YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: cluster-azure
creationTimestamp: null
labels:
cluster: aks
provider: azure
spec:
compositeTypeRef:
apiVersion: devopstoolkitseries.com/v1alpha1
kind: CompositeCluster
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: crossplane-contrib-function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
resources:
- base:
apiVersion: azure.upbound.io/v1beta1
kind: ResourceGroup
spec:
forProvider:
location: eastus
name: resourcegroup
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- base:
apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
spec:
forProvider:
defaultNodePool:
- enableAutoScaling: true
maxCount: 10
vmSize: Standard_D2_v2
dnsPrefix: dot
identity:
- type: SystemAssigned
location: eastus
networkProfile:
- networkPlugin: none
connectionDetails:
- fromConnectionSecretKey: kubeconfig
name: kubeconfig
type: FromConnectionSecretKey
- fromConnectionSecretKey: kubeconfig
name: value
type: FromConnectionSecretKey
name: aks
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.id
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- string:
fmt: "%s-cluster"
type: Format
type: string
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.defaultNodePool[0].name
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.resourceGroupName
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.kubernetesVersion
- fromFieldPath: spec.parameters.minNodeCount
toFieldPath: spec.forProvider.defaultNodePool[0].minCount
- fromFieldPath: spec.parameters.nodeSize
toFieldPath: spec.forProvider.defaultNodePool[0].vmSize
transforms:
- map:
large: Standard_D4_v2
medium: Standard_D3_v2
small: Standard_D2_v2
type: map
- fromFieldPath: metadata.name
toFieldPath: status.clusterName
type: ToCompositeFieldPath
- fromFieldPath: status.conditions[0].reason
toFieldPath: status.controlPlaneStatus
type: ToCompositeFieldPath
- fromFieldPath: status.conditions[0].reason
toFieldPath: status.nodePoolStatus
type: ToCompositeFieldPath
- base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
name: kubeconfig
namespace: crossplane-system
source: Secret
name: helm
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.credentials.secretRef.name
transforms:
- string:
fmt: "%s-cluster"
type: Format
type: string
readinessChecks:
- type: None
- base:
apiVersion: helm.crossplane.io/v1beta1
kind: Release
spec:
forProvider:
chart:
name: cilium
repository: https://helm.cilium.io
version: 1.14.2
namespace: kube-system
set:
- name: aksbyocni.enabled
value: "true"
- name: nodeinit.enabled
value: "true"
- name: authentication.mutual.spire.enabled
value: "true"
- name: authentication.mutual.spire.install.enabled
value: "true"
rollbackLimit: 3
name: cilium
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- string:
fmt: "%s-cilium"
type: Format
type: string
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
name: kubeconfig
namespace: crossplane-system
source: Secret
name: kubernetes
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.credentials.secretRef.name
transforms:
- string:
fmt: "%s-cluster"
type: Format
type: string
readinessChecks:
- type: None
- step: app-crossplane
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.crossplane.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-crossplane'
annotations:
crossplane.io/external-name: crossplane
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-crossplane'
spec:
forProvider:
chart:
name: crossplane
repository: https://charts.crossplane.io/stable
version: 1.14.5
url: ""
set: []
namespace: crossplane-system
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-openfunction
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.openfunction.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-openfunction'
annotations:
crossplane.io/external-name: openfunction
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-openfunction'
spec:
forProvider:
chart:
name: openfunction
repository: ""
version: ""
url: https://openfunction.github.io/charts/openfunction-v1.2.0-v0.7.0.tgz
set:
- name: revisionController.enable
value: "true"
namespace: openfunction
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-dapr
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if .observed.composite.resource.spec.parameters.apps.dapr.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-dapr'
annotations:
crossplane.io/external-name: dapr
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dapr'
spec:
forProvider:
chart:
name: dapr
repository: https://dapr.github.io/helm-charts/
version: 1.12.4
url: ""
set: []
namespace: dapr-system
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-traefik
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.traefik.enabled }}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-traefik'
annotations:
crossplane.io/external-name: traefik
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-traefik'
spec:
forProvider:
chart:
name: traefik
repository: https://helm.traefik.io/traefik
version: 26.0.0
