Marketplace
upbound/configuration-aws-eks-pod-identity@v0.3.0
pat.xpodidentities.aws.platform.upbound.io

pat.xpodidentities.aws.platform.upbound.io

pat.xpodidentities.aws.platform.upbound.io
upbound/configuration-aws-eks-pod-identity@v0.3.0pat.xpodidentities.aws.platform.upbound.io
Type

Composition

Referenced XRD

XPodIdentity

Source Codegithub.com/upbound/configuration-aws-eks-pod-identity
YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
  name: pat.xpodidentities.aws.platform.upbound.io
  creationTimestamp: null
  labels:
    function: patch-and-transform
    provider: aws
spec:
  compositeTypeRef:
    apiVersion: aws.platform.upbound.io/v1alpha1
    kind: XPodIdentity
  mode: Pipeline
  pipeline:
    - step: patch-and-transform
      functionRef:
        name: crossplane-contrib-function-patch-and-transform
      input:
        apiVersion: pt.fn.crossplane.io/v1beta1
        kind: Resources
        patchSets:
          - name: providerConfigRef
            patches:
              - fromFieldPath: spec.parameters.providerConfigName
                toFieldPath: spec.providerConfigRef.name
                type: FromCompositeFieldPath
          - name: deletionPolicy
            patches:
              - fromFieldPath: spec.parameters.deletionPolicy
                toFieldPath: spec.deletionPolicy
                type: FromCompositeFieldPath
          - name: region
            patches:
              - fromFieldPath: spec.parameters.region
                toFieldPath: spec.forProvider.region
                type: FromCompositeFieldPath
        resources:
          - base:
              apiVersion: eks.aws.upbound.io/v1beta1
              kind: PodIdentityAssociation
              spec:
                forProvider:
                  roleArnSelector:
                    matchControllerRef: true
            name: podIdentityAssociation
            patches:
              - patchSetName: providerConfigRef
                type: PatchSet
              - patchSetName: deletionPolicy
                type: PatchSet
              - patchSetName: region
                type: PatchSet
              - fromFieldPath: spec.parameters.clusterName
                toFieldPath: spec.forProvider.clusterName
                type: FromCompositeFieldPath
              - fromFieldPath: spec.parameters.clusterNameRef
                toFieldPath: spec.forProvider.clusterNameRef
                type: FromCompositeFieldPath
              - fromFieldPath: spec.parameters.clusterNameSelector
                toFieldPath: spec.forProvider.clusterNameSelector
                type: FromCompositeFieldPath
              - fromFieldPath: spec.parameters.serviceAccount.name
                toFieldPath: spec.forProvider.serviceAccount
                type: FromCompositeFieldPath
              - fromFieldPath: spec.parameters.serviceAccount.namespace
                toFieldPath: spec.forProvider.namespace
                type: FromCompositeFieldPath
              - fromFieldPath: status.atProvider.clusterName
                toFieldPath: status.podIdentity.clusterName
                type: ToCompositeFieldPath
          - base:
              apiVersion: iam.aws.upbound.io/v1beta1
              kind: Role
              spec:
                forProvider:
                  assumeRolePolicy: |
                    {
                      "Version":"2012-10-17",
                      "Statement":[
                        {
                          "Sid":"AllowEksAuthToAssumeRoleForPodIdentity",
                          "Effect":"Allow",
                          "Principal":{
                            "Service":"pods.eks.amazonaws.com"
                          },
                          "Action":[
                            "sts:AssumeRole",
                            "sts:TagSession"
                          ]
                        }
                      ]
                    }
            name: iamRole
            patches:
              - patchSetName: providerConfigRef
                type: PatchSet
              - patchSetName: deletionPolicy
                type: PatchSet
              - fromFieldPath: spec.parameters.inlinePolicy
                toFieldPath: spec.forProvider.inlinePolicy
                type: FromCompositeFieldPath
              - fromFieldPath: spec.parameters.managedPolicyArns
                toFieldPath: spec.forProvider.managedPolicyArns
                type: FromCompositeFieldPath
              - fromFieldPath: spec.parameters.permissionsBoundaryArn
                toFieldPath: spec.forProvider.permissionsBoundary
                type: FromCompositeFieldPath
              - fromFieldPath: status.atProvider.arn
                toFieldPath: status.podIdentity.roleArn
                type: ToCompositeFieldPath
  writeConnectionSecretsToNamespace: upbound-system
Discover the building blocks for your internal cloud platform.
© 2024 Upbound, Inc.
Solutions
Learn
Company
More