crossplane-aws flow

crossplane/aws/README.md

@@ -0,0 +1,121 @@
+# Connect Crossplane to AWS
+
+Crossplane installs into an existing Kubernetes cluster.
+If you don’t have a Kubernetes cluster create one locally with Kind.
+
+### Install the Crossplane Helm chart
+Helm enables Crossplane to install all its Kubernetes components through a Helm Chart.
+Enable the Crossplane Helm Chart repository:
+
+```
+helm repo add \
+crossplane-stable https://charts.crossplane.io/stable
+helm repo update
+```
+
+Install the Crossplane components:
+
+```
+helm install crossplane \
+crossplane-stable/crossplane \
+--namespace crossplane-system \
+--create-namespace
+```
+
+Verify Crossplane installed with kubectl get pods ```kubectl get pods -n crossplane-system```.
+
+# Install the AWS provider
+
+Install the provider into the Kubernetes cluster with a Kubernetes configuration file.
+```
+kubectl apply -f crossplane-provider.yaml
+```
+
+Verify the provider installed with ```kubectl get providers```.
+
+It may take up to five minutes for the provider to list HEALTHY as True.
+
+```
+NAME                   INSTALLED   HEALTHY   PACKAGE                                        AGE
+upbound-provider-aws   True        True      xpkg.upbound.io/upbound/provider-aws:v0.34.0   12m
+```
+
+A provider installs their own Kubernetes Custom Resource Definitions (CRDs). These CRDs allow you to create AWS resources directly inside Kubernetes.
+
+You can view the new CRDs with ```kubectl get crds```
+
+## Generate an AWS key-pair file
+For basic user authentication, use an AWS Access keys key-pair file.
+
+In [aws-credentials.txt](aws-credentials.txt) replace ```<aws_access_key>``` and  ```<aws_secret_key>``` with your data.
+
+Use kubectl create secret to generate the secret object named aws-secret in the crossplane-system namespace.
+Use the --from-file= argument to set the value to the contents of the aws-credentials.txt file.
+```
+kubectl create secret \
+generic aws-secret \
+-n crossplane-system \
+--from-file=creds=./aws-credentials.txt
+```
+
+View the secret with ```kubectl describe secret aws-secret -n crossplane-system```
+
+## Create a ProviderConfig
+A ProviderConfig customizes the settings of the AWS Provider.
+Apply the ProviderConfig with the command 
+```
+kubectl apply -f provider-config.yaml
+```
+
+## Cassandra spin up with Crossplane
+
+### Create Cassandra On-premise cluster
+In the Instaclustr Console create a Cassandra On-Premise cluster.
+
+### Create AWS resources
+
+VPC 
+```
+kubectl apply -f vpc.yaml
+```
+
+Internet Gateway
+```
+kubectl apply -f internet-gateway.yaml
+```
+
+Subnets
+```
+kubectl apply -f subnet.yaml
+```
+
+Security Group 
+```
+kubectl apply -f security-group.yaml
+```
+
+Roles for Security Group
+```
+kubectl apply -f security-group-role.yaml
+```
+
+Paste your ssh into ```SSH_PUB_KEY``` in [startup-script.sh](startup-script.sh) and generate binary of this file:
+```
+cat startup-script.sh | base64 -w0
+```
+Paste generated binary into each ```userDataBase64``` field in [instance.yaml](instance.yaml) manifests.
+
+Create instances 
+```
+kubectl apply -f instance.yaml
+```
+
+In the AWS Console -> VPC -> Route tables -> Edit routes -> add your [internet-gateway](internet-gateway.yaml) (Destination - 0.0.0.0/0).
+
+Get Private and Public IPs from instances and put into [ignition commands](ignition-command.txt).
+
+Run [ignition-commands](ignition-command.txt) in icadmnin. Take care to ensure that the right IPs are assigned to the right nodes and importantly are in the right rack
+For each node, get the ignition scripts from Zendesk, add them to each instance accordingly, and make them executable.
+
+Run the ignition scripts as a root and after that we should have a functioning Cassandra cluster. 
+

crossplane/aws/aws-credentials.txt

@@ -0,0 +1,3 @@
+[default]
+aws_access_key_id = <aws_access_key>
+aws_secret_access_key = <aws_secret_key>

crossplane/aws/crossplane-provider.yaml

@@ -0,0 +1,6 @@
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: upbound-provider-aws
+spec:
+  package: xpkg.upbound.io/upbound/provider-aws:v0.33.0

crossplane/aws/ignition-command.txt

@@ -0,0 +1,9 @@
+icadmin riemaint create $CLUSTER_ID all -t 196h -m "provisioning on prem cluster"
+
+icadmin node modify --private-address 192.168.1.example c052fe4d-6dce-4b2c-b89c-exampleNodeID
+icadmin node modify --private-address 192.168.2.example af0fff66-3847-4002-8531-example
+icadmin node modify --private-address 192.168.3.example 9737a4c9-04d8-405e-b787-example
+
+icadmin node modify --public-address 3.81.example.103 c052fe4d-6dce-4b2c-b89c-exampleNodeID
+icadmin node modify --public-address 44.214.example.64 af0fff66-3847-4002-8531-example
+icadmin node modify --public-address 44.212.example.220 9737a4c9-04d8-405e-b787-example

