xaks.azure.platform.upbound.io
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: xaks.azure.platform.upbound.io
creationTimestamp: null
labels:
provider: azure
spec:
compositeTypeRef:
apiVersion: azure.platform.upbound.io/v1alpha1
kind: XAKS
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: crossplane-contrib-function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
patchSets:
- name: providerConfigRef
patches:
- fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- name: deletionPolicy
patches:
- fromFieldPath: spec.parameters.deletionPolicy
toFieldPath: spec.deletionPolicy
type: FromCompositeFieldPath
- name: region
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.location
type: FromCompositeFieldPath
resources:
- base:
apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
spec:
forProvider:
defaultNodePool:
- name: default
identity:
- type: SystemAssigned
oidcIssuerEnabled: true
workloadIdentityEnabled: true
connectionDetails:
- fromConnectionSecretKey: kubeconfig
name: kubeconfig
type: FromConnectionSecretKey
name: kubernetesCluster
patches:
- patchSetName: providerConfigRef
type: PatchSet
- patchSetName: deletionPolicy
type: PatchSet
- patchSetName: region
type: PatchSet
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.kubernetesVersion
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
transforms:
- string:
fmt: "%s-aks"
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.resourceGroupNameSelector.matchLabels[azure.platform.upbound.io/network-id]
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.defaultNodePool[0].vnetSubnetIdSelector.matchLabels[azure.platform.upbound.io/network-id]
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.dnsPrefix
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.nodes.instanceType
toFieldPath: spec.forProvider.defaultNodePool[0].vmSize
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.defaultNodePool[0].nodeCount
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- string:
fmt: "%s-akscluster"
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: status.atProvider.oidcIssuerUrl
policy:
fromFieldPath: Optional
toFieldPath: status.aks.oidcIssuerUrl
type: ToCompositeFieldPath
- fromFieldPath: status.atProvider.oidcIssuerUrl
policy:
fromFieldPath: Optional
toFieldPath: status.aks.oidcIssuerUrl
type: ToCompositeFieldPath
- fromFieldPath: status.atProvider.oidcIssuerUrl
policy:
fromFieldPath: Optional
toFieldPath: status.aks.oidcIssuerUri
transforms:
- string:
trim: https://
type: TrimPrefix
type: string
type: ToCompositeFieldPath
- base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
name: providerConfigHelm
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- string:
fmt: "%s-akscluster"
type: Format
type: string
type: FromCompositeFieldPath
readinessChecks:
- type: None
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
name: providerConfigKubernetes
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- string:
fmt: "%s-akscluster"
type: Format
type: string
type: FromCompositeFieldPath
readinessChecks:
- type: None
- base:
apiVersion: helm.crossplane.io/v1beta1
kind: Release
spec:
forProvider:
chart:
name: universal-crossplane
repository: https://charts.upbound.io/stable
version: 1.16.0-up.1
namespace: upbound-system
values: {}
rollbackLimit: 3
name: crossplane
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- base:
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: upbound-provider-gcp-compute
spec:
package: xpkg.upbound.io/upbound/provider-gcp-compute:v1.6.0
runtimeConfigRef:
apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
name: upbound-provider-gcp-compute
name: provider
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- base:
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
spec:
forProvider:
manifest:
apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
name: upbound-provider-gcp-compute
spec:
deploymentTemplate:
spec:
replicas: 1
selector: {}
template:
metadata:
labels:
azure.workload.identity/use: "true"
spec:
containers:
- env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /tmp/gcp_default_credentials.json
name: package-runtime
volumeMounts:
- mountPath: /tmp/
name: gcp
volumes:
- configMap:
items:
