From d6921ac3b20004d2e9a8abea0b897a91b89dd44c Mon Sep 17 00:00:00 2001 From: Michal Kempski Date: Thu, 9 May 2019 10:16:37 +0200 Subject: [PATCH] Create AWS broker bundle (#80) --- bundles/aws-service-broker-0.0.1/README.md | 19 ++ .../chart/aws-service-broker/Chart.yaml | 5 + .../aws-service-broker/templates/_helpers.tpl | 9 + .../templates/broker-check-job.yaml | 62 ++++ .../templates/broker-deployment.yaml | 111 +++++++ .../templates/broker-sa.yaml | 104 ++++++ .../templates/broker-service.yaml | 16 + .../aws-service-broker/templates/broker.yaml | 25 ++ .../templates/docs-check-job.yaml | 50 +++ .../aws-service-broker/templates/docs.yaml | 303 ++++++++++++++++++ .../aws-service-broker/templates/jobs-sa.yaml | 91 ++++++ .../templates/pre-delete-job.yaml | 41 +++ .../templates/ssl-certs.yaml | 19 ++ .../chart/aws-service-broker/values.yaml | 34 ++ .../aws-service-broker-0.0.1/docs/meta.yaml | 9 + .../aws-service-broker-0.0.1/docs/overview.md | 90 ++++++ .../docs/plans-details.md | 47 +++ bundles/aws-service-broker-0.0.1/meta.yaml | 13 + .../customizable/create-instance-schema.json | 230 +++++++++++++ .../plans/customizable/meta.yaml | 4 + .../plans/default/create-instance-schema.json | 92 ++++++ .../plans/default/meta.yaml | 4 + bundles/index.yaml | 4 + 23 files changed, 1382 insertions(+) create mode 100644 bundles/aws-service-broker-0.0.1/README.md create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/Chart.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/_helpers.tpl create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-check-job.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-deployment.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-sa.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-service.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/docs-check-job.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/docs.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/jobs-sa.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/pre-delete-job.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/ssl-certs.yaml create mode 100644 bundles/aws-service-broker-0.0.1/chart/aws-service-broker/values.yaml create mode 100644 bundles/aws-service-broker-0.0.1/docs/meta.yaml create mode 100644 bundles/aws-service-broker-0.0.1/docs/overview.md create mode 100644 bundles/aws-service-broker-0.0.1/docs/plans-details.md create mode 100644 bundles/aws-service-broker-0.0.1/meta.yaml create mode 100644 bundles/aws-service-broker-0.0.1/plans/customizable/create-instance-schema.json create mode 100644 bundles/aws-service-broker-0.0.1/plans/customizable/meta.yaml create mode 100644 bundles/aws-service-broker-0.0.1/plans/default/create-instance-schema.json create mode 100644 bundles/aws-service-broker-0.0.1/plans/default/meta.yaml diff --git a/bundles/aws-service-broker-0.0.1/README.md b/bundles/aws-service-broker-0.0.1/README.md new file mode 100644 index 00000000..4d8de90c --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/README.md @@ -0,0 +1,19 @@ +## Overview + +The AWS Service Broker bundle installs the [Open Service Broker for AWS](https://github.com/awslabs/aws-servicebroker) in a given Namespace. + +## Details + +The AWS Service Broker bundle contains two plans - `default` and `customizable`. The bundle requires a Secret with AWS credentials to each Namespace where the bundle will be provisioned. + +For more information about generating a Secret, read [this](docs/overview.md) document. +For more information about the provisioning and deprovisioning flow, see the ServiceClass [plan details](docs/plans-details.md) document. + +### Additional template files + +Comparing to the original `AWS Service Broker` chart, the `aws-service-broker` bundle contains these additional files: +* `docs-check-job.yaml` which checks if all deployed DocsTopics are in the READY state. +* `broker-check-job.yaml` which checks if the Service Broker resource is ready to use. After the job is finished, the Service Instance changes its state to **Running**. +* `pre-delete-job.yaml` which removes a Service Broker before a Secret resource is removed. Otherwise, the Secret can be removed before the Service Broker, in which case the deprovisioning process fails. +* `jobs-sa.yaml` which adds permissions for the preceding jobs. +* `docs.yaml` which contains DocsTopics definitions that provide documentation into the Kyma Console. diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/Chart.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/Chart.yaml new file mode 100644 index 00000000..67d878f4 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/Chart.yaml @@ -0,0 +1,5 @@ +name: aws-service-broker +description: Deploys the AWS Service Broker + +# Chart version is used to fetch ServiceClass documentation in the same version +version: 1.0.0 diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/_helpers.tpl b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/_helpers.tpl new file mode 100644 index 00000000..458fc1b0 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-check-job.