Updates to access, maintenance, and support policy for official packages:On March 25, 2025 Upbound is updating the access policy for Official Providers
YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: cluster-azure
creationTimestamp: null
labels:
cluster: aks
provider: azure
spec:
compositeTypeRef:
apiVersion: devopstoolkitseries.com/v1alpha1
kind: CompositeCluster
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: crossplane-contrib-function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
resources:
- base:
apiVersion: azure.upbound.io/v1beta1
kind: ResourceGroup
spec:
forProvider:
location: eastus
name: resourcegroup
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- base:
apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
spec:
forProvider:
defaultNodePool:
- enableAutoScaling: true
maxCount: 10
vmSize: Standard_D2_v2
dnsPrefix: dot
identity:
- type: SystemAssigned
location: eastus
networkProfile:
- networkPlugin: none
connectionDetails:
- fromConnectionSecretKey: kubeconfig
name: kubeconfig
type: FromConnectionSecretKey
- fromConnectionSecretKey: kubeconfig
name: value
type: FromConnectionSecretKey
name: aks
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.id
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- string:
fmt: "%s-cluster"
type: Format
type: string
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.defaultNodePool[0].name
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.resourceGroupName
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.kubernetesVersion
- fromFieldPath: spec.parameters.minNodeCount
toFieldPath: spec.forProvider.defaultNodePool[0].minCount
- fromFieldPath: spec.parameters.nodeSize
toFieldPath: spec.forProvider.defaultNodePool[0].vmSize
transforms:
- map:
large: Standard_D4_v2
medium: Standard_D3_v2
small: Standard_D2_v2
type: map
- fromFieldPath: metadata.name
toFieldPath: status.clusterName
type: ToCompositeFieldPath
- fromFieldPath: status.conditions[0].reason
toFieldPath: status.controlPlaneStatus
type: ToCompositeFieldPath
- fromFieldPath: status.conditions[0].reason
toFieldPath: status.nodePoolStatus
type: ToCompositeFieldPath
- base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
name: kubeconfig
namespace: crossplane-system
source: Secret
name: helm
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.credentials.secretRef.name
transforms:
- string:
fmt: "%s-cluster"
type: Format
type: string
readinessChecks:
- type: None
- base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
source: InjectedIdentity
name: helm-local
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- string:
fmt: "%s-local"
type: Format
type: string
- fromFieldPath: metadata.annotations
toFieldPath: metadata.annotations
readinessChecks:
- type: None
- base:
apiVersion: helm.crossplane.io/v1beta1
kind: Release
spec:
forProvider:
chart:
name: cilium
repository: https://helm.cilium.io
version: 1.14.2
namespace: kube-system
set:
- name: aksbyocni.enabled
value: "true"
- name: nodeinit.enabled
value: "true"
- name: authentication.mutual.spire.enabled
value: "true"
- name: authentication.mutual.spire.install.enabled
value: "true"
rollbackLimit: 3
name: cilium
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- string:
fmt: "%s-cilium"
type: Format
type: string
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
name: kubeconfig
namespace: crossplane-system
source: Secret
name: kubernetes
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: spec.id
toFieldPath: spec.credentials.secretRef.name
transforms:
- string:
fmt: "%s-cluster"
type: Format
type: string
readinessChecks:
- type: None
- step: app-crossplane
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.crossplane.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-crossplane'
annotations:
crossplane.io/external-name: crossplane
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-crossplane'
spec:
forProvider:
chart:
name: crossplane
repository: https://charts.crossplane.io/stable
version: 1.14.5
url: ""
set: []
values: {}
namespace: crossplane-system
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-openfunction
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.openfunction.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-openfunction'
annotations:
crossplane.io/external-name: openfunction
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-openfunction'
spec:
forProvider:
chart:
name: openfunction
repository: ""
version: ""
url: https://openfunction.github.io/charts/openfunction-v1.2.0-v0.7.0.tgz
set:
- name: revisionController.enable
value: "true"
values: {}
namespace: openfunction
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-dapr
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if .observed.composite.resource.spec.parameters.apps.dapr.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-dapr'
annotations:
crossplane.io/external-name: dapr
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dapr'
spec:
forProvider:
chart:
name: dapr
repository: https://dapr.github.io/helm-charts/
version: 1.12.4
url: ""
set: []
values: {}
namespace: dapr-system
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-traefik
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.traefik.enabled }}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-traefik'
annotations:
crossplane.io/external-name: traefik
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-traefik'
spec:
forProvider:
chart:
name: traefik
repository: https://helm.traefik.io/traefik
version: 26.0.0
url: ""
set: []
values: {}
namespace: traefik
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-dynatrace
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.dynatrace.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-dynatrace-operator'
annotations:
crossplane.io/external-name: dynatrace-operator
