├── tools ├── cmd │ └── __init__.py ├── ackdiscover │ ├── __init__.py │ ├── maintenance_phases.py │ ├── project_stages.py │ └── README.md ├── README.md ├── requirements.txt └── setup.py ├── .gitattributes ├── src └── acktest │ ├── .gitignore │ ├── __init__.py │ ├── aws │ ├── __init__.py │ └── identity.py │ ├── k8s │ └── __init__.py │ └── bootstrapping │ ├── kms.py │ ├── dynamodb.py │ ├── secretsmanager.py │ ├── sns.py │ ├── signer.py │ ├── cognito_identity.py │ ├── route53.py │ ├── cloudwatch.py │ └── vpc_endpoint_service.py ├── scripts ├── .dockerignore ├── kind-configurations │ ├── kind-two-node-cluster.yaml │ └── kind-two-node-prometheus-cluster.yaml ├── creds-templates │ ├── local-test-aws-creds-template.txt │ └── prow-test-aws-creds-template.txt ├── lib │ ├── login.sh │ ├── common.sh │ └── logging.sh ├── public-ecr-set-catalog.sh ├── ecr-templates │ ├── ecr-chart-template.json │ └── ecr-controller-template.json ├── public-ecr.sh ├── Dockerfile.pytest-image └── metadata-file-test-runner.sh ├── NOTICE ├── prow ├── jobs │ ├── requirements.txt │ ├── jobs.yaml.gz │ ├── test_config.yaml │ ├── images │ │ ├── Dockerfile.deploy-docs │ │ ├── Dockerfile.upgrade-go-version │ │ ├── Dockerfile.docs │ │ ├── Dockerfile.verify-attribution │ │ ├── Dockerfile.scan-controllers-cve │ │ ├── Dockerfile.controller-release-tag │ │ ├── README.md │ │ ├── Dockerfile.deploy │ │ ├── deploy-docs.sh │ │ ├── Dockerfile.build-prow-images │ │ ├── Dockerfile.auto-update-controllers │ │ ├── Dockerfile.unit-test │ │ ├── Dockerfile.soak-test │ │ └── build-docs.sh │ ├── templates │ │ ├── presubmits │ │ │ ├── controller_bootstrap_test.tpl │ │ │ ├── pkg_tests.tpl │ │ │ └── test_infra_tests.tpl │ │ ├── postsubmits │ │ │ ├── test-infra.tpl │ │ │ ├── ack-chart_release.tpl │ │ │ ├── docs_website.tpl │ │ │ ├── community_docs.tpl │ │ │ ├── controller_bootstrap_update.tpl │ │ │ ├── runtime_release.tpl │ │ │ └── codegen_release.tpl │ │ └── periodics │ │ │ ├── docs_website.tpl │ │ │ ├── docs_release.tpl │ │ │ ├── scan-controllers-cve.tpl │ │ │ ├── upgrade-eks-distro-version.tpl │ │ │ ├── upgrade-go-version.tpl │ │ │ ├── lifecycle_bot_periodic_close.tpl │ │ │ ├── label_sync.tpl │ │ │ ├── lifecycle_bot_periodic_rotten.tpl │ │ │ └── lifecycle_bot_periodic_stale.tpl │ ├── tools │ │ └── cmd │ │ │ ├── main.go │ │ │ └── command │ │ │ ├── upgrade_eks_distro_version_helper.go │ │ │ └── ecrpublic │ │ │ ├── client_url.go │ │ │ └── client_token.go │ ├── images_config.yaml │ ├── kustomization.yaml │ └── README.md ├── plugins │ ├── images_config.yaml │ ├── deployments │ │ ├── kustomization.yaml │ │ └── agent-plugin │ │ │ ├── kustomization.yaml │ │ │ ├── service.yaml │ │ │ └── rbac.yaml │ ├── templates │ │ └── agent-plugin │ │ │ ├── service.tpl │ │ │ └── rbac.tpl │ ├── agent-plugin │ │ ├── config │ │ │ └── workflows.yaml │ │ ├── examples │ │ │ └── plugin-config.yaml │ │ ├── pkg │ │ │ ├── k8s │ │ │ │ ├── context.go │ │ │ │ ├── client.go │ │ │ │ └── types.go │ │ │ └── webhook │ │ │ │ └── clients.go │ │ └── README.md │ └── images │ │ └── Dockerfile.agent-plugin ├── agent-workflows │ ├── images_config.yaml │ ├── agents │ │ ├── .dockerignore │ │ ├── ack_tag_agent │ │ │ └── __init__.py │ │ ├── config │ │ │ ├── __init__.py │ │ │ └── defaults.py │ │ ├── utils │ │ │ ├── __init__.py │ │ │ ├── formatting.py │ │ │ ├── logging.py │ │ │ └── validation.py │ │ ├── ack_model_agent │ │ │ └── __init__.py │ │ ├── workflows │ │ │ └── __init__.py │ │ ├── ack_builder_agent │ │ │ └── __init__.py │ │ ├── ack_generator_agent │ │ │ └── __init__.py │ │ ├── Makefile │ │ └── pyproject.toml │ ├── kustomization.yaml │ ├── templates │ │ └── add-resource.tpl │ └── agent-workflows.yaml ├── config │ ├── Chart.yaml │ ├── .helmignore │ └── templates │ │ ├── crier-ServiceAccount.yaml │ │ ├── deck-ServiceAccount.yaml │ │ ├── hook-ServiceAccount.yaml │ │ ├── tide-ServiceAccount.yaml │ │ ├── hook-Service.yaml │ │ ├── sinker-ServiceAccount.yaml │ │ ├── hmac-token-Secret.yaml │ │ ├── horologium-ServiceAccount.yaml │ │ ├── statusreconciler-Role.yaml │ │ ├── statusreconciler-ServiceAccount.yaml │ │ ├── deck-Role.yaml │ │ ├── hook-metrics-Service.yaml │ │ ├── crier-Role.yaml │ │ ├── horologium-Role.yaml │ │ ├── prow-controller-manager-ServiceAccount.yaml │ │ ├── tide-Role.yaml │ │ ├── ghProxy-PersistentVolumeClaim.yaml │ │ ├── tide-Service.yaml │ │ ├── ghProxy-Service.yaml │ │ ├── prow-controller-manager-Service.yaml │ │ ├── deck-Service.yaml │ │ ├── crier-RoleBinding.yaml │ │ ├── deck-RoleBinding.yaml │ │ ├── hook-RoleBinding.yaml │ │ ├── tide-RoleBinding.yaml │ │ ├── sinker-RoleBinding.yaml │ │ ├── github-token-Secret.yaml │ │ ├── horologium-RoleBinding.yaml │ │ ├── s3-credentials-Secret.yaml │ │ ├── statusreconciler-RoleBinding.yaml │ │ ├── hook-Role.yaml │ │ ├── prow-controller-manager-RoleBinding.yaml │ │ ├── _helpers.tpl │ │ ├── plugins-ConfigMap.yaml │ │ ├── sinker-Role.yaml │ │ ├── ing-Ingress.yaml │ │ ├── prow-controller-manager-Role.yaml │ │ └── ghProxy-Deployment.yaml ├── data-plane │ ├── Chart.yaml │ ├── .helmignore │ ├── values.yaml │ └── templates │ │ ├── deck-Role.yaml │ │ ├── hook-Role.yaml │ │ ├── sinker-Role.yaml │ │ ├── prow-controller-manager-Role.yaml │ │ ├── crier-Role.yaml │ │ ├── crier-RoleBinding.yaml │ │ ├── deck-RoleBinding.yaml │ │ ├── hook-RoleBinding.yaml │ │ ├── sinker-RoleBinding.yaml │ │ ├── s3-credentials-Secret.yaml │ │ └── prow-controller-manager-RoleBinding.yaml ├── README.md └── prometheus-dashboards │ └── kustomization.yaml ├── OWNERS ├── requirements.txt ├── .codespellrc ├── docs ├── images │ ├── controller-release.png │ └── test-infra-workflow.png ├── design │ └── proposal │ │ └── dependency-upgrades │ │ └── aws-sdk-patch-version-upgrades.md └── setup.md ├── flux ├── karpenter-config │ ├── kustomization.yaml │ ├── node-template.yaml │ └── provisioner.yaml ├── kustomization.yaml ├── README.md ├── prow-charts │ ├── kustomization.yaml │ ├── prow-jobs.yaml │ ├── prow-plugins.yaml │ ├── prow-agent-workflows.yaml │ └── prow-data-plane.yaml ├── prometheus-dashboards.yaml ├── karpenter.yaml └── prow.yaml ├── soak ├── monitoring │ └── grafana │ │ └── kustomization.yaml ├── helm │ └── ack-soak-test │ │ ├── .helmignore │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ └── templates │ │ └── job.yaml ├── cluster-config.yaml ├── default_soak_config.yaml └── Dockerfile ├── setup.cfg ├── CODE_OF_CONDUCT.md ├── Pipfile ├── cd ├── core-validator │ └── README.md ├── olm │ ├── gh_pr_body_template.txt │ ├── gh_issue_missing_olmconfig_template.txt │ └── gh_issue_missing_oh_ci_template.txt ├── auto-update │ ├── gh_pr_body_template.txt │ └── gh_issue_update_controller_template.txt └── auto-generate │ ├── gh_pr_body_template.txt │ ├── gh_issue_release_tag_template.txt │ ├── gh_pr_body_new_release_template.txt │ ├── gh_issue_body_template.txt │ └── README.md ├── OWNERS_ALIASES ├── setup.py ├── Makefile ├── go.mod ├── README.md └── GOVERNANCE.md /tools/cmd/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.gz binary 2 | -------------------------------------------------------------------------------- /tools/ackdiscover/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/acktest/.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__/ 2 | *.py[cod] -------------------------------------------------------------------------------- /scripts/.dockerignore: -------------------------------------------------------------------------------- 1 | __pycache__/ 2 | .pytest_cache/ -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | -------------------------------------------------------------------------------- /prow/jobs/requirements.txt: -------------------------------------------------------------------------------- 1 | PyYAML==5.4 2 | Jinja2==2.11.3 3 | markupsafe==2.0.1 4 | -------------------------------------------------------------------------------- /tools/README.md: -------------------------------------------------------------------------------- 1 | # ACK tools 2 | 3 | Tools for the ACK repositories and documentation -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | approvers: 4 | - core-ack-team -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | boto3==1.42.0 2 | kubernetes==28.1.0 3 | PyYAML==6.0.1 4 | pytest-xdist==3.5.0 5 | -------------------------------------------------------------------------------- /prow/jobs/jobs.yaml.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-controllers-k8s/test-infra/HEAD/prow/jobs/jobs.yaml.gz -------------------------------------------------------------------------------- /prow/plugins/images_config.yaml: -------------------------------------------------------------------------------- 1 | image_repo: public.ecr.aws/m5q3e4b2/prow 2 | images: 3 | agent-plugin: agent-plugin-0.0.3 4 | -------------------------------------------------------------------------------- /.codespellrc: -------------------------------------------------------------------------------- 1 | [codespell] 2 | skip = .codespellrc,./.git,*.svg,package-lock.json 3 | check-filenames = 4 | check-hidden = 5 | quiet = 2 6 | -------------------------------------------------------------------------------- /docs/images/controller-release.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-controllers-k8s/test-infra/HEAD/docs/images/controller-release.png -------------------------------------------------------------------------------- /docs/images/test-infra-workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-controllers-k8s/test-infra/HEAD/docs/images/test-infra-workflow.png -------------------------------------------------------------------------------- /prow/agent-workflows/images_config.yaml: -------------------------------------------------------------------------------- 1 | image_repo: public.ecr.aws/m5q3e4b2/prow 2 | images: 3 | add-resource: add-resource-0.0.1 4 | -------------------------------------------------------------------------------- /tools/requirements.txt: -------------------------------------------------------------------------------- 1 | boto3==1.21.8 2 | GitPython==3.1.32 3 | PyYAML==6.0.1 4 | PyGitHub==1.55 5 | prettytable==3.2.0 6 | ijson==3.2.3 7 | -------------------------------------------------------------------------------- /prow/plugins/deployments/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - agent-plugin -------------------------------------------------------------------------------- /flux/karpenter-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - node-template.yaml 6 | - provisioner.yaml -------------------------------------------------------------------------------- /scripts/kind-configurations/kind-two-node-cluster.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | nodes: 4 | - role: control-plane 5 | - role: worker 6 | -------------------------------------------------------------------------------- /docs/design/proposal/dependency-upgrades/aws-sdk-patch-version-upgrades.md: -------------------------------------------------------------------------------- 1 | TODO(vijtrip2) Add proposal for consuming aws-sdk-go patch releases 2 | within specific service controllers. -------------------------------------------------------------------------------- /prow/config/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: prow-config 3 | description: Configuration for the ACK Prow cluster 4 | type: application 5 | version: 0.4.0 6 | appVersion: "1.16.0" 7 | -------------------------------------------------------------------------------- /flux/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - prometheus.yaml 6 | - prometheus-dashboards.yaml 7 | - prow.yaml 8 | - karpenter.yaml -------------------------------------------------------------------------------- /scripts/creds-templates/local-test-aws-creds-template.txt: -------------------------------------------------------------------------------- 1 | $local_aws_creds_content 2 | 3 | [$TEST_AWS_PROFILE_NAME] 4 | role_arn=$assumed_role_arn 5 | source_profile=$ack_test_source_aws_profile 6 | -------------------------------------------------------------------------------- /prow/data-plane/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: prow-data-plane 3 | description: Configuration for the ACK Prow cluster data plane 4 | type: application 5 | version: 0.1.0 6 | appVersion: "1.16.0" 7 | -------------------------------------------------------------------------------- /prow/plugins/deployments/agent-plugin/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - deployment.yaml 6 | - rbac.yaml 7 | - service.yaml -------------------------------------------------------------------------------- /flux/README.md: -------------------------------------------------------------------------------- 1 | # Flux2 Sources 2 | 3 | Contains all of the Flux sources deployed to the test infrastructure 4 | cluster. Any new source created in this directory will automatically be 5 | applied to the cluster. -------------------------------------------------------------------------------- /flux/prow-charts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - prow-config.yaml 6 | - prow-data-plane.yaml 7 | - prow-jobs.yaml 8 | - prow-agent-workflows.yaml 9 | - prow-plugins.yaml -------------------------------------------------------------------------------- /prow/agent-workflows/agents/.dockerignore: -------------------------------------------------------------------------------- 1 | .venv/ 2 | dist/ 3 | .mypy_cache/ 4 | __pycache__/ 5 | *.pyc 6 | *.pyo 7 | *.pyd 8 | .pytest_cache/ 9 | .coverage 10 | htmlcov/ 11 | .tox/ 12 | .nox/ 13 | .hypothesis/ 14 | .egg-info/ 15 | .eggs/ 16 | build/ -------------------------------------------------------------------------------- /scripts/creds-templates/prow-test-aws-creds-template.txt: -------------------------------------------------------------------------------- 1 | [prow-irsa] 2 | web_identity_token_file=$TEST_CONTAINER_WEB_IDENTITY_TOKEN_FILE 3 | role_arn=$AWS_ROLE_ARN 4 | 5 | [$TEST_AWS_PROFILE_NAME] 6 | role_arn=$assumed_role_arn 7 | source_profile=prow-irsa 8 | -------------------------------------------------------------------------------- /prow/jobs/test_config.yaml: -------------------------------------------------------------------------------- 1 | cluster: 2 | create: true 3 | k8s_version: 1.28.0 4 | 5 | aws: 6 | region: us-west-2 7 | token_file: /var/run/secrets/eks.amazonaws.com/serviceaccount/token 8 | 9 | debug: 10 | enabled: true 11 | dump_controller_logs: true -------------------------------------------------------------------------------- /soak/monitoring/grafana/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | generatorOptions: 5 | labels: 6 | grafana_dashboard: "1" 7 | 8 | configMapGenerator: 9 | - name: ack-soak-dashboards 10 | behavior: create 11 | files: 12 | - ack-dashboard-source.json -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [isort] 2 | multi_line_output=3 3 | include_trailing_comma=True 4 | force_grid_wrap=0 5 | use_parentheses=True 6 | line_length=88 7 | 8 | [flake8] 9 | ignore = E203, E266, E501, W503 10 | max-line-length = 88 11 | max-complexity = 18 12 | select = B,C,E,F,W,T4 13 | 14 | [tool:pytest] 15 | testpaths=test/ 16 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /flux/prow-charts/prow-jobs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: prow-jobs 5 | namespace: flux-system 6 | spec: 7 | interval: 5m 8 | sourceRef: 9 | kind: GitRepository 10 | name: test-infra 11 | path: ./prow/jobs 12 | prune: true 13 | validation: client -------------------------------------------------------------------------------- /flux/prow-charts/prow-plugins.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: prow-plugins 5 | namespace: flux-system 6 | spec: 7 | interval: 5m 8 | sourceRef: 9 | kind: GitRepository 10 | name: test-infra 11 | path: ./prow/plugins/deployments 12 | prune: true 13 | validation: client -------------------------------------------------------------------------------- /Pipfile: -------------------------------------------------------------------------------- 1 | [[source]] 2 | url = "https://pypi.org/simple" 3 | verify_ssl = true 4 | name = "pypi" 5 | 6 | [packages] 7 | black = "*" 8 | isort = "*" 9 | flake8 = "*" 10 | pytest = "*" 11 | pytest-cov = "*" 12 | 13 | [dev-packages] 14 | black = "*" 15 | isort = "*" 16 | 17 | [requires] 18 | python_version = "3.9" 19 | 20 | [pipenv] 21 | allow_prereleases = true 22 | -------------------------------------------------------------------------------- /prow/plugins/templates/agent-plugin/service.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: agent-plugin 5 | namespace: prow 6 | labels: 7 | app: agent-plugin 8 | spec: 9 | selector: 10 | app: agent-plugin 11 | ports: 12 | - name: http 13 | port: 8080 14 | protocol: TCP 15 | targetPort: 8080 16 | type: ClusterIP 17 | -------------------------------------------------------------------------------- /cd/core-validator/README.md: -------------------------------------------------------------------------------- 1 | This directory contains scripts to help validate the changes in ACK core 2 | libraries i.e. code-generator and runtime 3 | 4 | * `generate-test-controller.sh` script regenerates a service controller, performs 5 | unit tests, e2e tests and helm tests for the controller. This script runs as part 6 | of presubmit prowjob for `code-generator` repository. -------------------------------------------------------------------------------- /flux/prow-charts/prow-agent-workflows.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: prow-agent-workflows 5 | namespace: flux-system 6 | spec: 7 | interval: 5m 8 | sourceRef: 9 | kind: GitRepository 10 | name: test-infra 11 | path: ./prow/agent-workflows 12 | prune: true 13 | validation: client -------------------------------------------------------------------------------- /flux/prometheus-dashboards.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: prometheus-dashboards 5 | namespace: flux-system 6 | spec: 7 | interval: 5m 8 | sourceRef: 9 | kind: GitRepository 10 | name: test-infra 11 | path: ./prow/prometheus-dashboards 12 | prune: true 13 | targetNamespace: prometheus 14 | validation: client -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.deploy-docs: -------------------------------------------------------------------------------- 1 | ARG GO_VERSION=1.25.4 2 | 3 | FROM public.ecr.aws/docker/library/golang:${GO_VERSION}-alpine 4 | 5 | WORKDIR /scripts 6 | COPY deploy-docs.sh /scripts/deploy-docs.sh 7 | 8 | RUN apk add --no-cache \ 9 | bash \ 10 | git \ 11 | make \ 12 | npm \ 13 | && chmod +x /scripts/deploy-docs.sh 14 | 15 | ENTRYPOINT ["/scripts/deploy-docs.sh"] 16 | -------------------------------------------------------------------------------- /prow/agent-workflows/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - name: agent-workflow-config 9 | namespace: prow 10 | behavior: create 11 | # Alias the file to be compatible with each of the deployments 12 | files: 13 | - workflows.yaml=agent-workflows.yaml -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners#owners_aliases 2 | 3 | aliases: 4 | core-ack-team: 5 | - a-hilaly 6 | - jlbutler 7 | - michaelhtm 8 | - knottnt 9 | # emeritus-core-ack-team: 10 | # - rushmash91 11 | # - TiberiuGC 12 | # - jaypipes 13 | # - jljaco 14 | # - mhausenblas 15 | # - RedbackThomson 16 | # - vijtrip2 17 | # - ivelichkovich -------------------------------------------------------------------------------- /prow/README.md: -------------------------------------------------------------------------------- 1 | # Prow configuration 2 | 3 | ## `/config` 4 | 5 | Contains the Helm chart to configure Prow on the test infrastructure cluster. 6 | Any changes to the chart will automatically be applied by the Flux2 HelmRelease 7 | located in the `../flux` directory. 8 | 9 | ## `/jobs` 10 | 11 | Contains all of the Prow jobs configured to run as part of the CI and CD systems 12 | for any ACK service controller. -------------------------------------------------------------------------------- /cd/olm/gh_pr_body_template.txt: -------------------------------------------------------------------------------- 1 | ### $COMMIT_MSG 2 | 3 | This pull request is created by [\`ack-bot\`](https://github.com/ack-bot) after release of ACK [$CONTROLLER_NAME-$RELEASE_VERSION](https://gallery.ecr.aws/aws-controllers-k8s/$CONTROLLER_NAME) 4 | 5 | NOTE: \`CreateContainerConfigError\` is expected since \`ACK controllers\` have 6 | pre-installation steps to create resources in a cluster before the manager pod 7 | can come up. 8 | -------------------------------------------------------------------------------- /prow/plugins/agent-plugin/config/workflows.yaml: -------------------------------------------------------------------------------- 1 | workflows: 2 | ack_resource_workflow: 3 | description: "ACK resource addition workflow" 4 | image: "086987147623.dkr.ecr.us-west-2.amazonaws.com/workflow-agent:v1.0.8" 5 | command: ["python", "-m", "workflows", "resource-addition"] 6 | required_args: ["service", "resource"] 7 | optional_args: [] 8 | timeout: "30m" 9 | resources: 10 | cpu: "2" 11 | memory: "4Gi" -------------------------------------------------------------------------------- /prow/plugins/deployments/agent-plugin/service.yaml: -------------------------------------------------------------------------------- 1 | # Autogenerated. Do NOT update Manually 2 | # Last generated on 2025-11-28 02:25:20. 