├── .stignore ├── .dockerignore ├── .github ├── pull_request_template.md └── workflows │ └── zz_generated.gitleaks.yaml ├── flag ├── service │ ├── aws │ │ ├── role │ │ │ └── role.go │ │ ├── cni │ │ │ └── cni.go │ │ ├── route53 │ │ │ └── route53.go │ │ ├── loggingbucket │ │ │ └── loggingbucket.go │ │ ├── trustedadvisor │ │ │ └── trustedadvisor.go │ │ ├── hostaccesskey │ │ │ └── accesskey.go │ │ └── aws.go │ ├── guest │ │ ├── ssh │ │ │ └── ssh.go │ │ ├── ignition │ │ │ └── ignition.go │ │ └── guest.go │ ├── cluster │ │ ├── kubernetes │ │ │ ├── ssh │ │ │ │ └── ssh.go │ │ │ ├── api │ │ │ │ └── api.go │ │ │ ├── networksetup │ │ │ │ ├── docker │ │ │ │ │ └── docker.go │ │ │ │ └── networksetup.go │ │ │ └── kubernetes.go │ │ ├── docker │ │ │ ├── daemon │ │ │ │ └── daemon.go │ │ │ └── docker.go │ │ ├── calico │ │ │ └── calico.go │ │ └── cluster.go │ ├── installation │ │ ├── guest │ │ │ ├── ssh │ │ │ │ └── ssh.go │ │ │ ├── ipam │ │ │ │ ├── ipam.go │ │ │ │ └── network │ │ │ │ │ └── network.go │ │ │ ├── kubernetes │ │ │ │ ├── api │ │ │ │ │ ├── auth │ │ │ │ │ │ ├── provider │ │ │ │ │ │ │ ├── oidc │ │ │ │ │ │ │ │ └── oidc.go │ │ │ │ │ │ │ └── provider.go │ │ │ │ │ │ └── auth.go │ │ │ │ │ ├── security │ │ │ │ │ │ ├── security.go │ │ │ │ │ │ └── whitelist │ │ │ │ │ │ │ └── whitelist.go │ │ │ │ │ └── api.go │ │ │ │ └── kubernetes.go │ │ │ └── guest.go │ │ └── installation.go │ ├── registry │ │ └── registry.go │ └── service.go └── flag.go ├── CODEOWNERS ├── service ├── internal │ ├── asg │ │ ├── internal │ │ │ └── cache │ │ │ │ ├── cache.go │ │ │ │ ├── asgs.go │ │ │ │ └── instances.go │ │ ├── spec.go │ │ └── error.go │ ├── hamaster │ │ └── internal │ │ │ └── cache │ │ │ └── cache.go │ ├── images │ │ ├── internal │ │ │ └── cache │ │ │ │ └── cache.go │ │ └── error.go │ ├── releases │ │ ├── internal │ │ │ └── cache │ │ │ │ ├── cache.go │ │ │ │ └── release.go │ │ ├── spec.go │ │ └── error.go │ ├── cloudformation │ │ ├── types.go │ │ └── spec.go │ ├── cloudconfig │ │ ├── cloud_config.go │ │ ├── template │ │ │ ├── wait_docker_conf.go │ │ │ ├── netwokd-ignore-aws-cni.go │ │ │ ├── etcd3_extra_config.go │ │ │ ├── systemd-networkd-eth1-network.go │ │ │ ├── automount_etcd_volume.go │ │ │ ├── instance_storage.go │ │ │ ├── mount_log_volume.go │ │ │ ├── ephemeral_var_lib_docker_mount.go │ │ │ ├── persistent_var_lib_docker_mount.go │ │ │ ├── encryption_config.go │ │ │ ├── mount_etcd_volume_asg_masters.go │ │ │ ├── mount_kubelet_volume.go │ │ │ ├── ephemeral_var_lib_containerd_mount.go │ │ │ ├── persistent_var_lib_containerd_mount.go │ │ │ ├── decrypt_tls_assets_service.go │ │ │ ├── decrypt_keys_assets_service.go │ │ │ ├── ingress_controller_config_map.go │ │ │ ├── nvme_set_timeouts_unit.go │ │ │ ├── set-hostname.go │ │ │ ├── instance_storage_class.go │ │ │ └── nvme_udev_hack.go │ │ ├── types.go │ │ ├── error.go │ │ └── spec.go │ ├── encrypter │ │ ├── kms │ │ │ ├── key.go │ │ │ ├── spec.go │ │ │ ├── cache.go │ │ │ └── error.go │ │ ├── mock.go │ │ └── spec.go │ ├── cloudtags │ │ ├── spec.go │ │ └── error.go │ ├── cphostedzone │ │ ├── spec.go │ │ └── error.go │ ├── unittest │ │ ├── default_keys.go │ │ ├── default_irsa-cloudfront-configmap.go │ │ ├── file_name.go │ │ ├── default_network_pool.go │ │ ├── default_release.go │ │ ├── default_images.go │ │ └── default_certs.go │ ├── locker │ │ ├── spec.go │ │ ├── error.go │ │ └── mutex_locker.go │ ├── recorder │ │ └── spec.go │ ├── accountid │ │ ├── spec.go │ │ └── error.go │ ├── changedetection │ │ └── error.go │ ├── credential │ │ └── error.go │ └── templates │ │ └── cloudconfig │ │ └── small.go ├── controller │ ├── resource │ │ ├── cpvpc │ │ │ ├── delete.go │ │ │ ├── spec.go │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── region │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── create.go │ │ ├── tccpazs │ │ │ ├── delete.go │ │ │ ├── types.go │ │ │ └── error.go │ │ ├── tccpvpcid │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── tcnpazs │ │ │ ├── delete.go │ │ │ └── error.go │ │ ├── apiendpoint │ │ │ ├── delete.go │ │ │ ├── resource.go │ │ │ └── error.go │ │ ├── cleanupenis │ │ │ ├── create.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── keepforcrs │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── snapshotid │ │ │ ├── delete.go │ │ │ ├── resource.go │ │ │ └── error.go │ │ ├── tccpoutputs │ │ │ ├── delete.go │ │ │ └── error.go │ │ ├── tccpsubnets │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── create.go │ │ ├── tccpvpcpcx │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── tcnpoutputs │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── tcnpstatus │ │ │ ├── delete.go │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── cproutetables │ │ │ ├── delete.go │ │ │ ├── spec.go │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── eniconfigcrs │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── tccpnoutputs │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── tccpn │ │ │ └── template │ │ │ │ ├── params_main_outputs.go │ │ │ │ ├── params_main_eni.go │ │ │ │ ├── params_main_etcd_volume.go │ │ │ │ ├── template_main_outputs.go │ │ │ │ ├── params_main.go │ │ │ │ ├── params_main_record_sets.go │ │ │ │ ├── template_main.go │ │ │ │ ├── params_main_iam_policies.go │ │ │ │ ├── template_main_eni.go │ │ │ │ ├── render.go │ │ │ │ ├── template_main_record_sets.go │ │ │ │ ├── params_main_auto_scaling_group.go │ │ │ │ └── template_main_etcd_volume.go │ │ ├── tccpnatgateways │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── tccpvpcidstatus │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── tcnpf │ │ │ ├── template │ │ │ │ ├── params_main.go │ │ │ │ ├── template_main.go │ │ │ │ ├── template_main_route_tables.go │ │ │ │ ├── render.go │ │ │ │ └── params_main_route_tables.go │ │ │ └── testdata │ │ │ │ └── case-0-basic-test.golden │ │ ├── tcnpinstanceinfo │ │ │ ├── delete.go │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── cleanuprecordsets │ │ │ ├── create.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── cleanuptcnpiamroles │ │ │ ├── create.go │ │ │ ├── resource.go │ │ │ └── error.go │ │ ├── cleanupvpcpeerings │ │ │ ├── create.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── tccpsecuritygroups │ │ │ ├── delete.go │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── tcnpsecuritygroups │ │ │ ├── delete.go │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── cleanupsecuritygroups │ │ │ ├── create.go │ │ │ ├── resource.go │ │ │ └── error.go │ │ ├── cleanuptccpniamroles │ │ │ ├── create.go │ │ │ ├── resource.go │ │ │ └── error.go │ │ ├── tccpi │ │ │ ├── template │ │ │ │ ├── params_main.go │ │ │ │ ├── template_main.go │ │ │ │ ├── render.go │ │ │ │ ├── params_main_iam_roles.go │ │ │ │ ├── template_main_iam_roles.go │ │ │ │ └── render_test.go │ │ │ └── testdata │ │ │ │ └── case-0-basic-test.golden │ │ ├── terminateunhealthynode │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── cleanupmachinedeployments │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── tccpf │ │ │ ├── template │ │ │ │ ├── params_main.go │ │ │ │ ├── params_main_route_tables.go │ │ │ │ ├── template_main.go │ │ │ │ ├── params_main_record_sets.go │ │ │ │ ├── template_main_route_tables.go │ │ │ │ └── render.go │ │ │ └── error_test.go │ │ ├── cleanupebsvolumes │ │ │ ├── create.go │ │ │ ├── error.go │ │ │ └── resource.go │ │ ├── ipam │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ ├── test_checker.go │ │ │ ├── test_collector.go │ │ │ ├── test_persister.go │ │ │ └── spec.go │ │ ├── cleanuploadbalancers │ │ │ ├── create.go │ │ │ └── error.go │ │ ├── asgname │ │ │ ├── create.go │ │ │ ├── delete.go │ │ │ └── error.go │ │ ├── asgstatus │ │ │ ├── create.go │ │ │ └── delete.go │ │ ├── tccp │ │ │ ├── template │ │ │ │ ├── params_main_record_sets.go │ │ │ │ ├── params_main_internet_gateway.go │ │ │ │ ├── params_main.go │ │ │ │ ├── params_main_nat_gateway.go │ │ │ │ ├── params_main_vpc.go │ │ │ │ ├── params_main_route_tables.go │ │ │ │ ├── params_main_outputs.go │ │ │ │ ├── template_main.go │ │ │ │ ├── params_main_subnets.go │ │ │ │ ├── template_main_outputs.go │ │ │ │ ├── render.go │ │ │ │ ├── params_main_security_groups.go │ │ │ │ ├── params_main_load_balancers.go │ │ │ │ ├── template_main_internet_gateway.go │ │ │ │ └── template_main_nat_gateway.go │ │ │ └── config.go │ │ ├── tcnp │ │ │ └── template │ │ │ │ ├── params_main_outputs.go │ │ │ │ ├── template_main_outputs.go │ │ │ │ ├── params_main.go │ │ │ │ ├── params_main_iam_policies.go │ │ │ │ ├── template_main.go │ │ │ │ ├── render.go │ │ │ │ ├── template_main_route_table.go │ │ │ │ ├── params_main_route_table.go │ │ │ │ ├── params_main_subnets.go │ │ │ │ └── template_main_subnets.go │ │ ├── accountid │ │ │ ├── create.go │ │ │ ├── delete.go │ │ │ └── error.go │ │ ├── drainerfinalizer │ │ │ ├── create.go │ │ │ ├── delete.go │ │ │ └── error_test.go │ │ ├── drainerinitializer │ │ │ ├── create.go │ │ │ └── delete.go │ │ ├── tenantclients │ │ │ ├── error.go │ │ │ └── delete.go │ │ ├── secretfinalizer │ │ │ ├── error.go │ │ │ ├── secret_accessor.go │ │ │ └── resource.go │ │ ├── encryptionensurer │ │ │ ├── error.go │ │ │ ├── create.go │ │ │ └── delete.go │ │ ├── natgatewayaddresses │ │ │ ├── error.go │ │ │ ├── create.go │ │ │ └── delete.go │ │ ├── awsclient │ │ │ ├── delete.go │ │ │ ├── error.go │ │ │ └── create.go │ │ ├── bridgezone │ │ │ └── error.go │ │ ├── service │ │ │ └── error.go │ │ ├── endpoints │ │ │ ├── error.go │ │ │ └── current.go │ │ ├── peerrolearn │ │ │ ├── error.go │ │ │ ├── create.go │ │ │ └── delete.go │ │ └── s3bucket │ │ │ └── desired.go │ ├── controllercontext │ │ ├── status_funcs.go │ │ ├── error.go │ │ └── client.go │ ├── key │ │ ├── types.go │ │ ├── spec.go │ │ ├── g8s_control_plane.go │ │ ├── cilium.go │ │ ├── key.go │ │ ├── legacy.go │ │ └── error.go │ └── error.go └── error.go ├── .nancy-ignore.generated ├── policies ├── tenant_cluster.json └── README.md ├── .gitignore ├── SECURITY.md ├── helm └── aws-operator │ ├── templates │ ├── service-account.yaml │ ├── service.yaml │ ├── secret.yaml │ ├── vpa.yaml │ ├── servicemonitor.yaml │ ├── network-policy.yaml │ ├── psp.yaml │ ├── _resource.tpl │ └── _helpers.tpl │ └── Chart.yaml ├── debug_server.sh ├── pkg ├── annotation │ └── annotation.go ├── awstags │ ├── s3.go │ ├── kms.go │ ├── cloud_formation.go │ └── ec2.go ├── template │ ├── template_test.go │ └── template.go ├── project │ └── project.go └── label │ └── label.go ├── client └── aws │ └── error.go ├── server ├── error.go └── endpoint │ └── error.go ├── renovate.json5 ├── okteto.yml ├── Dockerfile ├── .nancy-ignore ├── .pre-commit-config.yaml ├── third_party └── licenses │ └── LICENSE.ebs-automatic-nvme-mapping.txt └── .circleci └── config.yml /.stignore: -------------------------------------------------------------------------------- 1 | .git 2 | okteto.yml 3 | docs 4 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !aws-operator 3 | !go.mod 4 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Checklist 2 | 3 | - [ ] Update changelog in CHANGELOG.md. 4 | -------------------------------------------------------------------------------- /flag/service/aws/role/role.go: -------------------------------------------------------------------------------- 1 | package role 2 | 3 | type Role struct { 4 | ARN string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/aws/cni/cni.go: -------------------------------------------------------------------------------- 1 | package cni 2 | 3 | type CNI struct { 4 | ExternalSNAT string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/guest/ssh/ssh.go: -------------------------------------------------------------------------------- 1 | package ssh 2 | 3 | type SSH struct { 4 | SSOPublicKey string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/aws/route53/route53.go: -------------------------------------------------------------------------------- 1 | package route53 2 | 3 | type Route53 struct { 4 | Enabled string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/cluster/kubernetes/ssh/ssh.go: -------------------------------------------------------------------------------- 1 | package ssh 2 | 3 | type SSH struct { 4 | UserList string 5 | } 6 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # generated by giantswarm/github actions - changes will be overwritten 2 | * @giantswarm/team-phoenix 3 | -------------------------------------------------------------------------------- /flag/service/cluster/docker/daemon/daemon.go: -------------------------------------------------------------------------------- 1 | package daemon 2 | 3 | type Daemon struct { 4 | CIDR string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/cluster/kubernetes/api/api.go: -------------------------------------------------------------------------------- 1 | package api 2 | 3 | type API struct { 4 | ClusterIPRange string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/guest/ignition/ignition.go: -------------------------------------------------------------------------------- 1 | package ignition 2 | 3 | type Ignition struct { 4 | Path string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/installation/guest/ssh/ssh.go: -------------------------------------------------------------------------------- 1 | package ssh 2 | 3 | type SSH struct { 4 | SSOPublicKey string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/aws/loggingbucket/loggingbucket.go: -------------------------------------------------------------------------------- 1 | package loggingbucket 2 | 3 | type LoggingBucket struct { 4 | Delete string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/cluster/kubernetes/networksetup/docker/docker.go: -------------------------------------------------------------------------------- 1 | package docker 2 | 3 | type Docker struct { 4 | Image string 5 | } 6 | -------------------------------------------------------------------------------- /flag/service/aws/trustedadvisor/trustedadvisor.go: -------------------------------------------------------------------------------- 1 | package trustedadvisor 2 | 3 | type TrustedAdvisor struct { 4 | Enabled string 5 | } 6 | -------------------------------------------------------------------------------- /service/internal/asg/internal/cache/cache.go: -------------------------------------------------------------------------------- 1 | package cache 2 | 3 | import "time" 4 | 5 | const ( 6 | expiration = 5 * time.Minute 7 | ) 8 | -------------------------------------------------------------------------------- /service/internal/hamaster/internal/cache/cache.go: -------------------------------------------------------------------------------- 1 | package cache 2 | 3 | import "time" 4 | 5 | const ( 6 | expiration = 5 * time.Minute 7 | ) 8 | -------------------------------------------------------------------------------- /service/internal/images/internal/cache/cache.go: -------------------------------------------------------------------------------- 1 | package cache 2 | 3 | import "time" 4 | 5 | const ( 6 | expiration = 5 * time.Minute 7 | ) 8 | -------------------------------------------------------------------------------- /service/internal/releases/internal/cache/cache.go: -------------------------------------------------------------------------------- 1 | package cache 2 | 3 | import "time" 4 | 5 | const ( 6 | expiration = 5 * time.Minute 7 | ) 8 | -------------------------------------------------------------------------------- /flag/service/cluster/calico/calico.go: -------------------------------------------------------------------------------- 1 | package calico 2 | 3 | type Calico struct { 4 | CIDR string 5 | MTU string 6 | Subnet string 7 | } 8 | -------------------------------------------------------------------------------- /service/internal/cloudformation/types.go: -------------------------------------------------------------------------------- 1 | package cloudformation 2 | 3 | type Output struct { 4 | OutputKey string 5 | OutputValue string 6 | } 7 | -------------------------------------------------------------------------------- /.nancy-ignore.generated: -------------------------------------------------------------------------------- 1 | # This file is generated by https://github.com/giantswarm/github 2 | # Repository specific ignores should be added to .nancy-ignore 3 | -------------------------------------------------------------------------------- /policies/tenant_cluster.json: -------------------------------------------------------------------------------- 1 | Moved to: https://raw.githubusercontent.com/giantswarm/giantswarm-aws-account-prerequisites/master/aws-operator-role/iam-policy.json 2 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/cloud_config.go: -------------------------------------------------------------------------------- 1 | package cloudconfig 2 | 3 | const ( 4 | FileOwnerUserName = "root" 5 | FileOwnerGroupName = "root" 6 | FilePermission = 0700 7 | ) 8 | -------------------------------------------------------------------------------- /service/internal/encrypter/kms/key.go: -------------------------------------------------------------------------------- 1 | package kms 2 | 3 | import ( 4 | "fmt" 5 | ) 6 | 7 | func keyAlias(id string) string { 8 | return fmt.Sprintf("alias/%s", id) 9 | } 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | aws-operator 3 | !helm/aws-operator 4 | TODO 5 | *.swp 6 | !vendor/** 7 | 8 | .e2e-harness 9 | integration/test/**/*-e2e 10 | 11 | __debug_bin 12 | .vscode 13 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Reporting a Vulnerability 4 | 5 | Please visit for information on reporting security issues. 6 | -------------------------------------------------------------------------------- /flag/service/aws/hostaccesskey/accesskey.go: -------------------------------------------------------------------------------- 1 | package hostaccesskey 2 | 3 | type HostAccessKey struct { 4 | ID string 5 | Role string 6 | Secret string 7 | Session string 8 | } 9 | -------------------------------------------------------------------------------- /flag/service/registry/registry.go: -------------------------------------------------------------------------------- 1 | package registry 2 | 3 | type Registry struct { 4 | Domain string 5 | Mirrors string 6 | 7 | // Registry tokens 8 | DockerhubToken string 9 | } 10 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/wait_docker_conf.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const WaitDockerConf = ` 4 | [Unit] 5 | After=var-lib-docker.mount 6 | Requires=var-lib-docker.mount 7 | ` 8 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/netwokd-ignore-aws-cni.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const NetworkdIgnoreAWSCNiInterfaces = ` 4 | [Match] 5 | Name=%s 6 | 7 | [Link] 8 | Unmanaged=yes 9 | ` 10 | -------------------------------------------------------------------------------- /service/internal/encrypter/kms/spec.go: -------------------------------------------------------------------------------- 1 | package kms 2 | 3 | import "github.com/aws/aws-sdk-go/service/kms" 4 | 5 | type KMSClient interface { 6 | Encrypt(*kms.EncryptInput) (*kms.EncryptOutput, error) 7 | } 8 | -------------------------------------------------------------------------------- /service/controller/resource/cpvpc/delete.go: -------------------------------------------------------------------------------- 1 | package cpvpc 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/region/delete.go: -------------------------------------------------------------------------------- 1 | package region 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /flag/service/installation/guest/ipam/ipam.go: -------------------------------------------------------------------------------- 1 | package ipam 2 | 3 | import "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/ipam/network" 4 | 5 | type IPAM struct { 6 | Network network.Network 7 | } 8 | -------------------------------------------------------------------------------- /flag/service/installation/guest/kubernetes/api/auth/provider/oidc/oidc.go: -------------------------------------------------------------------------------- 1 | package oidc 2 | 3 | type OIDC struct { 4 | ClientID string 5 | IssuerURL string 6 | UsernameClaim string 7 | GroupsClaim string 8 | } 9 | -------------------------------------------------------------------------------- /service/controller/controllercontext/status_funcs.go: -------------------------------------------------------------------------------- 1 | package controllercontext 2 | 3 | func (a ContextStatusTenantClusterASG) IsEmpty() bool { 4 | return a.DesiredCapacity == 0 && a.MaxSize == 0 && a.MinSize == 0 5 | } 6 | -------------------------------------------------------------------------------- /service/controller/resource/tccpazs/delete.go: -------------------------------------------------------------------------------- 1 | package tccpazs 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcid/delete.go: -------------------------------------------------------------------------------- 1 | package tccpvpcid 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpazs/delete.go: -------------------------------------------------------------------------------- 1 | package tcnpazs 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/etcd3_extra_config.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const Etcd3ExtraConfig = ` 4 | [Unit] 5 | Requires=etcd3-attach-dependencies.service 6 | After=etcd3-attach-dependencies.service 7 | ` 8 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/systemd-networkd-eth1-network.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const SystemdNetworkdEth1Network = ` 4 | # disable DHCP 5 | [Match] 6 | Name=eth1 7 | [Network] 8 | DHCP=no 9 | ` 10 | -------------------------------------------------------------------------------- /flag/service/cluster/docker/docker.go: -------------------------------------------------------------------------------- 1 | package docker 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster/docker/daemon" 5 | ) 6 | 7 | type Docker struct { 8 | Daemon daemon.Daemon 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/apiendpoint/delete.go: -------------------------------------------------------------------------------- 1 | package apiendpoint 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupenis/create.go: -------------------------------------------------------------------------------- 1 | package cleanupenis 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cpvpc/spec.go: -------------------------------------------------------------------------------- 1 | package cpvpc 2 | 3 | import "github.com/aws/aws-sdk-go/service/ec2" 4 | 5 | type EC2 interface { 6 | DescribeVpcs(input *ec2.DescribeVpcsInput) (*ec2.DescribeVpcsOutput, error) 7 | } 8 | -------------------------------------------------------------------------------- /service/controller/resource/keepforcrs/create.go: -------------------------------------------------------------------------------- 1 | package keepforcrs 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/snapshotid/delete.go: -------------------------------------------------------------------------------- 1 | package snapshotid 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpoutputs/delete.go: -------------------------------------------------------------------------------- 1 | package tccpoutputs 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpsubnets/delete.go: -------------------------------------------------------------------------------- 1 | package tccpsubnets 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcpcx/delete.go: -------------------------------------------------------------------------------- 1 | package tccpvpcpcx 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpoutputs/delete.go: -------------------------------------------------------------------------------- 1 | package tcnpoutputs 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpstatus/delete.go: -------------------------------------------------------------------------------- 1 | package tcnpstatus 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cproutetables/delete.go: -------------------------------------------------------------------------------- 1 | package cproutetables 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/eniconfigcrs/delete.go: -------------------------------------------------------------------------------- 1 | package eniconfigcrs 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpnoutputs/delete.go: -------------------------------------------------------------------------------- 1 | package tccpnoutputs 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/params_main_outputs.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainOutputs struct { 4 | InstanceType string 5 | MasterReplicas int 6 | OperatorVersion string 7 | ReleaseVersion string 8 | } 9 | -------------------------------------------------------------------------------- /service/controller/resource/tccpnatgateways/delete.go: -------------------------------------------------------------------------------- 1 | package tccpnatgateways 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcidstatus/delete.go: -------------------------------------------------------------------------------- 1 | package tccpvpcidstatus 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpf/template/params_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | // ParamsMain is the data structure for the Tenant Cluster Finalizer template. 