Checkpoint. GWAPI resources are created successfully

Author: michaelvl

Makefile.local

@@ -43,9 +43,7 @@ wait-ready-external-dns-test:
 	until kubectl wait pods -l app.kubernetes.io/instance=external-dns --for condition=Ready --timeout=120s     ; do echo "."; sleep 1; done
 
 #################
-ifeq ($(GATEWAY_API_VERSION),)
-GATEWAY_API_VERSION=v0.6.0
-endif
+GATEWAY_API_VERSION ?= v0.6.0
 
 .PHONY: gateway-api-upstream-get
 gateway-api-upstream-get:
@@ -72,10 +70,16 @@ delete-cluster:
 	kind delete cluster --name kind-gwc-dev-cluster
 
 #################
+ISTIO_VERSION ?= 1.16.1
+
 .PHONY: deploy-istio
 deploy-istio:
-	helm upgrade -i --repo https://istio-release.storage.googleapis.com/charts base base     --version 1.16.1 -n istio-system --create-namespace
-	helm upgrade -i --repo https://istio-release.storage.googleapis.com/charts istiod istiod --version 1.16.1 -n istio-system
+	helm upgrade -i --repo https://istio-release.storage.googleapis.com/charts base base     --version ${ISTIO_VERSION} -n istio-system --create-namespace
+	helm upgrade -i --repo https://istio-release.storage.googleapis.com/charts istiod istiod --version ${ISTIO_VERSION} -n istio-system
+
+.PHONY: undeploy-istio
+undeploy-istio:
+	helm uninstall -n istio-system istiod
 
 #################
 .PHONY: cluster-load-controller-image
@@ -143,25 +147,55 @@ ca-cert-secret-create:
 	kubectl -n cert-manager create secret tls ca-key-pair --cert=foo-example-com.crt --key=foo-example-com.key
 
 #################
+AWS_LOAD_BALANCER_CONTROLLER_VERSION ?= v2.4.5
+AWS_LOAD_BALANCER_CONTROLLER_CHART_VERSION ?= v1.4.6
+# Note, template also require CLUSTERNAME and AWS_LOAD_BALANCER_CONTROLLER_IAM_ROLE_ARN
+
 .PHONY: deploy-aws-load-balancer-controller-crds
 deploy-aws-load-balancer-controller-crds:
-	kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.5/helm/aws-load-balancer-controller/crds/crds.yaml
+	kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/${AWS_LOAD_BALANCER_CONTROLLER_VERSION}/helm/aws-load-balancer-controller/crds/crds.yaml
+
+.PHONY: deploy-aws-load-balancer-controller
+deploy-aws-load-balancer-controller:
+	cat test-data/aws-load-balancer-controller-values.yaml_tpl | envsubst > aws-load-balancer-controller-values.yaml
+	helm upgrade -i --repo https://aws.github.io/eks-charts aws-load-balancer-controller aws-load-balancer-controller --version ${AWS_LOAD_BALANCER_CONTROLLER_CHART_VERSION} -n kube-system --set installCRDs=false --values aws-load-balancer-controller-values.yaml
+
+.PHONY: undeploy-aws-load-balancer-controller
+undeploy-aws-load-balancer-controller:
+	helm uninstall -n kube-system aws-load-balancer-controller
 
 #################
+CROSSPLANE_VERSION ?= v1.11.0
+
 .PHONY: deploy-crossplane
 deploy-crossplane:
-	helm upgrade -i --repo https://charts.crossplane.io/stable crossplane crossplane --version v1.11.0 -n crossplane-system --create-namespace
+	helm upgrade -i --repo https://charts.crossplane.io/stable crossplane crossplane --version ${CROSSPLANE_VERSION} -n crossplane-system --create-namespace
+
+.PHONY: undeploy-crossplane
+undeploy-crossplane:
+	helm uninstall crossplane -n crossplane-system
+
+CROSSPLANE_AWS_PROVIDER_VERSION ?= v0.28.0
+# Note, templates also require CROSSPLANE_INITIAL_IAM_ROLE_ARN and CROSSPLANE_IAM_ROLE_ARN
 
 .PHONY: deploy-crossplane-aws-provider
 deploy-crossplane-aws-provider:
-	kubectl apply -f test-data/crossplane-aws-provider.yaml
+	cat test-data/crossplane-aws-provider.yaml_tpl | CROSSPLANE_AWS_PROVIDER_VERSION=${CROSSPLANE_AWS_PROVIDER_VERSION} CROSSPLANE_INITIAL_IAM_ROLE_ARN=${CROSSPLANE_INITIAL_IAM_ROLE_ARN} envsubst > crossplane-aws-provider.yaml
+	cat test-data/crossplane-aws-provider-config.yaml_tpl | CROSSPLANE_IAM_ROLE_ARN=${CROSSPLANE_IAM_ROLE_ARN} envsubst > crossplane-aws-provider-config.yaml
+	kubectl apply -f crossplane-aws-provider.yaml
 	kubectl wait "providers.pkg.crossplane.io/provider-aws" --for=condition=Installed --timeout=180s
 	kubectl wait "providers.pkg.crossplane.io/provider-aws" --for=condition=Healthy --timeout=180s
+	kubectl apply -f crossplane-aws-provider-config.yaml
+
+.PHONY: undeploy-crossplane-aws-provider
+undeploy-crossplane-aws-provider:
+	kubectl delete -f crossplane-aws-provider-config.yaml
+	kubectl delete -f crossplane-aws-provider.yaml
 