3 | # 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: agent-plugin 8 | namespace: prow 9 | labels: 10 | app: agent-plugin 11 | spec: 12 | selector: 13 | app: agent-plugin 14 | ports: 15 | - name: http 16 | port: 8080 17 | protocol: TCP 18 | targetPort: 8080 19 | type: ClusterIP 20 | -------------------------------------------------------------------------------- /flux/karpenter-config/node-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: karpenter.k8s.aws/v1alpha1 2 | kind: AWSNodeTemplate 3 | metadata: 4 | name: prowjob-node-provider 5 | spec: 6 | securityGroupSelector: 7 | ${tagKey}: ${tagValue} 8 | subnetSelector: 9 | ${tagKey}: ${tagValue} 10 | amiFamily: AL2 11 | blockDeviceMappings: 12 | - deviceName: /dev/xvda 13 | ebs: 14 | volumeType: gp3 15 | volumeSize: 200Gi 16 | deleteOnTermination: true -------------------------------------------------------------------------------- /prow/config/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /prow/prometheus-dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | labels: 7 | grafana_dashboard: "1" 8 | 9 | configMapGenerator: 10 | - name: grafana-prow-dashboards 11 | behavior: create 12 | # Taken from https://github.com/loodse/prow-dashboards 13 | files: 14 | - builds.json 15 | - jobs.json 16 | - organisations.json 17 | - repositories.json -------------------------------------------------------------------------------- /prow/data-plane/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /soak/helm/ack-soak-test/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.upgrade-go-version: -------------------------------------------------------------------------------- 1 | ARG GO_VERSION=1.22.5 2 | 3 | FROM public.ecr.aws/docker/library/golang:${GO_VERSION}-alpine AS builder 4 | 5 | RUN apk add --no-cache git 6 | 7 | ENV GOPROXY=direct 8 | COPY . . 9 | RUN go mod download 10 | 11 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ack-build-tools ./prow/jobs/tools/cmd 12 | 13 | # Start a new stage from scratch 14 | FROM alpine:latest 15 | 16 | COPY --from=builder /go/ack-build-tools /usr/local/bin/ 17 | -------------------------------------------------------------------------------- /cd/auto-update/gh_pr_body_template.txt: -------------------------------------------------------------------------------- 1 | ### $COMMIT_MSG 2 | 3 | ---------- 4 | 5 | * ACK controller-bootstrap \`$ACK_CONTROLLER_BOOTSTRAP_VERSION\` [release notes](https://github.com/aws-controllers-k8s/controller-bootstrap/releases/tag/$ACK_CONTROLLER_BOOTSTRAP_VERSION) 6 | 7 | ---------- 8 | 9 | #### stdout for \`make run\`: 10 | 11 | \`\`\` 12 | $MAKE_RUN_OUTPUT 13 | \`\`\` 14 | 15 | By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. 16 | -------------------------------------------------------------------------------- /flux/karpenter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: karpenter-provisioner 5 | namespace: flux-system 6 | spec: 7 | interval: 5m 8 | sourceRef: 9 | kind: GitRepository 10 | name: test-infra 11 | path: ./flux/karpenter-config 12 | prune: true 13 | targetNamespace: karpenter 14 | validation: client 15 | postBuild: 16 | substituteFrom: 17 | - kind: ConfigMap 18 | name: karpenter-tags # Installed as part of the CDK -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.docs: -------------------------------------------------------------------------------- 1 | FROM alpine:3.17.2 2 | 3 | WORKDIR /docs 4 | COPY build-docs.sh /docs/build-docs.sh 5 | 6 | RUN apk add -y --no-cache \ 7 | bash \ 8 | gcc \ 9 | libc-dev \ 10 | libc6-compat \ 11 | git \ 12 | openssl-dev \ 13 | libffi-dev \ 14 | make && chmod +x /docs/build-docs.sh 15 | 16 | RUN apk add -y --no-cache python3 python3-dev py3-pip && ln -sf python3 /usr/bin/python 17 | RUN apk add -y --no-cache --update npm 18 | 19 | ENTRYPOINT ["./build-docs.sh"] -------------------------------------------------------------------------------- /soak/helm/ack-soak-test/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for ack-soak-test. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | awsService: "" # provide during helm install command 6 | testJobParallelism: 1 7 | testJobCompletions: 1 8 | awsRegion: "us-west-2" 9 | soak: 10 | imageRepo: "" # provide during helm install command 11 | imageTag: "" # provide during helm install command 12 | startTimeEpochSeconds: "" # provide during helm install command 13 | durationMinutes: 1440 14 | -------------------------------------------------------------------------------- /prow/data-plane/values.yaml: -------------------------------------------------------------------------------- 1 | region: 'us-west-2' 2 | 3 | crier: 4 | serviceAccount: 5 | name: '' 6 | 7 | deck: 8 | serviceAccount: 9 | name: '' 10 | 11 | hook: 12 | serviceAccount: 13 | name: '' 14 | 15 | horologium: 16 | serviceAccount: 17 | name: '' 18 | 19 | prowControllerManager: 20 | serviceAccount: 21 | name: '' 22 | 23 | sinker: 24 | serviceAccount: 25 | name: '' 26 | 27 | statusreconciler: 28 | serviceAccount: 29 | name: '' 30 | 31 | tide: 32 | serviceAccount: 33 | name: '' 34 | 35 | s3Credentials: 36 | secret: 37 | create: true -------------------------------------------------------------------------------- /src/acktest/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. -------------------------------------------------------------------------------- /src/acktest/aws/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. -------------------------------------------------------------------------------- /src/acktest/k8s/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. -------------------------------------------------------------------------------- /scripts/kind-configurations/kind-two-node-prometheus-cluster.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | nodes: 4 | - role: control-plane 5 | kubeadmConfigPatches: 6 | - | 7 | apiVersion: kubeadm.k8s.io/v1beta2 8 | kind: ClusterConfiguration 9 | metadata: 10 | name: config 11 | - role: worker 12 | extraPortMappings: # Host machine to Prometheus service reachability 13 | - containerPort: 30900 14 | hostPort: 9090 15 | listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" 16 | protocol: tcp # Optional, defaults to tcp 17 | -------------------------------------------------------------------------------- /cd/auto-generate/gh_pr_body_template.txt: -------------------------------------------------------------------------------- 1 | ### $COMMIT_MSG 2 | 3 | ---------- 4 | 5 | * ACK code-generator \`$ACK_CODE_GEN_VERSION\` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/$ACK_CODE_GEN_VERSION) 6 | * ACK runtime \`$ACK_RUNTIME_VERSION\` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/$ACK_RUNTIME_VERSION) 7 | 8 | ---------- 9 | 10 | #### stdout for \`make build-controller\`: 11 | 12 | \`\`\` 13 | $MAKE_BUILD_OUTPUT 14 | \`\`\` 15 | 16 | By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. 17 | -------------------------------------------------------------------------------- /prow/plugins/agent-plugin/examples/plugin-config.yaml: -------------------------------------------------------------------------------- 1 | # IMPORTANT: This plugin must be registered as an external plugin 2 | # GitHub webhooks should point to Prow Hook 3 | 4 | external_plugins: 5 | ack-prow-staging/community: 6 | - name: workflow-agent 7 | endpoint: https://workflow-agent.ack-prow-staging.io/tamer 8 | events: 9 | - issue_comment 10 | - issues 11 | 12 | # SETUP INSTRUCTIONS: 13 | # 1. Add this configuration to your Prow plugins.yaml 14 | # 2. Configure GitHub webhook to point to Prow Hook service (NOT this plugin directly) 15 | # 3. Prow Hook will forward /agent commands to this plugin endpoint -------------------------------------------------------------------------------- /prow/agent-workflows/agents/ack_tag_agent/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. -------------------------------------------------------------------------------- /prow/agent-workflows/agents/config/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/utils/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/ack_model_agent/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. -------------------------------------------------------------------------------- /prow/agent-workflows/agents/workflows/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/ack_builder_agent/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/ack_generator_agent/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/Makefile: -------------------------------------------------------------------------------- 1 | # Run the agent CLI 2 | run-builder: 3 | uv run --refresh python -m ack_builder_agent 4 | 5 | run-generator: 6 | uv run --refresh python -m ack_generator_agent 7 | 8 | run-model: 9 | uv run --refresh python -m ack_model_agent 10 | 11 | run-tag: 12 | uv run --refresh python -m ack_tag_agent 13 | 14 | # List available workflows 15 | list-workflows: 16 | uv run --refresh python -m workflows list 17 | 18 | # Add a resource using workflow 19 | # make workflow-add-resource SERVICE=s3 RESOURCE=AccessPoint 20 | workflow-add-resource: 21 | uv run --refresh python -m workflows resource-addition --service $(SERVICE) --resource $(RESOURCE) 22 | -------------------------------------------------------------------------------- /prow/jobs/templates/presubmits/controller_bootstrap_test.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/controller-bootstrap: 2 | - name: unit-test 3 | decorate: true 4 | optional: false 5 | always_run: true 6 | annotations: 7 | karpenter.sh/do-not-evict: "true" 8 | spec: 9 | serviceAccountName: pre-submit-service-account 10 | containers: 11 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "unit-test") }} 12 | resources: 13 | limits: 14 | cpu: 1 15 | memory: "1024Mi" 16 | requests: 17 | cpu: 1 18 | memory: "1024Mi" 19 | command: ["make", "test"] -------------------------------------------------------------------------------- /soak/cluster-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: eksctl.io/v1alpha5 2 | kind: ClusterConfig 3 | 4 | metadata: 5 | name: ack-soak-test 6 | region: us-west-2 7 | 8 | managedNodeGroups: 9 | - name: managed-ng-1 10 | instanceType: m5.xlarge 11 | desiredCapacity: 2 12 | volumeSize: 80 13 | 14 | iam: 15 | withOIDC: true 16 | serviceAccounts: 17 | - metadata: 18 | name: ack-soak-controller 19 | namespace: ack-system 20 | attachPolicyARNs: 21 | - "arn:aws:iam::aws:policy/PowerUserAccess" 22 | - "arn:aws:iam::aws:policy/IAMFullAccess" 23 | - metadata: 24 | name: ack-core-account 25 | namespace: ack-system 26 | attachPolicyARNs: 27 | - "arn:aws:iam::aws:policy/AdministratorAccess" -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.verify-attribution: -------------------------------------------------------------------------------- 1 | # Building github.com/awslabs/attribution-gen binary and image 2 | 3 | ARG GO_VERSION=1.22.5 4 | 5 | FROM public.ecr.aws/docker/library/golang:${GO_VERSION}-alpine AS builder 6 | 7 | RUN apk add --no-cache git 8 | 9 | WORKDIR /app 10 | 11 | RUN git clone https://github.com/awslabs/attribution-gen . 12 | 13 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o attribution-gen ./main.go 14 | 15 | # Start a new stage from scratch 16 | FROM debian:bookworm-slim 17 | 18 | RUN apt-get update && apt-get install -y ca-certificates 19 | 20 | COPY --from=builder /app/attribution-gen /usr/local/bin/ 21 | 22 | RUN chmod +x /usr/local/bin/attribution-gen 23 | 24 | CMD ["attribution-gen"] -------------------------------------------------------------------------------- /flux/prow.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 3 | kind: Kustomization 4 | metadata: 5 | name: prow-crds 6 | namespace: flux-system 7 | spec: 8 | interval: 1h 9 | sourceRef: 10 | kind: GitRepository 11 | name: test-infra 12 | path: ./flux/prow-crds 13 | prune: true 14 | validation: client 15 | --- 16 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 17 | kind: Kustomization 18 | metadata: 19 | name: prow-charts 20 | namespace: flux-system 21 | spec: 22 | interval: 5m 23 | sourceRef: 24 | kind: GitRepository 25 | name: test-infra 26 | path: ./flux/prow-charts 27 | prune: true 28 | targetNamespace: flux-system 29 | validation: client 30 | dependsOn: 31 | - name: prow-crds -------------------------------------------------------------------------------- /soak/default_soak_config.yaml: -------------------------------------------------------------------------------- 1 | # Amount of time in minutes to execute long running soak test. Default 1 day = 1440 minutes 2 | durationMinutes: 1440 3 | # Map of pytest marker name to pytest command options 4 | # Soak test running container will execute pytest command for each of these markers sequentially from the e2e directory. 5 | # One example would be to run 'service' marker pytests followed by 'e2e_dangling_resource_cleanup'(example name) marker 6 | # to eliminate piling of dangling resources from e2e test runs, since soak test runner will be executing e2e tests 7 | # continuously for 24 hours. 8 | pytestMarkers: 9 | # For default soak config, only run e2e tests continuously 10 | service: 11 | logLevel: info 12 | numThreads: auto 13 | dist: no 14 | -------------------------------------------------------------------------------- /src/acktest/bootstrapping/kms.py: -------------------------------------------------------------------------------- 1 | import boto3 2 | 3 | from dataclasses import dataclass, field 4 | 5 | from . import Bootstrappable 6 | 7 | 8 | @dataclass 9 | class Key(Bootstrappable): 10 | # Outputs 11 | id: str = field(init=False) 12 | 13 | @property 14 | def kms_client(self): 15 | return boto3.client("kms", region_name=self.region) 16 | 17 | def bootstrap(self): 18 | """Creates a key.""" 19 | key = self.kms_client.create_key() 20 | self.id = key["KeyMetadata"]["KeyId"] 21 | 22 | def cleanup(self): 23 | """Disables a key and schedules it for deletion.""" 24 | self.kms_client.disable_key(KeyId=self.id) 25 | self.kms_client.schedule_key_deletion(KeyId=self.id, PendingWindowInDays=7) 26 | -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.scan-controllers-cve: -------------------------------------------------------------------------------- 1 | ARG GO_VERSION=1.22.5 2 | 3 | FROM public.ecr.aws/docker/library/golang:${GO_VERSION}-alpine AS builder 4 | 5 | RUN apk add --no-cache git 6 | 7 | ENV GOPROXY=direct 8 | COPY . . 9 | RUN go mod download 10 | 11 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ack-build-tools ./prow/jobs/tools/cmd 12 | 13 | # Start a new stage from scratch 14 | FROM alpine:latest 15 | 16 | RUN apk add --no-cache wget tar 17 | 18 | ARG TRIVY_VERSION=0.54.1 19 | 20 | RUN wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -xz && \ 21 | chmod +x trivy && \ 22 | mv trivy /usr/local/bin/ 23 | 24 | COPY --from=builder /go/ack-build-tools /usr/local/bin/ 25 | -------------------------------------------------------------------------------- /cd/auto-update/gh_issue_update_controller_template.txt: -------------------------------------------------------------------------------- 1 | ### $ISSUE_TITLE 2 | 3 | #### stdout for \`make run\`: 4 | \`\`\` 5 | $MAKE_RUN_OUTPUT 6 | \`\`\` 7 | 8 | #### stderr for \`make run\`: 9 | \`\`\` 10 | $MAKE_RUN_ERROR_OUTPUT 11 | \`\`\` 12 | 13 | 14 | #### Steps for closing this issue: 15 | 1. Execute \`export SERVICE=$SERVICE_NAME && make\` from controller-bootstrap 16 | 2. When the project description files are successfully updated, create a new pull request for $CONTROLLER_NAME 17 | 3. Mention this issue number in the pull request 18 | 4. When the above PR is merged, close this issue 19 | 20 | For more guidance, [create an issue](https://github.com/aws-controllers-k8s/community/issues) 21 | or [reach out on Slack](https://github.com/aws-controllers-k8s/community#help--feedback). 22 | -------------------------------------------------------------------------------- /prow/jobs/tools/cmd/main.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | package main 15 | 16 | import ( 17 | "github.com/aws-controllers-k8s/test-infra/prow/jobs/tools/cmd/command" 18 | ) 19 | 20 | func main() { 21 | command.Execute() 22 | } 23 | -------------------------------------------------------------------------------- /prow/jobs/templates/postsubmits/test-infra.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/test-infra: 2 | - name: build-prow-images 3 | decorate: true 4 | run_if_changed: ^(prow\/.*\/images_config.yaml) 5 | annotations: 6 | karpenter.sh/do-not-evict: "true" 7 | labels: 8 | preset-github-secrets: "true" 9 | spec: 10 | serviceAccountName: post-submit-service-account 11 | containers: 12 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "build-prow-images") }} 13 | resources: 14 | limits: 15 | cpu: 2 16 | memory: "4096Mi" 17 | requests: 18 | cpu: 2 19 | memory: "4096Mi" 20 | command: ["./prow/jobs/tools/cmd/build-prow-images.sh"] 21 | branches: 22 | - main 23 | -------------------------------------------------------------------------------- /prow/jobs/images_config.yaml: -------------------------------------------------------------------------------- 1 | image_repo: public.ecr.aws/m5q3e4b2/prow 2 | images: 3 | auto-generate-controllers: prow-auto-generate-controllers-0.0.34 4 | auto-update-controllers: prow-auto-update-controllers-0.0.25 5 | build-prow-images: prow-build-prow-images-0.0.60 6 | controller-release-tag: prow-controller-release-tag-0.0.25 7 | deploy: prow-deploy-0.0.36 8 | deploy-docs: prow-deploy-docs-0.0.5 9 | docs: prow-docs-0.0.30 10 | integration-test: prow-integration-0.0.46 11 | olm-bundle-pr: prow-olm-bundle-pr-0.0.26 12 | olm-test: prow-olm-test-0.0.25 13 | scan-controllers-cve: prow-scan-controllers-cve-0.0.19 14 | soak-test: prow-soak-0.0.24 15 | unit-test: prow-unit-0.0.27 16 | upgrade-go-version: prow-upgrade-go-version-0.0.25 17 | verify-attribution: prow-verify-attribution-0.0.24 18 | -------------------------------------------------------------------------------- /prow/agent-workflows/templates/add-resource.tpl: -------------------------------------------------------------------------------- 1 | add-resource: 2 | description: "ACK resource addition workflow" 3 | image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "add-resource") }} 4 | command: ["./prow-job.sh"] 5 | required_args: ["service", "resource"] 6 | optional_args: [] 7 | environment: 8 | GITHUB_ORG: aws-controllers-k8s 9 | GITHUB_EMAIL_PREFIX: "82905295" 10 | GITHUB_ACTOR: ack-bot 11 | environmentFromSecrets: 12 | GITHUB_TOKEN: 13 | name: prowjob-github-pat-token 14 | key: token 15 | MODEL_AGENT_KB_ID: 16 | name: api-model-kb 17 | key: id 18 | timeout: "45m" 19 | resources: 20 | cpu: "2" 21 | memory: "4Gi" -------------------------------------------------------------------------------- /prow/jobs/templates/postsubmits/ack-chart_release.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/ack-chart: 2 | - name: ack-chart-release 3 | decorate: true 4 | annotations: 5 | karpenter.sh/do-not-evict: "true" 6 | extra_refs: 7 | - org: aws-controllers-k8s 8 | repo: test-infra 9 | base_ref: main 10 | workdir: true 11 | spec: 12 | serviceAccountName: post-submit-service-account 13 | containers: 14 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "deploy") }} 15 | resources: 16 | limits: 17 | cpu: 2 18 | memory: "2048Mi" 19 | requests: 20 | cpu: 2 21 | memory: "2048Mi" 22 | command: ["/bin/bash", "-c", "cd cd/ack-chart && ./upload-chart.sh"] 23 | branches: 24 | - ^[0-9]+\.[0-9]+\.[0-9]+$ -------------------------------------------------------------------------------- /tools/ackdiscover/maintenance_phases.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | NONE = "NONE" 15 | PREVIEW = "PREVIEW" 16 | GENERAL_AVAILABILITY = "GENERAL AVAILABILITY" 17 | DEPRECATED = "DEPRECATED" 18 | ALL = set([ 19 | NONE, 20 | PREVIEW, 21 | GENERAL_AVAILABILITY, 22 | DEPRECATED, 23 | ]) 24 | -------------------------------------------------------------------------------- /prow/plugins/templates/agent-plugin/rbac.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: agent-plugin 5 | namespace: prow 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRole 9 | metadata: 10 | name: agent-plugin 11 | rules: 12 | - apiGroups: ["prow.k8s.io"] 13 | resources: ["prowjobs"] 14 | verbs: ["create", "get", "list", "watch", "update", "patch"] 15 | - apiGroups: [""] 16 | resources: ["pods"] 17 | verbs: ["get", "list", "watch"] 18 | - apiGroups: [""] 19 | resources: ["pods/log"] 20 | verbs: ["get"] 21 | --- 22 | apiVersion: rbac.authorization.k8s.io/v1 23 | kind: ClusterRoleBinding 24 | metadata: 25 | name: agent-plugin 26 | roleRef: 27 | apiGroup: rbac.authorization.k8s.io 28 | kind: ClusterRole 29 | name: agent-plugin 30 | subjects: 31 | - kind: ServiceAccount 32 | name: agent-plugin 33 | namespace: prow -------------------------------------------------------------------------------- /tools/ackdiscover/project_stages.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | NONE = "NONE" 15 | PROPOSED = "PROPOSED" 16 | PLANNED = "PLANNED" 17 | IN_PROGRESS = "IN PROGRESS" 18 | RELEASED = "RELEASED" 19 | ALL = set([ 20 | NONE, 21 | PROPOSED, 22 | PLANNED, 23 | IN_PROGRESS, 24 | RELEASED, 25 | ]) 26 | -------------------------------------------------------------------------------- /prow/jobs/templates/postsubmits/docs_website.