Introduce aws-load-balancer-controller

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "build"]
 	path = build
-	url = https://github.com/upbound/build
+	url = https://github.com/crossplane/build

Makefile

@@ -1,5 +1,45 @@
+# Usage
+# ====================================================================================
+# Generic Makefile to be used across repositories building a crossplane configuration
+# package
+#
+# Available targets:
+#
+# - `yamllint`
+#   Runs yamllint for all files in `api`-folder recursively
+#
+# - `render`
+#   Runs crossplane render to render the output of the composition. Usefule for quick
+#   feedback in order to test templating.
+#   Important note:
+#		Claims need following annotations in order for render to work (adjust the paths
+#		if necessary):
+#			render.crossplane.io/composition-path: apis/pat/composition.yaml
+#			render.crossplane.io/function-path: examples/functions.yaml
+#
+# - `e2e`
+#   Runs full end-to-end test, including creating cluster, setting up the configuration
+#   and testing if create, import and delete work as expected.
+#   This target requires the following environment variables to be set:
+#   UPTEST_CLOUD_CREDENTIALS, cloud credentials for the provider being tested, e.g. export UPTEST_CLOUD_CREDENTIALS=$(cat ~/.aws/credentials)
+#
+#	Available options:
+#		UPTEST_SKIP_DELETE (default `false`) skips the deletion of any resources created during the test
+#		UPTEST_SKIP_UPDATE (default `false`) skips testing the update of the claims
+#		UPTEST_SKIP_IMPORT (default `true`) skips testing the import of resources
+#	Example:
+#		`make e2e UPTEST_SKIP_DELETE=true`
+
 # Project Setup
-PROJECT_NAME := platform-ref-aws
+# ====================================================================================
+
+# Include project.mk for project specific settings
+include project.mk
+
+ifndef PROJECT_NAME
+  $(error PROJECT_NAME is not set. Please create `project.mk` and set it there.)
+endif
+
 PROJECT_REPO := github.com/upbound/$(PROJECT_NAME)
 
 # NOTE(hasheddan): the platform is insignificant here as Configuration package
@@ -11,9 +51,9 @@ PLATFORMS ?= linux_amd64
 # ====================================================================================
 # Setup Kubernetes tools
 
-UP_VERSION = v0.31.0
+UP_VERSION = v0.34.0
 UP_CHANNEL = stable
-UPTEST_VERSION = v0.11.1
+CROSSPLANE_CLI_VERSION = v1.17.1
 
 -include build/makelib/k8s_tools.mk
 # ====================================================================================
@@ -27,11 +67,25 @@ XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/upbound
 XPKGS = $(PROJECT_NAME)
 -include build/makelib/xpkg.mk
 
+CROSSPLANE_VERSION = v1.17.1-up.1
+CROSSPLANE_CHART_REPO = https://charts.upbound.io/stable
+CROSSPLANE_CHART_NAME = universal-crossplane
 CROSSPLANE_NAMESPACE = upbound-system
 CROSSPLANE_ARGS = "--enable-usages"
+KIND_CLUSTER_NAME ?= uptest-$(PROJECT_NAME)
+
 -include build/makelib/local.xpkg.mk
 -include build/makelib/controlplane.mk
 
+# ====================================================================================
+# Testing
+
+UPTEST_VERSION = v1.1.2
+UPTEST_LOCAL_DEPLOY_TARGET = local.xpkg.deploy.configuration.$(PROJECT_NAME)
+UPTEST_DEFAULT_TIMEOUT = 3600s
+
+-include build/makelib/uptest.mk
+
 # ====================================================================================
 # Targets
 
@@ -55,29 +109,30 @@ submodules:
 # machinery sets UP to point to tool cache.
 build.init: $(UP)
 
