The following resources are composed to implement the referenced Composite Resource Definition (XRD).
Cluster
ClusterAuth
NodeGroup
Role
Role
RolePolicyAttachment
RolePolicyAttachment
RolePolicyAttachment
RolePolicyAttachment
RolePolicyAttachment
VPC
SecurityGroup
SecurityGroupRule
Subnet
Subnet
Subnet
InternetGateway
RouteTable
Route
MainRouteTableAssociation
RouteTableAssociation
RouteTableAssociation
RouteTableAssociation
Addon
ProviderConfig
Release
ProviderConfig
Object
Object
Object
Object
Object
Object
Object
Object
Object
Object
Object
Object
Object
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: cluster-aws-official
creationTimestamp: null
labels:
cluster: eks
provider: aws-official
spec:
compositeTypeRef:
apiVersion: devopstoolkitseries.com/v1alpha1
kind: CompositeCluster
patchSets:
- name: metadata
patches:
- fromFieldPath: metadata.labels
resources:
- name: ekscluster
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: Cluster
spec:
forProvider:
region: us-east-1
roleArnSelector:
matchControllerRef: true
version: "1.24"
vpcConfig:
- endpointPrivateAccess: true
endpointPublicAccess: true
subnetIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.version
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleArnSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-controlplane"
- type: ToCompositeFieldPath
fromFieldPath: metadata.name
toFieldPath: status.clusterName
- type: ToCompositeFieldPath
fromFieldPath: status.conditions[0].reason
toFieldPath: status.controlPlaneStatus
- name: clusterAuth
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: ClusterAuth
spec:
forProvider:
clusterNameSelector:
matchControllerRef: true
region: us-east-1
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.id
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-cluster"
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
connectionDetails:
- fromConnectionSecretKey: kubeconfig
- name: eksnodegroup
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: NodeGroup
spec:
forProvider:
clusterNameSelector:
matchControllerRef: true
instanceTypes:
- t3.small
nodeRoleArnSelector:
matchControllerRef: true
region: us-east-1
scalingConfig:
- desiredSize: 1
maxSize: 10
minSize: 1
subnetIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.parameters.nodeSize
toFieldPath: spec.forProvider.instanceTypes[0]
transforms:
- type: map
map:
large: t3.large
medium: t3.medium
small: t3.small
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.nodeRoleArnSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- fromFieldPath: spec.parameters.minNodeCount
toFieldPath: spec.forProvider.scalingConfig[0].minSize
- fromFieldPath: spec.parameters.minNodeCount
toFieldPath: spec.forProvider.scalingConfig[0].desiredSize
- type: ToCompositeFieldPath
fromFieldPath: status.conditions[0].reason
toFieldPath: status.nodePoolStatus
- name: iamrole-controlplane
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"eks.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-controlplane"
- fromFieldPath: spec.id
toFieldPath: metadata.labels.role
transforms:
- type: string
string:
fmt: "%s-controlplane"
- name: iamrole-nodegroup
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- fromFieldPath: spec.id
toFieldPath: metadata.labels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- name: iamattachment-controlplane
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
roleSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-controlplane"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-controlplane"
- name: iamattachment-service
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSServicePolicy
roleSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-service"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-controlplane"
- name: iamattachment-worker
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
roleSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-worker"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- name: iamattachment-cni
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
roleSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-cni"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- name: iamattachment-registry
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
roleSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-registry"
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.roleSelector.matchLabels.role
transforms:
- type: string
string:
fmt: "%s-nodegroup"
- name: vpc-nodepool
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: VPC
spec:
forProvider:
cidrBlock: 10.0.0.0/16
enableDnsSupport: true
region: us-east-1
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- name: sg-nodepool
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroup
spec:
forProvider:
description: Cluster communication with worker nodes
region: us-east-1
vpcIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.groupName
readinessChecks:
- type: None
- name: securityGroupRule
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroupRule
spec:
forProvider:
cidrBlocks:
- 0.0.0.0/0
description: I am too lazy to write descriptions
fromPort: 0
protocol: "-1"
region: us-east-1
securityGroupIdSelector:
matchControllerRef: true
toPort: 0
type: egress
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- name: subnet-nodepool-1a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: public
zone: us-east-1a
spec:
forProvider:
availabilityZone: us-east-1a
cidrBlock: 10.0.0.0/24
mapPublicIpOnLaunch: true
region: us-east-1
tags:
kubernetes.io/role/elb: "1"
vpcIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-1a"
- name: subnet-nodepool-1b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: public
zone: us-east-1b
spec:
forProvider:
availabilityZone: us-east-1b
cidrBlock: 10.0.1.0/24
mapPublicIpOnLaunch: true
region: us-east-1
tags:
kubernetes.io/role/elb: "1"
vpcIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-1b"
- name: subnet-nodepool-1c
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: public
zone: us-east-1c
spec:
forProvider:
availabilityZone: us-east-1c
cidrBlock: 10.0.2.0/24
mapPublicIpOnLaunch: true