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/docs: 2 | - name: deploy-docs 3 | decorate: true 4 | annotations: 5 | karpenter.sh/do-not-evict: "true" 6 | labels: 7 | preset-github-secrets: "true" 8 | extra_refs: 9 | {{range $_, $service := .Config.AWSServices}}- org: aws-controllers-k8s 10 | repo: {{ $service }}-controller 11 | base_ref: main 12 | {{end}}spec: 13 | serviceAccountName: post-submit-service-account 14 | containers: 15 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "deploy-docs") }} 16 | resources: 17 | limits: 18 | cpu: 2 19 | memory: "4096Mi" 20 | requests: 21 | cpu: 2 22 | memory: "4096Mi" 23 | command: ["/scripts/deploy-docs.sh"] 24 | branches: 25 | - main 26 | -------------------------------------------------------------------------------- /cd/olm/gh_issue_missing_olmconfig_template.txt: -------------------------------------------------------------------------------- 1 | ### $ISSUE_TITLE 2 | 3 | #### Steps for closing this issue: 4 | 1. Checkout [\`$CONTROLLER_NAME\`](https://github.com/aws-controllers-k8s/$CONTROLLER_NAME) repository 5 | 2. Add \`olm/olmconfig.yaml\` file in [\`$CONTROLLER_NAME\`](https://github.com/aws-controllers-k8s/$CONTROLLER_NAME) repository. 6 | You can look at [\`s3-controller\`](https://github.com/aws-controllers-k8s/s3-controller/blob/main/olm/olmconfig.yaml) for reference. 7 | 3. Create a new pull request with these changes for [\`$CONTROLLER_NAME\`](https://github.com/aws-controllers-k8s/$CONTROLLER_NAME) 8 | 4. Mention this issue number in the pull request 9 | 5. When the PR is merged, close this issue 10 | 11 | For more guidance, [create an issue](https://github.com/aws-controllers-k8s/community/issues) 12 | or [reach out on Slack](https://github.com/aws-controllers-k8s/community#help--feedback). 13 | -------------------------------------------------------------------------------- /prow/config/templates/crier-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.crier.serviceAccount.create }} 16 | kind: ServiceAccount 17 | apiVersion: v1 18 | metadata: 19 | name: {{ .Values.crier.serviceAccount.name | default "crier" | quote }} 20 | {{ end }} -------------------------------------------------------------------------------- /prow/config/templates/deck-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.deck.serviceAccount.create }} 16 | kind: ServiceAccount 17 | apiVersion: v1 18 | metadata: 19 | name: {{ .Values.deck.serviceAccount.name | default "deck" | quote }} 20 | {{ end }} -------------------------------------------------------------------------------- /prow/config/templates/hook-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.hook.serviceAccount.create }} 16 | kind: ServiceAccount 17 | apiVersion: v1 18 | metadata: 19 | name: {{ .Values.hook.serviceAccount.name | default "hook" | quote }} 20 | {{ end }} -------------------------------------------------------------------------------- /prow/config/templates/tide-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.tide.serviceAccount.create }} 16 | kind: ServiceAccount 17 | apiVersion: v1 18 | metadata: 19 | name: {{ .Values.tide.serviceAccount.name | default "tide" | quote }} 20 | {{ end }} -------------------------------------------------------------------------------- /prow/config/templates/hook-Service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: hook 19 | spec: 20 | selector: 21 | app: hook 22 | ports: 23 | - name: main 24 | port: 8888 25 | type: {{ .Values.hook.service.type }} -------------------------------------------------------------------------------- /prow/config/templates/sinker-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.sinker.serviceAccount.create }} 16 | kind: ServiceAccount 17 | apiVersion: v1 18 | metadata: 19 | name: {{ .Values.sinker.serviceAccount.name | default "sinker" | quote }} 20 | {{ end }} -------------------------------------------------------------------------------- /cd/auto-generate/gh_issue_release_tag_template.txt: -------------------------------------------------------------------------------- 1 | ### $ISSUE_TITLE 2 | 3 | Failed to push git tag \`$HELM_IMAGE_TAG\` to [\`$CONTROLLER_NAME\`](https://github.com/$GITHUB_ORG/$CONTROLLER_NAME). 4 | 5 | #### Details: 6 | - **Controller**: $CONTROLLER_NAME 7 | - **Git Tag**: $HELM_IMAGE_TAG 8 | - **Previous Git Tag**: $LATEST_GIT_TAG 9 | 10 | #### Steps for closing this issue: 11 | 1. Verify the git tag \`$HELM_IMAGE_TAG\` doesn't already exist in the remote repository 12 | 2. Check repository permissions for the automation account 13 | 3. Manually push the git tag if needed: \`git push origin $HELM_IMAGE_TAG\` 14 | 4. Verify the GitHub release workflow is triggered 15 | 5. Close this issue once the release is published 16 | 17 | For more guidance, [create an issue](https://github.com/aws-controllers-k8s/community/issues) 18 | or [reach out on Slack](https://github.com/aws-controllers-k8s/community#help--feedback). 19 | -------------------------------------------------------------------------------- /prow/data-plane/templates/deck-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "deck" 19 | rules: 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - pods/log 24 | verbs: 25 | - get -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/docs_website.tpl: -------------------------------------------------------------------------------- 1 | - name: periodic-deploy-docs 2 | decorate: true 3 | interval: 12h 4 | annotations: 5 | karpenter.sh/do-not-evict: "true" 6 | labels: 7 | preset-github-secrets: "true" 8 | extra_refs: 9 | - org: aws-controllers-k8s 10 | repo: docs 11 | base_ref: main 12 | workdir: true 13 | {{range $_, $service := .Config.AWSServices}}- org: aws-controllers-k8s 14 | repo: {{ $service }}-controller 15 | base_ref: main 16 | {{end}}spec: 17 | serviceAccountName: post-submit-service-account 18 | containers: 19 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "deploy-docs") }} 20 | resources: 21 | limits: 22 | cpu: 2 23 | memory: "4096Mi" 24 | requests: 25 | cpu: 2 26 | memory: "4096Mi" 27 | command: ["/scripts/deploy-docs.sh"] 28 | -------------------------------------------------------------------------------- /prow/agent-workflows/agent-workflows.yaml: -------------------------------------------------------------------------------- 1 | # Autogenerated. Do NOT update Manually 2 | # Last generated on 2025-11-28 02:25:20. 3 | # 4 | workflows: 5 | add-resource: 6 | description: "ACK resource addition workflow" 7 | image: public.ecr.aws/m5q3e4b2/prow:add-resource-0.0.1 8 | command: ["./prow-job.sh"] 9 | required_args: ["service", "resource"] 10 | optional_args: [] 11 | environment: 12 | GITHUB_ORG: aws-controllers-k8s 13 | GITHUB_EMAIL_PREFIX: "82905295" 14 | GITHUB_ACTOR: ack-bot 15 | environmentFromSecrets: 16 | GITHUB_TOKEN: 17 | name: prowjob-github-pat-token 18 | key: token 19 | MODEL_AGENT_KB_ID: 20 | name: api-model-kb 21 | key: id 22 | timeout: "45m" 23 | resources: 24 | cpu: "2" 25 | memory: "4Gi" 26 | -------------------------------------------------------------------------------- /prow/config/templates/hmac-token-Secret.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.githubWebhookToken.secret.create }} 16 | apiVersion: v1 17 | kind: Secret 18 | metadata: 19 | name: hmac-token 20 | data: 21 | hmac: {{ .Values.githubWebhookToken.hmac | b64enc | quote }} 22 | {{ end }} -------------------------------------------------------------------------------- /prow/config/templates/horologium-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.horologium.serviceAccount.create }} 16 | kind: ServiceAccount 17 | apiVersion: v1 18 | metadata: 19 | name: {{ .Values.horologium.serviceAccount.name | default "horologium" | quote }} 20 | {{ end }} -------------------------------------------------------------------------------- /prow/config/templates/statusreconciler-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "statusreconciler" 19 | rules: 20 | - apiGroups: 21 | - "prow.k8s.io" 22 | resources: 23 | - prowjobs 24 | verbs: 25 | - create -------------------------------------------------------------------------------- /prow/config/templates/statusreconciler-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.statusreconciler.serviceAccount.create }} 16 | kind: ServiceAccount 17 | apiVersion: v1 18 | metadata: 19 | name: {{ .Values.statusreconciler.serviceAccount.name | default "statusreconciler" | quote }} 20 | {{ end }} -------------------------------------------------------------------------------- /prow/data-plane/templates/hook-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "hook" 19 | rules: 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - configmaps 24 | verbs: 25 | - create 26 | - get 27 | - update -------------------------------------------------------------------------------- /src/acktest/aws/identity.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | """Supports a number of common AWS STS and IAM tasks. 14 | """ 15 | 16 | import boto3 17 | 18 | 19 | def get_account_id() -> int: 20 | return boto3.client('sts').get_caller_identity().get('Account') 21 | 22 | 23 | def get_region(default: str = "us-west-2") -> str: 24 | return boto3.session.Session().region_name or default 25 | -------------------------------------------------------------------------------- /prow/config/templates/deck-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "deck" 19 | rules: 20 | - apiGroups: 21 | - "prow.k8s.io" 22 | resources: 23 | - prowjobs 24 | verbs: 25 | - get 26 | - list 27 | - watch -------------------------------------------------------------------------------- /prow/config/templates/hook-metrics-Service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if .Values.hook.scrapeMetrics }} 16 | apiVersion: v1 17 | kind: Service 18 | metadata: 19 | name: hook-metrics 20 | spec: 21 | selector: 22 | app: hook 23 | ports: 24 | - name: metrics 25 | port: 9090 26 | type: ClusterIP 27 | {{- end }} -------------------------------------------------------------------------------- /prow/config/templates/crier-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: crier 19 | rules: 20 | - apiGroups: 21 | - "prow.k8s.io" 22 | resources: 23 | - "prowjobs" 24 | verbs: 25 | - "get" 26 | - "watch" 27 | - "list" 28 | - "patch" -------------------------------------------------------------------------------- /prow/config/templates/horologium-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "horologium" 19 | rules: 20 | - apiGroups: 21 | - "prow.k8s.io" 22 | resources: 23 | - prowjobs 24 | verbs: 25 | - create 26 | - list 27 | - watch -------------------------------------------------------------------------------- /prow/config/templates/prow-controller-manager-ServiceAccount.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.prowControllerManager.serviceAccount.create }} 16 | kind: ServiceAccount 17 | apiVersion: v1 18 | metadata: 19 | name: {{ .Values.prowControllerManager.serviceAccount.name | default "prow-controller-manager" | quote }} 20 | {{ end }} -------------------------------------------------------------------------------- /prow/plugins/deployments/agent-plugin/rbac.yaml: -------------------------------------------------------------------------------- 1 | # Autogenerated. Do NOT update Manually 2 | # Last generated on 2025-11-28 02:25:20. 3 | # 4 | apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: agent-plugin 8 | namespace: prow 9 | --- 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: ClusterRole 12 | metadata: 13 | name: agent-plugin 14 | rules: 15 | - apiGroups: ["prow.k8s.io"] 16 | resources: ["prowjobs"] 17 | verbs: ["create", "get", "list", "watch", "update", "patch"] 18 | - apiGroups: [""] 19 | resources: ["pods"] 20 | verbs: ["get", "list", "watch"] 21 | - apiGroups: [""] 22 | resources: ["pods/log"] 23 | verbs: ["get"] 24 | --- 25 | apiVersion: rbac.authorization.k8s.io/v1 26 | kind: ClusterRoleBinding 27 | metadata: 28 | name: agent-plugin 29 | roleRef: 30 | apiGroup: rbac.authorization.k8s.io 31 | kind: ClusterRole 32 | name: agent-plugin 33 | subjects: 34 | - kind: ServiceAccount 35 | name: agent-plugin 36 | namespace: prow -------------------------------------------------------------------------------- /prow/config/templates/tide-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "tide" 19 | rules: 20 | - apiGroups: 21 | - "prow.k8s.io" 22 | resources: 23 | - prowjobs 24 | verbs: 25 | - create 26 | - list 27 | - get 28 | - watch -------------------------------------------------------------------------------- /prow/config/templates/ghProxy-PersistentVolumeClaim.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: PersistentVolumeClaim 16 | apiVersion: v1 17 | metadata: 18 | labels: 19 | app: ghproxy 20 | name: ghproxy 21 | spec: 22 | accessModes: 23 | - ReadWriteOnce 24 | resources: 25 | requests: 26 | storage: {{ .Values.ghproxy.volumeSize }}Gi -------------------------------------------------------------------------------- /prow/data-plane/templates/sinker-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "sinker" 19 | rules: 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - pods 24 | verbs: 25 | - delete 26 | - list 27 | - watch 28 | - get 29 | - patch -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/docs_release.tpl: -------------------------------------------------------------------------------- 1 | - name: docs-release 2 | decorate: true 3 | interval: 24h 4 | annotations: 5 | karpenter.sh/do-not-evict: "true" 6 | labels: 7 | preset-github-secrets: "true" 8 | extra_refs: 9 | - org: aws-controllers-k8s 10 | repo: community 11 | base_ref: main 12 | workdir: true 13 | - org: aws-controllers-k8s 14 | repo: runtime 15 | base_ref: main 16 | {{range $_, $otherService := .Config.AWSServices}}- org: aws-controllers-k8s 17 | repo: {{$otherService}}-controller 18 | base_ref: main 19 | {{end}}spec: 20 | serviceAccountName: post-submit-service-account 21 | containers: 22 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "docs") }} 23 | resources: 24 | limits: 25 | cpu: 1 26 | memory: "2048Mi" 27 | requests: 28 | cpu: 1 29 | memory: "2048Mi" 30 | command: ["/docs/build-docs.sh"] -------------------------------------------------------------------------------- /prow/config/templates/tide-Service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: tide 19 | spec: 20 | selector: 21 | app: tide 22 | ports: 23 | - name: main 24 | port: 80 25 | targetPort: 8888 26 | {{- if .Values.tide.scrapeMetrics }} 27 | - name: metrics 28 | port: 9090 29 | {{- end }} -------------------------------------------------------------------------------- /prow/jobs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - name: job-config 9 | namespace: prow 10 | behavior: create 11 | # Using gzipped binary data to stay under 1MB ConfigMap limit 12 | # Kustomize auto-detects binary files (non-UTF8) and uses binaryData field 13 | # https://github.com/kubernetes-sigs/kustomize/issues/408 14 | # Prow uses ReadFileMaybeGZIP() to auto-decompress gzipped files 15 | # https://github.com/kubernetes-sigs/prow/blob/main/pkg/config/config.go#L1958 16 | files: 17 | - config.yaml=jobs.yaml.gz 18 | - name: test-config 19 | namespace: test-pods 20 | behavior: create 21 | files: 22 | - test_config.yaml 23 | - name: label-config 24 | namespace: test-pods 25 | behavior: create 26 | files: 27 | - labels.yaml 28 | - name: jobs-config 29 | namespace: test-pods 30 | behavior: create 31 | files: 32 | - jobs_config.yaml -------------------------------------------------------------------------------- /cd/auto-generate/gh_pr_body_new_release_template.txt: -------------------------------------------------------------------------------- 1 | ### $COMMIT_MSG 2 | 3 | ---------- 4 | 5 | * ACK code-generator \`$ACK_CODE_GEN_VERSION\` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/$ACK_CODE_GEN_VERSION) 6 | * ACK runtime \`$ACK_RUNTIME_VERSION\` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/$ACK_RUNTIME_VERSION) 7 | 8 | ---------- 9 | 10 | NOTE: 11 | This PR increments the release version of service controller from \`$LATEST_TAG\` to \`$RELEASE_VERSION\` 12 | 13 | Once this PR is merged, release \`$RELEASE_VERSION\` will be automatically created for \`$CONTROLLER_NAME\` 14 | 15 | **Please close this PR, if you do not want the new patch release for \`$CONTROLLER_NAME\`** 16 | 17 | ---------- 18 | 19 | #### stdout for \`make build-controller\`: 20 | 21 | \`\`\` 22 | $MAKE_BUILD_OUTPUT 23 | \`\`\` 24 | 25 | ---------- 26 | 27 | By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. 28 | -------------------------------------------------------------------------------- /prow/config/templates/ghProxy-Service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | labels: 19 | app: ghproxy 20 | name: ghproxy 21 | spec: 22 | ports: 23 | - name: main 24 | port: 80 25 | protocol: TCP 26 | targetPort: 8888 27 | - name: metrics 28 | port: 9090 29 | selector: 30 | app: ghproxy 31 | type: ClusterIP -------------------------------------------------------------------------------- /prow/config/templates/prow-controller-manager-Service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{- if .Values.prowControllerManager.scrapeMetrics }} 16 | apiVersion: v1 17 | kind: Service 18 | metadata: 19 | name: prow-controller-manager 20 | spec: 21 | selector: 22 | app: prow-controller-manager 23 | ports: 24 | - name: metrics 25 | port: 9090 26 | type: ClusterIP 27 | {{- end }} -------------------------------------------------------------------------------- /prow/data-plane/templates/prow-controller-manager-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: prow-controller-manager 19 | rules: 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - pods 24 | verbs: 25 | - delete 26 | - list 27 | - watch 28 | - create 29 | - patch -------------------------------------------------------------------------------- /prow/jobs/templates/postsubmits/community_docs.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/community: 2 | - name: community-docs-release 3 | decorate: true 4 | annotations: 5 | karpenter.sh/do-not-evict: "true" 6 | labels: 7 | preset-github-secrets: "true" 8 | extra_refs: 9 | - org: aws-controllers-k8s 10 | repo: runtime 11 | base_ref: main 12 | {{range $_, $service := .Config.AWSServices}}- org: aws-controllers-k8s 13 | repo: {{ $service }}-controller 14 | base_ref: main 15 | {{end}}spec: 16 | serviceAccountName: post-submit-service-account 17 | containers: 18 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "docs") }} 19 | resources: 20 | limits: 21 | cpu: 1 22 | memory: "2048Mi" 23 | requests: 24 | cpu: 1 25 | memory: "2048Mi" 26 | command: ["/docs/build-docs.sh"] 27 | run_if_changed: "docs/.*" 28 | branches: 29 | - main -------------------------------------------------------------------------------- /prow/config/templates/deck-Service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: deck 19 | spec: 20 | selector: 21 | app: deck 22 | ports: 23 | - name: main 24 | port: 80 25 | targetPort: 8080 26 | {{- if .Values.deck.scrapeMetrics }} 27 | - name: metrics 28 | port: 9090 29 | {{- end }} 30 | type: {{ .Values.deck.service.type }} -------------------------------------------------------------------------------- /prow/data-plane/templates/crier-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: crier 19 | rules: 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - "pods" 24 | - "events" 25 | verbs: 26 | - "get" 27 | - "list" 28 | - apiGroups: 29 | - "" 30 | resources: 31 | - "pods" 32 | verbs: 33 | - "patch" -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/scan-controllers-cve.tpl: -------------------------------------------------------------------------------- 1 | - name: scan-controllers-cve 2 | decorate: true 3 | interval: 720h 4 | annotations: 5 | description: Scans ack supported AWS service controllers for CVE's. If they exist, creates a github issue in commmunity repository 6 | karpenter.sh/do-not-evict: "true" 7 | extra_refs: 8 | - org: aws-controllers-k8s 9 | repo: test-infra 10 | base_ref: main 11 | workdir: true 12 | labels: 13 | preset-github-secrets: "true" 14 | agent: kubernetes 15 | spec: 16 | serviceAccountName: periodic-service-account 17 | containers: 18 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "scan-controllers-cve") }} 19 | resources: 20 | limits: 21 | cpu: 1 22 | memory: "500Mi" 23 | requests: 24 | cpu: 1 25 | memory: "500Mi" 26 | command: ["ack-build-tools", "scan-controllers-cve", 27 | "--jobs-config-path", "./prow/jobs/jobs_config.yaml" ] 28 | -------------------------------------------------------------------------------- /scripts/lib/login.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # login.sh contains functions for logging into container repositories. 4 | # Note: These functions are not placed inside tools specific file like 5 | # helm.sh, because those files ensure binaries(ex: kind) that are not 6 | # really needed for simple actions like repository login. 