4 | type ParamsMain struct { 5 | RouteTables *ParamsMainRouteTables 6 | } 7 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpinstanceinfo/delete.go: -------------------------------------------------------------------------------- 1 | package tcnpinstanceinfo 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuprecordsets/create.go: -------------------------------------------------------------------------------- 1 | package cleanuprecordsets 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuptcnpiamroles/create.go: -------------------------------------------------------------------------------- 1 | package cleanuptcnpiamroles 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupvpcpeerings/create.go: -------------------------------------------------------------------------------- 1 | package cleanupvpcpeerings 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpsecuritygroups/delete.go: -------------------------------------------------------------------------------- 1 | package tccpsecuritygroups 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpsecuritygroups/delete.go: -------------------------------------------------------------------------------- 1 | package tcnpsecuritygroups 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupsecuritygroups/create.go: -------------------------------------------------------------------------------- 1 | package cleanupsecuritygroups 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuptccpniamroles/create.go: -------------------------------------------------------------------------------- 1 | package cleanuptccpniamroles 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpi/template/params_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | // ParamsMain is the data structure for the Tenant Cluster Control Plane 4 | // Initializer template. 5 | type ParamsMain struct { 6 | IAMRoles *ParamsMainIAMRoles 7 | } 8 | -------------------------------------------------------------------------------- /service/controller/resource/terminateunhealthynode/delete.go: -------------------------------------------------------------------------------- 1 | package terminateunhealthynode 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /flag/service/installation/guest/kubernetes/kubernetes.go: -------------------------------------------------------------------------------- 1 | package kubernetes 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/kubernetes/api" 5 | ) 6 | 7 | type Kubernetes struct { 8 | API api.API 9 | } 10 | -------------------------------------------------------------------------------- /flag/service/installation/installation.go: -------------------------------------------------------------------------------- 1 | package installation 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest" 5 | ) 6 | 7 | type Installation struct { 8 | Name string 9 | Guest guest.Guest 10 | } 11 | -------------------------------------------------------------------------------- /service/controller/key/types.go: -------------------------------------------------------------------------------- 1 | package key 2 | 3 | type AMIInfo struct { 4 | Name string `json:"name"` 5 | PV string `json:"pv"` 6 | HVM string `json:"hvm"` 7 | } 8 | 9 | type AMIInfoList struct { 10 | AMIs []AMIInfo `json:"amis"` 11 | } 12 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupmachinedeployments/create.go: -------------------------------------------------------------------------------- 1 | package cleanupmachinedeployments 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/cproutetables/spec.go: -------------------------------------------------------------------------------- 1 | package cproutetables 2 | 3 | import "github.com/aws/aws-sdk-go/service/ec2" 4 | 5 | type EC2 interface { 6 | DescribeRouteTables(*ec2.DescribeRouteTablesInput) (*ec2.DescribeRouteTablesOutput, error) 7 | } 8 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/automount_etcd_volume.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const AutomountEtcdVolume = ` 4 | [Unit] 5 | Description=etcd3 data volume 6 | 7 | [Mount] 8 | Where=/var/lib/etcd 9 | 10 | [Install] 11 | WantedBy=multi-user.target 12 | ` 13 | -------------------------------------------------------------------------------- /flag/service/installation/guest/kubernetes/api/auth/auth.go: -------------------------------------------------------------------------------- 1 | package auth 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/kubernetes/api/auth/provider" 5 | ) 6 | 7 | type Auth struct { 8 | Provider provider.Provider 9 | } 10 | -------------------------------------------------------------------------------- /service/internal/cloudtags/spec.go: -------------------------------------------------------------------------------- 1 | package cloudtags 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | type Interface interface { 8 | // Get Labels from cluster API object 9 | GetTagsByCluster(ctx context.Context, clusterID string) (map[string]string, error) 10 | } 11 | -------------------------------------------------------------------------------- /flag/service/cluster/kubernetes/networksetup/networksetup.go: -------------------------------------------------------------------------------- 1 | package networksetup 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster/kubernetes/networksetup/docker" 5 | ) 6 | 7 | type NetworkSetup struct { 8 | Docker docker.Docker 9 | } 10 | -------------------------------------------------------------------------------- /flag/service/installation/guest/kubernetes/api/security/security.go: -------------------------------------------------------------------------------- 1 | package security 2 | 3 | import "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/kubernetes/api/security/whitelist" 4 | 5 | type Security struct { 6 | Whitelist whitelist.Whitelist 7 | } 8 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ include "resource.default.name" . }} 5 | namespace: {{ include "resource.default.namespace" . }} 6 | labels: 7 | {{- include "labels.common" . | nindent 4 }} 8 | -------------------------------------------------------------------------------- /flag/service/installation/guest/kubernetes/api/auth/provider/provider.go: -------------------------------------------------------------------------------- 1 | package provider 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/kubernetes/api/auth/provider/oidc" 5 | ) 6 | 7 | type Provider struct { 8 | OIDC oidc.OIDC 9 | } 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccpf/template/params_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | // ParamsMain is the data structure for the Tenant Cluster Control Plane 4 | // Finalizer template. 5 | type ParamsMain struct { 6 | RecordSets *ParamsMainRecordSets 7 | RouteTables *ParamsMainRouteTables 8 | } 9 | -------------------------------------------------------------------------------- /service/internal/cphostedzone/spec.go: -------------------------------------------------------------------------------- 1 | package cphostedzone 2 | 3 | import ( 4 | "github.com/aws/aws-sdk-go/service/route53" 5 | ) 6 | 7 | type Route53 interface { 8 | ListHostedZonesByName(input *route53.ListHostedZonesByNameInput) (*route53.ListHostedZonesByNameOutput, error) 9 | } 10 | -------------------------------------------------------------------------------- /service/internal/unittest/default_keys.go: -------------------------------------------------------------------------------- 1 | package unittest 2 | 3 | import "github.com/giantswarm/randomkeys/v3" 4 | 5 | func DefaultKeys() randomkeys.Cluster { 6 | return randomkeys.Cluster{ 7 | APIServerEncryptionKey: randomkeys.RandomKey("api-server-encryption-key"), 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/instance_storage.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const InstanceStorage = ` 4 | storage: 5 | filesystems: 6 | - name: ephemeral1 7 | mount: 8 | device: /dev/xvdb 9 | format: xfs 10 | create: 11 | force: true 12 | ` 13 | -------------------------------------------------------------------------------- /flag/service/guest/guest.go: -------------------------------------------------------------------------------- 1 | package guest 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/guest/ignition" 5 | "github.com/giantswarm/aws-operator/v16/flag/service/guest/ssh" 6 | ) 7 | 8 | type Guest struct { 9 | Ignition ignition.Ignition 10 | SSH ssh.SSH 11 | } 12 | -------------------------------------------------------------------------------- /service/controller/key/spec.go: -------------------------------------------------------------------------------- 1 | package key 2 | 3 | import ( 4 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 | ) 6 | 7 | type DeletionTimestampGetter interface { 8 | GetDeletionTimestamp() *metav1.Time 9 | } 10 | 11 | type LabelsGetter interface { 12 | GetLabels() map[string]string 13 | } 14 | -------------------------------------------------------------------------------- /service/controller/key/g8s_control_plane.go: -------------------------------------------------------------------------------- 1 | package key 2 | 3 | import ( 4 | infrastructurev1alpha3 "github.com/giantswarm/apiextensions/v6/pkg/apis/infrastructure/v1alpha3" 5 | ) 6 | 7 | func G8sControlPlaneReplicas(cr infrastructurev1alpha3.G8sControlPlane) int { 8 | return cr.Spec.Replicas 9 | } 10 | -------------------------------------------------------------------------------- /debug_server.sh: -------------------------------------------------------------------------------- 1 | ln -s /go/pkg/mod/$(cat go.mod | grep k8scloudconfig | awk '{print $1"@"$2}') /opt/ignition 2 | 3 | dlv debug --headless --listen=:2345 --log --api-version=2 -- daemon --config.dirs=/var/run/aws-operator/configmap/ --config.dirs=/var/run/aws-operator/secret/ --config.files=config --config.files=secret 4 | -------------------------------------------------------------------------------- /service/internal/locker/spec.go: -------------------------------------------------------------------------------- 1 | package locker 2 | 3 | import "context" 4 | 5 | // Interface is some form of lock implementation like achieved for in process 6 | // locking using sync.Mutex. 7 | type Interface interface { 8 | Lock(ctx context.Context) error 9 | Unlock(ctx context.Context) error 10 | } 11 | -------------------------------------------------------------------------------- /flag/flag.go: -------------------------------------------------------------------------------- 1 | package flag 2 | 3 | import ( 4 | "github.com/giantswarm/microkit/flag" 5 | 6 | "github.com/giantswarm/aws-operator/v16/flag/service" 7 | ) 8 | 9 | type Flag struct { 10 | Service service.Service 11 | } 12 | 13 | func New() *Flag { 14 | f := &Flag{} 15 | flag.Init(f) 16 | return f 17 | } 18 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/params_main_eni.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainENI struct { 4 | List []ParamsMainENIItem 5 | } 6 | 7 | type ParamsMainENIItem struct { 8 | Name string 9 | Resource string 10 | SecurityGroupID string 11 | SubnetID string 12 | } 13 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpf/template/template_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMain = ` 4 | {{- define "main" -}} 5 | AWSTemplateFormatVersion: 2010-09-09 6 | Description: Tenant Cluster Finalizer Cloud Formation Stack. 7 | Resources: 8 | {{ template "route_tables" . }} 9 | {{ end }} 10 | ` 11 | -------------------------------------------------------------------------------- /service/internal/recorder/spec.go: -------------------------------------------------------------------------------- 1 | package recorder 2 | 3 | import ( 4 | "context" 5 | 6 | pkgruntime "k8s.io/apimachinery/pkg/runtime" 7 | ) 8 | 9 | type Interface interface { 10 | // Emit is used to create Kubernetes events. 11 | Emit(ctx context.Context, obj pkgruntime.Object, reason, message string) 12 | } 13 | -------------------------------------------------------------------------------- /service/internal/accountid/spec.go: -------------------------------------------------------------------------------- 1 | package accountid 2 | 3 | import ( 4 | "github.com/aws/aws-sdk-go/service/sts" 5 | ) 6 | 7 | type Interface interface { 8 | Lookup() (string, error) 9 | } 10 | 11 | type STS interface { 12 | GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error) 13 | } 14 | -------------------------------------------------------------------------------- /service/controller/resource/tccpi/template/template_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMain = ` 4 | {{- define "main" -}} 5 | AWSTemplateFormatVersion: 2010-09-09 6 | Description: Tenant Cluster Control Plane Initializer Cloud Formation Stack. 7 | Resources: 8 | {{ template "iam_roles" . }} 9 | {{ end }} 10 | ` 11 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/mount_log_volume.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const EphemeralVarLogMount = ` 4 | [Unit] 5 | Description=log data volume 6 | DefaultDependencies=no 7 | 8 | [Mount] 9 | What=/dev/disk/by-label/log 10 | Where=/var/log 11 | Type=xfs 12 | 13 | [Install] 14 | WantedBy=local-fs-pre.target 15 | ` 16 | -------------------------------------------------------------------------------- /service/controller/resource/tccpf/template/params_main_route_tables.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainRouteTables struct { 4 | PrivateRoutes []ParamsMainRouteTablesRoute 5 | } 6 | 7 | type ParamsMainRouteTablesRoute struct { 8 | RouteTableID string 9 | CidrBlock string 10 | PeerConnectionID string 11 | } 12 | -------------------------------------------------------------------------------- /pkg/annotation/annotation.go: -------------------------------------------------------------------------------- 1 | package annotation 2 | 3 | const ( 4 | Docs = "giantswarm.io/docs" 5 | InstanceID = "aws-operator.giantswarm.io/instance" 6 | LegacyAwsCniPodCidr = "aws-operator.giantswarm.io/legacy-aws-cni-pod-cidr" 7 | MachineDeploymentSubnet = "machine-deployment.giantswarm.io/subnet" 8 | ) 9 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupebsvolumes/create.go: -------------------------------------------------------------------------------- 1 | package cleanupebsvolumes 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | // EnsureCreated is a no-op, because the ebsvolume resource is only 8 | // interested in delete events. 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | return nil 11 | } 12 | -------------------------------------------------------------------------------- /service/controller/resource/ipam/delete.go: -------------------------------------------------------------------------------- 1 | package ipam 2 | 3 | import "context" 4 | 5 | // EnsureDeleted is a NOP for IPAM resource as allocated subnet will get 6 | // released when the guest cluster VPC and AWSConfig CR is deleted. 7 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/ephemeral_var_lib_docker_mount.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const EphemeralVarLibDockerMount = ` 4 | [Unit] 5 | Description=Mount ephemeral volume on /var/lib/docker 6 | [Mount] 7 | What=/dev/disk/by-label/docker 8 | Where=/var/lib/docker 9 | Type=xfs 10 | [Install] 11 | RequiredBy=local-fs.target 12 | ` 13 | -------------------------------------------------------------------------------- /flag/service/installation/guest/kubernetes/api/security/whitelist/whitelist.go: -------------------------------------------------------------------------------- 1 | package whitelist 2 | 3 | type Whitelist struct { 4 | Private Private 5 | Public Public 6 | } 7 | 8 | type Private struct { 9 | Enabled string 10 | SubnetList string 11 | } 12 | 13 | type Public struct { 14 | Enabled string 15 | SubnetList string 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuploadbalancers/create.go: -------------------------------------------------------------------------------- 1 | package cleanuploadbalancers 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | // EnsureCreated is a no-op, because the loadbalancer resource is only 8 | // interested in delete events. 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | return nil 11 | } 12 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/persistent_var_lib_docker_mount.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const PersistentVarLibDockerMount = ` 4 | [Unit] 5 | Description=Mount persistent volume on /var/lib/docker 6 | [Mount] 7 | What=/dev/disk/by-label/docker 8 | Where=/var/lib/docker 9 | Type=xfs 10 | [Install] 11 | RequiredBy=local-fs.target 12 | ` 13 | -------------------------------------------------------------------------------- /client/aws/error.go: -------------------------------------------------------------------------------- 1 | package aws 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /flag/service/installation/guest/guest.go: -------------------------------------------------------------------------------- 1 | package guest 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/ipam" 5 | "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/kubernetes" 6 | ) 7 | 8 | type Guest struct { 9 | IPAM ipam.IPAM 10 | Kubernetes kubernetes.Kubernetes 11 | } 12 | -------------------------------------------------------------------------------- /server/error.go: -------------------------------------------------------------------------------- 1 | package server 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/error.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | -------------------------------------------------------------------------------- /service/error.go: -------------------------------------------------------------------------------- 1 | package service 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/encryption_config.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const EncryptionConfig = `kind: EncryptionConfig 4 | apiVersion: v1 5 | resources: 6 | - resources: 7 | - secrets 8 | providers: 9 | - aescbc: 10 | keys: 11 | - name: key1 12 | secret: {{.EncryptionKey}} 13 | - identity: {}` 14 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/mount_etcd_volume_asg_masters.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const MountEtcdVolumeAsgMasters = ` 4 | [Unit] 5 | Description=etcd3 data volume 6 | Before=etcd3.service 7 | 8 | [Mount] 9 | What=/dev/disk/by-label/etcd 10 | Where=/var/lib/etcd 11 | Type=ext4 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | ` 16 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/mount_kubelet_volume.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const EphemeralVarLibKubeletMount = ` 4 | [Unit] 5 | Description=kubelet volume 6 | DefaultDependencies=no 7 | 8 | [Mount] 9 | What=/dev/disk/by-label/kubelet 10 | Where=/var/lib/kubelet 11 | Type=xfs 12 | 13 | [Install] 14 | WantedBy=local-fs-pre.target 15 | ` 16 | -------------------------------------------------------------------------------- /renovate.json5: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | // Base config - https://github.com/giantswarm/renovate-presets/blob/main/default.json5 4 | "github>giantswarm/renovate-presets:default.json5", 5 | // Go specific config - https://github.com/giantswarm/renovate-presets/blob/main/lang-go.json5 6 | "github>giantswarm/renovate-presets:lang-go.json5", 7 | ], 8 | } 9 | -------------------------------------------------------------------------------- /service/controller/resource/ipam/error.go: -------------------------------------------------------------------------------- 1 | package ipam 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalid config", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | -------------------------------------------------------------------------------- /server/endpoint/error.go: -------------------------------------------------------------------------------- 1 | package endpoint 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/controllercontext/error.go: -------------------------------------------------------------------------------- 1 | package controllercontext 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var notFoundError = µerror.Error{ 8 | Kind: "notFoundError", 9 | } 10 | 11 | // IsNotFound asserts notFoundError. 12 | func IsNotFound(err error) bool { 13 | return microerror.Cause(err) == notFoundError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/asgname/create.go: -------------------------------------------------------------------------------- 1 | package asgname 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/asgname/delete.go: -------------------------------------------------------------------------------- 1 | package asgname 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/asgstatus/create.go: -------------------------------------------------------------------------------- 1 | package asgstatus 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/asgstatus/delete.go: -------------------------------------------------------------------------------- 1 | package asgstatus 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/cpvpc/create.go: -------------------------------------------------------------------------------- 1 | package cpvpc 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.addVPCInfoToContext(ctx) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/tccpnoutputs/error.go: -------------------------------------------------------------------------------- 1 | package tccpnoutputs 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInsserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | -------------------------------------------------------------------------------- /service/controller/resource/tccpoutputs/error.go: -------------------------------------------------------------------------------- 1 | package tccpoutputs 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInsserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpazs/error.go: -------------------------------------------------------------------------------- 1 | package tcnpazs 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalid config", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpoutputs/error.go: -------------------------------------------------------------------------------- 1 | package tcnpoutputs 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInsserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/ephemeral_var_lib_containerd_mount.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const EphemeralVarLibContainerdMount = ` 4 | [Unit] 5 | Description=Mount ephemeral volume on /var/lib/containerd 6 | [Mount] 7 | What=/dev/disk/by-label/containerd 8 | Where=/var/lib/containerd 9 | Type=xfs 10 | [Install] 11 | RequiredBy=local-fs.target 12 | ` 13 | -------------------------------------------------------------------------------- /helm/aws-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: aws-operator 3 | description: The aws-operator manages Kubernetes clusters running on AWS. 4 | home: https://github.com/giantswarm/aws-operator 5 | version: [[ .Version ]] 6 | appVersion: [[ .AppVersion ]] 7 | annotations: 8 | application.giantswarm.io/team: "phoenix" 9 | config.giantswarm.io/version: 1.x.x 10 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_record_sets.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainRecordSets struct { 4 | BaseDomain string 5 | EtcdDomain string 6 | ClusterID string 7 | MasterInstanceResourceName string 8 | Route53Enabled bool 9 | VPCRegion string 10 | } 11 | -------------------------------------------------------------------------------- /service/controller/resource/tccpf/template/template_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMain = ` 4 | {{- define "main" -}} 5 | AWSTemplateFormatVersion: 2010-09-09 6 | Description: Tenant Cluster Control Plane Finalizer Cloud Formation Stack. 7 | Resources: 8 | {{ template "record_sets" . }} 9 | {{ template "route_tables" . }} 10 | {{ end }} 11 | ` 12 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/params_main_outputs.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainOutputs struct { 4 | DockerVolumeSizeGB string 5 | Instance ParamsMainOutputsInstance 6 | OperatorVersion string 7 | ReleaseVersion string 8 | } 9 | 10 | type ParamsMainOutputsInstance struct { 11 | Image string 12 | Type string 13 | } 14 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpstatus/create.go: -------------------------------------------------------------------------------- 1 | package tcnpstatus 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/persistent_var_lib_containerd_mount.