sparse-intern-71089
11/11/2021, 10:50 AMworried-city-86458
11/11/2021, 5:33 PMwitty-belgium-75866
11/11/2021, 8:33 PMworried-city-86458
11/12/2021, 3:26 AM// cert manager; <https://github.com/jetstack/cert-manager/tree/master/deploy/charts/cert-manager>
Logger.LogDebug("Installing cert manager");
var certManagerRole = new RoleX($"{k8sPrefix}-cert-manager",
new RoleXArgs
{
AssumeRolePolicy = IamHelpers.AssumeRoleForServiceAccount(oidcArn, oidcUrl, "cert-manager", "cert-manager", awsProvider),
InlinePolicies = { ["policy"] = ReadResource("CertManagerPolicy.json") }
},
new ComponentResourceOptions { Provider = awsProvider });
var certManagerCrds = new ConfigGroup("cert-manager-crds",
new ConfigGroupArgs { Yaml = ReadResource("CertManagerCrds.yaml") },
new ComponentResourceOptions { Provider = k8sProvider });
var certManagerNs = new Namespace("cert-manager",
new NamespaceArgs { Metadata = new ObjectMetaArgs { Name = "cert-manager" } },
new CustomResourceOptions { Provider = k8sProvider });
var certManagerValues = certManagerRole.Arn.Apply(roleArn =>
new Dictionary<string, object>
{
["prometheus"] = new
{
enabled = true,
servicemonitor = new { enabled = true }
},
["serviceAccount"] = new { annotations = new Dictionary<string, string> { ["<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>"] = roleArn } },
["startupapicheck"] = new { annotations = new Dictionary<string, string> { ["appmesh.k8s.aws/sidecarInjectorWebhook"] = "disabled" } }
}.ToDictionary()); // workaround <https://github.com/pulumi/pulumi/issues/8013>
var certManagerRelease = new Release("cert-manager",
new ReleaseArgs
{
Namespace = "cert-manager",
Name = "cert-manager",
RepositoryOpts = new RepositoryOptsArgs { Repo = "<https://charts.jetstack.io>" },
Chart = "cert-manager",
Version = K8sConfig.CertManagerChartVersion,
Values = certManagerValues,
Atomic = true,
SkipCrds = true
},
new CustomResourceOptions { DependsOn = { certManagerCrds.Ready(), certManagerNs, kubePrometheusStackCrds.Ready() }, Provider = k8sProvider });
// aws load balancer controller; <https://github.com/aws/eks-charts/tree/master/stable/aws-load-balancer-controller>
Logger.LogDebug("Installing aws load balancer controller");
var awsLbcRole = new RoleX($"{k8sPrefix}-aws-load-balancer-controller",
new RoleXArgs
{
AssumeRolePolicy = IamHelpers.AssumeRoleForServiceAccount(oidcArn, oidcUrl, "kube-system", "aws-load-balancer-controller", awsProvider),
InlinePolicies = { ["policy"] = ReadResource("AwsLoadBalancerPolicy.json") }
},
new ComponentResourceOptions { Provider = awsProvider });
var awsLbcCrds = new ConfigGroup("aws-load-balancer-controller-crds",
new ConfigGroupArgs { Yaml = ReadResource("AwsLoadBalancerCrds.yaml") },
new ComponentResourceOptions { Provider = k8sProvider });
var awsLbcValues = Output.Tuple(clusterName, awsLbcRole.Arn).Apply(((string ClusterName, string RoleArn) tuple) =>
new Dictionary<string, object>
{
["clusterName"] = tuple.ClusterName,
["enableCertManager"] = true,
["serviceAccount"] = new { annotations = new Dictionary<string, string> { ["<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>"] = tuple.RoleArn } }
}.ToDictionary()); // workaround <https://github.com/pulumi/pulumi/issues/8013>
var awsLbcRelease = new Release("aws-load-balancer-controller", // ingress records with <http://alb.ingress.kubernetes.io|alb.ingress.kubernetes.io> annotations depend on chart finalizers
new ReleaseArgs
{
Namespace = "kube-system",
Name = "aws-load-balancer-controller",
RepositoryOpts = new RepositoryOptsArgs { Repo = "<https://aws.github.io/eks-charts>" },
Chart = "aws-load-balancer-controller",
Version = K8sConfig.AwsLbcChartVersion,
Values = awsLbcValues,
Atomic = true,
SkipCrds = true
},
new CustomResourceOptions { DependsOn = { awsLbcCrds.Ready(), certManagerRelease }, Provider = k8sProvider });
witty-belgium-75866
11/12/2021, 9:45 PMworried-city-86458
11/13/2021, 3:38 AMwitty-belgium-75866
11/13/2021, 10:54 AM