7 | # A future refactor can make those files more modular and then login 8 | # functions can be refactored in tool specific file like buildah.sh 9 | # and helm.sh 10 | 11 | perform_buildah_and_helm_login() { 12 | #ecr-public only exists in us-east-1 so use that region specifically 13 | local __pw=$(aws ecr-public get-login-password --region us-east-1) 14 | echo "$__pw" | buildah login -u AWS --password-stdin public.ecr.aws 15 | export HELM_EXPERIMENTAL_OCI=1 16 | echo "$__pw" | helm registry login -u AWS --password-stdin public.ecr.aws 17 | } 18 | 19 | ensure_binaries() { 20 | check_is_installed "aws" 21 | check_is_installed "buildah" 22 | check_is_installed "helm" 23 | } 24 | 25 | ensure_binaries -------------------------------------------------------------------------------- /cd/olm/gh_issue_missing_oh_ci_template.txt: -------------------------------------------------------------------------------- 1 | ### $ISSUE_TITLE 2 | 3 | #### Steps for closing this issue: 4 | 1. Checkout [\`$OH_REPO\`](https://github.com/$OH_ORG_REPO) repository 5 | 2. Add \`operators/ack-$CONTROLLER_NAME/ci.yaml\` file in [\`$OH_REPO\`](https://github.com/$OH_ORG_REPO) repository. 6 | You can look at \`operators/ack-s3-controller/ci.yaml\` for reference. 7 | 3. Create a new pull request with these changes for [\`$OH_REPO\`](https://github.com/$OH_ORG_REPO) 8 | 4. Mention this issue number in the pull request 9 | 5. When the PR is merged, close this issue 10 | 11 | #### Additional Note: 12 | Make sure that \`operators/ack-$CONTROLLER_NAME/ci.yaml\` file is present in both 13 | \`k8s-operatorhub/community-operators\` and \`redhat-openshift-ecosystem/community-operators-prod\` 14 | repositories. If not, follow the same steps as above. 15 | 16 | For more guidance, [create an issue](https://github.com/aws-controllers-k8s/community/issues) 17 | or [reach out on Slack](https://github.com/aws-controllers-k8s/community#help--feedback). 18 | -------------------------------------------------------------------------------- /prow/data-plane/templates/crier-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: crier 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: crier 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.crier.serviceAccount.name | default "crier" | quote }} 26 | namespace: prow -------------------------------------------------------------------------------- /prow/data-plane/templates/deck-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "deck" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "deck" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.deck.serviceAccount.name | default "deck" | quote }} 26 | namespace: prow -------------------------------------------------------------------------------- /prow/data-plane/templates/hook-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "hook" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "hook" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.hook.serviceAccount.name | default "hook" | quote }} 26 | namespace: prow -------------------------------------------------------------------------------- /prow/jobs/templates/postsubmits/controller_bootstrap_update.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/controller-bootstrap: 2 | - name: auto-update-controllers 3 | decorate: true 4 | annotations: 5 | karpenter.sh/do-not-evict: "true" 6 | labels: 7 | preset-github-secrets: "true" 8 | extra_refs: 9 | {{range $_, $service := .Config.AWSServices}}- org: aws-controllers-k8s 10 | repo: {{ $service }}-controller 11 | base_ref: main 12 | workdir: false 13 | {{end}}spec: 14 | serviceAccountName: post-submit-service-account 15 | containers: 16 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "auto-update-controllers") }} 17 | resources: 18 | limits: 19 | cpu: 2 20 | memory: "500Mi" 21 | requests: 22 | cpu: 2 23 | memory: "500Mi" 24 | command: ["/bin/bash", "-c", "./cd/auto-update/project-static-files.sh"] 25 | branches: #supports tags too. 26 | - ^v[0-9]+\.[0-9]+\.[0-9]+$ -------------------------------------------------------------------------------- /prow/data-plane/templates/sinker-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "sinker" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "sinker" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.sinker.serviceAccount.name | default "sinker" | quote }} 26 | namespace: prow -------------------------------------------------------------------------------- /prow/config/templates/crier-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: crier 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: crier 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.crier.serviceAccount.name | default "crier" | quote }} 26 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /prow/config/templates/deck-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "deck" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "deck" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.deck.serviceAccount.name | default "deck" | quote }} 26 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /prow/config/templates/hook-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "hook" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "hook" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.hook.serviceAccount.name | default "hook" | quote }} 26 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /prow/config/templates/tide-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "tide" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "tide" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.tide.serviceAccount.name | default "tide" | quote }} 26 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /prow/jobs/templates/postsubmits/runtime_release.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/runtime: 2 | - name: runtime-docs-release 3 | decorate: true 4 | annotations: 5 | karpenter.sh/do-not-evict: "true" 6 | labels: 7 | preset-github-secrets: "true" 8 | extra_refs: 9 | - org: aws-controllers-k8s 10 | repo: community 11 | base_ref: main 12 | workdir: true 13 | {{range $_, $service := .Config.AWSServices}}- org: aws-controllers-k8s 14 | repo: {{ $service }}-controller 15 | base_ref: main 16 | {{ end }}spec: 17 | serviceAccountName: post-submit-service-account 18 | containers: 19 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "docs") }} 20 | resources: 21 | limits: 22 | cpu: 1 23 | memory: "500Mi" 24 | requests: 25 | cpu: 1 26 | memory: "500Mi" 27 | command: ["/docs/build-docs.sh"] 28 | run_if_changed: "apis/core/.*" 29 | branches: 30 | - main 31 | -------------------------------------------------------------------------------- /prow/config/templates/sinker-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "sinker" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "sinker" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.sinker.serviceAccount.name | default "sinker" | quote }} 26 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /flux/karpenter-config/provisioner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: karpenter.sh/v1alpha5 2 | kind: Provisioner 3 | metadata: 4 | name: default 5 | spec: 6 | consolidation: 7 | enabled: false 8 | limits: 9 | resources: 10 | cpu: 1k 11 | memory: 1000Gi 12 | storage: 5000Gi 13 | requirements: 14 | # Include general purpose instance families 15 | - key: karpenter.k8s.aws/instance-family 16 | operator: In 17 | values: [c6g, c7g, c6a, c6i, m6a, m6g, m6i, r6a, r6g, r6i] 18 | # Exclude small instance sizes 19 | - key: karpenter.k8s.aws/instance-size 20 | operator: In 21 | values: [medium, large, xlarge, xlarge, 2xlarge, 4xlarge, 8xlarge] 22 | - key: kubernetes.io/arch 23 | operator: In 24 | values: 25 | - amd64 26 | - key: karpenter.sh/capacity-type 27 | operator: In 28 | values: 29 | - on-demand 30 | - key: kubernetes.io/os 31 | operator: In 32 | values: 33 | - linux 34 | ttlSecondsAfterEmpty: 900 # 15 minutes 35 | ttlSecondsUntilExpired: 36000 # 10 hours 36 | providerRef: 37 | name: prowjob-node-provider -------------------------------------------------------------------------------- /prow/config/templates/github-token-Secret.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.githubApp.secret.create }} 16 | apiVersion: v1 17 | kind: Secret 18 | metadata: 19 | name: github-token 20 | stringData: 21 | # this is the "private key" saved after setting up the Github App 22 | cert: {{ .Values.githubApp.cert}} 23 | # this is the "App ID" saved after setting up the Github App 24 | appid: {{ .Values.githubApp.appId }} 25 | {{ end }} -------------------------------------------------------------------------------- /prow/config/templates/horologium-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "horologium" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "horologium" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.horologium.serviceAccount.name | default "horologium" | quote }} 26 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /prow/config/templates/s3-credentials-Secret.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.s3Credentials.secret.create }} 16 | apiVersion: v1 17 | kind: Secret 18 | metadata: 19 | name: s3-credentials 20 | stringData: 21 | service-account.json: | 22 | { 23 | "region": "{{ .Values.region }}", 24 | "access_key": "", 25 | "endpoint": "", 26 | "insecure": false, 27 | "s3_force_path_style": false, 28 | "secret_key": "" 29 | } 30 | {{ end }} -------------------------------------------------------------------------------- /prow/config/templates/statusreconciler-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "statusreconciler" 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: "statusreconciler" 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.statusreconciler.serviceAccount.name | default "statusreconciler" | quote }} 26 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /prow/data-plane/templates/s3-credentials-Secret.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | {{ if .Values.s3Credentials.secret.create }} 16 | apiVersion: v1 17 | kind: Secret 18 | metadata: 19 | name: s3-credentials 20 | stringData: 21 | service-account.json: | 22 | { 23 | "region": "{{ .Values.region }}", 24 | "access_key": "", 25 | "endpoint": "", 26 | "insecure": false, 27 | "s3_force_path_style": false, 28 | "secret_key": "" 29 | } 30 | {{ end }} -------------------------------------------------------------------------------- /cd/auto-generate/gh_issue_body_template.txt: -------------------------------------------------------------------------------- 1 | ### $ISSUE_TITLE 2 | 3 | #### stdout for \`make build-controller\`: 4 | \`\`\` 5 | $MAKE_BUILD_OUTPUT 6 | \`\`\` 7 | 8 | #### stderr for \`make build-controller\`: 9 | \`\`\` 10 | $MAKE_BUILD_ERROR_OUTPUT 11 | \`\`\` 12 | 13 | 14 | #### Steps for closing this issue: 15 | 1. Update $CONTROLLER_NAME \`go.mod\` file to update \`aws-controllers-k8s/runtime\` to $ACK_RUNTIME_VERSION 16 | 2. Run \`go mod tidy\` for $CONTROLLER_NAME 17 | 3. Successfully generate the service controller locally using latest release of 18 | \`aws-controllers-k8s/code-generator\` 19 | 4. Run \`make test\` for $CONTROLLER_NAME 20 | 5. Run \`make kind-test\` from \`aws-controllers-k8s/test-infra\` repository for 21 | $CONTROLLER_NAME 22 | 6. When kind test is successful, Create new pull request for $CONTROLLER_NAME 23 | 7. Mention this issue number in the pull request 24 | 8. When the above PR is merged, close this issue 25 | 26 | For more guidance, [create an issue](https://github.com/aws-controllers-k8s/community/issues) 27 | or [reach out on Slack](https://github.com/aws-controllers-k8s/community#help--feedback). 28 | -------------------------------------------------------------------------------- /prow/config/templates/hook-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "hook" 19 | rules: 20 | - apiGroups: 21 | - "prow.k8s.io" 22 | resources: 23 | - prowjobs 24 | verbs: 25 | - create 26 | - get 27 | - list 28 | - update 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - configmaps 33 | verbs: 34 | - create 35 | - get 36 | - update -------------------------------------------------------------------------------- /prow/data-plane/templates/prow-controller-manager-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: prow-controller-manager 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: prow-controller-manager 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.prowControllerManager.serviceAccount.name | default "prow-controller-manager" | quote }} 26 | namespace: prow -------------------------------------------------------------------------------- /prow/config/templates/prow-controller-manager-RoleBinding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: RoleBinding 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: prow-controller-manager 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: Role 22 | name: prow-controller-manager 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ .Values.prowControllerManager.serviceAccount.name | default "prow-controller-manager" | quote }} 26 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/upgrade-eks-distro-version.tpl: -------------------------------------------------------------------------------- 1 | - name: upgrade-eks-distro-version 2 | decorate: true 3 | interval: 168h 4 | annotations: 5 | description: Querys eks-distro version in ECR and compare it with version in build_config.yaml. Creates a PR with updated eks-distro version and bumped prow image versions if outdated 6 | karpenter.sh/do-not-evict: "true" 7 | extra_refs: 8 | - org: aws-controllers-k8s 9 | repo: test-infra 10 | base_ref: main 11 | workdir: true 12 | labels: 13 | preset-github-secrets: "true" 14 | agent: kubernetes 15 | spec: 16 | serviceAccountName: periodic-service-account 17 | containers: 18 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "upgrade-go-version") }} #Use upgrade-go-version image for now 19 | resources: 20 | limits: 21 | cpu: 1 22 | memory: "500Mi" 23 | requests: 24 | cpu: 1 25 | memory: "500Mi" 26 | command: ["ack-build-tools", "upgrade-eks-distro-version", 27 | "--images-config-path", "./prow/jobs/images_config.yaml"] 28 | -------------------------------------------------------------------------------- /prow/plugins/agent-plugin/pkg/k8s/context.go: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package k8s 16 | 17 | import ( 18 | "context" 19 | "time" 20 | ) 21 | 22 | // DefaultTimeout is the standard timeout for API operations 23 | const DefaultTimeout = 30 * time.Second 24 | 25 | // ContextWithDefaultTimeout returns a new context with the default timeout 26 | func ContextWithDefaultTimeout() (context.Context, context.CancelFunc) { 27 | return context.WithTimeout(context.Background(), DefaultTimeout) 28 | } 29 | -------------------------------------------------------------------------------- /prow/plugins/agent-plugin/pkg/webhook/clients.go: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package webhook 16 | 17 | import ( 18 | k8sclient "github.com/aws-controllers-k8s/test-infra/experimental/prow/pkg/k8s" 19 | ) 20 | 21 | // submitProwJob submits a ProwJob to the Kubernetes cluster 22 | func (s *Server) submitProwJob(prowJob *k8sclient.ProwJob) error { 23 | ctx, cancel := ContextWithDefaultTimeout() 24 | defer cancel() 25 | return s.k8sProwClient.SubmitProwJob(ctx, prowJob, s.prowJobNamespace) 26 | } 27 | -------------------------------------------------------------------------------- /tools/setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | import pathlib 3 | 4 | here = pathlib.Path(__file__).parent.resolve() 5 | 6 | long_description = (here / 'README.md').read_text(encoding='utf-8') 7 | install_requirements = (here / 'requirements.txt').read_text(encoding='utf-8').splitlines() 8 | 9 | setup( 10 | name='acktools', 11 | version='0.0.1', 12 | description='Tools for ACK service controllers and metadata', 13 | long_description=long_description, 14 | long_description_content_type='text/markdown', 15 | url='https://github.com/aws-controllers-k8s/test-infra', 16 | classifiers=[ 17 | 'Programming Language :: Python :: 3', 18 | 'Programming Language :: Python :: 3.8', 19 | 'License :: OSI Approved :: Apache Software License', 20 | 'Operating System :: OS Independent', 21 | ], 22 | package_dir={'ackdiscover':'ackdiscover'}, 23 | packages=find_packages('.'), 24 | python_requires='>=3.8, <4', 25 | project_urls={ 26 | 'Bug Reports': 'https://github.com/aws-controllers-k8s/community/issues', 27 | }, 28 | install_requires=install_requirements 29 | ) 30 | -------------------------------------------------------------------------------- /prow/config/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "prow-config.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "prow-config.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "prow-config.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /tools/ackdiscover/README.md: -------------------------------------------------------------------------------- 1 | # ack-discover utility CLI tool 2 | 3 | The `ack-discover` tool collects information about AWS services and ACK 4 | controllers, including the latest release of a controller, the version of the 5 | ACK runtime embedded in the controller, the version of aws-sdk-go used in the 6 | controller, the project stage and the maintenance phase of the controller. 7 | 8 | ## Prerequisites 9 | 10 | You will need a Github Personal Access Token (PAT) associated with a Github 11 | username. I create a file called `~/.github/venv` that I use with this content: 12 | 13 | ``` 14 | export GITHUB_ACTOR=jaypipes 15 | export GITHUB_TOKEN=ghp_************************************* 16 | ``` 17 | 18 | Create a virtualenv and install the required Python libraries: 19 | 20 | ```bash 21 | python3 -m venv .venv 22 | source .venv/bin/activate 23 | pip install -r tools/ack-discover/requirements.txt 24 | ``` 25 | 26 | ## Running `ack-discover` 27 | 28 | Run `ack-discover` from your virtualenv after sourcing your Github Personal 29 | Access Token: 30 | 31 | ```bash 32 | source ~/.github/venv 33 | source .venv/bin/activate 34 | tools/cmd/ack-discover --debug 35 | ``` 36 | -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/upgrade-go-version.tpl: -------------------------------------------------------------------------------- 1 | - name: upgrade-go-version 2 | decorate: true 3 | interval: 168h 4 | annotations: 5 | description: Querys go version in ECR and compare it with versuib in repository. Raises a PR with updated GO_VERSION and bumped prow image versions 6 | karpenter.sh/do-not-evict: "true" 7 | extra_refs: 8 | - org: aws-controllers-k8s 9 | repo: test-infra 10 | base_ref: main 11 | workdir: true 12 | labels: 13 | preset-github-secrets: "true" 14 | agent: kubernetes 15 | spec: 16 | serviceAccountName: periodic-service-account 17 | containers: 18 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "upgrade-go-version") }} 19 | resources: 20 | limits: 21 | cpu: 1 22 | memory: "500Mi" 23 | requests: 24 | cpu: 1 25 | memory: "500Mi" 26 | command: ["ack-build-tools", "upgrade-go-version", 27 | "--build-config-path", "./build_config.yaml", 28 | "--images-config-path", "./prow/jobs/images_config.yaml", 29 | "--golang-ecr-repository", "v2/docker/library/golang"] 30 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | import pathlib 3 | 4 | here = pathlib.Path(__file__).parent.resolve() 5 | 6 | long_description = (here / 'README.md').read_text(encoding='utf-8') 7 | install_requirements = (here / 'requirements.txt').read_text(encoding='utf-8').splitlines() 8 | 9 | setup( 10 | name='acktest', 11 | version='0.0.1', 12 | description='Test framework for functional integration and soak testing for ACK service controllers', 13 | long_description=long_description, 14 | long_description_content_type='text/markdown', 15 | url='https://github.com/aws-controllers-k8s/test-infra', 16 | classifiers=[ 17 | 'Programming Language :: Python :: 3', 18 | 'Programming Language :: Python :: 3.8', 19 | 'License :: OSI Approved :: Apache Software License', 20 | 'Operating System :: OS Independent', 21 | ], 22 | package_dir={'':'src'}, 23 | packages=find_packages('src'), 24 | python_requires='>=3.8, <4', 25 | project_urls={ 26 | 'Bug Reports': 'https://github.com/aws-controllers-k8s/community/issues', 27 | }, 28 | install_requires=install_requirements 29 | ) 30 | -------------------------------------------------------------------------------- /soak/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.io/library/python:3.11-alpine 2 | 3 | # Persist build arguments into environment variables 4 | ARG AWS_SERVICE 5 | ARG E2E_GIT_REF=main 6 | ARG CONTROLLER_E2E_PATH=./${AWS_SERVICE}-controller/test/e2e 7 | ENV AWS_SERVICE ${AWS_SERVICE} 8 | ENV PYTHONPATH ${CONTROLLER_E2E_PATH} 9 | ENV CONTROLLER_E2E_PATH ${CONTROLLER_E2E_PATH} 10 | 11 | WORKDIR /soak 12 | # Install dependencies for soak test environment 13 | RUN apk add --no-cache git bash gcc libc-dev curl \ 14 | && curl -L -s https://github.com/mikefarah/yq/releases/download/v4.9.6/yq_linux_amd64 --output /usr/bin/yq \ 15 | && chmod +x /usr/bin/yq 16 | 17 | # Copy the script to run soak tests. 18 | COPY run_soak_test.sh . 19 | RUN chmod +x run_soak_test.sh 20 | 21 | COPY default_soak_config.yaml . 22 | 23 | # Checkout the controller repository where e2e tests are present. 24 | # Soak test run consists of multiple runs of these e2e tests. 