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const PersistentVarLibContainerdMount = ` 4 | [Unit] 5 | Description=Mount persistent volume on /var/lib/containerd 6 | [Mount] 7 | What=/dev/disk/by-label/containerd 8 | Where=/var/lib/containerd 9 | Type=xfs 10 | [Install] 11 | RequiredBy=local-fs.target 12 | ` 13 | -------------------------------------------------------------------------------- /service/internal/releases/spec.go: -------------------------------------------------------------------------------- 1 | package releases 2 | 3 | import ( 4 | "context" 5 | 6 | releasev1alpha1 "github.com/giantswarm/release-operator/v4/api/v1alpha1" 7 | ) 8 | 9 | type Interface interface { 10 | // Release returns the release object from a certain version 11 | Release(ctx context.Context, version string) (releasev1alpha1.Release, error) 12 | } 13 | -------------------------------------------------------------------------------- /service/controller/resource/accountid/create.go: -------------------------------------------------------------------------------- 1 | package accountid 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.addAccountIDToContext(ctx) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/accountid/delete.go: -------------------------------------------------------------------------------- 1 | package accountid 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 10 | err := r.addAccountIDToContext(ctx) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/drainerfinalizer/create.go: -------------------------------------------------------------------------------- 1 | package drainerfinalizer 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/drainerfinalizer/delete.go: -------------------------------------------------------------------------------- 1 | package drainerfinalizer 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_internet_gateway.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainInternetGateway struct { 4 | ClusterID string 5 | InternetGateways []ParamsMainInternetGatewayInternetGateway 6 | } 7 | 8 | type ParamsMainInternetGatewayInternetGateway struct { 9 | InternetGatewayRoute string 10 | RouteTable string 11 | } 12 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpinstanceinfo/create.go: -------------------------------------------------------------------------------- 1 | package tcnpinstanceinfo 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /flag/service/installation/guest/kubernetes/api/api.go: -------------------------------------------------------------------------------- 1 | package api 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/kubernetes/api/auth" 5 | "github.com/giantswarm/aws-operator/v16/flag/service/installation/guest/kubernetes/api/security" 6 | ) 7 | 8 | type API struct { 9 | Auth auth.Auth 10 | Security security.Security 11 | } 12 | -------------------------------------------------------------------------------- /service/controller/resource/cproutetables/create.go: -------------------------------------------------------------------------------- 1 | package cproutetables 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.addRouteTablesToContext(ctx) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/drainerinitializer/create.go: -------------------------------------------------------------------------------- 1 | package drainerinitializer 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/drainerinitializer/delete.go: -------------------------------------------------------------------------------- 1 | package drainerinitializer 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 10 | err := r.ensure(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | return nil 16 | } 17 | -------------------------------------------------------------------------------- /service/controller/resource/accountid/error.go: -------------------------------------------------------------------------------- 1 | package accountid 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/keepforcrs/error.go: -------------------------------------------------------------------------------- 1 | package keepforcrs 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpstatus/error.go: -------------------------------------------------------------------------------- 1 | package tcnpstatus 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/internal/changedetection/error.go: -------------------------------------------------------------------------------- 1 | package changedetection 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupenis/error.go: -------------------------------------------------------------------------------- 1 | package cleanupenis 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/eniconfigcrs/error.go: -------------------------------------------------------------------------------- 1 | package eniconfigcrs 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/tenantclients/error.go: -------------------------------------------------------------------------------- 1 | package tenantclients 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/secretfinalizer/error.go: -------------------------------------------------------------------------------- 1 | package secretfinalizer 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcidstatus/error.go: -------------------------------------------------------------------------------- 1 | package tccpvpcidstatus 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "resource.default.name" . }} 5 | namespace: {{ include "resource.default.namespace" . }} 6 | labels: 7 | {{- include "labels.common" . | nindent 4 }} 8 | spec: 9 | ports: 10 | - name: http 11 | port: 8000 12 | selector: 13 | {{- include "labels.selector" . | nindent 4 }} 14 | -------------------------------------------------------------------------------- /pkg/awstags/s3.go: -------------------------------------------------------------------------------- 1 | package awstags 2 | 3 | import ( 4 | "github.com/aws/aws-sdk-go/aws" 5 | "github.com/aws/aws-sdk-go/service/s3" 6 | ) 7 | 8 | func NewS3(tags map[string]string) []*s3.Tag { 9 | var ts []*s3.Tag 10 | for k, v := range tags { 11 | t := &s3.Tag{ 12 | Key: aws.String(k), 13 | Value: aws.String(v), 14 | } 15 | ts = append(ts, t) 16 | } 17 | 18 | return ts 19 | } 20 | -------------------------------------------------------------------------------- /service/controller/key/cilium.go: -------------------------------------------------------------------------------- 1 | package key 2 | 3 | import ( 4 | "github.com/giantswarm/k8smetadata/pkg/annotation" 5 | apiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1" 6 | ) 7 | 8 | func ForceDisableCiliumKubeProxyReplacement(cluster apiv1beta1.Cluster) bool { 9 | v, found := cluster.Annotations[annotation.CiliumForceDisableKubeProxyAnnotation] 10 | 11 | return found && v == "true" 12 | } 13 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupebsvolumes/error.go: -------------------------------------------------------------------------------- 1 | package cleanupebsvolumes 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuprecordsets/error.go: -------------------------------------------------------------------------------- 1 | package cleanuprecordsets 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupvpcpeerings/error.go: -------------------------------------------------------------------------------- 1 | package cleanupvpcpeerings 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/encryptionensurer/error.go: -------------------------------------------------------------------------------- 1 | package encryptionensurer 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/params_main_etcd_volume.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainEtcdVolume struct { 4 | List []ParamsMainEtcdVolumeItem 5 | } 6 | 7 | type ParamsMainEtcdVolumeItem struct { 8 | AvailabilityZone string 9 | Iops int 10 | Name string 11 | Resource string 12 | SnapshotID string 13 | Throughput int 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/natgatewayaddresses/error.go: -------------------------------------------------------------------------------- 1 | package natgatewayaddresses 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /pkg/awstags/kms.go: -------------------------------------------------------------------------------- 1 | package awstags 2 | 3 | import ( 4 | "github.com/aws/aws-sdk-go/aws" 5 | "github.com/aws/aws-sdk-go/service/kms" 6 | ) 7 | 8 | func NewKMS(tags map[string]string) []*kms.Tag { 9 | var ts []*kms.Tag 10 | for k, v := range tags { 11 | t := &kms.Tag{ 12 | TagKey: aws.String(k), 13 | TagValue: aws.String(v), 14 | } 15 | ts = append(ts, t) 16 | } 17 | 18 | return ts 19 | } 20 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupmachinedeployments/error.go: -------------------------------------------------------------------------------- 1 | package cleanupmachinedeployments 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/decrypt_tls_assets_service.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const DecryptTLSAssetsService = ` 4 | [Unit] 5 | Description=Decrypt TLS certificates 6 | Before=k8s-kubelet.service 7 | After=wait-for-domains.service 8 | Requires=wait-for-domains.service 9 | 10 | [Service] 11 | Type=oneshot 12 | ExecStart=/opt/bin/decrypt-tls-assets 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | ` 17 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/decrypt_keys_assets_service.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const DecryptKeysAssetsService = ` 4 | [Unit] 5 | Description=Decrypt Keys assets 6 | Before=k8s-kubelet.service 7 | After=decrypt-tls-assets.service 8 | Requires=decrypt-tls-assets.service 9 | 10 | [Service] 11 | Type=oneshot 12 | ExecStart=/opt/bin/decrypt-keys-assets 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | ` 17 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/ingress_controller_config_map.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const IngressControllerConfigMap = `kind: ConfigMap 4 | apiVersion: v1 5 | metadata: 6 | name: ingress-nginx 7 | namespace: kube-system 8 | labels: 9 | k8s-addon: ingress-nginx.addons.k8s.io 10 | data: 11 | server-name-hash-bucket-size: "1024" 12 | server-name-hash-max-size: "1024" 13 | use-proxy-protocol: "true" 14 | ` 15 | -------------------------------------------------------------------------------- /flag/service/cluster/cluster.go: -------------------------------------------------------------------------------- 1 | package cluster 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster/calico" 5 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster/docker" 6 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster/kubernetes" 7 | ) 8 | 9 | type Cluster struct { 10 | Calico calico.Calico 11 | Docker docker.Docker 12 | Kubernetes kubernetes.Kubernetes 13 | } 14 | -------------------------------------------------------------------------------- /service/controller/resource/ipam/test_checker.go: -------------------------------------------------------------------------------- 1 | package ipam 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | type TestChecker struct { 8 | proceed bool 9 | } 10 | 11 | func NewTestChecker(proceed bool) *TestChecker { 12 | a := &TestChecker{ 13 | proceed: proceed, 14 | } 15 | 16 | return a 17 | } 18 | 19 | func (c *TestChecker) Check(ctx context.Context, namespace string, name string) (bool, error) { 20 | return c.proceed, nil 21 | } 22 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/template_main_outputs.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainOutputs = ` 4 | {{- define "outputs" -}} 5 | InstanceType: 6 | Value: {{ .Outputs.InstanceType }} 7 | MasterReplicas: 8 | Value: {{ .Outputs.MasterReplicas }} 9 | OperatorVersion: 10 | Value: {{ .Outputs.OperatorVersion }} 11 | ReleaseVersion: 12 | Value: {{ .Outputs.ReleaseVersion }} 13 | {{- end -}} 14 | ` 15 | -------------------------------------------------------------------------------- /service/controller/resource/tccpf/template/params_main_record_sets.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainRecordSets struct { 4 | BaseDomain string 5 | ClusterID string 6 | ControlPlaneInternalHostedZoneID string 7 | ControlPlaneHostedZoneID string 8 | TenantAPIPublicLoadBalancer string 9 | TenantHostedZoneNameServers string 10 | Route53Enabled bool 11 | } 12 | -------------------------------------------------------------------------------- /service/internal/cloudformation/spec.go: -------------------------------------------------------------------------------- 1 | package cloudformation 2 | 3 | import "github.com/aws/aws-sdk-go/service/cloudformation" 4 | 5 | // CF provides a set of methods to work with CloudFormation stacks. 6 | // *CloudFormation struct from 7 | // "github.com/aws/aws-sdk-go/service/cloudformation" fulfils this interface. 8 | type CF interface { 9 | DescribeStacks(input *cloudformation.DescribeStacksInput) (*cloudformation.DescribeStacksOutput, error) 10 | } 11 | -------------------------------------------------------------------------------- /pkg/awstags/cloud_formation.go: -------------------------------------------------------------------------------- 1 | package awstags 2 | 3 | import ( 4 | "github.com/aws/aws-sdk-go/aws" 5 | "github.com/aws/aws-sdk-go/service/cloudformation" 6 | ) 7 | 8 | func NewCloudFormation(tags map[string]string) []*cloudformation.Tag { 9 | var ts []*cloudformation.Tag 10 | for k, v := range tags { 11 | t := &cloudformation.Tag{ 12 | Key: aws.String(k), 13 | Value: aws.String(v), 14 | } 15 | ts = append(ts, t) 16 | } 17 | 18 | return ts 19 | } 20 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpf/template/template_main_route_tables.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainRouteTables = ` 4 | {{- define "route_tables" -}} 5 | {{- range .RouteTables.PeeringConnections }} 6 | {{ .Name }}: 7 | Type: AWS::EC2::Route 8 | Properties: 9 | DestinationCidrBlock: {{ .Subnet.CIDR }} 10 | RouteTableId: {{ .RouteTable.ID }} 11 | VpcPeeringConnectionId: {{ .ID }} 12 | {{- end }} 13 | {{- end -}} 14 | ` 15 | -------------------------------------------------------------------------------- /service/controller/resource/tccpi/template/render.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | 6 | "github.com/giantswarm/aws-operator/v16/pkg/template" 7 | ) 8 | 9 | func Render(v interface{}) (string, error) { 10 | l := []string{ 11 | TemplateMain, 12 | TemplateMainIAMRoles, 13 | } 14 | 15 | s, err := template.Render(l, v) 16 | if err != nil { 17 | return "", microerror.Mask(err) 18 | } 19 | 20 | return s, nil 21 | } 22 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpf/template/render.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | 6 | "github.com/giantswarm/aws-operator/v16/pkg/template" 7 | ) 8 | 9 | func Render(v interface{}) (string, error) { 10 | l := []string{ 11 | TemplateMain, 12 | TemplateMainRouteTables, 13 | } 14 | 15 | s, err := template.Render(l, v) 16 | if err != nil { 17 | return "", microerror.Mask(err) 18 | } 19 | 20 | return s, nil 21 | } 22 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/nvme_set_timeouts_unit.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const NVMESetTimeoutsUnit = `[Unit] 4 | Description=Set NVME timeouts 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/bin/sh -c "\ 8 | [ -d /sys/module/nvme_core/parameters ] && \ 9 | echo 10 > /sys/module/nvme_core/parameters/max_retries && \ 10 | echo 255 > /sys/module/nvme_core/parameters/io_timeout || echo 'No NVMe present.'" 11 | [Install] 12 | WantedBy=multi-user.target 13 | ` 14 | -------------------------------------------------------------------------------- /service/controller/key/key.go: -------------------------------------------------------------------------------- 1 | package key 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/pkg/label" 5 | "github.com/giantswarm/aws-operator/v16/pkg/project" 6 | ) 7 | 8 | func VersionLabelSelector(enabled bool, overridenVersion string) string { 9 | if !enabled { 10 | return "" 11 | } 12 | 13 | version := project.Version() 14 | if overridenVersion != "" { 15 | version = overridenVersion 16 | } 17 | 18 | return label.OperatorVersion + "=" + version 19 | } 20 | -------------------------------------------------------------------------------- /service/controller/resource/ipam/test_collector.go: -------------------------------------------------------------------------------- 1 | package ipam 2 | 3 | import ( 4 | "context" 5 | "net" 6 | ) 7 | 8 | type TestCollector struct { 9 | subnets []net.IPNet 10 | } 11 | 12 | func NewTestCollector(subnets []net.IPNet) *TestCollector { 13 | c := &TestCollector{ 14 | subnets: subnets, 15 | } 16 | 17 | return c 18 | } 19 | 20 | func (c *TestCollector) Collect(ctx context.Context, networkRange net.IPNet) ([]net.IPNet, error) { 21 | return c.subnets, nil 22 | } 23 | -------------------------------------------------------------------------------- /service/controller/resource/awsclient/delete.go: -------------------------------------------------------------------------------- 1 | package awsclient 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 10 | cr, err := r.toClusterFunc(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | err = r.addAWSClientsToContext(ctx, cr) 16 | if err != nil { 17 | return microerror.Mask(err) 18 | } 19 | 20 | return nil 21 | } 22 | -------------------------------------------------------------------------------- /service/controller/resource/tccpf/template/template_main_route_tables.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainRouteTables = ` 4 | {{- define "route_tables" -}} 5 | {{- range $i, $r := .RouteTables.PrivateRoutes }} 6 | PrivateRoute{{$i}}: 7 | Type: AWS::EC2::Route 8 | Properties: 9 | RouteTableId: {{$r.RouteTableID}} 10 | DestinationCidrBlock: {{$r.CidrBlock}} 11 | VpcPeeringConnectionId: {{$r.PeerConnectionID}} 12 | {{- end }} 13 | {{- end -}} 14 | ` 15 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/set-hostname.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const SetHostname = ` 4 | [Unit] 5 | Description=set proper hostname for k8s 6 | Requires=wait-for-domains.service 7 | After=wait-for-domains.service 8 | Before=k8s-kubelet.service 9 | 10 | [Service] 11 | Type=oneshot 12 | RemainAfterExit=yes 13 | ExecStart=/bin/bash -c "hostnamectl set-hostname $(/opt/imds-client /latest/meta-data/local-hostname)" 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | ` 18 | -------------------------------------------------------------------------------- /service/controller/resource/tccpi/template/params_main_iam_roles.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainIAMRoles struct { 4 | PeerAccessRoleName string 5 | Tenant ParamsMainIAMRolesTenant 6 | } 7 | 8 | type ParamsMainIAMRolesTenant struct { 9 | AWS ParamsMainIAMRolesTenantAWS 10 | } 11 | 12 | type ParamsMainIAMRolesTenantAWS struct { 13 | Account ParamsMainIAMRolesTenantAWSAccount 14 | } 15 | 16 | type ParamsMainIAMRolesTenantAWSAccount struct { 17 | ID string 18 | } 19 | -------------------------------------------------------------------------------- /service/controller/resource/tccpsecuritygroups/create.go: -------------------------------------------------------------------------------- 1 | package tccpsecuritygroups 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | cr, err := r.toClusterFunc(ctx, obj) 11 | if err != nil { 12 | return microerror.Mask(err) 13 | } 14 | 15 | err = r.addInfoToCtx(ctx, cr) 16 | if err != nil { 17 | return microerror.Mask(err) 18 | } 19 | 20 | return nil 21 | } 22 | -------------------------------------------------------------------------------- /flag/service/cluster/kubernetes/kubernetes.go: -------------------------------------------------------------------------------- 1 | package kubernetes 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster/kubernetes/api" 5 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster/kubernetes/networksetup" 6 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster/kubernetes/ssh" 7 | ) 8 | 9 | type Kubernetes struct { 10 | API api.API 11 | ClusterDomain string 12 | NetworkSetup networksetup.NetworkSetup 13 | SSH ssh.SSH 14 | } 15 | -------------------------------------------------------------------------------- /okteto.yml: -------------------------------------------------------------------------------- 1 | name: aws-operator 2 | labels: 3 | app: aws-operator 4 | app.giantswarm.io/branch: liveedit 5 | image: okteto/golang:1 6 | command: 7 | - bash 8 | workdir: /okteto 9 | forward: 10 | - 2345:2345 11 | - 8000:8000 12 | volumes: 13 | - /go/pkg/ 14 | - /root/.cache/go-build/ 15 | persistentVolume: 16 | enabled: true 17 | storageClass: gp3 18 | resources: 19 | limits: 20 | cpu: "2" 21 | memory: 2Gi 22 | securityContext: 23 | runAsUser: 0 24 | runAsGroup: 1000 25 | fsGroup: 1000 26 | -------------------------------------------------------------------------------- /service/controller/resource/tccpf/template/render.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | 6 | "github.com/giantswarm/aws-operator/v16/pkg/template" 7 | ) 8 | 9 | func Render(v interface{}) (string, error) { 10 | l := []string{ 11 | TemplateMain, 12 | TemplateMainRecordSets, 13 | TemplateMainRouteTables, 14 | } 15 | 16 | s, err := template.Render(l, v) 17 | if err != nil { 18 | return "", microerror.Mask(err) 19 | } 20 | 21 | return s, nil 22 | } 23 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/config.go: -------------------------------------------------------------------------------- 1 | package tccp 2 | 3 | // ConfigAPIWhitelist defines guest cluster k8s public/private api whitelisting. 4 | type ConfigAPIWhitelist struct { 5 | Private ConfigAPIWhitelistSecurityGroup 6 | Public ConfigAPIWhitelistSecurityGroup 7 | } 8 | 9 | // ConfigAPIWhitelistSecurityGroup represents the structure required for 10 | // defining whitelisting for resource security group 11 | type ConfigAPIWhitelistSecurityGroup struct { 12 | Enabled bool 13 | SubnetList []string 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/template_main_outputs.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainOutputs = ` 4 | {{- define "outputs" -}} 5 | DockerVolumeSizeGB: 6 | Value: {{ .Outputs.DockerVolumeSizeGB }} 7 | InstanceImage: 8 | Value: {{ .Outputs.Instance.Image }} 9 | InstanceType: 10 | Value: {{ .Outputs.Instance.Type }} 11 | OperatorVersion: 12 | Value: {{ .Outputs.OperatorVersion }} 13 | ReleaseVersion: 14 | Value: {{ .Outputs.ReleaseVersion }} 15 | {{- end -}} 16 | ` 17 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/params_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | // ParamsMain is the data structure for the Tenant Cluster Control Plane Nodes 4 | // template. 5 | type ParamsMain struct { 6 | AutoScalingGroup *ParamsMainAutoScalingGroup 7 | ENI *ParamsMainENI 8 | EtcdVolume *ParamsMainEtcdVolume 9 | IAMPolicies *ParamsMainIAMPolicies 10 | LaunchTemplate *ParamsMainLaunchTemplate 11 | Outputs *ParamsMainOutputs 12 | RecordSets *ParamsMainRecordSets 13 | } 14 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMain struct { 4 | EnableAWSCNI bool 5 | InternetGateway *ParamsMainInternetGateway 6 | LoadBalancers *ParamsMainLoadBalancers 7 | NATGateway *ParamsMainNATGateway 8 | Outputs *ParamsMainOutputs 9 | RecordSets *ParamsMainRecordSets 10 | RouteTables *ParamsMainRouteTables 11 | SecurityGroups *ParamsMainSecurityGroups 12 | Subnets *ParamsMainSubnets 13 | VPC *ParamsMainVPC 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/controllercontext/client.go: -------------------------------------------------------------------------------- 1 | package controllercontext 2 | 3 | import ( 4 | "github.com/giantswarm/k8sclient/v7/pkg/k8sclient" 5 | 6 | "github.com/giantswarm/aws-operator/v16/client/aws" 7 | ) 8 | 9 | type ContextClient struct { 10 | ControlPlane ContextClientControlPlane 11 | TenantCluster ContextClientTenantCluster 12 | } 13 | 14 | type ContextClientControlPlane struct { 15 | AWS aws.Clients 16 | } 17 | 18 | type ContextClientTenantCluster struct { 19 | AWS aws.Clients 20 | K8s k8sclient.Interface 21 | } 22 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/types.go: -------------------------------------------------------------------------------- 1 | package cloudconfig 2 | 3 | type TemplateData struct { 4 | AWSCNIAdditionalTags string 5 | AWSCNIMinimumIPTarget string 6 | AWSCNIPrefix bool 7 | AWSCNIWarmIPTarget string 8 | AWSCNIVersion string 9 | AWSRegion string 10 | BaseDomain string 11 | ExternalSNAT bool 12 | IsChinaRegion bool 13 | MasterENIName string 14 | MasterEtcdVolumeName string 15 | MasterID int 16 | RegistryDomain string 17 | } 18 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/params_main_record_sets.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainRecordSets struct { 4 | BaseDomain string 5 | ClusterID string 6 | InternalHostedZoneID string 7 | Records []ParamsMainRecordSetsRecord 8 | Route53Enabled bool 9 | } 10 | 11 | type ParamsMainRecordSetsRecord struct { 12 | ENI ParamsMainRecordSetsRecordENI 13 | Resource string 14 | Value string 15 | } 16 | 17 | type ParamsMainRecordSetsRecordENI struct { 18 | Resource string 19 | } 20 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/params_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | // ParamsMain is the data structure for the Tenant Cluster Node Pool template. 4 | type ParamsMain struct { 5 | AutoScalingGroup *ParamsMainAutoScalingGroup 6 | IAMPolicies *ParamsMainIAMPolicies 7 | LaunchTemplate *ParamsMainLaunchTemplate 8 | Outputs *ParamsMainOutputs 9 | RouteTables *ParamsMainRouteTables 10 | SecurityGroups *ParamsMainSecurityGroups 11 | Subnets *ParamsMainSubnets 12 | VPC *ParamsMainVPC 13 | } 14 | -------------------------------------------------------------------------------- /service/internal/unittest/default_irsa-cloudfront-configmap.go: -------------------------------------------------------------------------------- 1 | package unittest 2 | 3 | import ( 4 | "fmt" 5 | 6 | v1 "k8s.io/api/core/v1" 7 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 8 | ) 9 | 10 | func DefaultIRSACloudfrontConfigMap() v1.ConfigMap { 11 | return v1.ConfigMap{ 12 | ObjectMeta: metav1.ObjectMeta{ 13 | Name: fmt.Sprintf("%s-irsa-cloudfront", DefaultClusterID), 14 | Namespace: metav1.NamespaceDefault, 15 | }, 16 | Data: map[string]string{ 17 | "domain": "122424fd.cloudfront.net", 18 | }, 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/params_main_iam_policies.