From 986b0188ac1ca2f839b70dca8e2cd5be943dc0e4 Mon Sep 17 00:00:00 2001 From: Cory Latschkowski Date: Sat, 7 Oct 2023 13:52:53 -0500 Subject: [PATCH] fix: ack operators --- .../aggregate/popular/kustomization.yaml | 12 - .../instance/adoptedresources-crd.yaml | 231 ------------------ .../instance/kustomization.yaml | 9 - .../operator}/base/kustomization.yaml | 4 +- .../base/subscription.yaml} | 5 +- .../overlays/alpha/kustomization.yaml | 0 .../overlays/alpha/user-secrets-secret.yaml | 0 .../operator}/base/kustomization.yaml | 4 +- .../base/subscription.yaml} | 5 +- .../overlays/alpha/kustomization.yaml | 0 .../overlays/alpha/user-secrets-secret.yaml | 0 .../operator}/base/kustomization.yaml | 4 +- .../base/subscription.yaml} | 5 +- .../overlays/alpha/kustomization.yaml | 0 .../overlays/alpha/user-secrets-secret.yaml | 0 .../operators/ack-s3-controller/INFO.md | 15 ++ .../operators/ack-s3-controller/README.md | 13 +- .../operator}/base/kustomization.yaml | 4 +- .../base/subscription.yaml} | 5 +- .../overlays/alpha/kustomization.yaml | 0 .../overlays/alpha/user-secrets-secret.yaml | 0 .../base/kustomization.yaml | 6 - .../operator/base/kustomization.yaml | 6 + .../base/subscription.yaml} | 5 +- .../overlays/alpha/kustomization.yaml | 0 .../overlays/alpha/user-secrets-secret.yaml | 0 components/operators/ack-system/README.md | 39 +++ components/operators/ack-system/SETUP.md | 40 +++ .../aggregate/popular/kustomization.yaml | 12 + .../base/kustomization.yaml | 0 .../base/user-config-cm.yaml | 0 .../base/user-secrets-secret.yaml | 0 .../operators/ack-system/examples/README.md | 59 +++++ .../examples/adopt-s3-bucket-cr.yml | 15 ++ .../examples/adopt-sagemaker-notebook-cr.yml | 15 ++ .../ack-system/examples/s3-bucket-cr.yml | 11 + .../sagemaker-notebook-instance-cr.yml | 15 ++ .../ack-system/instance/kustomization.yaml | 9 + .../instance/namespace.yaml | 0 .../instance/operator-group.yaml} | 0 .../overlays/aws-ops/kustomization.yaml | 2 +- .../overlays/aws-ops/namespace.yaml} | 2 +- .../overlays/default/kustomization.yaml | 0 .../operators/ack-system/scripts/setup.sh | 34 +++ 44 files changed, 292 insertions(+), 294 deletions(-) delete mode 100644 components/operators/ack-controllers/aggregate/popular/kustomization.yaml delete mode 100644 components/operators/ack-controllers/instance/adoptedresources-crd.yaml delete mode 100644 components/operators/ack-controllers/instance/kustomization.yaml rename components/operators/{ack-ecr-controller => ack-ec2-controller/operator}/base/kustomization.yaml (59%) rename components/operators/ack-ec2-controller/{base/install.yaml => operator/base/subscription.yaml} (73%) rename components/operators/ack-ec2-controller/{ => operator}/overlays/alpha/kustomization.yaml (100%) rename components/operators/ack-ec2-controller/{ => operator}/overlays/alpha/user-secrets-secret.yaml (100%) rename components/operators/{ack-iam-controller => ack-ecr-controller/operator}/base/kustomization.yaml (59%) rename components/operators/ack-ecr-controller/{base/install.yaml => operator/base/subscription.yaml} (73%) rename components/operators/ack-ecr-controller/{ => operator}/overlays/alpha/kustomization.yaml (100%) rename components/operators/ack-ecr-controller/{ => operator}/overlays/alpha/user-secrets-secret.yaml (100%) rename components/operators/{ack-s3-controller => ack-iam-controller/operator}/base/kustomization.yaml (59%) rename components/operators/ack-iam-controller/{base/install.yaml => operator/base/subscription.yaml} (73%) rename components/operators/ack-iam-controller/{ => operator}/overlays/alpha/kustomization.yaml (100%) rename components/operators/ack-iam-controller/{ => operator}/overlays/alpha/user-secrets-secret.yaml (100%) create mode 100644 components/operators/ack-s3-controller/INFO.md rename components/operators/{ack-ec2-controller => ack-s3-controller/operator}/base/kustomization.yaml (59%) rename components/operators/ack-s3-controller/{base/install.yaml => operator/base/subscription.yaml} (73%) rename components/operators/ack-s3-controller/{ => operator}/overlays/alpha/kustomization.yaml (100%) rename components/operators/ack-s3-controller/{ => operator}/overlays/alpha/user-secrets-secret.yaml (100%) delete mode 100644 components/operators/ack-sagemaker-controller/base/kustomization.yaml create mode 100644 components/operators/ack-sagemaker-controller/operator/base/kustomization.yaml rename components/operators/ack-sagemaker-controller/{base/install.yaml => operator/base/subscription.yaml} (73%) rename components/operators/ack-sagemaker-controller/{ => operator}/overlays/alpha/kustomization.yaml (100%) rename components/operators/ack-sagemaker-controller/{ => operator}/overlays/alpha/user-secrets-secret.yaml (100%) create mode 100644 components/operators/ack-system/README.md create mode 100644 components/operators/ack-system/SETUP.md create mode 100644 components/operators/ack-system/aggregate/popular/kustomization.yaml