25 | RUN git clone https://github.com/aws-controllers-k8s/${AWS_SERVICE}-controller.git -b ${E2E_GIT_REF} --depth 1 26 | RUN cd ${AWS_SERVICE}-controller/test/e2e \ 27 | && pip install -r requirements.txt 28 | 29 | ENTRYPOINT ["bash", "-c", "./run_soak_test.sh"] 30 | -------------------------------------------------------------------------------- /flux/prow-charts/prow-data-plane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: prow-data-plane 5 | namespace: flux-system 6 | spec: 7 | interval: 5m 8 | targetNamespace: test-pods 9 | values: 10 | region: "us-west-2" 11 | crier: 12 | serviceAccount: 13 | name: "prow-deployment-service-account" 14 | deck: 15 | serviceAccount: 16 | name: "prow-deployment-service-account" 17 | hook: 18 | serviceAccount: 19 | name: "prow-deployment-service-account" 20 | horologium: 21 | serviceAccount: 22 | name: "prow-deployment-service-account" 23 | prowControllerManager: 24 | serviceAccount: 25 | name: "prow-deployment-service-account" 26 | sinker: 27 | serviceAccount: 28 | name: "prow-deployment-service-account" 29 | statusreconciler: 30 | serviceAccount: 31 | name: "prow-deployment-service-account" 32 | tide: 33 | serviceAccount: 34 | name: "prow-deployment-service-account" 35 | chart: 36 | spec: 37 | chart: ./prow/data-plane 38 | sourceRef: 39 | kind: GitRepository 40 | name: test-infra -------------------------------------------------------------------------------- /scripts/public-ecr-set-catalog.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eo pipefail 4 | 5 | THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 6 | 7 | ensure_repository_catalog() { 8 | local ecr_repo=$1 9 | local ecr_tpl_file_path="" 10 | local aws_service="" 11 | 12 | echo "public-ecr-set-catalog.sh][INFO] setting catalog data for $ecr_repo public repository ..." 13 | 14 | if (echo "$ecr_repo" | grep -q "controller"); then 15 | aws_service="${ecr_repo/%-controller}" 16 | ecr_tpl_file_path="$THIS_DIR/ecr-templates/ecr-controller-template.json" 17 | else 18 | aws_service="${ecr_repo/%-chart}" 19 | ecr_tpl_file_path="$THIS_DIR/ecr-templates/ecr-chart-template.json" 20 | fi 21 | 22 | export aws_service 23 | local catalog_data=$(envsubst < $ecr_tpl_file_path 2>&1) 24 | 25 | aws ecr-public put-repository-catalog-data --region us-east-1 --repository-name $ecr_repo --catalog-data "$catalog_data" 1>/dev/null 26 | } 27 | 28 | REPOS=$(aws ecr-public describe-repositories --region us-east-1 --query 'repositories[].repositoryName' --output text) 29 | 30 | for ecr_repo in $REPOS; do 31 | ensure_repository_catalog $ecr_repo 32 | done -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/lifecycle_bot_periodic_close.tpl: -------------------------------------------------------------------------------- 1 | - name: periodic-close 2 | interval: 6h 3 | decorate: true 4 | annotations: 5 | description: Closes rotten issues after 30d of inactivity 6 | karpenter.sh/do-not-evict: "true" 7 | labels: 8 | preset-github-secrets: "true" 9 | agent: kubernetes 10 | spec: 11 | serviceAccountName: periodic-service-account 12 | containers: 13 | - image: gcr.io/k8s-prow/commenter:v20210422-d12e80af3e 14 | resources: 15 | limits: 16 | cpu: 1 17 | memory: "500Mi" 18 | requests: 19 | cpu: 1 20 | memory: "500Mi" 21 | command: 22 | - /app/robots/commenter/app.binary 23 | args: 24 | - --query=org:aws-controllers-k8s -label:lifecycle/frozen label:lifecycle/rotten 25 | - --updated=1440h 26 | - --token=/etc/github/token 27 | - |- 28 | --comment=Rotten issues close after 60d of inactivity. 29 | Reopen the issue with `/reopen`. 30 | Provide feedback via https://github.com/aws-controllers-k8s/community. 31 | /close 32 | - --template 33 | - --confirm 34 | - --ceiling=10 -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.controller-release-tag: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim AS base 2 | 3 | RUN echo "Installing packages ..." \ 4 | && apt-get update \ 5 | && apt-get install -y --no-install-recommends\ 6 | build-essential \ 7 | ca-certificates \ 8 | make \ 9 | curl \ 10 | git \ 11 | gnupg2 \ 12 | software-properties-common \ 13 | lsb-release \ 14 | wget \ 15 | jq \ 16 | uuid-runtime \ 17 | apt-transport-https \ 18 | unzip \ 19 | gawk 20 | 21 | RUN echo "Installing yq ... " \ 22 | && curl -L -s https://github.com/mikefarah/yq/releases/download/v4.31.2/yq_linux_amd64 --output /usr/bin/yq \ 23 | && chmod +x /usr/bin/yq 24 | 25 | RUN echo "Installing GitHub cli ..." \ 26 | && curl -fsSL "https://cli.github.com/packages/githubcli-archive-keyring.gpg" | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg \ 27 | && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ 28 | && apt-get update \ 29 | && apt-get install -y --no-install-recommends gh 30 | -------------------------------------------------------------------------------- /prow/jobs/templates/postsubmits/codegen_release.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/code-generator: 2 | - name: auto-generate-controllers 3 | decorate: true 4 | annotations: 5 | karpenter.sh/do-not-evict: "true" 6 | labels: 7 | preset-github-secrets: "true" 8 | extra_refs: 9 | - org: aws-controllers-k8s 10 | repo: test-infra 11 | base_ref: main 12 | workdir: true 13 | - org: aws-controllers-k8s 14 | repo: runtime 15 | base_ref: main 16 | workdir: false 17 | {{range $_, $service := .Config.AWSServices}}- org: aws-controllers-k8s 18 | repo: {{ $service }}-controller 19 | base_ref: main 20 | workdir: false 21 | {{end}}spec: 22 | serviceAccountName: post-submit-service-account 23 | containers: 24 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "auto-generate-controllers") }} 25 | resources: 26 | limits: 27 | cpu: 8 28 | memory: "8192Mi" 29 | requests: 30 | cpu: 8 31 | memory: "8192Mi" 32 | command: ["/bin/bash", "-c", "./cd/auto-generate/auto-generate-controllers.sh"] 33 | branches: #supports tags too. 34 | - ^v[0-9]+\.[0-9]+\.[0-9]+$ -------------------------------------------------------------------------------- /prow/jobs/images/README.md: -------------------------------------------------------------------------------- 1 | # Prow Images 2 | 3 | This directory contains all of the images used for any of our Prow pre- or post- 4 | submit jobs. 5 | 6 | ## Building images 7 | 8 | To build the images, run the following command: 9 | ```bash 10 | ./build-images.sh 11 | ``` 12 | 13 | This will tag each of the images with `prow/` where `` is the suffix 14 | of the Dockerfile, for example `prow/test`. 15 | 16 | ## Releasing images 17 | 18 | To push the images into an ECR public repository, first authenticate with the 19 | corresponding account that has access to the public repository. 20 | 21 | To publish a version of the images to your own repository, run the following 22 | command: 23 | 24 | ```bash 25 | DOCKER_REPOSITORY= ./push-image.sh 26 | ``` 27 | Replacing `` with the URI of the repository and 28 | with the type of Dockerfile you wish to push. 29 | 30 | To publish a new version of the images to the **official ACK repository**, run 31 | the following command: 32 | 33 | ```bash 34 | VERSION=X.Y.Z ./push-image.sh 35 | ``` 36 | Replacing `X.Y.Z` with the SemVer version tag of the images. 37 | 38 | *Note: Only ACK core contributors will have access to the official ACK 39 | repository* -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL := /bin/bash # Use bash syntax 2 | 3 | AWS_SERVICE=$(shell echo $(SERVICE) | tr '[:upper:]' '[:lower:]') 4 | 5 | .PHONY: gen-all 6 | gen-all: prow-gen 7 | 8 | # Assumes python3 is installed as default python on the host. 9 | prow-gen: ## Compiles the Prow jobs 10 | @go run ./prow/jobs/generator.go && \ 11 | echo "Success! Templates for ProwJobs, Plugins, and Agent Workflows re-generated." || \ 12 | echo "Error while generating Prow templates"; 13 | 14 | kind-test: ## Run functional tests for SERVICE 15 | @AWS_SERVICE=$(AWS_SERVICE) ./scripts/run-e2e-tests.sh 16 | 17 | kind-helm-test: ## Run the Helm tests for SERVICE 18 | @AWS_SERVICE=$(AWS_SERVICE) ./scripts/run-helm-tests.sh 19 | 20 | test-recommended-policy: 21 | @AWS_SERVICE=$(AWS_SERVICE) source ./scripts/iam-policy-test-runner.sh && assert_iam_policies 22 | 23 | test-metadata-file: 24 | @AWS_SERVICE=$(AWS_SERVICE) source ./scripts/metadata-file-test-runner.sh && assert_metadata_file 25 | 26 | delete-all-kind-clusters: ## Delete all local kind clusters 27 | @kind delete clusters --all 28 | @rm -rf build/* 29 | 30 | help: ## Show this help. 31 | @grep -F -h "##" $(MAKEFILE_LIST) | grep -F -v grep | sed -e 's/\\$$//' \ 32 | | awk -F'[:#]' '{print $$1 = sprintf("%-30s", $$1), $$4}' 33 | -------------------------------------------------------------------------------- /soak/helm/ack-soak-test/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: ack-soak-test 3 | description: A Helm chart for running soak test on an ACK controller. 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.0.1 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "0.0.1" 25 | -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/label_sync.tpl: -------------------------------------------------------------------------------- 1 | - name: label-sync 2 | decorate: true 3 | interval: 6h 4 | annotations: 5 | description: Runs label_sync to synchronize GitHub repo labels with the label config defined in label_sync/labels.yaml. 6 | karpenter.sh/do-not-evict: "true" 7 | labels: 8 | app: label-sync 9 | preset-github-secrets: "true" 10 | agent: kubernetes 11 | spec: 12 | serviceAccountName: periodic-service-account 13 | containers: 14 | - name: label-sync 15 | image: gcr.io/k8s-prow/label_sync:v20221205-a1b0b85d88 16 | resources: 17 | limits: 18 | cpu: 1 19 | memory: "500Mi" 20 | requests: 21 | cpu: 1 22 | memory: "500Mi" 23 | command: 24 | - label_sync 25 | args: 26 | - --config=/etc/config/labels.yaml 27 | - --confirm=true 28 | - --orgs=aws-controllers-k8s 29 | - --github-token-path=/etc/github/token 30 | - --github-endpoint=http://ghproxy.prow.svc.cluster.local 31 | - --github-endpoint=https://api.github.com 32 | - --debug 33 | volumeMounts: 34 | - name: config 35 | mountPath: /etc/config 36 | readOnly: true 37 | volumes: 38 | - name: config 39 | configMap: 40 | name: label-config -------------------------------------------------------------------------------- /scripts/lib/common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # common.sh contains commonly used functions, meant to be imported by other 4 | # bash scripts. 5 | 6 | LIB_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 7 | 8 | source "$LIB_DIR/logging.sh" 9 | 10 | # check_is_installed checks to see if the supplied executable is installed and 11 | # exits if not. An optional second argument is an extra message to display when 12 | # the supplied executable is not installed. 13 | # 14 | # Usage: 15 | # 16 | # check_is_installed PROGRAM [ MSG ] 17 | # 18 | # Example: 19 | # 20 | # check_is_installed kind "You can install kind with the helper scripts/install-kind.sh" 21 | check_is_installed() { 22 | local __name="$1" 23 | local __extra_msg="$2" 24 | if ! is_installed "$__name"; then 25 | error_msg "Missing required binary in PATH: '$__name'" 26 | error_msg "Please install $__name before running this script." 27 | if [[ -n $__extra_msg ]]; then 28 | error_msg "" 29 | error_msg "$__extra_msg" 30 | error_msg "" 31 | fi 32 | exit 1 33 | fi 34 | } 35 | 36 | is_installed() { 37 | local __name="$1" 38 | if $(which $__name >/dev/null 2>&1); then 39 | return 0 40 | else 41 | return 1 42 | fi 43 | } -------------------------------------------------------------------------------- /soak/helm/ack-soak-test/templates/job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ .Values.awsService }}-soak-test 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ .Values.awsService }}-soak-test 8 | spec: 9 | parallelism: {{ .Values.testJobParallelism }} 10 | completions: {{ .Values.testJobCompletions }} 11 | template: 12 | metadata: 13 | labels: 14 | app: {{ .Values.awsService }}-soak-test 15 | spec: 16 | serviceAccountName: ack-soak-controller # same as service controller service-account 17 | restartPolicy: Never 18 | containers: 19 | - name: soak-test 20 | image: {{ .Values.soak.imageRepo }}:{{ .Values.soak.imageTag }} 21 | imagePullPolicy: Always 22 | command: ["bash", "-c", "./run_soak_test.sh"] 23 | env: 24 | - name: LOAD_IN_CLUSTER_KUBECONFIG # This variable makes sure e2e tests run against local k8s cluster 25 | value: "True" 26 | - name: START_TIME_EPOCH_SECONDS 27 | value: {{ .Values.soak.startTimeEpochSeconds | quote }} 28 | - name: DEFAULT_SOAK_DURATION_MINUTES 29 | value: {{ .Values.soak.durationMinutes | quote }} 30 | - name: AWS_DEFAULT_REGION 31 | value: {{ .Values.awsRegion | quote }} 32 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/utils/formatting.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | """Common formatting utilities for ACK agents.""" 12 | 13 | import json 14 | import re 15 | from rich.markdown import Markdown 16 | 17 | 18 | def pretty_markdown(md) -> Markdown: 19 | """Convert various data types to pretty-formatted markdown. 20 | 21 | Args: 22 | md: Data to format - can be dict, str, or any other type 23 | 24 | Returns: 25 | Markdown: Rich markdown object for console rendering 26 | """ 27 | # If it's a dict, pretty-print as JSON 28 | if isinstance(md, dict): 29 | md = json.dumps(md, indent=2) 30 | elif not isinstance(md, str): 31 | md = str(md) 32 | clean = re.sub(r"(\n\s*){3,}", "\n\n", (md or "").strip()) 33 | return Markdown(clean) -------------------------------------------------------------------------------- /prow/agent-workflows/agents/utils/logging.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | """Utilities for setting up Agent logging.""" 12 | 13 | import logging 14 | import warnings 15 | 16 | def configure_logging(debug=False): 17 | """Configure logging for the application. 18 | 19 | Args: 20 | debug: Whether to enable debug logging 21 | """ 22 | log_level = logging.DEBUG if debug else logging.INFO 23 | logging.basicConfig(level=log_level, format="%(levelname)s | %(name)s | %(message)s") 24 | 25 | # Always enable Strands debug logs if debug is enabled 26 | if debug: 27 | logging.getLogger("strands").setLevel(logging.DEBUG) 28 | 29 | # Suppress deprecation warnings from botocore about datetime.utcnow() 30 | warnings.filterwarnings("ignore", category=DeprecationWarning, module="botocore") -------------------------------------------------------------------------------- /scripts/ecr-templates/ecr-chart-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Helm Charts for the ${aws_service}-controller for AWS Controllers for Kubernetes (ACK)", 3 | "architectures": ["x86-64", "ARM 64"], 4 | "operatingSystems": ["Linux"], 5 | "aboutText": "# Helm Chart for ${aws_service}-controller for ACK\n\n[AWS Controllers for Kubernetes][ack] (ACK) is a collection of custom Kubernetes controllers allowing Kubernetes users to manage AWS resources.\n\n[ack]: https://aws-controllers-k8s.github.io/community/\n\nThis repository contains Helm Charts that will install the ACK controller for the ${aws_service} AWS service.\n\nA corresponding repository ${aws_service}-controller contains the container images for this controller.\n\n[Source code][source] for this controller is available on GitHub.\n\n[source]: https://github.com/aws-controllers-k8s/${aws_service}-controller", 6 | "usageText": "# Installation\n\n We [recommend][rec-helm] installing the ACK controller for ${aws_service} using the Kubernetes package manager, Helm.\n\n[rec-helm]: https://aws-controllers-k8s.github.io/community/docs/user-docs/install/#install-an-ack-service-controller-with-helm-recommended\n\nConsult our [installation docs][install-docs] for detailed instructions on how to install the ${aws_service} controller.\n\n[install-docs]: https://aws-controllers-k8s.github.io/community/docs/user-docs/install/" 7 | } 8 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/utils/validation.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | 12 | import os 13 | from pathlib import Path 14 | 15 | 16 | def is_path_under_directory(filepath: str, directory: str) -> bool: 17 | """ 18 | Verify if a filepath is under a specified directory. 19 | 20 | Args: 21 | filepath: The path to check 22 | directory: The directory that should contain the filepath 23 | 24 | Returns: 25 | bool: True if the filepath is under the directory, False otherwise 26 | """ 27 | # Convert both paths to absolute and resolve any symlinks 28 | filepath = os.path.abspath(os.path.normpath(filepath)) 29 | directory = os.path.abspath(os.path.normpath(directory)) 30 | 31 | # Use pathlib for safer path comparison 32 | return Path(filepath).is_relative_to(Path(directory)) -------------------------------------------------------------------------------- /prow/plugins/agent-plugin/README.md: -------------------------------------------------------------------------------- 1 | # Prow Workflow Agent 2 | 3 | A Prow external plugin that triggers AI workflows based on GitHub issue comments. 4 | 5 | ## Overview 6 | 7 | The Workflow Agent listens for `/agent` commands in GitHub issues and automatically creates ProwJobs to execute predefined workflows. 8 | 9 | ## Usage 10 | 11 | Comment on any GitHub issue with: 12 | ``` 13 | /agent [key=value ...] [--timeout 30m] 14 | ``` 15 | 16 | ## Configuration 17 | 18 | ### Workflows 19 | Define workflows in `config/workflows.yaml`: 20 | ```yaml 21 | workflows: 22 | ack_resource_workflow: 23 | description: "ACK resource addition workflow" 24 | image: "086987147623.dkr.ecr.us-west-2.amazonaws.com/workflow-agent:v1.0.7" 25 | command: ["python", "-m", "workflows.ack_resource_prow"] 26 | required_args: ["service", "resource"] 27 | optional_args: [] 28 | timeout: "30m" 29 | resources: 30 | cpu: "2" 31 | memory: "4Gi" 32 | ``` 33 | 34 | **Configure Prow Hook:** 35 | Add to `plugins.yaml`: 36 | ```yaml 37 | external_plugins: 38 | your-org/your-repo: 39 | - name: workflow-agent 40 | endpoint: http://workflow-agent.prow:8080/tamer 41 | events: 42 | - issue_comment 43 | - issues 44 | ``` 45 | 46 | ## Architecture 47 | 48 | - **GitHub** → **Prow Hook** → **Workflow Agent** → **ProwJob** → **Kubernetes** 49 | -------------------------------------------------------------------------------- /scripts/ecr-templates/ecr-controller-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "Container images for the ${aws_service}-controller for AWS Controllers for Kubernetes (ACK)", 3 | "architectures": ["x86-64", "ARM 64"], 4 | "operatingSystems": ["Linux"], 5 | "aboutText": "# ${aws_service}-controller for ACK\n\n[AWS Controllers for Kubernetes][ack] (ACK) is a collection of custom Kubernetes controllers allowing Kubernetes users to manage AWS resources.\n\n[ack]: https://aws-controllers-k8s.github.io/community/\n\nThis repository contains the container images for the ACK controller for the ${aws_service} AWS service.\n\nA corresponding repository ${aws_service}-chart contains Helm chart OCI artifacts allowing Helm users to install the container image for this controller.\n\n[Source code][source] for this controller is available on GitHub.\n\n[source]: https://github.com/aws-controllers-k8s/${aws_service}-controller", 6 | "usageText": "# Installation\n\n We [recommend][rec-helm] installing the ACK controller for ${aws_service} using the Kubernetes package manager, Helm.\n\n[rec-helm]: https://aws-controllers-k8s.github.io/community/docs/user-docs/install/#install-an-ack-service-controller-with-helm-recommended\n\nConsult our [installation docs][install-docs] for detailed instructions on how to install the ${aws_service} controller.\n\n[install-docs]: https://aws-controllers-k8s.github.io/community/docs/user-docs/install/" 7 | } 8 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/config/defaults.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance 4 | # with the License. A copy of the License is located at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES 9 | # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions 10 | # and limitations under the License. 11 | """Default configuration values for ACK agents.""" 12 | 13 | # AWS SDK Go version 14 | DEFAULT_AWS_SDK_GO_VERSION = "v1.32.6" 15 | 16 | # Maximum number of log lines to return 17 | MAX_LOG_LINES_TO_RETURN = 100 18 | 19 | # CLI defaults for the agent 20 | DEFAULT_REGION = "us-west-2" 21 | DEFAULT_MODEL_ID = "us.anthropic.claude-3-7-sonnet-20250219-v1:0" 22 | DEFAULT_TEMPERATURE = 0.2 23 | 24 | # Boto client configuration defaults for better reliability 25 | DEFAULT_MAX_RETRY_ATTEMPTS = 20 26 | DEFAULT_RETRY_MODE = "standard" 27 | DEFAULT_CONNECT_TIMEOUT = 100 28 | DEFAULT_READ_TIMEOUT = 600 29 | 30 | # Memory Agent User ID 31 | MEM0_USER_ID = "ack_codegen_agent_user" 32 | 33 | # Knowledge Base defaults for model agent 34 | MODEL_AGENT_KB_NUMBER_OF_RESULTS = 5 35 | MODEL_AGENT_KB_SCORE_THRESHOLD = 0.5 36 | -------------------------------------------------------------------------------- /cd/auto-generate/README.md: -------------------------------------------------------------------------------- 1 | ### Introduction 2 | 3 | This directory contains `auto-generate-controllers.sh` script along with template 4 | files that provide the content for creating github issues and pull requests using 5 | ack-bot. 6 | 7 | 8 | ### How to add new AWS service for controller auto generation 9 | To enable new services for auto generating controllers on new ACK code-generator 10 | release, 11 | 12 | 1. Make sure `ack-bot` is collaborator on `aws-controllers-k8s/$SERVICE-controller` 13 | repository. See ["Configure ack-bot access"](https://github.com/aws-controllers-k8s/test-infra/blob/main/docs/onboarding.md#1-configure-ack-bot-access) 14 | 2. Add the service name in `aws-controllers-k8s/test-infra/prow/jobs/jobs_config.yaml` 15 | 3. Execute `make build-prow-jobs` on `aws-controllers-k8s/test-infra` repository. 