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-check-job.yaml new file mode 100644 index 00000000..08559df1 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-check-job.yaml @@ -0,0 +1,62 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: aws-service-broker-check-job + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +spec: + backoffLimit: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: {{ template "fullname" . }} + restartPolicy: Never + containers: + - name: broker-checker + image: "{{ .Values.jobs.kubectlImage.repository }}:{{ .Values.jobs.kubectlImage.tag }}" + imagePullPolicy: {{ .Values.jobs.kubectlImage.pullPolicy }} + command: ["/bin/sh","-c"] + args: + - | + EXPECTED_SECRET_NAME={{ .Values.secretName }} + SECRET_NAME=$(kubectl get secret -n {{ .Release.Namespace }} {{ .Values.secretName }} -o jsonpath="{.metadata.name}") + if [[ "$SECRET_NAME" == "$EXPECTED_SECRET_NAME" ]] ; + then + echo "Success! Secret is present."; + else + echo "Failure! Secret '$EXPECTED_SECRET_NAME' is not present"; + exit 1; + fi + + success=false; + i=1; + limit=180; + while [ "$i" -le "$limit" ]; + do + BROKER_TYPE=$(kubectl get servicebroker -n {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath="{.status.conditions[0].type}") + BROKER_STATUS=$(kubectl get servicebroker -n {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath="{.status.conditions[0].status}") + if [[ "$BROKER_TYPE" == "Ready" ]] && [[ "$BROKER_STATUS" == "True" ]]; + then + echo "ServiesBroker is ready. Job is done."; + success=true; + break; + else + echo "Check $i/$limit - ServiceBroker is not ready, wait..."; + sleep 5; + fi + i=$(( i + 1 )) + done; + if [ "$success" = false ] ; + then + echo "ServiesBroker is not ready. Timeout reached"; + exit 1; + fi diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-deployment.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-deployment.yaml new file mode 100644 index 00000000..ec4d51fe --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-deployment.yaml @@ -0,0 +1,111 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "fullname" . }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + sidecar.istio.io/inject: "true" + spec: + serviceAccount: {{ template "fullname" . }}-service + containers: + - name: healthcheck + image: eu.gcr.io/kyma-project/develop/service-catalog/health-proxy:0.0.1 + env: + - name: PROXY_TARGET_URL + value: "https://localhost:3199/" + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 40 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 1 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + - name: awssb + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: + - /usr/local/bin/aws-servicebroker + args: + - --logtostderr + - --port=3199 + {{- if .Values.tls.cert}} + - --tlsCert={{ .Values.tls.cert }} + {{- end}} + {{- if .Values.tls.key}} + - --tlsKey={{ .Values.tls.key }} + {{- end}} + - --v={{ .Values.brokerconfig.verbosity }} + - --tls-cert-file=/var/run/awssb/awssb.crt + - --tls-private-key-file=/var/run/awssb/awssb.key + - --region={{ .Values.region }} + - --s3Bucket={{ .Values.bucket }} + - --s3Key={{ .Values.key }} + - --s3Region={{ .Values.s3region }} + - --tableName={{ .Values.tablename }} + - --brokerId={{ .Values.brokerid }} + - --prescribeOverrides={{ .Values.prescribeoverrides }} + ports: + - containerPort: 3199 + volumeMounts: + - mountPath: /var/run/awssb + name: awssb-ssl + readOnly: true + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: accesskeyid + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: secretkey + - name: PARAM_OVERRIDE_{{ .Values.brokerid }}_all_all_all_region + value: {{ .Values.region }} + - name: PARAM_OVERRIDE_{{ .Values.brokerid }}_all_all_all_VpcId + value: {{ .Values.vpcid }} + - name: PARAM_OVERRIDE_{{ .Values.brokerid }}_all_all_all_target_account_id + value: "{{ .Values.targetaccountid }}" + - name: PARAM_OVERRIDE_{{ .Values.brokerid }}_all_all_all_target_role_name + value: {{ .Values.targetrolename }} + volumes: + - name: awssb-ssl + secret: + defaultMode: 420 + secretName: {{ template "fullname" . }}-cert + items: + - key: tls.crt + path: awssb.crt + - key: tls.key + path: awssb.key diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-sa.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-sa.yaml new file mode 100644 index 00000000..4b28a889 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-sa.yaml @@ -0,0 +1,104 @@ +# Service account for the broker to run as. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-service + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}--{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.authenticate}} +--- +# Service account for the client, in most cases the service catalog. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-client + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}--{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +--- +# Cluster role to grant service account that the broker is running as +# to have the rights it needs. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}--{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] + +--- +# Cluster role to grant the client service account the rights +# to call the /v2/* URLs that the broker serves +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: access-{{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}--{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- nonResourceURLs: ["/v2", "/v2/*"] + verbs: ["GET", "POST", "PUT", "PATCH", "DELETE"] + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }}-client + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}--{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-client + namespace: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: access-{{ template "fullname" . }} + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-service + namespace: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }} +--- +# This secret needs to be a post install hook because otherwise it is skipped +# This causes the service catalog's cluster serverice broker to be unable to +# contact the broker. +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "fullname" . }} + annotations: + kubernetes.io/service-account.name: {{ template "fullname" . }}-client + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-5" +type: kubernetes.io/service-account-token +{{- end }} diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-service.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-service.yaml new file mode 100644 index 00000000..4aeadca8 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker-service.yaml @@ -0,0 +1,16 @@ +kind: Service +apiVersion: v1 +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + selector: + app: {{ template "fullname" . }} + ports: + - protocol: TCP + port: 443 + targetPort: 3199 diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker.yaml new file mode 100644 index 00000000..4b3b9a69 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/broker.yaml @@ -0,0 +1,25 @@ +{{- if or .Values.deployClusterServiceBroker .Values.deployNamespacedServiceBroker }} +apiVersion: servicecatalog.k8s.io/v1beta1 +{{- if .Values.deployNamespacedServiceBroker }} +kind: ServiceBroker +{{- else if .Values.deployClusterServiceBroker }} +kind: ClusterServiceBroker +{{- end }} +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}--{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + url: https://{{ template "fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + insecureSkipTLSVerify: true +{{- if .Values.authenticate}} + authInfo: + bearer: + secretRef: + namespace: {{.Release.Namespace}} + name: {{ template "fullname" . }} +{{- end }} +{{- end }} diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/docs-check-job.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/docs-check-job.yaml new file mode 100644 index 00000000..b41fc889 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/docs-check-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: aws-service-broker-docs-checker + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: {{ include "fullname" . }}-docu-checker + restartPolicy: Never + containers: + - name: docu-checker + image: eu.gcr.io/kyma-project/test-infra/alpine-kubectl:v20190325-ff66a3a + imagePullPolicy: IfNotPresent + command: ["/bin/sh","-c"] + args: + - | + while true + do + echo "Get list of not ready DocsTopic:" + lines=$(kubectl get DocsTopic -l chart=${LABEL_CHART} -l release=${LABEL_RELEASE} -n ${NS} \ + --no-headers -o custom-columns=name:.metadata.name,phase:.status.phase | awk '$2!="Ready"' | wc -l) + echo "Got ${lines} not ready Docs Topic" + if [[ "${lines}" -eq "0" ]]; + then + echo "Every DocsTopic is processed. Completed." + exit 0 + fi + sleep 3 + echo "----" + done + env: + - name: LABEL_CHART + value: {{ .Chart.Name }}-{{ .Chart.Version }} + - name: LABEL_RELEASE + value: {{ .Release.Name }} + - name: NS + valueFrom: + fieldRef: + fieldPath: metadata.namespace \ No newline at end of file diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/docs.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/docs.yaml new file mode 100644 index 00000000..984dbf40 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/docs.yaml @@ -0,0 +1,303 @@ +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 3dc60f71-bfed-518e-95c5-a16c0017b591 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: athena-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/athena/README.md" +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 37bcdc91-6a5b-5fa1-8c09-e2bd42c9cb1b + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: emr-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/emr/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 0c7746ca-1741-52fb-bea4-d542a2f35b26 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: kinesis-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/kinesis/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 1b6a9c33-272d-5d20-b98a-e1d1a4653ba8 