diff --git a/operators/ack-mwaa-controller/0.1.0/bundle.Dockerfile b/operators/ack-mwaa-controller/0.1.0/bundle.Dockerfile new file mode 100644 index 00000000000..c8bbdecff65 --- /dev/null +++ b/operators/ack-mwaa-controller/0.1.0/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-mwaa-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-controller.clusterserviceversion.yaml b/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..ebee768f84a --- /dev/null +++ b/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-controller.clusterserviceversion.yaml @@ -0,0 +1,295 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "mwaa.services.k8s.aws/v1alpha1", + "kind": "Environment", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/mwaa-controller:0.1.0 + createdAt: "2026-05-04T19:07:30Z" + description: Amazon Managed Workflows for Apache Airflow controller is a service + controller for managing Amazon Managed Workflows for Apache Airflow resources + in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-mwaa-controller.v0.1.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Environment represents the state of an AWS mwaa Environment resource. + displayName: Environment + kind: Environment + name: environments.mwaa.services.k8s.aws + version: v1alpha1 + description: |- + Manage Amazon Managed Workflows for Apache Airflow resources in AWS from within your Kubernetes cluster. + + **About Amazon Managed Workflows for Apache Airflow** + Use Amazon Managed Workflows for Apache Airflow, a managed service for Apache Airflow, to set up and run data pipelines in the cloud at scale. Apache Airflow is an open-source tool used to create, schedule, and monitor workflows. + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. This project is currently in **developer preview**. + displayName: AWS Controllers for Kubernetes - Amazon Managed Workflows for Apache + Airflow + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups + - securitygroups/status + - subnets + - subnets/status + verbs: + - get + - list + - apiGroups: + - iam.services.k8s.aws + resources: + - roles + - roles/status + verbs: + - get + - list + - apiGroups: + - kms.services.k8s.aws + resources: + - keys + - keys/status + verbs: + - get + - list + - apiGroups: + - mwaa.services.k8s.aws + resources: + - environments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mwaa.services.k8s.aws + resources: + - environments/status + verbs: + - get + - patch + - update + - apiGroups: + - s3.services.k8s.aws + resources: + - buckets + - buckets/status + verbs: + - get + - list + - apiGroups: + - services.k8s.aws + resources: + - fieldexports + - iamroleselectors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + - iamroleselectors/status + verbs: + - get + - patch + - update + serviceAccountName: ack-mwaa-controller + deployments: + - label: + app.kubernetes.io/name: ack-mwaa-controller + app.kubernetes.io/part-of: ack-system + name: ack-mwaa-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-mwaa-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-mwaa-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + - --feature-gates + - $(FEATURE_GATES) + - --enable-carm=$(ENABLE_CARM) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-mwaa-user-config + optional: false + - secretRef: + name: ack-mwaa-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/mwaa-controller:0.1.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-mwaa-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-mwaa-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - mwaa + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon Managed Workflows for Apache Airflow Developer Resources + url: https://docs.aws.amazon.com/mwaa/latest/userguide/what-is-mwaa.html + maintainers: + - email: ack-maintainers@amazon.com + name: mwaa maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 0.1.0 diff --git a/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-metrics-service_v1_service.yaml b/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..cbc7ee7dd7b --- /dev/null +++ b/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-mwaa-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-mwaa-controller + type: ClusterIP +status: + loadBalancer: {} diff --git a/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..2c6d12e20f9 --- /dev/null +++ b/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-mwaa-reader +rules: +- apiGroups: + - mwaa.services.k8s.aws + resources: + - environments + verbs: + - get + - list + - watch diff --git a/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..4f78312b49c --- /dev/null +++ b/operators/ack-mwaa-controller/0.1.0/manifests/ack-mwaa-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-mwaa-writer +rules: +- apiGroups: + - mwaa.services.k8s.aws + resources: + - environments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mwaa.services.k8s.aws + resources: + - environments + verbs: + - get + - patch + - update diff --git a/operators/ack-mwaa-controller/0.1.0/manifests/mwaa.services.k8s.aws_environments.yaml b/operators/ack-mwaa-controller/0.1.0/manifests/mwaa.services.k8s.aws_environments.yaml new file mode 100644 index 00000000000..acaf471811d --- /dev/null +++ b/operators/ack-mwaa-controller/0.1.0/manifests/mwaa.services.k8s.aws_environments.yaml @@ -0,0 +1,619 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + creationTimestamp: null + name: environments.mwaa.services.k8s.aws +spec: + group: mwaa.services.k8s.aws + names: + kind: Environment + listKind: EnvironmentList + plural: environments + singular: environment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.status + name: STATUS + type: string + - jsonPath: .spec.airflowVersion + name: AIRFLOWVERSION + type: string + - jsonPath: .spec.environmentClass + name: ENVIRONMENTCLASS + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="ACK.ResourceSynced")].status + name: Synced + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Environment is the Schema for the Environments API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + EnvironmentSpec defines the desired state of Environment. + + Describes an Amazon Managed Workflows for Apache Airflow (MWAA) environment. + properties: + airflowConfigurationOptions: + additionalProperties: + type: string + description: |- + A list of key-value pairs containing the Apache Airflow configuration options + you want to attach to your environment. For more information, see Apache + Airflow configuration options (https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-env-variables.html). + type: object + airflowVersion: + description: |- + The Apache Airflow version for your environment. If no value is specified, + it defaults to the latest version. For more information, see Apache Airflow + versions on Amazon Managed Workflows for Apache Airflow (Amazon MWAA) (https://docs.aws.amazon.com/mwaa/latest/userguide/airflow-versions.html). + + Valid values: 1.10.12, 2.0.2, 2.2.2, 2.4.3, 2.5.1, 2.6.3, 2.7.2, 2.8.1, 2.9.2, + 2.10.1, and 2.10.3. + + Regex Pattern: `^[0-9a-z.]+$` + type: string + dagS3Path: + description: |- + The relative path to the DAGs folder on your Amazon S3 bucket. For example, + dags. For more information, see Adding or updating DAGs (https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-folder.html). + + Regex Pattern: `.*` + type: string + endpointManagement: + description: |- + Defines whether the VPC endpoints configured for the environment are created, + and managed, by the customer or by Amazon MWAA. If set to SERVICE, Amazon + MWAA will create and manage the required VPC endpoints in your VPC. If set + to CUSTOMER, you must create, and manage, the VPC endpoints for your VPC. + If you choose to create an environment in a shared VPC, you must set this + value to CUSTOMER. In a shared VPC deployment, the environment will remain + in PENDING status until you create the VPC endpoints. If you do not take + action to create the endpoints within 72 hours, the status will change to + CREATE_FAILED. You can delete the failed environment and create a new one. + type: string + x-kubernetes-validations: + - message: Value is immutable once set + rule: self == oldSelf + environmentClass: + description: |- + The environment class type. Valid values: mw1.micro, mw1.small, mw1.medium, + mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon + MWAA environment class (https://docs.aws.amazon.com/mwaa/latest/userguide/environment-class.html). + type: string + executionRoleARN: + description: |- + The Amazon Resource Name (ARN) of the execution role for your environment. + An execution role is an Amazon Web Services Identity and Access Management + (IAM) role that grants MWAA permission to access Amazon Web Services services + and resources used by your environment. For example, arn:aws:iam::123456789:role/my-execution-role. + For more information, see Amazon MWAA Execution role (https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html). + + Regex Pattern: `^arn:aws(-[a-z]+)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$` + type: string + executionRoleRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + kmsKey: + description: |- + The Amazon Web Services Key Management Service (KMS) key to encrypt the data + in your environment. You can use an Amazon Web Services owned CMK, or a Customer + managed CMK (advanced). For more information, see Create an Amazon MWAA environment + (https://docs.aws.amazon.com/mwaa/latest/userguide/create-environment.html). + + Regex Pattern: `^(((arn:aws(-[a-z]+)?:kms:[a-z]{2}-[a-z]+-\d:\d+:)?key\/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|(arn:aws(-[a-z]+)?:kms:[a-z]{2}-[a-z]+-\d:\d+:)?alias/.