250 lines
8.0 KiB
YAML
250 lines
8.0 KiB
YAML
apiVersion: kro.run/v1alpha1
|
|
kind: ResourceGraphDefinition
|
|
metadata:
|
|
name: vpc.kro.run
|
|
annotations:
|
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
|
argocd.argoproj.io/sync-wave: "-1"
|
|
spec:
|
|
schema:
|
|
apiVersion: v1alpha1
|
|
kind: Vpc
|
|
spec:
|
|
name: string
|
|
region: string
|
|
az1Suffix: string | default="a"
|
|
az2Suffix: string | default="b"
|
|
cidr:
|
|
vpcCidr: string | default="10.0.0.0/16"
|
|
publicSubnet1Cidr: string | default="10.0.1.0/24"
|
|
publicSubnet2Cidr: string | default="10.0.2.0/24"
|
|
privateSubnet1Cidr: string | default="10.0.11.0/24"
|
|
privateSubnet2Cidr: string | default="10.0.12.0/24"
|
|
status:
|
|
vpcID: ${vpc.status.vpcID}
|
|
publicSubnet1ID: ${publicSubnet1.status.subnetID}
|
|
publicSubnet2ID: ${publicSubnet2.status.subnetID}
|
|
privateSubnet1ID: ${privateSubnet1.status.subnetID}
|
|
privateSubnet2ID: ${privateSubnet2.status.subnetID}
|
|
resources: # how to publish a field in the RG claim e.g. vpcID
|
|
- id: vpc
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: VPC
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-vpc
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
cidrBlocks:
|
|
- ${schema.spec.cidr.vpcCidr}
|
|
enableDNSSupport: true
|
|
enableDNSHostnames: true
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-vpc
|
|
- id: internetGateway
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: InternetGateway
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-igw
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
vpc: ${vpc.status.vpcID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-igw
|
|
- id: natGateway1
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: NATGateway
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-nat-gateway1
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
subnetID: ${publicSubnet1.status.subnetID}
|
|
allocationID: ${eip1.status.allocationID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-nat-gateway1
|
|
- id: natGateway2
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: NATGateway
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-nat-gateway2
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
subnetID: ${publicSubnet2.status.subnetID}
|
|
allocationID: ${eip2.status.allocationID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-nat-gateway2
|
|
- id: eip1
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: ElasticIPAddress
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-eip1
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-eip1
|
|
- id: eip2
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: ElasticIPAddress
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-eip2
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-eip2
|
|
- id: publicRoutetable
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: RouteTable
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-public-routetable
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
vpcID: ${vpc.status.vpcID}
|
|
routes:
|
|
- destinationCIDRBlock: 0.0.0.0/0
|
|
gatewayID: ${internetGateway.status.internetGatewayID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-public-routetable
|
|
- id: privateRoutetable1
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: RouteTable
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-private-routetable1
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
vpcID: ${vpc.status.vpcID}
|
|
routes:
|
|
- destinationCIDRBlock: 0.0.0.0/0
|
|
natGatewayID: ${natGateway1.status.natGatewayID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-private-routetable1
|
|
- id: privateRoutetable2
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: RouteTable
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-private-routetable2
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
vpcID: ${vpc.status.vpcID}
|
|
routes:
|
|
- destinationCIDRBlock: 0.0.0.0/0
|
|
natGatewayID: ${natGateway2.status.natGatewayID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-private-routetable2
|
|
- id: publicSubnet1
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: Subnet
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-public-subnet1
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
availabilityZone: ${schema.spec.region}${schema.spec.az1Suffix}
|
|
cidrBlock: ${schema.spec.cidr.publicSubnet1Cidr}
|
|
mapPublicIPOnLaunch: true
|
|
vpcID: ${vpc.status.vpcID}
|
|
routeTables:
|
|
- ${publicRoutetable.status.routeTableID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-public-subnet1
|
|
- key: kubernetes.io/role/elb
|
|
value: '1'
|
|
- id: publicSubnet2
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: Subnet
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-public-subnet2
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
availabilityZone: ${schema.spec.region}${schema.spec.az2Suffix}
|
|
cidrBlock: ${schema.spec.cidr.publicSubnet2Cidr}
|
|
mapPublicIPOnLaunch: true
|
|
vpcID: ${vpc.status.vpcID}
|
|
routeTables:
|
|
- ${publicRoutetable.status.routeTableID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-public-subnet2
|
|
- key: kubernetes.io/role/elb
|
|
value: '1'
|
|
- id: privateSubnet1
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: Subnet
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-private-subnet1
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
availabilityZone: ${schema.spec.region}${schema.spec.az1Suffix}
|
|
cidrBlock: ${schema.spec.cidr.privateSubnet1Cidr}
|
|
vpcID: ${vpc.status.vpcID}
|
|
routeTables:
|
|
- ${privateRoutetable1.status.routeTableID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-private-subnet1
|
|
- key: kubernetes.io/role/internal-elb
|
|
value: '1'
|
|
- id: privateSubnet2
|
|
template:
|
|
apiVersion: ec2.services.k8s.aws/v1alpha1
|
|
kind: Subnet
|
|
metadata:
|
|
namespace: ${schema.spec.name}
|
|
name: ${schema.spec.name}-private-subnet2
|
|
annotations:
|
|
services.k8s.aws/region: ${schema.spec.region}
|
|
spec:
|
|
availabilityZone: ${schema.spec.region}${schema.spec.az2Suffix}
|
|
cidrBlock: ${schema.spec.cidr.privateSubnet2Cidr}
|
|
vpcID: ${vpc.status.vpcID}
|
|
routeTables:
|
|
- ${privateRoutetable2.status.routeTableID}
|
|
tags:
|
|
- key: "Name"
|
|
value: ${schema.spec.name}-private-subnet2
|
|
- key: kubernetes.io/role/internal-elb
|
|
value: '1'
|