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainIAMPolicies struct { 4 | Cluster ParamsMainIAMPoliciesCluster 5 | EC2ServiceDomain string 6 | EnableAWSCNI bool 7 | CiliumENIMode bool 8 | KMSKeyARN string 9 | NodePool ParamsMainIAMPoliciesNodePool 10 | RegionARN string 11 | S3Bucket string 12 | } 13 | 14 | type ParamsMainIAMPoliciesCluster struct { 15 | ID string 16 | } 17 | 18 | type ParamsMainIAMPoliciesNodePool struct { 19 | ID string 20 | } 21 | -------------------------------------------------------------------------------- /pkg/template/template_test.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "testing" 5 | ) 6 | 7 | func Test_Template_Render(t *testing.T) { 8 | t.Parallel() 9 | tpl := "some string <{{.Value}}> another string" 10 | d := struct { 11 | Value string 12 | }{"myvalue"} 13 | expected := "some string another string" 14 | 15 | actual, err := Render([]string{tpl}, d) 16 | if err != nil { 17 | t.Errorf("unexpected error %v", err) 18 | } 19 | 20 | if actual != expected { 21 | t.Errorf("unexpected output, want %q, got %q", expected, actual) 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/template_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMain = ` 4 | {{- define "main" -}} 5 | AWSTemplateFormatVersion: 2010-09-09 6 | Description: Tenant Cluster Control Plane Nodes Cloud Formation Stack. 7 | Outputs: 8 | {{ template "outputs" . }} 9 | Resources: 10 | {{- template "auto_scaling_group" . }} 11 | {{- template "eni" . }} 12 | {{- template "etcd_volume" . }} 13 | {{ template "iam_policies" . }} 14 | {{- template "launch_template" . }} 15 | {{- template "record_sets" . }} 16 | {{ end }} 17 | ` 18 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_nat_gateway.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainNATGateway struct { 4 | Gateways []ParamsMainNATGatewayGateway 5 | NATRoutes []ParamsMainNATGatewayNATRoute 6 | } 7 | 8 | type ParamsMainNATGatewayGateway struct { 9 | AvailabilityZone string 10 | ClusterID string 11 | NATGWName string 12 | NATEIPName string 13 | PublicSubnetName string 14 | } 15 | 16 | type ParamsMainNATGatewayNATRoute struct { 17 | NATGWName string 18 | NATRouteName string 19 | RouteTableName string 20 | } 21 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpsecuritygroups/create.go: -------------------------------------------------------------------------------- 1 | package tcnpsecuritygroups 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 9 | ) 10 | 11 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 12 | cr, err := key.ToMachineDeployment(obj) 13 | if err != nil { 14 | return microerror.Mask(err) 15 | } 16 | 17 | err = r.addInfoToCtx(ctx, cr) 18 | if err != nil { 19 | return microerror.Mask(err) 20 | } 21 | 22 | return nil 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/key/legacy.go: -------------------------------------------------------------------------------- 1 | package key 2 | 3 | import ( 4 | g8sv1alpha1 "github.com/giantswarm/apiextensions/v6/pkg/apis/provider/v1alpha1" 5 | 6 | "github.com/giantswarm/aws-operator/v16/service/internal/templates/cloudconfig" 7 | ) 8 | 9 | // NOTE that code below is deprecated and needs refactoring. 10 | 11 | func CloudConfigSmallTemplates() []string { 12 | return []string{ 13 | cloudconfig.Small, 14 | } 15 | } 16 | 17 | func StatusAWSConfigNetworkCIDR(customObject g8sv1alpha1.AWSConfig) string { 18 | return customObject.Status.Cluster.Network.CIDR 19 | } 20 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/params_main_iam_policies.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainIAMPolicies struct { 4 | AccountID string 5 | AWSBaseDomain string 6 | CloudfrontAliasDomain string 7 | CloudfrontDomain string 8 | ClusterID string 9 | EC2ServiceDomain string 10 | HostedZoneID string 11 | InternalHostedZoneID string 12 | KMSKeyARN string 13 | Region string 14 | RegionARN string 15 | S3Bucket string 16 | Route53Enabled bool 17 | } 18 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/template_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMain = ` 4 | {{- define "main" -}} 5 | AWSTemplateFormatVersion: 2010-09-09 6 | Description: Tenant Cluster Node Pool Cloud Formation Stack. 7 | Outputs: 8 | {{ template "outputs" . }} 9 | Resources: 10 | {{ template "auto_scaling_group" . }} 11 | {{ template "iam_policies" . }} 12 | {{ template "launch_template" . }} 13 | {{ template "route_tables" . }} 14 | {{ template "security_groups" . }} 15 | {{ template "subnets" . }} 16 | {{ template "vpc" . }} 17 | {{ end }} 18 | ` 19 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpf/template/params_main_route_tables.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainRouteTables struct { 4 | PeeringConnections []ParamsMainVPCPeeringConnection 5 | } 6 | 7 | type ParamsMainVPCPeeringConnection struct { 8 | ID string 9 | Name string 10 | RouteTable ParamsMainVPCPeeringConnectionRouteTable 11 | Subnet ParamsMainVPCPeeringConnectionSubnet 12 | } 13 | 14 | type ParamsMainVPCPeeringConnectionRouteTable struct { 15 | ID string 16 | } 17 | 18 | type ParamsMainVPCPeeringConnectionSubnet struct { 19 | CIDR string 20 | } 21 | -------------------------------------------------------------------------------- /service/controller/resource/encryptionensurer/create.go: -------------------------------------------------------------------------------- 1 | package encryptionensurer 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 9 | ) 10 | 11 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 12 | cr, err := key.ToCluster(ctx, obj) 13 | if err != nil { 14 | return microerror.Mask(err) 15 | } 16 | 17 | err = r.encrypter.EnsureCreatedEncryptionKey(ctx, cr) 18 | if err != nil { 19 | return microerror.Mask(err) 20 | } 21 | 22 | return nil 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/encryptionensurer/delete.go: -------------------------------------------------------------------------------- 1 | package encryptionensurer 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 9 | ) 10 | 11 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 12 | cr, err := key.ToCluster(ctx, obj) 13 | if err != nil { 14 | return microerror.Mask(err) 15 | } 16 | 17 | err = r.encrypter.EnsureDeletedEncryptionKey(ctx, cr) 18 | if err != nil { 19 | return microerror.Mask(err) 20 | } 21 | 22 | return nil 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/natgatewayaddresses/create.go: -------------------------------------------------------------------------------- 1 | package natgatewayaddresses 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 9 | ) 10 | 11 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 12 | cr, err := key.ToCluster(ctx, obj) 13 | if err != nil { 14 | return microerror.Mask(err) 15 | } 16 | 17 | err = r.addNATGatewayAddressesToContext(ctx, cr) 18 | if err != nil { 19 | return microerror.Mask(err) 20 | } 21 | 22 | return nil 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/natgatewayaddresses/delete.go: -------------------------------------------------------------------------------- 1 | package natgatewayaddresses 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 9 | ) 10 | 11 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 12 | cr, err := key.ToCluster(ctx, obj) 13 | if err != nil { 14 | return microerror.Mask(err) 15 | } 16 | 17 | err = r.addNATGatewayAddressesToContext(ctx, cr) 18 | if err != nil { 19 | return microerror.Mask(err) 20 | } 21 | 22 | return nil 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_vpc.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainVPC struct { 4 | CidrBlock string 5 | CIDRBlockAWSCNI string 6 | ClusterID string 7 | InstallationName string 8 | HostAccountID string 9 | PeerVPCID string 10 | PeerRoleArn string 11 | Region string 12 | RegionARN string 13 | RouteTableNames []ParamsMainVPCRouteTableName 14 | } 15 | 16 | type ParamsMainVPCRouteTableName struct { 17 | AvailabilityZone string 18 | ResourceName string 19 | VPCPeeringRouteName string 20 | } 21 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/instance_storage_class.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const InstanceStorageClassContent = `apiVersion: storage.k8s.io/v1 4 | kind: StorageClass 5 | metadata: 6 | name: gp2 7 | labels: 8 | kubernetes.io/cluster-service: "true" 9 | addonmanager.kubernetes.io/mode: EnsureExists 10 | provisioner: kubernetes.io/aws-ebs 11 | allowVolumeExpansion: true 12 | volumeBindingMode: WaitForFirstConsumer 13 | parameters: 14 | type: gp2 15 | ` 16 | const InstanceStorageClassEncryptedContent = InstanceStorageClassContent + ` 17 | encrypted: "true" 18 | ` 19 | -------------------------------------------------------------------------------- /service/internal/unittest/file_name.go: -------------------------------------------------------------------------------- 1 | package unittest 2 | 3 | import "unicode" 4 | 5 | // NormalizeFileName converts all non-digit, non-letter runes in input string to 6 | // dash ('-'). Coalesces multiple dashes into one. 7 | func NormalizeFileName(s string) string { 8 | var result []rune 9 | for _, r := range s { 10 | if unicode.IsDigit(r) || unicode.IsLetter(r) { 11 | result = append(result, r) 12 | } else { 13 | l := len(result) 14 | if l > 0 && result[l-1] != '-' { 15 | result = append(result, rune('-')) 16 | } 17 | } 18 | } 19 | return string(result) 20 | } 21 | -------------------------------------------------------------------------------- /.github/workflows/zz_generated.gitleaks.yaml: -------------------------------------------------------------------------------- 1 | # DO NOT EDIT. Generated with: 2 | # 3 | # devctl 4 | # 5 | # https://github.com/giantswarm/devctl/blob/7a2bb1c2403407b720ec16e047f804471a57209e/pkg/gen/input/workflows/internal/file/gitleaks.yaml.template 6 | # 7 | name: gitleaks 8 | 9 | on: [pull_request] 10 | 11 | jobs: 12 | gitleaks: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 16 | with: 17 | fetch-depth: '0' 18 | - name: gitleaks-action 19 | uses: giantswarm/gitleaks-action@main 20 | -------------------------------------------------------------------------------- /policies/README.md: -------------------------------------------------------------------------------- 1 | # Policies 2 | 3 | The `aws-operator` needs IAM permissions in order to properly manage tenant 4 | clusters on AWS. 5 | 6 | The recommended way of setting up the account for aws-operator is using [our 7 | terraform modules]. 8 | 9 | If you prefer to do it manually see [our setup docs]. 10 | 11 | [our setup docs]: https://github.com/giantswarm/docs/blob/master/src/content/guides/prepare-aws-account-for-tenant-clusters/index.md#prepare-an-aws-account-to-run-giant-swarm-clusters 12 | [our terraform modules]: https://github.com/giantswarm/giantswarm-aws-account-prerequisites 13 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/template_main_eni.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainENI = ` 4 | {{- define "eni" -}} 5 | {{ range .ENI.List }} 6 | {{ .Resource }}: 7 | Type: AWS::EC2::NetworkInterface 8 | Properties: 9 | Description: A Network interface used for etcd. 10 | GroupSet: 11 | - {{ .SecurityGroupID }} 12 | SubnetId: {{ .SubnetID }} 13 | Tags: 14 | - Key: Name 15 | Value: {{ .Name }} 16 | - Key: node.k8s.amazonaws.com/no_manage 17 | Value: "true" 18 | {{- end -}} 19 | {{- end -}} 20 | ` 21 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_route_tables.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainRouteTables struct { 4 | ClusterID string 5 | HostClusterCIDR string 6 | 7 | AWSCNIRouteTableNames []ParamsMainRouteTablesRouteTableName 8 | PrivateRouteTableNames []ParamsMainRouteTablesRouteTableName 9 | PublicRouteTableNames []ParamsMainRouteTablesRouteTableName 10 | } 11 | 12 | type ParamsMainRouteTablesRouteTableName struct { 13 | AvailabilityZone string 14 | AvailabilityZoneRegion string 15 | ResourceName string 16 | VPCPeeringRouteName string 17 | } 18 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_outputs.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainOutputs struct { 4 | Master ParamsMainOutputsMaster 5 | OperatorVersion string 6 | Route53Enabled bool 7 | } 8 | 9 | type ParamsMainOutputsMaster struct { 10 | ImageID string 11 | Instance ParamsMainOutputsMasterInstance 12 | DockerVolume ParamsMainOutputsMasterDockerVolume 13 | } 14 | 15 | type ParamsMainOutputsMasterInstance struct { 16 | ResourceName string 17 | Type string 18 | } 19 | 20 | type ParamsMainOutputsMasterDockerVolume struct { 21 | ResourceName string 22 | } 23 | -------------------------------------------------------------------------------- /pkg/template/template.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "bytes" 5 | "text/template" 6 | 7 | "github.com/giantswarm/microerror" 8 | ) 9 | 10 | func Render(templates []string, data interface{}) (string, error) { 11 | var err error 12 | 13 | main := template.New("main") 14 | for _, t := range templates { 15 | main, err = main.Parse(t) 16 | if err != nil { 17 | return "", microerror.Mask(err) 18 | } 19 | } 20 | 21 | var b bytes.Buffer 22 | err = main.ExecuteTemplate(&b, "main", data) 23 | if err != nil { 24 | return "", microerror.Mask(err) 25 | } 26 | 27 | return b.String(), nil 28 | } 29 | -------------------------------------------------------------------------------- /service/internal/unittest/default_network_pool.go: -------------------------------------------------------------------------------- 1 | package unittest 2 | 3 | import ( 4 | infrastructurev1alpha3 "github.com/giantswarm/apiextensions/v6/pkg/apis/infrastructure/v1alpha3" 5 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 6 | ) 7 | 8 | func DefaultNetworkPool(cidr string) infrastructurev1alpha3.NetworkPool { 9 | cr := infrastructurev1alpha3.NetworkPool{ 10 | ObjectMeta: metav1.ObjectMeta{ 11 | Name: DefaultClusterID, 12 | Namespace: metav1.NamespaceDefault, 13 | }, 14 | Spec: infrastructurev1alpha3.NetworkPoolSpec{ 15 | CIDRBlock: cidr, 16 | }, 17 | } 18 | 19 | return cr 20 | } 21 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/template_main.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMain = ` 4 | {{- define "main" -}} 5 | AWSTemplateFormatVersion: 2010-09-09 6 | Description: Tenant Cluster Control Plane Cloud Formation Stack. 7 | Outputs: 8 | {{ template "outputs" . }} 9 | Resources: 10 | {{ template "internet_gateway" . }} 11 | {{ template "load_balancers" . }} 12 | {{ template "nat_gateway" . }} 13 | {{ template "record_sets" . }} 14 | {{ template "route_tables" . }} 15 | {{ template "security_groups" . }} 16 | {{ template "subnets" . }} 17 | {{ template "vpc" .}} 18 | {{- end -}} 19 | ` 20 | -------------------------------------------------------------------------------- /service/controller/resource/tenantclients/delete.go: -------------------------------------------------------------------------------- 1 | package tenantclients 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | // EnsureDeleted is not putting the tenant clients into the controller context 8 | // because we do not want to interact with the Tenant Cluster API on delete 9 | // events. This is to reduce eventual friction. Cluster deletion should not be 10 | // affected only because the Tenant Cluster API is not available for some 11 | // reason. Other resources must not rely on tenant clients on delete events. 12 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 13 | return nil 14 | } 15 | -------------------------------------------------------------------------------- /service/internal/unittest/default_release.go: -------------------------------------------------------------------------------- 1 | package unittest 2 | 3 | import ( 4 | releasev1alpha1 "github.com/giantswarm/release-operator/v4/api/v1alpha1" 5 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 6 | ) 7 | 8 | func DefaultRelease() releasev1alpha1.Release { 9 | cr := releasev1alpha1.Release{ 10 | ObjectMeta: metav1.ObjectMeta{ 11 | Name: "v100.0.0", 12 | }, 13 | Spec: releasev1alpha1.ReleaseSpec{ 14 | Components: []releasev1alpha1.ReleaseSpecComponent{ 15 | { 16 | Name: "containerlinux", 17 | Version: "2345.3.1", 18 | }, 19 | }, 20 | }, 21 | } 22 | 23 | return cr 24 | } 25 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: {{ include "resource.default.name" . }} 6 | namespace: {{ include "resource.default.namespace" . }} 7 | labels: 8 | {{- include "labels.common" . | nindent 4 }} 9 | stringData: 10 | aws-secret.yaml: | 11 | service: 12 | aws: 13 | hostAccessKey: 14 | id: {{ .Values.aws.accessKeyID }} 15 | secret: {{ .Values.aws.secretAccessKey }} 16 | dockerhub-secret.yaml: | 17 | service: 18 | registry: 19 | dockerhubToken: {{ .Values.registry.dockerhub.token | quote }} 20 | -------------------------------------------------------------------------------- /pkg/project/project.go: -------------------------------------------------------------------------------- 1 | package project 2 | 3 | var ( 4 | description = "The aws-operator manages Kubernetes clusters running on AWS." 5 | gitSHA = "n/a" 6 | name string = "aws-operator" 7 | source string = "https://github.com/giantswarm/aws-operator" 8 | version = "16.1.2-dev" 9 | ) 10 | 11 | func Description() string { 12 | return description 13 | } 14 | 15 | func GitSHA() string { 16 | return gitSHA 17 | } 18 | 19 | func Name() string { 20 | return name 21 | } 22 | 23 | func Source() string { 24 | return source 25 | } 26 | 27 | func Version() string { 28 | return version 29 | } 30 | -------------------------------------------------------------------------------- /service/controller/resource/tccpsubnets/error.go: -------------------------------------------------------------------------------- 1 | package tccpsubnets 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | 16 | var vpcNotFoundError = µerror.Error{ 17 | Kind: "vpcNotFoundError", 18 | } 19 | 20 | // IsVPCNotFound asserts vpcNotFoundError. 21 | func IsVPCNotFound(err error) bool { 22 | return microerror.Cause(err) == vpcNotFoundError 23 | } 24 | -------------------------------------------------------------------------------- /service/internal/accountid/error.go: -------------------------------------------------------------------------------- 1 | package accountid 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidAccountIDError = µerror.Error{ 6 | Kind: "invalidAccountIDError", 7 | } 8 | 9 | // IsInvalidAccountID asserts invalidAccountIDError. 10 | func IsInvalidAccountID(err error) bool { 11 | return microerror.Cause(err) == invalidAccountIDError 12 | } 13 | 14 | var invalidConfigError = µerror.Error{ 15 | Kind: "invalidConfigError", 16 | } 17 | 18 | // IsInvalidConfig asserts invalidConfigError. 19 | func IsInvalidConfig(err error) bool { 20 | return microerror.Cause(err) == invalidConfigError 21 | } 22 | -------------------------------------------------------------------------------- /service/internal/unittest/default_images.go: -------------------------------------------------------------------------------- 1 | package unittest 2 | 3 | import k8scloudconfig "github.com/giantswarm/k8scloudconfig/v18/pkg/template" 4 | 5 | func DefaultImages() k8scloudconfig.Images { 6 | return k8scloudconfig.Images{ 7 | CalicoCNI: "1.0.0", 8 | CalicoKubeControllers: "1.0.0", 9 | CalicoNode: "1.0.0", 10 | Etcd: "1.0.0", 11 | Hyperkube: "1.0.0", 12 | KubernetesAPIHealthz: "9ccdc9dc55a01b1fde2aea73901d0a699909c9cd", 13 | KubernetesNetworkSetupDocker: "9ccdc9dc55a01b1fde2aea73901d0a699909c9cd", 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/vpa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling.k8s.io/v1 2 | kind: VerticalPodAutoscaler 3 | metadata: 4 | name: {{ include "resource.default.name" . }} 5 | namespace: {{ include "resource.default.namespace" . }} 6 | labels: 7 | {{- include "labels.common" . | nindent 4 }} 8 | spec: 9 | resourcePolicy: 10 | containerPolicies: 11 | - containerName: {{ .Chart.Name }} 12 | controlledValues: RequestsAndLimits 13 | mode: Auto 14 | targetRef: 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | name: {{ include "resource.default.name" . }} 18 | updatePolicy: 19 | updateMode: Auto 20 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuploadbalancers/error.go: -------------------------------------------------------------------------------- 1 | package cleanuploadbalancers 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | 16 | var wrongTypeError = µerror.Error{ 17 | Kind: "wrongTypeError", 18 | } 19 | 20 | // IsWrongType asserts wrongTypeError. 21 | func IsWrongType(err error) bool { 22 | return microerror.Cause(err) == wrongTypeError 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/ipam/test_persister.go: -------------------------------------------------------------------------------- 1 | package ipam 2 | 3 | import ( 4 | "context" 5 | "net" 6 | "reflect" 7 | 8 | "github.com/giantswarm/microerror" 9 | ) 10 | 11 | type TestPersister struct { 12 | subnet net.IPNet 13 | } 14 | 15 | func NewTestPersister(subnet net.IPNet) *TestPersister { 16 | p := &TestPersister{ 17 | subnet: subnet, 18 | } 19 | 20 | return p 21 | } 22 | 23 | func (p *TestPersister) Persist(ctx context.Context, subnet net.IPNet, namespace string, name string) error { 24 | if !reflect.DeepEqual(subnet, p.subnet) { 25 | return microerror.Mask(invalidConfigError) 26 | } 27 | 28 | return nil 29 | } 30 | -------------------------------------------------------------------------------- /pkg/awstags/ec2.go: -------------------------------------------------------------------------------- 1 | package awstags 2 | 3 | import "github.com/aws/aws-sdk-go/service/ec2" 4 | 5 | func HasTag(tags []*ec2.Tag, key string) bool { 6 | for _, t := range tags { 7 | if *t.Key == key { 8 | return true 9 | } 10 | } 11 | 12 | return false 13 | } 14 | 15 | func HasTags(tags []*ec2.Tag, keys ...string) bool { 16 | for _, k := range keys { 17 | if !HasTag(tags, k) { 18 | return false 19 | } 20 | } 21 | 22 | return true 23 | } 24 | 25 | func ValueForKey(tags []*ec2.Tag, key string) string { 26 | for _, t := range tags { 27 | if *t.Key == key { 28 | return *t.Value 29 | } 30 | } 31 | 32 | return "" 33 | } 34 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.22.1 AS builder 2 | ENV GO111MODULE=on 3 | COPY go.mod /etc/go.mod 4 | RUN git clone --depth 1 --branch $(cat /etc/go.mod | grep k8scloudconfig | awk '{print $2}') https://github.com/giantswarm/k8scloudconfig.git && cp -r k8scloudconfig /opt/k8scloudconfig 5 | 6 | FROM alpine:3.19.1 7 | 8 | RUN apk add --no-cache ca-certificates 9 | 10 | RUN mkdir -p /opt/aws-operator 11 | ADD ./aws-operator /opt/aws-operator/aws-operator 12 | 13 | RUN mkdir -p /opt/ignition 14 | COPY --from=builder /opt/k8scloudconfig /opt/ignition 15 | 16 | WORKDIR /opt/aws-operator 17 | 18 | EXPOSE 8000 19 | ENTRYPOINT ["/opt/aws-operator/aws-operator"] 20 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ include "resource.default.name" . }} 6 | namespace: {{ include "resource.default.namespace" . }} 7 | labels: 8 | {{- include "labels.common" . | nindent 4 }} 9 | spec: 10 | endpoints: 11 | - interval: {{ .Values.serviceMonitor.interval }} 12 | path: /metrics 13 | port: http 14 | scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} 15 | selector: 16 | matchLabels: 17 | {{- include "labels.selector" . | nindent 6 }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/render.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | 6 | "github.com/giantswarm/aws-operator/v16/pkg/template" 7 | ) 8 | 9 | func Render(v interface{}) (string, error) { 10 | l := []string{ 11 | TemplateMain, 12 | TemplateMainAutoScalingGroup, 13 | TemplateMainENI, 14 | TemplateMainEtcdVolume, 15 | TemplateMainIAMPolicies, 16 | TemplateMainLaunchTemplate, 17 | TemplateMainOutputs, 18 | TemplateMainRecordSets, 19 | } 20 | 21 | s, err := template.Render(l, v) 22 | if err != nil { 23 | return "", microerror.Mask(err) 24 | } 25 | 26 | return s, nil 27 | } 28 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/template_main_record_sets.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainRecordSets = ` 4 | {{- define "record_sets" -}} 5 | {{- $v := .RecordSets -}} 6 | {{- if $v.Route53Enabled -}} 7 | {{ range $r := $v.Records }} 8 | {{ $r.Resource }}: 9 | Type: AWS::Route53::RecordSet 10 | Properties: 11 | ResourceRecords: 12 | - !GetAtt {{ $r.ENI.Resource }}.PrimaryPrivateIpAddress 13 | Name: '{{ $r.Value }}.{{ $v.ClusterID }}.k8s.{{ $v.BaseDomain }}.' 14 | HostedZoneId: {{ $v.InternalHostedZoneID }} 15 | Type: A 16 | TTL: 60 17 | {{- end -}} 18 | {{- end -}} 19 | {{- end -}} 20 | ` 21 | -------------------------------------------------------------------------------- /service/controller/resource/terminateunhealthynode/error.go: -------------------------------------------------------------------------------- 1 | package terminateunhealthynode 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var invalidConfigError = µerror.Error{ 8 | Kind: "invalidConfigError", 9 | } 10 | 11 | // IsInvalidConfig asserts invalidConfigError. 12 | func IsInvalidConfig(err error) bool { 13 | return microerror.Cause(err) == invalidConfigError 14 | } 15 | 16 | var invalidProviderIDError = µerror.Error{ 17 | Kind: "invalidProviderID", 18 | } 19 | 20 | // IsInvalidProviderID asserts invalidConfigError. 