Adding nested RG examples (#151)

examples/podidenity/instance.yaml

@@ -0,0 +1,7 @@
+apiVersion: kro.run/v1alpha1
+kind: PodIdentity
+metadata:
+  name: krodemo
+  namespace: default
+spec:
+  name: krodemo-11223344

examples/podidenity/rg.yaml

@@ -0,0 +1,61 @@
+apiVersion: kro.run/v1alpha1
+kind: ResourceGroup
+metadata:
+  name: podidentity.kro.run
+spec:
+  schema:
+    apiVersion: v1alpha1
+    kind: PodIdentity
+    spec:
+      name: string
+      clusterName: string | default="kro"
+      policyARN: string | default=""
+    status:
+      serviceAccount: ${serviceaccount.metadata.name}
+
+  resources:
+  - id: role
+    template:
+      apiVersion: iam.services.k8s.aws/v1alpha1
+      kind: Role
+      metadata:
+        name: ${schema.spec.name}-role
+      spec:
+        name: ${schema.spec.name}-role
+        policies:
+        - ${schema.spec.policyARN}
+        assumeRolePolicyDocument: |
+          {
+            "Version": "2012-10-17",
+            "Statement": [
+              {
+                "Effect": "Allow",
+                "Principal": {
+                  "Service": "pods.eks.amazonaws.com"
+                },
+                "Action": [
+                  "sts:AssumeRole",
+                  "sts:TagSession"
+                ]
+              }
+            ]
+          }
+
+  - id: podidentityassociation
+    template:
+      apiVersion: eks.services.k8s.aws/v1alpha1
+      kind: PodIdentityAssociation
+      metadata:
+        name: ${schema.spec.name}
+      spec:
+        clusterName: ${schema.spec.clusterName}
+        roleARN: ${role.status.ackResourceMetadata.arn}
+        serviceAccount: ${serviceaccount.metadata.name}
+        namespace: ${schema.metadata.namespace} 
+
+  - id: serviceaccount
+    template:
+      apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: ${schema.spec.name}

examples/s3bucket/instance.yaml

@@ -0,0 +1,7 @@
+apiVersion: kro.run/v1alpha1
+kind: S3Bucket
+metadata:
+  name: s3demo
+  namespace: default
+spec:
+  name: s3demo-11223344

examples/s3bucket/rg.yaml

@@ -0,0 +1,62 @@
+apiVersion: kro.run/v1alpha1
+kind: ResourceGroup
+metadata:
+  name: s3bucket.kro.run
+spec:
+  schema:
+    apiVersion: v1alpha1
+    kind: S3Bucket
+    spec:
+      name: string
+      access: string | default="write"
+    status:
+      s3ARN: ${s3bucket.status.ackResourceMetadata.arn}
+      s3PolicyARN: ${s3PolicyWrite.status.ackResourceMetadata.arn}
+
+  resources:
+  - id: s3bucket
+    template:
+      apiVersion: s3.services.k8s.aws/v1alpha1
+      kind: Bucket
+      metadata:
+        name: ${schema.spec.name}
+      spec:
+        name: ${schema.spec.name}
+  - id: s3PolicyWrite
+    includeWhen:
+    - ${schema.spec.access == "write"}
+    template:
+      apiVersion: iam.services.k8s.aws/v1alpha1
+      kind: Policy
+      metadata:
+        name: ${schema.spec.name}-s3-write-policy
+      spec:
+        name: ${schema.spec.name}-s3-write-policy
+        policyDocument: |
+          {
+            "Version": "2012-10-17",
+            "Statement": [
+              {
+                "Effect": "Allow",
+                "Action": [
+                  "s3:GetObject",
+                  "s3:PutObject",
+                  "s3:PutObjectAcl",
+                  "s3:DeleteObject"
+                ],
+                "Resource": [
+                  "${s3bucket.status.ackResourceMetadata.arn}/*"
+                ]
+              },
+              {
+                "Effect": "Allow",
+                "Action": [
+                  "s3:ListBucket",
+                  "s3:GetBucketLocation"
+                ],
+                "Resource": [
+                  "${s3bucket.status.ackResourceMetadata.arn}"
+                ]
+              }
+            ]
+          }

examples/application/Readme.md → examples/webapp/Readme.md

@@ -1,9 +1,9 @@
-# kro Application example
+# kro WebApp example
 
-This example creates a ResourceGroup called `App` and then instaciates it with
+This example creates a ResourceGroup called `WebApp` and then instaciates it with
 the default nginx container image.
 
-### Create ResourceGroup called App
+### Create ResourceGroup called WebApp
 
 Apply the RG to your cluster:
 
@@ -14,14 +14,14 @@ kubectl apply -f rg.yaml
 Validate the RG status is Active:
 
 ```
-kubectl get rg app.kro.run
+kubectl get rg webapp.kro.run
 ```
 
 Expected result:
 
 ```
-NAME          APIVERSION   KIND   STATE    AGE
-app.kro.run   v1alpha1     App    Active    6m
+NAME             APIVERSION   KIND     STATE    AGE
+webapp.kro.run   v1alpha1     WebApp   Active   2m13s
 ```
 
 ### Create an Instance of kind App
@@ -35,7 +35,7 @@ kubectl apply -f instance.yaml
 Validate instance status:
 
 ```
-kubectl get apps test-app
+kubectl get webapps test-app
 ```
 
 Expected result:
@@ -79,11 +79,11 @@ Thank you for using nginx.
 Remove the instance:
 
 ```
-kubectl delete apps test-app
+kubectl delete webapps test-app
 ```
 