region: us-east-1
tags:
kubernetes.io/role/elb: "1"
vpcIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-1c"
- name: gateway
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: InternetGateway
spec:
forProvider:
region: us-east-1
vpcIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- name: routeTable
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTable
spec:
forProvider:
region: us-east-1
vpcIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- name: route
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Route
spec:
forProvider:
destinationCidrBlock: 0.0.0.0/0
gatewayIdSelector:
matchControllerRef: true
region: us-east-1
routeTableIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- name: mainRouteTableAssociation
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: MainRouteTableAssociation
spec:
forProvider:
region: us-east-1
routeTableIdSelector:
matchControllerRef: true
vpcIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- name: routeTableAssociation1a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
region: us-east-1
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
zone: us-east-1a
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-1a"
- name: routeTableAssociation1b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
region: us-east-1
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
zone: us-east-1b
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-1b"
- name: routeTableAssociation1c
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
region: us-east-1
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
zone: us-east-1c
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-1c"
- name: addonEbs
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Addon
metadata:
name: aws-ebs-csi-driver
spec:
forProvider:
clusterNameSelector:
matchControllerRef: true
region: us-east-1
- name: helm
base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-cluster"
readinessChecks:
- type: None
- name: crossplane
base:
apiVersion: helm.crossplane.io/v1beta1
kind: Release
spec:
forProvider:
chart:
name: crossplane
repository: https://charts.crossplane.io/stable
version: 1.9.0
namespace: crossplane-system
rollbackLimit: 3
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-crossplane"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: kubernetes
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-cluster"
readinessChecks:
- type: None
- name: ns-prod
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: v1
kind: Namespace
metadata:
name: production
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-ns-prod"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: ns-dev
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: v1
kind: Namespace
metadata:
name: dev
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-ns-dev"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: k8s-provider-sa
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: v1
kind: ServiceAccount
metadata:
name: provider-kubernetes
namespace: crossplane-system
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-k8s-provider-sa"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: k8s-provider-crd
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: provider-kubernetes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: provider-kubernetes
namespace: crossplane-system
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-k8s-provider-crb"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: k8s-provider-cc
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
name: provider-kubernetes
spec:
serviceAccountName: provider-kubernetes
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-k8s-provider-cc"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: kubernetes-provider
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: crossplane-contrib-provider-kubernetes
spec:
controllerConfigRef:
name: provider-kubernetes
package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.6.0
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-kubernetes-provider"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: helm-provider
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: crossplane-provider-helm
spec:
controllerConfigRef:
name: provider-kubernetes
package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.13.0
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-helm-provider"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: sql-provider
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: crossplane-provider-sql
spec:
package: crossplane/provider-sql:v0.5.0
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-sql-provider"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: config-app
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
name: crossplane-app
spec:
package: xpkg.upbound.io/devops-toolkit/dot-application:v0.3.9
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-config-app"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: config-monitoring
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
name: crossplane-monitoring
spec:
package: xpkg.upbound.io/devops-toolkit/dot-monitoring:v0.0.41
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-config-monitoring"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: config-sql
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
name: crossplane-sql
spec:
package: xpkg.upbound.io/devops-toolkit/dot-sql:v0.7.14
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-config-sql"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: aws-p
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: crossplane-provider-aws
spec:
package: xpkg.upbound.io/upbound/provider-aws:v0.24.0
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-aws-p"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- name: aws-pc
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
secretRef:
key: creds
name: aws-creds
namespace: crossplane-system
source: Secret
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-aws-pc"
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
writeConnectionSecretsToNamespace: crossplane-system