16 | 4. Create a PR for `test-infra` repository , get it merged. 17 | 5. Next time an ACK code-generator release happens, the service controller will 18 | be auto generated. 19 | 20 | ### Gotchas 21 | * `gh_issue_body_template.txt` & `gh_pr_body_template.txt` provide the body 22 | content for GitHub issue and PR creation from `auto-generate-controllers.sh` 23 | script. Mark down is supported from these files but be careful about the variable 24 | expansion since these files are evaluated in bash shell. 25 | > NOTE: Add backslash(\\) before back-tick(`) and '$' symbol to preserve them 26 | > inside GitHub issue/PR body. 27 | -------------------------------------------------------------------------------- /prow/agent-workflows/agents/pyproject.toml: -------------------------------------------------------------------------------- 1 | [build-system] 2 | requires = ["hatchling"] 3 | build-backend = "hatchling.build" 4 | 5 | [project] 6 | name = "ack-codegen-agent" 7 | version = "0.1.0" 8 | description = "AWS Controllers for Kubernetes (ACK) Code Generation Agent" 9 | readme = "README.md" 10 | requires-python = ">=3.10" 11 | license = {text = "Apache-2.0"} 12 | authors = [ 13 | {name = "Amazon Web Services", email = "aws-controllers-k8s@amazon.com"}, 14 | ] 15 | dependencies = [ 16 | "strands-agents>=0.1.3", 17 | "boto3>=1.28.0", 18 | "gitpython>=3.1.30", 19 | "pyyaml>=6.0", 20 | "requests>=2.28.0", 21 | "pydantic>=2.0.0", 22 | "pydantic-settings>=2.0.0", 23 | "rich>=14.0.0", 24 | "psutil>=7.0.0", 25 | "strands-agents-tools[mem0-memory]>=0.1.3", 26 | "mcp>=1.0.0", 27 | ] 28 | 29 | [project.optional-dependencies] 30 | dev = [ 31 | "black", 32 | "isort", 33 | "mypy", 34 | "pytest", 35 | "pytest-cov", 36 | ] 37 | 38 | [tool.hatch.build.targets.wheel] 39 | packages = ["ack_builder_agent"] 40 | 41 | [tool.hatch.metadata] 42 | allow-direct-references = true 43 | 44 | [tool.black] 45 | line-length = 100 46 | target-version = ["py310"] 47 | 48 | [tool.isort] 49 | profile = "black" 50 | line_length = 100 51 | 52 | [tool.mypy] 53 | python_version = "3.10" 54 | warn_return_any = true 55 | warn_unused_configs = true 56 | disallow_untyped_defs = true 57 | disallow_incomplete_defs = true 58 | -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/lifecycle_bot_periodic_rotten.tpl: -------------------------------------------------------------------------------- 1 | - name: periodic-rotten 2 | interval: 6h 3 | decorate: true 4 | annotations: 5 | description: Moves stale issues to rotten state after 30d of inactivity 6 | karpenter.sh/do-not-evict: "true" 7 | labels: 8 | preset-github-secrets: "true" 9 | agent: kubernetes 10 | spec: 11 | serviceAccountName: periodic-service-account 12 | containers: 13 | - image: gcr.io/k8s-prow/commenter:v20210422-d12e80af3e 14 | resources: 15 | limits: 16 | cpu: 1 17 | memory: "500Mi" 18 | requests: 19 | cpu: 1 20 | memory: "500Mi" 21 | command: 22 | - /app/robots/commenter/app.binary 23 | args: 24 | - --query=org:aws-controllers-k8s -label:lifecycle/frozen -label:lifecycle/rotten label:lifecycle/stale 25 | - --updated=1440h 26 | - --token=/etc/github/token 27 | - |- 28 | --comment=Stale issues rot after 60d of inactivity. 29 | Mark the issue as fresh with `/remove-lifecycle rotten`. 30 | Rotten issues close after an additional 60d of inactivity. 31 | If this issue is safe to close now please do so with `/close`. 32 | Provide feedback via https://github.com/aws-controllers-k8s/community. 33 | /lifecycle rotten 34 | - --template 35 | - --confirm 36 | - --ceiling=10 -------------------------------------------------------------------------------- /scripts/public-ecr.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eo pipefail 4 | 5 | THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 6 | 7 | ensure_repository() { 8 | local aws_service=$1 9 | local ecr_repos=("$aws_service-controller" "$aws_service-chart") 10 | local ecr_tpl_file_path="" 11 | 12 | for ecr_repo in "${ecr_repos[@]}"; do 13 | if (echo "$ecr_repo" | grep -q "controller"); then 14 | ecr_tpl_file_path="$THIS_DIR/ecr-templates/ecr-controller-template.json" 15 | else 16 | ecr_tpl_file_path="$THIS_DIR/ecr-templates/ecr-chart-template.json" 17 | fi 18 | 19 | export aws_service 20 | local catalog_data=$(envsubst < $ecr_tpl_file_path 2>&1) 21 | 22 | if ! (aws ecr-public describe-repositories --region us-east-1 --repository-names $ecr_repo >/dev/null 2>&1); then 23 | echo "ensure-ecr-repository.sh][INFO] $ecr_repo repository does not exist in Amazon ECR public repositories for AWS Controllers for Kubernetes (ACK), creating $ecr_repo public repository ..." 24 | aws ecr-public create-repository --region us-east-1 --repository-name $ecr_repo 1>/dev/null 25 | aws ecr-public put-repository-catalog-data --region us-east-1 --repository-name $ecr_repo --catalog-data "$catalog_data" 1>/dev/null 26 | fi 27 | done 28 | } 29 | 30 | ensure_binaries() { 31 | check_is_installed "aws" 32 | } 33 | 34 | ensure_binaries 35 | -------------------------------------------------------------------------------- /prow/jobs/templates/periodics/lifecycle_bot_periodic_stale.tpl: -------------------------------------------------------------------------------- 1 | - name: periodic-stale 2 | interval: 6h 3 | decorate: true 4 | annotations: 5 | description: Adds lifecycle/stale to issues after 90d of inactivity 6 | karpenter.sh/do-not-evict: "true" 7 | labels: 8 | preset-github-secrets: "true" 9 | agent: kubernetes 10 | spec: 11 | serviceAccountName: periodic-service-account 12 | containers: 13 | - image: gcr.io/k8s-prow/commenter:v20210422-d12e80af3e 14 | resources: 15 | limits: 16 | cpu: 1 17 | memory: "500Mi" 18 | requests: 19 | cpu: 1 20 | memory: "500Mi" 21 | command: 22 | - /app/robots/commenter/app.binary 23 | args: 24 | - --query=org:aws-controllers-k8s -label:lifecycle/frozen -label:lifecycle/rotten -label:lifecycle/stale 25 | - --updated=4320h 26 | - --token=/etc/github/token 27 | - |- 28 | --comment=Issues go stale after 180d of inactivity. 29 | Mark the issue as fresh with `/remove-lifecycle stale`. 30 | Stale issues rot after an additional 60d of inactivity and eventually close. 31 | If this issue is safe to close now please do so with `/close`. 32 | Provide feedback via https://github.com/aws-controllers-k8s/community. 33 | /lifecycle stale 34 | - --template 35 | - --confirm 36 | - --ceiling=10 -------------------------------------------------------------------------------- /prow/jobs/README.md: -------------------------------------------------------------------------------- 1 | This directory contains that autogenerated `jobs.yaml`, `labels.yaml` and utilities for the generation. 2 | 3 | `jobs.yaml` and `labels.yaml` are loaded into prow cluster as k8s config-map. 4 | This config map serves as source of truth for prow-job configuration. See `test-infra/flux` 5 | 6 | `jobs.yaml` consists of three sections: 7 | 8 | a) `periodics` : prow-jobs that run periodically 9 | 10 | b) `presubmits`: prow-jobs that run before the merge happens on git repository. Ex: PR creation 11 | 12 | c) `postsubmits`: prow-jobs that run after the code change is merged into git repository or a new release is created for git repository. 13 | 14 | `labels.yaml` consists of two sections: 15 | 16 | a) `default` global configuration to be applied to all repos 17 | 18 | b) `repos`: list of repos with specific configuration to be applied in addition to default 19 | 20 | ## How do I update jobs.yaml ? 21 | 22 | Please do NOT manually update jobs.yaml file. 23 | 24 | Update the corresponding Go template in prow/jobs/template path and then run `make prow-gen` 25 | from the test-infra repository root. 26 | 27 | You can either update the existing .tpl files or add new file which will be picked up and incorporated 28 | in autogenerated jobs.yaml 29 | 30 | ## How do I update labels.yaml 31 | 32 | Please do NOT manually update labels.yaml file. 33 | 34 | Update the Go template in prow/jobs/templates/config path and then run `make prow-gen` 35 | from the test-infra repository root. -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.deploy: -------------------------------------------------------------------------------- 1 | # Dockerfile for Prow CD postsubmit jobs 2 | FROM quay.io/containers/buildah:v1.33.2 3 | 4 | ARG GOPROXY=https://proxy.golang.org|direct 5 | ENV GOPROXY=${GOPROXY} 6 | 7 | ARG GO_VERSION=1.22.5 8 | ENV GO_VERSION=${GO_VERSION} 9 | 10 | ENV GOPATH=/home/prow/go \ 11 | GO111MODULE=on \ 12 | PATH=/home/prow/go/bin:/usr/local/go/bin:${PATH} 13 | 14 | RUN dnf -y install \ 15 | which \ 16 | git \ 17 | unzip \ 18 | openssl \ 19 | jq \ 20 | gettext \ 21 | findutils \ 22 | && curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \ 23 | && unzip awscliv2.zip \ 24 | && aws/install \ 25 | && export AWS_PAGER="" \ 26 | && curl -L -s https://github.com/mikefarah/yq/releases/download/v4.31.2/yq_linux_amd64 --output /usr/bin/yq \ 27 | && chmod +x /usr/bin/yq 28 | 29 | RUN echo "Installing Go ..." \ 30 | && export GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"\ 31 | && curl -fsSL "https://storage.googleapis.com/golang/${GO_TARBALL}" --output "${GO_TARBALL}" \ 32 | && tar xzf "${GO_TARBALL}" -C /usr/local \ 33 | && rm "${GO_TARBALL}"\ 34 | && mkdir -p "${GOPATH}/bin" 35 | 36 | RUN echo "Installing Helm ... " \ 37 | && export HELM_TARBALL="helm.tar.gz" \ 38 | && curl -fsSL https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz --output "${HELM_TARBALL}" \ 39 | && tar xzf "${HELM_TARBALL}" --strip-components 1 -C /usr/bin \ 40 | && rm "${HELM_TARBALL}" 41 | 42 | -------------------------------------------------------------------------------- /prow/plugins/agent-plugin/pkg/k8s/client.go: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package k8s 16 | 17 | import ( 18 | "context" 19 | 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | "k8s.io/apimachinery/pkg/runtime/schema" 22 | ) 23 | 24 | // Client defines the interface for Kubernetes operations 25 | type Client interface { 26 | // ProwJob operations 27 | SubmitProwJob(ctx context.Context, prowJob *ProwJob, namespace string) error 28 | } 29 | 30 | // GetProwJobGVR returns the GroupVersionResource for ProwJobs 31 | func GetProwJobGVR() schema.GroupVersionResource { 32 | return schema.GroupVersionResource{ 33 | Group: "prow.k8s.io", 34 | Version: "v1", 35 | Resource: "prowjobs", 36 | } 37 | } 38 | 39 | // GetCreateOptions returns standard metav1.CreateOptions 40 | func GetCreateOptions() metav1.CreateOptions { 41 | return metav1.CreateOptions{} 42 | } 43 | -------------------------------------------------------------------------------- /prow/jobs/images/deploy-docs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eo pipefail 4 | 5 | SCRIPT_NAME="deploy-docs.sh" 6 | 7 | if [ -z "${GITHUB_TOKEN}" ]; then 8 | >&2 echo "${SCRIPT_NAME}] GITHUB_TOKEN not specified. Required for pushing to GH pages." 9 | exit 1 10 | fi 11 | 12 | GITHUB_ACTOR="${GITHUB_ACTOR:-ack-bot}" 13 | GITHUB_SRC_GOPATH="${GOPATH}/src/github.com" 14 | DOCS_REPO_PATH="${GITHUB_SRC_GOPATH}/aws-controllers-k8s/docs" 15 | CONTROLLERS_DIR="${GITHUB_SRC_GOPATH}/aws-controllers-k8s" 16 | 17 | echo "${SCRIPT_NAME}] Starting website build and deploy..." 18 | echo "${SCRIPT_NAME}] Docs repo: ${DOCS_REPO_PATH}" 19 | echo "${SCRIPT_NAME}] Controllers dir: ${CONTROLLERS_DIR}" 20 | 21 | cd "${DOCS_REPO_PATH}" 22 | 23 | # Generate service data from controller repos 24 | echo "${SCRIPT_NAME}] Running make generate..." 25 | CONTROLLERS_DIR="${CONTROLLERS_DIR}" make generate 26 | 27 | # Build the Docusaurus site 28 | echo "${SCRIPT_NAME}] Running make build..." 29 | cd website 30 | npm install 31 | npm run build 32 | 33 | # Set up git for deploy 34 | echo "${SCRIPT_NAME}] Setting up git..." 35 | git remote add origin "https://github.com/aws-controllers-k8s/docs.git" 2>/dev/null || true 36 | git config --global user.name "${GITHUB_ACTOR}" 37 | git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com" 38 | 39 | # Deploy to GitHub Pages 40 | echo "${SCRIPT_NAME}] Deploying to GitHub Pages..." 41 | GIT_USER="${GITHUB_ACTOR}" GIT_PASS="${GITHUB_TOKEN}" npm run deploy 42 | 43 | echo "${SCRIPT_NAME}] Done!" 44 | -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.build-prow-images: -------------------------------------------------------------------------------- 1 | ARG GO_VERSION=1.22.5 2 | 3 | FROM public.ecr.aws/docker/library/golang:${GO_VERSION}-alpine AS builder 4 | 5 | RUN apk add --no-cache git 6 | 7 | WORKDIR /app 8 | 9 | ENV GOPROXY=direct 10 | COPY . . 11 | RUN go mod download 12 | 13 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ack-build-tools ./prow/jobs/tools/cmd 14 | 15 | FROM quay.io/containers/buildah:v1.37.0 16 | 17 | ARG GOPROXY=https://proxy.golang.org|direct 18 | ENV GOPROXY=${GOPROXY} 19 | 20 | ARG GO_VERSION=1.22.5 21 | ENV GO_VERSION=${GO_VERSION} 22 | 23 | ENV STORAGE_DRIVER=vfs 24 | 25 | ENV GOPATH=/home/prow/go \ 26 | GO111MODULE=on \ 27 | PATH=/home/prow/go/bin:/usr/local/go/bin:${PATH} 28 | 29 | RUN dnf -y install \ 30 | which \ 31 | git \ 32 | unzip \ 33 | openssl \ 34 | jq \ 35 | gettext \ 36 | findutils \ 37 | && curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \ 38 | && unzip awscliv2.zip \ 39 | && aws/install \ 40 | && export AWS_PAGER="" \ 41 | && curl -L -s https://github.com/mikefarah/yq/releases/download/v4.31.2/yq_linux_amd64 --output /usr/bin/yq \ 42 | && chmod +x /usr/bin/yq 43 | 44 | RUN echo "Installing Go ..." \ 45 | && export GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"\ 46 | && curl -fsSL "https://storage.googleapis.com/golang/${GO_TARBALL}" --output "${GO_TARBALL}" \ 47 | && tar xzf "${GO_TARBALL}" -C /usr/local \ 48 | && rm "${GO_TARBALL}"\ 49 | && mkdir -p "${GOPATH}/bin" 50 | 51 | COPY --from=builder /app/ack-build-tools /usr/local/bin 52 | -------------------------------------------------------------------------------- /src/acktest/bootstrapping/dynamodb.py: -------------------------------------------------------------------------------- 1 | import boto3 2 | 3 | from dataclasses import dataclass, field 4 | from typing import List 5 | 6 | from . import Bootstrappable 7 | from .. import resources 8 | 9 | @dataclass 10 | class Table(Bootstrappable): 11 | # Inputs 12 | name_prefix: str 13 | attribute_definitions: List[dict] 14 | key_schema: List[dict] 15 | stream_specification: dict 16 | provisioned_throughput: dict 17 | 18 | # Outputs 19 | name: str = field(init=False) 20 | latest_stream_arn: str = field(init=False) 21 | 22 | @property 23 | def dynamodb_client(self): 24 | return boto3.client("dynamodb", region_name=self.region) 25 | 26 | @property 27 | def dynamodb_resource(self): 28 | return boto3.resource("dynamodb", region_name=self.region) 29 | 30 | def bootstrap(self): 31 | """Creates a Dynamodb table with an auto-generated name. 32 | """ 33 | self.name = resources.random_suffix_name(self.name_prefix, 63) 34 | table = self.dynamodb_resource.create_table( 35 | TableName=self.name, 36 | KeySchema=self.key_schema, 37 | AttributeDefinitions=self.attribute_definitions, 38 | StreamSpecification=self.stream_specification, 39 | ProvisionedThroughput=self.provisioned_throughput, 40 | ) 41 | self.latest_stream_arn = table.latest_stream_arn 42 | 43 | def cleanup(self): 44 | """Deletes the dynamodb table. 45 | """ 46 | self.dynamodb_client.delete_table( 47 | TableName=self.name, 48 | ) -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/aws-controllers-k8s/test-infra 2 | 3 | go 1.22.5 4 | 5 | require ( 6 | github.com/aquasecurity/go-version v0.0.0-20240603093900-cf8a8d29271d 7 | github.com/aws/aws-sdk-go-v2 v1.30.3 8 | github.com/aws/aws-sdk-go-v2/config v1.27.27 9 | github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.25.3 10 | github.com/google/go-github/v63 v63.0.0 11 | github.com/spf13/cobra v1.8.1 12 | github.com/stretchr/testify v1.8.4 13 | gopkg.in/yaml.v3 v3.0.1 14 | ) 15 | 16 | require ( 17 | github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect 18 | github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect 19 | github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect 20 | github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect 21 | github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect 22 | github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect 23 | github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect 24 | github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect 25 | github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect 26 | github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect 27 | github.com/aws/smithy-go v1.20.3 // indirect 28 | github.com/davecgh/go-spew v1.1.1 // indirect 29 | github.com/google/go-querystring v1.1.0 // indirect 30 | github.com/inconshreveable/mousetrap v1.1.0 // indirect 31 | github.com/pmezard/go-difflib v1.0.0 // indirect 32 | github.com/spf13/pflag v1.0.5 // indirect 33 | golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect 34 | ) 35 | -------------------------------------------------------------------------------- /src/acktest/bootstrapping/secretsmanager.py: -------------------------------------------------------------------------------- 1 | import boto3 2 | 3 | from dataclasses import dataclass, field 4 | from typing import Union 5 | 6 | from .. import resources 7 | from . import Bootstrappable 8 | from .kms import Key 9 | 10 | 11 | @dataclass 12 | class Secret(Bootstrappable): 13 | # Inputs 14 | name_prefix: Union[str, None] = field(default=None) 15 | plain_text: str = field(default='{" ":" "}') 16 | 17 | # Subresources 18 | # There is no charge for customer managed KMS keys that are scheduled for deletion. 19 | # This is done in super.cleanup(). 20 | kms_key: Key = field(init=False, default=None) 21 | 22 | # Outputs 23 | name: str = field(init=False) 24 | arn: str = field(default="", init=False) 25 | 26 | def __post_init__(self): 27 | self.name = resources.random_suffix_name(self.name_prefix, 63) 28 | self.kms_key = Key() 29 | 30 | @property 31 | def secretsmanager_client(self): 32 | return boto3.client("secretsmanager", region_name=self.region) 33 | 34 | def bootstrap(self): 35 | """Creates a secret and all subresources.""" 36 | super().bootstrap() 37 | secret = self.secretsmanager_client.create_secret( 38 | Name=self.name, KmsKeyId=self.kms_key.id, SecretString=self.plain_text 39 | ) 40 | self.arn = secret["ARN"] 41 | 42 | def cleanup(self): 43 | """Schedules a secret for deletion and all subresources.""" 44 | self.secretsmanager_client.delete_secret( 45 | SecretId=self.arn, RecoveryWindowInDays=7 46 | ) 47 | super().cleanup() 48 | -------------------------------------------------------------------------------- /prow/plugins/images/Dockerfile.agent-plugin: -------------------------------------------------------------------------------- 1 | # Build stage 2 | ARG GO_VERSION=1.24.5 3 | 4 | FROM public.ecr.aws/docker/library/golang:${GO_VERSION}-alpine AS builder 5 | 6 | # Install git for direct downloads 7 | RUN apk add --no-cache git 8 | 9 | WORKDIR /app 10 | 11 | # Copy go mod files 12 | COPY go.mod go.sum ./ 13 | ENV GOPROXY=direct 14 | RUN go mod download 15 | 16 | # Copy source code 17 | COPY . . 18 | 19 | # Build binary 20 | RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o webhook-server ./cmd/webhook-server 21 | 22 | # Runtime stage 23 | FROM alpine:3.19 24 | 25 | # Install ca-certificates for HTTPS requests 26 | RUN apk --no-cache add ca-certificates 27 | 28 | # Create non-root user and group 29 | RUN addgroup -S appgroup && adduser -S appuser -G appgroup -u 1000 30 | 31 | # Create app directory with proper permissions 32 | WORKDIR /app 33 | 34 | # Copy binary from builder stage 35 | COPY --from=builder /app/webhook-server . 36 | 37 | # Copy default config 38 | COPY config/workflows.yaml /etc/workflows/workflows.yaml 39 | 40 | # Create directories for secrets with proper permissions 41 | RUN mkdir -p /etc/github /etc/webhook && \ 42 | ls -la /app/webhook-server && \ 43 | chown -R appuser:appgroup /etc/github /etc/webhook /etc/workflows /app && \ 44 | chmod 755 /app/webhook-server 45 | 46 | # Expose port 47 | EXPOSE 8080 48 | 49 | # Health check 50 | HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ 51 | CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1 52 | 53 | # Switch to non-root user 54 | USER appuser 55 | 56 | CMD ["./webhook-server"] -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.auto-update-controllers: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim AS base 2 | 3 | ARG GOPROXY=https://proxy.golang.org|direct 4 | ENV GOPROXY=${GOPROXY} 5 | 6 | ARG GO_VERSION=1.22.5 7 | ENV GO_VERSION=${GO_VERSION} 8 | 9 | ENV GOPATH=/home/prow/go \ 10 | GO111MODULE=on \ 11 | PATH=/home/prow/go/bin:/usr/local/go/bin:${PATH} 12 | 13 | RUN echo "Installing packages ..." \ 14 | && apt-get update \ 15 | && apt-get install -y --no-install-recommends\ 16 | build-essential \ 17 | ca-certificates \ 18 | make \ 19 | curl \ 20 | git \ 21 | gnupg2 \ 22 | software-properties-common \ 23 | lsb-release \ 24 | wget \ 25 | jq \ 26 | uuid-runtime \ 27 | apt-transport-https \ 28 | unzip \ 29 | gawk 30 | 31 | RUN echo "Installing Go ..." \ 32 | && export GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"\ 33 | && curl -fsSL "https://storage.googleapis.com/golang/${GO_TARBALL}" --output "${GO_TARBALL}" \ 34 | && tar xzf "${GO_TARBALL}" -C /usr/local \ 35 | && rm "${GO_TARBALL}"\ 36 | && mkdir -p "${GOPATH}/bin" 37 | 38 | RUN echo "Installing GitHub cli ..." \ 39 | && curl -fsSL "https://cli.github.com/packages/githubcli-archive-keyring.gpg" | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg \ 40 | && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ 41 | && apt-get update \ 42 | && apt-get install -y --no-install-recommends gh 43 | -------------------------------------------------------------------------------- /prow/jobs/tools/cmd/command/upgrade_eks_distro_version_helper.go: -------------------------------------------------------------------------------- 1 | package command 2 | 3 | import ( 4 | "regexp" 5 | "strings" 6 | ) 7 | 8 | const ( 9 | updateEksDistroPRSubject = "Update to eks-distro %s" 10 | updateEksDistroPRCommitBranch = "eks-distro-update-%s" 11 | updateEksDistroPRDescription = "Update eks-distro from %s to %s " 12 | 13 | // `Comma-separated list of files to commit and their location. 