Marketplace
BrowsePublish
Marketplace
devops-toolkit/dot-kubernetes@v0.12.80
cluster-aws

cluster-aws

cluster-aws
devops-toolkit/dot-kubernetes@v0.12.80cluster-aws
Type

Composition

Referenced XRD

CompositeCluster

Source Codegithub.com/vfarcic/crossplane-kubernetes
YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
  name: cluster-aws
  creationTimestamp: null
  labels:
    cluster: eks
    provider: aws
spec:
  compositeTypeRef:
    apiVersion: devopstoolkitseries.com/v1alpha1
    kind: CompositeCluster
  mode: Pipeline
  pipeline:
    - step: patch-and-transform
      functionRef:
        name: crossplane-contrib-function-patch-and-transform
      input:
        apiVersion: pt.fn.crossplane.io/v1beta1
        kind: Resources
        resources:
          - base:
              apiVersion: eks.aws.upbound.io/v1beta1
              kind: Cluster
              spec:
                forProvider:
                  region: us-east-1
                  roleArnSelector:
                    matchControllerRef: true
                  version: "1.29"
                  vpcConfig:
                    - endpointPrivateAccess: true
                      endpointPublicAccess: true
                      subnetIdSelector:
                        matchControllerRef: true
            name: ekscluster
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
              - fromFieldPath: spec.parameters.version
                toFieldPath: spec.forProvider.version
              - fromFieldPath: spec.id
                toFieldPath: spec.forProvider.roleArnSelector.matchLabels.role
                transforms:
                  - string:
                      fmt: "%s-controlplane"
                      type: Format
                    type: string
              - fromFieldPath: metadata.name
                toFieldPath: status.clusterName
                type: ToCompositeFieldPath
              - fromFieldPath: status.conditions[0].reason
                toFieldPath: status.controlPlaneStatus
                type: ToCompositeFieldPath
          - base:
              apiVersion: eks.aws.upbound.io/v1beta1
              kind: ClusterAuth
              spec:
                forProvider:
                  clusterNameSelector:
                    matchControllerRef: true
                  region: us-east-1
            connectionDetails:
              - fromConnectionSecretKey: kubeconfig
                name: kubeconfig
                type: FromConnectionSecretKey
            name: clusterAuth
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
              - fromFieldPath: spec.id
                toFieldPath: spec.writeConnectionSecretToRef.name
                transforms:
                  - string:
                      fmt: "%s-cluster"
                      type: Format
                    type: string
              - fromFieldPath: spec.claimRef.namespace
                toFieldPath: spec.writeConnectionSecretToRef.namespace
          - base:
              apiVersion: eks.aws.upbound.io/v1beta1
              kind: NodeGroup
              spec:
                forProvider:
                  clusterNameSelector:
                    matchControllerRef: true
                  instanceTypes:
                    - t3.small
                  nodeRoleArnSelector:
                    matchControllerRef: true
                  region: us-east-1
                  scalingConfig:
                    - desiredSize: 1
                      maxSize: 10
                      minSize: 1
                  subnetIdSelector:
                    matchControllerRef: true
            name: eksnodegroup
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
              - fromFieldPath: spec.parameters.nodeSize
                toFieldPath: spec.forProvider.instanceTypes[0]
                transforms:
                  - map:
                      large: t3.large
                      medium: t3.medium
                      small: t3.small
                    type: map
              - fromFieldPath: spec.id
                toFieldPath: spec.forProvider.nodeRoleArnSelector.matchLabels.role
                transforms:
                  - string:
                      fmt: "%s-nodegroup"
                      type: Format
                    type: string
              - fromFieldPath: spec.parameters.minNodeCount
                toFieldPath: spec.forProvider.scalingConfig[0].minSize
              - fromFieldPath: spec.parameters.minNodeCount
                toFieldPath: spec.forProvider.scalingConfig[0].desiredSize
              - fromFieldPath: status.conditions[0].reason
                toFieldPath: status.nodePoolStatus
                type: ToCompositeFieldPath
          - base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: Role
              spec:
                forProvider:
                  assumeRolePolicy: |-
                    {
                      "Version": "2012-10-17",
                      "Statement": [{
                        "Effect": "Allow",
                        "Principal": {"Service": ["eks.amazonaws.com"]},
                        "Action": ["sts:AssumeRole"]
                      }]
                    }
            name: iamrole-controlplane
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-controlplane"
                      type: Format
                    type: string
              - fromFieldPath: spec.id
                toFieldPath: metadata.labels.role
                transforms:
                  - string:
                      fmt: "%s-controlplane"
                      type: Format
                    type: string
          - base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: Role
              spec:
                forProvider:
                  assumeRolePolicy: |-
                    {
                      "Version": "2012-10-17",
                      "Statement": [{
                        "Effect": "Allow",
                        "Principal": {"Service": ["ec2.amazonaws.com"]},
                        "Action": ["sts:AssumeRole"]
                      }]
                    }
            name: iamrole-nodegroup
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-nodegroup"
                      type: Format
                    type: string
              - fromFieldPath: spec.id
                toFieldPath: metadata.labels.role
                transforms:
                  - string:
                      fmt: "%s-nodegroup"
                      type: Format
                    type: string
          - base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: RolePolicyAttachment
              spec:
                forProvider:
                  policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
                  roleSelector:
                    matchControllerRef: true
            name: iamattachment-controlplane
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-controlplane"
                      type: Format
                    type: string
              - fromFieldPath: spec.id
                toFieldPath: spec.forProvider.roleSelector.matchLabels.role
                transforms:
                  - string:
                      fmt: "%s-controlplane"
                      type: Format
                    type: string
          - base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: RolePolicyAttachment
              spec:
                forProvider:
                  policyArn: arn:aws:iam::aws:policy/AmazonEKSServicePolicy
                  roleSelector:
                    matchControllerRef: true
            name: iamattachment-service
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-service"
                      type: Format
                    type: string
              - fromFieldPath: spec.id
                toFieldPath: spec.forProvider.roleSelector.matchLabels.role
                transforms:
                  - string:
                      fmt: "%s-controlplane"
                      type: Format
                    type: string
          - base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: RolePolicyAttachment
              spec:
                forProvider:
                  policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
                  roleSelector:
                    matchControllerRef: true
            name: iamattachment-worker
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-worker"
                      type: Format
                    type: string
              - fromFieldPath: spec.id
                toFieldPath: spec.forProvider.roleSelector.matchLabels.role
                transforms:
                  - string:
                      fmt: "%s-nodegroup"
                      type: Format
                    type: string
          - base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: RolePolicyAttachment
              spec:
                forProvider:
                  policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
                  roleSelector:
                    matchControllerRef: true
            name: iamattachment-cni
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-cni"
                      type: Format
                    type: string
              - fromFieldPath: spec.id
                toFieldPath: spec.forProvider.roleSelector.matchLabels.role
                transforms:
                  - string:
                      fmt: "%s-nodegroup"
                      type: Format
                    type: string
          - base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: RolePolicyAttachment
              spec:
                forProvider:
                  policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
                  roleSelector:
                    matchControllerRef: true
            name: iamattachment-registry
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-registry"
                      type: Format
                    type: string
              - fromFieldPath: spec.id
                toFieldPath: spec.forProvider.roleSelector.matchLabels.role
                transforms:
                  - string:
                      fmt: "%s-nodegroup"
                      type: Format
                    type: string
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: VPC
              spec:
                forProvider:
                  cidrBlock: 10.0.0.0/16
                  enableDnsSupport: true
                  region: us-east-1
            name: vpc-nodepool
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: SecurityGroup
              spec:
                forProvider:
                  description: Cluster communication with worker nodes
                  region: us-east-1
                  vpcIdSelector:
                    matchControllerRef: true
            name: sg-nodepool
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
              - fromFieldPath: spec.id
                toFieldPath: spec.forProvider.name
            readinessChecks:
              - type: None
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: SecurityGroupRule
              spec:
                forProvider:
                  cidrBlocks:
                    - 0.0.0.0/0
                  description: I am too lazy to write descriptions
                  fromPort: 0
                  protocol: "-1"
                  region: us-east-1
                  securityGroupIdSelector:
                    matchControllerRef: true
                  toPort: 0
                  type: egress
            name: securityGroupRule
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: Subnet
              metadata:
                labels:
                  access: public
                  zone: us-east-1a
              spec:
                forProvider:
                  availabilityZone: us-east-1a
                  cidrBlock: 10.0.0.0/24
                  mapPublicIpOnLaunch: true
                  region: us-east-1
                  tags:
                    kubernetes.io/role/elb: "1"
                  vpcIdSelector:
                    matchControllerRef: true
            name: subnet-nodepool-1a
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-1a"
                      type: Format
                    type: string
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: Subnet
              metadata:
                labels:
                  access: public
                  zone: us-east-1b
              spec:
                forProvider:
                  availabilityZone: us-east-1b
                  cidrBlock: 10.0.1.0/24
                  mapPublicIpOnLaunch: true
                  region: us-east-1
                  tags:
                    kubernetes.io/role/elb: "1"
                  vpcIdSelector:
                    matchControllerRef: true
            name: subnet-nodepool-1b
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-1b"
                      type: Format
                    type: string
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: Subnet
              metadata:
                labels:
                  access: public
                  zone: us-east-1c
              spec:
                forProvider:
                  availabilityZone: us-east-1c
