andrzej/natzka@v1.1official-eks
Type
Composition
Referenced XRD
XManagedCluster
Resources (32)
The following resources are composed to implement the referenced Composite Resource Definition (XRD).
Kind
Group
Version
Role
iam.aws.upbound.io
v1beta1
Role
iam.aws.upbound.io
v1beta1
Role
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
VPC
ec2.aws.upbound.io
v1beta1
SecurityGroup
ec2.aws.upbound.io
v1beta1
SecurityGroupRule
ec2.aws.upbound.io
v1beta1
Subnet
ec2.aws.upbound.io
v1beta1
Subnet
ec2.aws.upbound.io
v1beta1
Subnet
ec2.aws.upbound.io
v1beta1
Subnet
ec2.aws.upbound.io
v1beta1
Subnet
ec2.aws.upbound.io
v1beta1
Subnet
ec2.aws.upbound.io
v1beta1
InternetGateway
ec2.aws.upbound.io
v1beta1
RouteTable
ec2.aws.upbound.io
v1beta1
Route
ec2.aws.upbound.io
v1beta1
RouteTableAssociation
ec2.aws.upbound.io
v1beta1
RouteTableAssociation
ec2.aws.upbound.io
v1beta1
RouteTableAssociation
ec2.aws.upbound.io
v1beta1
Cluster
eks.aws.upbound.io
v1beta1
NodeGroup
eks.aws.upbound.io
v1beta1
FargateProfile
eks.aws.upbound.io
v1beta1
ClusterAuth
eks.aws.upbound.io
v1beta1
ProviderConfig
kubernetes.crossplane.io
v1alpha1
Object
kubernetes.crossplane.io
v1alpha1
ProviderConfig
helm.crossplane.io
v1beta1
Release
helm.crossplane.io
v1beta1
YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: official-eks
creationTimestamp: null
labels:
cluster: eks
crossplane.io/xrd: xmanagedclusters.compositions.io
provider: official
spec:
compositeTypeRef:
apiVersion: compositions.io/v1alpha1
kind: XManagedCluster
patchSets:
- name: metadata
patches:
- fromFieldPath: metadata.labels
- name: region
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
transforms:
- type: map
map:
afs: af-south-1
ape: ap-east-1
apne1: ap-northeast-1
apne2: ap-northeast-2
apne3: ap-northeast-3
aps1: ap-south-1
apse1: ap-southeast-1
apse2: ap-southeast-2
apse3: ap-southeast-3
cac: ca-central-1
euc: eu-central-1
eun: eu-north-1
eus: eu-south-1
euw1: eu-west-1
euw2: eu-west-2
euw3: eu-west-3
sae: sa-east-1
use1: us-east-1
use2: us-east-2
usw1: us-west-1
usw2: us-west-2
- name: snet-zone-1
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: metadata.labels.zone
transforms:
- type: map
map:
afs: af-south-1a
ape: ap-east-1a
apne1: ap-northeast-1a
apne2: ap-northeast-2a
apne3: ap-northeast-3a
aps1: ap-south-1a
apse1: ap-southeast-1a
apse2: ap-southeast-2a
apse3: ap-southeast-3a
cac: ca-central-1a
euc: eu-central-1a
eun: eu-north-1a
eus: eu-south-1a
euw1: eu-west-1a
euw2: eu-west-2a
euw3: eu-west-3a
sae: sa-east-1a
use1: us-east-1a
use2: us-east-2a
usw1: us-west-1a
usw2: us-west-2a
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.availabilityZone
transforms:
- type: map
map:
afs: af-south-1a
ape: ap-east-1a
apne1: ap-northeast-1a
apne2: ap-northeast-2a
apne3: ap-northeast-3a
aps1: ap-south-1a
apse1: ap-southeast-1a
apse2: ap-southeast-2a
apse3: ap-southeast-3a
cac: ca-central-1a
euc: eu-central-1a
eun: eu-north-1a
eus: eu-south-1a
euw1: eu-west-1a
euw2: eu-west-2a
euw3: eu-west-3a
sae: sa-east-1a
use1: us-east-1a
use2: us-east-2a
usw1: us-west-1a
usw2: us-west-2a
- name: snet-zone-2
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: metadata.labels.zone
transforms:
- type: map
map:
afs: af-south-1b
ape: ap-east-1b
apne1: ap-northeast-1d
apne2: ap-northeast-2b
apne3: ap-northeast-3b
aps1: ap-south-1b
apse1: ap-southeast-1b
apse2: ap-southeast-2b
apse3: ap-southeast-3b
cac: ca-central-1b
euc: eu-central-1b
eun: eu-north-1b
eus: eu-south-1b
euw1: eu-west-1b
euw2: eu-west-2b
euw3: eu-west-3b
sae: sa-east-1b
use1: us-east-1b
use2: us-east-2b
usw1: us-west-1a
usw2: us-west-2b
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.availabilityZone
transforms:
- type: map
map:
afs: af-south-1b
ape: ap-east-1b
apne1: ap-northeast-1d
apne2: ap-northeast-2b
apne3: ap-northeast-3b
aps1: ap-south-1b
apse1: ap-southeast-1b
apse2: ap-southeast-2b
apse3: ap-southeast-3b
cac: ca-central-1b
euc: eu-central-1b
eun: eu-north-1b
eus: eu-south-1b
euw1: eu-west-1b