 #################
 # See 'doc/getting-started.md'
 .PHONY: setup-getting-started
-setup-getting-started: setup-getting-started-cluster setup-getting-started-controller setup-getting-started-usecase
+setup-getting-started: setup-getting-started-cluster setup-getting-started-controller setup-getting-started-controller-blueprint setup-getting-started-usecase
 
 .PHONY: setup-getting-started-cluster
 setup-getting-started-cluster:
@@ -179,17 +213,51 @@ setup-getting-started-controller:
 	make docker-build
 	make cluster-load-controller-image
 	make deploy
-	kubectl apply -f blueprints/gatewayclassblueprint-contour-istio-cert.yaml -f blueprints/gatewayclass-contour-istio-cert.yaml
+
+BIFROST_VERSION ?= 0.1.6
 
 .PHONY: setup-getting-started-controller-helm
 setup-getting-started-controller-helm:
-	helm upgrade -i bifrost-gateway-controller-helm oci://ghcr.io/tv2-oss/bifrost-gateway-controller-helm --version 0.1.6 --values charts/bifrost-gateway-controller/ci/gatewayclassblueprint-contour-istio-values.yaml -n bifrost-gateway-controller-system --create-namespace
+	helm upgrade -i bifrost-gateway-controller-helm oci://ghcr.io/tv2-oss/bifrost-gateway-controller-helm --version ${BIFROST_VERSION} --values charts/bifrost-gateway-controller/ci/gatewayclassblueprint-contour-istio-values.yaml -n bifrost-gateway-controller-system --create-namespace
+
+.PHONY: setup-getting-started-controller-aws-helm
+setup-getting-started-controller-aws-helm:
+	helm upgrade -i bifrost-gateway-controller-helm oci://ghcr.io/tv2-oss/bifrost-gateway-controller-helm --version ${BIFROST_VERSION} --values charts/bifrost-gateway-controller/ci/gatewayclassblueprint-crossplane-aws-alb-values.yaml -n bifrost-gateway-controller-system --create-namespace
+
+.PHONY: undeploy-controller
+undeploy-controller:
+	helm uninstall -n bifrost-gateway-controller-system bifrost-gateway-controller-helm
+
+.PHONY: setup-getting-started-controller-blueprint
+setup-getting-started-controller-blueprint:
 	kubectl apply -f blueprints/gatewayclassblueprint-contour-istio-cert.yaml -f blueprints/gatewayclass-contour-istio-cert.yaml
 
+BIFROST_BLUEPRINTS_VERSION ?= 0.0.18
+
+.PHONY: deploy-aws-istio-blueprint
+deploy-aws-istio-blueprint:
+	kubectl apply -f https://github.com/tv2-oss/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclassblueprint-aws-alb-crossplane.yaml
+	kubectl apply -f https://github.com/tv2-oss/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclass-aws-alb-crossplane.yaml
+
+.PHONY: undeploy-aws-istio-blueprint
+undeploy-aws-istio-blueprint:
+	kubectl delete -f https://github.com/tv2-oss/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclassblueprint-aws-alb-crossplane.yaml
+	kubectl delete -f https://github.com/tv2-oss/bifrost-gateway-controller/releases/download/${BIFROST_BLUEPRINTS_VERSION}/gatewayclass-aws-alb-crossplane.yaml
+
+.PHONY: deploy-aws-istio-blueprint-local
+deploy-aws-istio-blueprint-local:
+	kubectl apply -f blueprints/gatewayclassblueprint-aws-alb-crossplane.yaml -f blueprints/gatewayclass-aws-alb-crossplane.yaml
+
+.PHONY: undeploy-aws-istio-blueprint-local
+undeploy-aws-istio-blueprint-local:
+	kubectl delete -f blueprints/gatewayclassblueprint-aws-alb-crossplane.yaml -f blueprints/gatewayclass-aws-alb-crossplane.yaml
+
+GATEWAY_CLASS_NAME ?= contour-istio-cert
+
 .PHONY: setup-getting-started-usecase
 setup-getting-started-usecase:
 	kubectl apply -f test-data/getting-started/foo-namespaces.yaml
-	kubectl apply -f test-data/getting-started/foo-gateway.yaml
+	cat test-data/getting-started/foo-gateway.yaml | GATEWAY_CLASS_NAME=${GATEWAY_CLASS_NAME} envsubst | kubectl apply -f -
 	kubectl -n foo-site apply -f test-data/getting-started/app-foo-site.yaml
 	kubectl -n foo-site apply -f test-data/getting-started/foo-site-httproute.yaml
 	kubectl -n foo-store apply -f test-data/getting-started/app-foo-store-v1.yaml