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: rdsmariadb-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/rdsmariadb/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 63dc48b9-a2af-566e-ae39-8ecace979307 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: rdspostgresql-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/rdspostgresql/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 66648c78-139c-50e6-8151-b9eef85fc829 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: translate-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/translate/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 7c142ff0-89dc-5c76-84aa-a98144d3b829 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: kms-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/kms/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 84ea1a30-46ec-5627-9bec-07684ac15048 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: rekognition-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/rekognition/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 8d1e10d7-2c9f-5c00-9ad1-48e094d1b3f0 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: sns-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/sns/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: 9cc89cca-c31e-5904-a6b7-bcf26b7a06d5 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: dynamodb-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/dynamodb/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: a04ce9fc-cb4d-5f7a-8fa7-9d14c1b64e17 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: redshift-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/redshift/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: a603c243-515d-5e76-9a60-237f3a585cdb + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: sqs-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/sqs/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: ac0c50f6-1dd6-5881-ad40-45afd094e1a7 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: polly-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/polly/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: b72a3d43-a8a7-5bb8-973d-270faab35a7a + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: rdsmysql-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/rdsmysql/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: bc2fcbc1-8536-53c7-8930-dd4de81613d6 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: s3-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/s3/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: c6a36102-f1e7-506c-bd63-19252168eac5 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: lex-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/lex/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: e1311d9c-788b-5c36-a616-50acb7f3a467 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: route53-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/route53/README.md" + +--- +apiVersion: cms.kyma-project.io/v1alpha1 +kind: DocsTopic +metadata: + name: feda14f7-421c-5887-9eb2-eb4ac4d74603 + namespace: {{ .Release.Namespace }} + labels: + cms.kyma-project.io/view-context: service-catalog + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" +spec: + sources: + - type: markdown + name: elasticache-readme + mode: single + url: "https://raw.githubusercontent.com/awslabs/aws-servicebroker/v{{ .Chart.Version }}/templates/elasticache/README.md" diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/jobs-sa.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/jobs-sa.yaml new file mode 100644 index 00000000..cba3e564 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/jobs-sa.yaml @@ -0,0 +1,91 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ template "fullname" . }}-docu-checker + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: + - apiGroups: ["cms.kyma-project.io"] + resources: ["docstopics"] + verbs: ["list"] + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: + - apiGroups: ["servicecatalog.k8s.io"] + resources: ["servicebrokers"] + verbs: ["get", "list", "patch", "create", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-docu-checker + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "fullname" . }} + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ template "fullname" . }}-docu-checker + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +subjects: + - kind: ServiceAccount + name: {{ template "fullname" . }}-docu-checker + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "fullname" . }}-docu-checker \ No newline at end of file diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/pre-delete-job.