                  cidrBlock: 10.0.2.0/24
                  mapPublicIpOnLaunch: true
                  region: us-east-1
                  tags:
                    kubernetes.io/role/elb: "1"
                  vpcIdSelector:
                    matchControllerRef: true
            name: subnet-nodepool-1c
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-1c"
                      type: Format
                    type: string
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: InternetGateway
              spec:
                forProvider:
                  region: us-east-1
                  vpcIdSelector:
                    matchControllerRef: true
            name: gateway
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: RouteTable
              spec:
                forProvider:
                  region: us-east-1
                  vpcIdSelector:
                    matchControllerRef: true
            name: routeTable
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: Route
              spec:
                forProvider:
                  destinationCidrBlock: 0.0.0.0/0
                  gatewayIdSelector:
                    matchControllerRef: true
                  region: us-east-1
                  routeTableIdSelector:
                    matchControllerRef: true
            name: route
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: MainRouteTableAssociation
              spec:
                forProvider:
                  region: us-east-1
                  routeTableIdSelector:
                    matchControllerRef: true
                  vpcIdSelector:
                    matchControllerRef: true
            name: mainRouteTableAssociation
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: RouteTableAssociation
              spec:
                forProvider:
                  region: us-east-1
                  routeTableIdSelector:
                    matchControllerRef: true
                  subnetIdSelector:
                    matchControllerRef: true
                    matchLabels:
                      access: public
                      zone: us-east-1a
            name: routeTableAssociation1a
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-1a"
                      type: Format
                    type: string
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: RouteTableAssociation
              spec:
                forProvider:
                  region: us-east-1
                  routeTableIdSelector:
                    matchControllerRef: true
                  subnetIdSelector:
                    matchControllerRef: true
                    matchLabels:
                      access: public
                      zone: us-east-1b
            name: routeTableAssociation1b
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-1b"
                      type: Format
                    type: string
          - base:
              apiVersion: ec2.aws.upbound.io/v1beta1
              kind: RouteTableAssociation
              spec:
                forProvider:
                  region: us-east-1
                  routeTableIdSelector:
                    matchControllerRef: true
                  subnetIdSelector:
                    matchControllerRef: true
                    matchLabels:
                      access: public
                      zone: us-east-1c
            name: routeTableAssociation1c
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-1c"
                      type: Format
                    type: string
          - base:
              apiVersion: eks.aws.upbound.io/v1beta1
              kind: Addon
              metadata:
                name: aws-ebs-csi-driver
              spec:
                forProvider:
                  addonName: aws-ebs-csi-driver
                  clusterNameSelector:
                    matchControllerRef: true
                  region: us-east-1
            name: addonEbs
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-ebs"
                      type: Format
                    type: string
          - base:
              apiVersion: helm.crossplane.io/v1beta1
              kind: ProviderConfig
              spec:
                credentials:
                  secretRef:
                    key: kubeconfig
                    name: kubeconfig
                    namespace: crossplane-system
                  source: Secret
            name: helm
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
              - fromFieldPath: spec.claimRef.namespace
                toFieldPath: spec.credentials.secretRef.namespace
              - fromFieldPath: spec.id
                toFieldPath: spec.credentials.secretRef.name
                transforms:
                  - string:
                      fmt: "%s-cluster"
                      type: Format
                    type: string
            readinessChecks:
              - type: None
          - base:
              apiVersion: helm.crossplane.io/v1beta1
              kind: ProviderConfig
              spec:
                credentials:
                  source: InjectedIdentity
            name: helm-local
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
                transforms:
                  - string:
                      fmt: "%s-local"
                      type: Format
                    type: string
              - fromFieldPath: metadata.annotations
                toFieldPath: metadata.annotations
            readinessChecks:
              - type: None
          - base:
              apiVersion: kubernetes.crossplane.io/v1alpha1
              kind: ProviderConfig
              spec:
                credentials:
                  secretRef:
                    key: kubeconfig
                    name: kubeconfig
                    namespace: crossplane-system
                  source: Secret
            name: kubernetes
            patches:
              - fromFieldPath: spec.id
                toFieldPath: metadata.name
              - fromFieldPath: spec.claimRef.namespace
                toFieldPath: spec.credentials.secretRef.namespace
              - fromFieldPath: spec.id
                toFieldPath: spec.credentials.secretRef.name
                transforms:
                  - string:
                      fmt: "%s-cluster"
                      type: Format
                    type: string
            readinessChecks:
              - type: None
    - step: app-crossplane
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ if
            .observed.composite.resource.spec.parameters.apps.crossplane.enabled
            }}