-# ====================================================================================
-# End to End Testing
-
-# This target requires the following environment variables to be set:
-# - UPTEST_CLOUD_CREDENTIALS, cloud credentials for the provider being tested, e.g. export UPTEST_CLOUD_CREDENTIALS=$(cat ~/.aws/credentials)
-# - To ensure the proper functioning of the end-to-end test resource pre-deletion hook, it is crucial to arrange your resources appropriately.
-#   You can check the basic implementation here: https://github.com/upbound/uptest/blob/main/internal/templates/01-delete.yaml.tmpl.
-# - UPTEST_DATASOURCE_PATH (optional), see https://github.com/upbound/uptest#injecting-dynamic-values-and-datasource
-uptest: $(UPTEST) $(KUBECTL) $(KUTTL)
-	@$(INFO) running automated tests
-	@KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) $(UPTEST) e2e examples/app-claim.yaml,examples/mariadb-claim.yaml,examples/cluster-claim.yaml --data-source="${UPTEST_DATASOURCE_PATH}" --setup-script=test/setup.sh --default-timeout=2400 || $(FAIL)
-	@$(OK) running automated tests
-
-# This target requires the following environment variables to be set:
-# - UPTEST_CLOUD_CREDENTIALS, cloud credentials for the provider being tested, e.g. export UPTEST_CLOUD_CREDENTIALS=$(cat ~/.aws/credentials)
-e2e: build controlplane.up local.xpkg.deploy.configuration.$(PROJECT_NAME) uptest
-
-render:
-	crossplane beta render examples/cluster-claim.yaml apis/cluster/composition.yaml examples/functions.yaml -r
-
-yamllint:
-	@$(INFO) running yamllint
-	@yamllint ./apis || $(FAIL)
-	@$(OK) running yamllint
-
-.PHONY: uptest e2e render yamllint
+.PHONY: check-examples
+check-examples: ## Check examples for sanity
+	@$(INFO) Checking if package versions in dependencies match examples
+	@FN_EXAMPLES=$$( \
+		find examples -type f -name "*.yaml" | \
+		xargs yq 'select(.kind == "Function" and (.apiVersion | test("^pkg.crossplane.io/"))) | .spec.package' | \
+		sort -u); \
+	FN_DEPS=$$( \
+		yq '.spec.dependsOn[] | select(.function != null) | (.function + ":" + .version)' crossplane.yaml | \
+		sort -u \
+	); \
+	if [ $$FN_EXAMPLES != $$FN_DEPS ]; then \
+		echo "Function package versions in examples and in crossplane.yaml don't match!"; \
+		echo "" ; \
+		echo "Versions in dependencies:"; \
+		echo "---" ; \
+		echo "$$FN_DEPS"; \
+		echo "" ; \
+		echo "Versions in examples:"; \
+		echo "---" ; \
+		echo "$$FN_EXAMPLES"; \
+		exit 1; \
+	fi;
+	@$(OK) Package versions are sane
+
+help.local:
+	@grep -E '^[a-zA-Z_-]+.*:.*?## .*$$' Makefile | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

README.md

@@ -16,7 +16,7 @@ distributed directly to the app namespace.
 ## Overview
 
 This reference platform outlines a specialized API for generating an EKS cluster
-([XCluster](apis/cluster/definition.yaml)) that incorporates XRs from the specified configurations:
+([XCluster](apis/pat/definition.yaml)) that incorporates XRs from the specified configurations:
 
 * [upbound-configuration-app](https://github.com/upbound/configuration-app)
 * [upbound-configuration-aws-database](https://github.com/upbound/configuration-aws-database)

apis/cluster/composition.yaml → apis/pat/composition.yaml

@@ -54,6 +54,9 @@ spec:
               - type: FromCompositeFieldPath
                 fromFieldPath: spec.parameters.id
                 toFieldPath: metadata.labels[xeks.aws.platform.upbound.io/cluster-id]
+              - type: FromCompositeFieldPath
+                fromFieldPath: metadata.labels[platform.upbound.io/deletion-ordering]
+                toFieldPath: metadata.labels[platform.upbound.io/deletion-ordering]
               - type: FromCompositeFieldPath
                 fromFieldPath: spec.parameters.id
                 toFieldPath: spec.parameters.id
@@ -90,11 +93,11 @@ spec:
                 fromFieldPath: spec.parameters.nodes.instanceType
                 toFieldPath: spec.parameters.nodes.instanceType
               - type: FromCompositeFieldPath
-                fromFieldPath: spec.parameters.iam.roleArn
-                toFieldPath: spec.parameters.iam.roleArn
-              - type: FromCompositeFieldPath
-                fromFieldPath: spec.parameters.iam.userArn
-                toFieldPath: spec.parameters.iam.userArn
+                fromFieldPath: spec.parameters.iam.principalArn
+                toFieldPath: spec.parameters.iam.principalArn
+              - type: ToCompositeFieldPath
+                fromFieldPath: status.eks.clusterName
+                toFieldPath: status.clusterName
 