21 | func IsInvalidProviderID(err error) bool { 22 | return microerror.Cause(err) == invalidProviderIDError 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/region/error.go: -------------------------------------------------------------------------------- 1 | package region 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "k8s.io/apimachinery/pkg/api/errors" 6 | ) 7 | 8 | var invalidConfigError = µerror.Error{ 9 | Kind: "invalidConfigError", 10 | } 11 | 12 | // IsInvalidConfig asserts invalidConfigError. 13 | func IsInvalidConfig(err error) bool { 14 | return microerror.Cause(err) == invalidConfigError 15 | } 16 | 17 | var notFoundError = µerror.Error{ 18 | Kind: "notFoundError", 19 | } 20 | 21 | // IsNotFound asserts notFoundError. 22 | func IsNotFound(err error) bool { 23 | c := microerror.Cause(err) 24 | return c == notFoundError || errors.IsNotFound(c) 25 | } 26 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_subnets.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainSubnets struct { 4 | AWSCNISubnets []ParamsMainSubnetsSubnet 5 | PublicSubnets []ParamsMainSubnetsSubnet 6 | PrivateSubnets []ParamsMainSubnetsSubnet 7 | } 8 | 9 | type ParamsMainSubnetsSubnet struct { 10 | AvailabilityZone string 11 | CIDR string 12 | Name string 13 | MapPublicIPOnLaunch bool 14 | RouteTableAssociation ParamsMainSubnetsSubnetRouteTableAssociation 15 | } 16 | 17 | type ParamsMainSubnetsSubnetRouteTableAssociation struct { 18 | Name string 19 | RouteTableName string 20 | SubnetName string 21 | } 22 | -------------------------------------------------------------------------------- /service/controller/resource/awsclient/error.go: -------------------------------------------------------------------------------- 1 | package awsclient 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "k8s.io/apimachinery/pkg/api/errors" 6 | ) 7 | 8 | var invalidConfigError = µerror.Error{ 9 | Kind: "invalidConfigError", 10 | } 11 | 12 | // IsInvalidConfig asserts invalidConfigError. 13 | func IsInvalidConfig(err error) bool { 14 | return microerror.Cause(err) == invalidConfigError 15 | } 16 | 17 | var notFoundError = µerror.Error{ 18 | Kind: "notFoundError", 19 | } 20 | 21 | // IsNotFound asserts notFoundError. 22 | func IsNotFound(err error) bool { 23 | c := microerror.Cause(err) 24 | return c == notFoundError || errors.IsNotFound(c) 25 | } 26 | -------------------------------------------------------------------------------- /service/controller/resource/tccpnatgateways/error.go: -------------------------------------------------------------------------------- 1 | package tccpnatgateways 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "k8s.io/apimachinery/pkg/api/errors" 6 | ) 7 | 8 | var invalidConfigError = µerror.Error{ 9 | Kind: "invalidConfigError", 10 | } 11 | 12 | // IsInsserts invalidConfigError. 13 | func IsInvalidConfig(err error) bool { 14 | return microerror.Cause(err) == invalidConfigError 15 | } 16 | 17 | var notFoundError = µerror.Error{ 18 | Kind: "notFoundError", 19 | } 20 | 21 | // IsNotFound asserts notFoundError. 22 | func IsNotFound(err error) bool { 23 | c := microerror.Cause(err) 24 | return c == notFoundError || errors.IsNotFound(c) 25 | } 26 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/render.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | 6 | "github.com/giantswarm/aws-operator/v16/pkg/template" 7 | ) 8 | 9 | func Render(v interface{}) (string, error) { 10 | l := []string{ 11 | TemplateMain, 12 | TemplateMainAutoScalingGroup, 13 | TemplateMainIAMPolicies, 14 | TemplateMainLaunchTemplate, 15 | TemplateMainOutputs, 16 | TemplateMainRouteTables, 17 | TemplateMainSecurityGroups, 18 | TemplateMainSubnets, 19 | TemplateMainVPC, 20 | } 21 | 22 | s, err := template.Render(l, v) 23 | if err != nil { 24 | return "", microerror.Mask(err) 25 | } 26 | 27 | return s, nil 28 | } 29 | -------------------------------------------------------------------------------- /service/internal/asg/spec.go: -------------------------------------------------------------------------------- 1 | package asg 2 | 3 | import "context" 4 | 5 | // Interface describes how implementations should behave when providing 6 | // information about ASGs. Note that when caching enabled the returned results 7 | // stay consistently the same throughout a reconciliation loop. 8 | type Interface interface { 9 | // Drainable returns any drainable ASG name found. When using this method the 10 | // returned ASG name will be the first one found having an active lifecycle 11 | // hook configured. E.g. when using an implementation configured for HA 12 | // Masters. Note that there may be one or three masters. 13 | Drainable(ctx context.Context, obj interface{}) (string, error) 14 | } 15 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/template_main_outputs.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainOutputs = ` 4 | {{- define "outputs" -}} 5 | {{- if .Outputs.Route53Enabled -}} 6 | APIServerPublicLoadBalancer: 7 | Value: !GetAtt ApiLoadBalancer.DNSName 8 | HostedZoneID: 9 | Value: !Ref HostedZone 10 | InternalHostedZoneID: 11 | Value: !Ref InternalHostedZone 12 | HostedZoneNameServers: 13 | Value: !Join [ ',', !GetAtt 'HostedZone.NameServers' ] 14 | {{ end -}} 15 | OperatorVersion: 16 | Value: {{ .Outputs.OperatorVersion }} 17 | VPCID: 18 | Value: !Ref VPC 19 | VPCPeeringConnectionID: 20 | Value: !Ref VPCPeeringConnection 21 | {{- end -}} 22 | ` 23 | -------------------------------------------------------------------------------- /service/controller/resource/snapshotid/resource.go: -------------------------------------------------------------------------------- 1 | package snapshotid 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "snapshotid" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | } 15 | 16 | type Resource struct { 17 | logger micrologger.Logger 18 | } 19 | 20 | func New(config Config) (*Resource, error) { 21 | if config.Logger == nil { 22 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 23 | } 24 | 25 | r := &Resource{ 26 | logger: config.Logger, 27 | } 28 | 29 | return r, nil 30 | } 31 | 32 | func (r *Resource) Name() string { 33 | return Name 34 | } 35 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/render.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | 6 | "github.com/giantswarm/aws-operator/v16/pkg/template" 7 | ) 8 | 9 | func Render(v interface{}) (string, error) { 10 | l := []string{ 11 | TemplateMain, 12 | TemplateMainInternetGateway, 13 | TemplateMainLoadBalancers, 14 | TemplateMainNatGateway, 15 | TemplateMainOutputs, 16 | TemplateMainRecordSets, 17 | TemplateMainRouteTables, 18 | TemplateMainSecurityGroups, 19 | TemplateMainSubnets, 20 | TemplateMainVPC, 21 | } 22 | 23 | s, err := template.Render(l, v) 24 | if err != nil { 25 | return "", microerror.Mask(err) 26 | } 27 | 28 | return s, nil 29 | } 30 | -------------------------------------------------------------------------------- /flag/service/service.go: -------------------------------------------------------------------------------- 1 | package service 2 | 3 | import ( 4 | "github.com/giantswarm/operatorkit/v7/pkg/flag/service/kubernetes" 5 | 6 | "github.com/giantswarm/aws-operator/v16/flag/service/aws" 7 | "github.com/giantswarm/aws-operator/v16/flag/service/cluster" 8 | "github.com/giantswarm/aws-operator/v16/flag/service/guest" 9 | "github.com/giantswarm/aws-operator/v16/flag/service/installation" 10 | "github.com/giantswarm/aws-operator/v16/flag/service/registry" 11 | ) 12 | 13 | type Service struct { 14 | AWS aws.AWS 15 | Cluster cluster.Cluster 16 | Guest guest.Guest 17 | Installation installation.Installation 18 | Kubernetes kubernetes.Kubernetes 19 | Registry registry.Registry 20 | } 21 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupenis/resource.go: -------------------------------------------------------------------------------- 1 | package cleanupenis 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "cleanupenis" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | } 15 | 16 | type Resource struct { 17 | logger micrologger.Logger 18 | } 19 | 20 | func New(config Config) (*Resource, error) { 21 | if config.Logger == nil { 22 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 23 | } 24 | 25 | r := &Resource{ 26 | logger: config.Logger, 27 | } 28 | 29 | return r, nil 30 | } 31 | 32 | func (r *Resource) Name() string { 33 | return Name 34 | } 35 | -------------------------------------------------------------------------------- /service/controller/resource/eniconfigcrs/resource.go: -------------------------------------------------------------------------------- 1 | package eniconfigcrs 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "eniconfigcrs" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | } 15 | 16 | type Resource struct { 17 | logger micrologger.Logger 18 | } 19 | 20 | func New(config Config) (*Resource, error) { 21 | if config.Logger == nil { 22 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 23 | } 24 | 25 | r := &Resource{ 26 | logger: config.Logger, 27 | } 28 | 29 | return r, nil 30 | } 31 | 32 | func (r *Resource) Name() string { 33 | return Name 34 | } 35 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/network-policy.yaml: -------------------------------------------------------------------------------- 1 | kind: NetworkPolicy 2 | apiVersion: networking.k8s.io/v1 3 | metadata: 4 | name: {{ include "resource.networkPolicy.name" . }} 5 | namespace: {{ include "resource.default.namespace" . }} 6 | labels: 7 | {{- include "labels.common" . | nindent 4 }} 8 | spec: 9 | podSelector: 10 | matchLabels: 11 | {{- include "labels.selector" . | nindent 6 }} 12 | {{- if .Values.ports.ingress }} 13 | ingress: 14 | - ports: 15 | {{- range .Values.ports.ingress }} 16 | - port: {{ .port }} 17 | protocol: {{ .protocol }} 18 | {{- end }} 19 | {{- else }} 20 | ingress: [] 21 | {{- end }} 22 | egress: 23 | - {} 24 | policyTypes: 25 | - Egress 26 | - Ingress 27 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuptccpniamroles/resource.go: -------------------------------------------------------------------------------- 1 | package cleanuptccpniamroles 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "cleanuptccpniamroles" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | } 15 | 16 | type Resource struct { 17 | logger micrologger.Logger 18 | } 19 | 20 | func New(config Config) (*Resource, error) { 21 | if config.Logger == nil { 22 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 23 | } 24 | 25 | r := &Resource{ 26 | logger: config.Logger, 27 | } 28 | 29 | return r, nil 30 | } 31 | 32 | func (r *Resource) Name() string { 33 | return Name 34 | } 35 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuptcnpiamroles/resource.go: -------------------------------------------------------------------------------- 1 | package cleanuptcnpiamroles 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "cleanuptcnpiamroles" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | } 15 | 16 | type Resource struct { 17 | logger micrologger.Logger 18 | } 19 | 20 | func New(config Config) (*Resource, error) { 21 | if config.Logger == nil { 22 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 23 | } 24 | 25 | r := &Resource{ 26 | logger: config.Logger, 27 | } 28 | 29 | return r, nil 30 | } 31 | 32 | func (r *Resource) Name() string { 33 | return Name 34 | } 35 | -------------------------------------------------------------------------------- /flag/service/installation/guest/ipam/network/network.go: -------------------------------------------------------------------------------- 1 | package network 2 | 3 | type Network struct { 4 | // CIDR is network segment from which IPAM allocates subnets for guest 5 | // clusters. 6 | CIDR string 7 | 8 | // SubnetMaskBits is number of bits in guest cluster subnet mask. This 9 | // defines size of the guest cluster subnet that is allocated from CIDR. 10 | SubnetMaskBits string 11 | 12 | // PrivateSubnetMaskBits is number of bits in guest cluster private subnet 13 | // mask. This must be smaller than SubnetMaskBits. 14 | PrivateSubnetMaskBits string 15 | 16 | // PublicSubnetMaskBits is number of bits in guest cluster public subnet 17 | // mask. This must be smaller than SubnetMaskBits. 18 | PublicSubnetMaskBits string 19 | } 20 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupsecuritygroups/resource.go: -------------------------------------------------------------------------------- 1 | package cleanupsecuritygroups 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "cleanupsecuritygroups" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | } 15 | 16 | type Resource struct { 17 | logger micrologger.Logger 18 | } 19 | 20 | func New(config Config) (*Resource, error) { 21 | if config.Logger == nil { 22 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 23 | } 24 | 25 | r := &Resource{ 26 | logger: config.Logger, 27 | } 28 | 29 | return r, nil 30 | } 31 | 32 | func (r *Resource) Name() string { 33 | return Name 34 | } 35 | -------------------------------------------------------------------------------- /service/controller/resource/tccpsubnets/create.go: -------------------------------------------------------------------------------- 1 | package tccpsubnets 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 10 | { 11 | r.logger.Debugf(ctx, "finding the tenant cluster's control plane subnets") 12 | 13 | err := r.addSubnetsToContext(ctx) 14 | if IsVPCNotFound(err) { 15 | r.logger.Debugf(ctx, "the tenant cluster's control plane vpc id is not available yet") 16 | r.logger.Debugf(ctx, "canceling resource") 17 | 18 | return nil 19 | } else if err != nil { 20 | return microerror.Mask(err) 21 | } 22 | 23 | r.logger.Debugf(ctx, "found the tenant cluster's control plane subnets") 24 | } 25 | 26 | return nil 27 | } 28 | -------------------------------------------------------------------------------- /pkg/label/label.go: -------------------------------------------------------------------------------- 1 | package label 2 | 3 | const ( 4 | App = "app" 5 | ) 6 | 7 | const ( 8 | Cluster = "giantswarm.io/cluster" 9 | ControlPlane = "giantswarm.io/control-plane" 10 | MachineDeployment = "giantswarm.io/machine-deployment" 11 | MasterID = "giantswarm.io/master-id" 12 | Organization = "giantswarm.io/organization" 13 | Provider = "giantswarm.io/provider" 14 | CGroupVersion = "cgroups.giantswarm.io/version" 15 | ) 16 | 17 | const ( 18 | ClusterOperatorVersion = "cluster-operator.giantswarm.io/version" 19 | MachineDeploymentSubnet = "machine-deployment.giantswarm.io/subnet" 20 | OperatorVersion = "aws-operator.giantswarm.io/version" 21 | Release = "release.giantswarm.io/version" 22 | ) 23 | -------------------------------------------------------------------------------- /service/internal/asg/error.go: -------------------------------------------------------------------------------- 1 | package asg 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | 14 | var noASGError = µerror.Error{ 15 | Kind: "noASGError", 16 | } 17 | 18 | // IsNoASG asserts noASGError. 19 | func IsNoASG(err error) bool { 20 | return microerror.Cause(err) == noASGError 21 | } 22 | 23 | var noDrainableError = µerror.Error{ 24 | Kind: "noDrainableError", 25 | } 26 | 27 | // IsNoDrainable asserts noDrainableError. 28 | func IsNoDrainable(err error) bool { 29 | return microerror.Cause(err) == noDrainableError 30 | } 31 | -------------------------------------------------------------------------------- /service/controller/resource/awsclient/create.go: -------------------------------------------------------------------------------- 1 | package awsclient 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | "github.com/giantswarm/operatorkit/v7/pkg/controller/context/reconciliationcanceledcontext" 8 | ) 9 | 10 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 11 | cr, err := r.toClusterFunc(ctx, obj) 12 | if IsNotFound(err) { 13 | r.logger.Debugf(ctx, "cluster cr not available yet") 14 | r.logger.Debugf(ctx, "canceling reconciliation") 15 | reconciliationcanceledcontext.SetCanceled(ctx) 16 | 17 | return nil 18 | } else if err != nil { 19 | return microerror.Mask(err) 20 | } 21 | 22 | err = r.addAWSClientsToContext(ctx, cr) 23 | if err != nil { 24 | return microerror.Mask(err) 25 | } 26 | 27 | return nil 28 | } 29 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/params_main_auto_scaling_group.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainAutoScalingGroup struct { 4 | List []ParamsMainAutoScalingGroupItem 5 | HAMasters bool 6 | } 7 | 8 | type ParamsMainAutoScalingGroupItem struct { 9 | AvailabilityZone string 10 | ClusterID string 11 | DependsOn []string 12 | LaunchTemplate ParamsMainAutoScalingGroupItemLaunchTemplate 13 | LoadBalancers ParamsMainAutoScalingGroupItemLoadBalancers 14 | Resource string 15 | SubnetID string 16 | } 17 | 18 | type ParamsMainAutoScalingGroupItemLaunchTemplate struct { 19 | Resource string 20 | } 21 | 22 | type ParamsMainAutoScalingGroupItemLoadBalancers struct { 23 | ApiInternalName string 24 | ApiName string 25 | EtcdName string 26 | } 27 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_security_groups.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import "github.com/aws/aws-sdk-go/service/ec2" 4 | 5 | type ParamsMainSecurityGroups struct { 6 | APIWhitelist ParamsMainSecurityGroupsAPIWhitelist 7 | ClusterID string 8 | ControlPlaneNATGatewayAddresses []*ec2.Address 9 | ControlPlaneVPCCIDR string 10 | TenantClusterVPCCIDR string 11 | TenantClusterCNICIDR string 12 | } 13 | 14 | type ParamsMainSecurityGroupsAPIWhitelist struct { 15 | Private ParamsMainSecurityGroupsAPIWhitelistSecurityGroup 16 | Public ParamsMainSecurityGroupsAPIWhitelistSecurityGroup 17 | } 18 | 19 | type ParamsMainSecurityGroupsAPIWhitelistSecurityGroup struct { 20 | Enabled bool 21 | SubnetList []string 22 | } 23 | -------------------------------------------------------------------------------- /service/controller/resource/tccpi/testdata/case-0-basic-test.golden: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: Tenant Cluster Control Plane Initializer Cloud Formation Stack. 3 | Resources: 4 | PeerRole: 5 | Type: 'AWS::IAM::Role' 6 | Properties: 7 | RoleName: 8y5ck-vpc-peer-access 8 | AssumeRolePolicyDocument: 9 | Statement: 10 | - Principal: 11 | AWS: 'tenant-account' 12 | Action: 13 | - 'sts:AssumeRole' 14 | Effect: Allow 15 | Path: / 16 | Policies: 17 | - PolicyName: root 18 | PolicyDocument: 19 | Version: 2012-10-17 20 | Statement: 21 | - Effect: Allow 22 | Action: 'ec2:AcceptVpcPeeringConnection' 23 | Resource: '*' 24 | -------------------------------------------------------------------------------- /service/controller/key/error.go: -------------------------------------------------------------------------------- 1 | package key 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidParameterError = µerror.Error{ 6 | Kind: "invalid parameter", 7 | } 8 | 9 | // IsInvalidParameter asserts invalidParameterError. 10 | func IsInvalidParameter(err error) bool { 11 | return microerror.Cause(err) == invalidParameterError 12 | } 13 | 14 | var notFoundError = µerror.Error{ 15 | Kind: "notFoundError", 16 | } 17 | 18 | // IsNotFound asserts notFoundError. 19 | func IsNotFound(err error) bool { 20 | return microerror.Cause(err) == notFoundError 21 | } 22 | 23 | var wrongTypeError = µerror.Error{ 24 | Kind: "wrongTypeError", 25 | } 26 | 27 | // IsWrongTypeError asserts wrongTypeError. 28 | func IsWrongTypeError(err error) bool { 29 | return microerror.Cause(err) == wrongTypeError 30 | } 31 | -------------------------------------------------------------------------------- /service/controller/resource/bridgezone/error.go: -------------------------------------------------------------------------------- 1 | package bridgezone 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var executionError = µerror.Error{ 6 | Kind: "executionError", 7 | } 8 | 9 | // IsExecution asserts executionError. 10 | func IsExecution(err error) bool { 11 | return microerror.Cause(err) == executionError 12 | } 13 | 14 | var invalidConfigError = µerror.Error{ 15 | Kind: "invalidConfigError", 16 | } 17 | 18 | // IsInvalidConfig asserts invalidConfigError. 19 | func IsInvalidConfig(err error) bool { 20 | return microerror.Cause(err) == invalidConfigError 21 | } 22 | 23 | var notFoundError = µerror.Error{ 24 | Kind: "notFoundError", 25 | } 26 | 27 | // IsNotFound asserts notFoundError. 28 | func IsNotFound(err error) bool { 29 | return microerror.Cause(err) == notFoundError 30 | } 31 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/template_main_route_table.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainRouteTables = ` 4 | {{- define "route_tables" -}} 5 | {{- range .RouteTables.List }} 6 | {{ .Name }}: 7 | Type: AWS::EC2::RouteTable 8 | Properties: 9 | VpcId: {{ .TCCP.VPC.ID }} 10 | Tags: 11 | - Key: Name 12 | Value: {{ .ClusterID }}-private-{{ .NodePoolID }} 13 | - Key: giantswarm.io/availability-zone 14 | Value: {{ .AvailabilityZone }} 15 | - Key: giantswarm.io/route-table-type 16 | Value: private 17 | {{ .Route.Name }}: 18 | Type: AWS::EC2::Route 19 | Properties: 20 | RouteTableId: !Ref {{ .Name }} 21 | DestinationCidrBlock: 0.0.0.0/0 22 | NatGatewayId: {{ .TCCP.NATGateway.ID }} 23 | {{- end }} 24 | {{- end -}} 25 | ` 26 | -------------------------------------------------------------------------------- /service/controller/resource/asgname/error.go: -------------------------------------------------------------------------------- 1 | package asgname 2 | 3 | import ( 4 | "strings" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | var invalidConfigError = µerror.Error{ 10 | Kind: "invalidConfigError", 11 | } 12 | 13 | // IsInvalidConfig asserts invalidConfigError. 14 | func IsInvalidConfig(err error) bool { 15 | return microerror.Cause(err) == invalidConfigError 16 | } 17 | 18 | var notFoundError = µerror.Error{ 19 | Kind: "notFoundError", 20 | } 21 | 22 | // IsNotFound asserts notFoundError. 23 | func IsNotFound(err error) bool { 24 | c := microerror.Cause(err) 25 | 26 | if c == nil { 27 | return false 28 | } 29 | 30 | if strings.Contains(c.Error(), "does not exist") { 31 | return true 32 | } 33 | 34 | if c == notFoundError { 35 | return true 36 | } 37 | 38 | return false 39 | } 40 | -------------------------------------------------------------------------------- /service/controller/resource/service/error.go: -------------------------------------------------------------------------------- 1 | package service 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | 14 | var notFoundError = µerror.Error{ 15 | Kind: "notFoundError", 16 | } 17 | 18 | // IsNotFound asserts notFoundError. 19 | func IsNotFound(err error) bool { 20 | return microerror.Cause(err) == notFoundError 21 | } 22 | 23 | var wrongTypeError = µerror.Error{ 24 | Kind: "wrongTypeError", 25 | } 26 | 27 | // IsWrongTypeError asserts wrongTypeError. 28 | func IsWrongTypeError(err error) bool { 29 | return microerror.Cause(err) == wrongTypeError 30 | } 31 | -------------------------------------------------------------------------------- /service/controller/resource/tccpi/template/template_main_iam_roles.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainIAMRoles = ` 4 | {{- define "iam_roles" -}} 5 | PeerRole: 6 | Type: 'AWS::IAM::Role' 7 | Properties: 8 | RoleName: {{ .IAMRoles.PeerAccessRoleName }} 9 | AssumeRolePolicyDocument: 10 | Statement: 11 | - Principal: 12 | AWS: '{{ .IAMRoles.Tenant.AWS.Account.ID }}' 13 | Action: 14 | - 'sts:AssumeRole' 15 | Effect: Allow 16 | Path: / 17 | Policies: 18 | - PolicyName: root 19 | PolicyDocument: 20 | Version: 2012-10-17 21 | Statement: 22 | - Effect: Allow 23 | Action: 'ec2:AcceptVpcPeeringConnection' 24 | Resource: '*' 25 | {{- end -}} 26 | ` 27 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupvpcpeerings/resource.go: -------------------------------------------------------------------------------- 1 | package cleanupvpcpeerings 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "cleanupvpcpeerings" 10 | ) 11 | 12 | const ( 13 | vpcStatusDeleting = "deleting" 14 | vpcStatusDeleted = "deleted" 15 | ) 16 | 17 | type Config struct { 18 | Logger micrologger.Logger 19 | } 20 | 21 | type Resource struct { 22 | logger micrologger.Logger 23 | } 24 | 25 | func New(config Config) (*Resource, error) { 26 | if config.Logger == nil { 27 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 28 | } 29 | 30 | r := &Resource{ 31 | logger: config.Logger, 32 | } 33 | 34 | return r, nil 35 | } 36 | 37 | func (r *Resource) Name() string { 38 | return Name 39 | } 40 | -------------------------------------------------------------------------------- /service/controller/resource/endpoints/error.go: -------------------------------------------------------------------------------- 1 | package endpoints 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | 14 | var notFoundError = µerror.Error{ 15 | Kind: "notFoundError", 16 | } 17 | 18 | // IsNotFound asserts notFoundError. 19 | func IsNotFound(err error) bool { 20 | return microerror.Cause(err) == notFoundError 21 | } 22 | 23 | var wrongTypeError = µerror.Error{ 24 | Kind: "wrongTypeError", 25 | } 26 | 27 | // IsWrongTypeError asserts wrongTypeError. 