 Remove the resourcegroup:
 
 ```
-kubectl delete rg app.kro.run
+kubectl delete rg webapp.kro.run
 ```

examples/application/instance.yaml → examples/webapp/instance.yaml

@@ -1,10 +1,10 @@
 apiVersion: kro.run/v1alpha1
-kind: App
+kind: WebApp
 metadata:
   name: test-app
 spec:
   name: test-app
   port: 80 # nginx default port is 80
   ingress:
     enabled: true
-  service: {}
+  service: {} # this is needed

examples/application/rg.yaml → examples/webapp/rg.yaml

@@ -1,26 +1,27 @@
 apiVersion: kro.run/v1alpha1
 kind: ResourceGroup
 metadata:
-  name: app.kro.run
+  name: webapp.kro.run
 spec:
   schema:
     apiVersion: v1alpha1
-    kind: App
+    kind: WebApp
     spec:
       name: string
       namespace: string | default=default
-      region: string | default=us-west-2
       image: string | default=nginx
       port: integer | default=8080
       replicas: integer | default=1
       service:
         enabled: boolean | default=true
       ingress:
         enabled: boolean | default=false
-      s3bucket: string | default=""
+      serviceAccount: string | default=default
+      s3bucketName: string | default=""
     status:
       deploymentConditions: ${deployment.status.conditions}
       availableReplicas: ${deployment.status.availableReplicas}
+      url: ${ingress.status.loadBalancer.ingress[0].hostname}
 
   resources:
   - id: deployment
@@ -46,7 +47,7 @@ spec:
               app.kubernetes.io/name: ${schema.spec.name}
               app: ${schema.spec.name}
           spec:
-            serviceAccountName: ${serviceaccount.metadata.name}
+            serviceAccountName: ${schema.spec.serviceAccount}
             containers:
             - name: s3-demo
               image: ${schema.spec.image}
@@ -62,17 +63,9 @@ spec:
                   cpu: "1"
               env:
               - name: S3_BUCKET_NAME
-                value: ${schema.spec.s3bucket}
+                value: ${schema.spec.s3bucketName}
             restartPolicy: Always
 
-  - id: serviceaccount
-    template:
-      apiVersion: v1
-      kind: ServiceAccount
-      metadata:
-        name: ${schema.spec.name}
-        namespace: ${schema.spec.namespace}
-
   - id: service
     includeWhen:
     - ${schema.spec.service.enabled}  

examples/webstack/.gitignore

@@ -0,0 +1 @@
+instance.yaml

examples/webstack/Readme.md

@@ -0,0 +1,117 @@
+# kro Nested RG example
+
+This example creates a ResourceGroup called `WebStack` comprised of
+three other RGs: `WebApp`, `S3Bucket`, and `PodIdentity`
+
+![Netsted RG Instance](../../images/architecture-diagrams/kro-WebStack.png)
+_Fugure 1: Nested RG Example_
+
+### Create ResourceGroups
+
+Change directory to `examples`:
+```
+cd examples/
+```
+Apply the RGs to your cluster:
+
+```
+kubectl apply -f podidenity/rg.yaml -f s3bucket/rg.yaml -f webapp/rg.yaml
+kubectl apply -f webstack/rg.yaml
+```
+
+Validate the RGs statuses are Active:
+
+```
+kubectl get rg
+```
+
+Expected result:
+
+```
+NAME                  APIVERSION   KIND          STATE    AGE
+podidentity.kro.run   v1alpha1     PodIdentity   Active    7m
+s3bucket.kro.run      v1alpha1     S3Bucket      Active    7m
+webapp.kro.run        v1alpha1     WebApp        Active    7m
+webstack.kro.run      v1alpha1     WebStack      Active    7m
+```
+
+### Create an Instance of kind WebStack
+Create an environment variable with uniquie name, that will be the name of your S3 Bucket.
+```
+export RESOURCES_NAME=<test-app-11223344-replace-me-with-random-string>
+```
+Validate the variable populated:
+```
+echo $RESOURCES_NAME
+```
+Expected result:
+```
+<test-app-11223344-my-random-string>
+```
+Run the following command to replace the `$RESOURCES_NAME` variable in `instance-tmpl.yaml` file and create
+a new file called instance.yaml. 
+```shell
+envsubst < "webstack/instance-tmpl.yaml" > "webstack/instance.yaml"
+```
+Apply the `webstack/instance.yaml` 
+
+```
+kubectl apply -f webstack/instance.yaml
+```
+
+Validate instance status:
+
+```
+kubectl get webstacks test-app
+```
+
+Expected result:
+
+```
+NAME       STATE    SYNCED   AGE
+test-app   ACTIVE   True     16m
+```
+
+### Validate the app is working
+
+Get the URL:
+
+```
+echo "http://$(kubectl get webstack test-app -o jsonpath='{.status.url}')"
+```
+
+Either navigate in the browser at `/health` or curl it:
+
+```
+curl -s http://$(kubectl get webstack test-app -o jsonpath='{.status.url}')/health
+```
+
+Expected result:
+
+```
+{
+  "message": "Application is running and can connect to S3",
+  "status": "healthy"
+}
+```
+
+### Troubleshoot
+If you get the folling error:
+```
+Error connecting to S3:...
+```
+Try restarting the pod.
+
+### Clean up
+
+Remove the instance:
+
+```
+kubectl delete webstacks test-app
+```
+
+Remove the ResourceGroups:
+
+```
+kubectl delete rg webstack.kro.run webapp.kro.run s3bucket.kro.run podidentity.kro.run
+```