diff --git a/examples/pulumi/aws eks cluster/index.ts b/examples/pulumi/aws eks cluster/index.ts deleted file mode 100644 index 2a6c9ea..0000000 --- a/examples/pulumi/aws eks cluster/index.ts +++ /dev/null @@ -1,299 +0,0 @@ -/** - * Follows https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html. - * Multiple methods of creating EKS clusters at some point try to create 2 - * CloudFormation stacks. - * The fock, AWS? (╯°Д°)╯︵/(.□ . \) - * - * Minimum resource requirements - * ----------------------------------------------------------------------------- - * - IAM service roles: - * - 1 to manage the cluster, with 'AmazonEKSClusterPolicy' policy - * - 1 to manage EC2 worker nodes (if using them), with policies - * - 'AmazonEKS_CNI_Policy' - * - 'AmazonEKSWorkerNodePolicy' - * - 'AmazonEC2ContainerRegistryReadOnly' - * - 'AmazonSSMManagedInstanceCore' (optional, for troubleshooting) - * - 1 to manage fargate resources (if using them), with - * 'AmazonEKSFargatePodExecutionRolePolicy' policy - * - The control plane - * - 1 executor for pods (EC2, managed EC2 or Fargate) - * - 1 access entry with assigned EKS access policy (if using APIs for - * authentication) - **/ - -import * as pulumi from "@pulumi/pulumi"; -import * as aws from "@pulumi/aws"; - -const callerIdentity = aws.getCallerIdentity({}); -const subnetIds = [ - "subnet-0123456789abcdef0", // private, eu-west-1a - "subnet-123456789abcdef01", // private, eu-west-1b -]; - - -/** - * Custom Cluster Service Role - * ----------------------------------------------------------------------------- - * Required to use other AWS resources (the KMS key for encryption). - * Intended to be only used by this cluster. - * Creation took 1s on average. - * Deletion took 1s on average. - **/ - -const cluster_assumeRole_policy = JSON.stringify({ - Version: "2012-10-17", - Statement: [{ - Effect: "Allow", - Action: "sts:AssumeRole", - Principal: { - Service: "eks.amazonaws.com", - }, - }], -}); - -const cluster_serviceRole_role = new aws.iam.Role("cluster-serviceRole-role", { - description: "Allows EKS to manage clusters on behalf of the user.", - tags: { - Description: "EKS cluster service role", - EksComponent: "Cluster service role", - RoleType: "ServiceRole", - }, - - assumeRolePolicy: cluster_assumeRole_policy, -}); - -const cluster_serviceRole_rolePolicyAttachment = new aws.iam.RolePolicyAttachment("cluster-serviceRole-rolePolicyAttachment", { - role: cluster_serviceRole_role.name, - policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", -}); - - -/** - * Cluster. - * Better defined as the control plane and its dedicated nodes. - * ----------------------------------------------------------------------------- - * Gotchas: - * - 'vpcConfig.clusterSecurityGroupId' cannot be customized. - * Should one try and set it, one will get the following error message: - * 'error: aws:eks/cluster:Cluster resource 'cluster' has a problem: Value for - * unconfigurable attribute. Can't configure a value for - * "vpc_config.0.cluster_security_group_id": its value will be decided - * automatically based on the result of applying this configuration.' - * Creation took 426s on average (382, 402, 454, 423, 371, 523, 422). - * Deletion took 167s on average (70, 125, 149, 167, 320, 167). - **/ - -const k8s_version = "1.29" // https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html - -const cluster = new aws.eks.Cluster("cluster", { - tags: { - Description: "Test EKS cluster", - EksComponent: "Control Plane and associated nodes", - }, - - vpcConfig: { - subnetIds: subnetIds, - endpointPrivateAccess: true, - }, - version: k8s_version, - roleArn: cluster_serviceRole_role.arn, - accessConfig: { - authenticationMode: "API", - }, - enabledClusterLogTypes: [ - // https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html - // "api", - // "audit", - // "authenticator", - // "controllerManager", - // "scheduler", - ], -}); - - -/** - * Access