Skip to content
This repository was archived by the owner on Mar 1, 2020. It is now read-only.

update aws types #30

Open
EarthmanT wants to merge 2 commits into
base: master
Choose a base branch
from
Open

update aws types #30

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a2a108c
update aws types
Jan 8, 2019
ce5d8d9
fix security group key
Mar 10, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
308 changes: 155 additions & 153 deletions aws.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: >
This blueprint creates a Kubernetes Cluster.

imports:
- http://www.getcloudify.org/spec/cloudify/4.3.1/types.yaml
- http://www.getcloudify.org/spec/cloudify/4.5/types.yaml
- plugin:cloudify-diamond-plugin
- plugin:cloudify-fabric-plugin
- plugin:cloudify-utilities-plugin
Expand Down Expand Up @@ -34,185 +34,188 @@ inputs:
default: { get_attribute: [ kubernetes_master_ip, aws_resource_id ] }

ks_node_dep_archive:
default: https://github.com/cloudify-incubator/kubernetes-node-blueprints/archive/master.zip
default: https://github.com/cloudify-incubator/kubernetes-node-blueprints/archive/update-aws.zip

ks_load_dep_archive:
default: https://github.com/cloudify-incubator/kubernetes-lb-blueprints/archive/master.zip
default: https://github.com/cloudify-incubator/kubernetes-lb-blueprints/archive/update-aws.zip

dsl_definitions:

aws_config: &aws_config
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
ec2_region_name: { get_secret: ec2_region_name }
ec2_region_endpoint: { get_secret: ec2_region_endpoint }
client_config: &client_config
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_secret: ec2_region_name }

node_templates:

k8s_master_host:
type: cloudify.aws.nodes.Instance
type: cloudify.nodes.aws.ec2.Instances
properties:
agent_config:
install_method: remote
user: { get_input: agent_user }
port: 22
key: { get_secret: agent_key_private }
aws_config: *aws_config
image_id: { get_input: ami }
instance_type: { get_input: instance_type }
interfaces:
cloudify.interfaces.lifecycle:
create:
implementation: aws.cloudify_aws.ec2.instance.create
inputs:
args:
placement: { get_secret: availability_zone }
user_data: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] }
resource_config:
ImageId: { get_input: ami }
InstanceType: { get_input: instance_type }
kwargs:
Placement: { get_secret: availability_zone }
UserData: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] }
SecurityGroupIds:
- { get_attribute: [ kubernetes_security_group, aws_resource_id ] }
- { get_attribute: [ ssh_group, aws_resource_id ] }
SubnetId: { get_secret: public_subnet_id }
client_config: *client_config
Tags:
- Key: Name
Value: KubernetesMasterHost
relationships:
- type: cloudify.aws.relationships.instance_connected_to_subnet
target: public_subnet
- type: cloudify.aws.relationships.instance_connected_to_security_group
target: ssh_group
- type: cloudify.aws.relationships.instance_connected_to_security_group
target: kubernetes_security_group
- type: cloudify.aws.relationships.instance_connected_to_elastic_ip
target: kubernetes_master_ip
- type: cloudify.relationships.depends_on
target: cloudify_host_cloud_config
target: kubernetes_master_ip

kubernetes_security_group:
type: cloudify.aws.nodes.SecurityGroup
kubernetes_master_ip:
type: cloudify.nodes.aws.ec2.ElasticIP
properties:
aws_config: *aws_config
description: Security group for Kubernetes Cluster
rules:
- ip_protocol: tcp
from_port: 53
to_port: 53
cidr_ip: 0.0.0.0/0
- ip_protocol: udp
from_port: 53
to_port: 53
cidr_ip: 0.0.0.0/0
- ip_protocol: udp
from_port: 8472
to_port: 8472
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 443
to_port: 443
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 2379
to_port: 2379
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 4001
to_port: 4001
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 4789
to_port: 4789
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 6443
to_port: 6443
cidr_ip: 0.0.0.0/0
- ip_protocol: udp
from_port: 6443
to_port: 6443
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 6783
to_port: 6784
cidr_ip: 0.0.0.0/0
- ip_protocol: udp
from_port: 6783
to_port: 6784
cidr_ip: 0.0.0.0/0
- ip_protocol: udp
from_port: 8285
to_port: 8285
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 8080
to_port: 8080
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 9090
to_port: 9090
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 10250
to_port: 10250
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 10255
to_port: 10255
cidr_ip: 0.0.0.0/0
- ip_protocol: tcp
from_port: 30000
to_port: 40000
cidr_ip: 0.0.0.0/0
relationships:
- type: cloudify.aws.relationships.security_group_contained_in_vpc
target: vpc
client_config: *client_config

ssh_group:
type: cloudify.aws.nodes.SecurityGroup
properties:
aws_config: *aws_config
description: SSH Group
rules:
- ip_protocol: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
relationships:
- type: cloudify.aws.relationships.security_group_contained_in_vpc
target: vpc

kubernetes_master_ip:
type: cloudify.aws.nodes.ElasticIP
kubernetes_security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
aws_config: *aws_config
domain: vpc
resource_config:
GroupName: kubernetes_security_group
Description: A group for Kubernetes traffic.
VpcId: { get_secret: vpc_id }
client_config: *client_config

public_subnet:
type: cloudify.aws.nodes.Subnet
kubernetes_group_rules:
type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
properties:
aws_config: *aws_config
use_external_resource: true
resource_id: { get_secret: public_subnet_id }
cidr_block: N/A
availability_zone: N/A
client_config: *client_config
resource_config:
IpPermissions:
- IpProtocol: icmp
FromPort: -1
ToPort: -1
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 53
ToPort: 53
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 53
ToPort: 53
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 8472
ToPort: 8472
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 2379
ToPort: 2379
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 4001
ToPort: 4001
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 4789
ToPort: 4789
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 6443
ToPort: 6443
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 6443
ToPort: 6443
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 6783
ToPort: 6784
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 6783
ToPort: 6784
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 8285
ToPort: 8285
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8080
ToPort: 8080
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 9090
ToPort: 9090
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 10250
ToPort: 10250
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 10255
ToPort: 10255
IpRanges:
- CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 30000
ToPort: 40000
IpRanges:
- CidrIp: 0.0.0.0/0
relationships:
- type: cloudify.aws.relationships.subnet_contained_in_vpc
target: vpc
- type: cloudify.relationships.contained_in
target: kubernetes_security_group

private_subnet:
type: cloudify.aws.nodes.Subnet
ssh_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
aws_config: *aws_config
use_external_resource: true
resource_id: { get_secret: private_subnet_id }
cidr_block: N/A
availability_zone: N/A
relationships:
- type: cloudify.aws.relationships.subnet_contained_in_vpc
target: vpc
resource_config:
GroupName: ssh_group
Description: A group for SSH traffic.
VpcId: { get_secret: vpc_id }
client_config: *client_config

vpc:
type: cloudify.aws.nodes.VPC
ssh_group_rules:
type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
properties:
aws_config: *aws_config
use_external_resource: true
resource_id: { get_secret: vpc_id }
cidr_block: N/A
client_config: *client_config
resource_config:
IpPermissions:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
IpRanges:
- CidrIp: 0.0.0.0/0
relationships:
- type: cloudify.relationships.contained_in
target: ssh_group

k8s_node:
type: cloudify.nodes.DeploymentProxy
Expand All @@ -231,7 +234,6 @@ node_templates:
outputs:
deployment-type: deployment-type
deployment-node-data-type: deployment-node-data-type

relationships:
- type: cloudify.relationships.depends_on
target: k8s_master_host
Expand Down