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/pre-delete-job.yaml new file mode 100644 index 00000000..608070c8 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/pre-delete-job.yaml @@ -0,0 +1,41 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: aws-service-broker-job-delete + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +spec: + backoffLimit: 0 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: {{ template "fullname" . }} + restartPolicy: Never + containers: + - name: broker-remover + image: "{{ .Values.jobs.kubectlImage.repository }}:{{ .Values.jobs.kubectlImage.tag }}" + imagePullPolicy: {{ .Values.jobs.kubectlImage.pullPolicy }} + command: ["/bin/sh","-c"] + args: + - | + kubectl delete servicebroker -n {{ .Release.Namespace }} {{ template "fullname" . }}; + while : + do + if [[ -z "$(kubectl get servicebroker -n {{ .Release.Namespace }} {{ template "fullname" . }})" ]] + then + echo "ServiesBroker has been removed. Job is done."; + break; + else + echo "ServiceBroker exists, wait..."; + sleep 1; + fi + done; diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/ssl-certs.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/ssl-certs.yaml new file mode 100644 index 00000000..136452ef --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/templates/ssl-certs.yaml @@ -0,0 +1,19 @@ +{{- $ca := genCA "svc-cat-ca" 3650 }} +{{- $cn := printf "%s" .Release.Name }} +{{- $altName1 := printf "%s.%s" .Release.Name .Release.Namespace }} +{{- $altName2 := printf "%s.%s.svc" .Release.Name .Release.Namespace }} +{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "fullname" . }}-cert + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + tls.crt: {{ b64enc $cert.Cert }} + tls.key: {{ b64enc $cert.Key }} + \ No newline at end of file diff --git a/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/values.yaml b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/values.yaml new file mode 100644 index 00000000..edbb1fe6 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/chart/aws-service-broker/values.yaml @@ -0,0 +1,34 @@ +image: awsservicebroker/aws-servicebroker:beta +imagePullPolicy: IfNotPresent + +authenticate: true +tls: + cert: + key: + +deployClusterServiceBroker: false +deployNamespacedServiceBroker: true + +region: us-east-1 +bucket: awsservicebroker +key: templates/latest +s3region: us-east-1 +tablename: awssb +brokerid: awsservicebroker +clusterDomain: cluster.local +prescribeoverrides: true +targetaccountid: "" +targetrolename: "" +vpcid: "" + +# secret which stores aws secrets like "accesskeyid" and "secretkey" +secretName: aws-broker-data + +brokerconfig: + verbosity: 10 + +jobs: + kubectlImage: + repository: eu.gcr.io/kyma-project/develop/gcp-broker-provider + tag: 237ba00f + pullPolicy: IfNotPresent diff --git a/bundles/aws-service-broker-0.0.1/docs/meta.yaml b/bundles/aws-service-broker-0.0.1/docs/meta.yaml new file mode 100644 index 00000000..f5d8fd87 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/docs/meta.yaml @@ -0,0 +1,9 @@ +docs: + - template: + displayName: "Documentation for AWS broker" + description: "Overall documentation" + sources: + - type: markdown + name: markdown-files + mode: package + filter: docs/ diff --git a/bundles/aws-service-broker-0.0.1/docs/overview.md b/bundles/aws-service-broker-0.0.1/docs/overview.md new file mode 100644 index 00000000..7d25a5cb --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/docs/overview.md @@ -0,0 +1,90 @@ +--- +title: Overview +type: Overview +--- + +>**NOTE:** To provision this class, first you must create a Secret. Read the following document to learn how. + +The [AWS Service Broker](https://github.com/awslabs/aws-servicebroker/blob/v1.0.0/docs) class exposes the [Amazon Web Services](https://aws.amazon.com/) from a given S3 bucket in a given Namespace of the Kyma cluster. You can provision only one instance of the AWS Service Broker in each Namespace. + +The DynamoDB is used to keep the broker's state so it must exist in the broker's region. + +## Create a Secret + +### Prerequisites + +[Install](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) and [configure](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) the AWS CLI. + +### Steps + +To install the AWS Service Broker, you must set up the IAM User and DynamoDB table on AWS. This can be done easily using a CloudFormation template. + +Follow these steps to create a proper Kubernetes Secret with all necessary data to provision the AWS Service Broker: + +>**NOTE:** If you already created the IAM User and DynamoDB table on AWS, you can reuse credentials for them and go straight to step 8. + +1. Export the `REGION` variable: +```bash +export REGION=us-east-1 # The default region which works with default provisioning parameters +``` +Set the `REGION` variable to the AWS region where you want to provision your services. + +2. Download the template: +```bash +wget https://raw.githubusercontent.com/awslabs/aws-servicebroker/v1.0.0/setup/prerequisites.yaml +``` +You may need to align the `prerequisites.yaml` file if you use the `customizable` plan and change the bucket or DynamoDB parameters. + +3. Get the AWS stack: + +>**NOTE:** If you created the stack before in the same `REGION`, you can use its ID to create a Secret. In such a case, go straight to step 5. Find your stack ID in the [AWS Management Console](https://console.aws.amazon.com) under the **Services** tab