+)$` + type: string + x-kubernetes-validations: + - message: Value is immutable once set + rule: self == oldSelf + kmsKeyRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + loggingConfiguration: + description: Defines the Apache Airflow logs to send to CloudWatch + Logs. + properties: + dagProcessingLogs: + description: |- + Enables the Apache Airflow log type (e.g. DagProcessingLogs) and defines + the log level to send to CloudWatch Logs (e.g. INFO). + properties: + enabled: + type: boolean + logLevel: + type: string + type: object + schedulerLogs: + description: |- + Enables the Apache Airflow log type (e.g. DagProcessingLogs) and defines + the log level to send to CloudWatch Logs (e.g. INFO). + properties: + enabled: + type: boolean + logLevel: + type: string + type: object + taskLogs: + description: |- + Enables the Apache Airflow log type (e.g. DagProcessingLogs) and defines + the log level to send to CloudWatch Logs (e.g. INFO). + properties: + enabled: + type: boolean + logLevel: + type: string + type: object + webserverLogs: + description: |- + Enables the Apache Airflow log type (e.g. DagProcessingLogs) and defines + the log level to send to CloudWatch Logs (e.g. INFO). + properties: + enabled: + type: boolean + logLevel: + type: string + type: object + workerLogs: + description: |- + Enables the Apache Airflow log type (e.g. DagProcessingLogs) and defines + the log level to send to CloudWatch Logs (e.g. INFO). + properties: + enabled: + type: boolean + logLevel: + type: string + type: object + type: object + maxWebservers: + description: |- + The maximum number of web servers that you want to run in your environment. + Amazon MWAA scales the number of Apache Airflow web servers up to the number + you specify for MaxWebservers when you interact with your Apache Airflow + environment using Apache Airflow REST API, or the Apache Airflow CLI. For + example, in scenarios where your workload requires network calls to the Apache + Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA + will increase the number of web servers up to the number set in MaxWebserers. + As TPS rates decrease Amazon MWAA disposes of the additional web servers, + and scales down to the number set in MinxWebserers. + + Valid values: For environments larger than mw1.micro, accepts values from + 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults + to 1. + format: int64 + type: integer + maxWorkers: + description: |- + The maximum number of workers that you want to run in your environment. MWAA + scales the number of Apache Airflow workers up to the number you specify + in the MaxWorkers field. For example, 20. When there are no more tasks running, + and no more in the queue, MWAA disposes of the extra workers leaving the + one worker that is included with your environment, or the number you specify + in MinWorkers. + format: int64 + type: integer + minWebservers: + description: |- + The minimum number of web servers that you want to run in your environment. + Amazon MWAA scales the number of Apache Airflow web servers up to the number + you specify for MaxWebservers when you interact with your Apache Airflow + environment using Apache Airflow REST API, or the Apache Airflow CLI. As + the transaction-per-second rate, and the network load, decrease, Amazon MWAA + disposes of the additional web servers, and scales down to the number set + in MinxWebserers. + + Valid values: For environments larger than mw1.micro, accepts values from + 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults + to 1. + format: int64 + type: integer + minWorkers: + description: |- + The minimum number of workers that you want to run in your environment. MWAA + scales the number of Apache Airflow workers up to the number you specify + in the MaxWorkers field. When there are no more tasks running, and no more + in the queue, MWAA disposes of the extra workers leaving the worker count + you specify in the MinWorkers field. For example, 2. + format: int64 + type: integer + name: + description: |- + The name of the Amazon MWAA environment. For example, MyMWAAEnvironment. + + Regex Pattern: `^[a-zA-Z][0-9a-zA-Z-_]*$` + type: string + x-kubernetes-validations: + - message: Value is immutable once set + rule: self == oldSelf + networkConfiguration: + description: |- + The VPC networking components used to secure and enable network traffic between + the Amazon Web Services resources for your environment. For more information, + see About networking on Amazon MWAA (https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html). + properties: + securityGroupIDs: + items: + type: string + type: array + securityGroupRefs: + description: Reference field for SecurityGroupIDs + items: + description: "AWSResourceReferenceWrapper provides a wrapper + around *AWSResourceReference\ntype to provide more user friendly + syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + subnetIDs: + items: + type: string + type: array + x-kubernetes-validations: + - message: Value is immutable once set + rule: self == oldSelf + subnetRefs: + description: Reference field for SubnetIDs + items: + description: "AWSResourceReferenceWrapper provides a wrapper + around *AWSResourceReference\ntype to provide more user friendly + syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + type: object + pluginsS3ObjectVersion: + description: |- + The version of the plugins.zip file on your Amazon S3 bucket. You must specify + a version each time a plugins.zip file is updated. For more information, + see How S3 Versioning works (https://docs.aws.amazon.com/AmazonS3/latest/userguide/versioning-workflows.html). + type: string + pluginsS3Path: + description: |- + The relative path to the plugins.zip file on your Amazon S3 bucket. For example, + plugins.zip. If specified, then the plugins.zip version is required. For + more information, see Installing custom plugins (https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import-plugins.html). + + Regex Pattern: `.*` + type: string + requirementsS3ObjectVersion: + description: |- + The version of the requirements.txt file on your Amazon S3 bucket. You must + specify a version each time a requirements.txt file is updated. For more + information, see How S3 Versioning works (https://docs.aws.amazon.com/AmazonS3/latest/userguide/versioning-workflows.html). + type: string + requirementsS3Path: + description: |- + The relative path to the requirements.txt file on your Amazon S3 bucket. + For example, requirements.txt. If specified, then a version is required. + For more information, see Installing Python dependencies (https://docs.aws.amazon.com/mwaa/latest/userguide/working-dags-dependencies.html). + + Regex Pattern: `.*` + type: string + schedulers: + description: |- + The number of Apache Airflow schedulers to run in your environment. Valid + values: + + * v2 - For environments larger than mw1.micro, accepts values from 2 to + 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults + to 1. + + * v1 - Accepts 1. + format: int64 + type: integer + sourceBucketARN: + description: |- + The Amazon Resource Name (ARN) of the Amazon S3 bucket where your DAG code + and supporting files are stored. For example, arn:aws:s3:::my-airflow-bucket-unique-name. + For more information, see Create an Amazon S3 bucket for Amazon MWAA (https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-s3-bucket.html). + + Regex Pattern: `^arn:aws(-[a-z]+)?:s3:::[a-z0-9.\-]+$` + type: string + sourceBucketRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + startupScriptS3ObjectVersion: + description: |- + The version of the startup shell script in your Amazon S3 bucket. You must + specify the version ID (https://docs.aws.amazon.com/AmazonS3/latest/userguide/versioning-workflows.html) + that Amazon S3 assigns to the file every time you update the script. + + Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are + no more than 1,024 bytes long. The following is an example: + + 3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo + + For more information, see Using a startup script (https://docs.aws.amazon.com/mwaa/latest/userguide/using-startup-script.html). + type: string + startupScriptS3Path: + description: |- + The relative path to the startup shell script in your Amazon S3 bucket. For + example, s3://mwaa-environment/startup.sh. + + Amazon MWAA runs the script as your environment starts, and before running + the Apache Airflow process. You can use this script to install dependencies, + modify Apache Airflow configuration options, and set environment variables. + For more information, see Using a startup script (https://docs.aws.amazon.com/mwaa/latest/userguide/using-startup-script.html). + + Regex Pattern: `.