Marketplace
BrowsePublish
Marketplace
upbound/configuration-caas@v0.3.0
xeks.aws.caas.upbound.io

xeks.aws.caas.upbound.io

xeks.aws.caas.upbound.io
upbound/configuration-caas@v0.3.0xeks.aws.caas.upbound.io
Type

Composition

Referenced XRD

XEKS

Source Codegithub.com/upbound/configuration-caas
Resources (16)

The following resources are composed to implement the referenced Composite Resource Definition (XRD).

Kind
Group
Version

Role

iam.aws.upbound.io
v1beta1

RolePolicyAttachment

iam.aws.upbound.io
v1beta1

Cluster

eks.aws.upbound.io
v1beta1

ClusterAuth

eks.aws.upbound.io
v1beta1

Role

iam.aws.upbound.io
v1beta1

RolePolicyAttachment

iam.aws.upbound.io
v1beta1

RolePolicyAttachment

iam.aws.upbound.io
v1beta1

RolePolicyAttachment

iam.aws.upbound.io
v1beta1

RolePolicyAttachment

iam.aws.upbound.io
v1beta1

NodeGroup

eks.aws.upbound.io
v1beta1

Addon

eks.aws.upbound.io
v1beta1

OpenIDConnectProvider

iam.aws.upbound.io
v1beta1

ProviderConfig

helm.crossplane.io
v1beta1

ProviderConfig

kubernetes.crossplane.io
v1alpha1

Object

kubernetes.crossplane.io
v1alpha1

Object

kubernetes.crossplane.io
v1alpha1
YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
  name: xeks.aws.caas.upbound.io
  creationTimestamp: null
  labels:
    provider: aws
spec:
  compositeTypeRef:
    apiVersion: aws.caas.upbound.io/v1alpha1
    kind: XEKS
  patchSets:
    - name: providerConfigRef
      patches:
        - type: FromCompositeFieldPath
          fromFieldPath: spec.parameters.providerConfigName
          toFieldPath: spec.providerConfigRef.name
    - name: deletionPolicy
      patches:
        - type: FromCompositeFieldPath
          fromFieldPath: spec.parameters.deletionPolicy
          toFieldPath: spec.deletionPolicy
    - name: region
      patches:
        - type: FromCompositeFieldPath
          fromFieldPath: spec.parameters.region
          toFieldPath: spec.forProvider.region
  resources:
    - name: controlplaneRole
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: Role
        metadata:
          labels:
            role: controlplane
        spec:
          forProvider:
            assumeRolePolicy: |
              {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "eks.amazonaws.com"
                            ]
                        },
                        "Action": [
                            "sts:AssumeRole"
                        ]
                    }
                ]
              }
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
    - name: clusterRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: controlplane
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
    - name: kubernetesCluster
      base:
        apiVersion: eks.aws.upbound.io/v1beta1
        kind: Cluster
        spec:
          forProvider:
            roleArnSelector:
              matchControllerRef: true
              matchLabels:
                role: controlplane
            vpcConfig:
              - endpointPrivateAccess: true
                endpointPublicAccess: true
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
        - type: PatchSet
          patchSetName: region
        - fromFieldPath: spec.parameters.subnetIds
          toFieldPath: spec.forProvider.vpcConfig[0].subnetIds
        - fromFieldPath: spec.parameters.version
          toFieldPath: spec.forProvider.version
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.identity[0].oidc[0].issuer
          toFieldPath: status.eks.oidc
          policy:
            fromFieldPath: Optional
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.identity[0].oidc[0].issuer
          toFieldPath: status.eks.oidcUri
          transforms:
            - type: string
              string:
                type: TrimPrefix
                trim: https://
          policy:
            fromFieldPath: Optional
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.roleArn
          toFieldPath: status.eks.accountId
          transforms:
            - type: string
              string:
                type: Regexp
                regexp:
                  match: arn:aws:iam::(\d+):.*
                  group: 1
          policy:
            fromFieldPath: Optional
    - name: kubernetesClusterAuth
      base:
        apiVersion: eks.aws.upbound.io/v1beta1
        kind: ClusterAuth
        spec:
          forProvider:
            clusterNameSelector:
              matchControllerRef: true
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
        - type: PatchSet
          patchSetName: region
        - fromFieldPath: spec.writeConnectionSecretToRef.namespace
          toFieldPath: spec.writeConnectionSecretToRef.namespace
        - fromFieldPath: metadata.uid
          toFieldPath: spec.writeConnectionSecretToRef.name
          transforms:
            - type: string
              string:
                fmt: "%s-ekscluster"
      connectionDetails:
        - fromConnectionSecretKey: kubeconfig
