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-configs/Chart.yaml @@ -16,11 +16,11 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.15 +version: 0.0.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "0.1.0" sources: - - https://github.com/openmcp-project/blueprint-building-blocks \ No newline at end of file + - https://github.com/openmcp-project/blueprint-building-blocks From cd9aa8599459ba9010b9e6bd2078f61c1629418a Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:57 +0000 Subject: [PATCH 20/94] chore(ci): update helm/charts/mcp/external-secrets-config/Chart.yaml.version 0.1.7- >0.1.8 --- helm/charts/mcp/external-secrets-config/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/external-secrets-config/Chart.yaml b/helm/charts/mcp/external-secrets-config/Chart.yaml index d5cfbf6..f975bee 100644 --- a/helm/charts/mcp/external-secrets-config/Chart.yaml +++ b/helm/charts/mcp/external-secrets-config/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://github.com/external-secrets/external-secrets/raw/main/assets/eso- # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From ff875ddf52cef179977fd46e53deb9eb84411a90 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 21/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-core-cloud/README.md file --- helm/charts/mcp/crossplane-gardener-core-cloud/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md index 9a78922..9d0458c 100644 --- a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md @@ -8,6 +8,9 @@ A Helm chart to template crossplane manifests to manage core.gardener.cloud reso **Homepage:** +## Source Code + +* ## Values From 86869a04a2fd1ba45d8e72455ce696e5b3971a81 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 22/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md file --- helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md index e138ba6..7147bd3 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md @@ -6,6 +6,10 @@ A Helm chart to template crossplane manifests to manage Gardener Shoot resources. +## Source Code + +* + ## Values | Key | Type | Default | Description | From ccad23d18138f720e28421951ad745c2054086d8 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 23/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md file --- .../mcp/crossplane-gardener-shoot-kubeconfigs/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md index 9f57936..21275a0 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md @@ -6,6 +6,10 @@ A Helm chart to template crossplane manifests to request kubeconfigs of existing Gardener Shoots. +## Source Code + +* + ## Values | Key | Type | Default | Description | From 4266eaff0efe3ae83b5f3a384aebd0c34be8d7b7 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 24/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-apiextensions/README.md file --- helm/charts/mcp/crossplane-provider-apiextensions/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/README.md b/helm/charts/mcp/crossplane-provider-apiextensions/README.md index d842cc3..910b50e 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions/README.md +++ b/helm/charts/mcp/crossplane-provider-apiextensions/README.md @@ -6,12 +6,12 @@ A Helm Chart to template crossplane API extensions compositions. -**Homepage:** +**Homepage:** ## Source Code * -* +* ## Values From e7b6e02356dc57da9771bced8ae19b0c5c49ffe1 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 25/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md file --- .../crossplane-provider-apiextensions-composition/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md b/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md index 7a0fa47..e74eb9b 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md @@ -2,15 +2,15 @@ # crossplane-provider-apiextensions-composition -![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template crossplane API extensions compositions. -**Homepage:** +**Homepage:** ## Source Code -* +* * ## Values From 9dc4f4a78e807230173e60e3670cf5a08463fe96 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 26/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-aws-ec2/README.md file --- helm/charts/mcp/crossplane-provider-aws-ec2/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-ec2/README.md b/helm/charts/mcp/crossplane-provider-aws-ec2/README.md index 38637fd..4a766a9 100644 --- a/helm/charts/mcp/crossplane-provider-aws-ec2/README.md +++ b/helm/charts/mcp/crossplane-provider-aws-ec2/README.md @@ -2,15 +2,15 @@ # crossplane-provider-aws-ec2 -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template AWS EC2 manifests for its crossplane provider. -**Homepage:** +**Homepage:** ## Source Code -* +* * * * From be4c9e540e8c0bc0bb426251adbdf23ec2953621 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 27/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-aws-eks/README.md file --- helm/charts/mcp/crossplane-provider-aws-eks/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/README.md b/helm/charts/mcp/crossplane-provider-aws-eks/README.md index b36aca1..a17c9c1 100644 --- a/helm/charts/mcp/crossplane-provider-aws-eks/README.md +++ b/helm/charts/mcp/crossplane-provider-aws-eks/README.md @@ -2,18 +2,18 @@ # crossplane-provider-aws-eks -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template AWS EKS manifests for its crossplane provider. -**Homepage:** +**Homepage:** ## Source Code * * * -* +* ## Values From 66316da45d5fa5bb705ca55b77387f2a2139330c Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 28/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-aws-iam/README.md file --- helm/charts/mcp/crossplane-provider-aws-iam/README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-iam/README.md b/helm/charts/mcp/crossplane-provider-aws-iam/README.md index baa357b..e0b0352 100644 --- a/helm/charts/mcp/crossplane-provider-aws-iam/README.md +++ b/helm/charts/mcp/crossplane-provider-aws-iam/README.md @@ -2,15 +2,13 @@ # crossplane-provider-aws-iam -![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template AWS IAM manifests for its crossplane provider. -**Homepage:** - ## Source Code -* +* * * * From d79c12f1b11bd06741b4de7d09088eea093a8fb0 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 29/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-aws-rdr/README.md file --- helm/charts/mcp/crossplane-provider-aws-rdr/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-rdr/README.md b/helm/charts/mcp/crossplane-provider-aws-rdr/README.md index d69491b..f0fd902 100644 --- a/helm/charts/mcp/crossplane-provider-aws-rdr/README.md +++ b/helm/charts/mcp/crossplane-provider-aws-rdr/README.md @@ -2,15 +2,15 @@ # crossplane-provider-aws-rdr -![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template AWS RDR manifests for its crossplane provider. -**Homepage:** +**Homepage:** ## Source Code -* +* * * * From 82b9f5a6d94ef26506dc65aae00abfc001f47d18 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 30/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-btp-security/README.md file --- helm/charts/mcp/crossplane-provider-btp-security/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-btp-security/README.md b/helm/charts/mcp/crossplane-provider-btp-security/README.md index a23d7f3..0920c99 100644 --- a/helm/charts/mcp/crossplane-provider-btp-security/README.md +++ b/helm/charts/mcp/crossplane-provider-btp-security/README.md @@ -6,11 +6,11 @@ A Helm Chart to template crossplane manifests to manage BTP resources such as Directory, TrustConfiguration and RoleCollection Assignment on BTP. -**Homepage:** +**Homepage:** ## Source Code -* +* * ## Values From 3bb596ebb7ef5cd59bc568d224f00a1f0e0316ff Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 31/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-configs/README.md file --- .../mcp/crossplane-provider-configs/README.md | 21 ++----------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-configs/README.md b/helm/charts/mcp/crossplane-provider-configs/README.md index 3054df5..96d98b4 100644 --- a/helm/charts/mcp/crossplane-provider-configs/README.md +++ b/helm/charts/mcp/crossplane-provider-configs/README.md @@ -2,26 +2,18 @@ # crossplane-provider-configs -![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) +![Version: 0.0.16](https://img.shields.io/badge/Version-0.0.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) A Helm chart to template crossplane provider config manifests to orchestrate resources. -**Homepage:** - ## Source Code -* +* ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| providerConfigs.accountBtpOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: account.btp.orchestrate.cloud.sap/v1alpha1` This `ProviderConfig` typically points to k8s secret in which the json credentials of a BTP's [Cloud Management Service](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#setup-btp-cloud-management-service) Binding is in order to manage [BTP Cloud Resources](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider#configure-providerconfig) such as [BTP Sub-Accounts](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts), [Entitlements](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements), ect... | -| providerConfigs.accountBtpOrchestrateCloud[0].cisCredentials | object | [] | Secret which contains credentials required to authenticate to this provider. Reference to a secret containing the CIS Accounts service credentials. The Cloud Management (CIS) instance must be of plan central. The Service Binding should be created with the following parameters {"grantType": "clientCredentials"} See [Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/provider) and [CRD browser](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-cisCredentials) for more details. | -| providerConfigs.accountBtpOrchestrateCloud[0].cisCredentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | -| providerConfigs.accountBtpOrchestrateCloud[0].cliServerUrl | string | `""` | contains BTP CLI server url. E.g. https://cli.btp.cloud.sap or canary: https://canary.cli.btp.int.sap/ . More landscapes see [here](https://wiki.one.int.sap/wiki/pages/viewpage.action?spaceKey=CPCLI&title=Landscapes) | -| providerConfigs.accountBtpOrchestrateCloud[0].globalAccountSubDomain | string | `""` | contains the [Global Account Subdomain](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-globalAccount). | -| providerConfigs.accountBtpOrchestrateCloud[0].serviceAccountSecret.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | | providerConfigs.awsUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-aws/v1.15.0/resources/aws.upbound.io/ProviderConfig/v1beta1) of `aws.upbound.io/v1beta1`. Additional information see [AWS Quickstart](https://docs.crossplane.io/latest/getting-started/provider-aws/#create-a-providerconfig). | | providerConfigs.awsUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | | providerConfigs.azureUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-family-azure/v1.7.0/resources/azure.upbound.io/ProviderConfig/v1beta1) of `azure.upbound.io/v1beta1`. Additional information see [Azure Quickstart](https://docs.crossplane.io/latest/getting-started/provider-azure/). | @@ -33,21 +25,12 @@ A Helm chart to template crossplane provider config manifests to orchestrate res | providerConfigs.btpSapCrossplane[0].globalAccountSubDomain | string | `""` | contains the [Global Account Subdomain](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-globalAccount). | | providerConfigs.btpSapCrossplane[0].serviceAccountSecret | object | [] | A user available in BTP. The Credentials in the ServiceAccountSecret are relevant for two reasons (1) On environment creation (Kyma & CloudFoundry) the APIs require a users email address (2) For updating the managers of a CloudFoundry Environment it is required to have a user and a password The structure is pretty basic, a json object with email, username and password. Username & Password must not be filled if there is no need for CloudFoundry Environments. Example: { "email": "", "username": "PUserID", "password": "--" } | | providerConfigs.btpSapCrossplane[0].serviceAccountSecret.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | -| providerConfigs.cloudfoundryBtpOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: cloudfoundry.btp.orchestrate.cloud.sap/v1beta1` This [`ProviderConfig`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-cloudfoundry/cloudfoundry.btp.orchestrate.cloud.sap/providerconfig/v1beta1) typically points to k8s secret in which the credentials required for the [BTP Cloud Foundry](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/cloudfoundry/provider) provider to communicate with the Cloud Foundry Environment on BTP. | -| providerConfigs.cloudfoundryBtpOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | -| providerConfigs.cloudfoundryBtpOrchestrateCloud[0].endpoint.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | -| providerConfigs.dynatraceOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: dynatrace.orchestrate.cloud.sap/v1beta1` | -| providerConfigs.dynatraceOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | | providerConfigs.gardenerOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of SAP Garden k8s Service Account is located in order to create a SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your CO MCP cluster as a k8s secret. | | providerConfigs.gardenerOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | | providerConfigs.gcpUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/gcp.crossplane.io/ProviderConfig/v1beta1) of `gcp.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). | | providerConfigs.gcpUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | | providerConfigs.helmCrossplane | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: helm.crossplane.io/v1beta1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. The `ProviderConfig` is required to manage `Helm Charts` installations on a k8s cluster such as [`kind: ProviderConfig`](../crossplane-provider-helm/templates/helm-release.yaml) of `apiVersion: helm.crossplane.io/v1beta1` . | | providerConfigs.helmCrossplane[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | -| providerConfigs.hyperscalerOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: hyperscaler.orchestrate.cloud.sap/v1alpha1` | -| providerConfigs.hyperscalerOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | -| providerConfigs.iasBtpOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of [`ias.btp.orchestrate.cloud.sap/v1alpha1`](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-ias) | -| providerConfigs.iasBtpOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | | providerConfigs.kubernetesCrossplane | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: kubernetes.crossplane.io/v1alpha1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of K8s Service Account or SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` is stored. The `ProviderConfig` is required to orchestrate SAP Gardener Shoot Clusters such as [`kind: Shoot`](../crossplane-gardener-shoot-clusters/templates/garden-manifests/gardener-shoot-cluster.yaml) of `apiVersion: core.gardener.cloud/v1beta1` or manage plain k8s `manifests` (e.g. ConfigMap...) on a k8s cluster (e.g. SAP Gardern Shoot Cluster) [`kind: Object`](../crossplane-provider-kubernetes/templates/kubernetes.yaml) of `apiVersion: kubernetes.crossplane.io/v1alpha1` directly. See Cloud Orchestrator [SAP Gardener Setup](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/gardener/provider#gardener-providerconfig). | | providerConfigs.kubernetesCrossplane[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | | providerConfigs.vaultUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/upbound/provider-vault/v1.0.0/resources/vault.upbound.io/ProviderConfig/v1beta1) of `vault.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). | From df5c272f7dd12222c6e6637bd10764aa9b2d94bb Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 32/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-gcp/README.md file --- helm/charts/mcp/crossplane-provider-gcp/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-gcp/README.md b/helm/charts/mcp/crossplane-provider-gcp/README.md index dd56c49..431c028 100644 --- a/helm/charts/mcp/crossplane-provider-gcp/README.md +++ b/helm/charts/mcp/crossplane-provider-gcp/README.md @@ -6,11 +6,11 @@ A Helm Chart to template GCP manifests for its crossplane provider. -**Homepage:** +**Homepage:** ## Source Code -* +* * * * From 29aeb13e16e40219fef60cd5b14a959646e31d04 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 33/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-helm/README.md file --- helm/charts/mcp/crossplane-provider-helm/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-helm/README.md b/helm/charts/mcp/crossplane-provider-helm/README.md index 0ef0edc..63a79b3 100644 --- a/helm/charts/mcp/crossplane-provider-helm/README.md +++ b/helm/charts/mcp/crossplane-provider-helm/README.md @@ -6,11 +6,11 @@ A Helm Chart to template crossplane provider "helm" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. -**Homepage:** +**Homepage:** ## Source Code -* +* * * From 002676f22a3cfa89eebd277dad15a9092ef16d1d Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 34/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-kubernetes/README.md file --- helm/charts/mcp/crossplane-provider-kubernetes/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/README.md b/helm/charts/mcp/crossplane-provider-kubernetes/README.md index 1e9cdbf..608600c 100644 --- a/helm/charts/mcp/crossplane-provider-kubernetes/README.md +++ b/helm/charts/mcp/crossplane-provider-kubernetes/README.md @@ -6,11 +6,11 @@ A Helm Chart to template crossplane provider "kubernetes" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. -**Homepage:** +**Homepage:** ## Source Code -* +* * ## Values From 4a221d07be44af4886c8c99eb37a205402f7e230 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 35/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-pkgs/README.md file --- helm/charts/mcp/crossplane-provider-pkgs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-pkgs/README.md b/helm/charts/mcp/crossplane-provider-pkgs/README.md index 41ab97f..437eac4 100644 --- a/helm/charts/mcp/crossplane-provider-pkgs/README.md +++ b/helm/charts/mcp/crossplane-provider-pkgs/README.md @@ -6,11 +6,11 @@ A Helm Chart to template crossplane provider "kind Provider" manifests to install crossplane family providers. -**Homepage:** +**Homepage:** ## Source Code -* +* * * From 276c296e6623b206bad079b7458cc721fea5ec4b Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 36/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-sap-btp-account/README.md file --- helm/charts/mcp/crossplane-provider-sap-btp-account/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md index 8d554a9..483d7b6 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md @@ -10,7 +10,7 @@ A Helm chart to template crossplane manifests to manage SAP BTP resources. ## Source Code -* +* ## Values From 7f427b0b730de77c99355255811a841cfc8e80cf Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 37/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md file --- .../README.md | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md index 6e870a7..e3f7508 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md @@ -6,11 +6,11 @@ A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kyma environments on BTP. -**Homepage:** +**Homepage:** ## Source Code -* +* * * @@ -19,9 +19,25 @@ A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kym | Key | Type | Default | Description | |-----|------|---------|-------------| | cloudFoundryEnvironments | list | object | cloudFoundryEnvironments contains configuration of [cloudfoundry Environments](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/environment.btp.sap.crossplane.io/cloudfoundryenvironment/v1alpha1). | -| cloudFoundryEnvironments[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","cloudManagementRef":{"name":""},"forProvider":{"initialOrgManagers":["steffen.brunner@sap.com"],"landscape":""},"name":"","subaccountRef":{"name":""},"writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a ...! | +| cloudFoundryEnvironments[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","cloudManagementRef":{"name":""},"forProvider":{"initialOrgManagers":[""],"landscape":""},"name":"","subaccountRef":{"name":""},"writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a ...! | | cloudFoundryEnvironments[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | -| kymaEnvironments | list | `[{"btpSapCrossplaneProviderConfigRefName":"","cloudManagementRef":{"name":""},"forProvider":{"administrators":["...