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dynatrace-operator'
spec:
forProvider:
chart:
name: dynatrace-operator
repository: https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable
version: 0.15.0
url: ""
set:
- name: installCRD
value: "true"
- name: csidriver.enabled
value: "true"
values: {}
namespace: dynatrace
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-dynakube'
annotations:
crossplane.io/external-name: dynakube
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dynakube'
spec:
forProvider:
manifest:
apiVersion: dynatrace.com/v1beta1
kind: DynaKube
metadata:
name: '{{ $.observed.composite.resource.spec.id }}'
namespace: dynatrace
annotations:
feature.dynatrace.com/k8s-app-enabled: "true"
spec:
apiUrl: '{{ $.observed.composite.resource.spec.parameters.apps.dynatrace.apiUrl }}'
oneAgent:
cloudNativeFullStack:
image: ""
activeGate:
capabilities:
- kubernetes-monitoring
- routing
- metrics-ingest
- dynatrace-api
image: ""
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 1000m
memory: 1.5Gi
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-dynatrace-dashboard'
annotations:
crossplane.io/external-name: dynatrace-dashboard
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-dynatrace-dashboard'
spec:
forProvider:
chart:
name: kubernetes-cluster
repository: https://katharinasick.github.io/crossplane-observability-demo-dynatrace
version: 0.2.2
url: ""
set: []
values:
oauthCredentialsSecretName: '{{ $.observed.composite.resource.spec.parameters.apps.dynatrace.oathCredentialsSecretName }}'
cluster: '{{ $.observed.composite.resource.spec.id }}'
dashboards:
clusterOverview:
enabled: true
crossplaneMetrics:
enabled: false
namespace: dynatrace
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}-local'
{{ end }}
kind: GoTemplate
source: Inline
- step: app-external-secrets
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if
.observed.composite.resource.spec.parameters.apps.externalSecrets.enabled
}}
---
apiVersion: helm.crossplane.io/v1beta1
kind: Release
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-app-external-secrets'
annotations:
crossplane.io/external-name: external-secrets
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-app-external-secrets'
spec:
forProvider:
chart:
name: external-secrets
repository: https://charts.external-secrets.io
version: 0.9.11
url: ""
set:
- name: installCRDs
value: "true"
values: {}
namespace: external-secrets
rollbackLimit: 3
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: secret-store
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if and
.observed.composite.resource.spec.parameters.apps.externalSecrets.enabled
.observed.composite.resource.spec.parameters.apps.externalSecrets.store
.observed.composite.resource.spec.parameters.apps.externalSecrets.azureVaultUrl
}}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-secret-store
annotations:
crossplane.io/external-name: azure
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-secret-store
spec:
forProvider:
manifest:
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: azure
spec:
provider:
azurekv:
authType: ManagedIdentity
vaultUrl: {{ $.observed.composite.resource.spec.parameters.apps.externalSecrets.azureVaultUrl }}
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}
{{ end }}
kind: GoTemplate
source: Inline
- step: secrets
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ range
.observed.composite.resource.spec.parameters.apps.externalSecrets.secrets
}}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: '{{ $.observed.composite.resource.spec.id }}-secret-{{ .toSecret }}'
annotations:
crossplane.io/external-name: '{{ .toSecret }}'
gotemplating.fn.crossplane.io/composition-resource-name: '{{ $.observed.composite.resource.spec.id }}-secret-{{ .toSecret }}'
spec:
forProvider:
manifest:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: '{{ .toSecret }}'
namespace: '{{ .toNamespace }}'
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: azure
target:
name: '{{ .toSecret }}'
creationPolicy: Owner
template:
type: '{{ .type }}'
dataFrom:
- extract:
key: '{{ .fromSecret }}'
providerConfigRef:
name: '{{ $.observed.composite.resource.spec.id }}'
{{ end }}
kind: GoTemplate
source: Inline
- step: namespaces
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ range .observed.composite.resource.spec.parameters.namespaces }}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-ns-{{ . }}
annotations:
crossplane.io/external-name: {{ . }}
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-ns-{{ . }}
spec:
forProvider:
manifest:
apiVersion: "v1"
kind: "Namespace"
metadata:
name: {{ . }}
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}
{{ end }}
kind: GoTemplate
source: Inline
- step: creds
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >-
{{ if .observed.composite.resource.spec.parameters.creds }}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-creds
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-creds
crossplane.io/external-name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
spec:
references:
{{ range $.observed.composite.resource.spec.parameters.creds.keys }}
- patchesFrom:
apiVersion: v1
kind: Secret
name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
fieldPath: data.{{ . }}
toFieldPath: data.{{ . }}
{{ end }}
forProvider:
manifest:
apiVersion: v1
kind: Secret
metadata:
name: {{ $.observed.composite.resource.spec.parameters.creds.name }}
namespace: {{ $.observed.composite.resource.spec.parameters.creds.namespace }}
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}
{{ end }}
kind: GoTemplate
source: Inline
- step: automatically-detect-ready-composed-resources
functionRef:
name: crossplane-contrib-function-auto-ready
writeConnectionSecretsToNamespace: crossplane-system