url: ""
set: []
namespace: traefik
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-external-secrets
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.externalSecrets.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-external-secrets'
annotations:
crossplane.io/external-name: external-secrets
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-external-secrets'
spec:
forProvider:
chart:
name: external-secrets
repository: https://charts.external-secrets.io
version: 0.9.11
url: ""
set:
- name: installCRDs
value: "true"
namespace: external-secrets
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: secret-store
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if and
.observed.composite.resource.spec.parameters.apps.externalSecrets.enabled
.observed.composite.resource.spec.parameters.apps.externalSecrets.store
}}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-secret-store
annotations:
crossplane.io/external-name: azure
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-secret-store
spec:
{{ if $.observed.composite.resource.spec.parameters.apps.externalSecrets.googleCredentialsKey }}
references:
- patchesFrom:
apiVersion: gcp.upbound.io/v1beta1
kind: ProviderConfig
name: default
fieldPath: spec.projectID
toFieldPath: spec.provider.gcpsm.projectID
{{ end }}
forProvider:
manifest:
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: azure
spec:
provider:
{{ if $.observed.composite.resource.spec.parameters.apps.externalSecrets.googleCredentialsKey }}
gcpsm:
auth:
secretRef:
secretAccessKeySecretRef:
name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
key: {{ $.observed.composite.resource.spec.parameters.apps.externalSecrets.googleCredentialsKey }}
namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
{{ end }}
{{ if and $.observed.composite.resource.spec.parameters.apps.externalSecrets.awsAccessKeyIDKey $.observed.composite.resource.spec.parameters.apps.externalSecrets.awsSecretAccessKeyKey }}
aws:
service: SecretsManager
region: us-east-1
auth:
secretRef:
accessKeyIDSecretRef:
name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
key: {{ $.observed.composite.resource.spec.parameters.apps.externalSecrets.awsAccessKeyIDKey }}
namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
secretAccessKeySecretRef:
name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
key: {{ $.observed.composite.resource.spec.parameters.apps.externalSecrets.awsSecretAccessKeyKey }}
namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
{{ end }}
{{ if $.observed.composite.resource.spec.parameters.apps.externalSecrets.azureVaultUrl }}
azurekv:
authType: ManagedIdentity
vaultUrl: {{ $.observed.composite.resource.spec.parameters.apps.externalSecrets.azureVaultUrl }}
{{ end }}
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}
{{ end }}
kind: GoTemplate
source: Inline
- step: secrets
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ range
.observed.composite.resource.spec.parameters.apps.externalSecrets.secrets
}}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-secret-{{ .toSecret }}'
annotations:
crossplane.io/external-name: '{{ .toSecret }}'
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-secret-{{ .toSecret }}'
spec:
forProvider:
manifest:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: '{{ .toSecret }}'
namespace: '{{ .toNamespace }}'
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: azure
target:
name: '{{ .toSecret }}'
creationPolicy: Owner
template:
type: '{{ .type }}'
dataFrom:
- extract:
key: '{{ .fromSecret }}'
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: namespaces
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ range .observed.composite.resource.spec.parameters.namespaces }}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-ns-{{ . }}
annotations:
crossplane.io/external-name: {{ . }}
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-ns-{{ . }}
spec:
forProvider:
manifest:
apiVersion: "v1"
kind: "Namespace"
metadata:
name: {{ . }}
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}
{{ end }}
kind: GoTemplate
source: Inline
- step: creds
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if .observed.composite.resource.spec.parameters.creds }}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-creds
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-creds
crossplane.io/external-name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
spec:
references:
{{ range $.observed.composite.resource.spec.parameters.creds.keys }}
- patchesFrom:
apiVersion: v1
kind: Secret
name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
fieldPath: data.{{ . }}
toFieldPath: data.{{ . }}
{{ end }}
forProvider:
manifest:
apiVersion: v1
kind: Secret
metadata:
name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}
{{ end }}
kind: GoTemplate
source: Inline
- step: automatically-detect-ready-composed-resources
functionRef:
name: crossplane-contrib-function-auto-ready
writeConnectionSecretsToNamespace: crossplane-system