@sap.com"],"autoScalerMax":3,"autoScalerMin":3,"machineType":"m5.xlarge","oidc":{"clientID":"","groupsClaim":"groups","issuerURL":"https://.accounts400.ondemand.com","signingAlgs":["RS256"],"usernameClaim":"email","usernamePrefix":"-"},"parameters":null,"region":"eu-west-2"},"name":"","planName":"aws","subaccountRef":{"name":""},"writeConnectionSecretToRef":{"name":"demo-kyma-kubeconfig-local","namespace":"default"}}]` | https://pages.github.tools.sap/cloud-orchestration/docs/use-cases/workload_to_kyma | +| kymaEnvironments[0].btpSapCrossplaneProviderConfigRefName | string | `""` | | +| kymaEnvironments[0].cloudManagementRef.name | string | `""` | | +| kymaEnvironments[0].forProvider.administrators[0] | string | `"...@sap.com"` | | +| kymaEnvironments[0].forProvider.autoScalerMax | int | `3` | | +| kymaEnvironments[0].forProvider.autoScalerMin | int | `3` | | +| kymaEnvironments[0].forProvider.machineType | string | `"m5.xlarge"` | | +| kymaEnvironments[0].forProvider.oidc.clientID | string | `""` | | +| kymaEnvironments[0].forProvider.oidc.groupsClaim | string | `"groups"` | | +| kymaEnvironments[0].forProvider.oidc.issuerURL | string | `"https://.accounts400.ondemand.com"` | | +| kymaEnvironments[0].forProvider.oidc.signingAlgs[0] | string | `"RS256"` | | +| kymaEnvironments[0].forProvider.oidc.usernameClaim | string | `"email"` | | +| kymaEnvironments[0].forProvider.oidc.usernamePrefix | string | `"-"` | | +| kymaEnvironments[0].forProvider.parameters | string | `nil` | | +| kymaEnvironments[0].forProvider.region | string | `"eu-west-2"` | | +| kymaEnvironments[0].name | string | `""` | | +| kymaEnvironments[0].planName | string | `"aws"` | | +| kymaEnvironments[0].subaccountRef.name | string | `""` | | | kymaEnvironments[0].writeConnectionSecretToRef | object | `{"name":"demo-kyma-kubeconfig-local","namespace":"default"}` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | ---------------------------------------------- From bcbea1e799ab57d8cf531266cfe66e77f2ade12a Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:58 +0000 Subject: [PATCH 38/94] chore(ci): update Helm Chart helm/charts/mcp/external-secrets-config/README.md file --- .../charts/mcp/external-secrets-config/README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/helm/charts/mcp/external-secrets-config/README.md b/helm/charts/mcp/external-secrets-config/README.md index d3660a3..b82901a 100644 --- a/helm/charts/mcp/external-secrets-config/README.md +++ b/helm/charts/mcp/external-secrets-config/README.md @@ -2,15 +2,15 @@ # external-secrets-config -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.10.0](https://img.shields.io/badge/AppVersion-0.10.0-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.10.0](https://img.shields.io/badge/AppVersion-0.10.0-informational?style=flat-square) A Helm Chart to template external-secrets.io manifests to sync credentials from remote vault (e.g. SAP HashiCorp Vault). -**Homepage:** +**Homepage:** ## Source Code -* +* * ## Values @@ -38,9 +38,9 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from | clusterSecretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. | | clusterSecretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | | clusterSecretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | -| clusterSecretStores[0].provider.vault.namespace | string | `""` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. s4/ketos | +| clusterSecretStores[0].provider.vault.namespace | string | `""` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" | | clusterSecretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. | -| clusterSecretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.tools.sap/". | +| clusterSecretStores[0].provider.vault.server | string | `"https://vault.example/"` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". | | clusterSecretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. | | credentials[0].data | list | `[]` | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | | credentials[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | @@ -52,7 +52,7 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from | externalSecret[0].creationPolicy | string | `""` | *(optional)* CreationPolicy defines rules on how to create the resulting Secret Defaults to ‘Owner’ | | externalSecret[0].data | list | [] | *(optional)* [Data](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) defines the connection between the Kubernetes Secret keys and the Provider data | | externalSecret[0].data[0].remoteRef | object | `{"key":"","property":""}` | [RemoteRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretData) points to the remote secret and defines which secret (version/property/..) to fetch. | -| externalSecret[0].data[0].remoteRef.key | string | `""` | [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com/garden-ketos-co-sa-mcp-test" | +| externalSecret[0].data[0].remoteRef.key | string | `""` | [Key](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) is the key used in the Provider, mandatory. E.g. "btp-endpoint.example/btp-account" | | externalSecret[0].data[0].remoteRef.property | string | `""` | *(optional)* Used to select a [specific property](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecretDataRemoteRef) of the Provider value (if a map), if supported. E.g. "kubeconfig" | | externalSecret[0].deletionPolicy | string | `""` | *(optional)* DeletionPolicy defines rules on how to delete the resulting Secret Defaults to ‘Retain’ | | externalSecret[0].immutable | bool | `false` | *(optional)* Immutable defines if the final secret will be immutable | @@ -82,9 +82,9 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from | secretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. | | secretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | | secretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | -| secretStores[0].provider.vault.namespace | string | `""` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. s4/ketos | +| secretStores[0].provider.vault.namespace | string | `""` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" | | secretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. | -| secretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.tools.sap/". | +| secretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". | | secretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. | ---------------------------------------------- From f5543e6fa20dc0e87a7d43e6ac116f8e251be363 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:59 +0000 Subject: [PATCH 39/94] chore(ci): update Helm Chart helm/charts/mcp/flux-config/README.md file --- helm/charts/mcp/flux-config/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/charts/mcp/flux-config/README.md b/helm/charts/mcp/flux-config/README.md index 9871f15..dd849a3 100644 --- a/helm/charts/mcp/flux-config/README.md +++ b/helm/charts/mcp/flux-config/README.md @@ -6,11 +6,11 @@ A Helm Chart to template flux manifests to leverage GitOps on a CO MCP cluster. -**Homepage:** +**Homepage:** ## Source Code -* +* * ## Values @@ -53,7 +53,7 @@ A Helm Chart to template flux manifests to leverage GitOps on a CO MCP cluster. | gitRepositorys[0].spec.ref.branch | string | `""` | *(optional)* [branch](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositoryRef) Branch to check out, defaults to ‘master’ if no other field is defined. e.g. "main" | | gitRepositorys[0].spec.secretRef | object | `{"name":""}` | *(optional)* [SecretRef](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) specifies the Secret containing authentication credentials for the GitRepository. For HTTPS repositories the Secret must contain ‘username’ and ‘password’ fields for basic auth or ‘bearerToken’ field for token auth. For SSH repositories the Secret must contain ‘identity’ and ‘known_hosts’ fields. | | gitRepositorys[0].spec.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | -| gitRepositorys[0].spec.url | string | `""` | [URL]() specifies the Git repository URL, it can be an HTTP/S or SSH address. E.g. https://github.tools.sap/.../... | +| gitRepositorys[0].spec.url | string | `""` | [URL]() specifies the Git repository URL, it can be an HTTP/S or SSH address. | | kustomizations | list | `[{"commonMetadata":[],"components":{},"decryption":[],"dependsOn":{},"force":null,"healthChecks":{},"images":{},"interval":null,"kubeConfig":[],"name":"","namePrefix":null,"nameSuffix":null,"namespace":"","patches":null,"path":"","postBuild":[],"prune":null,"retryInterval":null,"serviceAccountName":null,"sourceRef":{"apiVersion":"","kind":"GitRepository","name":"","namespace":""},"suspend":null,"targetNamespace":"","timeout":null,"wait":null}]` | defines independent [`kind: Kustomization`](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.Kustomization) manifest without the generation of `kind: GitRepository`. | | kustomizations[0].commonMetadata | list | `[]` | [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. | | kustomizations[0].components | object | `{}` | [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. | From 862fda74c0ec6f0970bb4f4eef2e6610615ac9cd Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:59 +0000 Subject: [PATCH 40/94] chore(ci): update Helm Chart helm/charts/mcp/k8s-validating-admission-policy/README.md file --- helm/charts/mcp/k8s-validating-admission-policy/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/charts/mcp/k8s-validating-admission-policy/README.md b/helm/charts/mcp/k8s-validating-admission-policy/README.md index e2ad841..acf9da4 100644 --- a/helm/charts/mcp/k8s-validating-admission-policy/README.md +++ b/helm/charts/mcp/k8s-validating-admission-policy/README.md @@ -8,6 +8,7 @@ A Helm Chart to orchestrate k8s ValidatingAdmissionPolicy & ValidatingAdmissionP ## Source Code +* * ## Requirements From 851c433474b93bfe44cc7c5e51e8144c8336795f Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:59 +0000 Subject: [PATCH 41/94] chore(ci): update Helm Chart helm/charts/mcp/sap-btp-services/README.md file --- helm/charts/mcp/sap-btp-services/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/helm/charts/mcp/sap-btp-services/README.md b/helm/charts/mcp/sap-btp-services/README.md index 1fee52c..83def94 100644 --- a/helm/charts/mcp/sap-btp-services/README.md +++ b/helm/charts/mcp/sap-btp-services/README.md @@ -6,11 +6,9 @@ A Helm Chart to create dynamically SAP BTP Services instances and bindings. -**Homepage:** - ## Source Code -* +* * ## Requirements From 86abaca8b009e41ac87e0cbe47df51e9c6fa36a3 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 08:56:59 +0000 Subject: [PATCH 42/94] chore(ci): update Helm Chart helm/charts/test-custom-chart/README.md file --- helm/charts/test-custom-chart/README.md | 90 +++++++++++++------------ 1 file changed, 47 insertions(+), 43 deletions(-) diff --git a/helm/charts/test-custom-chart/README.md b/helm/charts/test-custom-chart/README.md index f7dee73..0b1066c 100644 --- a/helm/charts/test-custom-chart/README.md +++ b/helm/charts/test-custom-chart/README.md @@ -1,3 +1,5 @@ + + # test-custom-chart ![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) @@ -20,60 +22,62 @@ A Helm chart to test github action and workflows. NOTHING MORE! | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | full name override | -| image.pullPolicy | string | `"IfNotPresent"` | | +| sap-btp-services.services[0].name | string | `"identityApplication"` | | +| sap-btp-services.services[0].namespace | string | `"default"` | | +| sap-btp-services.services[0].instance.name | string | `"ketos-op-cluster-ias"` | | +| sap-btp-services.services[0].instance.serviceOfferingName | string | `"identity"` | | +| sap-btp-services.services[0].instance.servicePlanName | string | `"application"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[0] | string | `"https://*.../oauth2/callback"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[1] | string | `"https://*.../callback"` | | +| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[2] | string | `"https://*.../*"` | | +| sap-btp-services.services[0].instance.parameters.consumed-apis | list | `[]` | | +| sap-btp-services.services[0].instance.parameters.display-name | string | `""` | | +| sap-btp-services.services[0].instance.parameters.multi-tenant | bool | `true` | | +| sap-btp-services.services[0].instance.parameters.xsuaa-cross-consumption | bool | `true` | | +| sap-btp-services.services[0].bindings[0].name | string | `"ketos-op-cluster-ias"` | | +| sap-btp-services.services[0].bindings[0].secretName | string | `"btp-ias"` | | +| sap-btp-services.services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotationFrequency | string | `"480h"` | | +| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotatedBindingTTL | string | `"2h"` | | +| replicaCount | int | `1` | replication count | | image.repository | string | `"nginx"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | | image.tag | string | `""` | | | imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | +| nameOverride | string | `""` | name override | +| fullnameOverride | string | `""` | full name override | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.name | string | `""` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| securityContext | object | `{}` | | +| service.type | string | `"ClusterIP"` | | +| service.port | int | `80` | | | ingress.enabled | bool | `false` | | +| ingress.className | string | `""` | | +| ingress.annotations | object | `{}` | | | ingress.hosts[0].host | string | `"chart-example.local"` | | | ingress.hosts[0].paths[0].path | string | `"/"` | | | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | | ingress.tls | list | `[]` | | +| resources | object | `{}` | | | livenessProbe.httpGet.path | string | `"/"` | | | livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | name override | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | -| podSecurityContext | object | `{}` | | | readinessProbe.httpGet.path | string | `"/"` | | | readinessProbe.httpGet.port | string | `"http"` | | -| replicaCount | int | `1` | replication count | -| resources | object | `{}` | | -| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | -| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotatedBindingTTL | string | `"2h"` | | -| sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.rotationFrequency | string | `"480h"` | | -| sap-btp-services.services[0].bindings[0].name | string | `"ketos-op-cluster-ias"` | | -| sap-btp-services.services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | -| sap-btp-services.services[0].bindings[0].secretName | string | `"btp-ias"` | | -| sap-btp-services.services[0].instance.name | string | `"ketos-op-cluster-ias"` | | -| sap-btp-services.services[0].instance.parameters.consumed-apis | list | `[]` | | -| sap-btp-services.services[0].instance.parameters.display-name | string | `""` | | -| sap-btp-services.services[0].instance.parameters.multi-tenant | bool | `true` | | -| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[0] | string | `"https://*.../oauth2/callback"` | | -| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[1] | string | `"https://*.../callback"` | | -| sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[2] | string | `"https://*.../*"` | | -| sap-btp-services.services[0].instance.parameters.xsuaa-cross-consumption | bool | `true` | | -| sap-btp-services.services[0].instance.serviceOfferingName | string | `"identity"` | | -| sap-btp-services.services[0].instance.servicePlanName | string | `"application"` | | -| sap-btp-services.services[0].name | string | `"identityApplication"` | | -| sap-btp-services.services[0].namespace | string | `"default"` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | | volumes | list | `[]` | | +| volumeMounts | list | `[]` | | +| nodeSelector | object | `{}` | | +| tolerations | list | `[]` | | +| affinity | object | `{}` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file From fe2f941a49c297421965a3789e2f8f545c054867 Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Mon, 14 Apr 2025 11:36:58 +0200 Subject: [PATCH 43/94] Fixed workflow --- .github/workflows/git-pr-status-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/git-pr-status-checks.yml b/.github/workflows/git-pr-status-checks.yml index 560b742..a88b41b 100644 --- a/.github/workflows/git-pr-status-checks.yml +++ b/.github/workflows/git-pr-status-checks.yml @@ -1,7 +1,7 @@ name: Git PR Status Checks on: - pull_request: {} + workflow_call: {} concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} From baa4aea5e86590431986f239969a1b7ec8de46ea Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:38 +0000 Subject: [PATCH 44/94] chore(ci): update helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml.version 0.0.2- >0.0.3 --- helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml index c286331..eae63af 100644 --- a/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://gardener.cloud/images/lp/gardener-logo.svg" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.2 +version: 0.0.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. @@ -25,4 +25,4 @@ appVersion: "0.1.0" home: "https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1" # A list of URLs to source code for this project (optional) sources: - - https://github.com/openmcp-project/blueprint-building-blocks \ No newline at end of file + - https://github.com/openmcp-project/blueprint-building-blocks From 1108dae1fe41412727e4aa41ddb4db09bd5860ab Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:38 +0000 Subject: [PATCH 45/94] chore(ci): update helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml.version 0.0.8- >0.0.9 --- helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml index eb83521..4e8aa52 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.8 +version: 0.0.