crossplane/aws/instance.yaml

@@ -0,0 +1,60 @@
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Instance
+metadata:
+  labels:
+    instance-group: debian
+    instance: debian-1
+  name: debian-1-test
+spec:
+  forProvider:
+    ami: ami-0fec2c2e2017f4e7b
+    instanceType: i3en.xlarge
+    region: us-east-1
+    associatePublicIpAddress: true
+    userDataBase64: exampleT0ic3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FEczZmaCt4SXNmRTVUanhCcUZpVitiMXlDRn
+    tenancy: default
+    subnetIdRef:
+      name: debian-subnet-st-a
+    vpcSecurityGroupIdRefs:
+      - name: debian-sg-test
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Instance
+metadata:
+  labels:
+    instance-group: debian
+    instance: debian-2
+  name: debian-2-test
+spec:
+  forProvider:
+    ami: ami-0fec2c2e2017f4e7b
+    instanceType: i3en.xlarge
+    region: us-east-1
+    associatePublicIpAddress: true
+    userDataBase64: exampleT0ic3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FEczZmaCt4SXNmRTVUanhCcUZpVitiMXlDRn
+    tenancy: default
+    subnetIdRef:
+      name: debian-subnet-st-b
+    vpcSecurityGroupIdRefs:
+      - name: debian-sg-test
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: Instance
+metadata:
+  labels:
+    instance-group: debian
+    instance: debian-3
+  name: debian-3-test
+spec:
+  forProvider:
+    ami: ami-0fec2c2e2017f4e7b
+    instanceType: i3en.xlarge
+    region: us-east-1
+    associatePublicIpAddress: true
+    userDataBase64: exampleT0ic3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCZ1FEczZmaCt4SXNmRTVUanhCcUZpVitiMXlDRn
+    tenancy: default
+    subnetIdRef:
+      name: debian-subnet-st-c
+    vpcSecurityGroupIdRefs:
+      - name: debian-sg-test
+---

crossplane/aws/internet-gateway.yaml

@@ -0,0 +1,11 @@
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: InternetGateway
+metadata:
+  labels:
+    instance-group: debian
+  name: debian-igw-test
+spec:
+  forProvider:
+    region: us-east-1
+    vpcIdRef:
+      name: debian-vpc-test-crossplane

crossplane/aws/provider-config.yaml

@@ -0,0 +1,11 @@
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: default
+spec:
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: aws-secret
+      key: creds

crossplane/aws/security-group-role.yaml

@@ -0,0 +1,127 @@
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroupRule
+metadata:
+  name: debian-sg-ssh-test
+spec:
+  forProvider:
+    cidrBlocks:
+      - 145.224.105.172/32
+    region: us-east-1
+    protocol: tcp
+    fromPort: 22
+    toPort: 22
+    securityGroupIdRef:
+      name: debian-sg-test
+    type: ingress
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroupRule
+metadata:
+  name: debian-sg-cqlsh-test
+spec:
+  forProvider:
+    cidrBlocks:
+      - 145.224.105.172/32
+    region: us-east-1
+    protocol: tcp
+    fromPort: 9042
+    toPort: 9042
+    securityGroupIdRef:
+      name: debian-sg-test
+    type: ingress
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroupRule
+metadata:
+  name: debian-sg-internode-test
+spec:
+  forProvider:
+    cidrBlocks:
+      - 0.0.0.0/0
+    region: us-east-1
+    protocol: tcp
+    fromPort: 7000
+    toPort: 7000
+    securityGroupIdRef:
+      name: debian-sg-test
+    type: ingress
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroupRule
+metadata:
+  name: debian-sg-ssl-test
+spec:
+  forProvider:
+    cidrBlocks:
+      - 0.0.0.0/0
+    region: us-east-1
+    protocol: tcp
+    fromPort: 7001
+    toPort: 7001
+    securityGroupIdRef:
+      name: debian-sg-test
+    type: ingress
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroupRule
+metadata:
+  name: debian-sg-jmx-test
+spec:
+  forProvider:
+    cidrBlocks:
+      - 0.0.0.0/0
+    region: us-east-1
+    protocol: tcp
+    fromPort: 7199
+    toPort: 7199
+    securityGroupIdRef:
+      name: debian-sg-test
+    type: ingress
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroupRule
+metadata:
+  name: debian-sg-thrift-test
+spec:
+  forProvider:
+    cidrBlocks:
+      - 0.0.0.0/0
+    region: us-east-1
+    protocol: tcp
+    fromPort: 9160
+    toPort: 9160
+    securityGroupIdRef:
+      name: debian-sg-test
+    type: ingress
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroupRule
+metadata:
+  name: debian-sg-nodeagent-test
+spec:
+  forProvider:
+    cidrBlocks:
+      - 0.0.0.0/0
+    region: us-east-1
+    protocol: tcp
+    fromPort: 8000
+    toPort: 8000
+    securityGroupIdRef:
+      name: debian-sg-test
+    type: ingress
+---
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroupRule
+metadata:
+  name: debian-sg-outbound-test
+spec:
+  forProvider:
+    cidrBlocks:
+      - 0.0.0.0/0
+    region: us-east-1
+    protocol: tcp
+    fromPort: 0
+    toPort: 65535
+    securityGroupIdRef:
+      name: debian-sg-test
+    type: egress

