7b1d6ec1ac
These changes support arbitrary combinations of input + plain types within a schema. Handling plain types at the property level was not sufficient to support such combinations. Reifying these types required updating quite a bit of code. This is likely to have caused some temporary complications, but should eventually lead to substantial simplification in the SDK and program code generators. With the new design, input and optional types are explicit in the schema type system. Optionals will only appear at the outermost level of a type (i.e. Input<Optional<>>, Array<Optional<>>, etc. will not occur). In addition to explicit input types, each object type now has a "plain" shape and an "input" shape. The former uses only plain types; the latter uses input shapes wherever a plain type is not specified. Plain types are indicated in the schema by setting the "plain" property of a type spec to true.
288 lines
8.1 KiB
Go
288 lines
8.1 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws"
|
|
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/ec2"
|
|
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/eks"
|
|
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
|
)
|
|
|
|
func main() {
|
|
pulumi.Run(func(ctx *pulumi.Context) error {
|
|
eksVpc, err := ec2.NewVpc(ctx, "eksVpc", &ec2.VpcArgs{
|
|
CidrBlock: pulumi.String("10.100.0.0/16"),
|
|
InstanceTenancy: pulumi.String("default"),
|
|
EnableDnsHostnames: pulumi.Bool(true),
|
|
EnableDnsSupport: pulumi.Bool(true),
|
|
Tags: pulumi.StringMap{
|
|
"Name": pulumi.String("pulumi-eks-vpc"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
eksIgw, err := ec2.NewInternetGateway(ctx, "eksIgw", &ec2.InternetGatewayArgs{
|
|
VpcId: eksVpc.ID(),
|
|
Tags: pulumi.StringMap{
|
|
"Name": pulumi.String("pulumi-vpc-ig"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
eksRouteTable, err := ec2.NewRouteTable(ctx, "eksRouteTable", &ec2.RouteTableArgs{
|
|
VpcId: eksVpc.ID(),
|
|
Routes: ec2.RouteTableRouteArray{
|
|
&ec2.RouteTableRouteArgs{
|
|
CidrBlock: pulumi.String("0.0.0.0/0"),
|
|
GatewayId: eksIgw.ID(),
|
|
},
|
|
},
|
|
Tags: pulumi.StringMap{
|
|
"Name": pulumi.String("pulumi-vpc-rt"),
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
zones, err := aws.GetAvailabilityZones(ctx, nil, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
var vpcSubnet []*ec2.Subnet
|
|
for key0, val0 := range zones.Names {
|
|
__res, err := ec2.NewSubnet(ctx, fmt.Sprintf("vpcSubnet-%v", key0), &ec2.SubnetArgs{
|
|
AssignIpv6AddressOnCreation: pulumi.Bool(false),
|
|
VpcId: eksVpc.ID(),
|
|
MapPublicIpOnLaunch: pulumi.Bool(true),
|
|
CidrBlock: pulumi.String(fmt.Sprintf("%v%v%v", "10.100.", key0, ".0/24")),
|
|
AvailabilityZone: pulumi.String(val0),
|
|
Tags: pulumi.StringMap{
|
|
"Name": pulumi.String(fmt.Sprintf("%v%v", "pulumi-sn-", val0)),
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
vpcSubnet = append(vpcSubnet, __res)
|
|
}
|
|
var rta []*ec2.RouteTableAssociation
|
|
for key0, _ := range zones.Names {
|
|
__res, err := ec2.NewRouteTableAssociation(ctx, fmt.Sprintf("rta-%v", key0), &ec2.RouteTableAssociationArgs{
|
|
RouteTableId: eksRouteTable.ID(),
|
|
SubnetId: vpcSubnet[key0].ID(),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
rta = append(rta, __res)
|
|
}
|
|
var splat0 pulumi.StringArray
|
|
for _, val0 := range vpcSubnet {
|
|
splat0 = append(splat0, val0.ID())
|
|
}
|
|
subnetIds := splat0
|
|
eksSecurityGroup, err := ec2.NewSecurityGroup(ctx, "eksSecurityGroup", &ec2.SecurityGroupArgs{
|
|
VpcId: eksVpc.ID(),
|
|
Description: pulumi.String("Allow all HTTP(s) traffic to EKS Cluster"),
|
|
Tags: pulumi.StringMap{
|
|
"Name": pulumi.String("pulumi-cluster-sg"),
|
|
},
|
|
Ingress: ec2.SecurityGroupIngressArray{
|
|
&ec2.SecurityGroupIngressArgs{
|
|
CidrBlocks: pulumi.StringArray{
|
|
pulumi.String("0.0.0.0/0"),
|
|
},
|
|
FromPort: pulumi.Int(443),
|
|
ToPort: pulumi.Int(443),
|
|
Protocol: pulumi.String("tcp"),
|
|
Description: pulumi.String("Allow pods to communicate with the cluster API Server."),
|
|
},
|
|
&ec2.SecurityGroupIngressArgs{
|
|
CidrBlocks: pulumi.StringArray{
|
|
pulumi.String("0.0.0.0/0"),
|
|
},
|
|
FromPort: pulumi.Int(80),
|
|
ToPort: pulumi.Int(80),
|
|
Protocol: pulumi.String("tcp"),
|
|
Description: pulumi.String("Allow internet access to pods"),
|
|
},
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
tmpJSON0, err := json.Marshal(map[string]interface{}{
|
|