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. @@ -24,4 +24,4 @@ version: 0.0.8 appVersion: "0.1.0" # A list of URLs to source code for this project (optional) sources: - - https://github.com/openmcp-project/blueprint-building-blocks \ No newline at end of file + - https://github.com/openmcp-project/blueprint-building-blocks From 3865a8807881efad93635078f4cad1df7841dd3c Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 46/94] chore(ci): update helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml.version 0.0.7- >0.0.8 --- .../mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml index 9918cc1..3ba7cc1 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.7 +version: 0.0.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. @@ -24,4 +24,4 @@ version: 0.0.7 appVersion: "0.1.0" # A list of URLs to source code for this project (optional) sources: - - https://github.com/openmcp-project/blueprint-building-blocks \ No newline at end of file + - https://github.com/openmcp-project/blueprint-building-blocks From 6b2b480c5f2ff474bcf4b5894718af49ebe14751 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 47/94] chore(ci): update helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml.version 0.0.1- >0.0.2 --- .../charts/mcp/crossplane-provider-apiextensions/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml b/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml index 3e02de8..bf7b965 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-apiextensions/Chart.yaml @@ -16,17 +16,17 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.1 +version: 0.0.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "0.0.1" # The URL of this projects home page (optional) -home: "https://github.com/openmcp-project/blueprints" +home: "https://github.com/openmcp-project/blueprints" # A list of URLs to source code for this project (optional) sources: - - https://docs.crossplane.io/latest/api/ + - https://docs.crossplane.io/latest/api/ - https://github.com/openmcp-project/blueprint-building-blocks # Whether this chart is deprecated (optional, boolean) deprecated: false From 3fa1fe75e42bcea6aa66ed78baa707020e29bfa9 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 48/94] chore(ci): update helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml.version 0.0.10- >0.0.11 --- helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml b/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml index 82d4609..2acd92a 100644 --- a/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-btp-security/Chart.yaml @@ -17,7 +17,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.10 +version: 0.0.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 4e11def9cbcd59c66745c0907cd75deb7d32ba1a Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 49/94] chore(ci): update helm/charts/mcp/crossplane-provider-gcp/Chart.yaml.version 0.0.9- >0.0.10 --- helm/charts/mcp/crossplane-provider-gcp/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml b/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml index fda8814..697e9b7 100644 --- a/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-gcp/Chart.yaml @@ -16,7 +16,7 @@ icon: "" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.9 +version: 0.0.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From d09dac2522b51928ada35f3fef792b1d8c6a2352 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 50/94] chore(ci): update helm/charts/mcp/crossplane-provider-helm/Chart.yaml.version 0.0.8- >0.0.9 --- helm/charts/mcp/crossplane-provider-helm/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-helm/Chart.yaml b/helm/charts/mcp/crossplane-provider-helm/Chart.yaml index 651298a..961e169 100644 --- a/helm/charts/mcp/crossplane-provider-helm/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-helm/Chart.yaml @@ -17,7 +17,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.8 +version: 0.0.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From d30041015020f6787c4d559fc7e9be88d0655b56 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 51/94] chore(ci): update helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml.version 0.0.9- >0.0.10 --- helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml b/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml index abf7ab8..8258fe7 100644 --- a/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-kubernetes/Chart.yaml @@ -17,7 +17,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.9 +version: 0.0.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 7755c5fad890bf53cd44f9217e2d3065997c7711 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 52/94] chore(ci): update helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml.version 0.0.10- >0.0.11 --- helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml b/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml index 53342bb..d20ca85 100644 --- a/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-pkgs/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.10 +version: 0.0.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 1abbf241d131decc711cc232b61a0518ea65aa10 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 53/94] chore(ci): update helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml.version 0.0.6- >0.0.7 --- helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml index 52d3277..6364b7c 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/Chart.yaml @@ -16,7 +16,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.6 +version: 0.0.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 0dd79f2be4566fccda7ca720026b189a612bfcd8 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 54/94] chore(ci): update helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml.version 0.0.12- >0.0.13 --- .../mcp/crossplane-provider-sap-btp-environment/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml index 403640d..3c0b343 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/Chart.yaml @@ -17,7 +17,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.12 +version: 0.0.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 1c90ea02c3edc58dcf7c921ee24abab65e4107a3 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 55/94] chore(ci): update helm/charts/mcp/flux-config/Chart.yaml.version 0.0.14- >0.0.15 --- helm/charts/mcp/flux-config/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/flux-config/Chart.yaml b/helm/charts/mcp/flux-config/Chart.yaml index f39b136..1f3ca62 100644 --- a/helm/charts/mcp/flux-config/Chart.yaml +++ b/helm/charts/mcp/flux-config/Chart.yaml @@ -17,7 +17,7 @@ icon: "https://avatars.githubusercontent.com/u/52158677?s=200&v=4" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.14 +version: 0.0.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 0f195ac3aaff39cee3f89172612756a7b2cf865c Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 56/94] chore(ci): update helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml.version 0.0.2- >0.0.3 --- helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml b/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml index d418602..36ef619 100644 --- a/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml +++ b/helm/charts/mcp/k8s-validating-admission-policy/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.2 +version: 0.0.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From cfa562e18b72e1518907665a9a7abd81ac9b68a6 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 57/94] chore(ci): update helm/charts/mcp/sap-btp-services/Chart.yaml.version 0.0.9- >0.0.10 --- helm/charts/mcp/sap-btp-services/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/sap-btp-services/Chart.yaml b/helm/charts/mcp/sap-btp-services/Chart.yaml index 1c6b046..b0e0076 100644 --- a/helm/charts/mcp/sap-btp-services/Chart.yaml +++ b/helm/charts/mcp/sap-btp-services/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.9 +version: 0.0.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From a175e44d126d270c24811c6cf3dafe51ec619bbf Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:39 +0000 Subject: [PATCH 58/94] chore(ci): update helm/charts/test-custom-chart/Chart.yaml.version 0.0.8- >0.0.9 --- helm/charts/test-custom-chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/test-custom-chart/Chart.yaml b/helm/charts/test-custom-chart/Chart.yaml index c5081d4..14d3496 100644 --- a/helm/charts/test-custom-chart/Chart.yaml +++ b/helm/charts/test-custom-chart/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.8 +version: 0.0.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. From 9843afbda11aeb9d1bf97b6f591fb5062e9163a5 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 59/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-core-cloud/README.md file --- helm/charts/mcp/crossplane-gardener-core-cloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md index 9d0458c..404dec8 100644 --- a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md @@ -2,7 +2,7 @@ # crossplane-gardener-core-cloud -![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) +![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) A Helm chart to template crossplane manifests to manage core.gardener.cloud resources. From d91df197a40a24c1bb69bdfebd1c4de1a8b82dd2 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 60/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md file --- helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md index 7147bd3..6f18b97 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md @@ -2,7 +2,7 @@ # crossplane-gardener-shoot-clusters -![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) A Helm chart to template crossplane manifests to manage Gardener Shoot resources. From e46d293e9532723ca8d41372f0149e1b07841d0a Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 61/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md file --- helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md index 21275a0..8f8d6dd 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md @@ -2,7 +2,7 @@ # crossplane-gardener-shoot-kubeconfigs -![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) +![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) A Helm chart to template crossplane manifests to request kubeconfigs of existing Gardener Shoots. From dabbad2c86fc7beccc24fbf7d88cd56d7fb35b18 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 62/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-apiextensions/README.md file --- helm/charts/mcp/crossplane-provider-apiextensions/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-apiextensions/README.md b/helm/charts/mcp/crossplane-provider-apiextensions/README.md index 910b50e..1334cfe 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions/README.md +++ b/helm/charts/mcp/crossplane-provider-apiextensions/README.md @@ -2,7 +2,7 @@ # crossplane-provider-apiextensions -![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template crossplane API extensions compositions. From 0d960c4ef70fd89de02968c66d2f0c45e4591cf1 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 63/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-btp-security/README.md file --- helm/charts/mcp/crossplane-provider-btp-security/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-btp-security/README.md b/helm/charts/mcp/crossplane-provider-btp-security/README.md index 0920c99..d4fb47e 100644 --- a/helm/charts/mcp/crossplane-provider-btp-security/README.md +++ b/helm/charts/mcp/crossplane-provider-btp-security/README.md @@ -2,7 +2,7 @@ # crossplane-provider-btp-security -![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template crossplane manifests to manage BTP resources such as Directory, TrustConfiguration and RoleCollection Assignment on BTP. From d5d8e2a0f4588fe8e934b4e6c18d2036155aaa8d Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 64/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-gcp/README.md file --- helm/charts/mcp/crossplane-provider-gcp/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-gcp/README.md b/helm/charts/mcp/crossplane-provider-gcp/README.md index 431c028..407a6bf 100644 --- a/helm/charts/mcp/crossplane-provider-gcp/README.md +++ b/helm/charts/mcp/crossplane-provider-gcp/README.md @@ -2,7 +2,7 @@ # crossplane-provider-gcp -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template GCP manifests for its crossplane provider. From 9e5be12c7b389896f4feca19b0a1472b056718a2 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 65/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-helm/README.md file --- helm/charts/mcp/crossplane-provider-helm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-helm/README.md b/helm/charts/mcp/crossplane-provider-helm/README.md index 63a79b3..49c41d5 100644 --- a/helm/charts/mcp/crossplane-provider-helm/README.md +++ b/helm/charts/mcp/crossplane-provider-helm/README.md @@ -2,7 +2,7 @@ # crossplane-provider-helm -![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.0](https://img.shields.io/badge/AppVersion-0.19.0-informational?style=flat-square) +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.19.0](https://img.shields.io/badge/AppVersion-0.19.0-informational?style=flat-square) A Helm Chart to template crossplane provider "helm" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. From 5f00731ebcae5d4ad69473bce35d521d7e838f4e Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 66/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-kubernetes/README.md file --- helm/charts/mcp/crossplane-provider-kubernetes/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-kubernetes/README.md b/helm/charts/mcp/crossplane-provider-kubernetes/README.md index 608600c..b4dff66 100644 --- a/helm/charts/mcp/crossplane-provider-kubernetes/README.md +++ b/helm/charts/mcp/crossplane-provider-kubernetes/README.md @@ -2,7 +2,7 @@ # crossplane-provider-kubernetes -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.1](https://img.shields.io/badge/AppVersion-0.14.1-informational?style=flat-square) +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.1](https://img.shields.io/badge/AppVersion-0.14.1-informational?style=flat-square) A Helm Chart to template crossplane provider "kubernetes" manifests to manage k8s cluster stack on a k8s Gardener/Kyma clusters. From e81d98e5b064228ab8c891601710378dbd8cc7b2 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 67/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-pkgs/README.md file --- helm/charts/mcp/crossplane-provider-pkgs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-pkgs/README.md b/helm/charts/mcp/crossplane-provider-pkgs/README.md index 437eac4..ea9e2d4 100644 --- a/helm/charts/mcp/crossplane-provider-pkgs/README.md +++ b/helm/charts/mcp/crossplane-provider-pkgs/README.md @@ -2,7 +2,7 @@ # crossplane-provider-pkgs -![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template crossplane provider "kind Provider" manifests to install crossplane family providers. From 7ece274152908391f3003d01fdb02c90bc88f4a4 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 68/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-sap-btp-account/README.md file --- helm/charts/mcp/crossplane-provider-sap-btp-account/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md index 483d7b6..3bebc13 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md @@ -2,7 +2,7 @@ # crossplane-provider-sap-btp-account -![Version: 0.0.6](https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) +![Version: 0.0.7](https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) A Helm chart to template crossplane manifests to manage SAP BTP resources. From 2bb1932444017e3c02fa2b6b1b6a060bd854b905 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 69/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md file --- .../mcp/crossplane-provider-sap-btp-environment/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md index e3f7508..bf55b4a 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md @@ -2,7 +2,7 @@ # crossplane-provider-sap-btp-environment -![Version: 0.0.12](https://img.shields.io/badge/Version-0.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.13](https://img.shields.io/badge/Version-0.0.