crossplane/aws/security-group.yaml

@@ -0,0 +1,12 @@
+apiVersion: ec2.aws.upbound.io/v1beta1
+kind: SecurityGroup
+metadata:
+  labels:
+    instance-group: debian
+  name: debian-sg-test
+spec:
+  forProvider:
+    name: debian-sg-test
+    region: us-east-1
+    vpcIdRef:
+      name: debian-vpc-test-crossplane

crossplane/aws/startup-script.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+export NEW_PASS="qwerty12345"
+export SSH_PUB_KEY="ssh-rsa example_base64"
+export BOOTSTRAP_SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDgeaO3zkY5v1dww3fFONPzUnEgIqJ4kUK0Usu8iFdp+TWIulw9dDeQHa+PdWXP97l5Vv1mG9ipqShEIu7/2bp13KxSblWX4iV1MYZbtimhY3UDOsPn1G3E1Ipis6y+/tosDAm8LoWaGEMcLuE5UjP6gs6K57rCEjkVGjg7vjhIypAMC0J2N2+CxK9o/Y1+LZAec+FL5cmSJoajoo9y/VYJjz/a52jJ93wRafD2uu6ObAl5gkN/+gqY4IJFSMx20sPsIRXdbiBNDqiap56ibHHPKTeZhRbdXvZfjYkHtutXnSM2xn7BjnV8CguISxS3rXlzlzRVYwSUjnKUf5SKBbeyZbCokx271vCeUd5EXfHphvW6FIOna2AI5lpCSYkw5Kho3HaPi2NjXJ9i2dCr1zpcZpCiettDuaEjxR0Cl4Jd6PrAiAEZ0Ns0u2ysVhudshVzQrq6qdd7W9/MLjbDIHdTToNjFLZA6cbE0MQf18LXwJAl+G/QrXgcVaiopUmld+68JL89Xym55LzkMhI0NiDtWufawd/NiZ6jm13Z3+atvnOimdyuqBYeFWgbtcxjs0yN9v7h7PfPh6TbiQYFx37DCfQiIucqx1GWmMijmd7HMY6Nv3UvnoTUTSn4yz1NxhEpC61N+iAInZDpeJEtULSzlEMWlbzL4t5cF+Rm1dFdq3WpZt1mi8F4DgrsgZEuLGAw22RNW3++EWYFUNnJXaYyctPrMpWQktr4DB5nQGIHF92WR8uncxTNUXfWuT29O9e+bFYh1etmq8rsCoLcxN0zFHWvcECK55aE+47lfNAR+HEjuwYW10mGU/pFmO0F9FFmcQRSw4D4tnVUgl3XjKe3bBiTa4lUrzrKkLZ6n9/buW2e7c3jbjmXdPh2R+2Msr/vfuWs9glxQf+CYEbBW6Ye4pekIyI77SaB/bVhaHtXutKxm+QWdNle8aeqiA8Ji1Ml+s75vIg+n5v6viCnl5aV33xHRFpGQJzj2ktsXl9P9d5kgal9eXJYTywC2SnVbZVLb6FGN4kPZTVwX1f+u7v7JCm4YWlbQZtwwiXKjs99AVtQnBWqQvUH5sFUkVXlHA1Y9W6wlup0r+F6URL+7Yw+d0dHByfevrJg3pvmpLb3sEpjIAZodW3dIUReE7Ku3s/q/O9foFnfRBnCcZ2QsnxI5pqNrbrundD1ApOnNXEvICvPXHBBQ44cW0hzAO+WxY5VxyG8y/kXnb48G9efkIQFkNaITJrU9SiOk6bFP4QANdS/pmaSLjJIsHixa+7vmYjRy1SVoQ/39vDUnyCbqKtO56QMH32hQLRO3Vk7NVG6o4dYjFkiaMSaqVlHKMkJQHVzlK2PW9/fjVXfkAHmmhoD debian"
+
+echo "admin:$NEW_PASS" | chpasswd
+echo "root:$NEW_PASS" | sudo chpasswd root
+sudo echo "$SSH_PUB_KEY" >> /home/admin/.ssh/authorized_keys
+sudo echo "$BOOTSTRAP_SSH_KEY" >> /home/admin/.ssh/authorized_keys
+sudo chown -R admin: /home/admin/.ssh
+sudo cp /usr/share/doc/apt/examples/sources.list /etc/apt/sources.list
+device=$(lsblk -dfn -o NAME,PTUUID,FSTYPE | awk '$2 == "" && $3 == "" {print $1}')
+sudo mkfs -t ext4 /dev/"${device}"
+END