in the **CloudFormation** section. + +```bash +export STACK_ID=$(aws cloudformation create-stack \ + --capabilities CAPABILITY_IAM \ + --template-body file://prerequisites.yaml \ + --stack-name aws-service-broker-prerequisites \ + --output text --query "StackId" \ + --region $REGION) +``` + +4. Check if the stack is completed: +```bash +aws cloudformation describe-stacks \ + --region $REGION \ + --stack-name $STACK_ID \ + --query "Stacks[0].StackStatus" \ + --output text; \ + echo $ST; +``` +If the stack is completed, the output should equal `CREATE_COMPLETE`. + +5. Export `USERNAME` from the stack outputs: +```bash +export USERNAME=$(aws cloudformation describe-stacks \ + --region $REGION \ + --stack-name $STACK_ID \ + --query "Stacks[0].Outputs[0].OutputValue" \ + --output text) +``` + +6. Create the IAM user credentials and export them as the environment variables: +```bash +eval $(aws iam create-access-key \ + --user-name $USERNAME \ + --output json \ + --query 'AccessKey.{KEY_ID:AccessKeyId,SECRET_ACCESS_KEY:SecretAccessKey}' | jq -r 'keys[] as $k | "export \($k)=\(.[$k])"') +``` + +7. Export the following variables: +```bash +export SECRET_NAME=aws-broker-secret # The Secret name example, must be the same as the secretName provisioning parameter +export SECRET_NAMESPACE= # The Namespace where you want to deploy AWS Service Broker +``` + +8. Use the **KEY_ID** and **SECRET_ACCESS_KEY** environment variables to create a Secret in the broker's Namespace: +``` +kubectl create secret generic $SECRET_NAME -n $SECRET_NAMESPACE --from-literal=accesskeyid=$KEY_ID --from-literal=secretkey=$SECRET_ACCESS_KEY +``` + +For more information about the AWS Service Broker prerequisites, read [this](https://github.com/awslabs/aws-servicebroker/blob/v1.0.0/docs/install_prereqs.md) document. diff --git a/bundles/aws-service-broker-0.0.1/docs/plans-details.md b/bundles/aws-service-broker-0.0.1/docs/plans-details.md new file mode 100644 index 00000000..dc2d0b8f --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/docs/plans-details.md @@ -0,0 +1,47 @@ +--- +title: Services and Plans +type: Details +--- + +## Service description + +The AWS Service Broker Service Class provides the following plans: + +| Plan Name | Description | +|-----------|-------------| +| `default` | Default AWS Service Broker plan which uses the S3 bucket to fetch Service Classes definitions. | +| `customizable` | Customizable AWS service broker plan which uses S3 bucket to fetch Service Classes definitions. Using this plan you can configure all available settings of the Service Broker. | + +## Provision + +This service provisions a new AWS Service Broker which provides the Amazon Web Services. The default bucket parameters provide the AWS Service Broker with default services. + +### Provisioning parameters + +These are the provisioning parameters for the given plans: + +#### Default plan + +| Parameter Name | Display Name | Type | Description | Required | Default Value | +|----------------|---------|-----|-------------|:----------:|---------------| +| **secret_name** | `AWS secret name` | `string` | Defines the name of the Secret from which the Service Broker will try to fetch credentials. | YES | | +| **region** | `Broker region` | `string` | Defines the AWS region in which you provision your services. It must match the DynamoDB region. | YES | `us-east-1` | + +#### Customizable plan + +| Parameter Name | Display Name | Type | Description | Required | Default Value | +|----------------|-----|-------|-------------|:----------:|---------------| +| **imagePullPolicy** | `Image pull policy` | `string` | Specifies how the kubelet pulls images from the specified registry. | YES | `IfNotPresent` | +| **region** | `Broker region` | `string` | Defines the AWS region in which you provision your services. It must match the DynamoDB region. | YES | `us-east-1` | +| **s3region** | `S3 Bucket region` | `string` | Defines the S3 bucket AWS region. | YES | `us-east-1` | +| **bucket_name** | `S3 Bucket name` | `string` | Defines the name of the S3 bucket containing CloudFormation templates and ServiceClass specifications. | YES | `awsservicebroker` | +| **broker_id** | `Service Broker ID` | `string` | Defines the ID of the Service Broker, which is used as a prefix to store data in the DynamoDB. | YES | `awsservicebroker` | +| **cluster_domain** | `Cluster domain` | `string` | Defines the cluster domain name. | YES | `cluster.local` | +| **key** | `S3 Bucket key` | `string` | Specifies the S3 bucket key name which contains CloudFormation templates and ServiceClass specifications. | YES | `templates/latest` | +| **table_name** | `DynamoDB table name` | `string` | Specifies the name of the DynamoDB table to use by the Service Broker. | YES | `awssb` | +| **target_account_id** | `AWS Target account ID` | `string` | Specifies the AWS account ID. | NO | | +| **target_role_name** | `AWS Target IAM role name` | `string` | Specifies the IAM Role name to provision with. It must be used in combination