            ---

            apiVersion: helm.crossplane.io/v1beta1

            kind: Release

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-app-crossplane'
              annotations:
                crossplane.io/external-name: crossplane
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-crossplane'
            spec:
              forProvider:
                chart:
                  name: crossplane
                  repository: https://charts.crossplane.io/stable
                  version: 1.14.5
                  url: ""
                set: []
                values: {}
                namespace: crossplane-system
              rollbackLimit: 3
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}'

            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: app-openfunction
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ if
            .observed.composite.resource.spec.parameters.apps.openfunction.enabled
            }}

            ---

            apiVersion: helm.crossplane.io/v1beta1

            kind: Release

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-app-openfunction'
              annotations:
                crossplane.io/external-name: openfunction
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-openfunction'
            spec:
              forProvider:
                chart:
                  name: openfunction
                  repository: ""
                  version: ""
                  url: https://openfunction.github.io/charts/openfunction-v1.2.0-v0.7.0.tgz
                set:
                  - name: revisionController.enable
                    value: "true"
                values: {}
                namespace: openfunction
              rollbackLimit: 3
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}'

            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: app-dapr
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ if .observed.composite.resource.spec.parameters.apps.dapr.enabled
            }}

            ---

            apiVersion: helm.crossplane.io/v1beta1

            kind: Release

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-app-dapr'
              annotations:
                crossplane.io/external-name: dapr
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dapr'
            spec:
              forProvider:
                chart:
                  name: dapr
                  repository: https://dapr.github.io/helm-charts/
                  version: 1.12.4
                  url: ""
                set: []
                values: {}
                namespace: dapr-system
              rollbackLimit: 3
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}'

            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: app-traefik
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ if
            .observed.composite.resource.spec.parameters.apps.traefik.enabled }}

            ---

            apiVersion: helm.crossplane.io/v1beta1

            kind: Release

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-app-traefik'
              annotations:
                crossplane.io/external-name: traefik
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-traefik'
            spec:
              forProvider:
                chart:
                  name: traefik
                  repository: https://helm.traefik.io/traefik
                  version: 26.0.0
                  url: ""
                set: []
                values: {}
                namespace: traefik
              rollbackLimit: 3
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}'