14 | // The local file is separated by its target location by a semi-colon. 15 | // If the file should be in the same location with the same name, you can just put the file name and omit the repetition. 16 | // Example: README.md,main.go:prow/jobs/tools/cmd/main.go` 17 | updateEksDistroSourceFiles = "build_config.yaml" 18 | ) 19 | 20 | // When comparing EKS-distro versions we are assuming their values 21 | // mean the following 22 | // YYYY-MM-DD-TTMMSS000.2 23 | // This format of date can be compared using string comparison 24 | // In the future if the meaning or the standard of the version 25 | // changes, we need to change this function to reflect 26 | // the comparison of eks-distro version 27 | func eksDistroVersionIsGreaterThan(v1 string, v2 string) bool { 28 | return v1 > v2 29 | } 30 | 31 | func findHighestEcrEksDistroVersion(tags []string) (string, error) { 32 | 33 | regex := regexp.MustCompile(`[a-z]`) 34 | max := "2000-08-13-1723575672.2" 35 | 36 | for _, tag := range tags { 37 | temp := strings.Split(tag, ".") 38 | if regex.MatchString(tag) || len(temp) != 2 || temp[1] != "2" { 39 | continue 40 | } 41 | if eksDistroVersionIsGreaterThan(tag, max) { 42 | max = tag 43 | } 44 | } 45 | 46 | return max, nil 47 | } 48 | -------------------------------------------------------------------------------- /src/acktest/bootstrapping/sns.py: -------------------------------------------------------------------------------- 1 | import boto3 2 | 3 | from dataclasses import dataclass, field 4 | 5 | from . import Bootstrappable 6 | from .. import resources 7 | 8 | @dataclass 9 | class Topic(Bootstrappable): 10 | # Inputs 11 | name_prefix: str 12 | policy: str = "" 13 | policy_vars: dict = field(default_factory=dict) 14 | 15 | # Outputs 16 | name: str = field(init=False) 17 | arn: str = field(init=False) 18 | 19 | def __post_init__(self): 20 | self.name = resources.random_suffix_name(self.name_prefix, 63) 21 | 22 | @property 23 | def sns_client(self): 24 | return boto3.client("sns", region_name=self.region) 25 | 26 | @property 27 | def sns_resource(self): 28 | return boto3.resource("sns", region_name=self.region) 29 | 30 | def bootstrap(self): 31 | """Creates an SNS topic with an auto-generated name. 32 | """ 33 | create_attributes = {} 34 | 35 | if self.policy != "": 36 | self.policy_vars.update({ 37 | "$NAME": self.name, 38 | "$ACCOUNT_ID": self.account_id, 39 | "$REGION": self.region, 40 | }) 41 | 42 | for key, value in self.policy_vars.items(): 43 | self.policy = self.policy.replace(key, value) 44 | 45 | create_attributes["Policy"] = self.policy 46 | 47 | topic = self.sns_client.create_topic( 48 | Name=self.name, 49 | Attributes=create_attributes 50 | ) 51 | self.arn = topic["TopicArn"] 52 | 53 | def cleanup(self): 54 | """Deletes an SNS topic. 55 | """ 56 | self.sns_client.delete_topic(TopicArn=self.arn) 57 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AWS Controllers for Kubernetes Test Infrastructure 2 | 3 | This repository contains a framework for functional integration (e2e) testing 4 | of AWS Controllers for Kubernetes (ACK) service controllers. 5 | 6 | Please [log issues][ack-issues] and feedback on the main AWS Controllers for 7 | Kubernetes Github project. 8 | 9 | [ack-issues]: https://github.com/aws-controllers-k8s/community/issues 10 | 11 | Get started by [setting up your local development environment][setup] for ACK 12 | `test-infra`. 13 | 14 | [setup]: /docs/setup.md 15 | 16 | ## Getting Started 17 | 18 | To provide re-usable common functionality to each service's integration test 19 | suite, we provide the `acktest` Python module. This module contains 20 | methods and classes for accessing aws and k8s resources, and for bootstrapping 21 | common test prerequisites. 22 | 23 | The common test module can be installed using `pip` through using the following 24 | command: 25 | ```bash 26 | pip install git+https://github.com/aws-controllers-k8s/test-infra.git@main 27 | ``` 28 | 29 | Once installed, methods and classes are accessed by referencing the 30 | `acktest`: 31 | ```python 32 | import acktest 33 | ``` 34 | 35 | ## Contributing 36 | 37 | We welcome community contributions and pull requests. 38 | 39 | See our [contribution guide](/CONTRIBUTING.md) for more information on how to 40 | report issues, set up a development environment, and submit code. 41 | 42 | We adhere to the [Amazon Open Source Code of Conduct][coc]. 43 | 44 | You can also learn more about our [Governance](/GOVERNANCE.md) structure. 45 | 46 | [coc]: https://aws.github.io/code-of-conduct 47 | 48 | ## License 49 | 50 | This project is [licensed](/LICENSE) under the Apache-2.0 License. 51 | -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.unit-test: -------------------------------------------------------------------------------- 1 | # Common Dockerfile for unit and integration test 2 | FROM debian:bookworm-slim 3 | 4 | ARG GOPROXY=https://proxy.golang.org|direct 5 | ENV GOPROXY=${GOPROXY} 6 | 7 | ARG GO_VERSION=1.22.5 8 | ENV GO_VERSION=${GO_VERSION} 9 | 10 | ENV GOPATH=/home/prow/go \ 11 | GO111MODULE=on \ 12 | PATH=/home/prow/go/bin:/usr/local/go/bin:${PATH} 13 | 14 | RUN echo "Installing packages ..." \ 15 | && apt-get update \ 16 | && apt-get install -y --no-install-recommends\ 17 | build-essential \ 18 | ca-certificates \ 19 | make \ 20 | curl \ 21 | git \ 22 | gnupg2 \ 23 | software-properties-common \ 24 | lsb-release \ 25 | wget \ 26 | jq \ 27 | uuid-runtime \ 28 | apt-transport-https \ 29 | unzip 30 | 31 | RUN echo "Installing yq ..." \ 32 | && export BINARY=yq_linux_amd64 \ 33 | && export VERSION=v4.25.3 \ 34 | && wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\ 35 | tar xz \ 36 | && mv ${BINARY} /usr/bin/yq 37 | 38 | RUN echo "Installing Go ..." \ 39 | && export GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"\ 40 | && curl -fsSL "https://storage.googleapis.com/golang/${GO_TARBALL}" --output "${GO_TARBALL}" \ 41 | && tar xzf "${GO_TARBALL}" -C /usr/local \ 42 | && rm "${GO_TARBALL}"\ 43 | && mkdir -p "${GOPATH}/bin" 44 | 45 | RUN curl -fsSL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \ 46 | && unzip awscliv2.zip \ 47 | && aws/install \ 48 | && export AWS_PAGER="" 49 | 50 | COPY wrapper.sh /usr/bin/wrapper.sh 51 | 52 | ENTRYPOINT ["wrapper.sh"] 53 | VOLUME ["/var/lib/docker"] 54 | -------------------------------------------------------------------------------- /scripts/Dockerfile.pytest-image: -------------------------------------------------------------------------------- 1 | FROM python:3.11-alpine 2 | 3 | # Persist build arguments into environment variables 4 | ARG AWS_SERVICE 5 | ENV AWS_SERVICE ${AWS_SERVICE} 6 | 7 | # Path to the service e2e test directory in the build context 8 | ARG CONTROLLER_E2E_PATH=./${AWS_SERVICE}-controller/test/e2e 9 | 10 | # Path to the test-infra directory in the build context 11 | ARG TEST_INFRA_PATH=./test-infra 12 | ARG LOCAL_ACKTEST_LIBRARY 13 | 14 | # Destination path for the test config YAML 15 | ARG TEST_CONFIG_PATH=/root/test-config.yaml 16 | ENV TEST_CONFIG_PATH ${TEST_CONFIG_PATH} 17 | 18 | # Mirror the e2e directory structure as the controller 19 | WORKDIR /${AWS_SERVICE}-controller/tests/e2e 20 | ENV PYTHONPATH=/${AWS_SERVICE}-controller/tests/e2e 21 | 22 | RUN apk add --no-cache git bash gcc libc-dev 23 | RUN if [[ "$AWS_SERVICE" = "acm" ]]; then \ 24 | apk add libffi-dev; \ 25 | fi 26 | 27 | 28 | 29 | RUN wget https://github.com/mikefarah/yq/releases/download/v4.26.1/yq_linux_amd64.tar.gz -O - |\ 30 | tar xz && mv yq_linux_amd64 /usr/bin/yq 31 | 32 | # Install python dependencies 33 | COPY ${CONTROLLER_E2E_PATH}/requirements.txt . 34 | 35 | COPY ${TEST_INFRA_PATH}/ acktest 36 | 37 | RUN if [[ "$LOCAL_ACKTEST_LIBRARY" = "true" ]]; then \ 38 | echo "./acktest" > requirements.txt; \ 39 | fi 40 | 41 | # Install python dependencies 42 | RUN pip install -r requirements.txt 43 | 44 | COPY ${CONTROLLER_E2E_PATH} . 45 | RUN mkdir -p $HOME/.kube 46 | 47 | # Copy the runner script 48 | COPY ${TEST_INFRA_PATH}/scripts/pytest-local-runner.sh . 49 | COPY ${TEST_INFRA_PATH}/scripts/lib/* ./lib/ 50 | 51 | # Run the tests 52 | ENTRYPOINT ["/bin/bash"] 53 | CMD ["-c", "source ./pytest-local-runner.sh && bootstrap_and_run"] 54 | -------------------------------------------------------------------------------- /prow/config/templates/plugins-ConfigMap.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: v1 16 | kind: ConfigMap 17 | metadata: 18 | name: plugins 19 | data: 20 | plugins.yaml: | 21 | triggers: 22 | - repos: 23 | - {{ .Values.github.organisation }} 24 | 25 | approve: 26 | - repos: 27 | - {{ .Values.github.organisation }} 28 | require_self_approval: false 29 | lgtm_acts_as_approve: true 30 | 31 | size: 32 | s: 10 33 | m: 30 34 | l: 100 35 | xl: 500 36 | xxl: 1000 37 | 38 | plugins: 39 | {{ .Values.github.organisation }}: 40 | plugins: 41 | - approve 42 | - assign 43 | - blunderbuss 44 | - help 45 | - hold 46 | - label 47 | - lgtm 48 | - lifecycle 49 | - trigger 50 | - verify-owners 51 | - wip 52 | external_plugins: 53 | {{ .Values.github.organisation }}: 54 | - name: agent-plugin 55 | endpoint: http://agent-plugin.prow:8080/tamer 56 | events: 57 | - issue_comment 58 | - issues 59 | 60 | -------------------------------------------------------------------------------- /src/acktest/bootstrapping/signer.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | import boto3 15 | 16 | from dataclasses import dataclass, field 17 | 18 | from . import Bootstrappable 19 | from .. import resources 20 | 21 | @dataclass 22 | class SigningProfile(Bootstrappable): 23 | # Inputs 24 | name_prefix: str 25 | signing_platform_id: str 26 | 27 | # Outputs 28 | signing_profile_arn: str = field(init=False) 29 | 30 | @property 31 | def signer_client(self): 32 | return boto3.client("signer", region_name=self.region) 33 | 34 | def bootstrap(self): 35 | """Creates a Signing profile with a generated name 36 | """ 37 | self.name = resources.random_suffix_name(self.name_prefix, 32, delimiter="_") 38 | signing_profile = self.signer_client.put_signing_profile( 39 | profileName=self.name, 40 | platformId=self.signing_platform_id, 41 | ) 42 | self.signing_profile_arn = signing_profile['profileVersionArn'] 43 | 44 | def cleanup(self): 45 | """Cancels the signing profile. 46 | """ 47 | self.signer_client.cancel_signing_profile( 48 | profileName=self.name, 49 | ) -------------------------------------------------------------------------------- /prow/config/templates/sinker-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: "sinker" 19 | rules: 20 | - apiGroups: 21 | - "prow.k8s.io" 22 | resources: 23 | - prowjobs 24 | verbs: 25 | - delete 26 | - list 27 | - watch 28 | - get 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - configmaps 33 | resourceNames: 34 | - prow-sinker-leaderlock 35 | verbs: 36 | - get 37 | - update 38 | - apiGroups: 39 | - "" 40 | resources: 41 | - configmaps 42 | - events 43 | verbs: 44 | - create 45 | - apiGroups: 46 | - "" 47 | resources: 48 | - pods 49 | verbs: 50 | - list 51 | - watch 52 | - get 53 | - apiGroups: 54 | - coordination.k8s.io 55 | resources: 56 | - leases 57 | verbs: 58 | - create 59 | - apiGroups: 60 | - coordination.k8s.io 61 | resources: 62 | - leases 63 | resourceNames: 64 | - prow-sinker-leaderlock 65 | verbs: 66 | - get 67 | - update 68 | -------------------------------------------------------------------------------- /docs/setup.md: -------------------------------------------------------------------------------- 1 | # ACK `test-infra` dev env setup 2 | 3 | This document will walk you through setting up your ACK test-infra development 4 | environment. 5 | 6 | ## Pre-requisites 7 | 8 | We will use `pipx` to install some Python3 CLI tools that make it easy for us 9 | to do isolated development on our local machines without requiring root 10 | privileges or installing software outside the local user context. 11 | 12 | Install and configure `pipx` like so: 13 | 14 | ```bash 15 | python3 -m pip install --user pipx 16 | python3 -m pipx ensurepath 17 | ``` 18 | 19 | Install the `pipenv` tool for creating Python3 virtual environments: 20 | 21 | ```bash 22 | pipx install pipenv 23 | ``` 24 | 25 | Install the `flake8`, `black` and `isort` code formatter and Python import 26 | sorter utilities: 27 | 28 | ```bash 29 | pipenv install black isort --pre 30 | ``` 31 | 32 | Install the module requirements: 33 | 34 | ```bash 35 | pipenv install -r requirements.txt 36 | ``` 37 | 38 | ## Installing locally for service controllers 39 | 40 | Each of the service controllers' integration test suites references a version of 41 | `test-infra` from the git repository, directly. It is possible to require that 42 | the integration tests directly reference the local copy of `test-infra`. 43 | 44 | From within the `SERVICE-controller/test/e2e/` directory (and within its 45 | respective Python environment!), first uninstall the current version of the 46 | common test module: 47 | ```bash 48 | pip uninstall acktest 49 | ``` 50 | 51 | Now install it, linking it as editable, from the source directory: 52 | ```bash 53 | pip install -e $GOPATH/src/github.com/aws-controllers-k8s/test-infra 54 | ``` 55 | 56 | Verify it was linked correctly by checking the `pip list` listing: 57 | ```bash 58 | pip list | grep aws-controllers-k8s 59 | ``` 60 | -------------------------------------------------------------------------------- /prow/config/templates/ing-Ingress.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # The order of the paths within `spec.rules.http.paths` sets the precedence for 16 | # the endpoints. That is, incoming requests will attempt to match paths in the 17 | # order that they are defined. 18 | 19 | {{ if .Values.ingress.create }} 20 | apiVersion: networking.k8s.io/v1 21 | kind: Ingress 22 | metadata: 23 | annotations: 24 | {{ toYaml .Values.ingress.annotations| indent 4 }} 25 | name: prow 26 | spec: 27 | rules: 28 | - host: {{ .Values.prow.domain }} 29 | http: 30 | paths: 31 | - path: /hook 32 | pathType: ImplementationSpecific 33 | backend: 34 | service: 35 | name: hook 36 | port: 37 | number: 8888 38 | - path: /metrics 39 | pathType: ImplementationSpecific 40 | backend: 41 | service: 42 | name: pushgateway-external 43 | port: 44 | number: 80 45 | - path: /* 46 | pathType: ImplementationSpecific 47 | backend: 48 | service: 49 | name: deck 50 | port: 51 | number: 80 52 | {{ end }} 53 | -------------------------------------------------------------------------------- /src/acktest/bootstrapping/cognito_identity.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | import boto3 15 | 16 | from dataclasses import dataclass, field 17 | 18 | from . import Bootstrappable 19 | from .. import resources 20 | 21 | 22 | @dataclass 23 | class UserPool(Bootstrappable): 24 | """Represents a Cognito User Pool bootstrapped resource.""" 25 | # Inputs 26 | name_prefix: str 27 | 28 | # Outputs 29 | name: str = field(init=False) 30 | user_pool_id: str = field(init=False) 31 | user_pool_arn: str = field(init=False) 32 | 33 | def __post_init__(self): 34 | self.name = resources.random_suffix_name(self.name_prefix, 63) 35 | 36 | @property 37 | def cognito_idp_client(self): 38 | return boto3.client("cognito-idp", region_name=self.region) 39 | 40 | def bootstrap(self): 41 | """Creates a Cognito User Pool with an auto-generated name.""" 42 | resp = self.cognito_idp_client.create_user_pool(PoolName=self.name) 43 | self.user_pool_id = resp["UserPool"]["Id"] 44 | self.user_pool_arn = resp["UserPool"]["Arn"] 45 | 46 | def cleanup(self): 47 | """Deletes the Cognito User Pool.""" 48 | self.cognito_idp_client.delete_user_pool(UserPoolId=self.user_pool_id) 49 | -------------------------------------------------------------------------------- /prow/jobs/images/Dockerfile.soak-test: -------------------------------------------------------------------------------- 1 | # Dockerfile for soak testing 2 | FROM quay.io/containers/buildah:v1.33.2 3 | 4 | ARG GOPROXY=https://proxy.golang.org|direct 5 | ENV GOPROXY=${GOPROXY} 6 | 7 | ARG GO_VERSION=1.22.5 8 | ENV GO_VERSION=${GO_VERSION} 9 | 10 | ENV GOPATH=/home/prow/go \ 11 | GO111MODULE=on \ 12 | PATH=/home/prow/go/bin:/usr/local/go/bin:${PATH} 13 | 14 | RUN dnf -y install \ 15 | which \ 16 | git \ 17 | unzip \ 18 | openssl \ 19 | jq \ 20 | gettext \ 21 | findutils \ 22 | && curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \ 23 | && unzip awscliv2.zip \ 24 | && aws/install \ 25 | && export AWS_PAGER="" \ 26 | && curl -L -s https://github.com/mikefarah/yq/releases/download/v4.31.2/yq_linux_amd64 --output /usr/bin/yq \ 27 | && chmod +x /usr/bin/yq 28 | 29 | RUN echo "Installing Go ..." \ 30 | && export GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"\ 31 | && curl -fsSL "https://storage.googleapis.com/golang/${GO_TARBALL}" --output "${GO_TARBALL}" \ 32 | && tar xzf "${GO_TARBALL}" -C /usr/local \ 33 | && rm "${GO_TARBALL}"\ 34 | && mkdir -p "${GOPATH}/bin" 35 | 36 | RUN echo "Installing Helm ... " \ 37 | && export HELM_TARBALL="helm.tar.gz" \ 38 | && curl -fsSL https://get.helm.sh/helm-v3.11.1-linux-amd64.tar.gz --output "${HELM_TARBALL}" \ 39 | && tar xzf "${HELM_TARBALL}" --strip-components 1 -C /usr/bin \ 40 | && rm "${HELM_TARBALL}" 41 | 42 | RUN dnf -y install jq\ 43 | && curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \ 44 | && install -o root -g root -m 0755 kubectl /usr/bin/kubectl \ 45 | && curl -L -s https://github.com/mikefarah/yq/releases/download/v4.31.2/yq_linux_amd64 --output /usr/bin/yq \ 46 | && chmod +x /usr/bin/yq -------------------------------------------------------------------------------- /scripts/lib/logging.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # logging.sh contains functions for writing log messages to the console for 4 | # three different severities: debug, info and error. 5 | 6 | # Prints out a message with an optional second argument indicating the 7 | # "indentation level" for the message. If the indentation level argument is 8 | # missing, we look for the existence of an environs variable called 9 | # "indent_level" and use that. 10 | _indented_msg() { 11 | local __msg=${1:-} 12 | local __indent_level=${2:-} 13 | local indent="" 14 | if [ -n "$__indent_level" ]; then 15 | indent="$( for each in $( seq 0 $__indent_level ); do printf " "; done )" 16 | fi 17 | 18 | local timestamp=$(date +"%Y-%m-%dT%H:%M:%S") 19 | 20 | echo "$timestamp $__indent$__msg" 21 | } 22 | 23 | # debug_msg prints out a supplied message if the ACK_TEST_DEBUGGING_MODE environ 24 | # variable is set. 25 | debug_msg() { 26 | local __debug="${ACK_TEST_DEBUGGING_MODE:-""}" 27 | if [ ! -n "$__debug" ]; then 28 | return 0 29 | fi 30 | 31 | local __msg=${1:-} 32 | local __indent=${2:-} 33 | local __debug_prefix="${DEBUG_PREFIX:-"[DEBUG] "}" 34 | _indented_msg "$__debug_prefix$__msg" $__indent 35 | } 36 | 37 | # info_msg prints out a supplied message if the DEBUG environs variable is 38 | # set. 39 | info_msg() { 40 | local __msg=${1:-} 41 | local __indent=${2:-} 42 | local __info_prefix="${INFO_PREFIX:-"[INFO] "}" 43 | _indented_msg "$__info_prefix$__msg" $__indent 44 | } 45 | 46 | # debug_msg prints out a supplied message if the DEBUG environs variable is 47 | # set. 48 | error_msg() { 49 | local __msg=${1:-} 50 | local __indent=${2:-} 51 | local __error_prefix="${ERROR_PREFIX:-"[ERROR] "}" 52 | >&2 _indented_msg "$__error_prefix$__msg" $__indent 53 | } 54 | -------------------------------------------------------------------------------- /prow/config/templates/prow-controller-manager-Role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | kind: Role 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | metadata: 18 | name: prow-controller-manager 19 | rules: 20 | - apiGroups: 21 | - "prow.k8s.io" 22 | resources: 23 | - prowjobs 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | - update 29 | - patch 30 | - apiGroups: 31 | - "" 32 | resources: 33 | - configmaps 34 | resourceNames: 35 | - prow-controller-manager-leader-lock 36 | verbs: 37 | - get 38 | - update 39 | - apiGroups: 40 | - "" 41 | resources: 42 | - configmaps 43 | - events 44 | verbs: 45 | - create 46 | - apiGroups: 47 | - "" 48 | resources: 49 | - pods 50 | verbs: 51 | - get 52 | - list 53 | - watch 54 | - apiGroups: 55 | - coordination.k8s.io 56 | resources: 57 | - leases 58 | verbs: 59 | - create 60 | - apiGroups: 61 | - coordination.k8s.io 62 | resources: 63 | - leases 64 | resourceNames: 65 | - prow-controller-manager-leader-lock 66 | verbs: 67 | - get 68 | - update 69 | -------------------------------------------------------------------------------- /src/acktest/bootstrapping/route53.