management. - * ------------------ - * Refer to https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html. - * Creation took 1s on average. - * Deletion took 1s on average. - **/ - -const cluster_admin_accessEntry = new aws.eks.AccessEntry("cluster-admin-accessEntry", { - clusterName: cluster.name, - - principalArn: callerIdentity.then(callerIdentity => callerIdentity.arn), // only users or roles, no groups - kubernetesGroups: [ - // No 'system:…', 'amazon:…', 'aws:…', 'eks:…' nor 'iam:…'. - // See reference page. - ], -}); - -const cluster_admin_accessPolicyAssociation = new aws.eks.AccessPolicyAssociation("cluster-admin-accessPolicyAssociation", { - clusterName: cluster.name, - policyArn: "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy", - principalArn: callerIdentity.then(callerIdentity => callerIdentity.arn), - accessScope: { - type: "cluster", - }, -}); - - -/** - * Custom EC2 Worker Node Service Role - * ----------------------------------------------------------------------------- - * Required to use EC2 instances as worker nodes. - * Intended to be only used by this cluster. - * Creation took 1s on average. - * Deletion took 1s on average. - **/ - -const node_assumeRole_policy = JSON.stringify({ - Version: "2012-10-17", - Statement: [{ - Effect: "Allow", - Action: "sts:AssumeRole", - Principal: { - Service: "ec2.amazonaws.com", - }, - }], -}); - -const node_service_role = new aws.iam.Role("node-service-role", { - description: "Allows EKS to manage EC2 instances on behalf of the user.", - tags: { - Description: "EC2 node service role", - EksComponent: "EC2 node service role", - RoleType: "ServiceRole", - }, - - assumeRolePolicy: node_assumeRole_policy, -}); - -const node_service_rolePolicyAttachment_cni = new aws.iam.RolePolicyAttachment("node-service-rolePolicyAttachment-cni", { - role: node_service_role.name, - policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", -}); -const node_service_rolePolicyAttachment_ecr = new aws.iam.RolePolicyAttachment("node-service-rolePolicyAttachment-ecr", { - role: node_service_role.name, - policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", -}); -const node_service_rolePolicyAttachment_workerNode = new aws.iam.RolePolicyAttachment("node-service-rolePolicyAttachment-workerNode", { - role: node_service_role.name, - policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", -}); - -// SSM and troubleshooting -const node_service_rolePolicyAttachment_ssm = new aws.iam.RolePolicyAttachment("node-service-rolePolicyAttachment-ssm", { - role: node_service_role.name, - policyArn: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", -}); - - -/** - * EC2 worker nodes - * ----------------------------------------------------------------------------- - * Creation took 102s on average (86, 117) with dedicated (non-SPOT) instances. - * Deletion took 286s on average (153, 136, 136, 136, 502, 502, 431). - **/ - -const nodeGroup = new aws.eks.NodeGroup("nodeGroup", { - clusterName: cluster.name, - tags: { - Description: "EC2 node group", - EksComponent: "EC2 node group", - }, - - nodeRoleArn: node_service_role.arn, - subnetIds: cluster.vpcConfig.subnetIds, - capacityType: "SPOT", - instanceTypes: [ - // https://docs.aws.amazon.com/eks/latest/userguide/choosing-instance-type.html - // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#AvailableInstanceTypes - "t3a.medium", - "t3.medium", - ], - scalingConfig: { - minSize: 1, - maxSize: 3, - desiredSize: 2, - }, - updateConfig: { - // either the number OR the percentage - // maxUnavailable: 1, - maxUnavailablePercentage: 50, - }, -}); - - -/** - * Custom Fargate Service Role - * ----------------------------------------------------------------------------- - * Required to use Fargate as worker node. - * Intended to be only used by this cluster. - * Creation took 1s on average. - * Deletion