euw2: eu-west-2b
euw3: eu-west-3b
sae: sa-east-1b
use1: us-east-1b
use2: us-east-2b
usw1: us-west-1a
usw2: us-west-2b
- name: snet-zone-3
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: metadata.labels.zone
transforms:
- type: map
map:
afs: af-south-1c
ape: ap-east-1c
apne1: ap-northeast-1c
apne2: ap-northeast-2c
apne3: ap-northeast-3c
aps1: ap-south-1c
apse1: ap-southeast-1c
apse2: ap-southeast-2c
apse3: ap-southeast-3c
cac: ca-central-1b
euc: eu-central-1c
eun: eu-north-1c
eus: eu-south-1c
euw1: eu-west-1c
euw2: eu-west-2c
euw3: eu-west-3c
sae: sa-east-1c
use1: us-east-1c
use2: us-east-2c
usw1: us-west-1c
usw2: us-west-2c
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.availabilityZone
transforms:
- type: map
map:
afs: af-south-1c
ape: ap-east-1c
apne1: ap-northeast-1c
apne2: ap-northeast-2c
apne3: ap-northeast-3c
aps1: ap-south-1c
apse1: ap-southeast-1c
apse2: ap-southeast-2c
apse3: ap-southeast-3c
cac: ca-central-1b
euc: eu-central-1c
eun: eu-north-1c
eus: eu-south-1c
euw1: eu-west-1c
euw2: eu-west-2c
euw3: eu-west-3c
sae: sa-east-1c
use1: us-east-1c
use2: us-east-2c
usw1: us-west-1c
usw2: us-west-2c
- name: route-zone-1
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone
transforms:
- type: map
map:
afs: af-south-1a
ape: ap-east-1a
apne1: ap-northeast-1a
apne2: ap-northeast-2a
apne3: ap-northeast-3a
aps1: ap-south-1a
apse1: ap-southeast-1a
apse2: ap-southeast-2a
apse3: ap-southeast-3a
cac: ca-central-1a
euc: eu-central-1a
eun: eu-north-1a
eus: eu-south-1a
euw1: eu-west-1a
euw2: eu-west-2a
euw3: eu-west-3a
sae: sa-east-1a
use1: us-east-1a
use2: us-east-2a
usw1: us-west-1a
usw2: us-west-2a
- name: route-zone-2
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone
transforms:
- type: map
map:
afs: af-south-1b
ape: ap-east-1b
apne1: ap-northeast-1d
apne2: ap-northeast-2b
apne3: ap-northeast-3b
aps1: ap-south-1b
apse1: ap-southeast-1b
apse2: ap-southeast-2b
apse3: ap-southeast-3b
cac: ca-central-1b
euc: eu-central-1b
eun: eu-north-1b
eus: eu-south-1b
euw1: eu-west-1b
euw2: eu-west-2b
euw3: eu-west-3b
sae: sa-east-1b
use1: us-east-1b
use2: us-east-2b
usw1: us-west-1a
usw2: us-west-2b
- name: route-zone-3
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.subnetIdSelector.matchLabels.zone
transforms:
- type: map
map:
afs: af-south-1c
ape: ap-east-1c
apne1: ap-northeast-1c
apne2: ap-northeast-2c
apne3: ap-northeast-3c
aps1: ap-south-1c
apse1: ap-southeast-1c
apse2: ap-southeast-2c
apse3: ap-southeast-3c
cac: ca-central-1b
euc: eu-central-1c
eun: eu-north-1c
eus: eu-south-1c
euw1: eu-west-1c
euw2: eu-west-2c
euw3: eu-west-3c
sae: sa-east-1c
use1: us-east-1c
use2: us-east-2c
usw1: us-west-1c
usw2: us-west-2c
resources:
- name: iamrole-controlplane
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"eks.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-controlplane"
- fromFieldPath: spec.id
toFieldPath: metadata.labels.role
transforms:
- type: string
string:
fmt: "%s-controlplane"
- name: iamrole-nodegroup
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- fromFieldPath: spec.id
toFieldPath: metadata.labels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- name: iamrole-fargateprofile
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"eks-fargate-pods.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-fargateprofile"
- fromFieldPath: spec.id
toFieldPath: metadata.labels.role
transforms:
- type: string
string:
fmt: "%s-fargateprofile"
- name: iamrolepolicy-cp-001
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
roleSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-cp-001"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-controlplane"
- name: iamrolepolicy-cp-002
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSServicePolicy
roleSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-cp-002"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-controlplane"
- name: iamrolepolicy-ng-001
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
roleSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-ng-001"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- name: iamrolepolicy-ng-002
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
roleSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-ng-002"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- name: iamrolepolicy-ng-003
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
roleSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-ng-003"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- name: iamrolepolicy-fp-001
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy
roleSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-fp-001"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-fargateprofile"
- name: ec2vpc
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: VPC
spec:
forProvider:
cidrBlock: 10.0.0.0/16
tags:
Name: eks-cluster
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
- name: ec2sg-ng
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroup
spec:
forProvider:
description: Cluster communication with worker nodes
name: ekscluster-sg
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-sg"
- name: ec2sg-rule
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroupRule
spec:
forProvider:
cidrBlocks:
- 0.0.0.0/0
fromPort: 0
protocol: "-1"
securityGroupIdSelector:
matchControllerRef: true
toPort: 0
type: egress
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-sgrule"
- name: ec2snet-pub-a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: public
spec:
forProvider:
cidrBlock: 10.0.0.0/24
mapPublicIpOnLaunch: true
tags:
Name: eks-snet
kubernetes.io/role/elb: "1"
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: snet-zone-1
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-pub-a"
- name: ec2snet-pub-b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: public
spec:
forProvider:
cidrBlock: 10.0.1.0/24
mapPublicIpOnLaunch: true
tags:
Name: eks-snet
kubernetes.io/role/elb: "1"
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: snet-zone-2
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-pub-b"
- name: ec2snet-pub-c
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: public
spec:
forProvider:
cidrBlock: 10.0.2.0/24
mapPublicIpOnLaunch: true
tags:
Name: eks-snet
kubernetes.io/role/elb: "1"
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: snet-zone-3
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-pub-c"
- name: ec2snet-prv-a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: private
spec:
forProvider:
cidrBlock: 10.0.100.0/24
mapPublicIpOnLaunch: false
tags:
Name: eks-snet
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: snet-zone-1
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-prv-a"
- name: ec2snet-prv-b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: private
spec:
forProvider:
cidrBlock: 10.0.101.0/24
mapPublicIpOnLaunch: false
tags:
Name: eks-snet
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: snet-zone-2
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-prv-b"
- name: ec2snet-prv-c
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: private
spec:
forProvider:
cidrBlock: 10.0.102.0/24
mapPublicIpOnLaunch: true
tags:
Name: eks-snet
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: snet-zone-3
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-prv-c"
- name: ec2-ig
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: InternetGateway
spec:
forProvider:
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
- name: ec2-rt
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTable
spec:
forProvider:
vpcIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-rt"
- name: ec2-rt-route
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Route
spec:
forProvider:
destinationCidrBlock: 0.0.0.0/0
gatewayIdSelector:
matchControllerRef: true
routeTableIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-route"
- name: ec2-rt-assoc-a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: route-zone-1