blueprints/README.md

@@ -55,5 +55,5 @@ This definition is provided in the following files:
 - [`gatewayclassblueprint-aws-alb-crossplane.yaml`](gatewayclassblueprint-aws-alb-crossplane.yaml) blueprint for infrastructure implementation
 - [`gatewayclass-aws-alb-crossplane.yaml`](gatewayclass-aws-alb-crossplane.yaml) definitions of `GatewayClass`es referencing the above `GatewayClassBlueprint`. Two `GatewayClass`es are created, one that is intended for internet exposed gateways, and one for non internet exposed gateways.
 - [`gatewayclassconfig-aws-alb-crossplane-dev-env.yaml`](../test-data/gatewayclassconfig-aws-alb-crossplane-dev-env.yaml) example settings for the two `GatewayClass`es defined in `gatewayclass-aws-alb-crossplane.yaml`, i.e. with different subnet settings for the internet-exposed and non internet-exposed `GatewayClass'es.
-[`gatewayclassblueprint-crossplane-aws-alb-values.yaml`](../charts/bifrost-gateway-controller/ci/gatewayclassblueprint-crossplane-aws-alb-values.yaml)
-(RBAC for bifrost-gateway-controller Helm deployment suited for the `aws-alb-crossplane` blueprint).
+- [`gatewayclassblueprint-crossplane-aws-alb-values.yaml`](../charts/bifrost-gateway-controller/ci/gatewayclassblueprint-crossplane-aws-alb-values.yaml)
+RBAC for bifrost-gateway-controller Helm deployment suited for the `aws-alb-crossplane` blueprint.

doc/getting-started.md

@@ -125,10 +125,11 @@ that is out out-of-scope for this guide):
 kubectl apply -f test-data/getting-started/foo-namespaces.yaml
 ```
 
-The cluster-operator/SRE also creates the common `Gateway`:
+The cluster-operator/SRE also creates the common `Gateway` using the
+`GatewayClass` created previously:
 
 ```
-kubectl apply -f test-data/getting-started/foo-gateway.yaml
+cat test-data/getting-started/foo-gateway.yaml | GATEWAY_CLASS_NAME=contour-istio-cert envsubst | kubectl apply -f -
 ```
 
 ### Developer of 'Site' Application

hack/demo/show-resources.sh

@@ -1,3 +1,3 @@
 #! /bin/bash
 
-kubectl get gateway,lbs,lbtargetgroups -A | sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#'
+kubectl get gateway,lbs,lbtargetgroups,lblisteners,securitygroups,securitygrouprules -A | sed -E 's#(arn:aws:elasticloadbalancing:eu-central-1:)[0-9]+(:[-0-9a-z\/]+)#\11234567890\2#'

test-data/aws-load-balancer-controller-values.yaml_tpl

@@ -0,0 +1,5 @@
+clusterName: $CLUSTERNAME
+serviceAccount:
+  name: aws-load-balancer-controller
+  annotations:
+    eks.amazonaws.com/role-arn: $AWS_LOAD_BALANCER_CONTROLLER_IAM_ROLE_ARN

test-data/crossplane-aws-provider-config.yaml_tpl

@@ -0,0 +1,9 @@
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: admin
+spec:
+  credentials:
+    source: WebIdentity
+    webIdentity:
+      roleARN: $CROSSPLANE_IAM_ROLE_ARN

test-data/crossplane-aws-provider.yaml

@@ -0,0 +1,18 @@
+apiVersion: pkg.crossplane.io/v1alpha1
+kind: ControllerConfig
+metadata:
+  name: aws-config
+  annotations:
+    eks.amazonaws.com/role-arn: $CROSSPLANE_INITIAL_IAM_ROLE_ARN
+spec:
+  podSecurityContext:
+    fsGroup: 2000
+---
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-aws
+spec:
+  package: xpkg.upbound.io/upbound/provider-aws:$CROSSPLANE_AWS_PROVIDER_VERSION
+  controllerConfigRef:
+    name: aws-config

test-data/crossplane-aws-provider.yaml_tpl

@@ -4,7 +4,7 @@ metadata:
   name: foo-gateway
   namespace: foo-infra
 spec:
-  gatewayClassName: contour-istio-cert
+  gatewayClassName: $GATEWAY_CLASS_NAME
   listeners:
   - name: web
     port: 80