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kyma environments on BTP. From b2b21a6896594fc295b27ac0158f61dc58c767c3 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 70/94] chore(ci): update Helm Chart helm/charts/mcp/flux-config/README.md file --- helm/charts/mcp/flux-config/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/flux-config/README.md b/helm/charts/mcp/flux-config/README.md index dd849a3..520cd8f 100644 --- a/helm/charts/mcp/flux-config/README.md +++ b/helm/charts/mcp/flux-config/README.md @@ -2,7 +2,7 @@ # flux-config -![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) A Helm Chart to template flux manifests to leverage GitOps on a CO MCP cluster. From 1ba41cbe8f5345a87fdaf9b8613930da489e264f Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 71/94] chore(ci): update Helm Chart helm/charts/mcp/k8s-validating-admission-policy/README.md file --- helm/charts/mcp/k8s-validating-admission-policy/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/k8s-validating-admission-policy/README.md b/helm/charts/mcp/k8s-validating-admission-policy/README.md index acf9da4..db928b7 100644 --- a/helm/charts/mcp/k8s-validating-admission-policy/README.md +++ b/helm/charts/mcp/k8s-validating-admission-policy/README.md @@ -2,7 +2,7 @@ # k8s-validating-admission-policy -![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) A Helm Chart to orchestrate k8s ValidatingAdmissionPolicy & ValidatingAdmissionPolicyBinding From f4f254657496c8eab3af7b271a0956b61ccce9f4 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 72/94] chore(ci): update Helm Chart helm/charts/mcp/sap-btp-services/README.md file --- helm/charts/mcp/sap-btp-services/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/sap-btp-services/README.md b/helm/charts/mcp/sap-btp-services/README.md index 83def94..09608c2 100644 --- a/helm/charts/mcp/sap-btp-services/README.md +++ b/helm/charts/mcp/sap-btp-services/README.md @@ -2,7 +2,7 @@ # sap-btp-services -![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square) +![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square) A Helm Chart to create dynamically SAP BTP Services instances and bindings. From c6d5ba797a106f783b2d0985e5c4fe32a863428a Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:41 +0000 Subject: [PATCH 73/94] chore(ci): update Helm Chart helm/charts/test-custom-chart/README.md file --- helm/charts/test-custom-chart/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/test-custom-chart/README.md b/helm/charts/test-custom-chart/README.md index 0b1066c..d7d1453 100644 --- a/helm/charts/test-custom-chart/README.md +++ b/helm/charts/test-custom-chart/README.md @@ -2,7 +2,7 @@ # test-custom-chart -![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) A Helm chart to test github action and workflows. NOTHING MORE! From 1c7c44319e6d4ee9e624ef8cc4a108178e57c4ba Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 09:37:42 +0000 Subject: [PATCH 74/94] chore(ci): k8s manifest templated for Helm Charts --- .../test-custom-chart/templates/deployment.yaml | 6 +++--- .../test-custom-chart/templates/service.yaml | 4 ++-- .../test-custom-chart/templates/serviceaccount.yaml | 4 ++-- .../test-custom-chart/templates/tests/test-connection.yaml | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml index 47476eb..030ece4 100644 --- a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/deployment.yaml @@ -6,8 +6,8 @@ metadata: name: helm-release-name-test-custom-chart labels: openmcp.cloud/blueprint-building-block: "test-custom-chart" - openmcp.cloud/blueprint-building-block-version: "0.0.8" - helm.sh/chart: test-custom-chart-0.0.8 + openmcp.cloud/blueprint-building-block-version: "0.0.9" + helm.sh/chart: test-custom-chart-0.0.9 app.kubernetes.io/name: test-custom-chart app.kubernetes.io/instance: helm-release-name app.kubernetes.io/version: "1.16.0" @@ -21,7 +21,7 @@ spec: template: metadata: labels: - helm.sh/chart: test-custom-chart-0.0.8 + helm.sh/chart: test-custom-chart-0.0.9 app.kubernetes.io/name: test-custom-chart app.kubernetes.io/instance: helm-release-name app.kubernetes.io/version: "1.16.0" diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml index 175bd22..258fc8b 100644 --- a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/service.yaml @@ -6,8 +6,8 @@ metadata: name: helm-release-name-test-custom-chart labels: openmcp.cloud/blueprint-building-block: "test-custom-chart" - openmcp.cloud/blueprint-building-block-version: "0.0.8" - helm.sh/chart: test-custom-chart-0.0.8 + openmcp.cloud/blueprint-building-block-version: "0.0.9" + helm.sh/chart: test-custom-chart-0.0.9 app.kubernetes.io/name: test-custom-chart app.kubernetes.io/instance: helm-release-name app.kubernetes.io/version: "1.16.0" diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml index e385714..8e4af5b 100644 --- a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/serviceaccount.yaml @@ -6,8 +6,8 @@ metadata: name: helm-release-name-test-custom-chart labels: openmcp.cloud/blueprint-building-block: "test-custom-chart" - openmcp.cloud/blueprint-building-block-version: "0.0.8" - helm.sh/chart: test-custom-chart-0.0.8 + openmcp.cloud/blueprint-building-block-version: "0.0.9" + helm.sh/chart: test-custom-chart-0.0.9 app.kubernetes.io/name: test-custom-chart app.kubernetes.io/instance: helm-release-name app.kubernetes.io/version: "1.16.0" diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml index d002308..954c6fd 100644 --- a/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/templates/tests/test-connection.yaml @@ -6,8 +6,8 @@ metadata: name: "helm-release-name-test-custom-chart-test-connection" labels: openmcp.cloud/blueprint-building-block: "test-custom-chart" - openmcp.cloud/blueprint-building-block-version: "0.0.8" - helm.sh/chart: test-custom-chart-0.0.8 + openmcp.cloud/blueprint-building-block-version: "0.0.9" + helm.sh/chart: test-custom-chart-0.0.9 app.kubernetes.io/name: test-custom-chart app.kubernetes.io/instance: helm-release-name app.kubernetes.io/version: "1.16.0" From 7dddf7a7d76d5eaafb4616f1a5578968ac6c6c9b Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Mon, 14 Apr 2025 15:01:58 +0200 Subject: [PATCH 75/94] Fixed workflows added README.md --- .github/workflows/git-release-create.yml | 2 +- .../workflows/git-tag-modified-helm-chart.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/shellcheck.yaml | 2 +- .github/workflows/yamllint.yml | 2 +- README.md | 132 +++++++++++++++++- .../mcp/crossplane-provider-configs/README.md | 2 +- .../crossplane-provider-configs/values.yaml | 2 +- helm/charts/mcp/flux-config/Chart.yaml | 2 +- helm/charts/mcp/flux-config/README.md | 2 +- 10 files changed, 139 insertions(+), 11 deletions(-) diff --git a/.github/workflows/git-release-create.yml b/.github/workflows/git-release-create.yml index 00195d9..04b1ba1 100644 --- a/.github/workflows/git-release-create.yml +++ b/.github/workflows/git-release-create.yml @@ -9,7 +9,7 @@ on: jobs: git-release-create: name: Helm Chart Release Tag - runs-on: [solinas] + runs-on: ubuntu-latest steps: - name: Login to GitHub Enterprise with token run: | diff --git a/.github/workflows/git-tag-modified-helm-chart.yml b/.github/workflows/git-tag-modified-helm-chart.yml index a2368be..a4df887 100644 --- a/.github/workflows/git-tag-modified-helm-chart.yml +++ b/.github/workflows/git-tag-modified-helm-chart.yml @@ -10,6 +10,6 @@ permissions: jobs: git-tag-modified-helm-chart: name: Tag modified Helm Chart - runs-on: [solinas] + runs-on: ubuntu-latest steps: - uses: openmcp-project/blueprint-building-blocks/.github/actions/git-tag-modified-helm-chart@main \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f43abdc..d046726 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: secrets: inherit release: name: Release - runs-on: [solinas] + runs-on: ubuntu-latest permissions: contents: write # to be able to publish a GitHub release issues: write # to be able to comment on released issues diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml index c3f103d..c3e74c4 100644 --- a/.github/workflows/shellcheck.yaml +++ b/.github/workflows/shellcheck.yaml @@ -25,7 +25,7 @@ env: jobs: shellcheck: - runs-on: [solinas] + runs-on: ubuntu-latest steps: - name: Checkout repo uses: actions/checkout@v4 diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml index 48e4a48..750d7ea 100644 --- a/.github/workflows/yamllint.yml +++ b/.github/workflows/yamllint.yml @@ -22,7 +22,7 @@ env: jobs: yamllint: - runs-on: [solinas] + runs-on: ubuntu-latest steps: - name: Checkout repo uses: actions/checkout@v4 diff --git a/README.md b/README.md index bbe755a..69727bd 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,139 @@ ## About this project -Helm chart building blocks for Cloud Orchestrator MCP Blueprints +This repositry contains [sub helm charts](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/) of the [OpenMCP](https://github.com/openmcp-project) which are the building blocks for the OpenMCP Blueprints. To start your [Infrastructure as Data]() Cloud Journey with the OpenMCP Blueprint, visit this [repository](https://github.com/openmcp-project/blueprints) and follow `Getting Started` section. ## Requirements and Setup -*Insert a short description what is required to get your project running...* +### Helm Charts +[Helm Charts](http://helm.sh) located at [`./helm/charts`](./helm/charts) are build with various purpose in mind. Please consult `README.md` file of each Helm Chart to discover its purpose, `values.yaml` structure and intended puropse. + +### Continous Delivery +All [Helm Charts](http://helm.sh) located in this repository will be [automatically versioned](https://github.com/openmcp-project/blueprint-workflows/tree/main/.github/actions/helm-chart/version-bump) and [pushed](.github/workflows/gh-pages-release.yml) into [Projects OCI registry](https://github.com/orgs/openmcp-project/packages?repo_name=blueprint-building-blocks) and Helm Repositry [cloud-orchestrator-mcp-blueprint-building-blocks](https://openmcp-project.github.io/blueprint-building-blocks). + + +### [Github Workflows](#github-workflows) +#### [`PR Status Checks`](#github-workflow-git-pr-status-checks) +More details see Github Workflow [`.github/workflows/git-pr-status-checks.yml`](https://github.com/openmcp-project/blueprint-workflows/tree/main/.github/workflows/git-pr-status-checks.yml) of [mcp-blueprint-gh-actions](https://github.com/openmcp-project/blueprint-workflows/tree/main/) + +#### [`.ci.config.yaml`](#github-workflow-ci-config-yaml) + +File `chart-abc/.ci.config.yaml` is optional for every Helm Chart and influences execution of [`.github/workflows/git-pr-status-checks.yml`](.github/workflows/git-pr-status-checks.yml). + +You can enable or disable processing of certain Github Workflows for certain Helm Charts via [`.ci.config.yaml`](helm/charts/test-custom-chart/.ci.config.yaml)! + +```yaml +helm-chart-dependency-update: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! +helm-chart-linting: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! + options: + --strict: true # fail on lint warnings (default true) + --with-subcharts: false # lint dependent charts (default false) +helm-chart-validation: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! + options: + --skip-crds: false # if set true, no CRDs will be templated. By default, CRDs are templated (default false) + --skip-tests: false # skip tests from templated output (default false) + --include-crds: false # include CRDs in the templated output (default false) + --debug: false # enable verbose output (default false) + --dependency-update: true # update dependencies if they are missing before installing the chart (default true) +helm-docs: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! + options: + --badge-style: "flat-square" # badge style to use for charts (default "flat-square") + --document-dependency-values: true # For charts with dependencies, include the dependency values in the chart values documentation + --documentation-strict-mode: false # Fail the generation of docs if there are undocumented values + --skip-version-footer: false # if true the helm-docs version footer will not be shown in the default README template + --sort-values-order: "file" # order in which to sort the values table ("alphanum" or "file") (default "alphanum") + --output-file: "README.md" # markdown file path relative to each chart directory to which rendered documentation will be written (default "README.md") +helm-chart-version-bump: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! +k8s-manifest-templating: + enable: true # default is true, even if you do NOT declare this in .ci.config.yaml! + options: + --skip-crds: false # if set true, no CRDs will be templated. By default, CRDs are templated (default false) +``` + +:bangbang: It is **HIGHLY** recommended **NOT** to `enabled: false`for `helm-chart-linting-manifest-validation.sh` :bangbang: + +### [Deletion Dependency Graph](#helm-chart-dependencies-deletion-dependency-graph) +:bangbang: **DO NOT DELETE** / **DISABLE** your [Umbrella Helm Chart](https://github.com/openmcp-project/blueprints) Dependencies all at ONCE :bangbang: +If you want to clean-up / deprovision / delete SAP & Hyperscaler Resources, you need to follow a certain order! + +We recommend to delete / disable the Helm Chart Dependencies in the following order: *read from right to left* +``` +flux-config +└── crossplane-provider-pkgs + └── external-secrets-config + ├── crossplane-provider-configs + └── crossplane-provider-apiextensions-composition + ├── crossplane-gardener-shoot-clusters + │ ├── crossplane-provider-helm + │ └── crossplane-provider-kubernetes + ├── crossplane-gardener-shoot-kubeconfigs + │ ├── crossplane-provider-helm + │ └── crossplane-provider-kubernetes + ├── crossplane-provider-aws-* + ├── crossplane-provider-btp-accounts + └── crossplane-provider-dynatrace +``` +E.g.: The `flux-config` dependency shall be deleted / disabled as last. + +#### Example +Lets have a look at the [`Chart.yaml`](https://github.com/openmcp-project/blueprints/blob/main/helm/umbrella/blueprints/provider-gardener.abc.shoot.live.k8s-hana.ondemand.com/Chart.yaml) of the template [`provider-gardener.abc.shoot.live.k8s-hana.ondemand.com`](https://github.com/openmcp-project/blueprints/blob/main/helm/umbrella/blueprints/provider-gardener.abc.shoot.live.k8s-hana.ondemand.com). + +```yaml +dependencies: + - name: crossplane-provider-configs + alias: crossplane-provider-configs + version: .... + repository: "oci://ghcr.io/openmcp-project" + tags: + - crossplane-provider-configs + - name: external-secrets-config + alias: external-secrets-config + version: ... + repository: "oci://ghcr.io/openmcp-project" + tags: + - external-secrets-config + - name: crossplane-gardener-shoot-clusters + alias: crossplane-gardener-shoot-clusters + version: ... + repository: "oci://ghcr.io/openmcp-project" + tags: + - crossplane-gardener-shoot-clusters + - name: crossplane-provider-helm + alias: crossplane-provider-helm + version: ... + repository: "oci://ghcr.io/openmcp-project" + tags: + - crossplane-provider-helm +``` + +```yaml +# values.yaml +tags: + external-secrets-config: true + crossplane-provider-configs: true + crossplane-gardener-shoot-clusters: true + crossplane-provider-helm: true +``` +According to the `Deletion Dependency Graph` section, the order of **deletion / disabling** the Helm Chart dependency is: +1. crossplane-provider-helm +2. crossplane-gardener-shoot-clusters +3. crossplane-provider-configs +4. external-secrets-config + +**Why in this order**? +1. crossplane-provider-helm +> This Helm Chart is used to orchestrate the k8s stack on your Gardener / Kyma Cluster. +2. crossplane-gardener-shoot-clusters +> This Helm Chart is used to orchestrate Gardener Shoot Clusters. +3. crossplane-provider-configs +> This Helm Chart is used to create `crossplane` k8s manifests `kind: ProviderConfig` (e.g. `apiVersion: account.btp.sap.crossplane.io/v1alpha1`) for `crossplane providers` in order to orchestrate (cloud) service providers (e.g. BTP Accounts) +4. external-secrets-config +> This Helm Chart is used to establish a connection to SAP HashiCorp Vault in order to pull/push credentials of (cloud) service providers. ## Support, Feedback, Contributing diff --git a/helm/charts/mcp/crossplane-provider-configs/README.md b/helm/charts/mcp/crossplane-provider-configs/README.md index 96d98b4..d8657dd 100644 --- a/helm/charts/mcp/crossplane-provider-configs/README.md +++ b/helm/charts/mcp/crossplane-provider-configs/README.md @@ -25,7 +25,7 @@ A Helm chart to template crossplane provider config manifests to orchestrate res | providerConfigs.btpSapCrossplane[0].globalAccountSubDomain | string | `""` | contains the [Global Account Subdomain](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/account.btp.orchestrate.cloud.sap/providerconfig/v1alpha1?path=spec-globalAccount). | | providerConfigs.btpSapCrossplane[0].serviceAccountSecret | object | [] | A user available in BTP. The Credentials in the ServiceAccountSecret are relevant for two reasons (1) On environment creation (Kyma & CloudFoundry) the APIs require a users email address (2) For updating the managers of a CloudFoundry Environment it is required to have a user and a password The structure is pretty basic, a json object with email, username and password. Username & Password must not be filled if there is no need for CloudFoundry Environments. Example: { "email": "", "username": "PUserID", "password": "--" } | | providerConfigs.btpSapCrossplane[0].serviceAccountSecret.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | -| providerConfigs.gardenerOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of SAP Garden k8s Service Account is located in order to create a SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your CO MCP cluster as a k8s secret. | +| providerConfigs.gardenerOrchestrateCloud | list | [] | creates k8s manifest `kind: ProviderConfig` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of SAP Garden k8s Service Account is located in order to create a SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your OpenMCP cluster as a k8s secret. | | providerConfigs.gardenerOrchestrateCloud[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | | providerConfigs.gcpUpbound | list | [] | creates k8s manifest [`kind: ProviderConfig`](https://marketplace.upbound.io/providers/crossplane-contrib/provider-gcp/v0.22.0/resources/gcp.crossplane.io/ProviderConfig/v1beta1) of `gcp.upbound.io/v1beta1`. Additional information see [GCP Quickstart](https://docs.crossplane.io/latest/getting-started/provider-gcp/#create-a-providerconfig). | | providerConfigs.gcpUpbound[0].credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | diff --git a/helm/charts/mcp/crossplane-provider-configs/values.yaml b/helm/charts/mcp/crossplane-provider-configs/values.yaml index 705a887..2ccc617 100644 --- a/helm/charts/mcp/crossplane-provider-configs/values.yaml +++ b/helm/charts/mcp/crossplane-provider-configs/values.yaml @@ -38,7 +38,7 @@ providerConfigs: # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` # This `ProviderConfig` typically points to k8s secret in which a `kubeconfig` of SAP Garden k8s Service Account # is located in order to create a SAP Gardener Shoot Cluster Admin Kubeconfig Request `kind: AdminKubeconfigRequest` of `apiVersion: gardener.orchestrate.cloud.sap/v1alpha1` - # on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your CO MCP cluster as a k8s secret. + # on SAP Garden cluster to pull `kubeconfig` of a SAP Gardener Shoot Clusters into your OpenMCP cluster as a k8s secret. # @default -- [] gardenerOrchestrateCloud: - providerConfigRefName: "" diff --git a/helm/charts/mcp/flux-config/Chart.yaml b/helm/charts/mcp/flux-config/Chart.yaml index 1f3ca62..9cc076f 100644 --- a/helm/charts/mcp/flux-config/Chart.yaml +++ b/helm/charts/mcp/flux-config/Chart.yaml @@ -2,7 +2,7 @@ # The Chart.yaml file is required for a chart. See all avaiable fields: https://helm.sh/docs/topics/charts/#the-chartyaml-file apiVersion: v2 name: flux-config -description: A Helm Chart to template flux manifests to leverage GitOps on a CO MCP cluster. +description: A Helm Chart to template flux manifests to leverage GitOps on a OpenMCP cluster. # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives diff --git a/helm/charts/mcp/flux-config/README.md b/helm/charts/mcp/flux-config/README.md index 520cd8f..2ddebb6 100644 --- a/helm/charts/mcp/flux-config/README.md +++ b/helm/charts/mcp/flux-config/README.md @@ -4,7 +4,7 @@ ![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) -A Helm Chart to template flux manifests to leverage GitOps on a CO MCP cluster. +A Helm Chart to template flux manifests to leverage GitOps on a OpenMCP cluster. **Homepage:** From de588e403474fa3af7d2569fcc4916ac30046cdf Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Mon, 14 Apr 2025 13:03:40 +0000 Subject: [PATCH 76/94] chore(ci): k8s manifest templated for Helm Charts --- .../templates/services-binding-services-cloud-sap.yaml | 2 +- .../templates/services-instance-services-cloud-sap.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml index d8a7b1e..d29d97d 100644 --- a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml @@ -7,7 +7,7 @@ metadata: namespace: default labels: openmcp.cloud/blueprint-building-block: "sap-btp-services" - openmcp.cloud/blueprint-building-block-version: "0.0.9" + openmcp.cloud/blueprint-building-block-version: "0.0.10" spec: serviceInstanceName: ketos-op-cluster-ias secretName: btp-ias diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml index b3fd306..2c09802 100644 --- a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml @@ -7,7 +7,7 @@ metadata: namespace: default labels: openmcp.cloud/blueprint-building-block: "sap-btp-services" - openmcp.cloud/blueprint-building-block-version: "0.0.9" + openmcp.cloud/blueprint-building-block-version: "0.0.10" spec: serviceOfferingName: identity servicePlanName: application From b0484c211fca7b6216ae4f44280a8b613a8d085a Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Mon, 14 Apr 2025 15:07:23 +0200 Subject: [PATCH 77/94] Fixed workflows --- .github/workflows/shellcheck.