"Version": "2012-10-17",
|
|
"Statement": []map[string]interface{}{
|
|
map[string]interface{}{
|
|
"Action": "sts:AssumeRole",
|
|
"Principal": map[string]interface{}{
|
|
"Service": "eks.amazonaws.com",
|
|
},
|
|
"Effect": "Allow",
|
|
"Sid": "",
|
|
},
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
json0 := string(tmpJSON0)
|
|
eksRole, err := iam.NewRole(ctx, "eksRole", &iam.RoleArgs{
|
|
AssumeRolePolicy: pulumi.String(json0),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = iam.NewRolePolicyAttachment(ctx, "servicePolicyAttachment", &iam.RolePolicyAttachmentArgs{
|
|
Role: eksRole.ID(),
|
|
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSServicePolicy"),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = iam.NewRolePolicyAttachment(ctx, "clusterPolicyAttachment", &iam.RolePolicyAttachmentArgs{
|
|
Role: eksRole.ID(),
|
|
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
tmpJSON1, err := json.Marshal(map[string]interface{}{
|
|
"Version": "2012-10-17",
|
|
"Statement": []map[string]interface{}{
|
|
map[string]interface{}{
|
|
"Action": "sts:AssumeRole",
|
|
"Principal": map[string]interface{}{
|
|
"Service": "ec2.amazonaws.com",
|
|
},
|
|
"Effect": "Allow",
|
|
"Sid": "",
|
|
},
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
json1 := string(tmpJSON1)
|
|
ec2Role, err := iam.NewRole(ctx, "ec2Role", &iam.RoleArgs{
|
|
AssumeRolePolicy: pulumi.String(json1),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = iam.NewRolePolicyAttachment(ctx, "workerNodePolicyAttachment", &iam.RolePolicyAttachmentArgs{
|
|
Role: ec2Role.ID(),
|
|
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = iam.NewRolePolicyAttachment(ctx, "cniPolicyAttachment", &iam.RolePolicyAttachmentArgs{
|
|
Role: ec2Role.ID(),
|
|
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSCNIPolicy"),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = iam.NewRolePolicyAttachment(ctx, "registryPolicyAttachment", &iam.RolePolicyAttachmentArgs{
|
|
Role: ec2Role.ID(),
|
|
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
eksCluster, err := eks.NewCluster(ctx, "eksCluster", &eks.ClusterArgs{
|
|
RoleArn: eksRole.Arn,
|
|
Tags: pulumi.StringMap{
|
|
"Name": pulumi.String("pulumi-eks-cluster"),
|
|
},
|
|
VpcConfig: &eks.ClusterVpcConfigArgs{
|
|
PublicAccessCidrs: pulumi.StringArray{
|
|
pulumi.String("0.0.0.0/0"),
|
|
},
|
|
SecurityGroupIds: pulumi.StringArray{
|
|
eksSecurityGroup.ID(),
|
|
},
|
|
SubnetIds: subnetIds,
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = eks.NewNodeGroup(ctx, "nodeGroup", &eks.NodeGroupArgs{
|
|
ClusterName: eksCluster.Name,
|
|
NodeGroupName: pulumi.String("pulumi-eks-nodegroup"),
|
|
NodeRoleArn: ec2Role.Arn,
|
|
SubnetIds: subnetIds,
|
|
Tags: pulumi.StringMap{
|
|
"Name": pulumi.String("pulumi-cluster-nodeGroup"),
|
|
},
|
|
ScalingConfig: &eks.NodeGroupScalingConfigArgs{
|
|
DesiredSize: pulumi.Int(2),
|
|
MaxSize: pulumi.Int(2),
|
|
MinSize: pulumi.Int(1),
|
|
},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
ctx.Export("clusterName", eksCluster.Name)
|
|
ctx.Export("kubeconfig", pulumi.All(eksCluster.Endpoint, eksCluster.CertificateAuthority, eksCluster.Name).ApplyT(func(_args []interface{}) (string, error) {
|
|
endpoint := _args[0].(string)
|
|
certificateAuthority := _args[1].(eks.ClusterCertificateAuthority)
|
|
name := _args[2].(string)
|
|
var _zero string
|
|
tmpJSON2, err := json.Marshal(map[string]interface{}{
|
|
"apiVersion": "v1",
|
|
"clusters": []map[string]interface{}{
|
|
map[string]interface{}{
|
|
"cluster": map[string]interface{}{
|
|
"server": endpoint,
|
|
"certificate-authority-data": certificateAuthority.Data,
|
|
},
|
|
"name": "kubernetes",
|
|
},
|
|
},
|
|
"contexts": []map[string]interface{}{
|
|
map[string]interface{}{
|
|
"contest": map[string]interface{}{
|
|
"cluster": "kubernetes",
|
|
"user": "aws",
|
|
},
|
|
},
|
|
},
|
|
"current-context": "aws",
|
|
"kind": "Config",
|
|
"users": []map[string]interface{}{
|
|
map[string]interface{}{
|
|
"name": "aws",
|
|
"user": map[string]interface{}{
|
|
"exec": map[string]interface{}{
|
|
"apiVersion": "client.authentication.k8s.io/v1alpha1",
|
|
"command": "aws-iam-authenticator",
|
|
},
|
|
"args": []string{
|
|
"token",
|
|
"-i",
|
|
name,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
})
|
|
if err != nil {
|
|
return _zero, err
|
|
}
|
|
json2 := string(tmpJSON2)
|
|
return json2, nil
|
|
}).(pulumi.StringOutput))
|
|
return nil
|
|
})
|
|
}
|