took 1s on average. - **/ -const regionOutput = aws.getRegionOutput({}); -const sourceArnOutput = pulumi.all([ - callerIdentity.then(callerIdentity => callerIdentity.accountId), - cluster.name, - regionOutput.apply(region => region.id), -]).apply(([ - accountId, - clusterName, - regionId, -]) => `arn:aws:eks:${regionId}:${accountId}:fargateprofile/${clusterName}/*`); - -const fargate_serviceRole_role = new aws.iam.Role("fargate-service-role", { - description: "Allows EKS to manage fargate pods on behalf of the user.", - tags: { - Description: "EC2 fargate service role", - EksComponent: "EC2 fargate service role", - RoleType: "ServiceRole", - }, - - assumeRolePolicy: sourceArnOutput.apply(sourceArn => JSON.stringify({ - Version: "2012-10-17", - Statement: [{ - Effect: "Allow", - Action: "sts:AssumeRole", - Principal: { - Service: "eks-fargate-pods.amazonaws.com", - }, - Condition: { - ArnLike: { - "aws:SourceArn": sourceArn, - } - }, - }], - })), -}); - -const fargate_serviceRole_rolePolicyAttachment = new aws.iam.RolePolicyAttachment("fargate-serviceRole-rolePolicyAttachment", { - role: fargate_serviceRole_role.name, - policyArn: "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy", -}); - - -/** - * Fargate profile - * ----------------------------------------------------------------------------- - * Creation took 98s on average (93, 76, 123). - * Deletion took 105s on average (82, 95, 146, 95). - **/ - -const fargateProfile = new aws.eks.FargateProfile("fargateProfile", { - clusterName: cluster.name, - tags: { - Description: "Fargate profile", - EksComponent: "Fargate profile", - }, - - podExecutionRoleArn: fargate_serviceRole_role.arn, - subnetIds: cluster.vpcConfig.subnetIds, - selectors: [ - { namespace: "default" }, - { namespace: "kube-system" }, - ], -}); diff --git a/examples/pulumi/aws/eks cluster/.env.fish b/examples/pulumi/aws/eks cluster/.env.fish new file mode 100644 index 0000000..20e80dc --- /dev/null +++ b/examples/pulumi/aws/eks cluster/.env.fish @@ -0,0 +1,2 @@ +set -x PULUMI_BACKEND_URL 'file://.' +set -x PULUMI_CONFIG_PASSPHRASE 'test123' diff --git a/examples/pulumi/aws eks cluster/.gitignore b/examples/pulumi/aws/eks cluster/.gitignore similarity index 100% rename from examples/pulumi/aws eks cluster/.gitignore rename to examples/pulumi/aws/eks cluster/.gitignore diff --git a/examples/pulumi/aws eks cluster/Pulumi.any.yaml b/examples/pulumi/aws/eks cluster/Pulumi.any.yaml similarity index 73% rename from examples/pulumi/aws eks cluster/Pulumi.any.yaml rename to examples/pulumi/aws/eks cluster/Pulumi.any.yaml index e36ad03..73b7e58 100644 --- a/examples/pulumi/aws eks cluster/Pulumi.any.yaml +++ b/examples/pulumi/aws/eks cluster/Pulumi.any.yaml @@ -1,7 +1,8 @@ encryptionsalt: v1:iA3XmpOvico=:v1:XCz1yi4Ve/38v0D/:9v7XaYgqAGnZ4FJqGIaNT9uaFFec5Q== config: + aws:region: eu-west-1 aws:defaultTags: tags: - ManagedBy: pulumi + ManagedByPulumi: true + Owner: "somebody@example.com" PulumiProject: eks-cluster - aws:region: eu-west-1 diff --git a/examples/pulumi/aws eks cluster/Pulumi.yaml b/examples/pulumi/aws/eks cluster/Pulumi.yaml similarity index 100% rename from examples/pulumi/aws eks cluster/Pulumi.yaml rename to examples/pulumi/aws/eks cluster/Pulumi.yaml diff --git a/examples/pulumi/aws/eks cluster/index.ts b/examples/pulumi/aws/eks cluster/index.ts new file mode 100644 index 0000000..009094b --- /dev/null +++ b/examples/pulumi/aws/eks cluster/index.ts @@ -0,0 +1,341 @@ +/** + * Follows https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html. + * Multiple methods of creating EKS clusters at some point try to create 2 + * CloudFormation stacks. + * The fock, AWS? (╯°Д°)╯︵/(.