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml index c3e74c4..c801f5a 100644 --- a/.github/workflows/shellcheck.yaml +++ b/.github/workflows/shellcheck.yaml @@ -23,6 +23,9 @@ env: MESSAGE_HEADER: "Shell Check" MESSAGE: "" +permissions: + pull-requests: write + jobs: shellcheck: runs-on: ubuntu-latest From 09e3da11900c5fbbef626d80f59f36964214d213 Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Mon, 14 Apr 2025 15:09:22 +0200 Subject: [PATCH 78/94] Fixed workflows --- .github/workflows/shellcheck.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml index c801f5a..26c09ef 100644 --- a/.github/workflows/shellcheck.yaml +++ b/.github/workflows/shellcheck.yaml @@ -25,6 +25,11 @@ env: permissions: pull-requests: write + contents: write + packages: read + actions: write + checks: write + statuses: write jobs: shellcheck: From 85687496f3dea2b20ee2c310557c40a2e1bbba5e Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Tue, 15 Apr 2025 14:16:50 +0200 Subject: [PATCH 79/94] Anonymizing values --- .reuse/dep5 | 29 +++++++++++++++++++ REUSE.toml | 11 ------- .../values.yaml | 2 +- .../values.yaml | 4 +-- .../values.yaml | 2 +- .../values.yaml | 2 +- .../crossplane-provider-configs/values.yaml | 6 ++-- .../mcp/crossplane-provider-helm/values.yaml | 2 +- .../values.yaml | 6 ++-- .../values.yaml | 8 ++--- .../mcp/external-secrets-config/values.yaml | 12 ++++---- helm/charts/mcp/flux-config/values.yaml | 14 ++++----- reuse.spdx | 28 ------------------ 13 files changed, 58 insertions(+), 68 deletions(-) create mode 100644 .reuse/dep5 delete mode 100644 REUSE.toml delete mode 100644 reuse.spdx diff --git a/.reuse/dep5 b/.reuse/dep5 new file mode 100644 index 0000000..6586e1e --- /dev/null +++ b/.reuse/dep5 @@ -0,0 +1,29 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: blueprint-building-blocks +Upstream-Contact: ospo@sap.com +Source: https://github.com/openmcp-project/blueprint-building-blocks +Disclaimer: The code in this project may include calls to APIs ("API Calls") of + SAP or third-party products or services developed outside of this project + ("External Products"). + "APIs" means application programming interfaces, as well as their respective + specifications and implementing code that allows software to communicate with + other software. + API Calls to External Products are not licensed under the open source license + that governs this project. The use of such API Calls and related External + Products are subject to applicable additional agreements with the relevant + provider of the External Products. In no event shall the open source license + that governs this project grant any rights in or to any External Products,or + alter, expand or supersede any terms of the applicable additional agreements. + If you have a valid license agreement with SAP for the use of a particular SAP + External Product, then you may make use of any API Calls included in this + project's code for that SAP External Product, subject to the terms of such + license agreement. If you do not have a valid license agreement for the use of + a particular SAP External Product, then you may only make use of any API Calls + in this project for that SAP External Product for your internal, non-productive + and non-commercial test and evaluation of such API Calls. Nothing herein grants + you any rights to use or access any SAP External Product, or provide any third + parties the right to use of access any SAP External Product, through API Calls. + +Files: * +Copyright: 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors +License: Apache-2.0 \ No newline at end of file diff --git a/REUSE.toml b/REUSE.toml deleted file mode 100644 index efecdd3..0000000 --- a/REUSE.toml +++ /dev/null @@ -1,11 +0,0 @@ -version = 1 -SPDX-PackageName = "blueprint-building-blocks" -SPDX-PackageSupplier = "ospo@sap.com" -SPDX-PackageDownloadLocation = "https://github.com/openmcp-project/blueprint-building-blocks" -SPDX-PackageComment = "The code in this project may include calls to APIs (\"API Calls\") of\n SAP or third-party products or services developed outside of this project\n (\"External Products\").\n \"APIs\" means application programming interfaces, as well as their respective\n specifications and implementing code that allows software to communicate with\n other software.\n API Calls to External Products are not licensed under the open source license\n that governs this project. The use of such API Calls and related External\n Products are subject to applicable additional agreements with the relevant\n provider of the External Products. In no event shall the open source license\n that governs this project grant any rights in or to any External Products,or\n alter, expand or supersede any terms of the applicable additional agreements.\n If you have a valid license agreement with SAP for the use of a particular SAP\n External Product, then you may make use of any API Calls included in this\n project's code for that SAP External Product, subject to the terms of such\n license agreement. If you do not have a valid license agreement for the use of\n a particular SAP External Product, then you may only make use of any API Calls\n in this project for that SAP External Product for your internal, non-productive\n and non-commercial test and evaluation of such API Calls. Nothing herein grants\n you any rights to use or access any SAP External Product, or provide any third\n parties the right to use of access any SAP External Product, through API Calls." - -[[annotations]] -path = "**" -precedence = "aggregate" -SPDX-FileCopyrightText = "2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors" -SPDX-License-Identifier = "Apache-2.0" diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml b/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml index 993a677..9032f3d 100644 --- a/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/values.yaml @@ -6,7 +6,7 @@ secretBindings: # secretBindings[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! - name: "" # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" - projectNamespace: "" + projectnamespace: "ns1" # -- kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) kubernetesCrossplaneProviderConfigRefName: "" # -- secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml index 383aaec..166d725 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/values.yaml @@ -178,7 +178,7 @@ shootClusters: # shootClusters[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! - name: "" # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" - projectNamespace: "" + projectnamespace: "ns1" # -- kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) kubernetesCrossplaneProviderConfigRefName: "" # -- gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) @@ -188,7 +188,7 @@ shootClusters: # -- cloudProfile is a name of a [CloudProfile object](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile). This field is immutable. E.g. gcp / azure / aws cloudProfile: "" # -- [region](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is a name of a region. This field is immutable and content is [cloud profile](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile) specific. - region: "" + region: "eu01" # -- [purpose](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is the purpose class for this cluster. e.g. evaluation / development / testing / production purpose: "" # -- kubernetes[Version](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Kubernetes) is the semantic Kubernetes version to use for the Shoot cluster. Defaults to the highest supported minor and patch version given in the referenced cloud profile. The version can be omitted completely or partially specified, e.g. .. diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml index 20d50ae..71ccd96 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/values.yaml @@ -6,6 +6,6 @@ shootClusters: # gardener.controlPlane.shootClusters[0].name -- name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! - name: "" # -- gardener project name. Starts with "garden..." e.g. "garden-aas-dt" - projectNamespace: "" + projectnamespace: "ns1" # -- gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.gardener.controlPlane.shootClusters[*].gardenerOrchestrateCloudProviderConfigRefName) gardenerOrchestrateCloudProviderConfigRefName: "" \ No newline at end of file diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml index e3bbaea..c3b86aa 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/values.yaml @@ -12,7 +12,7 @@ compositions: ownerReferences: [] spec: mode: "" - writeConnectionSecretsToNamespace: "" + writeConnectionSecretsTonamespace: "ns1" compositeTypeRef: [] environment: [] patchSets: [] diff --git a/helm/charts/mcp/crossplane-provider-configs/values.yaml b/helm/charts/mcp/crossplane-provider-configs/values.yaml index 2ccc617..7657973 100644 --- a/helm/charts/mcp/crossplane-provider-configs/values.yaml +++ b/helm/charts/mcp/crossplane-provider-configs/values.yaml @@ -104,7 +104,7 @@ providerConfigs: # -- Required origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path. address: "" # -- Set the namespace to use. - namespace: "" + namespace: "ns1" # -- Set this to true to disable creation of an intermediate ephemeral Vault token for Terraform to use. Enabling this is strongly discouraged since it increases the potential for a renewable Vault token being exposed in clear text. Only change this setting when the provided token cannot be permitted to create child tokens and there is no risk of exposure from the output of Terraform. skip_child_token: # -- Credentials required to authenticate to this provider. There are many options to authenticate. They include - token - (Optional) Vault token that will be used by Terraform to authenticate. May be set via the VAULT_TOKEN environment variable. If none is otherwise supplied, Terraform will attempt to read it from ~/.vault-token (where the vault command stores its current token). Terraform will issue itself a new token that is a child of the one given, with a short TTL to limit the exposure of any requested secrets, unless skip_child_token is set to true (see below). Note that the given token must have the update capability on the auth/token/create path in Vault in order to create child tokens. A token is required for the provider. A token can explicitly set via token argument, alternatively a token can be dynamically set via an auth_login* block. @@ -115,7 +115,7 @@ providerConfigs: # @default -- [] secretRef: name: "" - namespace: "" + namespace: "ns1" key: "" ######################################################################################################################## # -- creates k8s manifest `kind: ProviderConfig` of `apiVersion: btp.sap.crossplane.io` @@ -159,7 +159,7 @@ secrets: # secrets[0].name -- defines k8s `metadata.name` value of `kind: Secret` - name: "" # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` - namespace: "" + namespace: "ns1" # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. # @default -- [] stringData: [] diff --git a/helm/charts/mcp/crossplane-provider-helm/values.yaml b/helm/charts/mcp/crossplane-provider-helm/values.yaml index e423049..a6a750c 100644 --- a/helm/charts/mcp/crossplane-provider-helm/values.yaml +++ b/helm/charts/mcp/crossplane-provider-helm/values.yaml @@ -18,7 +18,7 @@ helmReleases: # -- [Version](https://github.com/crossplane-contrib/provider-helm/blob/master/apis/release/v1beta1/types.go) of Helm chart, late initialized with latest version if not set version: "" # -- [Namespace]() to install the release into. - namespace: "" + namespace: "ns1" # -- define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). values: [] # -- define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml index fd75370..5a23b5e 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/values.yaml @@ -33,9 +33,9 @@ accounts: # -- enable beta services and applications? betaEnabled: # -- [region](https://help.sap.com/docs/btp/sap-business-technology-platform/regions) contains the assigned region of this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted. Value without "cf-" prefix! e.g. "eu10-canary" - region: "" + region: "eu01" # -- This value must be unique across all BTP subaccounts - subdomain: "" + subdomain: "dev-eu01" # -- Available options: NOT_USED_FOR_PRODUCTION, USED_FOR_PRODUCTION, UNSET usedForProduction: "NOT_USED_FOR_PRODUCTION" # -- subaccountAdmins defines a list of Users (identified via Email Adress) with Admin Permission to this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about [BTP User and Member Management](https://help.sap.com/docs/btp/sap-business-technology-platform/user-and-member-management?locale=en-US). @@ -55,7 +55,7 @@ accounts: # @default -- [] writeConnectionSecretToRef: name: "" - namespace: "" + namespace: "ns1" # -- contains special [BTP Services](https://help.sap.com/docs/btp/sap-business-technology-platform/solutions-and-services?locale=en-US&q=Subscription#services) (e.g. BTP Service Manager) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). # @default -- [] services: diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml index a0f6edf..2e8d63f 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/values.yaml @@ -11,9 +11,9 @@ cloudFoundryEnvironments: - "" landscape: "" cloudManagementRef: - name: "" + name: "dev-eu01" subaccountRef: - name: "" + name: "dev-eu01" # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! writeConnectionSecretToRef: [] @@ -39,9 +39,9 @@ kymaEnvironments: region: "eu-west-2" planName: "aws" cloudManagementRef: - name: "" + name: "dev-eu01" subaccountRef: - name: "" + name: "dev-eu01" # -- *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. # Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! writeConnectionSecretToRef: diff --git a/helm/charts/mcp/external-secrets-config/values.yaml b/helm/charts/mcp/external-secrets-config/values.yaml index 53222a2..34717ad 100644 --- a/helm/charts/mcp/external-secrets-config/values.yaml +++ b/helm/charts/mcp/external-secrets-config/values.yaml @@ -13,7 +13,7 @@ secretStores: # secretStores[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` - name: "" # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` - namespace: "" + namespace: "ns1" # -- Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. # @default -- [] provider: @@ -23,7 +23,7 @@ secretStores: # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". server: "" # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" - namespace: "" + namespace: "ns1" # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. path: "" # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. @@ -51,7 +51,7 @@ externalSecret: # externalSecret[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` - name: "" # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` - namespace: "" + namespace: "ns1" # -- [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data. secretStore: # -- Name of the SecretStore resource @@ -98,7 +98,7 @@ clusterSecretStores: # -- [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". server: "https://vault.example/" # -- *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" - namespace: "" + namespace: "ns1" # -- *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. path: "" # -- [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. @@ -152,7 +152,7 @@ clusterExternalSecret: # @default -- {} pushSecrets: - name: "" - namespace: "" + namespace: "ns1" # @default -- [] spec: # -- *optional* Policy to overwrite existing secrets in the provider on sync. E.g. Replace @@ -176,7 +176,7 @@ credentials: # credentials[0].name -- defines k8s `metadata.name` value of `kind: Secret` - name: "" # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` - namespace: "" + namespace: "ns1" # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. stringData: [] # -- *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 diff --git a/helm/charts/mcp/flux-config/values.yaml b/helm/charts/mcp/flux-config/values.yaml index 56d17a7..b8a271c 100644 --- a/helm/charts/mcp/flux-config/values.yaml +++ b/helm/charts/mcp/flux-config/values.yaml @@ -10,7 +10,7 @@ gitRepositorys: # gitRepositorys[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` - name: "" # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` - namespace: "" + namespace: "ns1" # spec -- defines k8s `spec` structured value of `kind: GitRepository`. See [API broswer](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) spec: # -- [Interval](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) at which the GitRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. @@ -29,9 +29,9 @@ gitRepositorys: # gitRepositorys[0].kustomizations[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" - name: "" # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` - namespace: "" + namespace: "ns1" # -- *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. - targetNamespace: "" + targetnamespace: "ns1" # -- The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s interval: # -- *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" @@ -78,9 +78,9 @@ kustomizations: # kustomizations[0].name -- defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" - name: "" # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` - namespace: "" + namespace: "ns1" # -- *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. - targetNamespace: "" + targetnamespace: "ns1" # -- The [interval](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources. E.g. 10s interval: # -- *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" @@ -98,7 +98,7 @@ kustomizations: # -- string Name of the referent. name: "" # -- string (Optional) Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference. - namespace: "" + namespace: "ns1" # -- [dependsOn](https://fluxcd.io/flux/components/kustomize/kustomizations/#dependencies) is an *(optional)*list used to refer to other Kustomization objects that the Kustomization depends on. If specified, then the Kustomization is only applied after the referred Kustomizations are ready, i.e. have the Ready condition marked as True. The readiness state of a Kustomization is determined by its last applied status condition. dependsOn: {} # -- [healthChecks](https://fluxcd.io/flux/components/kustomize/kustomizations/#health-checks) is an *(optional)*list used to refer to resources for which the controller will perform health checks used to determine the rollout status of deployed workloads and the Ready status of custom resources. @@ -137,7 +137,7 @@ credentials: # credentials[0].name -- defines k8s `metadata.name` value of `kind: Secret` - name: "" # -- *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` - namespace: "" + namespace: "ns1" # -- *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. stringData: [] # -- *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 diff --git a/reuse.spdx b/reuse.spdx