apiVersion: kro.run/v1alpha1
kind: ResourceGraphDefinition
metadata:
  name: vpc.kro.run
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
    argocd.argoproj.io/sync-wave: "-1"
spec:
  schema:
    apiVersion: v1alpha1
    kind: Vpc
    spec:
      name: string
      region: string
      cidr:
        vpcCidr: string | default="10.0.0.0/16"
        publicSubnet1Cidr: string | default="10.0.1.0/24"
        publicSubnet2Cidr: string | default="10.0.2.0/24"
        privateSubnet1Cidr: string | default="10.0.11.0/24"
        privateSubnet2Cidr: string | default="10.0.12.0/24"
    status:
      vpcID: ${vpc.status.vpcID}
      publicSubnet1ID: ${publicSubnet1.status.subnetID}
      publicSubnet2ID: ${publicSubnet2.status.subnetID}
      privateSubnet1ID: ${privateSubnet1.status.subnetID}
      privateSubnet2ID: ${privateSubnet2.status.subnetID}
  resources: # how to publish a field in the RG claim e.g. vpcID
  - id: vpc
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: VPC
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-vpc
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        cidrBlocks: 
        - ${schema.spec.cidr.vpcCidr}
        enableDNSSupport: true
        enableDNSHostnames: true
        tags:
          - key: "Name"
            value: ${schema.spec.name}-vpc
  - id: internetGateway
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: InternetGateway
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-igw
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        vpc: ${vpc.status.vpcID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-igw
  - id: natGateway1
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: NATGateway
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-nat-gateway1
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        subnetID: ${publicSubnet1.status.subnetID}
        allocationID: ${eip1.status.allocationID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-nat-gateway1
  - id: natGateway2
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: NATGateway
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-nat-gateway2
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        subnetID: ${publicSubnet2.status.subnetID}
        allocationID: ${eip2.status.allocationID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-nat-gateway2
  - id: eip1
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: ElasticIPAddress
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-eip1
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        tags:
          - key: "Name"
            value: ${schema.spec.name}-eip1
  - id: eip2
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: ElasticIPAddress
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-eip2
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        tags:
          - key: "Name"
            value: ${schema.spec.name}-eip2
  - id: publicRoutetable
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: RouteTable
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-public-routetable
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        vpcID: ${vpc.status.vpcID}
        routes:
        - destinationCIDRBlock: 0.0.0.0/0
          gatewayID: ${internetGateway.status.internetGatewayID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-public-routetable
  - id: privateRoutetable1
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: RouteTable
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-private-routetable1
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        vpcID: ${vpc.status.vpcID}
        routes:
        - destinationCIDRBlock: 0.0.0.0/0
          natGatewayID: ${natGateway1.status.natGatewayID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-private-routetable1
  - id: privateRoutetable2
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: RouteTable
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-private-routetable2
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        vpcID: ${vpc.status.vpcID}
        routes:
        - destinationCIDRBlock: 0.0.0.0/0
          natGatewayID: ${natGateway2.status.natGatewayID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-private-routetable2
  - id: publicSubnet1
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: Subnet
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-public-subnet1
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        availabilityZone: ${schema.spec.region}a
        cidrBlock: ${schema.spec.cidr.publicSubnet1Cidr}
        mapPublicIPOnLaunch: true
        vpcID: ${vpc.status.vpcID}
        routeTables:
        - ${publicRoutetable.status.routeTableID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-public-subnet1
          - key: kubernetes.io/role/elb
            value: '1'
  - id: publicSubnet2
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: Subnet
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-public-subnet2
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        availabilityZone: ${schema.spec.region}b
        cidrBlock: ${schema.spec.cidr.publicSubnet2Cidr}
        mapPublicIPOnLaunch: true
        vpcID: ${vpc.status.vpcID}
        routeTables:
        - ${publicRoutetable.status.routeTableID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-public-subnet2
          - key: kubernetes.io/role/elb
            value: '1'
  - id: privateSubnet1
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: Subnet
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-private-subnet1
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        availabilityZone: ${schema.spec.region}a
        cidrBlock: ${schema.spec.cidr.privateSubnet1Cidr}
        vpcID: ${vpc.status.vpcID}
        routeTables:
        - ${privateRoutetable1.status.routeTableID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-private-subnet1
          - key: kubernetes.io/role/internal-elb
            value: '1'
  - id: privateSubnet2
    template:
      apiVersion: ec2.services.k8s.aws/v1alpha1
      kind: Subnet
      metadata:
        namespace: ${schema.spec.name}
        name: ${schema.spec.name}-private-subnet2
        annotations:
          services.k8s.aws/region: ${schema.spec.region}
      spec:
        availabilityZone: ${schema.spec.region}b
        cidrBlock: ${schema.spec.cidr.privateSubnet2Cidr}
        vpcID: ${vpc.status.vpcID}
        routeTables:
        - ${privateRoutetable2.status.routeTableID}
        tags:
          - key: "Name"
            value: ${schema.spec.name}-private-subnet2
          - key: kubernetes.io/role/internal-elb
            value: '1'