{"id":13646128,"url":"https://github.com/giantswarm/aws-operator","last_synced_at":"2025-03-10T06:48:31.780Z","repository":{"id":37470778,"uuid":"80619275","full_name":"giantswarm/aws-operator","owner":"giantswarm","description":"Manages Kubernetes clusters running on AWS (before Cluster API)","archived":false,"fork":false,"pushed_at":"2024-10-17T19:19:36.000Z","size":100089,"stargazers_count":131,"open_issues_count":15,"forks_count":22,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-10-29T17:14:15.642Z","etag":null,"topics":["aws","kubernetes","operator"],"latest_commit_sha":null,"homepage":"https://www.giantswarm.io/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/giantswarm.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-01T12:47:41.000Z","updated_at":"2024-10-07T12:22:44.000Z","dependencies_parsed_at":"2023-10-03T03:14:42.188Z","dependency_job_id":"687a9d3e-f7f7-4393-85a0-079174b35126","html_url":"https://github.com/giantswarm/aws-operator","commit_stats":{"total_commits":2896,"total_committers":75,"mean_commits":38.61333333333334,"dds":0.862914364640884,"last_synced_commit":"85f6fb482be470daa37c6bb363c2eb099df08cf1"},"previous_names":[],"tags_count":207,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giantswarm%2Faws-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giantswarm%2Faws-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giantswarm%2Faws-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giantswarm%2Faws-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/giantswarm","download_url":"https://codeload.github.com/giantswarm/aws-operator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241323846,"owners_count":19944074,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","kubernetes","operator"],"created_at":"2024-08-02T01:02:49.113Z","updated_at":"2025-03-01T06:11:13.233Z","avatar_url":"https://github.com/giantswarm.png","language":"Go","funding_links":[],"categories":["Repository is obsolete","Go"],"sub_categories":["Awesome Operators in the Wild"],"readme":"[![CircleCI](https://dl.circleci.com/status-badge/img/gh/giantswarm/aws-operator/tree/master.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/giantswarm/aws-operator/tree/master)\n\n# aws-operator\n\nThe aws-operator manages Kubernetes clusters running on AWS.\n\n\n\n## Branches\n\n- `thiccc`\n    - Up to and including version v5.4.0.\n    - Contains all versions of legacy controllers (reconciling AWSConfig CRs) up\n      to and including v5.4.0.\n- `legacy`\n    - From version v5.5.0 up to and including v5.x.x.\n    - Contains only the latest version of legacy controllers (reconciling\n      AWSConfig CRs).\n- `master`\n    - From version v6.0.0.\n    - Contains only the latest version of controllers (reconciling cluster API\n      objects).\n\n\n\n## Getting the Project\n\nDownload the latest release:\nhttps://github.com/giantswarm/aws-operator/releases/latest\n\nClone the git repository: https://github.com/giantswarm/aws-operator.git\n\nDownload the latest docker image from here:\nhttps://quay.io/repository/giantswarm/aws-operator\n\n\n### How to build\n\nBuild the standard way.\n\n```\ngo build github.com/giantswarm/aws-operator\n```\n\n## Architecture\n\nThe operator uses our [operatorkit][1] framework. It manages an `awsconfig`\nCRD using a generated client stored in our [apiextensions][2] repo. Releases\nare versioned using [version bundles][3].\n\nThe operator provisions guest Kubernetes clusters running on AWS. It runs in a\nhost Kubernetes cluster also running on AWS.\n\n[1]:https://github.com/giantswarm/operatorkit\n[2]:https://github.com/giantswarm/apiextensions\n[3]:https://github.com/giantswarm/versionbundle\n\n### CloudFormation\n\nThe guest Kubernetes clusters are provisioned using [AWS CloudFormation][4]. The\nresources are split between CloudFormation stacks:\n\nIn control plane account\n* tccpi - Tenant cluster control plane role setup.\n* tccpf - Tenant cluster control plane routes setup.\n* tcnpf - Tenant cluster nodepool peering.\n\nIn tenant account:\n* tccp -  Tenant cluster network setup.\n* tccpn - Tenant cluster control plane resources (masters).\n* tcnp -  Tenant cluster nodepool resources (workers).\n\n[4]:https://aws.amazon.com/cloudformation\n\n### Other AWS Resources\n\nAs well as the CloudFormation stacks we also provision a KMS key and S3 bucket\nper cluster. This is to upload cloudconfigs for the cluster nodes. The\ncloudconfigs contain TLS certificates which are encrypted using the KMS key.\n\n### Kubernetes Resources\n\nThe operator also creates a Kubernetes namespace per guest cluster with a\nservice and endpoints. These are used by the host cluster to access the guest\ncluster.