rename components/operators/{ack-controllers => ack-system}/base/kustomization.yaml (100%) rename components/operators/{ack-controllers => ack-system}/base/user-config-cm.yaml (100%) rename components/operators/{ack-controllers => ack-system}/base/user-secrets-secret.yaml (100%) create mode 100644 components/operators/ack-system/examples/README.md create mode 100644 components/operators/ack-system/examples/adopt-s3-bucket-cr.yml create mode 100644 components/operators/ack-system/examples/adopt-sagemaker-notebook-cr.yml create mode 100644 components/operators/ack-system/examples/s3-bucket-cr.yml create mode 100644 components/operators/ack-system/examples/sagemaker-notebook-instance-cr.yml create mode 100644 components/operators/ack-system/instance/kustomization.yaml rename components/operators/{ack-controllers => ack-system}/instance/namespace.yaml (100%) rename components/operators/{ack-controllers/instance/operatorgroup.yaml => ack-system/instance/operator-group.yaml} (100%) rename components/operators/{ack-controllers => ack-system}/overlays/aws-ops/kustomization.yaml (95%) rename components/operators/{ack-controllers/overlays/aws-ops/aws-ops-namespace.yaml => ack-system/overlays/aws-ops/namespace.yaml} (86%) rename components/operators/{ack-controllers => ack-system}/overlays/default/kustomization.yaml (100%) create mode 100644 components/operators/ack-system/scripts/setup.sh diff --git a/components/operators/ack-controllers/aggregate/popular/kustomization.yaml b/components/operators/ack-controllers/aggregate/popular/kustomization.yaml deleted file mode 100644 index f888d9d5..00000000 --- a/components/operators/ack-controllers/aggregate/popular/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: ack-system - -resources: - - ../../instance - - ../../../ack-ec2-controller/overlays/alpha - - ../../../ack-ecr-controller/overlays/alpha - - ../../../ack-iam-controller/overlays/alpha - - ../../../ack-s3-controller/overlays/alpha - - ../../../ack-sagemaker-controller/overlays/alpha diff --git a/components/operators/ack-controllers/instance/adoptedresources-crd.yaml b/components/operators/ack-controllers/instance/adoptedresources-crd.yaml deleted file mode 100644 index caee0cd6..00000000 --- a/components/operators/ack-controllers/instance/adoptedresources-crd.yaml +++ /dev/null @@ -1,231 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - name: adoptedresources.services.k8s.aws -spec: - group: services.k8s.aws - names: - kind: AdoptedResource - listKind: AdoptedResourceList - plural: adoptedresources - singular: adoptedresource - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AdoptedResource is the schema for the AdoptedResource API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AdoptedResourceSpec defines the desired state of the AdoptedResource. - properties: - aws: - description: AWSIdentifiers provide all unique ways to reference an - AWS resource. - properties: - additionalKeys: - additionalProperties: - type: string - description: AdditionalKeys represents any additional arbitrary - identifiers used when describing the target resource. - type: object - arn: - description: ARN is the AWS Resource Name for the resource. It - is a globally unique identifier. - type: string - nameOrID: - description: NameOrId is a user-supplied string identifier for - the resource. It may or may not be globally unique, depending - on the type of resource. - type: string - type: object - kubernetes: - description: ResourceWithMetadata provides the values necessary to - create a Kubernetes resource and override any of its metadata values. - properties: - group: - type: string - kind: - type: string - metadata: - description: "ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. It - is not possible to use `metav1.ObjectMeta` inside spec, as the - controller-gen automatically converts this to an arbitrary string-string - map. https://github.com/kubernetes-sigs/controller-tools/issues/385 - \n Active discussion about inclusion of this field in the spec - is happening in this PR: https://github.com/kubernetes-sigs/controller-tools/pull/395 - \n Until this is allowed, or if it never is, we will produce - a subset of the object meta that contains only the fields which - the user is allowed to modify in the metadata." - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, used by - the server, to generate a unique name ONLY IF the Name field - has not been provided. If this field is used, the name returned - to the client will be different than the name passed. This - value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and - may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is - specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created - or 500 with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the - Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. May - match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow - a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence - and configuration definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each name - must be unique. An empty namespace is equivalent to the - \"default\" namespace, but \"default\" is the canonical - representation. Not all objects are required to be scoped - to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. If ALL - objects in the list have been deleted, this object will - be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, - with the controller field set to true. There cannot be more - than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning object - must be in the same namespace as the dependent, or be - cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the - key-value store until this reference is removed. Defaults - to false. To set this field, a user needs "delete" - permission of the owner, otherwise 422 (Unprocessable - Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - type: array - type: object - required: - - group - - kind - type: object - required: - - aws - - kubernetes - type: object - status: - description: AdoptedResourceStatus defines the observed status of the - AdoptedResource. - properties: - conditions: - description: A collection of `ackv1alpha1.Condition` objects that - describe the various terminal states of the adopted resource CR - and its target custom resource - items: - description: Condition is the common struct used by all CRDs managed - by ACK service controllers to indicate terminal states of the - CR and its backend AWS service API resource - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type is the type of the Condition - type: string - required: - - status - - type - type: object - type: array - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/components/operators/ack-controllers/instance/kustomization.yaml b/components/operators/ack-controllers/instance/kustomization.yaml deleted file mode 100644 index 8c38879b..00000000 --- a/components/operators/ack-controllers/instance/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: ack-system - -resources: - - adoptedresources-crd.yaml - - namespace.yaml - - operatorgroup.yaml diff --git a/components/operators/ack-ecr-controller/base/kustomization.yaml b/components/operators/ack-ec2-controller/operator/base/kustomization.yaml similarity index 59% rename from components/operators/ack-ecr-controller/base/kustomization.yaml rename to components/operators/ack-ec2-controller/operator/base/kustomization.yaml index 79fe2fbd..8a5c3d9e 100644 --- a/components/operators/ack-ecr-controller/base/kustomization.yaml +++ b/components/operators/ack-ec2-controller/operator/base/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../ack-controllers/base - - install.yaml + - ../../../ack-system/base + - subscription.yaml diff --git a/components/operators/ack-ec2-controller/base/install.yaml b/components/operators/ack-ec2-controller/operator/base/subscription.yaml similarity index 73% rename from components/operators/ack-ec2-controller/base/install.yaml rename to components/operators/ack-ec2-controller/operator/base/subscription.yaml index 64cccb2f..12326ad8 100644 --- a/components/operators/ack-ec2-controller/base/install.yaml +++ b/components/operators/ack-ec2-controller/operator/base/subscription.yaml @@ -1,13 +1,10 @@ ---- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - labels: - operators.coreos.com/ack-ec2-controller.ack-system: "" name: ack-ec2-controller namespace: ack-system spec: - channel: patch-me + channel: patch-me-see-overlays-dir installPlanApproval: Automatic name: ack-ec2-controller source: community-operators diff --git a/components/operators/ack-ec2-controller/overlays/alpha/kustomization.yaml b/components/operators/ack-ec2-controller/operator/overlays/alpha/kustomization.yaml similarity index 100% rename from components/operators/ack-ec2-controller/overlays/alpha/kustomization.yaml rename to components/operators/ack-ec2-controller/operator/overlays/alpha/kustomization.yaml diff --git a/components/operators/ack-ec2-controller/overlays/alpha/user-secrets-secret.yaml b/components/operators/ack-ec2-controller/operator/overlays/alpha/user-secrets-secret.yaml similarity index 100% rename from components/operators/ack-ec2-controller/overlays/alpha/user-secrets-secret.yaml rename to components/operators/ack-ec2-controller/operator/overlays/alpha/user-secrets-secret.yaml diff --git a/components/operators/ack-iam-controller/base/kustomization.yaml b/components/operators/ack-ecr-controller/operator/base/kustomization.yaml similarity index 59% rename from components/operators/ack-iam-controller/base/kustomization.yaml rename to components/operators/ack-ecr-controller/operator/base/kustomization.yaml index 79fe2fbd..8a5c3d9e 100644 --- a/components/operators/ack-iam-controller/base/kustomization.yaml +++ b/components/operators/ack-ecr-controller/operator/base/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../ack-controllers/base - - install.yaml + - ../../../ack-system/base + - subscription.yaml diff --git a/components/operators/ack-ecr-controller/base/install.yaml b/components/operators/ack-ecr-controller/operator/base/subscription.yaml similarity index 73% rename from components/operators/ack-ecr-controller/base/install.yaml rename to components/operators/ack-ecr-controller/operator/base/subscription.yaml index 17da1915..0b5613ea 100644 --- a/components/operators/ack-ecr-controller/base/install.yaml +++ b/components/operators/ack-ecr-controller/operator/base/subscription.yaml @@ -1,13 +1,10 @@ ---- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - labels: - operators.coreos.com/ack-ecr-controller.ack-system: "" name: ack-ecr-controller namespace: ack-system spec: - channel: patch-me + channel: patch-me-see-overlays-dir installPlanApproval: Automatic name: ack-ecr-controller source: community-operators diff --git a/components/operators/ack-ecr-controller/overlays/alpha/kustomization.yaml b/components/operators/ack-ecr-controller/operator/overlays/alpha/kustomization.yaml similarity index 100% rename from components/operators/ack-ecr-controller/overlays/alpha/kustomization.yaml rename to components/operators/ack-ecr-controller/operator/overlays/alpha/kustomization.yaml diff --git a/components/operators/ack-ecr-controller/overlays/alpha/user-secrets-secret.yaml b/components/operators/ack-ecr-controller/operator/overlays/alpha/user-secrets-secret.yaml similarity index 100% rename from components/operators/ack-ecr-controller/overlays/alpha/user-secrets-secret.yaml rename to components/operators/ack-ecr-controller/operator/overlays/alpha/user-secrets-secret.yaml diff --git a/components/operators/ack-s3-controller/base/kustomization.yaml b/components/operators/ack-iam-controller/operator/base/kustomization.yaml similarity index 59% rename from components/operators/ack-s3-controller/base/kustomization.yaml rename to components/operators/ack-iam-controller/operator/base/kustomization.yaml index 79fe2fbd..8a5c3d9e 100644 --- a/components/operators/ack-s3-controller/base/kustomization.yaml +++ b/components/operators/ack-iam-controller/operator/base/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../ack-controllers/base - - install.yaml + - ../../../ack-system/base + - subscription.yaml diff --git a/components/operators/ack-iam-controller/base/install.yaml b/components/operators/ack-iam-controller/operator/base/subscription.yaml similarity index 73% rename from components/operators/ack-iam-controller/base/install.yaml rename to components/operators/ack-iam-controller/operator/base/subscription.yaml index c03f37f8..dfd42775 100644 --- a/components/operators/ack-iam-controller/base/install.yaml +++ b/components/operators/ack-iam-controller/operator/base/subscription.yaml @@ -1,13 +1,10 @@ ---- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - labels: - operators.coreos.com/ack-iam-controller.ack-system: "" name: ack-iam-controller namespace: ack-system spec: - channel: patch-me + channel: patch-me-see-overlays-dir installPlanApproval: Automatic name: ack-iam-controller source: community-operators diff --git a/components/operators/ack-iam-controller/overlays/alpha/kustomization.yaml b/components/operators/ack-iam-controller/operator/overlays/alpha/kustomization.yaml similarity index 100% rename from components/operators/ack-iam-controller/overlays/alpha/kustomization.yaml rename to components/operators/ack-iam-controller/operator/overlays/alpha/kustomization.yaml diff --git a/components/operators/ack-iam-controller/overlays/alpha/user-secrets-secret.yaml b/components/operators/ack-iam-controller/operator/overlays/alpha/user-secrets-secret.yaml similarity index 100% rename from components/operators/ack-iam-controller/overlays/alpha/user-secrets-secret.yaml rename to components/operators/ack-iam-controller/operator/overlays/alpha/user-secrets-secret.yaml diff --git a/components/operators/ack-s3-controller/INFO.md b/components/operators/ack-s3-controller/INFO.md new file mode 100644 index 00000000..f05d3300 --- /dev/null +++ b/components/operators/ack-s3-controller/INFO.md @@ -0,0 +1,15 @@ +# ack-s3-controller + +Manage Amazon Simple Storage Service (S3) resources in AWS from within your Kubernetes cluster. + +**About Amazon S3** + +Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9s) of durability, and stores data for millions of applications for companies all around the world. + +**About the AWS Controllers for Kubernetes** + +This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. + +**Pre-Installation Steps** + +Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) \ No newline at end of file diff --git a/components/operators/ack-s3-controller/README.md b/components/operators/ack-s3-controller/README.md