maxmustermann/pulumi
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
pulumi/pkg/codegen/internal/test/testdata/aws-eks.pp.go
Pat Gavlin 7b1d6ec1ac
Reify Input and Optional types in the schema type system. (#7059) 
These changes support arbitrary combinations of input + plain types
within a schema. Handling plain types at the property level was not
sufficient to support such combinations. Reifying these types
required updating quite a bit of code. This is likely to have caused
some temporary complications, but should eventually lead to
substantial simplification in the SDK and program code generators.

With the new design, input and optional types are explicit in the schema
type system. Optionals will only appear at the outermost level of a type
(i.e. Input<Optional<>>, Array<Optional<>>, etc. will not occur). In
addition to explicit input types, each object type now has a "plain"
shape and an "input" shape. The former uses only plain types; the latter
uses input shapes wherever a plain type is not specified. Plain types
are indicated in the schema by setting the "plain" property of a type spec
to true.
2021-06-24 09:17:55 -07:00

288 lines
8.1 KiB
Go
Raw Blame History

package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/ec2"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/eks"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
eksVpc, err := ec2.NewVpc(ctx, "eksVpc", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.100.0.0/16"),
InstanceTenancy: pulumi.String("default"),
EnableDnsHostnames: pulumi.Bool(true),
EnableDnsSupport: pulumi.Bool(true),
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-eks-vpc"),
},
})
if err != nil {
return err
}
eksIgw, err := ec2.NewInternetGateway(ctx, "eksIgw", &ec2.InternetGatewayArgs{
VpcId: eksVpc.ID(),
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-vpc-ig"),
},
})
if err != nil {
return err
}
eksRouteTable, err := ec2.NewRouteTable(ctx, "eksRouteTable", &ec2.RouteTableArgs{
VpcId: eksVpc.ID(),
Routes: ec2.RouteTableRouteArray{
&ec2.RouteTableRouteArgs{
CidrBlock: pulumi.String("0.0.0.0/0"),
GatewayId: eksIgw.ID(),
},
},
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-vpc-rt"),
},
})
if err != nil {
return err
}
zones, err := aws.GetAvailabilityZones(ctx, nil, nil)
if err != nil {
return err
}
var vpcSubnet []*ec2.Subnet
for key0, val0 := range zones.Names {
__res, err := ec2.NewSubnet(ctx, fmt.Sprintf("vpcSubnet-%v", key0), &ec2.SubnetArgs{
AssignIpv6AddressOnCreation: pulumi.Bool(false),
VpcId: eksVpc.ID(),
MapPublicIpOnLaunch: pulumi.Bool(true),
CidrBlock: pulumi.String(fmt.Sprintf("%v%v%v", "10.100.", key0, ".0/24")),
AvailabilityZone: pulumi.String(val0),
Tags: pulumi.StringMap{
"Name": pulumi.String(fmt.Sprintf("%v%v", "pulumi-sn-", val0)),
},
})
if err != nil {
return err
}
vpcSubnet = append(vpcSubnet, __res)
}
var rta []*ec2.RouteTableAssociation
for key0, _ := range zones.Names {
__res, err := ec2.NewRouteTableAssociation(ctx, fmt.Sprintf("rta-%v", key0), &ec2.RouteTableAssociationArgs{
RouteTableId: eksRouteTable.ID(),
SubnetId: vpcSubnet[key0].ID(),
})
if err != nil {
return err
}
rta = append(rta, __res)
}
var splat0 pulumi.StringArray
for _, val0 := range vpcSubnet {
splat0 = append(splat0, val0.ID())
}
subnetIds := splat0
eksSecurityGroup, err := ec2.NewSecurityGroup(ctx, "eksSecurityGroup", &ec2.SecurityGroupArgs{
VpcId: eksVpc.ID(),
Description: pulumi.String("Allow all HTTP(s) traffic to EKS Cluster"),
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-cluster-sg"),
},
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
Protocol: pulumi.String("tcp"),
Description: pulumi.String("Allow pods to communicate with the cluster API Server."),
},
&ec2.SecurityGroupIngressArgs{
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
FromPort: pulumi.Int(80),
ToPort: pulumi.Int(80),
Protocol: pulumi.String("tcp"),
Description: pulumi.String("Allow internet access to pods"),
},
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": "sts:AssumeRole",
"Principal": map[string]interface{}{
"Service": "eks.amazonaws.com",
},
"Effect": "Allow",
"Sid": "",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
eksRole, err := iam.NewRole(ctx, "eksRole", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "servicePolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: eksRole.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSServicePolicy"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "clusterPolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: eksRole.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
})
if err != nil {
return err
}
tmpJSON1, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": "sts:AssumeRole",
"Principal": map[string]interface{}{
"Service": "ec2.amazonaws.com",
},
"Effect": "Allow",
"Sid": "",
},
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
ec2Role, err := iam.NewRole(ctx, "ec2Role", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(json1),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "workerNodePolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: ec2Role.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "cniPolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: ec2Role.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSCNIPolicy"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "registryPolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: ec2Role.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"),
})
if err != nil {
return err
}
eksCluster, err := eks.NewCluster(ctx, "eksCluster", &eks.ClusterArgs{
RoleArn: eksRole.Arn,
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-eks-cluster"),
},
VpcConfig: &eks.ClusterVpcConfigArgs{
PublicAccessCidrs: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
SecurityGroupIds: pulumi.StringArray{
eksSecurityGroup.ID(),
},
SubnetIds: subnetIds,
},
})
if err != nil {
return err
}
_, err = eks.NewNodeGroup(ctx, "nodeGroup", &eks.NodeGroupArgs{
ClusterName: eksCluster.Name,
NodeGroupName: pulumi.String("pulumi-eks-nodegroup"),
NodeRoleArn: ec2Role.Arn,
SubnetIds: subnetIds,
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-cluster-nodeGroup"),
},
ScalingConfig: &eks.NodeGroupScalingConfigArgs{
DesiredSize: pulumi.Int(2),
MaxSize: pulumi.Int(2),
MinSize: pulumi.Int(1),
},
})
if err != nil {
return err
}
ctx.Export("clusterName", eksCluster.Name)
ctx.Export("kubeconfig", pulumi.All(eksCluster.Endpoint, eksCluster.CertificateAuthority, eksCluster.Name).ApplyT(func(_args []interface{}) (string, error) {
endpoint := _args[0].(string)
certificateAuthority := _args[1].(eks.ClusterCertificateAuthority)
name := _args[2].(string)
var _zero string
tmpJSON2, err := json.Marshal(map[string]interface{}{
"apiVersion": "v1",
"clusters": []map[string]interface{}{
map[string]interface{}{
"cluster": map[string]interface{}{
"server": endpoint,
"certificate-authority-data": certificateAuthority.Data,
},
"name": "kubernetes",
},
},
"contexts": []map[string]interface{}{
map[string]interface{}{
"contest": map[string]interface{}{
"cluster": "kubernetes",
"user": "aws",
},
},
},
"current-context": "aws",
"kind": "Config",
"users": []map[string]interface{}{
map[string]interface{}{
"name": "aws",
"user": map[string]interface{}{
"exec": map[string]interface{}{
"apiVersion": "client.authentication.k8s.io/v1alpha1",
"command": "aws-iam-authenticator",
},
"args": []string{
"token",
"-i",
name,
},
},
},
},
})
if err != nil {
return _zero, err
}
json2 := string(tmpJSON2)
return json2, nil
}).(pulumi.StringOutput))
return nil
})
}
Reference in a new issue View git blame Copy permalink