\n\n### Certificates\n\nAuthentication for the cluster components and end-users uses TLS certificates.\nThese are provisioned using [Hashicorp Vault][5] and are managed by our\n[cert-operator][6].\n\n[5]:https://www.vaultproject.io/\n[6]:https://github.com/giantswarm/cert-operator\n\n## Secret\n\nHere the AWS IAM credentials have to be inserted.\n```\nservice:\n  aws:\n    accesskey:\n      id: 'TODO'\n      secret: 'TODO'\n```\n\nHere the base64 representation of the data structure above has to be inserted.\n```\napiVersion: v1\nkind: Secret\nmetadata:\n  name: aws-operator-secret\n  namespace: giantswarm\ntype: Opaque\ndata:\n  secret.yml: 'TODO'\n```\n\nTo create the secret manually do this.\n```\nkubectl create -f ./path/to/secret.yml\n```\n\nWe also need a key to hold the SSH public key\n\n```\napiVersion: v1\nkind: Secret\nmetadata:\n  name: aws-operator-ssh-key-secret\n  namespace: giantswarm\ntype: Opaque\ndata:\n  id_rsa.pub: 'TODO'\n```\n\n### Node VM Images (AMIs)\n\nThis operator holds a static mapping of versions and regions to AMI IDs (VM image IDs, region specific)\nused for tenant cluster nodes in `service/controller/key/ami.go`. The file is generated by\n`devctl` and should not be edited manually. When a new version of the OS is released and new\nimages have been published on AWS, this mapping can be updating using\n`devctl gen ami --dir service/controller/key`.\n\n## Live editing operator inside an installation\n\n- Download Okteto latest release from https://github.com/okteto/okteto/releases\n- `okteto init -n giantswarm`\n- Set correct label `app.giantswarm.io/branch: $BRANCH` in the manifest\n- Change your kubeconfig to the giantswarm namespace\n- Modify PSP of the current operator `kubectl patch psp aws-operator-$BRANCH-psp -p '{\"spec\":{\"runAsGroup\":{\"ranges\":null,\"rule\":\"RunAsAny\"},\"runAsUser\":{\"rule\":\"RunAsAny\"},\"volumes\":[\"secret\",\"configMap\",\"hostPath\",\"persistentVolumeClaim\",\"emptyDir\"]}}'`\n\n- `okteto up`\n- From this point on, you can modify files locally and will be synced to the remote pod\n\n#### In order to start the operator, you can build it and execute it inside the pod\n- `go build`\n- `aws-operator daemon --config.dirs=/var/run/aws-operator/configmap/ --config.dirs=/var/run/aws-operator/secret/ --config.files=config --config.files=secret`\n\n#### Live reload code\n- `cd /tmp \u0026\u0026 go get -u github.com/cosmtrek/air \u0026\u0026 cd /okteto`\n- `air -c air.conf`\n\n#### For live debugging in VS Code\n- Install delve debugger: `go get github.com/go-delve/delve/cmd/dlv`\n- `dlv debug --headless --listen=:2345 --log --api-version=2 -- daemon --config.dirs=/var/run/aws-operator/configmap/ --config.dirs=/var/run/aws-operator/secret/ --config.files=config --config.files=secret` or `./debug_server.sh`\n- Create debugging connection:\n```\n  {\n    \"version\": \"0.2.0\",\n    \"configurations\": [\n        {\n            \"name\": \"Connect to okteto\",\n            \"type\": \"go\",\n            \"request\": \"attach\",\n            \"mode\": \"remote\",\n            \"remotePath\": \"/okteto\",\n            \"port\": 2345,\n            \"host\": \"127.0.0.1\"\n        }\n    ]\n  }\n  ```\n- Wait until debug server is up and create some breakpoints, start the debugger :)\n- If you want to edit the code you will need to stop debugging session and stop the server\n- `okteto down -v` (-v will delete volume with go cache)\n- Revert psp with `kubectl patch psp aws-operator-$BRANCH-psp -p '{\"spec\":{\"runAsGroup\":{\"ranges\": [{\"max\":65535, \"min\":1}],\"rule\":\"MustRunAs\"},\"runAsUser\":{\"rule\":\"MustRunAsNonRoot\"},\"volumes\":[\"secret\",\"configMap\"]}}'` or redeploy application\n\n## Contact\n\n- Mailing list: [giantswarm](https://groups.google.com/forum/!forum/giantswarm)\n- Bugs: [issues](https://github.com/giantswarm/aws-operator/issues)\n\n## Contributing \u0026 Reporting Bugs\n\nSee [CONTRIBUTING](CONTRIBUTING.md) for details on submitting patches, the\ncontribution workflow as well as reporting bugs.\n\nFor security issues, please see [the security policy](SECURITY.md).\n\n\n## License\n\naws-operator is under the Apache 2.0 license. See the [LICENSE](LICENSE) file\nfor details.\n\n\n## Credit\n\n- https://github.com/giantswarm/microkit\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgiantswarm%2Faws-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgiantswarm%2Faws-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgiantswarm%2Faws-operator/lists"}