            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: app-dynatrace
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ if
            .observed.composite.resource.spec.parameters.apps.dynatrace.enabled
            }}

            ---

            apiVersion: helm.crossplane.io/v1beta1

            kind: Release

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-app-dynatrace-operator'
              annotations:
                crossplane.io/external-name: dynatrace-operator
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dynatrace-operator'
            spec:
              forProvider:
                chart:
                  name: dynatrace-operator
                  repository: https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable
                  version: 0.15.0
                  url: ""
                set:
                  - name: installCRD
                    value: "true"
                  - name: csidriver.enabled
                    value: "true"
                values: {}
                namespace: dynatrace
              rollbackLimit: 3
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}'

            ---

            apiVersion: kubernetes.crossplane.io/v1alpha2

            kind: Object

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-app-dynakube'
              annotations:
                crossplane.io/external-name: dynakube
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dynakube'
            spec:
              forProvider:
                manifest:
                  apiVersion: dynatrace.com/v1beta1
                  kind: DynaKube
                  metadata:
                    name: '{{ $.observed.composite.resource.spec.id }}'
                    namespace: dynatrace
                    annotations:
                      feature.dynatrace.com/k8s-app-enabled: "true"
                  spec:
                    apiUrl: '{{ $.observed.composite.resource.spec.parameters.apps.dynatrace.apiUrl }}'
                    oneAgent:
                      cloudNativeFullStack:
                        image: ""
                    activeGate:
                      capabilities:
                        - kubernetes-monitoring
                        - routing
                        - metrics-ingest
                        - dynatrace-api
                      image: ""
                      resources:
                        requests:
                          cpu: 500m
                          memory: 512Mi
                        limits:
                          cpu: 1000m
                          memory: 1.5Gi
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}'

            ---

            apiVersion: helm.crossplane.io/v1beta1

            kind: Release

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-app-dynatrace-dashboard'
              annotations:
                crossplane.io/external-name: dynatrace-dashboard
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dynatrace-dashboard'
            spec:
              forProvider:
                chart:
                  name: kubernetes-cluster
                  repository: https://katharinasick.github.io/crossplane-observability-demo-dynatrace
                  version: 0.2.2
                  url: ""
                set: []
                values:
                  oauthCredentialsSecretName: '{{ $.observed.composite.resource.spec.parameters.apps.dynatrace.oathCredentialsSecretName }}'
                  cluster: '{{ $.observed.composite.resource.spec.id }}'
                  dashboards:
                    clusterOverview:
                      enabled: true
                    crossplaneMetrics:
                      enabled: false
                namespace: dynatrace
              rollbackLimit: 3
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}-local'

            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: app-external-secrets
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ if
            .observed.composite.resource.spec.parameters.apps.externalSecrets.enabled
            }}

            ---

            apiVersion: helm.crossplane.io/v1beta1

            kind: Release

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-app-external-secrets'
              annotations:
                crossplane.io/external-name: external-secrets
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-external-secrets'
            spec:
              forProvider:
                chart:
                  name: external-secrets
                  repository: https://charts.external-secrets.io
                  version: 0.9.11
                  url: ""
                set:
                  - name: installCRDs
                    value: "true"
                values: {}
                namespace: external-secrets
              rollbackLimit: 3
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}'

            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: secret-store
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ if and
            .observed.composite.resource.spec.parameters.apps.externalSecrets.enabled
            .observed.composite.resource.spec.parameters.apps.externalSecrets.store
            .observed.composite.resource.spec.parameters.apps.externalSecrets.awsAccessKeyIDKey
            .observed.composite.resource.spec.parameters.apps.externalSecrets.awsSecretAccessKeyKey
            }}

