Managed Resources

.teller.yml

@@ -0,0 +1,10 @@
+project: dot
+providers:
+  google_secretmanager:
+    env:
+      AWS_ACCESS_KEY_ID:
+        path: projects/vfarcic/secrets/aws-access-key-id/versions/3
+      AWS_SECRET_ACCESS_KEY:
+        path: projects/vfarcic/secrets/aws-secret-access-key/versions/3
+      AWS_ACCOUNT_ID:
+        path: projects/vfarcic/secrets/aws-account-id/versions/1

aws-creds.conf

@@ -0,0 +1,4 @@
+[default]
+aws_access_key_id = AKIAQRAT2ESBU3WLKJCF
+aws_secret_access_key = 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
+

destroy/00-intro.sh

@@ -24,16 +24,6 @@ echo "
 |Linux Shell     |Yes                  |Use WSL if you are running Windows                 |
 |Docker          |Yes                  |'https://docs.docker.com/engine/install'           |
 |kind CLI        |Yes                  |'https://kind.sigs.k8s.io/docs/user/quick-start/#installation'|
-|kubectl CLI     |Yes                  |'https://kubernetes.io/docs/tasks/tools/#kubectl'  |
-|crossplane CLI  |Yes                  |'https://docs.crossplane.io/latest/cli'            |
-|yq CLI          |Yes                  |'https://github.com/mikefarah/yq#install'          |
-|Google Cloud account with admin permissions|If using Google Cloud|'https://cloud.google.com'|
-|Google Cloud CLI|If using Google Cloud|'https://cloud.google.com/sdk/docs/install'        |
-|AWS account with admin permissions|If using AWS|'https://aws.amazon.com'                  |
-|AWS CLI         |If using AWS         |'https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html'|
-|eksctl CLI      |If using AWS         |'https://eksctl.io/installation/'                  |
-|Azure account with admin permissions|If using Azure|'https://azure.microsoft.com'         |
-|az CLI          |If using Azure       |'https://learn.microsoft.com/cli/azure/install-azure-cli'|
 " | gum format
 
 gum confirm "

destroy/01-managed-resources.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+set -e
+
+gum style \
+	--foreground 212 --border-foreground 212 --border double \
+	--margin "1 2" --padding "2 4" \
+	'Destruction of the Managed Resources chapter.
+  
+This script assumes that you jumped straight into this chapter.
+If that is not the case (if you are continuing from the previous
+chapter), please answer with "No" when asked whether you are
+ready to start.'
+
+gum confirm '
+Are you ready to start?
+Select "Yes" only if you did NOT follow the story from the start (if you jumped straight into this chapter).
+Feel free to say "No" and inspect the script if you prefer setting up resources manually.
+' || exit 0
+
+echo "
+## You will need following tools installed:
+|Name            |Required             |More info                                          |
+|----------------|---------------------|---------------------------------------------------|
+|Linux Shell     |Yes                  |Use WSL if you are running Windows                 |
+|Docker          |Yes                  |'https://docs.docker.com/engine/install'           |
+|kind CLI        |Yes                  |'https://kind.sigs.k8s.io/docs/user/quick-start/#installation'|
+" | gum format
+
+gum confirm "
+Do you have those tools installed?
+" || exit 0
+
+#########################
+# Control Plane Cluster #
+#########################
+
+kind delete cluster

examples/aws-vm-bigger.yaml

@@ -0,0 +1,48 @@
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Instance
+metadata:
+  name: my-vm
+spec:
+  forProvider:
+    ami: ami-052efd3df9dad4825
+    region: us-east-1
+    instanceType: t2.micro
+    subnetIdRef:
+      name: my-vm
+    tags:
+      Name: my-vm
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: InstanceState
+metadata:
+  name: my-vm
+spec:
+  forProvider:
+    region: us-east-1
+    instanceIdRef:
+      name: my-vm
+    state: running
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: VPC
+metadata:
+  name: my-vm
+spec:
+  forProvider:
+    region: us-east-1
+    cidrBlock: 10.0.0.0/16
+    enableDnsSupport: true
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  name: my-vm
+spec:
+  forProvider:
+    region: us-east-1
+    availabilityZone: us-east-1a
+    cidrBlock: 10.0.0.0/24
+    vpcIdRef:
+      name: my-vm
+    mapPublicIpOnLaunch: true

examples/aws-vm.yaml

@@ -0,0 +1,48 @@
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Instance
+metadata:
+  name: my-vm
+spec:
+  forProvider:
+    ami: ami-052efd3df9dad4825
+    region: us-east-1
+    instanceType: t2.nano
+    subnetIdRef:
+      name: my-vm
+    tags:
+      Name: my-vm
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: InstanceState
+metadata:
+  name: my-vm
+spec:
+  forProvider:
+    region: us-east-1
+    instanceIdRef:
+      name: my-vm
+    state: running
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: VPC
+metadata:
+  name: my-vm
+spec:
+  forProvider:
+    region: us-east-1
+    cidrBlock: 10.0.0.0/16
+    enableDnsSupport: true
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Subnet
+metadata:
+  name: my-vm
+spec:
+  forProvider:
+    region: us-east-1
+    availabilityZone: us-east-1a
+    cidrBlock: 10.0.0.0/24
+    vpcIdRef:
+      name: my-vm
+    mapPublicIpOnLaunch: true

providers/aws-config.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: default
+spec:
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: aws-creds
+      key: creds

providers/aws-vm.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-aws-ec2
+spec:
+  package: xpkg.upbound.io/upbound/provider-aws-ec2:v0.46.1

setup/00-intro.sh

@@ -137,6 +137,22 @@ spec:
       name: gcp-creds
       key: creds" | kubectl apply --filename -
 