deleted file mode 100644 index 1a88664..0000000 --- a/reuse.spdx +++ /dev/null @@ -1,28 +0,0 @@ -SPDXVersion: SPDX-2.1 -DataLicense: CC0-1.0 -SPDXID: SPDXRef-DOCUMENT -DocumentName: blueprint-building-blocks -DocumentNamespace: http://spdx.org/spdxdocs/spdx-v2.1-d8ff899e-62fa-42dd-a1aa-fcd06c45b1db -Creator: Person: Anonymous () -Creator: Organization: Anonymous () -Creator: Tool: reuse-5.0.2 -Created: 2025-03-13T13:04:04Z -CreatorComment: This document was created automatically using available reuse information consistent with REUSE. -Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-4838f7c16598a2da436b28259c93e38b -Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-828bf8e1370ac6feaed9d6ebb8aa3737 - -FileName: ./CONTRIBUTING.md -SPDXID: SPDXRef-4838f7c16598a2da436b28259c93e38b -FileChecksum: SHA1: 517f021cf975adeb467e195b785b775ab133a1e7 -LicenseConcluded: NOASSERTION -LicenseInfoInFile: Apache-2.0 -FileCopyrightText: 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors - -FileName: ./README.md -SPDXID: SPDXRef-828bf8e1370ac6feaed9d6ebb8aa3737 -FileChecksum: SHA1: 9f9ce2dc7f6cf67abda08a0eec169e933a00aa59 -LicenseConcluded: NOASSERTION -LicenseInfoInFile: Apache-2.0 -FileCopyrightText: 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors -Copyright 2025 SAP SE or an SAP affiliate company and blueprint-building-blocks contributors. Please see our [LICENSE](LICENSE) for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/openmcp-project/blueprint-building-blocks). - From ff9354e2efa46f37d616bf837fa2b61b8fac9079 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:31 +0000 Subject: [PATCH 80/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-core-cloud/README.md file --- helm/charts/mcp/crossplane-gardener-core-cloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md index 404dec8..7efaf7c 100644 --- a/helm/charts/mcp/crossplane-gardener-core-cloud/README.md +++ b/helm/charts/mcp/crossplane-gardener-core-cloud/README.md @@ -21,7 +21,7 @@ A Helm chart to template crossplane manifests to manage core.gardener.cloud reso | secretBindings[0].kubernetesCrossplaneProviderConfigRefName | string | `""` | kubernetesCrossplaneProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.shootClusters[*].kubernetesCrossplaneProviderConfigRefName) | | secretBindings[0].labels | list | `[]` | [labels](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels | | secretBindings[0].name | string | `""` | name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! | -| secretBindings[0].projectNamespace | string | `""` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | +| secretBindings[0].projectnamespace | string | `"ns1"` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | | secretBindings[0].quotas | object | `{}` | *(Optional)* [quotas](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a list of references to Quota objects in the same or another namespace. This field is immutable. | | secretBindings[0].secretBindingName | string | `""` | secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) | | secretBindings[0].secretRef | list | `[]` | [secretRef](https://gardener.cloud/docs/gardener/api-reference/core/#core.gardener.cloud/v1beta1.SecretBinding) is a reference to a secret object in the same or another namespace. This field is immutable. | From 595655d362222ee400cd0bc0a85109d684e5e6f7 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:31 +0000 Subject: [PATCH 81/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md file --- helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md index 6f18b97..e6ab1b7 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md +++ b/helm/charts/mcp/crossplane-gardener-shoot-clusters/README.md @@ -44,10 +44,10 @@ A Helm chart to template crossplane manifests to manage Gardener Shoot resources | shootClusters[0].maintenance | list | `[]` | [maintenance](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Maintenance) contains information about the time window for maintenance operations and which operations should be performed. Setting this value will override .gardener.defaults.maintenance for this shoot cluster! | | shootClusters[0].name | string | `""` | name defines technical gardener shoot cluster. Max length 15 and must only be lowercase letters, numbers and hyphens! | | shootClusters[0].networking | list | `[]` | [networking](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Networking) contains information about cluster networking such as CNI Plugin type, CIDRs, …etc. Setting this value will override .gardener.defaults.networking for this shoot cluster! | -| shootClusters[0].projectNamespace | string | `""` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | +| shootClusters[0].projectnamespace | string | `"ns1"` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | | shootClusters[0].providerInfrastructureConfig | list | `[]` | [infrastructureConfig](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#provider) contains the provider-specific infrastructure config blob. Please look up the concrete definition in the documentation of your provider extension. Setting this value will override .gardener.defaults.infrastructureConfig for this shoot cluster! | | shootClusters[0].purpose | string | `""` | [purpose](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is the purpose class for this cluster. e.g. evaluation / development / testing / production | -| shootClusters[0].region | string | `""` | [region](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is a name of a region. This field is immutable and content is [cloud profile](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile) specific. | +| shootClusters[0].region | string | `"eu01"` | [region](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#shoot) is a name of a region. This field is immutable and content is [cloud profile](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#cloudprofile) specific. | | shootClusters[0].secretBindingName | string | `""` | secretBindingName defines the technical name of [infrastructure secret](https://gardener.cloud/docs/gardener/development/secrets_management/) binding on gardener control plane cluster. e.g. [Secrets of AAS-DT](https://dashboard.garden.canary.k8s.ondemand.com/namespace/garden-aas-dt/secrets) | | shootClusters[0].workers | list | `[]` | [workers](https://github.com/gardener/gardener/blob/master/docs/api-reference/core.md#core.gardener.cloud/v1beta1.Worker) is a list of worker groups. Setting this value will override .gardener.defaults.workers for this shoot cluster! | From 2e1115b97545d772a8c7f3a40f0dfe5afadd980a Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:31 +0000 Subject: [PATCH 82/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md file --- helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md index 8f8d6dd..66b9732 100644 --- a/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md +++ b/helm/charts/mcp/crossplane-gardener-shoot-kubeconfigs/README.md @@ -16,7 +16,7 @@ A Helm chart to template crossplane manifests to request kubeconfigs of existing |-----|------|---------|-------------| | shootClusters | list | - | shootClusters contains information and configuration of Gardener shoot clusters. | | shootClusters[0].gardenerOrchestrateCloudProviderConfigRefName | string | `""` | gardenerOrchestrateCloudProviderConfigRefName needs to match crossplane provider configuration reference name (identifier) of SAP garden cluster control plane! (.gardener.controlPlane.shootClusters[*].gardenerOrchestrateCloudProviderConfigRefName) | -| shootClusters[0].projectNamespace | string | `""` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | +| shootClusters[0].projectnamespace | string | `"ns1"` | gardener project name. Starts with "garden..." e.g. "garden-aas-dt" | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file From ee0781d80d6aae136c916d9947af9cf43bd14f8f Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:31 +0000 Subject: [PATCH 83/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md file --- .../mcp/crossplane-provider-apiextensions-composition/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md b/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md index e74eb9b..8d4cc2d 100644 --- a/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md +++ b/helm/charts/mcp/crossplane-provider-apiextensions-composition/README.md @@ -28,7 +28,7 @@ A Helm Chart to template crossplane API extensions compositions. | compositions[0].spec.pipeline | list | `[]` | | | compositions[0].spec.resources | list | `[]` | | | compositions[0].spec.writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | -| compositions[0].spec.writeConnectionSecretsToNamespace | string | `""` | | +| compositions[0].spec.writeConnectionSecretsTonamespace | string | `"ns1"` | | | defaults | list | `[]` | | ---------------------------------------------- From ba21b0bd2b80714ffd0cb9b2a41fcfaefb6f251d Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:31 +0000 Subject: [PATCH 84/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-configs/README.md file --- helm/charts/mcp/crossplane-provider-configs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-configs/README.md b/helm/charts/mcp/crossplane-provider-configs/README.md index d8657dd..2f106ed 100644 --- a/helm/charts/mcp/crossplane-provider-configs/README.md +++ b/helm/charts/mcp/crossplane-provider-configs/README.md @@ -38,11 +38,11 @@ A Helm chart to template crossplane provider config manifests to orchestrate res | providerConfigs.vaultUpbound[0].spec.address | string | `""` | Required origin URL of the Vault server. This is a URL with a scheme, a hostname and a port but with no path. | | providerConfigs.vaultUpbound[0].spec.credentials | object | [] | Credentials required to authenticate to this provider. There are many options to authenticate. They include - token - (Optional) Vault token that will be used by Terraform to authenticate. May be set via the VAULT_TOKEN environment variable. If none is otherwise supplied, Terraform will attempt to read it from ~/.vault-token (where the vault command stores its current token). Terraform will issue itself a new token that is a child of the one given, with a short TTL to limit the exposure of any requested secrets, unless skip_child_token is set to true (see below). Note that the given token must have the update capability on the auth/token/create path in Vault in order to create child tokens. A token is required for the provider. A token can explicitly set via token argument, alternatively a token can be dynamically set via an auth_login* block. | | providerConfigs.vaultUpbound[0].spec.credentials.secretRef | object | [] | A SecretRef is a reference to a secret key that contains the credentials that must be used to connect to the provider. | -| providerConfigs.vaultUpbound[0].spec.namespace | string | `""` | Set the namespace to use. | +| providerConfigs.vaultUpbound[0].spec.namespace | string | `"ns1"` | Set the namespace to use. | | providerConfigs.vaultUpbound[0].spec.skip_child_token | string | `nil` | Set this to true to disable creation of an intermediate ephemeral Vault token for Terraform to use. Enabling this is strongly discouraged since it increases the potential for a renewable Vault token being exposed in clear text. Only change this setting when the provided token cannot be permitted to create child tokens and there is no risk of exposure from the output of Terraform. | | secrets[0].data | list | [] | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | | secrets[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | -| secrets[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| secrets[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | | secrets[0].stringData | list | [] | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | ---------------------------------------------- From f9d5c522aa57023cab9ba6b38aec0ff8836db761 Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:31 +0000 Subject: [PATCH 85/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-helm/README.md file --- helm/charts/mcp/crossplane-provider-helm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-helm/README.md b/helm/charts/mcp/crossplane-provider-helm/README.md index 49c41d5..4f06c1f 100644 --- a/helm/charts/mcp/crossplane-provider-helm/README.md +++ b/helm/charts/mcp/crossplane-provider-helm/README.md @@ -26,7 +26,7 @@ A Helm Chart to template crossplane provider "helm" manifests to manage k8s clus | helmReleases.helmRelease.connectionDetails | list | `[{"apiVersion":"v1","fieldPath":"spec.clusterIP","kind":"Service","name":"wordpress-example","namespace":"wordpress","toConnectionSecretKey":"ip"}]` | [Crossplane connection details](https://docs.crossplane.io/v1.12/concepts/composition/#connection-details) and [FAQ](https://blog.crossplane.io/faq-2-claim-connection-details/) | | helmReleases.helmRelease.helmCrossplaneProviderConfigRefName | string | `""` | defines [crossplane provider config reference name](https://docs.crossplane.io/latest/concepts/providers/) reference configuration name. :exclamation::exclamation: Must match `providerConfigs.helmCrossplane[].providerConfigRefName` of `/helm/charts/mcp/crossplane-provider-configs/values.yaml` :exclamation::exclamation: | | helmReleases.helmRelease.name | string | `""` | helm chart release name | -| helmReleases.helmRelease.namespace | string | `""` | [Namespace]() to install the release into. | +| helmReleases.helmRelease.namespace | string | `"ns1"` | [Namespace]() to install the release into. | | helmReleases.helmRelease.setValues | list | `[{"name":"param1","value":"value2"}]` | define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | | helmReleases.helmRelease.values | list | `[]` | define [value overrides](https://github.com/crossplane/crossplane/blob/master/design/one-pager-helm-provider.md#value-overrides). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | | helmReleases.helmRelease.valuesFrom | list | `[{"configMapKeyRef":null,"key":"values.yaml","name":"default-vals","namespace":"wordpress","optional":false},{"key":"svalues.yaml","name":"svals","namespace":"wordpress","optional":false,"secretKeyRef":null}]` | define value overrides via k8s [downward api](https://kubernetes.io/docs/concepts/workloads/pods/downward-api/). [example](https://github.com/crossplane-contrib/provider-helm/blob/master/examples/sample/release.yaml). | From 0c3d52107a5302f348f35d6d4557a69c6275a13e Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:32 +0000 Subject: [PATCH 86/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-sap-btp-account/README.md file --- .../mcp/crossplane-provider-sap-btp-account/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md index 3bebc13..b843975 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md +++ b/helm/charts/mcp/crossplane-provider-sap-btp-account/README.md @@ -17,7 +17,7 @@ A Helm chart to template crossplane manifests to manage SAP BTP resources. | Key | Type | Default | Description | |-----|------|---------|-------------| | accounts | list | {} | accounts contains information and configuration about a specifig [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account). :exclamation::exclamation: Managing BTP Global Accounts is [NOT possible](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/accounts#use-existing-global-account) at the moment :exclamation::exclamation: | -| accounts[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","subAccounts":[{"entitlements":[{"amount":0,"name":"","permitNumericQuota":false,"serviceName":"","servicePlanName":""}],"forProvider":{"betaEnabled":null,"description":"","displayName":"","region":"","subaccountAdmins":["your.name@sap.com"],"subdomain":"","usedForProduction":"NOT_USED_FOR_PRODUCTION"},"metadata":{"annotations":{"CloudManagement":{"crossplane.io/external-name":"..."},"ServiceManager":{"crossplane.io/external-name":"..."}}},"name":"","services":{"cloudManagement":false,"serviceManager":false},"subscriptions":[{"appName":"","name":"","planName":"","writeConnectionSecretToRef":{"name":"","namespace":""}}]}]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | +| accounts[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","subAccounts":[{"entitlements":[{"amount":0,"name":"","permitNumericQuota":false,"serviceName":"","servicePlanName":""}],"forProvider":{"betaEnabled":null,"description":"","displayName":"","region":"eu01","subaccountAdmins":["your.name@sap.com"],"subdomain":"dev-eu01","usedForProduction":"NOT_USED_FOR_PRODUCTION"},"metadata":{"annotations":{"CloudManagement":{"crossplane.io/external-name":"..."},"ServiceManager":{"crossplane.io/external-name":"..."