with **target_account_id**. | NO | | +| **vpc_id** | `AWS VPC ID` | `string` | Defines the VPC ID to launch broker into. For more information, read [this](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-subnets-commands-example.html) documentation. | NO | | +| **prescribe_overrides** | `Prescribe-overrides feature enabled` | `bool` | Indicates whether broker will use the [prescribe overrides](https://github.com/awslabs/aws-servicebroker/tree/v1.0.0/docs#parameter-overrides) feature. | YES | `true` | +| **secret_name** | `AWS secret name` | `string` | Defines the name of the Secret from which the Service Broker will try to fetch credentials. | YES | | + diff --git a/bundles/aws-service-broker-0.0.1/meta.yaml b/bundles/aws-service-broker-0.0.1/meta.yaml new file mode 100644 index 00000000..93ca116c --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/meta.yaml @@ -0,0 +1,13 @@ +name: aws-service-broker +version: 0.0.1 +id: 0a54e829-c352-4978-9291-c37f779e1900 +description: "Extends the Service Catalog with Amazon Web Services" +displayName: AWS Service Broker + +tags: aws, amazon, broker +providerDisplayName: Amazon +longDescription: The AWS Service Broker allows native AWS services to be exposed directly through application platforms that implement the Open Service Broker API, and provides simple integration of AWS Services directly within the application platform. +documentationURL: https://github.com/awslabs/aws-servicebroker/blob/v1.0.0/docs/README.md +imageURL: https://cdn-images-1.medium.com/max/1200/1*tFl-8wQUENETYLjX5mYWuA.png +bindable: false +provisionOnlyOnce: true diff --git a/bundles/aws-service-broker-0.0.1/plans/customizable/create-instance-schema.json b/bundles/aws-service-broker-0.0.1/plans/customizable/create-instance-schema.json new file mode 100644 index 00000000..a05e3b6b --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/plans/customizable/create-instance-schema.json @@ -0,0 +1,230 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "secretName": { + "type": "string", + "title": "AWS secret name", + "description": "Name of the secret which contains AWS secrets - accesskeyid and secretkey" + }, + "region": { + "type": "string", + "oneOf": [ + { + "enum": ["us-east-1"], + "title": "us-east-1 (N. Virginia)" + }, + { + "enum": ["us-east-2"], + "title": "us-east-2 (Ohio)" + }, + { + "enum": ["us-west-1"], + "title": "us-west-1 (N. California)" + }, + { + "enum": ["us-west-2"], + "title": "us-west-2 (Oregon)" + }, + { + "enum": ["ca-central-1"], + "title": "ca-central-1 (Central)" + }, + { + "enum": ["eu-central-1"], + "title": "eu-central-1 (Frankfurt)" + }, + { + "enum": ["eu-west-1"], + "title": "eu-west-1 (Ireland)" + }, + { + "enum": ["eu-west-2"], + "title": "eu-west-2 (London)" + }, + { + "enum": ["eu-west-3"], + "title": "eu-west-3 (Paris)" + }, + { + "enum": ["eu-north-1"], + "title": "eu-north-1 (Stockholm)" + }, + { + "enum": ["ap-east-1"], + "title": "ap-east-1 (Hong Kong)" + }, + { + "enum": ["ap-northeast-1"], + "title": "ap-northeast-1 (Tokyo)" + }, + { + "enum": ["ap-northeast-2"], + "title": "ap-northeast-2 (Seoul)" + }, + { + "enum": ["ap-northeast-3"], + "title": "ap-northeast-3 (Osaka-Local)" + }, + { + "enum": ["ap-southeast-1"], + "title": "ap-southeast-1 (Singapore)" + }, + { + "enum": ["ap-southeast-2"], + "title": "ap-southeast-2 (Sydney)" + }, + { + "enum": ["ap-south-1"], + "title": "ap-south-1 (Mumbai)" + }, + { + "enum": ["sa-east-1"], + "title": "sa-east-1 (São Paulo)" + } + ], + "default": "us-east-1", + "title": "Broker region", + "description": "Must match the DynamoDB region" + }, + "s3region": { + "type": "string", + "oneOf": [ + { + "enum": ["us-east-1"], + "title": "us-east-1 (N. Virginia)" + }, + { + "enum": ["us-east-2"], + "title": "us-east-2 (Ohio)" + }, + { + "enum": ["us-west-1"], + "title": "us-west-1 (N. California)" + }, + { + "enum": ["us-west-2"], + "title": "us-west-2 (Oregon)" + }, + { + "enum": ["ca-central-1"], + "title": "ca-central-1 (Central)" + }, + { + "enum": ["eu-central-1"], + "title": "eu-central-1 (Frankfurt)" + }, + { + "enum": ["eu-west-1"], + "title": "eu-west-1 (Ireland)" + }, + { + "enum": ["eu-west-2"], + "title": "eu-west-2 (London)" + }, + { + "enum": ["eu-west-3"], + "title": "eu-west-3 (Paris)" + }, + { + "enum": ["eu-north-1"], + "title": "eu-north-1 (Stockholm)" + }, + { + "enum": ["ap-east-1"], + "title": "ap-east-1 (Hong Kong)" + }, + { + "enum": ["ap-northeast-1"], + "title": "ap-northeast-1 (Tokyo)" + }, + { + "enum": ["ap-northeast-2"], + "title": "ap-northeast-2 (Seoul)" + }, + { + "enum": ["ap-northeast-3"], + "title": "ap-northeast-3 (Osaka-Local)" + }, + { + "enum": ["ap-southeast-1"], + "title": "ap-southeast-1 (Singapore)" + }, + { + "enum": ["ap-southeast-2"], + "title": "ap-southeast-2 (Sydney)" + }, + { + "enum": ["ap-south-1"], + "title": "ap-south-1 (Mumbai)" + }, + { + "enum": ["sa-east-1"], + "title": "sa-east-1 (São Paulo)" + } + ], + "default": "us-east-1", + "title": "S3 Bucket region", + "description": "Defines