            ---

            apiVersion: kubernetes.crossplane.io/v1alpha2

            kind: Object

            metadata:
              name: {{ $.observed.composite.resource.spec.id }}-secret-store
              annotations:
                crossplane.io/external-name: aws
                gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-secret-store
            spec:
              forProvider:
                manifest:
                  apiVersion: external-secrets.io/v1beta1
                  kind: ClusterSecretStore
                  metadata:
                    name: aws
                  spec:
                    provider:
                      aws:
                        service: SecretsManager
                        region: us-east-1
                        auth:
                          secretRef:
                            accessKeyIDSecretRef:
                              name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
                              key: {{ $.observed.composite.resource.spec.parameters.apps.externalSecrets.awsAccessKeyIDKey }}
                              namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
                            secretAccessKeySecretRef:
                              name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
                              key: {{ $.observed.composite.resource.spec.parameters.apps.externalSecrets.awsSecretAccessKeyKey }}
                              namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
              providerConfigRef:
                name: {{ $.observed.composite.resource.spec.id }}
            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: secrets
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ range
            .observed.composite.resource.spec.parameters.apps.externalSecrets.secrets
            }}

            ---

            apiVersion: kubernetes.crossplane.io/v1alpha2

            kind: Object

            metadata:
              name: '{{ $.observed.composite.resource.spec.id }}-secret-{{ .toSecret }}'
              annotations:
                crossplane.io/external-name: '{{ .toSecret }}'
                gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-secret-{{ .toSecret }}'
            spec:
              forProvider:
                manifest:
                  apiVersion: external-secrets.io/v1beta1
                  kind: ExternalSecret
                  metadata:
                    name: '{{ .toSecret }}'
                    namespace: '{{ .toNamespace }}'
                  spec:
                    refreshInterval: 1h
                    secretStoreRef:
                      kind: ClusterSecretStore
                      name: aws
                    target:
                      name: '{{ .toSecret }}'
                      creationPolicy: Owner
                      template:
                        type: '{{ .type }}'
                    dataFrom:
                      - extract:
                          key: '{{ .fromSecret }}'
              providerConfigRef:
                name: '{{ $.observed.composite.resource.spec.id }}'

            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: namespaces
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ range .observed.composite.resource.spec.parameters.namespaces }}

            ---

            apiVersion: kubernetes.crossplane.io/v1alpha2

            kind: Object

            metadata:
              name: {{ $.observed.composite.resource.spec.id }}-ns-{{ . }}
              annotations:
                crossplane.io/external-name: {{ . }}
                gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-ns-{{ . }}
            spec:
              forProvider:
                manifest:
                  apiVersion: "v1"
                  kind: "Namespace"
                  metadata:
                    name: {{ . }}
              providerConfigRef:
                name: {{ $.observed.composite.resource.spec.id }}
            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: creds
      functionRef:
        name: crossplane-contrib-function-go-templating
      input:
        apiVersion: gotemplating.fn.crossplane.io/v1beta1
        inline:
          template: >-
            {{ if .observed.composite.resource.spec.parameters.creds }}

            ---

            apiVersion: kubernetes.crossplane.io/v1alpha2

            kind: Object

            metadata:
              name: {{ $.observed.composite.resource.spec.id }}-creds
              annotations:
                gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-creds
                crossplane.io/external-name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
            spec:
              references:
              {{ range $.observed.composite.resource.spec.parameters.creds.keys }}
              - patchesFrom:
                  apiVersion: v1
                  kind: Secret
                  name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
                  namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
                  fieldPath: data.{{ . }}
                toFieldPath: data.{{ . }}
              {{ end }}
              forProvider:
                manifest:
                  apiVersion: v1
                  kind: Secret
                  metadata:
                    name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
                    namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
              providerConfigRef:
                name: {{ $.observed.composite.resource.spec.id }}
            {{ end }}
        kind: GoTemplate
        source: Inline
    - step: automatically-detect-ready-composed-resources
      functionRef:
        name: crossplane-contrib-function-auto-ready
  writeConnectionSecretsToNamespace: crossplane-system
Marketplace

Discover the building blocks for your internal cloud platform.

© 2022 Upbound, Inc.

SolutionsProvidersConfigurations
LearnDocumentationTry for Free
MorePrivacy PolicyTerms & Conditions
Marketplace

© 2022 Upbound, Inc.

Marketplace

Discover the building blocksfor your internal cloud platform.