□ . \) + * + * Minimum resource requirements + * ----------------------------------------------------------------------------- + * - IAM service roles: + * - 1 to manage the cluster, with 'AmazonEKSClusterPolicy' policy + * - 1 to manage EC2 worker nodes (if using them), with policies + * - 'AmazonEKS_CNI_Policy' + * - 'AmazonEKSWorkerNodePolicy' + * - 'AmazonEC2ContainerRegistryReadOnly' + * - 'AmazonSSMManagedInstanceCore' (optional, for troubleshooting) + * - 1 to manage fargate resources (if using them), with + * 'AmazonEKSFargatePodExecutionRolePolicy' policy + * - The control plane + * - 1 executor for pods (EC2, managed EC2 or Fargate) + * - 1 access entry with assigned EKS access policy (if using APIs for + * authentication) + **/ + +import * as pulumi from "@pulumi/pulumi"; +import * as aws from "@pulumi/aws"; + +const callerIdentity = aws.getCallerIdentity({}); +const subnetIds = [ + "subnet-0123456789abcdef0", // private, eu-west-1a + "subnet-123456789abcdef01", // private, eu-west-1b +]; + + +/** + * Custom Cluster Service Role + * ----------------------------------------------------------------------------- + * Required to use other AWS resources (the KMS key for encryption). + * Intended to be only used by this cluster. + * Creation took 1s on average. + * Deletion took 1s on average. + **/ + +const cluster_assumeRole_policy = JSON.stringify({ + Version: "2012-10-17", + Statement: [{ + Effect: "Allow", + Action: "sts:AssumeRole", + Principal: { + Service: "eks.amazonaws.com", + }, + }], +}); + +const cluster_serviceRole_role = new aws.iam.Role( + "cluster-serviceRole-role", + { + description: "Allows EKS to manage clusters on behalf of the user.", + tags: { + Description: "EKS cluster service role", + EksComponent: "Cluster service role", + RoleType: "ServiceRole", + }, + + assumeRolePolicy: cluster_assumeRole_policy, + }, +); + +new aws.iam.RolePolicyAttachment( + "cluster-serviceRole-rolePolicyAttachment", + { + role: cluster_serviceRole_role.name, + policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", + }, +); + + +/** + * Cluster. + * Better defined as the control plane and its dedicated nodes. + * ----------------------------------------------------------------------------- + * Gotchas: + * - 'vpcConfig.clusterSecurityGroupId' cannot be customized. + * Should one try and set it, one will get the following error message: + * 'error: aws:eks/cluster:Cluster resource 'cluster' has a problem: Value for + * unconfigurable attribute. Can't configure a value for + * "vpc_config.0.cluster_security_group_id": its value will be decided + * automatically based on the result of applying this configuration.' + * Creation took 426s on average (382, 402, 454, 423, 371, 523, 422). + * Deletion took 167s on average (70, 125, 149, 167, 320, 167). + **/ + +const k8s_version = "1.30" // https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html + +const cluster = new aws.eks.Cluster( + "cluster", + { + tags: { + Description: "Test EKS cluster", + EksComponent: "Control Plane and associated nodes", + }, + + vpcConfig: { + subnetIds: subnetIds, + endpointPrivateAccess: true, + }, + version: k8s_version, + roleArn: cluster_serviceRole_role.arn, + accessConfig: { + authenticationMode: "API", + }, + enabledClusterLogTypes: [ + // https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html + // "api", + // "audit", + // "authenticator", + // "controllerManager", + // "scheduler", + ], + }, +); + + +/** + * Access management. + * ------------------ + * Refer to https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html. + * Creation took 1s on average. + * Deletion took 1s on average. + **/ + +new aws.eks.AccessEntry( + "cluster-admin-accessEntry", + { + clusterName: cluster.name, + + principalArn: callerIdentity.then(callerIdentity => callerIdentity.arn), // only users or roles, no groups + kubernetesGroups: [ + // No 'system:…', 'amazon:…', 'aws:…', 'eks:…' nor 'iam:…'. + // See reference page. + ], + }, +); + +new aws.eks.AccessPolicyAssociation( + "cluster-admin-accessPolicyAssociation", + { + clusterName: cluster.name, + policyArn: "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy", + principalArn: callerIdentity.then(callerIdentity => callerIdentity.arn), + accessScope: { + type: "cluster", + }, + }, +); + + +/** + * Custom EC2 Worker Node Service Role + * ----------------------------------------------------------------------------- + * Required to use EC2 instances as worker nodes. + * Intended to be only used by this cluster. + * Creation took 1s on average. + * Deletion took 1s on average. + **/ + +const node_assumeRole_policy = JSON.stringify({ + Version: "2012-10-17", + Statement: [{ + Effect: "Allow", + Action: "sts:AssumeRole", + Principal: { + Service: "ec2.amazonaws.com", + }, + }], +}); + +const node_service_role = new aws.iam.Role( + "node-service-role", + { + description: "Allows EKS to manage EC2 instances on behalf of the user.", + tags: { + Description: "EC2 node service role", + EksComponent: "EC2 node service role", + RoleType: "ServiceRole", + }, + + assumeRolePolicy: node_assumeRole_policy, + }, +); + +new aws.iam.RolePolicyAttachment( + "node-service-rolePolicyAttachment-cni", + { + role: node_service_role.name, + policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", + }, +); +new aws.iam.RolePolicyAttachment( + "node-service-rolePolicyAttachment-ecr", + { + role: node_service_role.name, + policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", + }, +); +new aws.iam.RolePolicyAttachment( + "node-service-rolePolicyAttachment-workerNode", + { + role: node_service_role.name, + policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", + }, +); + +// SSM and troubleshooting +new aws.iam.RolePolicyAttachment( + "node-service-rolePolicyAttachment-ssm", + { + role: node_service_role.name, + policyArn: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", + }, +); + + +/** + * EC2 worker nodes + * ----------------------------------------------------------------------------- + * Creation took 102s on average (86, 117) with dedicated (non-SPOT) instances. + * Deletion took 286s on average (153, 136, 136, 136, 502, 502, 431). + **/ + +new aws.eks.NodeGroup( + "nodeGroup", + { + clusterName: cluster.name, + tags: { + Description: "EC2 node group", + EksComponent: "EC2 node group", + }, + + nodeRoleArn: node_service_role.arn, + subnetIds: cluster.vpcConfig.subnetIds, + capacityType: "SPOT", + instanceTypes: [ + // https://docs.aws.amazon.com/eks/latest/userguide/choosing-instance-type.html + // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#AvailableInstanceTypes + "t3a.medium", + "t3.medium", + ], + scalingConfig: { + minSize: 1, + maxSize: 3, + desiredSize: 2, + }, + updateConfig: { + // either the number OR the percentage + // maxUnavailable: 1, + maxUnavailablePercentage: 50, + }, + }, +); + + +/** + * Custom Fargate Service Role + * ----------------------------------------------------------------------------- + * Required to use Fargate as worker node. + * Intended to be only used by this cluster. + * Creation took 1s on average. + * Deletion took 1s on average. + **/ +const regionOutput = aws.getRegionOutput({}); +const sourceArnOutput = pulumi.all([ + callerIdentity.then(callerIdentity => callerIdentity.accountId), + cluster.name, + regionOutput.apply(region => region.id), +]).apply(([ + accountId, + clusterName, + regionId, +]) => `arn:aws:eks:${regionId}:${accountId}:fargateprofile/${clusterName}/*`); + +const fargate_serviceRole_role = new aws.iam.Role( + "fargate-service-role", + { + description: "Allows EKS to manage fargate pods on behalf of the user.", + tags: { + Description: "EC2 fargate service role", + EksComponent: "EC2 fargate service role", + RoleType: "ServiceRole", + }, + + assumeRolePolicy: sourceArnOutput.apply(sourceArn => JSON.stringify({ + Version: "2012-10-17", + Statement: [{ + Effect: "Allow", + Action: "sts:AssumeRole", + Principal: { + Service: "eks-fargate-pods.amazonaws.com", + }, + Condition: { + ArnLike: { + "aws:SourceArn": sourceArn, + }, + }, + }], + })), + }, +); + +new aws.iam.RolePolicyAttachment( + "fargate-serviceRole-rolePolicyAttachment", + { + role: fargate_serviceRole_role.name, + policyArn: "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy", + }, +); + + +/** + * Fargate profile + * ----------------------------------------------------------------------------- + * Creation took 98s on average (93, 76, 123). + * Deletion took 105s on average (82, 95, 146, 95). + **/ + +new aws.eks.FargateProfile( + "fargateProfile", + { + clusterName: cluster.name, + tags: { + Description: "Fargate profile", + EksComponent: "Fargate profile", + }, + + podExecutionRoleArn: fargate_serviceRole_role.arn, + subnetIds: cluster.vpcConfig.subnetIds, + selectors: [ + { namespace: "default" }, + { namespace: "kube-system" }, + ], + }, +); diff --git a/examples/pulumi/aws eks cluster/package.json b/examples/pulumi/aws/eks cluster/package.json similarity index 60% rename from examples/pulumi/aws eks cluster/package.json rename to examples/pulumi/aws/eks cluster/package.json index 3d7a496..4c46032 100644 --- a/examples/pulumi/aws eks cluster/package.json +++ b/examples/pulumi/aws/eks cluster/package.json @@ -2,11 +2,11 @@ "name": "aws-eks-cluster", "main": "index.ts", "devDependencies": { - "@types/node": "^18" + "@types/node": "^18", + "typescript": "^5.0.0" }, "dependencies": { - "@pulumi/pulumi": "^3.0.0", "@pulumi/aws": "^6.0.0", - "@pulumi/awsx": "^2.0.2" + "@pulumi/pulumi": "^3.0.0" } -} +} \ No newline at end of file diff --git a/examples/pulumi/aws eks cluster/tsconfig.json b/examples/pulumi/aws/eks cluster/tsconfig.json similarity index 100% rename from examples/pulumi/aws eks cluster/tsconfig.json rename to examples/pulumi/aws/eks cluster/tsconfig.json diff --git a/examples/pulumi/aws/gitlab omnibus on ec2 instance/.env.fish b/examples/pulumi/aws/gitlab omnibus on ec2 instance/.env.fish new file mode 100644 index 0000000..20e80dc --- /dev/null +++ b/examples/pulumi/aws/gitlab omnibus on ec2 instance/.env.fish @@ -0,0 +1,2 @@ +set -x PULUMI_BACKEND_URL 'file://.' +set -x PULUMI_CONFIG_PASSPHRASE 'test123' diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/.gitignore b/examples/pulumi/aws/gitlab omnibus on ec2 instance/.gitignore similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/.gitignore rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/.gitignore diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/Makefile b/examples/pulumi/aws/gitlab omnibus on ec2 instance/Makefile similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/Makefile rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/Makefile diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/Pulumi.dev.yaml b/examples/pulumi/aws/gitlab omnibus on ec2 instance/Pulumi.any.yaml similarity index 78% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/Pulumi.dev.yaml rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/Pulumi.any.yaml index 187bb5f..de2ed1a 100644 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/Pulumi.dev.yaml +++ b/examples/pulumi/aws/gitlab omnibus on ec2 instance/Pulumi.any.yaml @@ -3,5 +3,6 @@ config: acme:serverUrl: https://acme-v02.api.letsencrypt.org/directory aws:defaultTags: tags: - ManagedBy: Pulumi + ManagedByPulumi: true + Owner: "somebody@example.com" PulumiProject: gitlab-omnibus-on-aws-ec2 diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/Pulumi.yaml b/examples/pulumi/aws/gitlab omnibus on ec2 instance/Pulumi.yaml similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/Pulumi.yaml rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/Pulumi.yaml diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-playbook.yml b/examples/pulumi/aws/gitlab omnibus on ec2 instance/ansible-playbook.yml similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/ansible-playbook.yml rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/ansible-playbook.yml diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/aws_ec2.yml b/examples/pulumi/aws/gitlab omnibus on ec2 instance/aws_ec2.yml similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/aws_ec2.yml rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/aws_ec2.yml diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/index.ts b/examples/pulumi/aws/gitlab omnibus on ec2 instance/index.ts similarity index 90% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/index.ts rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/index.ts index a664830..3342e8b 100644 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/index.ts +++ b/examples/pulumi/aws/gitlab omnibus on ec2 instance/index.ts @@ -15,14 +15,17 @@ import * as time from "@pulumiverse/time"; const ami = aws.ec2.getAmiOutput({ owners: [ "amazon" ], - nameRegex: "^al2023-ami-minimal-*", - filters: [{ - name: "architecture", - values: [ - "arm64", - "x86_64", - ], - }], + nameRegex: "^al2023-ami-2023.*", + filters: [ + { + name: "architecture", + values: [ "arm64" ], + }, + { + name: "state", + values: [ "available" ], + }, + ], mostRecent: true, }); @@ -33,7 +36,7 @@ const role = aws.iam.getRoleOutput({ const subnet = aws.ec2.getSubnetOutput({ filters: [{ name: "tag:Name", - values: [ "eu-east-2a-private" ] + values: [ "Private A" ] }], }); @@ -82,11 +85,6 @@ const userData = new cloudinit.Config( gzip: true, base64Encode: true, parts: [ - { - contentType: "text/cloud-config", - content: fs.readFileSync("../../cloud-init/aws.ssm.yaml", "utf8"), - filename: "cloud-config.ssm.yml", - }, { contentType: "text/cloud-config", content: pulumi.all([ @@ -175,4 +173,4 @@ new command.local.Command( }, ); -/* Instance - end */ \ No newline at end of file +/* Instance - end */ diff --git a/examples/pulumi/aws/gitlab omnibus on ec2 instance/package.json b/examples/pulumi/aws/gitlab omnibus on ec2 instance/package.json new file mode 100644 index 0000000..4435a0a --- /dev/null +++ b/examples/pulumi/aws/gitlab omnibus on ec2 instance/package.json @@ -0,0 +1,19 @@ +{ + "name": "gitlab-omnibus-on-aws-ec2", + "main": "index.ts", + "devDependencies": { + "@types/node": "^18", + "typescript": "^5.0.0" + }, + "dependencies": { + "@pulumi/aws": "^6.0.0", + "@pulumi/cloudinit": "^1.0.0", + "@pulumi/command": "^0.10.0", + "@pulumi/pulumi": "^3.0.0", + "@pulumi/tls": "^5.0.0", + "@pulumiverse/acme": "^0.0.1", + "@pulumiverse/time": "^0.0.17", + "typescript": "^5.0.0", + "yaml": "^2.0.0" + } +} \ No newline at end of file diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/requirements.txt b/examples/pulumi/aws/gitlab omnibus on ec2 instance/requirements.txt similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/requirements.txt rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/requirements.txt diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/tsconfig.json b/examples/pulumi/aws/gitlab omnibus on ec2 instance/tsconfig.json similarity index 100% rename from examples/pulumi/gitlab-omnibus-on-aws-ec2/tsconfig.json rename to examples/pulumi/aws/gitlab omnibus on ec2 instance/tsconfig.json diff --git a/examples/pulumi/aws eks cluster/.env b/examples/pulumi/certificate from letsencrypt with dns01 challenge/.env similarity index 100% rename from examples/pulumi/aws eks cluster/.env rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/.env diff --git a/examples/pulumi/aws eks cluster/.env.fish b/examples/pulumi/certificate from letsencrypt with dns01 challenge/.env.fish similarity index 100% rename from examples/pulumi/aws eks cluster/.env.fish rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/.env.fish diff --git a/examples/pulumi/letsencrypt-certificate.dns01/.gitignore b/examples/pulumi/certificate from letsencrypt with dns01 challenge/.gitignore similarity index 100% rename from examples/pulumi/letsencrypt-certificate.dns01/.gitignore rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/.gitignore diff --git a/examples/pulumi/letsencrypt-certificate.dns01/Pulumi.any.yaml b/examples/pulumi/certificate from letsencrypt with dns01 challenge/Pulumi.any.yaml similarity index 100% rename from examples/pulumi/letsencrypt-certificate.dns01/Pulumi.any.yaml rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/Pulumi.any.yaml diff --git a/examples/pulumi/letsencrypt-certificate.dns01/Pulumi.yaml b/examples/pulumi/certificate from letsencrypt with dns01 challenge/Pulumi.yaml similarity index 100% rename from examples/pulumi/letsencrypt-certificate.dns01/Pulumi.yaml rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/Pulumi.yaml diff --git a/examples/pulumi/letsencrypt-certificate.dns01/index.ts b/examples/pulumi/certificate from letsencrypt with dns01 challenge/index.ts similarity index 100% rename from examples/pulumi/letsencrypt-certificate.dns01/index.ts rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/index.ts diff --git a/examples/pulumi/letsencrypt-certificate.dns01/package-lock.json b/examples/pulumi/certificate from letsencrypt with dns01 challenge/package-lock.json similarity index 100% rename from examples/pulumi/letsencrypt-certificate.dns01/package-lock.json rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/package-lock.json diff --git a/examples/pulumi/letsencrypt-certificate.dns01/package.json b/examples/pulumi/certificate from letsencrypt with dns01 challenge/package.json similarity index 100% rename from examples/pulumi/letsencrypt-certificate.dns01/package.json rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/package.json diff --git a/examples/pulumi/letsencrypt-certificate.dns01/tsconfig.json b/examples/pulumi/certificate from letsencrypt with dns01 challenge/tsconfig.json similarity index 100% rename from examples/pulumi/letsencrypt-certificate.dns01/tsconfig.json rename to examples/pulumi/certificate from letsencrypt with dns01 challenge/tsconfig.json diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env b/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env deleted file mode 100644 index aeac765..0000000 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env +++ /dev/null @@ -1 +0,0 @@ -export PULUMI_CONFIG_PASSPHRASE=test123 diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env.fish b/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env.fish deleted file mode 100644 index 4b6b65a..0000000 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/.env.fish +++ /dev/null @@ -1 +0,0 @@ -set -x 'PULUMI_CONFIG_PASSPHRASE' 'test123' diff --git a/examples/pulumi/gitlab-omnibus-on-aws-ec2/package.json b/examples/pulumi/gitlab-omnibus-on-aws-ec2/package.json deleted file mode 100644 index 08a84d0..0000000 --- a/examples/pulumi/gitlab-omnibus-on-aws-ec2/package.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "gitlab-omnibus-on-aws-ec2", - "main": "index.ts", - "devDependencies": { - "@types/node": "^18" - }, - "dependencies": { - "@pulumi/aws": "^6.32.0", - "@pulumi/cloudinit": "^1.4.1", - "@pulumi/command": "^0.10.0", - "@pulumi/pulumi": "^3.114.0", - "@pulumi/tls": "^5.0.2", - "@pulumiverse/acme": "^0.0.1", - "@pulumiverse/time": "^0.0.17", - "typescript": "^5.4.5", - "yaml": "^2.4.2" - } -} \ No newline at end of file diff --git a/examples/pulumi/letsencrypt-certificate.dns01/.env b/examples/pulumi/letsencrypt-certificate.dns01/.env deleted file mode 100644 index aeac765..0000000 --- a/examples/pulumi/letsencrypt-certificate.dns01/.env +++ /dev/null @@ -1 +0,0 @@ -export PULUMI_CONFIG_PASSPHRASE=test123 diff --git a/examples/pulumi/letsencrypt-certificate.dns01/.env.fish b/examples/pulumi/letsencrypt-certificate.dns01/.env.fish deleted file mode 100644 index 4b6b65a..0000000 --- a/examples/pulumi/letsencrypt-certificate.dns01/.env.fish +++ /dev/null @@ -1 +0,0 @@ -set -x 'PULUMI_CONFIG_PASSPHRASE' 'test123'