28 | func IsWrongTypeError(err error) bool { 29 | return microerror.Cause(err) == wrongTypeError 30 | } 31 | -------------------------------------------------------------------------------- /service/controller/resource/tccpazs/types.go: -------------------------------------------------------------------------------- 1 | package tccpazs 2 | 3 | import "net" 4 | 5 | // mapping is temporary type for mapping existing subnets from controllercontext 6 | // to AZs. 7 | type mapping struct { 8 | AWSCNI network 9 | Public network 10 | Private network 11 | } 12 | 13 | type network struct { 14 | Subnet subnet 15 | } 16 | 17 | type subnet struct { 18 | CIDR net.IPNet 19 | ID string 20 | } 21 | 22 | func (m mapping) PublicSubnetEmpty() bool { 23 | return m.Public.Subnet.CIDR.IP == nil && m.Public.Subnet.CIDR.Mask == nil 24 | } 25 | 26 | func (m mapping) PrivateSubnetEmpty() bool { 27 | return m.Private.Subnet.CIDR.IP == nil && m.Private.Subnet.CIDR.Mask == nil 28 | } 29 | 30 | func (m mapping) AWSCNISubnetEmpty() bool { 31 | return m.AWSCNI.Subnet.CIDR.IP == nil && m.AWSCNI.Subnet.CIDR.Mask == nil 32 | } 33 | -------------------------------------------------------------------------------- /service/controller/resource/tccpn/template/template_main_etcd_volume.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainEtcdVolume = ` 4 | {{- define "etcd_volume" -}} 5 | {{ range .EtcdVolume.List }} 6 | {{ .Resource }}: 7 | Type: AWS::EC2::Volume 8 | Properties: 9 | AvailabilityZone: {{ .AvailabilityZone }} 10 | Encrypted: true 11 | Size: 100 12 | {{- if ne .SnapshotID "" }} 13 | SnapshotId: {{ .SnapshotID }} 14 | {{- end }} 15 | Tags: 16 | - Key: Name 17 | Value: {{ .Name }} 18 | VolumeType: gp3 19 | {{- if and (ge .Iops 3000) (le .Iops 16000) }} 20 | Iops: {{ .Iops }} 21 | {{- end }} 22 | {{- if and (ge .Throughput 125) (le .Throughput 1000) }} 23 | Throughput: {{ .Throughput}} 24 | {{- end }} 25 | {{- end -}} 26 | {{- end -}} 27 | ` 28 | -------------------------------------------------------------------------------- /service/controller/resource/cpvpc/error.go: -------------------------------------------------------------------------------- 1 | package cpvpc 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | // executionFailedError is an error type for situations where Resource execution 8 | // cannot continue and must always fall back to operatorkit. 9 | // 10 | // This error should never be matched against and therefore there is no matcher 11 | // implement. For further information see: 12 | // 13 | // https://github.com/giantswarm/fmt/blob/master/go/errors.md#matching-errors 14 | var executionFailedError = µerror.Error{ 15 | Kind: "executionFailedError", 16 | } 17 | 18 | var invalidConfigError = µerror.Error{ 19 | Kind: "invalidConfigError", 20 | } 21 | 22 | // IsInvalidConfig asserts invalidConfigError. 23 | func IsInvalidConfig(err error) bool { 24 | return microerror.Cause(err) == invalidConfigError 25 | } 26 | -------------------------------------------------------------------------------- /service/controller/resource/tccpsecuritygroups/error.go: -------------------------------------------------------------------------------- 1 | package tccpsecuritygroups 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | // executionFailedError is an error type for situations where Resource execution 6 | // cannot continue and must always fall back to operatorkit. 7 | // 8 | // This error should never be matched against and therefore there is no matcher 9 | // implement. For further information see: 10 | // 11 | // https://github.com/giantswarm/fmt/blob/master/go/errors.md#matching-errors 12 | var executionFailedError = µerror.Error{ 13 | Kind: "executionFailedError", 14 | } 15 | 16 | var invalidConfigError = µerror.Error{ 17 | Kind: "invalidConfigError", 18 | } 19 | 20 | // IsInsserts invalidConfigError. 21 | func IsInvalidConfig(err error) bool { 22 | return microerror.Cause(err) == invalidConfigError 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpsecuritygroups/error.go: -------------------------------------------------------------------------------- 1 | package tcnpsecuritygroups 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | // executionFailedError is an error type for situations where Resource execution 6 | // cannot continue and must always fall back to operatorkit. 7 | // 8 | // This error should never be matched against and therefore there is no matcher 9 | // implement. For further information see: 10 | // 11 | // https://github.com/giantswarm/fmt/blob/master/go/errors.md#matching-errors 12 | var executionFailedError = µerror.Error{ 13 | Kind: "executionFailedError", 14 | } 15 | 16 | var invalidConfigError = µerror.Error{ 17 | Kind: "invalidConfigError", 18 | } 19 | 20 | // IsInsserts invalidConfigError. 21 | func IsInvalidConfig(err error) bool { 22 | return microerror.Cause(err) == invalidConfigError 23 | } 24 | -------------------------------------------------------------------------------- /service/internal/locker/error.go: -------------------------------------------------------------------------------- 1 | package locker 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | var alreadyExistsError = µerror.Error{ 8 | Kind: "alreadyExistsError", 9 | } 10 | 11 | // IsAlreadyExists asserts alreadyExistsError. 12 | func IsAlreadyExists(err error) bool { 13 | return microerror.Cause(err) == alreadyExistsError 14 | } 15 | 16 | var invalidConfigError = µerror.Error{ 17 | Kind: "invalidConfigError", 18 | } 19 | 20 | // IsInvalidConfig asserts invalidConfigError. 21 | func IsInvalidConfig(err error) bool { 22 | return microerror.Cause(err) == invalidConfigError 23 | } 24 | 25 | var notFoundError = µerror.Error{ 26 | Kind: "notFoundError", 27 | } 28 | 29 | // IsNotFound asserts notFoundError. 30 | func IsNotFound(err error) bool { 31 | return microerror.Cause(err) == notFoundError 32 | } 33 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuprecordsets/resource.go: -------------------------------------------------------------------------------- 1 | package cleanuprecordsets 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "cleanuprecordsetsv31" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | 15 | Route53Enabled bool 16 | } 17 | 18 | type Resource struct { 19 | logger micrologger.Logger 20 | 21 | route53Enabled bool 22 | } 23 | 24 | func New(config Config) (*Resource, error) { 25 | if config.Logger == nil { 26 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 27 | } 28 | 29 | r := &Resource{ 30 | logger: config.Logger, 31 | 32 | route53Enabled: config.Route53Enabled, 33 | } 34 | 35 | return r, nil 36 | } 37 | 38 | func (r *Resource) Name() string { 39 | return Name 40 | } 41 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpinstanceinfo/error.go: -------------------------------------------------------------------------------- 1 | package tcnpinstanceinfo 2 | 3 | import ( 4 | "strings" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | var invalidConfigError = µerror.Error{ 10 | Kind: "invalidConfigError", 11 | } 12 | 13 | // IsInvalidConfig asserts invalidConfigError. 14 | func IsInvalidConfig(err error) bool { 15 | return microerror.Cause(err) == invalidConfigError 16 | } 17 | 18 | var notFoundError = µerror.Error{ 19 | Kind: "notFoundError", 20 | } 21 | 22 | // IsNotFound asserts notFoundError. 23 | func IsNotFound(err error) bool { 24 | c := microerror.Cause(err) 25 | 26 | if c == nil { 27 | return false 28 | } 29 | 30 | if strings.Contains(c.Error(), "does not exist") { 31 | return true 32 | } 33 | 34 | if c == notFoundError { 35 | return true 36 | } 37 | 38 | return false 39 | } 40 | -------------------------------------------------------------------------------- /service/internal/cphostedzone/error.go: -------------------------------------------------------------------------------- 1 | package cphostedzone 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | // executionFailedError is an error type for situations where Resource execution 8 | // cannot continue and must always fall back to operatorkit. 9 | // 10 | // This error should never be matched against and therefore there is no matcher 11 | // implement. For further information see: 12 | // 13 | // https://github.com/giantswarm/fmt/blob/master/go/errors.md#matching-errors 14 | var executionFailedError = µerror.Error{ 15 | Kind: "executionFailedError", 16 | } 17 | 18 | var invalidConfigError = µerror.Error{ 19 | Kind: "invalidConfigError", 20 | } 21 | 22 | // IsInvalidConfig asserts invalidConfigError. 23 | func IsInvalidConfig(err error) bool { 24 | return microerror.Cause(err) == invalidConfigError 25 | } 26 | -------------------------------------------------------------------------------- /service/controller/resource/peerrolearn/error.go: -------------------------------------------------------------------------------- 1 | package peerrolearn 2 | 3 | import ( 4 | "github.com/aws/aws-sdk-go/aws/awserr" 5 | "github.com/giantswarm/microerror" 6 | ) 7 | 8 | var invalidConfigError = µerror.Error{ 9 | Kind: "invalidConfigError", 10 | } 11 | 12 | // IsInvalidConfig asserts invalidConfigError. 13 | func IsInvalidConfig(err error) bool { 14 | return microerror.Cause(err) == invalidConfigError 15 | } 16 | 17 | var notFoundError = µerror.Error{ 18 | Kind: "notFoundError", 19 | } 20 | 21 | // IsNotFound asserts notFoundError. 22 | func IsNotFound(err error) bool { 23 | c := microerror.Cause(err) 24 | 25 | aerr, ok := c.(awserr.Error) 26 | if ok { 27 | if aerr.Code() == "NoSuchEntity" { 28 | return true 29 | } 30 | } 31 | 32 | if c == notFoundError { 33 | return true 34 | } 35 | 36 | return false 37 | } 38 | -------------------------------------------------------------------------------- /service/controller/resource/snapshotid/error.go: -------------------------------------------------------------------------------- 1 | package snapshotid 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | // executionFailedError is an error type for situations where Resource execution 8 | // cannot continue and must always fall back to operatorkit. 9 | // 10 | // This error should never be matched against and therefore there is no matcher 11 | // implement. For further information see: 12 | // 13 | // https://github.com/giantswarm/fmt/blob/master/go/errors.md#matching-errors 14 | var executionFailedError = µerror.Error{ 15 | Kind: "executionFailedError", 16 | } 17 | 18 | var invalidConfigError = µerror.Error{ 19 | Kind: "invalidConfigError", 20 | } 21 | 22 | // IsInvalidConfig asserts invalidConfigError. 23 | func IsInvalidConfig(err error) bool { 24 | return microerror.Cause(err) == invalidConfigError 25 | } 26 | -------------------------------------------------------------------------------- /service/controller/resource/cproutetables/error.go: -------------------------------------------------------------------------------- 1 | package cproutetables 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | ) 6 | 7 | // executionFailedError is an error type for situations where Resource execution 8 | // cannot continue and must always fall back to operatorkit. 9 | // 10 | // This error should never be matched against and therefore there is no matcher 11 | // implement. For further information see: 12 | // 13 | // https://github.com/giantswarm/fmt/blob/master/go/errors.md#matching-errors 14 | var executionFailedError = µerror.Error{ 15 | Kind: "executionFailedError", 16 | } 17 | 18 | var invalidConfigError = µerror.Error{ 19 | Kind: "invalidConfigError", 20 | } 21 | 22 | // IsInvalidConfig asserts invalidConfigError. 23 | func IsInvalidConfig(err error) bool { 24 | return microerror.Cause(err) == invalidConfigError 25 | } 26 | -------------------------------------------------------------------------------- /service/internal/encrypter/mock.go: -------------------------------------------------------------------------------- 1 | package encrypter 2 | 3 | import ( 4 | "context" 5 | 6 | infrastructurev1alpha3 "github.com/giantswarm/apiextensions/v6/pkg/apis/infrastructure/v1alpha3" 7 | ) 8 | 9 | type Mock struct { 10 | IsError bool 11 | KeyID string 12 | KeyName string 13 | } 14 | 15 | func (m *Mock) Encrypt(ctx context.Context, key, plaintext string) (string, error) { 16 | return plaintext, nil 17 | } 18 | 19 | func (m *Mock) EncryptionKey(ctx context.Context, id string) (string, error) { 20 | return "", nil 21 | } 22 | 23 | func (m *Mock) EnsureCreatedEncryptionKey(context.Context, infrastructurev1alpha3.AWSCluster) error { 24 | return nil 25 | } 26 | 27 | func (m *Mock) EnsureDeletedEncryptionKey(context.Context, infrastructurev1alpha3.AWSCluster) error { 28 | return nil 29 | } 30 | 31 | func (m *Mock) IsKeyNotFound(err error) bool { 32 | return false 33 | } 34 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/params_main_route_table.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainRouteTables struct { 4 | List []ParamsMainRouteTablesListItem 5 | } 6 | 7 | type ParamsMainRouteTablesListItem struct { 8 | AvailabilityZone string 9 | ClusterID string 10 | NodePoolID string 11 | Name string 12 | Route ParamsMainRouteTablesListItemRoute 13 | TCCP ParamsMainRouteTablesListItemTCCP 14 | } 15 | 16 | type ParamsMainRouteTablesListItemRoute struct { 17 | Name string 18 | } 19 | 20 | type ParamsMainRouteTablesListItemTCCP struct { 21 | NATGateway ParamsMainRouteTablesListItemTCCPNATGateway 22 | VPC ParamsMainRouteTablesListItemTCCPVPC 23 | } 24 | 25 | type ParamsMainRouteTablesListItemTCCPNATGateway struct { 26 | ID string 27 | } 28 | type ParamsMainRouteTablesListItemTCCPVPC struct { 29 | ID string 30 | } 31 | -------------------------------------------------------------------------------- /service/controller/resource/peerrolearn/create.go: -------------------------------------------------------------------------------- 1 | package peerrolearn 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 9 | ) 10 | 11 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 12 | cr, err := key.ToCluster(ctx, obj) 13 | if err != nil { 14 | return microerror.Mask(err) 15 | } 16 | 17 | { 18 | r.logger.Debugf(ctx, "finding control plane peer role arn") 19 | 20 | err = r.addPeerRoleARNToContext(ctx, cr) 21 | if IsNotFound(err) { 22 | r.logger.Debugf(ctx, "did not find control plane peer role arn") 23 | r.logger.Debugf(ctx, "canceling resource") 24 | return nil 25 | } else if err != nil { 26 | return microerror.Mask(err) 27 | } 28 | 29 | r.logger.Debugf(ctx, "found control plane peer role arn") 30 | } 31 | 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /service/controller/resource/peerrolearn/delete.go: -------------------------------------------------------------------------------- 1 | package peerrolearn 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 9 | ) 10 | 11 | func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error { 12 | cr, err := key.ToCluster(ctx, obj) 13 | if err != nil { 14 | return microerror.Mask(err) 15 | } 16 | 17 | { 18 | r.logger.Debugf(ctx, "finding control plane peer role arn") 19 | 20 | err = r.addPeerRoleARNToContext(ctx, cr) 21 | if IsNotFound(err) { 22 | r.logger.Debugf(ctx, "did not find control plane peer role arn") 23 | r.logger.Debugf(ctx, "canceling resource") 24 | return nil 25 | } else if err != nil { 26 | return microerror.Mask(err) 27 | } 28 | 29 | r.logger.Debugf(ctx, "found control plane peer role arn") 30 | } 31 | 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/params_main_load_balancers.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainLoadBalancers struct { 4 | APIElbHealthCheckTarget string 5 | APIElbName string 6 | APIInternalElbName string 7 | APIElbPortsToOpen []ParamsMainLoadBalancersPortPair 8 | APIElbSecurityGroupID string 9 | EtcdElbHealthCheckTarget string 10 | EtcdElbName string 11 | EtcdElbPortsToOpen []ParamsMainLoadBalancersPortPair 12 | EtcdElbSecurityGroupID string 13 | MasterInstanceResourceName string 14 | PublicSubnets []string 15 | PrivateSubnets []string 16 | } 17 | 18 | type ParamsMainLoadBalancersPortPair struct { 19 | // PortELB is the port the ELB should listen on. 20 | PortELB int 21 | // PortInstance is the port on the instance the ELB forwards traffic to. 22 | PortInstance int 23 | } 24 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/params_main_subnets.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | type ParamsMainSubnets struct { 4 | List []ParamsMainSubnetsListItem 5 | } 6 | 7 | type ParamsMainSubnetsListItem struct { 8 | AvailabilityZone string 9 | CIDR string 10 | Name string 11 | RouteTable ParamsMainSubnetsListItemRouteTable 12 | RouteTableAssociation ParamsMainSubnetsListItemRouteTableAssociation 13 | TagInternalELB bool 14 | TCCP ParamsMainSubnetsListItemTCCP 15 | } 16 | 17 | type ParamsMainSubnetsListItemRouteTable struct { 18 | Name string 19 | } 20 | 21 | type ParamsMainSubnetsListItemRouteTableAssociation struct { 22 | Name string 23 | } 24 | 25 | type ParamsMainSubnetsListItemTCCP struct { 26 | VPC ParamsMainSubnetsListItemTCCPVPC 27 | } 28 | 29 | type ParamsMainSubnetsListItemTCCPVPC struct { 30 | ID string 31 | } 32 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/error.go: -------------------------------------------------------------------------------- 1 | package cloudconfig 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var executionFailedError = µerror.Error{ 6 | Kind: "executionFailedError", 7 | } 8 | 9 | var invalidConfigError = µerror.Error{ 10 | Kind: "invalidConfigError", 11 | } 12 | 13 | // IsInvalidConfig asserts invalidConfigError. 14 | func IsInvalidConfig(err error) bool { 15 | return microerror.Cause(err) == invalidConfigError 16 | } 17 | 18 | var notFoundError = µerror.Error{ 19 | Kind: "notFoundError", 20 | } 21 | 22 | // IsNotFound asserts notFoundError. 23 | func IsNotFound(err error) bool { 24 | return microerror.Cause(err) == notFoundError 25 | } 26 | 27 | var timeoutError = µerror.Error{ 28 | Kind: "timeoutError", 29 | } 30 | 31 | // IsTimeout asserts timeoutError. 32 | func IsTimeout(err error) bool { 33 | return microerror.Cause(err) == timeoutError 34 | } 35 | -------------------------------------------------------------------------------- /service/internal/credential/error.go: -------------------------------------------------------------------------------- 1 | package credential 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var arnNotFound = µerror.Error{ 6 | Kind: "arnNotFound", 7 | } 8 | 9 | // IsArnNotFoundError asserts arnNotFound. 10 | func IsArnNotFoundError(err error) bool { 11 | return microerror.Cause(err) == arnNotFound 12 | } 13 | 14 | var credentialNameEmpty = µerror.Error{ 15 | Kind: "credentialNameEmpty", 16 | } 17 | 18 | // IsArnNotFoundError asserts credentialNameEmpty. 19 | func IsCredentialNameEmptyError(err error) bool { 20 | return microerror.Cause(err) == credentialNameEmpty 21 | } 22 | 23 | var credentialNamespaceEmpty = µerror.Error{ 24 | Kind: "credentialNamespaceEmpty", 25 | } 26 | 27 | // IsArnNotFoundError asserts credentialNamespaceEmpty. 28 | func IsCredentialNamespaceEmptyError(err error) bool { 29 | return microerror.Cause(err) == credentialNamespaceEmpty 30 | } 31 | -------------------------------------------------------------------------------- /service/controller/resource/tccpnoutputs/resource.go: -------------------------------------------------------------------------------- 1 | package tccpnoutputs 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "tccpnoutputs" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | } 15 | 16 | // Resource implements an operatorkit resource and provides a mechanism to fetch 17 | // information from Cloud Formation stack outputs of the Tenant Cluster Control 18 | // Plane Nodes stack. 19 | type Resource struct { 20 | logger micrologger.Logger 21 | } 22 | 23 | func New(config Config) (*Resource, error) { 24 | if config.Logger == nil { 25 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 26 | } 27 | 28 | r := &Resource{ 29 | logger: config.Logger, 30 | } 31 | 32 | return r, nil 33 | } 34 | 35 | func (r *Resource) Name() string { 36 | return Name 37 | } 38 | -------------------------------------------------------------------------------- /service/internal/images/error.go: -------------------------------------------------------------------------------- 1 | package images 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | 14 | var notFoundError = µerror.Error{ 15 | Kind: "notFoundError", 16 | } 17 | 18 | // IsNotFound asserts notFoundError. 19 | func IsNotFound(err error) bool { 20 | return microerror.Cause(err) == notFoundError 21 | } 22 | 23 | var tooManyCRsError = µerror.Error{ 24 | Kind: "tooManyCRsError", 25 | Desc: "There is only a single AWSCluster CR allowed with the current implementation.", 26 | } 27 | 28 | // IsTooManyCRsError asserts tooManyCRsError. 29 | func IsTooManyCRsError(err error) bool { 30 | return microerror.Cause(err) == tooManyCRsError 31 | } 32 | -------------------------------------------------------------------------------- /service/internal/cloudtags/error.go: -------------------------------------------------------------------------------- 1 | package cloudtags 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | 14 | var notFoundError = µerror.Error{ 15 | Kind: "notFoundError", 16 | } 17 | 18 | // IsNotFound asserts notFoundError. 19 | func IsNotFound(err error) bool { 20 | return microerror.Cause(err) == notFoundError 21 | } 22 | 23 | var tooManyCRsError = µerror.Error{ 24 | Kind: "tooManyCRsError", 25 | Desc: "There is only a single Cluster CR allowed with the current implementation.", 26 | } 27 | 28 | // IsTooManyCRsError asserts tooManyCRsError. 29 | func IsTooManyCRsError(err error) bool { 30 | return microerror.Cause(err) == tooManyCRsError 31 | } 32 | -------------------------------------------------------------------------------- /service/internal/releases/error.go: -------------------------------------------------------------------------------- 1 | package releases 2 | 3 | import "github.com/giantswarm/microerror" 4 | 5 | var invalidConfigError = µerror.Error{ 6 | Kind: "invalidConfigError", 7 | } 8 | 9 | // IsInvalidConfig asserts invalidConfigError. 10 | func IsInvalidConfig(err error) bool { 11 | return microerror.Cause(err) == invalidConfigError 12 | } 13 | 14 | var notFoundError = µerror.Error{ 15 | Kind: "notFoundError", 16 | } 17 | 18 | // IsNotFound asserts notFoundError. 19 | func IsNotFound(err error) bool { 20 | return microerror.Cause(err) == notFoundError 21 | } 22 | 23 | var tooManyCRsError = µerror.Error{ 24 | Kind: "tooManyCRsError", 25 | Desc: "There is only a single AWSCluster CR allowed with the current implementation.", 26 | } 27 | 28 | // IsTooManyCRsError asserts tooManyCRsError. 29 | func IsTooManyCRsError(err error) bool { 30 | return microerror.Cause(err) == tooManyCRsError 31 | } 32 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuptcnpiamroles/error.go: -------------------------------------------------------------------------------- 1 | package cleanuptcnpiamroles 2 | 3 | import ( 4 | "strings" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | var invalidConfigError = µerror.Error{ 10 | Kind: "invalidConfigError", 11 | } 12 | 13 | // IsInvalidConfig asserts invalidConfigError. 14 | func IsInvalidConfig(err error) bool { 15 | return microerror.Cause(err) == invalidConfigError 16 | } 17 | 18 | var notFoundError = µerror.Error{ 19 | Kind: "notFoundError", 20 | } 21 | 22 | // IsNotFound asserts notFoundError. 23 | // 24 | // NoSuchEntity: The role with name gs-cluster-apzh0-role-4z8jm cannot be found. 25 | func IsNotFound(err error) bool { 26 | c := microerror.Cause(err) 27 | 28 | if c == nil { 29 | return false 30 | } 31 | 32 | if strings.Contains(c.Error(), "cannot be found") { 33 | return true 34 | } 35 | 36 | if c == notFoundError { 37 | return true 38 | } 39 | 40 | return false 41 | } 42 | -------------------------------------------------------------------------------- /service/controller/resource/cleanuptccpniamroles/error.go: -------------------------------------------------------------------------------- 1 | package cleanuptccpniamroles 2 | 3 | import ( 4 | "strings" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | var invalidConfigError = µerror.Error{ 10 | Kind: "invalidConfigError", 11 | } 12 | 13 | // IsInvalidConfig asserts invalidConfigError. 14 | func IsInvalidConfig(err error) bool { 15 | return microerror.Cause(err) == invalidConfigError 16 | } 17 | 18 | var notFoundError = µerror.Error{ 19 | Kind: "notFoundError", 20 | } 21 | 22 | // IsNotFound asserts notFoundError. 23 | // 24 | // NoSuchEntity: The role with name gs-cluster-apzh0-role-4z8jm cannot be found. 25 | func IsNotFound(err error) bool { 26 | c := microerror.Cause(err) 27 | 28 | if c == nil { 29 | return false 30 | } 31 | 32 | if strings.Contains(c.Error(), "cannot be found") { 33 | return true 34 | } 35 | 36 | if c == notFoundError { 37 | return true 38 | } 39 | 40 | return false 41 | } 42 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.global.podSecurityStandards.enforced }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ include "resource.psp.name" . }} 6 | labels: 7 | {{- include "labels.common" . | nindent 4 }} 8 | annotations: 9 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default' 10 | spec: 11 | privileged: false 12 | fsGroup: 13 | rule: MustRunAs 14 | ranges: 15 | - min: 1 16 | max: 65535 17 | runAsUser: 18 | rule: MustRunAsNonRoot 19 | runAsGroup: 20 | rule: MustRunAs 21 | ranges: 22 | - min: 1 23 | max: 65535 24 | seLinux: 25 | rule: RunAsAny 26 | supplementalGroups: 27 | rule: RunAsAny 28 | volumes: 29 | - 'secret' 30 | - 'configMap' 31 | - 'hostPath' 32 | allowPrivilegeEscalation: false 33 | hostNetwork: false 34 | hostIPC: false 35 | hostPID: false 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /.nancy-ignore: -------------------------------------------------------------------------------- 1 | # Hashicorp consul and sdk are not intended for public use and will not receive updates. 