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-rta-a"
- name: ec2-rt-assoc-b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: route-zone-2
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-rta-b"
- name: ec2-rt-assoc-c
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- type: PatchSet
patchSetName: route-zone-3
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-rta-c"
- name: ekscluster
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: Cluster
spec:
forProvider:
roleArnSelector:
matchControllerRef: true
vpcConfig:
- endpointPrivateAccess: true
endpointPublicAccess: true
subnetIdSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: cluster-%s
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleArnSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-controlplane"
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.version
- type: ToCompositeFieldPath
fromFieldPath: metadata.name
toFieldPath: status.clusterName
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.status
toFieldPath: status.controlPlaneStatus
connectionDetails:
- fromConnectionSecretKey: kubeconfig
readinessChecks:
- type: MatchString
fieldPath: status.atProvider.status
matchString: ACTIVE
- name: eksnode
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: NodeGroup
spec:
forProvider:
clusterNameSelector:
matchControllerRef: true
nodeRoleArnSelector:
matchControllerRef: true
scalingConfig:
- maxSize: 10
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.nodeSize
toFieldPath: spec.forProvider.instanceTypes[0]
transforms:
- type: map
map:
large: t3.large
medium: t3.medium
small: t3.small
- fromFieldPath: spec.parameters.nodeCount
toFieldPath: spec.forProvider.scalingConfig[0].minSize
- fromFieldPath: spec.parameters.nodeCount
toFieldPath: spec.forProvider.scalingConfig[0].desiredSize
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.nodeRoleArnSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.status
toFieldPath: status.nodePoolStatus
readinessChecks:
- type: MatchString
fieldPath: status.atProvider.status
matchString: ACTIVE
- name: eksfargate
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: FargateProfile
spec:
forProvider:
clusterNameSelector:
matchControllerRef: true
podExecutionRoleArnSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: private
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.fargateNamespace
toFieldPath: spec.forProvider.selector[0].namespace
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.podExecutionRoleArnSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-fargateprofile"
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.status
toFieldPath: status.fargateProfileStatus
readinessChecks:
- type: MatchString
fieldPath: status.atProvider.status
matchString: ACTIVE
- name: kubernetesClusterAuth
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: ClusterAuth
spec:
forProvider:
clusterNameSelector:
matchControllerRef: true
providerConfigRef:
name: aws-uxp-provider
patches:
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-ekscluster"
connectionDetails:
- fromConnectionSecretKey: kubeconfig
- name: kubernetes
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-ekscluster"
readinessChecks:
- type: None
- name: k8s-ns-xp
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: v1
kind: Namespace
metadata:
name: upbound-system
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-ns-xp"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: helm
base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-ekscluster"
readinessChecks:
- type: None
- name: helm-uxp
base:
apiVersion: helm.crossplane.io/v1beta1
kind: Release
spec:
forProvider:
chart:
name: universal-crossplane
repository: https://charts.upbound.io/stable
version: 1.9.1-up.2
namespace: upbound-system
rollbackLimit: 3
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-uxp"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
writeConnectionSecretsToNamespace: upbound-system