*` + type: string + tags: + additionalProperties: + type: string + description: |- + The key-value tag pairs you want to associate to your environment. For example, + "Environment": "Staging". For more information, see Tagging Amazon Web Services + resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html). + type: object + webserverAccessMode: + description: |- + Defines the access mode for the Apache Airflow web server. For more information, + see Apache Airflow access modes (https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-networking.html). + type: string + weeklyMaintenanceWindowStart: + description: |- + The day and time of the week in Coordinated Universal Time (UTC) 24-hour + standard time to start weekly maintenance updates of your environment in + the following format: DAY:HH:MM. For example: TUE:03:30. You can specify + a start time in 30 minute increments only. + + Regex Pattern: `(MON|TUE|WED|THU|FRI|SAT|SUN):([01]\d|2[0-3]):(00|30)` + type: string + required: + - dagS3Path + - name + - networkConfiguration + type: object + status: + description: EnvironmentStatus defines the observed state of Environment + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRs managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + createdAt: + description: The day and time the environment was created. + format: date-time + type: string + lastUpdate: + description: The status of the last update on the environment. + properties: + createdAt: + format: date-time + type: string + error: + description: Describes the error(s) encountered with the last + update of the environment. + properties: + errorCode: + type: string + errorMessage: + type: string + type: object + source: + type: string + status: + type: string + workerReplacementStrategy: + type: string + type: object + status: + description: |- + The status of the Amazon MWAA environment. + + Valid values: + + * CREATING - Indicates the request to create the environment is in progress. + + * CREATING_SNAPSHOT - Indicates the request to update environment details, + or upgrade the environment version, is in progress and Amazon MWAA is + creating a storage volume snapshot of the Amazon RDS database cluster + associated with the environment. A database snapshot is a backup created + at a specific point in time. Amazon MWAA uses snapshots to recover environment + metadata if the process to update or upgrade an environment fails. + + * CREATE_FAILED - Indicates the request to create the environment failed, + and the environment could not be created. + + * AVAILABLE - Indicates the request was successful and the environment + is ready to use. + + * PENDING - Indicates the request was successful, but the process to create + the environment is paused until you create the required VPC endpoints + in your VPC. After you create the VPC endpoints, the process resumes. + + * UPDATING - Indicates the request to update the environment is in progress. + + * ROLLING_BACK - Indicates the request to update environment details, + or upgrade the environment version, failed and Amazon MWAA is restoring + the environment using the latest storage volume snapshot. + + * DELETING - Indicates the request to delete the environment is in progress. + + * DELETED - Indicates the request to delete the environment is complete, + and the environment has been deleted. + + * UNAVAILABLE - Indicates the request failed, but the environment did + not return to its previous state and is not stable. + + * UPDATE_FAILED - Indicates the request to update the environment failed, + and the environment was restored to its previous state successfully and + is ready to use. + + * MAINTENANCE - Indicates that the environment is undergoing maintenance. + Depending on the type of work Amazon MWAA is performing, your environment + might become unavailable during this process. After all operations are + done, your environment will return to its status prior to mainteneace + operations. + + We recommend reviewing our troubleshooting guide for a list of common errors + and their solutions. For more information, see Amazon MWAA troubleshooting + (https://docs.aws.amazon.com/mwaa/latest/userguide/troubleshooting.html). + type: string + webserverURL: + description: |- + The Apache Airflow web server host name for the Amazon MWAA environment. + For more information, see Accessing the Apache Airflow UI (https://docs.aws.amazon.com/mwaa/latest/userguide/access-airflow-ui.html). + + Regex Pattern: `^https://.+$` + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-mwaa-controller/0.1.0/metadata/annotations.yaml b/operators/ack-mwaa-controller/0.1.0/metadata/annotations.yaml new file mode 100644 index 00000000000..15b1a293e04 --- /dev/null +++ b/operators/ack-mwaa-controller/0.1.0/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-mwaa-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-mwaa-controller/0.1.0/tests/scorecard/config.yaml b/operators/ack-mwaa-controller/0.1.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-mwaa-controller/0.1.0/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/ack-mwaa-controller/ci.yaml b/operators/ack-mwaa-controller/ci.yaml new file mode 100644 index 00000000000..3e0024a0adc --- /dev/null +++ b/operators/ack-mwaa-controller/ci.yaml @@ -0,0 +1,5 @@ +# Use `replaces-mode` or `semver-mode`. Once you switch to `semver-mode`, there is no easy way back. +updateGraph: semver-mode +reviewers: + - ack-bot +