Skip to content

Improved version of CNOE AWS Reference Implementation #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 247 commits into from
Jul 25, 2025
Merged

Improved version of CNOE AWS Reference Implementation #52

merged 247 commits into from
Jul 25, 2025

Conversation

@punkwalker
Copy link
Contributor

@punkwalker punkwalker commented Jun 30, 2025

WIP: Improved version of CNOE AWS Reference Implementation

  • New directory structure
  • Leverages ArgoCD Application Sets
  • Deploy the IDP to a remote EKS cluster from a kind cluster (ie. idpbuilder)

Fixes: #49

punkwalker added 30 commits June 3, 2025 17:17
@punkwalker
wip
d9791b2 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
wip
401b45e 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add external-dns addon
1dda815 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add cert-manager and argocd ingress
48a0e73 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
disable redis for argocd
74af5b7 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
enable redis for argocd
ce0fb32 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add letsencrypt ClusterIssuer for cert-manager
5e4d49b 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
specify ingress specific values for argocd
12d47d4 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add keycloak addon
7818dbe 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
refactor hub addons from Apps to AppSet
ce22be5 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
move github token externalsecret to argocd manifests
2a61636 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
match ServerSideApply on github-token external secret
0303b01 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
match argocd and external secret to AppSets
2e29ed2 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add keycloak addon
63fcf4c 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
update ExternalSecrets to avoid Diffs
a5e42cd 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add keycloak config job to create users
f64bd3e 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add argocd keycloak sso config job
14ed10e 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add backstage addon
884d6cb 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix dataFromn extraction of backstage postres password
6a0fe7d 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix dataFromn extraction of backstage postres password
37b0adf 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix dataFromn extraction of backstage postres password
e472ed5 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage postgres sts
9d75d97 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage app config
6a9245c 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage env vars secret
12cc78c 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage db config
0d230d6 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage argo workflow URL
d05a342 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage rback template
5f9661c 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add backstage ingress
c23141a 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add backstage ingress
5604b73 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
update uninstall.sh
41f754f 
Signed-off-by: Pankaj Walke <[email protected]>
@csantanapr
Copy link
Contributor

csantanapr commented Jul 21, 2025

Runnig the setup here https://github.com/cnoe-punkwalker/reference-implementation-aws/tree/ref-impl-v2/cluster/eksctl#create-crossplane-permissions-boundary-policy

I get the following error in macos

TEMPFILE=$(mktemp)
cat $REPO_ROOT/cluster/iam-policies/crossplane-permissions-boundry.json | envsubst > "$TEMPFILE"

# Create the permissions boundary policy
cat $REPO_ROOT/cluster/iam-policies/crossplane-permissions-boundry.json | envsubst | \                                           
aws iam create-policy \
  --policy-name crossplane-permissions-boundary \
  --policy-document file:///"$TEMPFILE"

# Capture the policy ARN
export CROSSPLANE_BOUNDARY_POLICY_ARN=$(aws iam get-policy \
  --policy-arn arn:aws:iam::${AWS_ACCOUNT_ID}:policy/crossplane-permissions-boundary \
  --query 'Policy.Arn' --output text)

zsh: no such file or directory: /opt/homebrew/Cellar/gettext/0.22.5/bin/envsubst
zsh: no such file or directory: /opt/homebrew/Cellar/gettext/0.22.5/bin/envsubst
zsh: command not found:

Parameter validation failed:
Invalid length for parameter PolicyDocument, value: 0, valid min length: 1

@punkwalker
Copy link
Contributor Author

punkwalker commented Jul 21, 2025

Runnig the setup here https://github.com/cnoe-punkwalker/reference-implementation-aws/tree/ref-impl-v2/cluster/eksctl#create-crossplane-permissions-boundary-policy

I get the following error in macos

TEMPFILE=$(mktemp)
cat $REPO_ROOT/cluster/iam-policies/crossplane-permissions-boundry.json | envsubst > "$TEMPFILE"

# Create the permissions boundary policy
cat $REPO_ROOT/cluster/iam-policies/crossplane-permissions-boundry.json | envsubst | \                                           
aws iam create-policy \
  --policy-name crossplane-permissions-boundary \
  --policy-document file:///"$TEMPFILE"

# Capture the policy ARN
export CROSSPLANE_BOUNDARY_POLICY_ARN=$(aws iam get-policy \
  --policy-arn arn:aws:iam::${AWS_ACCOUNT_ID}:policy/crossplane-permissions-boundary \
  --query 'Policy.Arn' --output text)

zsh: no such file or directory: /opt/homebrew/Cellar/gettext/0.22.5/bin/envsubst zsh: no such file or directory: /opt/homebrew/Cellar/gettext/0.22.5/bin/envsubst zsh: command not found:

Parameter validation failed: Invalid length for parameter PolicyDocument, value: 0, valid min length: 1

Looks like we have to use different approach than ensubst?

csantanapr and others added 22 commits July 21, 2025 14:54
@csantanapr
minor updates
28c8a23 
Signed-off-by: Carlos Santana <[email protected]>
@csantanapr
add helm repo update
7273cf0 
Signed-off-by: Carlos Santana <[email protected]>
@punkwalker
Merge pull request #4 from csantanapr-cnoe-demos/review-ref-impl-v2
993d15a 
Review ref impl v2
@csantanapr
Review ref impl v2 (#5)
ae77c52 
* remove set -x

Signed-off-by: Carlos Santana <[email protected]>

* config.yaml generic

* exclt uninstall command with AWS_REGION

Signed-off-by: Carlos Santana <[email protected]>

---------

Signed-off-by: Carlos Santana <[email protected]>
@punkwalker
add backstage official helm chart
e617663 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add backstage official helm chart
833cac7 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add backstage k8s-config secret
510607d 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage values file
464384d 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage values file
318fa33 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage values file
498c5a1 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix backstage values for envs
cb75f27 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
remove custom backstage-app chart
379683b 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
update main ReadMe and remove idpbuilder reference
3f8cde7 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
update idpbuilder installation doc
a16cc3f 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add installation seqeunce explaination
b6294f7 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add create-cluster-eksctl.sh
b77610c 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix grammar
229d838 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add auto mode support for terraform and add create-cluster.sh
a71de01 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
add s3 upbound provider compositions
5e96d89 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix s3 compositions
03f42bd 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
fix s3 compositions
151cecc 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker
change values in config.yaml with placeholders
c46f101 
Signed-off-by: Pankaj Walke <[email protected]>
@punkwalker punkwalker changed the title WIP: Improved version of CNOE AWS Reference Implementation Improved version of CNOE AWS Reference Implementation Jul 25, 2025
@punkwalker punkwalker self-assigned this Jul 25, 2025
@punkwalker punkwalker marked this pull request as ready for review July 25, 2025 01:08
csantanapr
csantanapr approved these changes Jul 25, 2025
View reviewed changes
Copy link
Contributor

@csantanapr csantanapr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome job @punkwalker 🎉

@csantanapr csantanapr merged commit 8bbd074 into cnoe-io:main Jul 25, 2025
1 check passed
@csantanapr
Copy link
Contributor

csantanapr commented Jul 25, 2025

Going to merge this mega PR, we can continue to do improvements via normal Issues and PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@csantanapr csantanapr csantanapr approved these changes

+2 more reviewers

@nusnewob nusnewob nusnewob left review comments

@tehlers320 tehlers320 tehlers320 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@punkwalker punkwalker

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Design Proposal: New CNOE AWS Reference Implementation

4 participants

@punkwalker @csantanapr @nusnewob @tehlers320