           - name: XOss
             base:
@@ -132,6 +135,51 @@ spec:
                 fromFieldPath: spec.parameters.gitops
                 toFieldPath: spec.parameters.source
 
+          - name: XAWSLBController
+            base:
+              apiVersion: aws.platform.upbound.io/v1alpha1
+              kind: XAWSLBController
+              spec:
+                parameters:
+                  providerConfigName: platform-ref-aws
+            patches:
+              - type: FromCompositeFieldPath
+                fromFieldPath: status.oidcProvider
+                toFieldPath: spec.parameters.oidcProvider
+              - type: FromCompositeFieldPath
+                fromFieldPath: spec.parameters.deletionPolicy
+                toFieldPath: spec.parameters.deletionPolicy
+              - type: FromCompositeFieldPath
+                fromFieldPath: spec.parameters.providerConfigName
+                toFieldPath: spec.parameters.providerConfigName
+              - type: FromCompositeFieldPath
+                fromFieldPath: spec.parameters.id
+                toFieldPath: spec.parameters.helm.providerConfigName
+              - type: FromCompositeFieldPath
+                fromFieldPath: spec.parameters.region
+                toFieldPath: spec.parameters.region
+              - type: FromCompositeFieldPath
+                fromFieldPath: status.clusterName
+                policy:
+                  fromFieldPath: Required
+                toFieldPath: spec.parameters.clusterName
+
+          - name: usageXNetworkByXEKS
+            base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                by:
+                  apiVersion: aws.platform.upbound.io/v1alpha1
+                  kind: XEKS
+                  resourceSelector:
+                    matchControllerRef: true
+                of:
+                  apiVersion: aws.platform.upbound.io/v1alpha1
+                  kind: XNetwork
+                  resourceSelector:
+                    matchControllerRef: true
+
           - name: usageXEksByXFlux
             base:
               apiVersion: apiextensions.crossplane.io/v1alpha1
@@ -182,3 +230,22 @@ spec:
                     matchControllerRef: true
             readinessChecks:
               - type: None
+
+          - name: usageXAWSLBControllerByArbitraryLabeledApp
+            base:
+              apiVersion: apiextensions.crossplane.io/v1alpha1
+              kind: Usage
+              spec:
+                by:
+                  apiVersion: platform.upbound.io/v1alpha1
+                  kind: XApp
+                  resourceSelector:
+                    matchLabels:
+                      platform.upbound.io/deletion-ordering: enabled
+                of:
+                  apiVersion: aws.platform.upbound.io/v1alpha1
+                  kind: XAWSLBController
+                  resourceSelector:
+                    matchControllerRef: true
+            readinessChecks:
+              - type: None

apis/cluster/definition.yaml → apis/pat/definition.yaml

@@ -28,6 +28,9 @@ spec:
                   type: object
                   description: Cluster configuration parameters.
                   properties:
+                    clusterName:
+                      type: string
+                      description: The name of the cluster on the cloud platform.
                     id:
                       type: string
                       description: ID of this Cluster that other objects will use to refer to it.
@@ -38,18 +41,14 @@ spec:
                       type: object
                       description: IAM configuration to connect as ClusterAdmin.
                       properties:
-                        roleArn:
-                          description: The IAM Role ARN to connect as ClusterAdmin.
-                          type: string
-                        userArn:
-                          description: The IAM User ARN to connect as ClusterAdmin.
+                        principalArn:
+                          description: The IAM Principal ARN to connect as ClusterAdmin.
                           type: string
                     networkSelector:
                       type: string
                       description: NetworkSelector employs a specific type of network architecture.
                       enum:
                         - basic
-                      default: basic
                     deletionPolicy:
                       description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete
                       enum:
@@ -186,6 +185,8 @@ spec:
             status:
               type: object
               properties:
+                clusterName:
+                  type: string
                 subnetIds:
                   type: array
                   items:

crossplane.yaml

@@ -30,24 +30,27 @@ spec:
   crossplane:
     version: ">=v1.14.1-0"
   dependsOn:
+    - configuration: xpkg.upbound.io/upbound/configuration-aws-lb-controller
+      # renovate: datasource=github-releases depName=upbound/configuration-aws-lb-controller
+      version: "v0.1.0"
     - configuration: xpkg.upbound.io/upbound/configuration-aws-network
       # renovate: datasource=github-releases depName=upbound/configuration-aws-network
-      version: "v0.12.0"
+      version: "v0.18.0"
     - configuration: xpkg.upbound.io/upbound/configuration-aws-database
       # renovate: datasource=github-releases depName=upbound/configuration-aws-database
-      version: "v0.10.0"
+      version: "v0.11.1"
     - configuration: xpkg.upbound.io/upbound/configuration-aws-eks
       # renovate: datasource=github-releases depName=upbound/configuration-aws-eks
-      version: "v0.11.0"
+      version: "v0.13.1"
     - configuration: xpkg.upbound.io/upbound/configuration-app
       # renovate: datasource=github-releases depName=upbound/configuration-app
-      version: "v0.5.0"
+      version: "v0.9.0"
     - configuration: xpkg.upbound.io/upbound/configuration-observability-oss
       # renovate: datasource=github-releases depName=upbound/configuration-observability-oss
-      version: "v0.5.0"
+      version: "v0.7.1"
     - configuration: xpkg.upbound.io/upbound/configuration-gitops-flux
       # renovate: datasource=github-releases depName=upbound/configuration-gitops-flux
-      version: "v0.6.0"
+      version: "v0.8.0"
     - function: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform
       # renovate: datasource=github-releases depName=crossplane-contrib/function-patch-and-transform
-      version: "v0.4.0"
+      version: "v0.7.0"

examples/app-claim.yaml

@@ -8,6 +8,17 @@ metadata:
 spec:
   compositeDeletePolicy: Foreground
   parameters:
+    helm:
+      values:
+        ingress:
+          annotations:
+            alb.ingress.kubernetes.io/scheme: internet-facing
+            alb.ingress.kubernetes.io/target-type: ip
+          enabled: true
+          ingressClassName: alb
+        service:
+          type: ClusterIP
+      wait: true
     providerConfigName: platform-ref-aws
     passwordSecretRef:
       namespace: default

examples/cluster-claim.yaml

@@ -1,18 +1,22 @@
 apiVersion: aws.platformref.upbound.io/v1alpha1
 kind: Cluster
 metadata:
+  annotations:
+    render.crossplane.io/composition-path: apis/pat/composition.yaml
+    render.crossplane.io/function-path: examples/functions.yaml
   name: platform-ref-aws
   namespace: default
+  labels:
+    platform.upbound.io/deletion-ordering: enabled
 spec:
   compositeDeletePolicy: Foreground
   parameters:
     id: platform-ref-aws
     region: us-west-2
     version: "1.27"
-    iam:
+    #iam:
       # replace with your custom arn like:
-      # roleArn: arn:aws:iam::123456789:role/AWSReservedSSO_AdministratorAccess_d703c73ed340fde7
-      roleArn: ${data.aws_eks_iam_default_admin}
+      # principalArn: arn:aws:iam::123456789:role/AWSReservedSSO_AdministratorAccess_d703c73ed340fde7
     nodes:
       count: 3
       instanceType: t3.small

examples/functions.yaml

@@ -3,4 +3,4 @@ kind: Function
 metadata:
   name: crossplane-contrib-function-patch-and-transform
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.2.1
+  package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.7.0

examples/mariadb-claim.yaml

@@ -7,7 +7,7 @@ spec:
   parameters:
     region: us-west-2
     engine: mariadb
-    engineVersion: "10.6.10"
+    engineVersion: "10.6.19"
     storageGB: 5
     autoGeneratePassword: true
     passwordSecretRef:

project.mk

@@ -0,0 +1,4 @@
+PROJECT_NAME := platform-ref-aws
+UPTEST_INPUT_MANIFESTS := examples/cluster-claim.yaml,examples/mariadb-claim.yaml,examples/app-claim.yaml
+UPTEST_SKIP_IMPORT := true
+UPTEST_SKIP_UPDATE := true