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | import boto3 15 | 16 | from dataclasses import dataclass, field 17 | 18 | from . import Bootstrappable 19 | from .. import resources 20 | 21 | @dataclass 22 | class HealthCheck(Bootstrappable): 23 | # Inputs 24 | caller_reference_prefix: str 25 | health_check_config: dict 26 | 27 | # Outputs 28 | id: str = field(init=False) 29 | location: str = field(init=False) 30 | 31 | @property 32 | def route53_client(self): 33 | return boto3.client("route53", region_name=self.region) 34 | 35 | def bootstrap(self): 36 | """Creates a Route53 HealthCheck. 37 | """ 38 | self.caller_reference = resources.random_suffix_name(self.caller_reference_prefix, 63) 39 | health_check = self.route53_client.create_health_check( 40 | CallerReference=self.caller_reference, 41 | HealthCheckConfig=self.health_check_config, 42 | ) 43 | self.location = health_check["Location"] 44 | self.id = health_check["HealthCheck"]["Id"] 45 | 46 | def cleanup(self): 47 | """Deletes a Route53 HealthCheck 48 | """ 49 | self.route53_client.delete_health_check( 50 | HealthCheckId=self.id, 51 | ) 52 | -------------------------------------------------------------------------------- /prow/jobs/templates/presubmits/pkg_tests.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/pkg: 2 | - name: unit-test 3 | decorate: true 4 | optional: false 5 | always_run: true 6 | annotations: 7 | karpenter.sh/do-not-evict: "true" 8 | spec: 9 | serviceAccountName: pre-submit-service-account 10 | containers: 11 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "unit-test") }} 12 | resources: 13 | limits: 14 | cpu: 1 15 | memory: "1536Mi" 16 | requests: 17 | cpu: 1 18 | memory: "1536Mi" 19 | command: ["make", "test"] 20 | 21 | - name: verify-attribution 22 | # We probably want to uncomment the following line once we have the attribution 23 | # files verified for all the controlelrs 24 | # run_if_changed: "go.mod" 25 | always_run: true 26 | decorate: true 27 | optional: true 28 | annotations: 29 | karpenter.sh/do-not-evict: "true" 30 | extra_refs: 31 | - org: aws-controllers-k8s 32 | repo: test-infra 33 | base_ref: main 34 | workdir: true 35 | spec: 36 | serviceAccountName: pre-submit-service-account 37 | containers: 38 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "verify-attribution") }} 39 | resources: 40 | limits: 41 | cpu: 1000m 42 | memory: "512Mi" 43 | requests: 44 | cpu: 250m 45 | memory: "512Mi" 46 | securityContext: 47 | runAsUser: 0 48 | env: 49 | - name: REPOSITORY_NAME 50 | value: pkg 51 | - name: OUTPUT_PATH 52 | value: "/tmp/generated_attribution.md" 53 | - name: DEBUG 54 | value: "true" 55 | command: 56 | - "/bin/bash" 57 | - "-c" 58 | - "./cd/scripts/verify-attribution.sh" -------------------------------------------------------------------------------- /src/acktest/bootstrapping/cloudwatch.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | # not use this file except in compliance with the License. A copy of the 5 | # License is located at 6 | # 7 | # http://aws.amazon.com/apache2.0/ 8 | # 9 | # or in the "license" file accompanying this file. This file is distributed 10 | # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | # express or implied. See the License for the specific language governing 12 | # permissions and limitations under the License. 13 | 14 | import boto3 15 | 16 | from dataclasses import dataclass, field 17 | 18 | from . import Bootstrappable 19 | from .. import resources 20 | 21 | @dataclass 22 | class LogGroup(Bootstrappable): 23 | # Inputs 24 | name_prefix: str 25 | 26 | # Outputs 27 | name: str = field(init=False) 28 | arn: str = field(init=False) 29 | 30 | def __post_init__(self): 31 | self.name = resources.random_suffix_name(self.name_prefix, 63) 32 | 33 | @property 34 | def logs_client(self): 35 | return boto3.client("logs", region_name=self.region) 36 | 37 | @property 38 | def logs_resource(self): 39 | return boto3.resource("logs", region_name=self.region) 40 | 41 | def bootstrap(self): 42 | """Creates a CW Log group with an auto-generated name. 43 | """ 44 | log_group = self.logs_client.create_log_group( 45 | logGroupName=self.name, 46 | ) 47 | 48 | response = self.logs_client.describe_log_groups( 49 | logGroupNamePrefix=self.name, 50 | ) 51 | 52 | self.arn = response["logGroups"][0]["arn"] 53 | 54 | def cleanup(self): 55 | """Deletes a CW Log group. 56 | """ 57 | self.logs_client.delete_log_group(logGroupName=self.name) 58 | 59 | -------------------------------------------------------------------------------- /prow/jobs/images/build-docs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eo pipefail 4 | 5 | if [ -z "${GITHUB_TOKEN}" ]; then 6 | >&2 echo "build-docs.sh] GITHUB_TOKEN not specified. Required for pushing to GH pages." 7 | exit 1 8 | fi 9 | 10 | if [ -z "${GITHUB_ACTOR}" ]; then 11 | echo "build-docs.sh] GITHUB_ACTOR not specified. Defaulting to 'ack-bot'" 12 | GITHUB_ACTOR="ack-bot" 13 | fi 14 | 15 | GITHUB_SRC_GOPATH="${GOPATH}/src/github.com/" 16 | COMMUNITY_REPO="${COMMUNITY_REPO:-"aws-controllers-k8s/community"}" 17 | 18 | DEFAULT_COMMUNITY_PATH="${GITHUB_SRC_GOPATH}${COMMUNITY_REPO}" 19 | COMMUNITY_PATH="${COMMUNITY_PATH:-$DEFAULT_COMMUNITY_PATH}" 20 | DOCS_PATH="${COMMUNITY_PATH}/docs" 21 | GEN_SERVICES_FLAGS="${GEN_SERVICES_FLAGS:-"--debug"}" 22 | 23 | # Generate new reference sources 24 | 25 | pushd $DOCS_PATH 1> /dev/null 26 | 27 | echo "build-docs.sh] 📝 Installing requirements file... " 28 | pip install -r requirements.txt 29 | 30 | echo -n "build-docs.sh] 📄 Generating services page... " 31 | python3 ./scripts/gen_services.py ${GEN_SERVICES_FLAGS} 32 | echo "Done!" 33 | 34 | echo -n "build-docs.sh] 📄 Generating reference files... " 35 | python3 ./scripts/gen_reference.py 36 | echo "Done!" 37 | 38 | echo "build-docs.sh] 🛠️ Building the Hugo site... " 39 | npm install 40 | npm run postinstall 41 | npm run build 42 | echo "Done!" 43 | 44 | remote_repo="https://x-access-token:${GITHUB_TOKEN}@${GITHUB_DOMAIN:-"github.com"}/${COMMUNITY_REPO}.git" 45 | 46 | user_email="${GITHUB_ACTOR}@users.noreply.${GITHUB_DOMAIN:-"github.com"}" 47 | if [ -n "${GITHUB_EMAIL_ID}" ]; then 48 | user_email="${GITHUB_EMAIL_ID}+${user_email}" 49 | fi 50 | 51 | echo "build-docs.sh] 📨 Deploying to Github pages... " 52 | short_sha=$(git rev-parse --short HEAD) 53 | ./node_modules/.bin/gh-pages --dist "public" \ 54 | -u "${GITHUB_ACTOR} <${user_email}>" -r "${remote_repo}" \ 55 | -m "Deployed ${short_sha}" 56 | echo "Done!" 57 | 58 | popd 1> /dev/null -------------------------------------------------------------------------------- /prow/jobs/templates/presubmits/test_infra_tests.tpl: -------------------------------------------------------------------------------- 1 | aws-controllers-k8s/test-infra: 2 | {{- range $_, $service := .Config.ACKTestPresubmitServices }} 3 | - name: acktest-{{ $service }}-e2e-tests 4 | decorate: true 5 | optional: false 6 | # only if src/acktest/ code changed 7 | run_if_changed: ^(src/acktest/.*|requirements.txt) 8 | annotations: 9 | karpenter.sh/do-not-evict: "true" 10 | labels: 11 | preset-dind-enabled: "true" 12 | preset-kind-volume-mounts: "true" 13 | preset-test-config: "true" 14 | extra_refs: 15 | - org: aws-controllers-k8s 16 | repo: code-generator 17 | base_ref: main 18 | workdir: false 19 | - org: aws-controllers-k8s 20 | repo: {{ $service }}-controller 21 | base_ref: main 22 | workdir: false 23 | spec: 24 | serviceAccountName: pre-submit-service-account 25 | containers: 26 | - image: {{printf "%s:%s" $.ImageContext.ImageRepo (index $.ImageContext.Images "integration-test") }} 27 | resources: 28 | limits: 29 | cpu: 8 30 | memory: "3072Mi" 31 | requests: 32 | cpu: 2 33 | memory: "3072Mi" 34 | securityContext: 35 | privileged: true 36 | env: 37 | - name: SERVICE 38 | value: {{ $service }} 39 | - name: LOCAL_ACKTEST_LIBRARY 40 | value: "true" 41 | {{ if contains $.Config.CarmTestServices $service -}} 42 | - name: CARM_TESTS_ENABLED 43 | value: "true" 44 | {{ else if contains $.Config.IRSTestServices $service -}} 45 | - name: IRS_TESTS_ENABLED 46 | value: "true" 47 | {{ end -}} 48 | - name: FEATURE_GATES 49 | value: "ResourceAdoption=true" 50 | command: 51 | - "wrapper.sh" 52 | - "bash" 53 | - "-c" 54 | - "make kind-test SERVICE=$SERVICE LOCAL_ACKTEST_LIBRARY=$LOCAL_ACKTEST_LIBRARY" 55 | {{ end }} -------------------------------------------------------------------------------- /prow/jobs/tools/cmd/command/ecrpublic/client_url.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | package ecrpublic 15 | 16 | import "fmt" 17 | 18 | const ( 19 | // ecrPublicDNS is the DNS name for the ECR Public registry. 20 | ecrPublicDNS = "public.ecr.aws" 21 | ) 22 | 23 | // builGetTokenURL returns the URL to get a token from the ECR Public 24 | // registry. 25 | func builGetTokenURL() string { 26 | return fmt.Sprintf("https://%s/token/", ecrPublicDNS) 27 | } 28 | 29 | // buildGetManifestsURL returns the URL to get the manifest for a 30 | // specific version of a repository in the ECR Public registry. 31 | func buildGetManifestsURL(repository, version string) string { 32 | return fmt.Sprintf("https://%s/%s/manifests/%s", ecrPublicDNS, repository, version) 33 | } 34 | 35 | // buildListTagsURL returns the URL to get the tags for a repository 36 | // in the ECR Public registry. 37 | func buildListTagsURL(repository string) string { 38 | return fmt.Sprintf("https://%s/%s/tags/list", ecrPublicDNS, repository) 39 | } 40 | 41 | // buildGetBlobURL returns the URL to get the blob for a specific 42 | // digest in the ECR Public registry. 43 | func buildGetBlobURL(repository, digest string) string { 44 | return fmt.Sprintf("https://%s/%s/blobs/%s", ecrPublicDNS, repository, digest) 45 | } 46 | 47 | func buildURL(repository string) string { 48 | return fmt.Sprintf("https://%s/%s", ecrPublicDNS, repository) 49 | } 50 | -------------------------------------------------------------------------------- /prow/jobs/tools/cmd/command/ecrpublic/client_token.go: -------------------------------------------------------------------------------- 1 | // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"). You may 4 | // not use this file except in compliance with the License. A copy of the 5 | // License is located at 6 | // 7 | // http://aws.amazon.com/apache2.0/ 8 | // 9 | // or in the "license" file accompanying this file. This file is distributed 10 | // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 11 | // express or implied. See the License for the specific language governing 12 | // permissions and limitations under the License. 13 | 14 | package ecrpublic 15 | 16 | import ( 17 | "encoding/base64" 18 | "encoding/json" 19 | "strings" 20 | "time" 21 | ) 22 | 23 | // const ( 24 | // // defaultTokenExpirationThreshold is the default threshold to 25 | // // consider a token as expired. This is used to refresh the token 26 | // // before it expires. 27 | // // 28 | // // Maybe this too high/low? Maybe it should be configurable? 29 | // defaultTokenExpirationThreshold = 5 * time.Minute 30 | // ) 31 | 32 | // jwtToken is a helper struct to unmarshal the JWT token. 33 | type jwtToken struct { 34 | Expiration int64 `json:"expiration"` 35 | 36 | // Unused fields omitted for brevity 37 | // _ string `json:"payload"` 38 | // _ string `json:"dataKey"` 39 | // _ string `json:"version"` 40 | } 41 | 42 | // getTokenExpirationTime returns the expiration time of the JWT token. 43 | func getTokenExpirationTime(base64Token string) (time.Time, error) { 44 | var token jwtToken 45 | // The token is encoded in base64 and contains the expiration time 46 | // in the "expiration" json field. We decode the token to get the 47 | // expiration time. 48 | r := base64.NewDecoder(base64.StdEncoding, strings.NewReader(base64Token)) 49 | if err := json.NewDecoder(r).Decode(&token); err != nil { 50 | return time.Time{}, err 51 | } 52 | return time.Unix(token.Expiration, 0), nil 53 | } 54 | -------------------------------------------------------------------------------- /src/acktest/bootstrapping/vpc_endpoint_service.py: -------------------------------------------------------------------------------- 1 | import boto3 2 | 3 | from dataclasses import dataclass, field 4 | from acktest.bootstrapping.elbv2 import NetworkLoadBalancer 5 | from . import Bootstrappable 6 | from .. import resources 7 | 8 | @dataclass 9 | class VpcEndpointServiceConfiguration(Bootstrappable): 10 | # Inputs 11 | name_prefix: str 12 | name: str = field(init=False, default=None) 13 | 14 | # Subresources 15 | networkLoadBalancer: NetworkLoadBalancer = field(init=False, default=None) 16 | 17 | # Outputs 18 | service_id: str = field(init=False) 19 | 20 | def __post_init__(self): 21 | self.name = resources.random_suffix_name(self.name_prefix, 24) 22 | self.networkLoadBalancer = NetworkLoadBalancer(f"nlb-{self.name_prefix}") 23 | 24 | @property 25 | def ec2_client(self): 26 | return boto3.client("ec2", region_name=self.region) 27 | 28 | @property 29 | def ec2_resource(self): 30 | return boto3.resource("ec2", region_name=self.region) 31 | 32 | def bootstrap(self): 33 | super().bootstrap() 34 | 35 | vpc_endpoint_service = self.ec2_client.create_vpc_endpoint_service_configuration( 36 | AcceptanceRequired=True, 37 | DryRun=False, 38 | NetworkLoadBalancerArns=[self.networkLoadBalancer.arn], 39 | TagSpecifications=[{ 40 | "ResourceType": "vpc-endpoint-service", 41 | "Tags": [ 42 | { 43 | "Key": "Name", 44 | "Value": self.name 45 | } 46 | ] 47 | }] 48 | ) 49 | 50 | self.service_id = vpc_endpoint_service["ServiceConfiguration"]["ServiceId"] 51 | 52 | 53 | def cleanup(self): 54 | if hasattr(self, "service_id"): 55 | self.ec2_client.delete_vpc_endpoint_service_configurations( 56 | ServiceIds=[self.service_id] 57 | ) 58 | return super().cleanup() -------------------------------------------------------------------------------- /prow/config/templates/ghProxy-Deployment.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | metadata: 18 | name: ghproxy 19 | labels: 20 | app: ghproxy 21 | spec: 22 | selector: 23 | matchLabels: 24 | app: ghproxy 25 | strategy: 26 | type: Recreate 27 | # GHProxy does not support HA 28 | replicas: 1 29 | template: 30 | metadata: 31 | {{- if .Values.ghproxy.scrapeMetrics }} 32 | annotations: 33 | prometheus.io/path: /metrics 34 | prometheus.io/port: '9090' 35 | prometheus.io/scrape: 'true' 36 | {{- end }} 37 | labels: 38 | app: ghproxy 39 | spec: 40 | containers: 41 | - name: ghproxy 42 | env: 43 | - name: AWS_STS_REGIONAL_ENDPOINTS 44 | value: regional 45 | - name: AWS_ROLE_SESSION_NAME 46 | valueFrom: 47 | fieldRef: 48 | fieldPath: metadata.name 49 | image: {{ .Values.ghproxy.image }} 50 | args: 51 | - --cache-dir=/cache 52 | - --cache-sizeGB={{ add .Values.ghproxy.volumeSize -1 }} 53 | - --serve-metrics=true 54 | ports: 55 | - containerPort: 8888 56 | volumeMounts: 57 | - name: cache 58 | mountPath: /cache 59 | volumes: 60 | - name: cache 61 | persistentVolumeClaim: 62 | claimName: ghproxy 63 | -------------------------------------------------------------------------------- /prow/plugins/agent-plugin/pkg/k8s/types.go: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package k8s 16 | 17 | import ( 18 | prowv1 "sigs.k8s.io/prow/pkg/apis/prowjobs/v1" 19 | ) 20 | 21 | // Prow type aliases for better organization 22 | type ( 23 | ProwJob = prowv1.ProwJob 24 | ProwJobSpec = prowv1.ProwJobSpec 25 | ProwJobStatus = prowv1.ProwJobStatus 26 | ProwJobType = prowv1.ProwJobType 27 | ProwJobAgent = prowv1.ProwJobAgent 28 | ProwJobState = prowv1.ProwJobState 29 | Refs = prowv1.Refs 30 | Pull = prowv1.Pull 31 | DecorationConfig = prowv1.DecorationConfig 32 | GCSConfiguration = prowv1.GCSConfiguration 33 | UtilityImages = prowv1.UtilityImages 34 | ) 35 | 36 | // ProwJob type constants 37 | const ( 38 | PresubmitJob = prowv1.PresubmitJob 39 | PostsubmitJob = prowv1.PostsubmitJob 40 | PeriodicJob = prowv1.PeriodicJob 41 | BatchJob = prowv1.BatchJob 42 | ) 43 | 44 | // ProwJob agent constants 45 | const ( 46 | KubernetesAgent = prowv1.KubernetesAgent 47 | ) 48 | 49 | // ProwJob state constants 50 | const ( 51 | SchedulingState = prowv1.SchedulingState 52 | TriggeredState = prowv1.TriggeredState 53 | PendingState = prowv1.PendingState 54 | SuccessState = prowv1.SuccessState 55 | FailureState = prowv1.FailureState 56 | AbortedState = prowv1.AbortedState 57 | ErrorState = prowv1.ErrorState 58 | ) 59 | -------------------------------------------------------------------------------- /scripts/metadata-file-test-runner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # metadata-file-test-runner.sh contains functions used to test the existence and 4 | # content of metadata.yaml files. 5 | 6 | SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 7 | ROOT_DIR="$SCRIPTS_DIR/.." 8 | 9 | AWS_SERVICE=$(echo "${AWS_SERVICE:-""}" | tr '[:upper:]' '[:lower:]') 10 | 11 | DEFAULT_SERVICE_CONTROLLER_SOURCE_PATH="$ROOT_DIR/../$AWS_SERVICE-controller" 12 | SERVICE_CONTROLLER_SOURCE_PATH=${SERVICE_CONTROLLER_SOURCE_PATH:-$DEFAULT_SERVICE_CONTROLLER_SOURCE_PATH} 13 | 14 | source "$SCRIPTS_DIR/lib/common.sh" 15 | source "$SCRIPTS_DIR/lib/logging.sh" 16 | 17 | assert_metadata_file() { 18 | local metadata_file_name="metadata.yaml" 19 | local metadata_file_path="${SERVICE_CONTROLLER_SOURCE_PATH}/${metadata_file_name}" 20 | 21 | info_msg "Checking presence of metadata.yaml ..." 22 | 23 | if [[ ! -f "$metadata_file_path" ]]; then 24 | debug_msg "Unable to find metada.yaml file" 25 | exit 1 26 | fi 27 | 28 | info_msg "Validating metadata names" 29 | [[ $(yq .service.short_name < "$metadata_file_path") != "" ]] || exit 1 30 | [[ $(yq .service.full_name < "$metadata_file_path") != "" ]] || exit 1 31 | 32 | 33 | info_msg "Validating the existence of metadata URLs." 34 | 35 | ensure_url_healthy "$(yq .service.link < "$metadata_file_path")" || exit 1 36 | ensure_url_healthy "$(yq .service.documentation < "$metadata_file_path")" || exit 1 37 | } 38 | 39 | ensure_url_healthy() { 40 | __url="$1" 41 | if [[ $(curl --silent -L --head -o /dev/null -I -w "%{http_code}" "$__url") != "200" ]]; then 42 | debug_msg "$__url didn't respond with HTTP/1.1 200 OK" 43 | return 1 44 | fi 45 | } 46 | 47 | ensure_inputs() { 48 | [[ -z "$AWS_SERVICE" ]] && { error_msg "Expected \`AWS_SERVICE\` to be defined"; exit 1; } || : 49 | } 50 | 51 | ensure_binaries() { 52 | check_is_installed "yq" 53 | check_is_installed "curl" 54 | } 55 | 56 | ensure_inputs 57 | ensure_binaries -------------------------------------------------------------------------------- /GOVERNANCE.md: -------------------------------------------------------------------------------- 1 | # Project governance 2 | 3 | This document lays out the guidelines under which the AWS Controllers for Kubernetes (ACK) project will be governed. 4 | The goal is to make sure that the roles and responsibilities are well defined and clarify on how decisions are made. 5 | 6 | ## Roles 7 | 8 | In the context of ACK, we consider the following roles: 9 | 10 | * __Users__ ... everyone using ACK, typically willing to provide feedback on ACK by proposing features and/or filing issues. 11 | * __Contributors__ ... everyone contributing code, documentation, examples, testing infra, and participating in feature proposals as well as design discussions. Code contributions will require a Developer Certificate of Origin (DCO). 12 | * __Maintainers__ ... are responsible for engaging with and assisting contributors to iterate on the contributions until it reaches acceptable quality. Maintainers can decide whether the contributions can be accepted into the project or rejected. Any active contributor meeting the project quality can be made a Maintainer by the Advisory Board. 13 | * __Advisory Board__ ... is responsible for defining the guidelines and processes that the project operates under. 14 | 15 | The initial members of the Advisory Board are `@jaypipes` and `@mhausenblas`. 16 | 17 | 18 | ## Communication 19 | 20 | The primary mechanism for communication will be via the `#provider-aws` channel on the Kubernetes Slack community. 21 | All features and bug fixes will be tracked as issues in GitHub. All decisions will be documented in GitHub issues. 22 | 23 | In the future, we may consider using a public mailing list, which can be better archived. 24 | 25 | ## Roadmap Planning 26 | 27 | Maintainers will share roadmap and release versions as milestones in GitHub. 28 | 29 | ## Release Management 30 | 31 | The Advisory Board will propose a release management proposal via a GitHub issue and resolve it there. 32 | 33 | ## Other relevant governance resources 34 | 35 | * The ACK [Contributing Guidelines](CONTRIBUTING.md) 36 | * Our [Code of Conduct](CODE_OF_CONDUCT.md) 37 | --------------------------------------------------------------------------------