+elif [[ "$HYPERSCALER" == "aws" ]]; then
+
+    AWS_ACCESS_KEY_ID=$(gum input --placeholder "AWS Access Key ID" --value "$AWS_ACCESS_KEY_ID")
+    echo "export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> .env
+
+    AWS_SECRET_ACCESS_KEY=$(gum input --placeholder "AWS Secret Access Key" --value "$AWS_SECRET_ACCESS_KEY" --password)
+    echo "export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .env
+
+    AWS_ACCOUNT_ID=$(gum input --placeholder "AWS Account ID" --value "$AWS_ACCOUNT_ID")
+    echo "export AWS_ACCOUNT_ID=$AWS_ACCOUNT_ID" >> .env
+
+    echo "[default]
+aws_access_key_id = $AWS_ACCESS_KEY_ID
+aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
+" >aws-creds.conf
+
 fi
 
 kubectl create namespace a-team

setup/01-managed-resources.sh

@@ -0,0 +1,131 @@
+#!/bin/sh
+set -e
+
+gum style \
+	--foreground 212 --border-foreground 212 --border double \
+	--margin "1 2" --padding "2 4" \
+	'Setup for the Managed Resources chapter.
+  
+This script assumes that you jumped straight into this chapter.
+If that is not the case (if you are continuing from the previous
+chapter), please answer with "No" when asked whether you are
+ready to start.'
+
+gum confirm '
+Are you ready to start?
+Select "Yes" only if you did NOT follow the story from the start (if you jumped straight into this chapter).
+Feel free to say "No" and inspect the script if you prefer setting up resources manually.
+' || exit 0
+
+echo "
+## You will need following tools installed:
+|Name            |Required             |More info                                          |
+|----------------|---------------------|---------------------------------------------------|
+|Linux Shell     |Yes                  |Use WSL if you are running Windows                 |
+|Docker          |Yes                  |'https://docs.docker.com/engine/install'           |
+|kind CLI        |Yes                  |'https://kind.sigs.k8s.io/docs/user/quick-start/#installation'|
+|kubectl CLI     |Yes                  |'https://kubernetes.io/docs/tasks/tools/#kubectl'  |
+|Google Cloud account with admin permissions|If using Google Cloud|'https://cloud.google.com'|
+|Google Cloud CLI|If using Google Cloud|'https://cloud.google.com/sdk/docs/install'        |
+|AWS account with admin permissions|If using AWS|'https://aws.amazon.com'                  |
+|AWS CLI         |If using AWS         |'https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html'|
+|eksctl CLI      |If using AWS         |'https://eksctl.io/installation/'                  |
+|Azure account with admin permissions|If using Azure|'https://azure.microsoft.com'         |
+|az CLI          |If using Azure       |'https://learn.microsoft.com/cli/azure/install-azure-cli'|
+" | gum format
+
+gum confirm "
+Do you have those tools installed?
+" || exit 0
+
+rm -f .env
+
+#########################
+# Control Plane Cluster #
+#########################
+
+kind create cluster
+
+##############
+# Crossplane #
+##############
+
+echo "
+Which Hyperscaler do you want to use?"
+
+HYPERSCALER=$(gum choose "google" "aws" "azure")
+
+echo "export HYPERSCALER=$HYPERSCALER" >> .env
+
+if [[ "$HYPERSCALER" == "google" ]]; then
+
+    gcloud components install gke-gcloud-auth-plugin
+
+    PROJECT_ID=dot-$(date +%Y%m%d%H%M%S)
+
+    echo "export PROJECT_ID=$PROJECT_ID" >> .env
+
+    gcloud projects create ${PROJECT_ID}
+
+    echo "
+Please open https://console.cloud.google.com/marketplace/product/google/container.googleapis.com?project=$PROJECT_ID in a browser and *ENABLE* the API."
+
+    gum input --placeholder "
+Press the enter key to continue."
+
+    echo "
+Please open https://console.cloud.google.com/apis/library/sqladmin.googleapis.com?project=${PROJECT_ID} in a browser and *ENABLE* the API."
+
+    gum input --placeholder "
+Press the enter key to continue."
+
+    export SA_NAME=devops-toolkit
+
+    export SA="${SA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"
+
+    gcloud iam service-accounts create $SA_NAME \
+        --project $PROJECT_ID
+
+    export ROLE=roles/admin
+
+    gcloud projects add-iam-policy-binding \
+        --role $ROLE $PROJECT_ID --member serviceAccount:$SA
+
+    gcloud iam service-accounts keys create gcp-creds.json \
+        --project $PROJECT_ID --iam-account $SA
+
+    kubectl --namespace crossplane-system \
+        create secret generic gcp-creds \
+        --from-file creds=./gcp-creds.json
+
+    echo "
+apiVersion: gcp.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: default
+spec:
+  projectID: $PROJECT_ID
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: gcp-creds
+      key: creds" | kubectl apply --filename -
+
+elif [[ "$HYPERSCALER" == "aws" ]]; then
+
+    AWS_ACCESS_KEY_ID=$(gum input --placeholder "AWS Access Key ID" --value "$AWS_ACCESS_KEY_ID")
+    echo "export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> .env
+
+    AWS_SECRET_ACCESS_KEY=$(gum input --placeholder "AWS Secret Access Key" --value "$AWS_SECRET_ACCESS_KEY" --password)
+    echo "export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .env
+
+    AWS_ACCOUNT_ID=$(gum input --placeholder "AWS Account ID" --value "$AWS_ACCOUNT_ID")
+    echo "export AWS_ACCOUNT_ID=$AWS_ACCOUNT_ID" >> .env
+
+    echo "[default]
+aws_access_key_id = $AWS_ACCESS_KEY_ID
+aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
+" >aws-creds.conf
+
+fi