the S3 bucket region" + }, + "brokerid": { + "type": "string", + "title": "Service Broker ID", + "default": "awsservicebroker", + "description": "Will be used as a prefix in DynamoDB" + }, + "bucket": { + "type": "string", + "title": "S3 Bucket name", + "default": "awsservicebroker", + "description": "The name of the S3 bucket containing the ServiceClasses specs" + }, + "key": { + "type": "string", + "title": "S3 Bucket key", + "default": "templates/latest", + "description": "The name of the key in the S3 bucket" + + }, + "tablename": { + "type": "string", + "title": "DynamoDB table name", + "default": "awssb", + "description": "The name of the DynamoDB table which Service Broker will use" + }, + "imagePullPolicy": { + "type": "string", + "enum": ["Always", "IfNotPresent", "Never"], + "default": "IfNotPresent", + "title": "Image pull policy", + "description": "The image pull policy of the Service Broker" + }, + "prescribeoverrides": { + "title": "Prescribe-overrides feature enabled", + "type": "boolean", + "default": true + }, + "targetaccountid": { + "type": "string", + "title": "AWS Target account ID", + "description": "AWS Account ID to provision into" + }, + "targetrolename": { + "type": "string", + "title": "AWS Target IAM role name", + "description": "AWS IAM Role name to use for provisioning" + }, + "vpcid": { + "type": "string", + "title": "AWS VPC ID", + "description": "AWS VPC ID to launch broker into" + }, + "clusterDomain": { + "type": "string", + "title": "Cluster domain", + "default": "cluster.local", + "description": "The name of your cluster domain" + } + }, + "required": ["bucket", "tablename", "key", "brokerid", "secretName", "clusterDomain"] +} diff --git a/bundles/aws-service-broker-0.0.1/plans/customizable/meta.yaml b/bundles/aws-service-broker-0.0.1/plans/customizable/meta.yaml new file mode 100644 index 00000000..7ef26c80 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/plans/customizable/meta.yaml @@ -0,0 +1,4 @@ +name: customizable +id: 255a0c7d-eb43-4cd6-bfb7-c139b8504fcc +description: "The customizable plan for installing/uninstalling AWS Broker" +displayName: Customizable \ No newline at end of file diff --git a/bundles/aws-service-broker-0.0.1/plans/default/create-instance-schema.json b/bundles/aws-service-broker-0.0.1/plans/default/create-instance-schema.json new file mode 100644 index 00000000..20b3c65a --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/plans/default/create-instance-schema.json @@ -0,0 +1,92 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "secretName": { + "type": "string", + "title": "AWS secret name", + "description": "Name of the secret which contains AWS secrets - accesskeyid and secretkey" + }, + "region": { + "type": "string", + "oneOf": [ + { + "enum": ["us-east-1"], + "title": "us-east-1 (N. Virginia)" + }, + { + "enum": ["us-east-2"], + "title": "us-east-2 (Ohio)" + }, + { + "enum": ["us-west-1"], + "title": "us-west-1 (N. California)" + }, + { + "enum": ["us-west-2"], + "title": "us-west-2 (Oregon)" + }, + { + "enum": ["ca-central-1"], + "title": "ca-central-1 (Central)" + }, + { + "enum": ["eu-central-1"], + "title": "eu-central-1 (Frankfurt)" + }, + { + "enum": ["eu-west-1"], + "title": "eu-west-1 (Ireland)" + }, + { + "enum": ["eu-west-2"], + "title": "eu-west-2 (London)" + }, + { + "enum": ["eu-west-3"], + "title": "eu-west-3 (Paris)" + }, + { + "enum": ["eu-north-1"], + "title": "eu-north-1 (Stockholm)" + }, + { + "enum": ["ap-east-1"], + "title": "ap-east-1 (Hong Kong)" + }, + { + "enum": ["ap-northeast-1"], + "title": "ap-northeast-1 (Tokyo)" + }, + { + "enum": ["ap-northeast-2"], + "title": "ap-northeast-2 (Seoul)" + }, + { + "enum": ["ap-northeast-3"], + "title": "ap-northeast-3 (Osaka-Local)" + }, + { + "enum": ["ap-southeast-1"], + "title": "ap-southeast-1 (Singapore)" + }, + { + "enum": ["ap-southeast-2"], + "title": "ap-southeast-2 (Sydney)" + }, + { + "enum": ["ap-south-1"], + "title": "ap-south-1 (Mumbai)" + }, + { + "enum": ["sa-east-1"], + "title": "sa-east-1 (São Paulo)" + } + ], + "default": "us-east-1", + "title": "Broker region", + "description": "Must match the dynamoDB region" + } + }, + "required": ["secretName"] +} diff --git a/bundles/aws-service-broker-0.0.1/plans/default/meta.yaml b/bundles/aws-service-broker-0.0.1/plans/default/meta.yaml new file mode 100644 index 00000000..42369297 --- /dev/null +++ b/bundles/aws-service-broker-0.0.1/plans/default/meta.yaml @@ -0,0 +1,4 @@ +name: default +id: 12f18a5f-bc5c-4724-813c-51fc5af5b489 +description: "The default plan for installing/uninstalling AWS Broker" +displayName: Default \ No newline at end of file diff --git a/bundles/index.yaml b/bundles/index.yaml index 1cdf9ac8..23bf52ca 100644 --- a/bundles/index.yaml +++ b/bundles/index.yaml @@ -11,4 +11,8 @@ entries: azure-service-broker: - name: azure-service-broker description: "Azure Service Broker" + version: 0.0.1 + aws-service-broker: + - name: aws-service-broker + description: "AWS Service Broker" version: 0.0.1 \ No newline at end of file