}}},"name":"","services":{"cloudManagement":false,"serviceManager":false},"subscriptions":[{"appName":"","name":"","planName":"","writeConnectionSecretToRef":{"name":"","namespace":"ns1"}}]}]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! | | accounts[0].subAccounts | list | {} | subAccounts contains information and configuration about [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | | accounts[0].subAccounts[0].entitlements | list | {} | entitlements defines [BTP Entitlements](https://help.sap.com/docs/btp/sap-business-technology-platform/entitlements-and-quotas) for this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about managing BTP Entitlement with crossplane [here](https://pages.github.tools.sap/cloud-orchestration/docs/sap-services/btp-services/account-managment/entitlements). | | accounts[0].subAccounts[0].entitlements[0].amount | int | `0` | Used when permitNumericQuota=true. Only set amount for multitenant applications and services that do not permit a numeric quota assignment! | @@ -27,9 +27,9 @@ A Helm chart to template crossplane manifests to manage SAP BTP resources. | accounts[0].subAccounts[0].forProvider.betaEnabled | string | `nil` | enable beta services and applications? | | accounts[0].subAccounts[0].forProvider.description | string | `""` | description defines the description of the [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | | accounts[0].subAccounts[0].forProvider.displayName | string | `""` | defines the display name of the [BTP Sub-Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). | -| accounts[0].subAccounts[0].forProvider.region | string | `""` | [region](https://help.sap.com/docs/btp/sap-business-technology-platform/regions) contains the assigned region of this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted. Value without "cf-" prefix! e.g. "eu10-canary" | +| accounts[0].subAccounts[0].forProvider.region | string | `"eu01"` | [region](https://help.sap.com/docs/btp/sap-business-technology-platform/regions) contains the assigned region of this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Each region represents a geographical location (for example, Europe, US East) where applications, data, or services are hosted. Value without "cf-" prefix! e.g. "eu10-canary" | | accounts[0].subAccounts[0].forProvider.subaccountAdmins | list | `["your.name@sap.com"]` | subaccountAdmins defines a list of Users (identified via Email Adress) with Admin Permission to this [BTP Sub-Account](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model#loio8d6e3a0fa4ab43e4a421d3ed08128afa). Learn more about [BTP User and Member Management](https://help.sap.com/docs/btp/sap-business-technology-platform/user-and-member-management?locale=en-US). | -| accounts[0].subAccounts[0].forProvider.subdomain | string | `""` | This value must be unique across all BTP subaccounts | +| accounts[0].subAccounts[0].forProvider.subdomain | string | `"dev-eu01"` | This value must be unique across all BTP subaccounts | | accounts[0].subAccounts[0].forProvider.usedForProduction | string | `"NOT_USED_FOR_PRODUCTION"` | Available options: NOT_USED_FOR_PRODUCTION, USED_FOR_PRODUCTION, UNSET | | accounts[0].subAccounts[0].metadata | object | [] | *optional* adding custom k8s metadata to manifests | | accounts[0].subAccounts[0].metadata.annotations | object | [] | *optional* adding custom k8s [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | From 4b2aaca625990fffee3c8cc0fb297b1070cedf2a Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:32 +0000 Subject: [PATCH 87/94] chore(ci): update Helm Chart helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md file --- .../mcp/crossplane-provider-sap-btp-environment/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md index bf55b4a..4bc5983 100644 --- a/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md +++ b/helm/charts/mcp/crossplane-provider-sap-btp-environment/README.md @@ -19,10 +19,10 @@ A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kym | Key | Type | Default | Description | |-----|------|---------|-------------| | cloudFoundryEnvironments | list | object | cloudFoundryEnvironments contains configuration of [cloudfoundry Environments](https://pages.github.tools.sap/cloud-orchestration/browser/Providers/provider-btp-account/environment.btp.sap.crossplane.io/cloudfoundryenvironment/v1alpha1). | -| cloudFoundryEnvironments[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","cloudManagementRef":{"name":""},"forProvider":{"initialOrgManagers":[""],"landscape":""},"name":"","subaccountRef":{"name":""},"writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a ...! | +| cloudFoundryEnvironments[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","cloudManagementRef":{"name":"dev-eu01"},"forProvider":{"initialOrgManagers":[""],"landscape":""},"name":"","subaccountRef":{"name":"dev-eu01"},"writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a ...! | | cloudFoundryEnvironments[0].writeConnectionSecretToRef | list | `[]` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | | kymaEnvironments[0].btpSapCrossplaneProviderConfigRefName | string | `""` | | -| kymaEnvironments[0].cloudManagementRef.name | string | `""` | | +| kymaEnvironments[0].cloudManagementRef.name | string | `"dev-eu01"` | | | kymaEnvironments[0].forProvider.administrators[0] | string | `"...@sap.com"` | | | kymaEnvironments[0].forProvider.autoScalerMax | int | `3` | | | kymaEnvironments[0].forProvider.autoScalerMin | int | `3` | | @@ -37,7 +37,7 @@ A Helm Chart to template crossplane manifests to manage Cloud Foundry or BTP Kym | kymaEnvironments[0].forProvider.region | string | `"eu-west-2"` | | | kymaEnvironments[0].name | string | `""` | | | kymaEnvironments[0].planName | string | `"aws"` | | -| kymaEnvironments[0].subaccountRef.name | string | `""` | | +| kymaEnvironments[0].subaccountRef.name | string | `"dev-eu01"` | | | kymaEnvironments[0].writeConnectionSecretToRef | object | `{"name":"demo-kyma-kubeconfig-local","namespace":"default"}` | *optional* - When a Crossplane Provider creates a managed resource it may generate resource-specific details, like usernames, passwords or connection details like an IP address. Crossplane stores these details in a Kubernetes Secret object specified by the `writeConnectionSecretToRef` values. Learn more about Crossplane concept [Managed Resources Fields](https://docs.crossplane.io/latest/concepts/managed-resources/#writeconnectionsecrettoref)! | ---------------------------------------------- From c54e137df15e49d8442489357a80354981d7c25e Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:32 +0000 Subject: [PATCH 88/94] chore(ci): update Helm Chart helm/charts/mcp/external-secrets-config/README.md file --- helm/charts/mcp/external-secrets-config/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/helm/charts/mcp/external-secrets-config/README.md b/helm/charts/mcp/external-secrets-config/README.md index b82901a..12b3026 100644 --- a/helm/charts/mcp/external-secrets-config/README.md +++ b/helm/charts/mcp/external-secrets-config/README.md @@ -38,13 +38,13 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from | clusterSecretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. | | clusterSecretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | | clusterSecretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | -| clusterSecretStores[0].provider.vault.namespace | string | `""` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" | +| clusterSecretStores[0].provider.vault.namespace | string | `"ns1"` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" | | clusterSecretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. | | clusterSecretStores[0].provider.vault.server | string | `"https://vault.example/"` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". | | clusterSecretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. | | credentials[0].data | list | `[]` | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | | credentials[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | -| credentials[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| credentials[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | | credentials[0].stringData | list | `[]` | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | | defaults.externalSecret.secretStoreRef.kind | string | `"SecretStore"` | | | defaults.namespace | string | `"default"` | default namespace value for optional `namespace` fields. | @@ -57,7 +57,7 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from | externalSecret[0].deletionPolicy | string | `""` | *(optional)* DeletionPolicy defines rules on how to delete the resulting Secret Defaults to ‘Retain’ | | externalSecret[0].immutable | bool | `false` | *(optional)* Immutable defines if the final secret will be immutable | | externalSecret[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | -| externalSecret[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | +| externalSecret[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: ExternalSecret` | | externalSecret[0].refreshInterval | string | `""` | [RefreshInterval](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.ExternalSecret) is the amount of time before the values are read again from the SecretStore provider Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” May be set to zero to fetch and create it once. Defaults to 1h. | | externalSecret[0].secretStore | object | `{"kind":"","name":""}` | [SecretStoreRef](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreRef) defines which SecretStore to fetch the ExternalSecret data. | | externalSecret[0].secretStore.kind | string | `""` | *(optional)* Kind of the SecretStore resource (`SecretStore` or `ClusterSecretStore`) Defaults to `.Values.defaults.externalSecret.secretStoreRef.kind` | @@ -73,7 +73,7 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from | pushSecrets[0].spec.template | list | `[]` | *optional* Template defines a blueprint for the created Secret resource. | | pushSecrets[0].spec.updatePolicy | string | `""` | *optional* Policy to overwrite existing secrets in the provider on sync. E.g. Replace | | secretStores[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` | -| secretStores[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` | +| secretStores[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: SecretStore` | | secretStores[0].provider | object | [] | Used to configure the [provider](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreSpec). Only one provider may be set. | | secretStores[0].provider.vault | object | [] | *(optional)* [Vault](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.SecretStoreProvider) configures this store to sync secrets using Hashi provider | | secretStores[0].provider.vault.auth | object | [] | [Auth](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) configures how secret-manager authenticates with the Vault server. | @@ -82,7 +82,7 @@ A Helm Chart to template external-secrets.io manifests to sync credentials from | secretStores[0].provider.vault.auth.appRole.roleId | string | `""` | *(optional)* [roleId](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultAppRole) configured in the App Role authentication backend when setting up the authentication backend in Vault. | | secretStores[0].provider.vault.auth.appRole.secretRef.key | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | | secretStores[0].provider.vault.auth.appRole.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | -| secretStores[0].provider.vault.namespace | string | `""` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" | +| secretStores[0].provider.vault.namespace | string | `"ns1"` | *(optional)* Name of the [vault namespace](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider). Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1”. More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces. E.g. "ns1" | | secretStores[0].provider.vault.path | string | `""` | *(optional)* [Path](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the mount path of the Vault KV backend endpoint, e.g: “secret”. The v2 KV secret engine version specific “/data” path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path. | | secretStores[0].provider.vault.server | string | `""` | [Server](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the connection address for the Vault server, e.g: "https://vault.example/". | | secretStores[0].provider.vault.version | string | `"v2"` | [Version](https://external-secrets.io/latest/api/spec/#external-secrets.io/v1beta1.VaultProvider) is the Vault KV secret engine version. This can be either “v1” or “v2”. Version defaults to “v2”. | From 995eddf5d67b7f9abb650304e48cbccc0c4b10fd Mon Sep 17 00:00:00 2001 From: GH Actions Runner User Date: Tue, 15 Apr 2025 12:17:32 +0000 Subject: [PATCH 89/94] chore(ci): update Helm Chart helm/charts/mcp/flux-config/README.md file --- helm/charts/mcp/flux-config/README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/helm/charts/mcp/flux-config/README.md b/helm/charts/mcp/flux-config/README.md index 2ddebb6..864d190 100644 --- a/helm/charts/mcp/flux-config/README.md +++ b/helm/charts/mcp/flux-config/README.md @@ -19,7 +19,7 @@ A Helm Chart to template flux manifests to leverage GitOps on a OpenMCP cluster. |-----|------|---------|-------------| | credentials[0].data | list | `[]` | *(optional)* [data](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string][]byte)* Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 | | credentials[0].name | string | `""` | defines k8s `metadata.name` value of `kind: Secret` | -| credentials[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | +| credentials[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Secret` | | credentials[0].stringData | list | `[]` | *(optional)* [stringData](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) *(map[string]string)* allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API. | | defaults.namespace | string | `"default"` | default namespace value for *(optional)*`namespace` fields. | | defaults.targetNamespace | string | `"default"` | targetNamespace sets or overrides the default namespace in the `kind: Kustomization` manifests. | @@ -35,7 +35,7 @@ A Helm Chart to template flux manifests to leverage GitOps on a OpenMCP cluster. | gitRepositorys[0].kustomizations[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" | | gitRepositorys[0].kustomizations[0].namePrefix | string | `nil` | [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | | gitRepositorys[0].kustomizations[0].nameSuffix | string | `nil` | [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | -| gitRepositorys[0].kustomizations[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` | +| gitRepositorys[0].kustomizations[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` | | gitRepositorys[0].kustomizations[0].patches | string | `nil` | [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. | | gitRepositorys[0].kustomizations[0].path | string | `""` | *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" | | gitRepositorys[0].kustomizations[0].postBuild | list | `[]` | [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution | @@ -43,18 +43,18 @@ A Helm Chart to template flux manifests to leverage GitOps on a OpenMCP cluster. | gitRepositorys[0].kustomizations[0].retryInterval | string | `nil` | [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. | | gitRepositorys[0].kustomizations[0].serviceAccountName | string | `nil` | [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. | | gitRepositorys[0].kustomizations[0].suspend | string | `nil` | [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. | -| gitRepositorys[0].kustomizations[0].targetNamespace | string | `""` | *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. | +| gitRepositorys[0].kustomizations[0].targetnamespace | string | `"ns1"` | *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. | | gitRepositorys[0].kustomizations[0].timeout | string | `nil` | *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m | | gitRepositorys[0].kustomizations[0].wait | string | `nil` | [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. | | gitRepositorys[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` | -| gitRepositorys[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` | +| gitRepositorys[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: GitRepository` | | gitRepositorys[0].spec.interval | string | `"1m"` | [Interval](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) at which the GitRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. | | gitRepositorys[0].spec.ref | object | `{"branch":""}` | *(optional)* Reference specifies the Git reference to resolve and monitor for changes, defaults to the ‘master’ branch. | | gitRepositorys[0].spec.ref.branch | string | `""` | *(optional)* [branch](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositoryRef) Branch to check out, defaults to ‘master’ if no other field is defined. e.g. "main" | | gitRepositorys[0].spec.secretRef | object | `{"name":""}` | *(optional)* [SecretRef](https://fluxcd.io/flux/components/source/api/v1/#source.toolkit.fluxcd.io/v1.GitRepositorySpec) specifies the Secret containing authentication credentials for the GitRepository. For HTTPS repositories the Secret must contain ‘username’ and ‘password’ fields for basic auth or ‘bearerToken’ field for token auth. For SSH repositories the Secret must contain ‘identity’ and ‘known_hosts’ fields. | | gitRepositorys[0].spec.secretRef.name | string | `""` | [`type SecretKeySelector `](https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector) | | gitRepositorys[0].spec.url | string | `""` | [URL]() specifies the Git repository URL, it can be an HTTP/S or SSH address. | -| kustomizations | list | `[{"commonMetadata":[],"components":{},"decryption":[],"dependsOn":{},"force":null,"healthChecks":{},"images":{},"interval":null,"kubeConfig":[],"name":"","namePrefix":null,"nameSuffix":null,"namespace":"","patches":null,"path":"","postBuild":[],"prune":null,"retryInterval":null,"serviceAccountName":null,"sourceRef":{"apiVersion":"","kind":"GitRepository","name":"","namespace":""},"suspend":null,"targetNamespace":"","timeout":null,"wait":null}]` | defines independent [`kind: Kustomization`](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.Kustomization) manifest without the generation of `kind: GitRepository`. | +| kustomizations | list | `[{"commonMetadata":[],"components":{},"decryption":[],"dependsOn":{},"force":null,"healthChecks":{},"images":{},"interval":null,"kubeConfig":[],"name":"","namePrefix":null,"nameSuffix":null,"namespace":"ns1","patches":null,"path":"","postBuild":[],"prune":null,"retryInterval":null,"serviceAccountName":null,"sourceRef":{"apiVersion":"","kind":"GitRepository","name":"","namespace":"ns1"},"suspend":null,"targetnamespace":"ns1","timeout":null,"wait":null}]` | defines independent [`kind: Kustomization`](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.Kustomization) manifest without the generation of `kind: GitRepository`. | | kustomizations[0].commonMetadata | list | `[]` | [commonMetadata](https://fluxcd.io/flux/components/kustomize/kustomizations/#common-metadata) is an *(optional)*field used to specify any metadata that should be applied to all the Kustomization’s resources. | | kustomizations[0].components | object | `{}` | [components](https://fluxcd.io/flux/components/kustomize/kustomizations/#components) is an *(optional)*list used to specify Kustomize components. This allows using reusable pieces of configuration logic that can be included from multiple overlays. | | kustomizations[0].decryption | list | `[]` | [decryption](https://fluxcd.io/flux/components/kustomize/kustomizations/#decryption) is an *(optional)*field to specify the configuration to decrypt Secrets that are a part of the Kustomization. | @@ -67,20 +67,20 @@ A Helm Chart to template flux manifests to leverage GitOps on a OpenMCP cluster. | kustomizations[0].name | string | `""` | defines k8s [`metadata.name`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` e.g. "co-helm-charts-blueprint" | | kustomizations[0].namePrefix | string | `nil` | [namePrefix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | | kustomizations[0].nameSuffix | string | `nil` | [nameSuffix](https://fluxcd.io/flux/components/kustomize/kustomizations/#name-prefix-and-suffix) are *(optional)*fields used to specify a prefix and suffix to be added to the names of all the resources in the Kustomization. | -| kustomizations[0].namespace | string | `""` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` | +| kustomizations[0].namespace | string | `"ns1"` | *(optional)* defines k8s [`metadata.namespace`](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta) value of `kind: Kustomization` | | kustomizations[0].patches | string | `nil` | [patches](https://fluxcd.io/flux/components/kustomize/kustomizations/#patches) is an *(optional)*list used to specify Kustomize patches as inline YAML objects. | | kustomizations[0].path | string | `""` | *(optional)* [Path](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef. e.g. "./manifests/mcps/j4azdfnld24bts5.laasds.shoot.live.k8s-hana.ondemand.com" | | kustomizations[0].postBuild | list | `[]` | [postBuild](https://fluxcd.io/flux/components/kustomize/kustomizations/#post-build-variable-substitution) Post build variable substitution | | kustomizations[0].prune | string | `nil` | [Prune](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) enables garbage