- key: gcp_default_credentials.json
path: gcp_default_credentials.json
name: gcp-default-credentials
name: gcp
serviceAccountTemplate:
metadata:
annotations:
azure.workload.identity/client-id: upbound-provider-gcp-compute
name: upbound-provider-gcp-compute
name: drc
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- base:
apiVersion: managedidentity.azure.upbound.io/v1beta1
kind: UserAssignedIdentity
spec:
forProvider:
name: upbound-provider-gcp-compute
name: user-assigned-identity
patches:
- patchSetName: providerConfigRef
type: PatchSet
- patchSetName: deletionPolicy
type: PatchSet
- patchSetName: region
type: PatchSet
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.resourceGroupNameSelector.matchLabels[azure.platform.upbound.io/network-id]
type: FromCompositeFieldPath
- fromFieldPath: status.atProvider.id
policy:
fromFieldPath: Optional
toFieldPath: status.aks.userAssignedIdentityId
type: ToCompositeFieldPath
- fromFieldPath: status.atProvider.principalId
policy:
fromFieldPath: Optional
toFieldPath: status.aks.userAssignedIdentitiyObjectId
type: ToCompositeFieldPath
- base:
apiVersion: managedidentity.azure.upbound.io/v1beta1
kind: FederatedIdentityCredential
spec:
forProvider:
audience:
- api://AzureADTokenExchange
subject: system:serviceaccount:upbound-system:upbound-provider-gcp-compute
name: federated-identity-credential
patches:
- patchSetName: providerConfigRef
type: PatchSet
- patchSetName: deletionPolicy
type: PatchSet
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.resourceGroupNameSelector.matchLabels[azure.platform.upbound.io/network-id]
type: FromCompositeFieldPath
- fromFieldPath: status.aks.oidcIssuerUrl
policy:
fromFieldPath: Required
toFieldPath: spec.forProvider.issuer
type: FromCompositeFieldPath
- fromFieldPath: status.aks.userAssignedIdentityId
policy:
fromFieldPath: Required
toFieldPath: spec.forProvider.parentId
type: FromCompositeFieldPath
- base:
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
spec:
forProvider:
manifest:
apiVersion: v1
kind: ConfigMap
metadata:
name: gcp-default-credentials
namespace: upbound-system
name: gcp-configmap
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- combine:
strategy: string
string:
fmt: >
{
"universe_domain": "googleapis.com",
"type": "external_account",
"audience": "//iam.googleapis.com/projects/%s/locations/global/workloadIdentityPools/%s/providers/%s",
"subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
"token_url": "https://sts.googleapis.com/v1/token",
"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s@%s.iam.gserviceaccount.com:generateAccessToken",
"credential_source": {
"file": "/var/run/secrets/azure/tokens/azure-identity-token",
"format": {
"type": "text"
}
}
}
variables:
- fromFieldPath: spec.parameters.gcp.projectId
- fromFieldPath: spec.parameters.gcp.workloadIdentityPoolName
- fromFieldPath: spec.parameters.gcp.serviceAccountName
- fromFieldPath: spec.parameters.gcp.serviceAccountName
- fromFieldPath: spec.parameters.gcp.projectName
toFieldPath: spec.forProvider.manifest.data[gcp_default_credentials.json]
type: CombineFromComposite
- base:
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
spec:
forProvider:
manifest:
apiVersion: gcp.upbound.io/v1beta1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: ImpersonateServiceAccount
name: gcp-providerconfig
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.gcp.projectName
toFieldPath: spec.forProvider.manifest.spec.projectID
type: FromCompositeFieldPath
- combine:
strategy: string
string:
fmt: "%s@%s.iam.gserviceaccount.com"
variables:
- fromFieldPath: spec.parameters.gcp.serviceAccountName
- fromFieldPath: spec.parameters.gcp.projectName
toFieldPath: spec.forProvider.manifest.spec.credentials.impersonateServiceAccount.name
type: CombineFromComposite
- step: ordered-creation
functionRef:
name: crossplane-contrib-function-sequencer
input:
apiVersion: template.fn.crossplane.io/v1beta1
kind: Input
rules:
- sequence:
- kubernetesCluster
- crossplane
- sequence:
- kubernetesCluster
- gcp-configmap
- sequence:
- kubernetesCluster
- provider
- sequence:
- kubernetesCluster
- drc
- sequence:
- kubernetesCluster
- gcp-providerconfig
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.