2 | # Waiting for more direct dependencies to move away. 3 | CVE-2022-29153 4 | CVE-2022-24687 5 | 6 | # Pending github.com/kataras/iris release > 12.1.8 7 | CVE-2021-23772 until=2022-08-25 8 | 9 | # Affects github.com/urfave/negroni. v2.0.2 is availabe but still affected. 10 | # Issue is an open redirect (user can manipulate a link served to other users). 11 | sonatype-2021-1485 until=2023-06-25 12 | 13 | CVE-2021-23772 14 | CVE-2021-41803 15 | sonatype-2022-5436 16 | CVE-2022-42709 17 | CVE-2022-42708 18 | CVE-2022-32149 19 | sonatype-2022-6522 20 | CVE-2022-41717 21 | CVE-2021-3127 22 | CVE-2020-26892 23 | CVE-2023-25173 24 | CVE-2023-25153 25 | CVE-2022-41723 26 | CVE-2023-25165 27 | CVE-2023-27561 28 | CVE-2020-8561 29 | CVE-2023-25809 30 | CVE-2023-28642 31 | CVE-2023-26125 32 | CVE-2023-29401 33 | CVE-2023-32731 34 | CVE-2023-3978 35 | CVE-2023-47090 36 | CVE-2023-47108 37 | -------------------------------------------------------------------------------- /service/controller/resource/tcnp/template/template_main_subnets.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainSubnets = ` 4 | {{- define "subnets" -}} 5 | {{- range .Subnets.List }} 6 | {{ .Name }}: 7 | Type: AWS::EC2::Subnet 8 | Properties: 9 | AvailabilityZone: {{ .AvailabilityZone }} 10 | CidrBlock: {{ .CIDR }} 11 | MapPublicIpOnLaunch: false 12 | Tags: 13 | - Key: Name 14 | Value: {{ .Name }} 15 | {{- if eq .TagInternalELB true }} 16 | - Key: kubernetes.io/role/internal-elb 17 | Value: 1 18 | {{- end }} 19 | - Key: sigs.k8s.io/cluster-api-provider-aws/role 20 | Value: private 21 | VpcId: {{ .TCCP.VPC.ID }} 22 | DependsOn: VpcCidrBlock 23 | {{ .RouteTableAssociation.Name }}: 24 | Type: AWS::EC2::SubnetRouteTableAssociation 25 | Properties: 26 | RouteTableId: !Ref {{ .RouteTable.Name }} 27 | SubnetId: !Ref {{ .Name }} 28 | {{- end }} 29 | {{- end -}} 30 | ` 31 | -------------------------------------------------------------------------------- /service/controller/resource/secretfinalizer/secret_accessor.go: -------------------------------------------------------------------------------- 1 | package secretfinalizer 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | infrastructurev1alpha3 "github.com/giantswarm/apiextensions/v6/pkg/apis/infrastructure/v1alpha3" 8 | 9 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 10 | ) 11 | 12 | type secretAccessor struct { 13 | Name string 14 | Namespace string 15 | } 16 | 17 | func newSecretAccessors(ctx context.Context, cr infrastructurev1alpha3.AWSCluster) []secretAccessor { 18 | return []secretAccessor{ 19 | // The secret accessors below are associated to the tenant's API 20 | // certificate. 21 | { 22 | Name: fmt.Sprintf("%s-api", key.ClusterID(&cr)), 23 | Namespace: cr.GetNamespace(), 24 | }, 25 | // The secret accessors below are associated to the tenant's BYOC 26 | // credential. 27 | { 28 | Name: fmt.Sprintf("credential-%s", key.ClusterID(&cr)), 29 | Namespace: "giantswarm", 30 | }, 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/_resource.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Create a name stem for resource names 4 | 5 | When pods for deployments are created they have an additional 16 character 6 | suffix appended, e.g. "-957c9d6ff-pkzgw". Given that Kubernetes allows 63 7 | characters for resource names, the stem is truncated to 47 characters to leave 8 | room for such suffix. 9 | */}} 10 | {{- define "resource.default.name" -}} 11 | {{- .Release.Name | replace "." "-" | trunc 47 | trimSuffix "-" -}} 12 | {{- end -}} 13 | 14 | {{- define "resource.networkPolicy.name" -}} 15 | {{- include "resource.default.name" . -}}-network-policy 16 | {{- end -}} 17 | 18 | {{- define "resource.psp.name" -}} 19 | {{- include "resource.default.name" . -}}-psp 20 | {{- end -}} 21 | 22 | {{- define "resource.pullSecret.name" -}} 23 | {{- include "resource.default.name" . -}}-pull-secret 24 | {{- end -}} 25 | 26 | {{- define "resource.default.namespace" -}} 27 | giantswarm 28 | {{- end -}} 29 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupebsvolumes/resource.go: -------------------------------------------------------------------------------- 1 | package cleanupebsvolumes 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | // Name is the identifier of the resource. 10 | Name = "cleanupebsvolumes" 11 | ) 12 | 13 | // Config represents the configuration used to create a new ebsvolume resource. 14 | type Config struct { 15 | Logger micrologger.Logger 16 | } 17 | 18 | // Resource implements the ebsvolume resource. 19 | type Resource struct { 20 | logger micrologger.Logger 21 | } 22 | 23 | // New creates a new configured ebsvolume resource. 24 | func New(config Config) (*Resource, error) { 25 | if config.Logger == nil { 26 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 27 | } 28 | 29 | newResource := &Resource{ 30 | logger: config.Logger, 31 | } 32 | 33 | return newResource, nil 34 | } 35 | 36 | func (r *Resource) Name() string { 37 | return Name 38 | } 39 | -------------------------------------------------------------------------------- /service/controller/resource/region/create.go: -------------------------------------------------------------------------------- 1 | package region 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/controllercontext" 9 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 10 | ) 11 | 12 | func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error { 13 | cr, err := r.toClusterFunc(ctx, obj) 14 | if IsNotFound(err) { 15 | r.logger.Debugf(ctx, "cluster cr not available yet") 16 | r.logger.Debugf(ctx, "canceling resource") 17 | 18 | return nil 19 | } else if err != nil { 20 | return microerror.Mask(err) 21 | } 22 | cc, err := controllercontext.FromContext(ctx) 23 | if err != nil { 24 | return microerror.Mask(err) 25 | } 26 | 27 | // Simply put the region into the controller context for later use in for 28 | // instance the tcnp resource. 29 | { 30 | cc.Status.TenantCluster.AWS.Region = key.Region(cr) 31 | } 32 | 33 | return nil 34 | } 35 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/template/nvme_udev_hack.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const NVMEUdevRule = `KERNEL=="nvme[0-9]*n[0-9]*", ENV{DEVTYPE}=="disk", ATTRS{model}=="Amazon Elastic Block Store", PROGRAM="/opt/ebs-nvme-mapping /dev/%k", SYMLINK+="%c" 4 | ` 5 | 6 | const NVMEUdevScript = `#!/bin/bash 7 | vol=$(nvme id-ctrl --raw-binary "$1" | cut -c3073-3104 | tr -s ' ' | sed 's/ $//g') 8 | vol=${vol#/dev/} 9 | if [[ -n "$vol" ]]; then 10 | echo ${vol/xvd/sd} ${vol/sd/xvd} 11 | fi 12 | ` 13 | 14 | const NVMEUdevTriggerUnit = `[Unit] 15 | Description=Reload AWS EBS NVMe rules 16 | Requires=coreos-setup-environment.service 17 | After=coreos-setup-environment.service 18 | Before=user-config.target 19 | [Service] 20 | Type=oneshot 21 | RemainAfterExit=yes 22 | EnvironmentFile=-/etc/environment 23 | ExecStart=/usr/bin/udevadm control --reload-rules 24 | ExecStart=/usr/bin/udevadm trigger -y "nvme[0-9]*n[0-9]*" 25 | ExecStart=/usr/bin/udevadm settle 26 | [Install] 27 | WantedBy=multi-user.target 28 | ` 29 | -------------------------------------------------------------------------------- /service/controller/resource/apiendpoint/resource.go: -------------------------------------------------------------------------------- 1 | package apiendpoint 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | "sigs.k8s.io/controller-runtime/pkg/client" 7 | ) 8 | 9 | const ( 10 | Name = "apiendpoint" 11 | ) 12 | 13 | type Config struct { 14 | CtrlClient client.Client 15 | Logger micrologger.Logger 16 | } 17 | 18 | type Resource struct { 19 | ctrlClient client.Client 20 | logger micrologger.Logger 21 | } 22 | 23 | func New(config Config) (*Resource, error) { 24 | if config.CtrlClient == nil { 25 | return nil, microerror.Maskf(invalidConfigError, "%T.CtrlClient must not be empty", config) 26 | } 27 | if config.Logger == nil { 28 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 29 | } 30 | 31 | r := &Resource{ 32 | ctrlClient: config.CtrlClient, 33 | logger: config.Logger, 34 | } 35 | 36 | return r, nil 37 | } 38 | 39 | func (r *Resource) Name() string { 40 | return Name 41 | } 42 | -------------------------------------------------------------------------------- /service/controller/resource/tccpazs/error.go: -------------------------------------------------------------------------------- 1 | package tccpazs 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "k8s.io/apimachinery/pkg/api/errors" 6 | ) 7 | 8 | var invalidConfigError = µerror.Error{ 9 | Kind: "invalid config", 10 | } 11 | 12 | // IsInvalidConfig asserts invalidConfigError. 13 | func IsInvalidConfig(err error) bool { 14 | return microerror.Cause(err) == invalidConfigError 15 | } 16 | 17 | var notFoundError = µerror.Error{ 18 | Kind: "notFoundError", 19 | } 20 | 21 | // IsNotFound asserts notFoundError. 22 | func IsNotFound(err error) bool { 23 | c := microerror.Cause(err) 24 | return c == notFoundError || errors.IsNotFound(c) 25 | } 26 | 27 | var tooManyCRsError = µerror.Error{ 28 | Kind: "tooManyCRsError", 29 | Desc: "There is only a single G8sControlPlane CR allowed with the current implementation.", 30 | } 31 | 32 | // IsTooManyCRsError asserts tooManyCRsError. 33 | func IsTooManyCRsError(err error) bool { 34 | return microerror.Cause(err) == tooManyCRsError 35 | } 36 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/template_main_internet_gateway.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainInternetGateway = ` 4 | {{- define "internet_gateway" -}} 5 | {{- $v := .InternetGateway -}} 6 | InternetGateway: 7 | Type: AWS::EC2::InternetGateway 8 | Properties: 9 | Tags: 10 | - Key: Name 11 | Value: {{ $v.ClusterID }} 12 | VPCGatewayAttachment: 13 | Type: AWS::EC2::VPCGatewayAttachment 14 | DependsOn: 15 | {{- range $v.InternetGateways }} 16 | - {{ .RouteTable }} 17 | {{- end }} 18 | Properties: 19 | InternetGatewayId: 20 | Ref: InternetGateway 21 | VpcId: !Ref VPC 22 | {{- range $v.InternetGateways }} 23 | {{ .InternetGatewayRoute }}: 24 | Type: AWS::EC2::Route 25 | DependsOn: 26 | - VPCGatewayAttachment 27 | Properties: 28 | RouteTableId: !Ref {{ .RouteTable }} 29 | DestinationCidrBlock: 0.0.0.0/0 30 | GatewayId: 31 | Ref: InternetGateway 32 | {{- end}} 33 | {{- end -}} 34 | ` 35 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcidstatus/resource.go: -------------------------------------------------------------------------------- 1 | package tccpvpcidstatus 2 | 3 | import ( 4 | "github.com/giantswarm/k8sclient/v7/pkg/k8sclient" 5 | "github.com/giantswarm/microerror" 6 | "github.com/giantswarm/micrologger" 7 | ) 8 | 9 | const ( 10 | Name = "tccpvpcidstatus" 11 | ) 12 | 13 | type Config struct { 14 | K8sClient k8sclient.Interface 15 | Logger micrologger.Logger 16 | } 17 | 18 | type Resource struct { 19 | k8sClient k8sclient.Interface 20 | logger micrologger.Logger 21 | } 22 | 23 | func New(config Config) (*Resource, error) { 24 | if config.K8sClient == nil { 25 | return nil, microerror.Maskf(invalidConfigError, "%T.K8sClient must not be empty", config) 26 | } 27 | if config.Logger == nil { 28 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 29 | } 30 | 31 | r := &Resource{ 32 | k8sClient: config.K8sClient, 33 | logger: config.Logger, 34 | } 35 | 36 | return r, nil 37 | } 38 | 39 | func (r *Resource) Name() string { 40 | return Name 41 | } 42 | -------------------------------------------------------------------------------- /service/controller/resource/terminateunhealthynode/resource.go: -------------------------------------------------------------------------------- 1 | package terminateunhealthynode 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | 7 | event "github.com/giantswarm/aws-operator/v16/service/internal/recorder" 8 | ) 9 | 10 | const ( 11 | Name = "terminateunhealthynode" 12 | ) 13 | 14 | type Config struct { 15 | Event event.Interface 16 | Logger micrologger.Logger 17 | } 18 | 19 | type Resource struct { 20 | event event.Interface 21 | logger micrologger.Logger 22 | } 23 | 24 | func New(config Config) (*Resource, error) { 25 | if config.Event == nil { 26 | return nil, microerror.Maskf(invalidConfigError, "%T.Event must not be empty", config) 27 | } 28 | if config.Logger == nil { 29 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 30 | } 31 | 32 | r := &Resource{ 33 | event: config.Event, 34 | logger: config.Logger, 35 | } 36 | 37 | return r, nil 38 | } 39 | 40 | func (r *Resource) Name() string { 41 | return Name 42 | } 43 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | minimum_pre_commit_version: '2.17' 2 | repos: 3 | # shell scripts 4 | - repo: https://github.com/detailyang/pre-commit-shell 5 | rev: 1.0.5 6 | hooks: 7 | - id: shell-lint 8 | args: [ --format=json ] 9 | 10 | - repo: https://github.com/pre-commit/pre-commit-hooks 11 | rev: v4.5.0 12 | hooks: 13 | - id: check-added-large-files 14 | # check for unresolved merge conflicts 15 | - id: check-merge-conflict 16 | - id: check-shebang-scripts-are-executable 17 | - id: detect-private-key 18 | - id: end-of-file-fixer 19 | - id: mixed-line-ending 20 | - id: trailing-whitespace 21 | 22 | - repo: https://github.com/dnephin/pre-commit-golang 23 | rev: v0.5.1 24 | hooks: 25 | - id: go-fmt 26 | - id: go-mod-tidy 27 | - id: golangci-lint 28 | # timeout is needed for CI 29 | args: [ -E, gosec, -E, goconst, -E, govet, --timeout, 300s ] 30 | - id: go-imports 31 | args: [ -local, github.com/giantswarm/aws-operator ] 32 | -------------------------------------------------------------------------------- /service/internal/templates/cloudconfig/small.go: -------------------------------------------------------------------------------- 1 | package cloudconfig 2 | 3 | const Small = `{ 4 | "ignition": { 5 | "version": "2.2.0", 6 | "config": { 7 | "append": [ 8 | { 9 | "source": "{{ .S3URL }}" 10 | } 11 | ] 12 | } 13 | }, 14 | "storage": { 15 | "filesystems": [ 16 | { 17 | "name": "docker", 18 | "mount": { 19 | "device": "/dev/xvdc", 20 | "wipeFilesystem": true, 21 | "label": "docker", 22 | "format": "xfs" 23 | } 24 | }, 25 | { 26 | "name": "log", 27 | "mount": { 28 | "device": "/dev/xvdf", 29 | "wipeFilesystem": true, 30 | "label": "log", 31 | "format": "xfs" 32 | } 33 | }, 34 | { 35 | "name": "etcd", 36 | "mount": { 37 | "device": "/dev/xvdh", 38 | "wipeFilesystem": false, 39 | "label": "etcd", 40 | "format": "ext4" 41 | } 42 | } 43 | ] 44 | } 45 | } 46 | ` 47 | -------------------------------------------------------------------------------- /service/controller/resource/drainerfinalizer/error_test.go: -------------------------------------------------------------------------------- 1 | package drainerfinalizer 2 | 3 | import ( 4 | "errors" 5 | "testing" 6 | 7 | "github.com/giantswarm/microerror" 8 | ) 9 | 10 | func Test_IsNoActiveLifeCycleAction(t *testing.T) { 11 | testCases := []struct { 12 | name string 13 | err string 14 | match bool 15 | }{ 16 | { 17 | name: "case 0", 18 | err: "ValidationError: No active Lifecycle Action found with instance ID i-08406e13ee788fc10", 19 | match: true, 20 | }, 21 | { 22 | name: "case 1", 23 | err: "ValidationError: no active lifecycle action found with instance id i-08406e13ee788fc10", 24 | match: true, 25 | }, 26 | { 27 | name: "case 2", 28 | err: "not found error", 29 | match: false, 30 | }, 31 | } 32 | 33 | for _, tc := range testCases { 34 | t.Run(tc.name, func(t *testing.T) { 35 | result := IsNoActiveLifeCycleAction(microerror.Mask(errors.New(tc.err))) 36 | 37 | if result != tc.match { 38 | t.Fatalf("expected %t, got %t", tc.match, result) 39 | } 40 | }) 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /service/internal/encrypter/spec.go: -------------------------------------------------------------------------------- 1 | package encrypter 2 | 3 | import ( 4 | "context" 5 | 6 | infrastructurev1alpha3 "github.com/giantswarm/apiextensions/v6/pkg/apis/infrastructure/v1alpha3" 7 | ) 8 | 9 | const ( 10 | KMSBackend = "kms" 11 | ) 12 | 13 | type Interface interface { 14 | Encrypter 15 | Resource 16 | } 17 | 18 | type Encrypter interface { 19 | // EncryptionKey fetches the KMS encryption key for the Tenant Cluster 20 | // defined by id. 21 | EncryptionKey(ctx context.Context, id string) (string, error) 22 | Encrypt(ctx context.Context, key, plaintext string) (string, error) 23 | IsKeyNotFound(error) bool 24 | } 25 | 26 | type Resource interface { 27 | EnsureCreatedEncryptionKey(context.Context, infrastructurev1alpha3.AWSCluster) error 28 | EnsureDeletedEncryptionKey(context.Context, infrastructurev1alpha3.AWSCluster) error 29 | } 30 | 31 | type RoleManager interface { 32 | EnsureCreatedAuthorizedIAMRoles(context.Context, infrastructurev1alpha3.AWSCluster) error 33 | EnsureDeletedAuthorizedIAMRoles(context.Context, infrastructurev1alpha3.AWSCluster) error 34 | } 35 | -------------------------------------------------------------------------------- /service/controller/resource/apiendpoint/error.go: -------------------------------------------------------------------------------- 1 | package apiendpoint 2 | 3 | import ( 4 | "strings" 5 | 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | var invalidConfigError = µerror.Error{ 10 | Kind: "invalidConfigError", 11 | } 12 | 13 | // IsInvalidConfig asserts invalidConfigError. 14 | func IsInvalidConfig(err error) bool { 15 | return microerror.Cause(err) == invalidConfigError 16 | } 17 | 18 | var notFoundError = µerror.Error{ 19 | Kind: "notFoundError", 20 | } 21 | 22 | // IsNotFound asserts notFoundError. 23 | func IsNotFound(err error) bool { 24 | c := microerror.Cause(err) 25 | 26 | if c == nil { 27 | return false 28 | } 29 | 30 | if strings.Contains(c.Error(), "does not exist") { 31 | return true 32 | } 33 | 34 | if c == notFoundError { 35 | return true 36 | } 37 | 38 | return false 39 | } 40 | 41 | var tooManyResultsError = µerror.Error{ 42 | Kind: "tooManyResultsError", 43 | } 44 | 45 | // IsTooManyResults asserts tooManyResultsError. 46 | func IsTooManyResults(err error) bool { 47 | return microerror.Cause(err) == tooManyResultsError 48 | } 49 | -------------------------------------------------------------------------------- /service/controller/resource/tccp/template/template_main_nat_gateway.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | const TemplateMainNatGateway = ` 4 | {{- define "nat_gateway" -}} 5 | {{- $v := .NATGateway -}} 6 | {{- range $v.Gateways }} 7 | {{ .NATGWName }}: 8 | Type: AWS::EC2::NatGateway 9 | DependsOn: 10 | - VPCGatewayAttachment 11 | Properties: 12 | AllocationId: 13 | Fn::GetAtt: 14 | - {{ .NATEIPName }} 15 | - AllocationId 16 | SubnetId: !Ref {{ .PublicSubnetName }} 17 | Tags: 18 | - Key: Name 19 | Value: {{ .ClusterID }} 20 | - Key: giantswarm.io/availability-zone 21 | Value: {{ .AvailabilityZone }} 22 | {{ .NATEIPName }}: 23 | Type: AWS::EC2::EIP 24 | Properties: 25 | Domain: vpc 26 | {{- end -}} 27 | {{- range $v.NATRoutes }} 28 | {{ .NATRouteName }}: 29 | Type: AWS::EC2::Route 30 | Properties: 31 | RouteTableId: !Ref {{ .RouteTableName }} 32 | DestinationCidrBlock: 0.0.0.0/0 33 | NatGatewayId: 34 | Ref: {{ .NATGWName }} 35 | {{- end -}} 36 | {{- end -}} 37 | ` 38 | -------------------------------------------------------------------------------- /service/controller/resource/endpoints/current.go: -------------------------------------------------------------------------------- 1 | package endpoints 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | corev1 "k8s.io/api/core/v1" 8 | apierrors "k8s.io/apimachinery/pkg/api/errors" 9 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 10 | 11 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 12 | ) 13 | 14 | func (r *Resource) GetCurrentState(ctx context.Context, obj interface{}) (interface{}, error) { 15 | cr, err := key.ToCluster(ctx, obj) 16 | if err != nil { 17 | return nil, microerror.Mask(err) 18 | } 19 | 20 | var endpoints *corev1.Endpoints 21 | { 22 | r.logger.Debugf(ctx, "finding endpoint") 23 | 24 | manifest, err := r.k8sClient.CoreV1().Endpoints(key.ClusterNamespace(cr)).Get(ctx, masterEndpointsName, metav1.GetOptions{}) 25 | if apierrors.IsNotFound(err) { 26 | r.logger.Debugf(ctx, "did not find endpoint") 27 | } else if err != nil { 28 | return nil, microerror.Mask(err) 29 | } else { 30 | r.logger.Debugf(ctx, "found endpoint") 31 | endpoints = manifest 32 | } 33 | } 34 | 35 | return endpoints, nil 36 | } 37 | -------------------------------------------------------------------------------- /service/controller/resource/secretfinalizer/resource.go: -------------------------------------------------------------------------------- 1 | package secretfinalizer 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | "k8s.io/client-go/kubernetes" 7 | ) 8 | 9 | const ( 10 | Name = "secretfinalizer" 11 | ) 12 | 13 | const ( 14 | secretFinalizer = "aws-operator.giantswarm.io/secretfinalizer" 15 | ) 16 | 17 | type Config struct { 18 | K8sClient kubernetes.Interface 19 | Logger micrologger.Logger 20 | } 21 | 22 | type Resource struct { 23 | k8sClient kubernetes.Interface 24 | logger micrologger.Logger 25 | } 26 | 27 | func New(config Config) (*Resource, error) { 28 | if config.K8sClient == nil { 29 | return nil, microerror.Maskf(invalidConfigError, "%T.K8sClient must not be empty", config) 30 | } 31 | if config.Logger == nil { 32 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 33 | } 34 | 35 | r := &Resource{ 36 | k8sClient: config.K8sClient, 37 | logger: config.Logger, 38 | } 39 | 40 | return r, nil 41 | } 42 | 43 | func (r Resource) Name() string { 44 | return Name 45 | } 46 | -------------------------------------------------------------------------------- /service/internal/releases/internal/cache/release.go: -------------------------------------------------------------------------------- 1 | package cache 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/operatorkit/v7/pkg/controller/context/cachekeycontext" 7 | releasev1alpha1 "github.com/giantswarm/release-operator/v4/api/v1alpha1" 8 | gocache "github.com/patrickmn/go-cache" 9 | ) 10 | 11 | type Release struct { 12 | cache *gocache.Cache 13 | } 14 | 15 | func NewRelease() *Release { 16 | r := &Release{ 17 | cache: gocache.New(expiration, expiration/2), 18 | } 19 | 20 | return r 21 | } 22 | 23 | func (r *Release) Get(ctx context.Context, key string) (releasev1alpha1.Release, bool) { 24 | val, ok := r.cache.Get(key) 25 | if ok { 26 | return val.(releasev1alpha1.Release), true 27 | } 28 | 29 | return releasev1alpha1.Release{}, false 30 | } 31 | 32 | func (r *Release) Key(ctx context.Context, version string) string { 33 | _, ok := cachekeycontext.FromContext(ctx) 34 | if ok { 35 | return version 36 | } 37 | 38 | return "" 39 | } 40 | 41 | func (r *Release) Set(ctx context.Context, key string, val releasev1alpha1.Release) { 42 | r.cache.SetDefault(key, val) 43 | } 44 | -------------------------------------------------------------------------------- /service/controller/resource/tccpf/error_test.go: -------------------------------------------------------------------------------- 1 | package tccpf 2 | 3 | import ( 4 | "errors" 5 | "testing" 6 | 7 | "github.com/giantswarm/microerror" 8 | ) 9 | 10 | func Test_IsNoUpdate(t *testing.T) { 11 | testCases := []struct { 12 | name string 13 | err string 14 | match bool 15 | }{ 16 | { 17 | name: "case 0", 18 | err: "An error occurred (ValidationError) when calling the UpdateStack operation: No updates are to be performed.", 19 | match: true, 20 | }, 21 | { 22 | name: "case 1", 23 | err: "ValidationError: No updates are to be performed.", 24 | match: true, 25 | }, 26 | { 27 | name: "case 2", 28 | err: "ValidationError: no update to be performed", 29 | match: true, 30 | }, 31 | { 32 | name: "case 3", 33 | err: "not found error", 34 | match: false, 35 | }, 36 | } 37 | 38 | for _, tc := range testCases { 39 | t.Run(tc.name, func(t *testing.T) { 40 | result := IsNoUpdate(microerror.Mask(errors.New(tc.err))) 41 | 42 | if result != tc.match { 43 | t.Fatalf("expected %t, got %t", tc.match, result) 44 | } 45 | }) 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /flag/service/aws/aws.go: -------------------------------------------------------------------------------- 1 | package aws 2 | 3 | import ( 4 | "github.com/giantswarm/aws-operator/v16/flag/service/aws/cni" 5 | "github.com/giantswarm/aws-operator/v16/flag/service/aws/hostaccesskey" 6 | "github.com/giantswarm/aws-operator/v16/flag/service/aws/loggingbucket" 7 | "github.com/giantswarm/aws-operator/v16/flag/service/aws/role" 8 | "github.com/giantswarm/aws-operator/v16/flag/service/aws/route53" 9 | "github.com/giantswarm/aws-operator/v16/flag/service/aws/trustedadvisor" 10 | ) 11 | 12 | type AWS struct { 13 | AlikeInstances string 14 | AdvancedMonitoringEC2 string 15 | AvailabilityZones string 16 | HostAccessKey hostaccesskey.HostAccessKey 17 | IncludeTags string 18 | LoggingBucket loggingbucket.LoggingBucket 19 | PodInfraContainerImage string 20 | Region string 21 | Role role.Role 22 | Route53 route53.Route53 23 | RouteTables string 24 | S3AccessLogsExpiration string 25 | TrustedAdvisor trustedadvisor.TrustedAdvisor 26 | VaultAddress string 27 | CNI cni.CNI 28 | } 29 | -------------------------------------------------------------------------------- /service/controller/resource/ipam/spec.go: -------------------------------------------------------------------------------- 1 | package ipam 2 | 3 | import ( 4 | "context" 5 | "net" 6 | ) 7 | 8 | // Checker determines whether a subnet has to be allocated. This decision is 9 | // being made based on the status of the Kubernetes runtime object defined by 10 | // namespace and name. 11 | type Checker interface { 12 | Check(ctx context.Context, namespace string, name string) (bool, error) 13 | } 14 | 15 | // Collector implementation must return all networks that are allocated on any 16 | // given moment. Failing to do that will result in overlapping allocations which 17 | // causes cluster creation failures. The network range provided here is a custom 18 | // override. If it is empty we fall back to some globally configured default. 