collection. e.g. true/false | | kustomizations[0].retryInterval | string | `nil` | [retryInterval](https://fluxcd.io/flux/components/kustomize/kustomizations/#retry-interval) is an *(optional)*field to specify the interval at which to retry a failed reconciliation. | | kustomizations[0].serviceAccountName | string | `nil` | [serviceAccountName](https://fluxcd.io/flux/components/kustomize/kustomizations/#service-account-reference) is an *(optional)*field used to specify the ServiceAccount to be impersonated while reconciling the Kustomization. | -| kustomizations[0].sourceRef | object | `{"apiVersion":"","kind":"GitRepository","name":"","namespace":""}` | [Reference](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.CrossNamespaceSourceReference) of the source where the kustomization file is. | +| kustomizations[0].sourceRef | object | `{"apiVersion":"","kind":"GitRepository","name":"","namespace":"ns1"}` | [Reference](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.CrossNamespaceSourceReference) of the source where the kustomization file is. | | kustomizations[0].sourceRef.apiVersion | string | `""` | string (Optional) API version of the referent. | | kustomizations[0].sourceRef.kind | string | `"GitRepository"` | string Kind of the referent. | | kustomizations[0].sourceRef.name | string | `""` | string Name of the referent. | -| kustomizations[0].sourceRef.namespace | string | `""` | string (Optional) Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference. | +| kustomizations[0].sourceRef.namespace | string | `"ns1"` | string (Optional) Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference. | | kustomizations[0].suspend | string | `nil` | [suspend](https://fluxcd.io/flux/components/kustomize/kustomizations/#suspend) is an *(optional)*boolean field to suspend the reconciliation of the Kustomization. When a Kustomization is suspended, new Source revisions are not applied to the cluster and drift detection/correction is paused. To resume normal reconciliation, set it back to false or remove the field. | -| kustomizations[0].targetNamespace | string | `""` | *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. | +| kustomizations[0].targetnamespace | string | `"ns1"` | *(optional)* targetNamespace defines the namespace in the `kind: Kustomization` manifests. | | kustomizations[0].timeout | string | `nil` | *(optional)* [Timeout](https://fluxcd.io/flux/components/kustomize/api/v1/#kustomize.toolkit.fluxcd.io/v1.KustomizationSpec) for validation, apply and health checking operations. Defaults to ‘Interval’ duration. e.g. 1m | | kustomizations[0].wait | string | `nil` | [wait](https://fluxcd.io/flux/components/kustomize/kustomizations/#wait) is an *(optional)*boolean field to perform health checks for all reconciled resources as part of the Kustomization. If set to true, .spec.healthChecks is ignored. | From e5c33d6c7f3bd7f4e7f97fd87da2dfe56557ee01 Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Tue, 15 Apr 2025 15:53:54 +0200 Subject: [PATCH 90/94] Adjusting workflows execution --- .github/workflows/gh-pages-release.yml | 5 ++--- .github/workflows/release.yml | 3 ++- README.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml index 72d7604..3d5a3a2 100644 --- a/.github/workflows/gh-pages-release.yml +++ b/.github/workflows/gh-pages-release.yml @@ -1,9 +1,8 @@ name: Release Charts on: - push: - branches: - - main + workflow_call: {} + workflow_dispatch: {} jobs: release: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d046726..02a4cee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,6 +23,7 @@ jobs: issues: write # to be able to comment on released issues pull-requests: write # to be able to comment on released pull requests id-token: write # to enable use of OIDC for npm provenance + packages: write # to be able to publish a GitHub Packages steps: - name: Checkout uses: actions/checkout@v4 @@ -47,7 +48,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.CO_GOLDEN_PATH_SERVICEUSER_GH_TOKEN }} run: npx semantic-release git-release-create: - uses: "openmcp-project/blueprint-building-blocks/.github/workflows/git-release-create.yml@main" + uses: "openmcp-project/blueprint-building-blocks/.github/workflows/gh-pages-release.yml@main" name: Helm Chart Github Releases needs: release secrets: inherit diff --git a/README.md b/README.md index 69727bd..c8124b2 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ All [Helm Charts](http://helm.sh) located in this repository will be [automatica ### [Github Workflows](#github-workflows) #### [`PR Status Checks`](#github-workflow-git-pr-status-checks) -More details see Github Workflow [`.github/workflows/git-pr-status-checks.yml`](https://github.com/openmcp-project/blueprint-workflows/tree/main/.github/workflows/git-pr-status-checks.yml) of [mcp-blueprint-gh-actions](https://github.com/openmcp-project/blueprint-workflows/tree/main/) +More details see Github Workflow [`.github/workflows/git-pr-status-checks.yml`](https://github.com/openmcp-project/blueprint-workflows/tree/main/.github/workflows/git-pr-status-checks.yml) of [blueprint-workflows](https://github.com/openmcp-project/blueprint-workflows/tree/main/) #### [`.ci.config.yaml`](#github-workflow-ci-config-yaml) From b4588be64eca19b94259813d04cf963c4f800ef4 Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Tue, 15 Apr 2025 15:57:35 +0200 Subject: [PATCH 91/94] Testing workflows --- helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml index 223806e..f033115 100644 --- a/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-aws-eks/values.ci.yaml @@ -21,7 +21,7 @@ clusters: forProvider: region: us-west-2 roleArn: arn:aws:iam::XXXX:role/DEV-EKS-Cluster-Role - version: "1.29" + version: "1.30" vpcConfig: - endpointPrivateAccess: false endpointPublicAccess: true From dbd0d85c771dcc70833c91c5b0c2979e0f1921aa Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Thu, 17 Apr 2025 09:09:24 +0200 Subject: [PATCH 92/94] Turned on release notes generation --- .github/workflows/gh-pages-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/gh-pages-release.yml index 3d5a3a2..520ead6 100644 --- a/.github/workflows/gh-pages-release.yml +++ b/.github/workflows/gh-pages-release.yml @@ -26,6 +26,7 @@ jobs: with: charts_dir: helm/charts env: + CR_GENERATE_RELEASE_NOTES: true CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Upload to OCI-based registry From 346de801600761a1c9c40be70940efa9495a362c Mon Sep 17 00:00:00 2001 From: Wiktor Chomik Date: Fri, 18 Apr 2025 11:01:37 +0200 Subject: [PATCH 93/94] Addressing PR requests --- .github/workflows/git-pr-status-checks.yml | 2 +- ...e.yml => helm-charts-release-to-gh-oci.yml} | 0 .gitignore | 1 - .../crossplane-provider-configs/values.ci.yaml | 12 ++++++------ .../mcp/external-secrets-config/values.ci.yaml | 16 ++++++++-------- helm/charts/mcp/flux-config/values.ci.yaml | 4 ++-- .../charts/mcp/sap-btp-services/values.ci.yaml | 18 +++++++++--------- helm/charts/test-custom-chart/README.md | 4 ++-- helm/charts/test-custom-chart/values.yaml | 4 ++-- .../services-binding-services-cloud-sap.yaml | 4 ++-- .../services-instance-services-cloud-sap.yaml | 2 +- 11 files changed, 33 insertions(+), 34 deletions(-) rename .github/workflows/{gh-pages-release.yml => helm-charts-release-to-gh-oci.yml} (100%) diff --git a/.github/workflows/git-pr-status-checks.yml b/.github/workflows/git-pr-status-checks.yml index a88b41b..494a085 100644 --- a/.github/workflows/git-pr-status-checks.yml +++ b/.github/workflows/git-pr-status-checks.yml @@ -1,4 +1,4 @@ -name: Git PR Status Checks +name: PR Status Checks on: workflow_call: {} diff --git a/.github/workflows/gh-pages-release.yml b/.github/workflows/helm-charts-release-to-gh-oci.yml similarity index 100% rename from .github/workflows/gh-pages-release.yml rename to .github/workflows/helm-charts-release-to-gh-oci.yml diff --git a/.gitignore b/.gitignore index cfb181a..3ef751d 100644 --- a/.gitignore +++ b/.gitignore @@ -36,5 +36,4 @@ bin/ ### Mac OS ### .DS_Store /.idea/ -/ketos-co-helm-charts.iml **/*/values-credentials.yaml diff --git a/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml b/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml index 62e29b8..7128444 100644 --- a/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml +++ b/helm/charts/mcp/crossplane-provider-configs/values.ci.yaml @@ -67,36 +67,36 @@ providerConfigs: name: "name" key: kubeconfig accountBtpOrchestrateCloud: - - providerConfigRefName: "ketos-kita-test" + - providerConfigRefName: "openmcp-test" cliServerUrl: "cliServerUrl" globalAccountSubDomain: "globalAccountSubDomain" cisCredentials: source: "Secret" secretRef: namespace: default - name: "btp-account-ketos-kita-test" + name: "btp-account-openmcp-test" key: btp-cis-provider-credentials serviceAccountSecret: source: "Secret" secretRef: namespace: default - name: "btp-account-ketos-kita-test" + name: "btp-account-openmcp-test" key: btp-service-account-provider-credentials btpSapCrossplane: - - providerConfigRefName: "ketos-kita-test" + - providerConfigRefName: "openmcp-test" cliServerUrl: "cliServerUrl" globalAccountSubDomain: "globalAccountSubDomain" cisCredentials: source: "Secret" secretRef: namespace: default - name: "btp-account-ketos-kita-test" + name: "btp-account-openmcp-test" key: btp-cis-provider-credentials serviceAccountSecret: source: "Secret" secretRef: namespace: default - name: "btp-account-ketos-kita-test" + name: "btp-account-openmcp-test" key: btp-service-account-provider-credentials cloudfoundryBtpOrchestrateCloud: - providerConfigRefName: "cloudfoundryBtpOrchestrateCloud" diff --git a/helm/charts/mcp/external-secrets-config/values.ci.yaml b/helm/charts/mcp/external-secrets-config/values.ci.yaml index 51dc7f2..d8f69e4 100644 --- a/helm/charts/mcp/external-secrets-config/values.ci.yaml +++ b/helm/charts/mcp/external-secrets-config/values.ci.yaml @@ -86,34 +86,34 @@ externalSecret: data: - secretKey: kubeconfig remoteRef: - key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/garden-ketos-co-sa-mcp-test" + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/garden-openmcp-test" property: kubeconfig - - name: "garden-ketos-co-sa-mcp-test-2" + - name: "garden-openmcp-test-2" namespace: "default" refreshInterval: "15m" - targetSecretName: garden-ketos-co-sa-mcp-test-2 + targetSecretName: garden-openmcp-test-2 secretStore: name: "hashicorp-vault" data: - secretKey: kubeconfig remoteRef: - key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/garden-ketos-co-sa-mcp-test" + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/garden-openmcp-test" property: kubeconfig - - name: "btp-account-ketos-kita-test" + - name: "btp-account-openmcp-test" namespace: "default" refreshInterval: "15m" - targetSecretName: btp-account-ketos-kita-test + targetSecretName: btp-account-openmcp-test secretStore: name: "hashicorp-vault-cluster-store" kind: "ClusterSecretStore" data: - secretKey: btp-cis-provider-credentials remoteRef: - key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/btp-accounts-ketos-kita-test" + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/btp-accounts-openmcp-test" property: btp-cis-provider-credentials - secretKey: btp-service-account-provider-credentials remoteRef: - key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/btp-accounts-ketos-kita-test" + key: "j4azdf.laasds.shoot.live.k8s-hana.ondemand.com/btp-accounts-openmcp-test" property: btp-service-account-provider-credentials ######################################################################################################################## pushSecrets: diff --git a/helm/charts/mcp/flux-config/values.ci.yaml b/helm/charts/mcp/flux-config/values.ci.yaml index eb63c8b..af2fcf2 100644 --- a/helm/charts/mcp/flux-config/values.ci.yaml +++ b/helm/charts/mcp/flux-config/values.ci.yaml @@ -2,7 +2,7 @@ ###! /!\ this file is only used in github pipeline to template a valid and NOT empty helm manifest! ##### ######################################################################################################################## kustomizations: - - name: nexus-cobalt-root-app + - name: chrome-hub-root-app namespace: "default" interval: "10s" path: "manifests/application/root" @@ -106,7 +106,7 @@ kustomizations: kind: "GitRepository" name: "mcp-blueprint-building-blocks" dependsOn: - - name: nexus-cobalt-root-app + - name: chrome-hub-root-app ######################################################################################################################## gitRepositorys: - name: "mcp-blueprint-building-blocks" diff --git a/helm/charts/mcp/sap-btp-services/values.ci.yaml b/helm/charts/mcp/sap-btp-services/values.ci.yaml index 5f132ea..1e4fce0 100644 --- a/helm/charts/mcp/sap-btp-services/values.ci.yaml +++ b/helm/charts/mcp/sap-btp-services/values.ci.yaml @@ -5,7 +5,7 @@ services: - name: "identityApplication" namespace: "default" instance: - name: "ketos-op-cluster-ias" + name: "openmcp-op-cluster-ias" serviceOfferingName: "identity" servicePlanName: "application" parameters: @@ -19,7 +19,7 @@ services: multi-tenant: true xsuaa-cross-consumption: true bindings: - - name: "ketos-op-cluster-ias" + - name: "openmcp-op-cluster-ias" secretName: "btp-ias" parameters: credential-type: SECRET @@ -189,7 +189,7 @@ services: - name: "cloudLoggingStandardOperationCluster" namespace: "default" instance: - name: "ketos-op-cluster-cls" + name: "openmcp-op-cluster-cls" serviceOfferingName: "cloud-logging" servicePlanName: "standard" # -- cloud logging service config: list of parameter: https://pages.github.tools.sap/perfx/cloud-logging-service/consumption/service-configuration-parameters/ @@ -200,7 +200,7 @@ services: ingest_otlp: enabled: true bindings: - - name: "ketos-op-cluster-cls" + - name: "openmcp-op-cluster-cls" secretName: "btp-cls" parameters: {} credentialsRotationPolicy: @@ -211,7 +211,7 @@ services: - name: "dynatraceEnvironmentOperationCluster" namespace: "default" instance: - name: "ketos-op-cluster-dynatrace" + name: "openmcp-op-cluster-dynatrace" serviceOfferingName: "dynatrace" servicePlanName: "environment" parameters: @@ -232,8 +232,8 @@ services: service_parameters: skiperrors: 'true' bindings: - - name: "ketos-op-cluster-dynatrace-provider" - secretName: "ketos-op-cluster-dynatrace-provider" + - name: "openmcp-op-cluster-dynatrace-provider" + secretName: "openmcp-op-cluster-dynatrace-provider" parameters: tokens: - name: apiToken @@ -285,8 +285,8 @@ services: rotationFrequency: 2160h #90 days rotatedBindingTTL: 48h - enable: true - name: "ketos-op-cluster-dynatrace-operator" - secretName: "ketos-op-cluster-dynatrace-operator" + name: "openmcp-op-cluster-dynatrace-operator" + secretName: "openmcp-op-cluster-dynatrace-operator" parameters: tokens: - name: apiToken diff --git a/helm/charts/test-custom-chart/README.md b/helm/charts/test-custom-chart/README.md index d7d1453..a3c09d3 100644 --- a/helm/charts/test-custom-chart/README.md +++ b/helm/charts/test-custom-chart/README.md @@ -24,7 +24,7 @@ A Helm chart to test github action and workflows. NOTHING MORE! |-----|------|---------|-------------| | sap-btp-services.services[0].name | string | `"identityApplication"` | | | sap-btp-services.services[0].namespace | string | `"default"` | | -| sap-btp-services.services[0].instance.name | string | `"ketos-op-cluster-ias"` | | +| sap-btp-services.services[0].instance.name | string | `"openmcp-op-cluster-ias"` | | | sap-btp-services.services[0].instance.serviceOfferingName | string | `"identity"` | | | sap-btp-services.services[0].instance.servicePlanName | string | `"application"` | | | sap-btp-services.services[0].instance.parameters.oauth2-configuration.redirect-uris[0] | string | `"https://*.../oauth2/callback"` | | @@ -34,7 +34,7 @@ A Helm chart to test github action and workflows. NOTHING MORE! | sap-btp-services.services[0].instance.parameters.display-name | string | `""` | | | sap-btp-services.services[0].instance.parameters.multi-tenant | bool | `true` | | | sap-btp-services.services[0].instance.parameters.xsuaa-cross-consumption | bool | `true` | | -| sap-btp-services.services[0].bindings[0].name | string | `"ketos-op-cluster-ias"` | | +| sap-btp-services.services[0].bindings[0].name | string | `"openmcp-op-cluster-ias"` | | | sap-btp-services.services[0].bindings[0].secretName | string | `"btp-ias"` | | | sap-btp-services.services[0].bindings[0].parameters.credential-type | string | `"SECRET"` | | | sap-btp-services.services[0].bindings[0].credentialsRotationPolicy.enabled | bool | `true` | | diff --git a/helm/charts/test-custom-chart/values.yaml b/helm/charts/test-custom-chart/values.yaml index d20daa7..58c351c 100644 --- a/helm/charts/test-custom-chart/values.yaml +++ b/helm/charts/test-custom-chart/values.yaml @@ -6,7 +6,7 @@ sap-btp-services: - name: "identityApplication" namespace: "default" instance: - name: "ketos-op-cluster-ias" + name: "openmcp-op-cluster-ias" serviceOfferingName: "identity" servicePlanName: "application" parameters: @@ -20,7 +20,7 @@ sap-btp-services: multi-tenant: true xsuaa-cross-consumption: true bindings: - - name: "ketos-op-cluster-ias" + - name: "openmcp-op-cluster-ias" secretName: "btp-ias" parameters: credential-type: SECRET diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml index d29d97d..3611690 100644 --- a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-binding-services-cloud-sap.yaml @@ -3,13 +3,13 @@ apiVersion: services.cloud.sap.com/v1alpha1 kind: ServiceBinding metadata: - name: ketos-op-cluster-ias + name: openmcp-op-cluster-ias namespace: default labels: openmcp.cloud/blueprint-building-block: "sap-btp-services" openmcp.cloud/blueprint-building-block-version: "0.0.10" spec: - serviceInstanceName: ketos-op-cluster-ias + serviceInstanceName: openmcp-op-cluster-ias secretName: btp-ias parameters: credential-type: SECRET diff --git a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml index 2c09802..5118db8 100644 --- a/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml +++ b/manifests/helm/charts/test-custom-chart/test-custom-chart/charts/sap-btp-services/templates/services-instance-services-cloud-sap.yaml @@ -3,7 +3,7 @@ apiVersion: services.cloud.sap.com/v1alpha1 kind: ServiceInstance metadata: - name: ketos-op-cluster-ias + name: openmcp-op-cluster-ias namespace: default labels: openmcp.cloud/blueprint-building-block: "sap-btp-services" From a9abd8b8d8f271a23d93f59b729ddfb93a6ee7a8 Mon Sep 17 00:00:00 2001 From: Steffen <5519671+sk31337@users.noreply.github.com> Date: Tue, 22 Apr 2025 10:19:03 +0200 Subject: [PATCH 94/94] Update yamllint.yml --- .github/workflows/yamllint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml index 750d7ea..7a430e3 100644 --- a/.github/workflows/yamllint.yml +++ b/.github/workflows/yamllint.yml @@ -7,7 +7,7 @@ on: # Triggers the workflow on push or pull request events but only for the "main" branch pull_request: branches: - - "main-not-activated-yet" + - "main-branch-not-activated-yet" concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -117,4 +117,4 @@ jobs: echo "::group:: human readable validation result" echo -e "${{ env.MESSAGE }}" echo "::endgroup::" - exit 1 \ No newline at end of file + exit 1