index ddd1b959..fc7e8716 100644 --- a/components/operators/ack-s3-controller/README.md +++ b/components/operators/ack-s3-controller/README.md @@ -1,15 +1,16 @@ -# AWS Controller for Kubernetes (ACK) S3 Operator +# AWS Controllers for Kubernetes - Amazon S3 -Installs the ACK S3 operator. +Install AWS Controllers for Kubernetes - Amazon S3. Do not use the `base` directory directly, as you will need to patch the `channel` based on the version of OpenShift you are using, or the version of the operator you want to use. The current *overlays* available are for the following channels: -* [alpha](overlays/alpha) + +* [alpha](operator/overlays/alpha) ## Usage -If you have cloned the `gitops-catalog` repository, you can install the ACK S3 operator based on the overlay of your choice by running from the root `gitops-catalog` directory +If you have cloned the `gitops-catalog` repository, you can install AWS Controllers for Kubernetes - Amazon S3 based on the overlay of your choice by running from the root (`gitops-catalog`) directory. ``` oc apply -k ack-s3-controller/operator/overlays/ @@ -27,5 +28,5 @@ As part of a different overlay in your own GitOps repo: apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - github.com/redhat-cop/gitops-catalog/ack-s3-controller/operator/overlays/?ref=main -``` \ No newline at end of file + - https://github.com/redhat-cop/gitops-catalog/ack-s3-controller/operator/overlays/?ref=main +``` diff --git a/components/operators/ack-ec2-controller/base/kustomization.yaml b/components/operators/ack-s3-controller/operator/base/kustomization.yaml similarity index 59% rename from components/operators/ack-ec2-controller/base/kustomization.yaml rename to components/operators/ack-s3-controller/operator/base/kustomization.yaml index 79fe2fbd..8a5c3d9e 100644 --- a/components/operators/ack-ec2-controller/base/kustomization.yaml +++ b/components/operators/ack-s3-controller/operator/base/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../ack-controllers/base - - install.yaml + - ../../../ack-system/base + - subscription.yaml diff --git a/components/operators/ack-s3-controller/base/install.yaml b/components/operators/ack-s3-controller/operator/base/subscription.yaml similarity index 73% rename from components/operators/ack-s3-controller/base/install.yaml rename to components/operators/ack-s3-controller/operator/base/subscription.yaml index 565efa0d..5426c321 100644 --- a/components/operators/ack-s3-controller/base/install.yaml +++ b/components/operators/ack-s3-controller/operator/base/subscription.yaml @@ -1,13 +1,10 @@ ---- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - labels: - operators.coreos.com/ack-s3-controller.ack-system: "" name: ack-s3-controller namespace: ack-system spec: - channel: patch-me + channel: patch-me-see-overlays-dir installPlanApproval: Automatic name: ack-s3-controller source: community-operators diff --git a/components/operators/ack-s3-controller/overlays/alpha/kustomization.yaml b/components/operators/ack-s3-controller/operator/overlays/alpha/kustomization.yaml similarity index 100% rename from components/operators/ack-s3-controller/overlays/alpha/kustomization.yaml rename to components/operators/ack-s3-controller/operator/overlays/alpha/kustomization.yaml diff --git a/components/operators/ack-s3-controller/overlays/alpha/user-secrets-secret.yaml b/components/operators/ack-s3-controller/operator/overlays/alpha/user-secrets-secret.yaml similarity index 100% rename from components/operators/ack-s3-controller/overlays/alpha/user-secrets-secret.yaml rename to components/operators/ack-s3-controller/operator/overlays/alpha/user-secrets-secret.yaml diff --git a/components/operators/ack-sagemaker-controller/base/kustomization.yaml b/components/operators/ack-sagemaker-controller/base/kustomization.yaml deleted file mode 100644 index 79fe2fbd..00000000 --- a/components/operators/ack-sagemaker-controller/base/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ../../ack-controllers/base - - install.yaml diff --git a/components/operators/ack-sagemaker-controller/operator/base/kustomization.yaml b/components/operators/ack-sagemaker-controller/operator/base/kustomization.yaml new file mode 100644 index 00000000..8a5c3d9e --- /dev/null +++ b/components/operators/ack-sagemaker-controller/operator/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../ack-system/base + - subscription.yaml diff --git a/components/operators/ack-sagemaker-controller/base/install.yaml b/components/operators/ack-sagemaker-controller/operator/base/subscription.yaml similarity index 73% rename from components/operators/ack-sagemaker-controller/base/install.yaml rename to components/operators/ack-sagemaker-controller/operator/base/subscription.yaml index 1455ae5e..ddb25eba 100644 --- a/components/operators/ack-sagemaker-controller/base/install.yaml +++ b/components/operators/ack-sagemaker-controller/operator/base/subscription.yaml @@ -1,13 +1,10 @@ ---- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - labels: - operators.coreos.com/ack-sagemaker-controller.ack-system: "" name: ack-sagemaker-controller namespace: ack-system spec: - channel: patch-me + channel: patch-me-see-overlays-dir installPlanApproval: Automatic name: ack-sagemaker-controller source: community-operators diff --git a/components/operators/ack-sagemaker-controller/overlays/alpha/kustomization.yaml b/components/operators/ack-sagemaker-controller/operator/overlays/alpha/kustomization.yaml similarity index 100% rename from components/operators/ack-sagemaker-controller/overlays/alpha/kustomization.yaml rename to components/operators/ack-sagemaker-controller/operator/overlays/alpha/kustomization.yaml diff --git a/components/operators/ack-sagemaker-controller/overlays/alpha/user-secrets-secret.yaml b/components/operators/ack-sagemaker-controller/operator/overlays/alpha/user-secrets-secret.yaml similarity index 100% rename from components/operators/ack-sagemaker-controller/overlays/alpha/user-secrets-secret.yaml rename to components/operators/ack-sagemaker-controller/operator/overlays/alpha/user-secrets-secret.yaml diff --git a/components/operators/ack-system/README.md b/components/operators/ack-system/README.md new file mode 100644 index 00000000..3bd2573e --- /dev/null +++ b/components/operators/ack-system/README.md @@ -0,0 +1,39 @@ +# AWS Controller for Kubernetes (ACK) EC2 Operator + +Installs the ACK operators. + +Do not use the `base` directory directly, as you will need to patch the `channel` based on the version of OpenShift you are using, or the version of the operator you want to use. + +NOTICE - !!! ACK Controllers are ALPHA !!! + +The current *options* available are for the following: +* [overlays/aws-ops](overlays/aws-ops) - allows you to manage AWS services from `aws-ops` namespace +* [aggregate/popular](aggregate/popular) - installs the most popular ack controllers +* [overlays/default](overlays/default) - doesn't really do anything + +## Usage + +If you have cloned the `gitops-catalog` repository, you can install the ACK operator based on the overlay of your choice by running from the root `gitops-catalog` directory + +``` +oc apply -k ack-controllers/operator/overlays/ +``` + +Or, without cloning: + +``` +oc apply -k https://github.com/redhat-cop/gitops-catalog/ack-controllers/overlays/aws-ops +``` + +As part of a different overlay in your own GitOps repo: + +``` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - github.com/redhat-cop/gitops-catalog/ack-controllers/overlays/aws-ops?ref=main +``` + +## Setup + +See [Setup](SETUP.md) \ No newline at end of file diff --git a/components/operators/ack-system/SETUP.md b/components/operators/ack-system/SETUP.md new file mode 100644 index 00000000..fcb29032 --- /dev/null +++ b/components/operators/ack-system/SETUP.md @@ -0,0 +1,40 @@ +## Setup AWS Controllers for Kubernetes / ACK Operators + +Create AWS users (service principles) + +NOTICE: Keep output from `aws iam create-access-key ...` + +``` +# create s3 user +aws iam create-user --user-name ack-user-s3 +aws iam create-access-key --user-name ack-user-s3 +``` + +``` +# create sagemaker user +aws iam create-user --user-name ack-user-sagemaker +aws iam create-access-key --user-name ack-user-sagemaker +``` + +Assign Amazon Resource Name (ARN) policy to users + +``` + +# attach user policy - s3 +aws iam attach-user-policy \ + --user-name ack-user-s3 \ + --policy-arn 'arn:aws:iam::aws:policy/AmazonS3FullAccess' + +``` + +``` +# attach user policy - sagemaker (ec2,sagemaker) +aws iam attach-user-policy \ + --user-name ack-user-sagemaker \ + --policy-arn 'arn:aws:iam::aws:policy/AmazonSageMakerFullAccess' + +``` + +## Links +- [IAM Policy - S3 ](https://github.com/aws-controllers-k8s/s3-controller/blob/main/config/iam/recommended-policy-arn) +- [IAM Policy - Sagemaker](https://github.com/aws-controllers-k8s/sagemaker-controller/blob/main/config/iam/recommended-policy-arn) diff --git a/components/operators/ack-system/aggregate/popular/kustomization.yaml b/components/operators/ack-system/aggregate/popular/kustomization.yaml new file mode 100644 index 00000000..4cc7f6a5 --- /dev/null +++ b/components/operators/ack-system/aggregate/popular/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: ack-system + +resources: + - ../../instance + - ../../../ack-ec2-controller/operator/overlays/alpha + - ../../../ack-ecr-controller/operator/overlays/alpha + - ../../../ack-iam-controller/operator/overlays/alpha + - ../../../ack-s3-controller/operator/overlays/alpha + - ../../../ack-sagemaker-controller/operator/overlays/alpha diff --git a/components/operators/ack-controllers/base/kustomization.yaml b/components/operators/ack-system/base/kustomization.yaml similarity index 100% rename from components/operators/ack-controllers/base/kustomization.yaml rename to