xeks.aws.platform.upbound.io
xeks.aws.platform.upbound.io
xeks.aws.platform.upbound.io
upbound/configuration-aws-eks@v0.17.0xeks.aws.platform.upbound.io
Resources (17)
The following resources are composed to implement the referenced Composite Resource Definition (XRD).
Kind
Group
Version
Role
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
Cluster
eks.aws.upbound.io
v1beta1
Tag
ec2.aws.upbound.io
v1beta1
ClusterAuth
eks.aws.upbound.io
v1beta1
Role
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
RolePolicyAttachment
iam.aws.upbound.io
v1beta1
NodeGroup
eks.aws.upbound.io
v1beta1
Addon
eks.aws.upbound.io
v1beta1
OpenIDConnectProvider
iam.aws.upbound.io
v1beta1
ProviderConfig
helm.crossplane.io
v1beta1
ProviderConfig
kubernetes.crossplane.io
v1alpha1
Object
kubernetes.crossplane.io
v1alpha1
Object
kubernetes.crossplane.io
v1alpha1
YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: xeks.aws.platform.upbound.io
creationTimestamp: null
labels:
provider: aws
spec:
compositeTypeRef:
apiVersion: aws.platform.upbound.io/v1alpha1
kind: XEKS
patchSets:
- name: providerConfigRef
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.providerConfigRef.name
- name: deletionPolicy
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.deletionPolicy
toFieldPath: spec.deletionPolicy
- name: region
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
resources:
- name: controlplaneRole
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
labels:
role: controlplane
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"eks.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- name: clusterRolePolicyAttachment
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
roleSelector:
matchControllerRef: true
matchLabels:
role: controlplane
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- name: kubernetesCluster
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: Cluster
spec:
forProvider:
roleArnSelector:
matchControllerRef: true
matchLabels:
role: controlplane
vpcConfig:
- endpointPrivateAccess: true
endpointPublicAccess: true
subnetIdSelector:
matchLabels:
access: public
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.vpcConfig[0].subnetIdSelector.matchLabels[networks.aws.platform.upbound.io/network-id]
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.version
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.identity[0].oidc[0].issuer
toFieldPath: status.eks.oidc
policy:
fromFieldPath: Optional
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.identity[0].oidc[0].issuer
toFieldPath: status.eks.oidcUri
transforms:
- type: string
string:
type: TrimPrefix
trim: https://
policy:
fromFieldPath: Optional
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.roleArn
toFieldPath: status.eks.accountId
transforms:
- type: string
string:
type: Regexp
regexp:
match: arn:aws:iam::(\d+):.*
group: 1
policy:
fromFieldPath: Optional
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.vpcConfig[0].clusterSecurityGroupId
toFieldPath: status.eks.clusterSecurityGroupId
policy:
fromFieldPath: Optional
- type: ToCompositeFieldPath
fromFieldPath: metadata.annotations[crossplane.io/external-name]
toFieldPath: status.eks.clusterName
policy:
fromFieldPath: Optional
- name: clusterSecurityGroupTag
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Tag
spec:
forProvider:
key: eks.aws.platform.upbound.io/discovery
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.value
- fromFieldPath: status.eks.clusterSecurityGroupId
toFieldPath: spec.forProvider.resourceId
policy:
fromFieldPath: Required
- name: kubernetesClusterAuth
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: ClusterAuth
spec:
forProvider:
clusterNameSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-ekscluster"
connectionDetails:
- fromConnectionSecretKey: kubeconfig
- name: nodegroupRole
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
labels:
role: nodegroup
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.arn
toFieldPath: status.eks.nodeGroupRoleArn
policy:
fromFieldPath: Optional
- name: workerNodeRolePolicyAttachment
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
roleSelector:
matchControllerRef: true
matchLabels:
role: nodegroup
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- name: cniRolePolicyAttachment
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
roleSelector:
matchControllerRef: true
matchLabels:
role: nodegroup
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- name: ebsCsiRolePolicyAttachment
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
roleSelector:
matchControllerRef: true
matchLabels:
role: nodegroup
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- name: containerRegistryRolePolicyAttachment
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
roleSelector:
matchControllerRef: true
matchLabels:
role: nodegroup
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- name: nodeGroupPublic
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: NodeGroup
spec:
forProvider:
clusterNameSelector:
matchControllerRef: true
instanceTypes:
- t3.medium
nodeRoleArnSelector:
matchControllerRef: true
matchLabels:
role: nodegroup
scalingConfig:
- desiredSize: 1
maxSize: 100
minSize: 1
subnetIdSelector:
matchLabels:
access: public
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.scalingConfig[0].desiredSize
- fromFieldPath: spec.parameters.nodes.instanceType
toFieldPath: spec.forProvider.instanceTypes[0]
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[networks.aws.platform.upbound.io/network-id]
- name: ebsCsiAddon
base:
apiVersion: eks.aws.upbound.io/v1beta1
kind: Addon
metadata:
annotations:
crossplane.io/external-name: aws-ebs-csi-driver
spec:
forProvider:
addonName: aws-ebs-csi-driver
clusterNameSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: PatchSet
patchSetName: region
- name: oidcProvider
base:
apiVersion: iam.aws.upbound.io/v1beta1
kind: OpenIDConnectProvider
spec:
forProvider:
clientIdList:
- sts.amazonaws.com
thumbprintList:
- 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: status.eks.oidc
toFieldPath: spec.forProvider.url
policy:
fromFieldPath: Required
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.arn
toFieldPath: status.eks.oidcArn
policy:
fromFieldPath: Optional
- name: providerConfigHelm
base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-ekscluster"
readinessChecks:
- type: None
- name: providerConfigKubernetes
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-ekscluster"
readinessChecks:
- type: None
- name: irsaSettings
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
deletionPolicy: Orphan
forProvider:
manifest:
apiVersion: v1
kind: ConfigMap
metadata:
namespace: default
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-irsa-settings"
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.manifest.metadata.name
transforms:
- type: string
string:
fmt: "%s-irsa-settings"
- fromFieldPath: status.eks.oidcArn
toFieldPath: spec.forProvider.manifest.data.oidc_arn
- fromFieldPath: status.eks.oidcUri
toFieldPath: spec.forProvider.manifest.data.oidc_host
- name: awsAuth
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
deletionPolicy: Orphan
forProvider:
manifest:
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
transforms:
- type: string
string:
fmt: "%s-aws-auth"
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: status.eks.nodeGroupRoleArn
- fromFieldPath: spec.parameters.iam.autoscalerArn
- fromFieldPath: spec.parameters.iam.roleArn
strategy: string
string:
fmt: |
- groups:
- system:bootstrappers
- system:nodes
rolearn: %s
username: system:node:{{EC2PrivateDNSName}}
- groups:
- system:bootstrappers
- system:nodes
rolearn: %s
username: system:node:{{EC2PrivateDNSName}}
- groups:
- system:masters
rolearn: %s
username: adminrole
toFieldPath: spec.forProvider.manifest.data.mapRoles
policy:
fromFieldPath: Optional
- type: CombineFromComposite
combine:
variables:
- fromFieldPath: spec.parameters.iam.userArn
strategy: string
string:
fmt: |
- groups:
- system:masters
userarn: %s
username: adminuser
toFieldPath: spec.forProvider.manifest.data.mapUsers
policy:
fromFieldPath: Optional
writeConnectionSecretsToNamespace: upbound-system