19 | type Collector interface { 20 | Collect(ctx context.Context, networkRange net.IPNet) ([]net.IPNet, error) 21 | } 22 | 23 | // Persister must mutate shared persistent state so that on successful execution 24 | // persisted networks are visible by Collector implementations. 25 | type Persister interface { 26 | Persist(ctx context.Context, subnet net.IPNet, namespace string, name string) error 27 | } 28 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcid/error.go: -------------------------------------------------------------------------------- 1 | package tccpvpcid 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "k8s.io/apimachinery/pkg/api/errors" 6 | ) 7 | 8 | // executionFailedError is an error type for situations where Resource execution 9 | // cannot continue and must always fall back to operatorkit. 10 | // 11 | // This error should never be matched against and therefore there is no matcher 12 | // implement. For further information see: 13 | // 14 | // https://github.com/giantswarm/fmt/blob/master/go/errors.md#matching-errors 15 | var executionFailedError = µerror.Error{ 16 | Kind: "executionFailedError", 17 | } 18 | 19 | var invalidConfigError = µerror.Error{ 20 | Kind: "invalidConfigError", 21 | } 22 | 23 | // IsInsserts invalidConfigError. 24 | func IsInvalidConfig(err error) bool { 25 | return microerror.Cause(err) == invalidConfigError 26 | } 27 | 28 | var notFoundError = µerror.Error{ 29 | Kind: "notFoundError", 30 | } 31 | 32 | // IsNotFound asserts notFoundError. 33 | func IsNotFound(err error) bool { 34 | c := microerror.Cause(err) 35 | return c == notFoundError || errors.IsNotFound(c) 36 | } 37 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcpcx/error.go: -------------------------------------------------------------------------------- 1 | package tccpvpcpcx 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "k8s.io/apimachinery/pkg/api/errors" 6 | ) 7 | 8 | // executionFailedError is an error type for situations where Resource execution 9 | // cannot continue and must always fall back to operatorkit. 10 | // 11 | // This error should never be matched against and therefore there is no matcher 12 | // implement. For further information see: 13 | // 14 | // https://github.com/giantswarm/fmt/blob/master/go/errors.md#matching-errors 15 | var executionFailedError = µerror.Error{ 16 | Kind: "executionFailedError", 17 | } 18 | 19 | var invalidConfigError = µerror.Error{ 20 | Kind: "invalidConfigError", 21 | } 22 | 23 | // IsInsserts invalidConfigError. 24 | func IsInvalidConfig(err error) bool { 25 | return microerror.Cause(err) == invalidConfigError 26 | } 27 | 28 | var notFoundError = µerror.Error{ 29 | Kind: "notFoundError", 30 | } 31 | 32 | // IsNotFound asserts notFoundError. 33 | func IsNotFound(err error) bool { 34 | c := microerror.Cause(err) 35 | return c == notFoundError || errors.IsNotFound(c) 36 | } 37 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpoutputs/resource.go: -------------------------------------------------------------------------------- 1 | package tcnpoutputs 2 | 3 | import ( 4 | "github.com/giantswarm/microerror" 5 | "github.com/giantswarm/micrologger" 6 | ) 7 | 8 | const ( 9 | Name = "tcnpoutputs" 10 | ) 11 | 12 | type Config struct { 13 | Logger micrologger.Logger 14 | } 15 | 16 | // Resource implements an operatorkit resource and provides a mechanism to fetch 17 | // information from Cloud Formation stack outputs of the Tenant Cluster Node 18 | // Pool stack. 19 | // 20 | // The TCNP manages the node pools upon MachineDeployment CRs. For instance the 21 | // TCNP stack contains the AWS ASG of the node pool and certain stack outputs 22 | // which this resource collects and puts into the controller context. 23 | type Resource struct { 24 | logger micrologger.Logger 25 | } 26 | 27 | func New(config Config) (*Resource, error) { 28 | if config.Logger == nil { 29 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 30 | } 31 | 32 | r := &Resource{ 33 | logger: config.Logger, 34 | } 35 | 36 | return r, nil 37 | } 38 | 39 | func (r *Resource) Name() string { 40 | return Name 41 | } 42 | -------------------------------------------------------------------------------- /service/internal/encrypter/kms/cache.go: -------------------------------------------------------------------------------- 1 | package kms 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | "time" 7 | 8 | "github.com/aws/aws-sdk-go/service/kms" 9 | "github.com/giantswarm/operatorkit/v7/pkg/controller/context/cachekeycontext" 10 | gocache "github.com/patrickmn/go-cache" 11 | ) 12 | 13 | const ( 14 | expiration = 5 * time.Minute 15 | ) 16 | 17 | type Cache struct { 18 | cache *gocache.Cache 19 | } 20 | 21 | func NewCache() *Cache { 22 | r := &Cache{ 23 | cache: gocache.New(expiration, expiration/2), 24 | } 25 | 26 | return r 27 | } 28 | 29 | func (r *Cache) Get(ctx context.Context, key string) (*kms.DescribeKeyOutput, bool) { 30 | val, ok := r.cache.Get(key) 31 | if ok { 32 | return val.(*kms.DescribeKeyOutput), true 33 | } 34 | 35 | return &kms.DescribeKeyOutput{}, false 36 | } 37 | 38 | func (r *Cache) Key(ctx context.Context, id string) string { 39 | ck, ok := cachekeycontext.FromContext(ctx) 40 | if ok { 41 | return fmt.Sprintf("%s/%s", ck, id) 42 | } 43 | 44 | return "" 45 | } 46 | 47 | func (r *Cache) Set(ctx context.Context, key string, val *kms.DescribeKeyOutput) { 48 | r.cache.SetDefault(key, val) 49 | } 50 | -------------------------------------------------------------------------------- /service/controller/resource/tcnpf/testdata/case-0-basic-test.golden: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: Tenant Cluster Finalizer Cloud Formation Stack. 3 | Resources: 4 | 5 | VPCPeeringRouteEuCentral1aGaussPrivate1Name: 6 | Type: AWS::EC2::Route 7 | Properties: 8 | DestinationCidrBlock: 10.100.3.0/27 9 | RouteTableId: gauss-private-1-id 10 | VpcPeeringConnectionId: peering-connection-id 11 | VPCPeeringRouteEuCentral1cGaussPrivate1Name: 12 | Type: AWS::EC2::Route 13 | Properties: 14 | DestinationCidrBlock: 10.100.3.64/27 15 | RouteTableId: gauss-private-1-id 16 | VpcPeeringConnectionId: peering-connection-id 17 | VPCPeeringRouteEuCentral1aGaussPrivate2Name: 18 | Type: AWS::EC2::Route 19 | Properties: 20 | DestinationCidrBlock: 10.100.3.0/27 21 | RouteTableId: gauss-private-2-id 22 | VpcPeeringConnectionId: peering-connection-id 23 | VPCPeeringRouteEuCentral1cGaussPrivate2Name: 24 | Type: AWS::EC2::Route 25 | Properties: 26 | DestinationCidrBlock: 10.100.3.64/27 27 | RouteTableId: gauss-private-2-id 28 | VpcPeeringConnectionId: peering-connection-id 29 | -------------------------------------------------------------------------------- /service/internal/unittest/default_certs.go: -------------------------------------------------------------------------------- 1 | package unittest 2 | 3 | import ( 4 | "github.com/giantswarm/certs/v4/pkg/certs" 5 | ) 6 | 7 | func DefaultCerts() []certs.File { 8 | var list []certs.File 9 | 10 | list = append(list, certs.NewFilesAPI(certs.TLS{ 11 | CA: []byte("api-server-ca"), 12 | Crt: []byte("api-server-crt"), 13 | Key: []byte("api-server-key"), 14 | })...) 15 | 16 | list = append(list, certs.NewFilesCalicoEtcdClient(certs.TLS{ 17 | CA: []byte("api-server-ca"), 18 | Crt: []byte("api-server-crt"), 19 | Key: []byte("api-server-key"), 20 | })...) 21 | 22 | list = append(list, certs.NewFilesEtcd(certs.TLS{ 23 | CA: []byte("api-server-ca"), 24 | Crt: []byte("api-server-crt"), 25 | Key: []byte("api-server-key"), 26 | })...) 27 | 28 | list = append(list, certs.NewFilesServiceAccount(certs.TLS{ 29 | CA: []byte("api-server-ca"), 30 | Crt: []byte("api-server-crt"), 31 | Key: []byte("api-server-key"), 32 | })...) 33 | 34 | list = append(list, certs.NewFilesWorker(certs.TLS{ 35 | CA: []byte("api-server-ca"), 36 | Crt: []byte("api-server-crt"), 37 | Key: []byte("api-server-key"), 38 | })...) 39 | 40 | return list 41 | } 42 | -------------------------------------------------------------------------------- /service/internal/cloudconfig/spec.go: -------------------------------------------------------------------------------- 1 | package cloudconfig 2 | 3 | import ( 4 | "context" 5 | ) 6 | 7 | type Interface interface { 8 | // NewPaths returns a list of S3 Object paths aligned with the templates 9 | // returned by NewTemplates. 10 | NewPaths(ctx context.Context, obj interface{}) ([]string, error) 11 | // NewTemplates implements any functionality necessary to generate a list of 12 | // Cloud Config templates. The interface defintion is most generic in order to 13 | // serve all possible cases. The returned template is a list of Clooud Config 14 | // templates ready to upload to S3. Usually the amount of templates generated 15 | // should be 1. There may be special cases though e.g. HA Masters, where an 16 | // implementation may detect an HA Masters setting and thus needs to generate 17 | // multiple Cloud Configs based on e.g. some desired replicas configuration. 18 | // Just like NewPaths, the implementation of NewTemplates must align with the 19 | // returned items so that users of the interface are guaranteed to always work 20 | // with a key-value pair of path and template. 21 | NewTemplates(ctx context.Context, obj interface{}) ([]string, error) 22 | } 23 | -------------------------------------------------------------------------------- /service/controller/resource/tccpi/template/render_test.go: -------------------------------------------------------------------------------- 1 | package template 2 | 3 | import ( 4 | "strings" 5 | "testing" 6 | ) 7 | 8 | func Test_Controller_Resource_TCCPI_Template_Render(t *testing.T) { 9 | var err error 10 | 11 | var params *ParamsMain 12 | { 13 | iamRoles := &ParamsMainIAMRoles{ 14 | PeerAccessRoleName: "PeerAccessRoleName", 15 | Tenant: ParamsMainIAMRolesTenant{ 16 | AWS: ParamsMainIAMRolesTenantAWS{ 17 | Account: ParamsMainIAMRolesTenantAWSAccount{ 18 | ID: "TenantAWSAccountID", 19 | }, 20 | }, 21 | }, 22 | } 23 | 24 | params = &ParamsMain{ 25 | IAMRoles: iamRoles, 26 | } 27 | } 28 | 29 | var templateBody string 30 | { 31 | templateBody, err = Render(params) 32 | if err != nil { 33 | t.Fatal("expected", nil, "got", err) 34 | } 35 | } 36 | 37 | { 38 | expected := "RoleName: PeerAccessRoleName" 39 | if !strings.Contains(templateBody, expected) { 40 | t.Fatal("expected", "match", "got", "none") 41 | } 42 | } 43 | 44 | { 45 | expected := "AWS: 'TenantAWSAccountID'" 46 | if !strings.Contains(templateBody, expected) { 47 | t.Fatal("expected", "match", "got", "none") 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /service/internal/locker/mutex_locker.go: -------------------------------------------------------------------------------- 1 | package locker 2 | 3 | import ( 4 | "context" 5 | "sync" 6 | 7 | "github.com/giantswarm/microerror" 8 | "github.com/giantswarm/micrologger" 9 | ) 10 | 11 | type MutexLockerConfig struct { 12 | Logger micrologger.Logger 13 | } 14 | 15 | // MutexLocker implements Interface using sync.Mutex. For now we use a shared 16 | // instance of *MutexLocker for all IPAM related activity of network packages in 17 | // the legacy controllers and ipam resources in the clusterapi controllers. 18 | type MutexLocker struct { 19 | logger micrologger.Logger 20 | 21 | mutex sync.Mutex 22 | } 23 | 24 | func NewMutexLocker(config MutexLockerConfig) (*MutexLocker, error) { 25 | if config.Logger == nil { 26 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 27 | } 28 | 29 | l := &MutexLocker{ 30 | logger: config.Logger, 31 | 32 | mutex: sync.Mutex{}, 33 | } 34 | 35 | return l, nil 36 | } 37 | 38 | func (l *MutexLocker) Lock(ctx context.Context) error { 39 | l.mutex.Lock() 40 | return nil 41 | } 42 | 43 | func (l *MutexLocker) Unlock(ctx context.Context) error { 44 | l.mutex.Unlock() 45 | return nil 46 | } 47 | -------------------------------------------------------------------------------- /service/controller/resource/cleanupsecuritygroups/error.go: -------------------------------------------------------------------------------- 1 | package cleanupsecuritygroups 2 | 3 | import ( 4 | "github.com/aws/aws-sdk-go/aws/awserr" 5 | "github.com/giantswarm/microerror" 6 | ) 7 | 8 | var dependencyViolationError = µerror.Error{ 9 | Kind: "dependencyViolationError", 10 | } 11 | 12 | // IsDependencyViolation asserts dependencyViolationError. Additionally it 13 | // asserts AWS errors which may look like the following. 14 | // 15 | // DependencyViolation: resource sg-07423aeb02946f323 has a dependent object\n\tstatus code: 400, request id: c16da859-433c-4e59-b598-ef17f9faa770 16 | func IsDependencyViolation(err error) bool { 17 | c := microerror.Cause(err) 18 | 19 | if c == dependencyViolationError { 20 | return true 21 | } 22 | 23 | aerr, ok := c.(awserr.Error) 24 | if !ok { 25 | return false 26 | } 27 | if aerr.Code() == "DependencyViolation" { 28 | return true 29 | } 30 | 31 | return false 32 | } 33 | 34 | var invalidConfigError = µerror.Error{ 35 | Kind: "invalidConfigError", 36 | } 37 | 38 | // IsInvalidConfig asserts invalidConfigError. 39 | func IsInvalidConfig(err error) bool { 40 | return microerror.Cause(err) == invalidConfigError 41 | } 42 | -------------------------------------------------------------------------------- /service/controller/resource/s3bucket/desired.go: -------------------------------------------------------------------------------- 1 | package s3bucket 2 | 3 | import ( 4 | "context" 5 | 6 | "github.com/giantswarm/microerror" 7 | 8 | "github.com/giantswarm/aws-operator/v16/service/controller/controllercontext" 9 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 10 | ) 11 | 12 | func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) (interface{}, error) { 13 | cr, err := key.ToCluster(ctx, obj) 14 | if err != nil { 15 | return nil, microerror.Mask(err) 16 | } 17 | 18 | cc, err := controllercontext.FromContext(ctx) 19 | if err != nil { 20 | return nil, microerror.Mask(err) 21 | } 22 | 23 | // First bucket must be the delivery log bucket because otherwise 24 | // other buckets can not forward logs to it 25 | bucketsState := []BucketState{ 26 | { 27 | Name: key.TargetLogBucketName(&cr, cc.Status.TenantCluster.AWS.AccountID), 28 | IsLoggingBucket: true, 29 | IsLoggingEnabled: true, 30 | }, 31 | { 32 | Name: key.BucketName(&cr, cc.Status.TenantCluster.AWS.AccountID), 33 | IsLoggingBucket: false, 34 | IsLoggingEnabled: true, 35 | }, 36 | } 37 | 38 | return bucketsState, nil 39 | } 40 | -------------------------------------------------------------------------------- /third_party/licenses/LICENSE.ebs-automatic-nvme-mapping.txt: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Omachonu Ogali 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /service/internal/asg/internal/cache/asgs.go: -------------------------------------------------------------------------------- 1 | package cache 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/aws/aws-sdk-go/service/autoscaling" 8 | "github.com/giantswarm/operatorkit/v7/pkg/controller/context/cachekeycontext" 9 | gocache "github.com/patrickmn/go-cache" 10 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 11 | 12 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 13 | ) 14 | 15 | type ASGs struct { 16 | cache *gocache.Cache 17 | } 18 | 19 | func NewASGs() *ASGs { 20 | a := &ASGs{ 21 | cache: gocache.New(expiration, expiration/2), 22 | } 23 | 24 | return a 25 | } 26 | 27 | func (a *ASGs) Get(ctx context.Context, key string) ([]*autoscaling.Group, bool) { 28 | val, ok := a.cache.Get(key) 29 | if ok { 30 | return val.([]*autoscaling.Group), true 31 | } 32 | 33 | return nil, false 34 | } 35 | 36 | func (a *ASGs) Key(ctx context.Context, obj metav1.Object) string { 37 | ck, ok := cachekeycontext.FromContext(ctx) 38 | if ok { 39 | return fmt.Sprintf("%s/%s", ck, key.ClusterID(obj)) 40 | } 41 | 42 | return "" 43 | } 44 | 45 | func (a *ASGs) Set(ctx context.Context, key string, val []*autoscaling.Group) { 46 | a.cache.SetDefault(key, val) 47 | } 48 | -------------------------------------------------------------------------------- /service/internal/asg/internal/cache/instances.go: -------------------------------------------------------------------------------- 1 | package cache 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/aws/aws-sdk-go/service/ec2" 8 | "github.com/giantswarm/operatorkit/v7/pkg/controller/context/cachekeycontext" 9 | gocache "github.com/patrickmn/go-cache" 10 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 11 | 12 | "github.com/giantswarm/aws-operator/v16/service/controller/key" 13 | ) 14 | 15 | type Instances struct { 16 | cache *gocache.Cache 17 | } 18 | 19 | func NewInstances() *Instances { 20 | i := &Instances{ 21 | cache: gocache.New(expiration, expiration/2), 22 | } 23 | 24 | return i 25 | } 26 | 27 | func (i *Instances) Get(ctx context.Context, key string) ([]*ec2.Instance, bool) { 28 | val, ok := i.cache.Get(key) 29 | if ok { 30 | return val.([]*ec2.Instance), true 31 | } 32 | 33 | return nil, false 34 | } 35 | 36 | func (i *Instances) Key(ctx context.Context, obj metav1.Object) string { 37 | ck, ok := cachekeycontext.FromContext(ctx) 38 | if ok { 39 | return fmt.Sprintf("%s/%s", ck, key.ClusterID(obj)) 40 | } 41 | 42 | return "" 43 | } 44 | 45 | func (i *Instances) Set(ctx context.Context, key string, val []*ec2.Instance) { 46 | i.cache.SetDefault(key, val) 47 | } 48 | -------------------------------------------------------------------------------- /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | 3 | orbs: 4 | architect: giantswarm/architect@5.2.0 5 | 6 | workflows: 7 | build: 8 | jobs: 9 | - architect/go-build: 10 | name: go-build 11 | binary: aws-operator 12 | resource_class: xlarge 13 | filters: 14 | tags: 15 | only: /^v.*/ 16 | 17 | - architect/push-to-registries: 18 | context: architect 19 | name: push-to-registries 20 | requires: 21 | - go-build 22 | filters: 23 | branches: 24 | ignore: 25 | - main 26 | - master 27 | tags: 28 | only: /^v.*/ 29 | 30 | - architect/push-to-app-catalog: 31 | name: push-to-app-catalog 32 | app_catalog: "control-plane-catalog" 33 | app_catalog_test: "control-plane-test-catalog" 34 | chart: "aws-operator" 35 | context: architect 36 | requires: 37 | - push-to-registries 38 | filters: 39 | branches: 40 | ignore: 41 | - main 42 | - master 43 | tags: 44 | only: /^v.*/ 45 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcid/resource.go: -------------------------------------------------------------------------------- 1 | package tccpvpcid 2 | 3 | import ( 4 | "context" 5 | 6 | infrastructurev1alpha3 "github.com/giantswarm/apiextensions/v6/pkg/apis/infrastructure/v1alpha3" 7 | "github.com/giantswarm/microerror" 8 | "github.com/giantswarm/micrologger" 9 | ) 10 | 11 | const ( 12 | Name = "tccpvpcid" 13 | ) 14 | 15 | type Config struct { 16 | Logger micrologger.Logger 17 | ToClusterFunc func(ctx context.Context, v interface{}) (infrastructurev1alpha3.AWSCluster, error) 18 | } 19 | 20 | type Resource struct { 21 | logger micrologger.Logger 22 | toClusterFunc func(ctx context.Context, v interface{}) (infrastructurev1alpha3.AWSCluster, error) 23 | } 24 | 25 | func New(config Config) (*Resource, error) { 26 | if config.Logger == nil { 27 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 28 | } 29 | if config.ToClusterFunc == nil { 30 | return nil, microerror.Maskf(invalidConfigError, "%T.ToClusterFunc must not be empty", config) 31 | } 32 | 33 | r := &Resource{ 34 | logger: config.Logger, 35 | toClusterFunc: config.ToClusterFunc, 36 | } 37 | 38 | return r, nil 39 | } 40 | 41 | func (r *Resource) Name() string { 42 | return Name 43 | } 44 | -------------------------------------------------------------------------------- /service/controller/resource/tccpvpcpcx/resource.go: -------------------------------------------------------------------------------- 1 | package tccpvpcpcx 2 | 3 | import ( 4 | "context" 5 | 6 | infrastructurev1alpha3 "github.com/giantswarm/apiextensions/v6/pkg/apis/infrastructure/v1alpha3" 7 | "github.com/giantswarm/microerror" 8 | "github.com/giantswarm/micrologger" 9 | ) 10 | 11 | const ( 12 | Name = "tccpvpcpcx" 13 | ) 14 | 15 | type Config struct { 16 | Logger micrologger.Logger 17 | ToClusterFunc func(ctx context.Context, v interface{}) (infrastructurev1alpha3.AWSCluster, error) 18 | } 19 | 20 | type Resource struct { 21 | logger micrologger.Logger 22 | toClusterFunc func(ctx context.Context, v interface{}) (infrastructurev1alpha3.AWSCluster, error) 23 | } 24 | 25 | func New(config Config) (*Resource, error) { 26 | if config.Logger == nil { 27 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 28 | } 29 | if config.ToClusterFunc == nil { 30 | return nil, microerror.Maskf(invalidConfigError, "%T.ToClusterFunc must not be empty", config) 31 | } 32 | 33 | r := &Resource{ 34 | logger: config.Logger, 35 | toClusterFunc: config.ToClusterFunc, 36 | } 37 | 38 | return r, nil 39 | } 40 | 41 | func (r *Resource) Name() string { 42 | return Name 43 | } 44 | -------------------------------------------------------------------------------- /service/controller/resource/tccpnatgateways/resource.go: -------------------------------------------------------------------------------- 1 | package tccpnatgateways 2 | 3 | import ( 4 | "context" 5 | 6 | infrastructurev1alpha3 "github.com/giantswarm/apiextensions/v6/pkg/apis/infrastructure/v1alpha3" 7 | "github.com/giantswarm/microerror" 8 | "github.com/giantswarm/micrologger" 9 | ) 10 | 11 | const ( 12 | Name = "tccpnatgateways" 13 | ) 14 | 15 | type Config struct { 16 | Logger micrologger.Logger 17 | ToClusterFunc func(ctx context.Context, v interface{}) (infrastructurev1alpha3.AWSCluster, error) 18 | } 19 | 20 | type Resource struct { 21 | logger micrologger.Logger 22 | toClusterFunc func(ctx context.Context, v interface{}) (infrastructurev1alpha3.AWSCluster, error) 23 | } 24 | 25 | func New(config Config) (*Resource, error) { 26 | if config.Logger == nil { 27 | return nil, microerror.Maskf(invalidConfigError, "%T.Logger must not be empty", config) 28 | } 29 | if config.ToClusterFunc == nil { 30 | return nil, microerror.Maskf(invalidConfigError, "%T.ToClusterFunc must not be empty", config) 31 | } 32 | 33 | r := &Resource{ 34 | logger: config.Logger, 35 | toClusterFunc: config.ToClusterFunc, 36 | } 37 | 38 | return r, nil 39 | } 40 | 41 | func (r *Resource) Name() string { 42 | return Name 43 | } 44 | -------------------------------------------------------------------------------- /service/internal/encrypter/kms/error.go: -------------------------------------------------------------------------------- 1 | package kms 2 | 3 | import ( 4 | "github.com/aws/aws-sdk-go/aws/awserr" 5 | "github.com/aws/aws-sdk-go/service/kms" 6 | "github.com/giantswarm/microerror" 7 | ) 8 | 9 | var invalidConfigError = µerror.Error{ 10 | Kind: "invalidConfigError", 11 | } 12 | 13 | // IsInvalidConfig asserts invalidConfigError. 14 | func IsInvalidConfig(err error) bool { 15 | return microerror.Cause(err) == invalidConfigError 16 | } 17 | 18 | var keyNotFoundError = µerror.Error{ 19 | Kind: "keyNotFoundError", 20 | } 21 | 22 | // IsKeyNotFound asserts keyNotFoundError. 23 | func IsKeyNotFound(err error) bool { 24 | if err == nil { 25 | return false 26 | } 27 | 28 | c := microerror.Cause(err) 29 | 30 | aerr, ok := c.(awserr.Error) 31 | if ok && aerr.Code() == kms.ErrCodeNotFoundException { 32 | return true 33 | } 34 | 35 | if c == keyNotFoundError { 36 | return true 37 | } 38 | 39 | return false 40 | } 41 | 42 | var keyScheduledForDeletionError = µerror.Error{ 43 | Kind: "keyScheduledForDeletionError", 44 | } 45 | 46 | // IsKeyScheduledForDeletion asserts keyScheduledForDeletionError. 47 | func IsKeyScheduledForDeletion(err error) bool { 48 | return microerror.Cause(err) == keyScheduledForDeletionError 49 | } 50 | -------------------------------------------------------------------------------- /helm/aws-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- .Chart.Name | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create chart name and version as used by the chart label. 11 | */}} 12 | {{- define "chart" -}} 13 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 14 | {{- end -}} 15 | 16 | {{/* 17 | Common labels 18 | */}} 19 | {{- define "labels.common" -}} 20 | app: {{ include "name" . | quote }} 21 | {{ include "labels.selector" . }} 22 | application.giantswarm.io/branch: {{ .Values.project.branch | quote }} 23 | application.giantswarm.io/commit: {{ .Values.project.commit | quote }} 24 | app.kubernetes.io/managed-by: {{ .Release.Service | quote }} 25 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 26 | application.giantswarm.io/team: {{ index .Chart.Annotations "application.giantswarm.io/team" | quote }} 27 | helm.sh/chart: {{ include "chart" . | quote }} 28 | {{- end -}} 29 | 30 | {{/* 31 | Selector labels 32 | */}} 33 | {{- define "labels.selector" -}} 34 | app.kubernetes.io/name: {{ include "name" . | quote }} 35 | app.kubernetes.io/instance: {{ .Release.Name | quote }} 36 | {{- end -}} 37 | --------------------------------------------------------------------------------