components/operators/ack-system/base/kustomization.yaml diff --git a/components/operators/ack-controllers/base/user-config-cm.yaml b/components/operators/ack-system/base/user-config-cm.yaml similarity index 100% rename from components/operators/ack-controllers/base/user-config-cm.yaml rename to components/operators/ack-system/base/user-config-cm.yaml diff --git a/components/operators/ack-controllers/base/user-secrets-secret.yaml b/components/operators/ack-system/base/user-secrets-secret.yaml similarity index 100% rename from components/operators/ack-controllers/base/user-secrets-secret.yaml rename to components/operators/ack-system/base/user-secrets-secret.yaml diff --git a/components/operators/ack-system/examples/README.md b/components/operators/ack-system/examples/README.md new file mode 100644 index 00000000..f9f915af --- /dev/null +++ b/components/operators/ack-system/examples/README.md @@ -0,0 +1,59 @@ +# Adopting AWS resources into k8s / OpenShift + +In some cases you want to manage a pre-existing resource that already exists in AWS. You can "adopt" that resource. This allows the ACK operator to create a CR for the object. + +Example: + +A preexisting S3 bucket called `sagemaker-fingerprint-data` exists in AWS. + +When trying to create a `Bucket` CR in k8s / OpenShift the following error appears: + +``` +Status: +ACK.Terminal + +This resource already exists but is not managed by ACK. To bring the resource under ACK management, you should explicitly adopt the resource by creating a services.k8s.aws/AdoptedResource +``` + +Steps to resolve: + +1. Delete the `Bucket` CR in the `ACK.Terminal` state +1. Create an `AdoptedResource` - See: [Example](adopt-sagemaker-fingerprint-data-cr.yml) +1. S3 ACK Operator creates `Bucket` CR from existing resource in AWS + +## Notes + +**!!! WARNING !!!** + +## *2023-01-11* + +Once a resource in AWS has been `adopted` into a CR, deleting the +`AdoptedResource` triggers no action from the ACK operator. + +The only safe way to remove an adopted CR *WITHOUT DELETING THE AWS +RESOURCE* is to remove the finalizer +from the CR, and hope deleting the CR doesn't cause the operator +to delete your AWS resource. + +The assumption appears to be... + +Once a resource is `adopted` it will only +be managed in k8s / OpenShift via the CR. No manual changes outside of +k8s / OpenShift appear to sync to the CR (ex: tags) via the operator. + +Any changes outside of k8s / OpenShift will be overwritten by the CR. + +Good Luck! + +``` +metadata: + # delete the following 2 lines + # before deleting the CR + finalizers: + - finalizers.s3.services.k8s.aws/Bucket +... +``` + +## Links + +- diff --git a/components/operators/ack-system/examples/adopt-s3-bucket-cr.yml b/components/operators/ack-system/examples/adopt-s3-bucket-cr.yml new file mode 100644 index 00000000..42242072 --- /dev/null +++ b/components/operators/ack-system/examples/adopt-s3-bucket-cr.yml @@ -0,0 +1,15 @@ +apiVersion: services.k8s.aws/v1alpha1 +kind: AdoptedResource +metadata: + name: sagemaker-fingerprint-data +spec: + aws: + # resource to adopt, not created by ACK + nameOrID: sagemaker-fingerprint-data + kubernetes: + group: s3.services.k8s.aws + kind: Bucket + metadata: + # target K8s CR name + name: sagemaker-fingerprint-data + namespace: fingerprint-id diff --git a/components/operators/ack-system/examples/adopt-sagemaker-notebook-cr.yml b/components/operators/ack-system/examples/adopt-sagemaker-notebook-cr.yml new file mode 100644 index 00000000..d36e04ef --- /dev/null +++ b/components/operators/ack-system/examples/adopt-sagemaker-notebook-cr.yml @@ -0,0 +1,15 @@ +apiVersion: services.k8s.aws/v1alpha1 +kind: AdoptedResource +metadata: + name: sagemaker-notebook +spec: + aws: + # resource to adopt, not created by ACK + nameOrID: sagemaker-notebook + kubernetes: + group: sagemaker.services.k8s.aws + kind: NotebookInstance + metadata: + # target K8s CR name + name: sagemaker-notebook + namespace: fingerprint-id diff --git a/components/operators/ack-system/examples/s3-bucket-cr.yml b/components/operators/ack-system/examples/s3-bucket-cr.yml new file mode 100644 index 00000000..79a7bfce --- /dev/null +++ b/components/operators/ack-system/examples/s3-bucket-cr.yml @@ -0,0 +1,11 @@ +apiVersion: s3.services.k8s.aws/v1alpha1 +kind: Bucket +metadata: + name: sagemaker-fingerprint-data + annotations: + gitUrl: https://github.com/redhat-na-ssa/demo-rosa-sagemaker.git + fix: | + oc delete bucket sagemaker-fingerprint-data + oc apply -f openshift/ack-examples/adopted/adopt-sagemaker-fingerprint-data-cr.yml +spec: + name: sagemaker-fingerprint-data diff --git a/components/operators/ack-system/examples/sagemaker-notebook-instance-cr.yml b/components/operators/ack-system/examples/sagemaker-notebook-instance-cr.yml new file mode 100644 index 00000000..2640d51e --- /dev/null +++ b/components/operators/ack-system/examples/sagemaker-notebook-instance-cr.yml @@ -0,0 +1,15 @@ +apiVersion: sagemaker.services.k8s.aws/v1alpha1 +kind: NotebookInstance +metadata: + name: fingerprint-id + annotations: + recommendedInstanceType: ml.p3.8xlarge, ml.p3.16xlarge, ml.g4dn.12xlarge, ml.p4d.24xlarge +spec: + # NOTICE: There is no CRD for CodeRepository (manual creation) + defaultCodeRepository: 'https://github.com/redhat-na-ssa/demo-rosa-sagemaker.git' + instanceType: ml.p3.8xlarge + lifecycleConfigName: lifecycle-from-github + notebookInstanceName: fingerprint-id + roleARN: 'arn:aws:iam::000000000000:role/AmazonSageMaker-ExecutionRole' + # BUG: volumeSizeInGB is a required field if you want the operator to not lose its mind + volumeSizeInGB: 5 diff --git a/components/operators/ack-system/instance/kustomization.yaml b/components/operators/ack-system/instance/kustomization.yaml new file mode 100644 index 00000000..4d4fce3f --- /dev/null +++ b/components/operators/ack-system/instance/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: ack-system + +resources: + - https://raw.githubusercontent.com/aws-controllers-k8s/s3-controller/main/config/crd/common/bases/services.k8s.aws_adoptedresources.yaml + - namespace.yaml + - operator-group.yaml diff --git a/components/operators/ack-controllers/instance/namespace.yaml b/components/operators/ack-system/instance/namespace.yaml similarity index 100% rename from components/operators/ack-controllers/instance/namespace.yaml rename to components/operators/ack-system/instance/namespace.yaml diff --git a/components/operators/ack-controllers/instance/operatorgroup.yaml b/components/operators/ack-system/instance/operator-group.yaml similarity index 100% rename from components/operators/ack-controllers/instance/operatorgroup.yaml rename to components/operators/ack-system/instance/operator-group.yaml diff --git a/components/operators/ack-controllers/overlays/aws-ops/kustomization.yaml b/components/operators/ack-system/overlays/aws-ops/kustomization.yaml similarity index 95% rename from components/operators/ack-controllers/overlays/aws-ops/kustomization.yaml rename to components/operators/ack-system/overlays/aws-ops/kustomization.yaml index 72e33eb9..d8e067bf 100644 --- a/components/operators/ack-controllers/overlays/aws-ops/kustomization.yaml +++ b/components/operators/ack-system/overlays/aws-ops/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - ../../aggregate/popular - - aws-ops-namespace.yaml + - namespace.yaml patches: - patch: |- diff --git a/components/operators/ack-controllers/overlays/aws-ops/aws-ops-namespace.yaml b/components/operators/ack-system/overlays/aws-ops/namespace.yaml similarity index 86% rename from components/operators/ack-controllers/overlays/aws-ops/aws-ops-namespace.yaml rename to components/operators/ack-system/overlays/aws-ops/namespace.yaml index de0bbe8a..715682c4 100644 --- a/components/operators/ack-controllers/overlays/aws-ops/aws-ops-namespace.yaml +++ b/components/operators/ack-system/overlays/aws-ops/namespace.yaml @@ -5,7 +5,7 @@ metadata: annotations: openshift.io/description: | Create your ACK Operator CRs Here - !!! ACKS Controllers are ALPHA !!! + !!! ACK Controllers are ALPHA !!! openshift.io/display-name: AWS Ops via ACK Controllers labels: argocd.argoproj.io/managed-by: cluster-config diff --git a/components/operators/ack-controllers/overlays/default/kustomization.yaml b/components/operators/ack-system/overlays/default/kustomization.yaml similarity index 100% rename from components/operators/ack-controllers/overlays/default/kustomization.yaml rename to components/operators/ack-system/overlays/default/kustomization.yaml diff --git a/components/operators/ack-system/scripts/setup.sh b/components/operators/ack-system/scripts/setup.sh new file mode 100644 index 00000000..b38eaee3 --- /dev/null +++ b/components/operators/ack-system/scripts/setup.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# shellcheck disable=SC2155 + +# kludges +# TODO: ArgoCD Hooks + +# get aws creds +get_aws_key(){ + # get aws creds + export AWS_ACCESS_KEY_ID=$(oc -n kube-system extract secret/aws-creds --keys=aws_access_key_id --to=-) + export AWS_SECRET_ACCESS_KEY=$(oc -n kube-system extract secret/aws-creds --keys=aws_secret_access_key --to=-) + export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-west-2} + + echo "AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}" + sleep 4 +} + +# create secrets for ack controllers +setup_ack_system(){ + NAMESPACE=ack-system + + # manually create ack-system + setup_namespace "${NAMESPACE}" + + for type in ec2 ecr iam s3 sagemaker + do + # oc apply -k ../../ack-${type}-controller/operator/overlays/alpha + + # create ack operator secrets with main creds + < ../../ack-${type}-controller/overlays/alpha/user-secrets-secret.yaml \ + sed "s@UPDATE_AWS_ACCESS_KEY_ID@${AWS_ACCESS_KEY_ID}@; s@UPDATE_AWS_SECRET_ACCESS_KEY@${AWS_SECRET_ACCESS_KEY}@" | \ + oc -n "${NAMESPACE}" apply -f - + done +}