    - name: nodegroupRole
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: Role
        metadata:
          labels:
            role: nodegroup
        spec:
          forProvider:
            assumeRolePolicy: |
              {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "ec2.amazonaws.com"
                            ]
                        },
                        "Action": [
                            "sts:AssumeRole"
                        ]
                    }
                ]
              }
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.arn
          toFieldPath: status.eks.nodeGroupRoleArn
          policy:
            fromFieldPath: Optional
    - name: workerNodeRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
    - name: cniRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
    - name: ebsCsiRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
    - name: containerRegistryRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
    - name: nodeGroupPublic
      base:
        apiVersion: eks.aws.upbound.io/v1beta1
        kind: NodeGroup
        spec:
          forProvider:
            clusterNameSelector:
              matchControllerRef: true
            instanceTypes:
              - t3.medium
            nodeRoleArnSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
            scalingConfig:
              - desiredSize: 1
                maxSize: 100
                minSize: 1
            subnetIdSelector:
              matchLabels:
                access: public
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
        - type: PatchSet
          patchSetName: region
        - fromFieldPath: spec.parameters.nodes.count
          toFieldPath: spec.forProvider.scalingConfig[0].desiredSize
        - fromFieldPath: spec.parameters.nodes.instanceType
          toFieldPath: spec.forProvider.instanceTypes[0]
        - fromFieldPath: spec.parameters.id
          toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[networks.aws.caas.upbound.io/network-id]
    - name: ebsCsiAddon
      base:
        apiVersion: eks.aws.upbound.io/v1beta1
        kind: Addon
        metadata:
          annotations:
            crossplane.io/external-name: aws-ebs-csi-driver
        spec:
          forProvider:
            addonName: aws-ebs-csi-driver
            clusterNameSelector:
              matchControllerRef: true
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
        - type: PatchSet
          patchSetName: region
    - name: oidcProvider
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: OpenIDConnectProvider
        spec:
          forProvider:
            clientIdList:
              - sts.amazonaws.com
            thumbprintList:
              - 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
      patches:
        - type: PatchSet
          patchSetName: providerConfigRef
        - type: PatchSet
          patchSetName: deletionPolicy
        - fromFieldPath: status.eks.oidc
          toFieldPath: spec.forProvider.url
          policy:
            fromFieldPath: Required
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.arn
          toFieldPath: status.eks.oidcArn
          policy:
            fromFieldPath: Optional
    - name: providerConfig-helm
      base:
        apiVersion: helm.crossplane.io/v1beta1
        kind: ProviderConfig
        spec:
          credentials:
            secretRef:
              key: kubeconfig
            source: Secret
      patches:
        - fromFieldPath: spec.parameters.id
          toFieldPath: metadata.name
        - fromFieldPath: spec.writeConnectionSecretToRef.namespace
          toFieldPath: spec.credentials.secretRef.namespace
        - fromFieldPath: metadata.uid
          toFieldPath: spec.credentials.secretRef.name
          transforms:
            - type: string
              string:
                fmt: "%s-ekscluster"
      readinessChecks:
        - type: None
    - name: providerConfig-kubernetes
      base:
        apiVersion: kubernetes.crossplane.io/v1alpha1
        kind: ProviderConfig
        spec:
          credentials:
            secretRef:
              key: kubeconfig
            source: Secret
      patches:
        - fromFieldPath: spec.parameters.id
          toFieldPath: metadata.name
        - fromFieldPath: spec.writeConnectionSecretToRef.namespace
          toFieldPath: spec.credentials.secretRef.namespace
        - fromFieldPath: metadata.uid
          toFieldPath: spec.credentials.secretRef.name
          transforms:
            - type: string
              string:
                fmt: "%s-ekscluster"
      readinessChecks:
        - type: None
    - name: irsa-settings
      base:
        apiVersion: kubernetes.crossplane.io/v1alpha1
        kind: Object
        spec:
          deletionPolicy: Orphan
          forProvider:
            manifest:
              apiVersion: v1
              kind: ConfigMap
              metadata:
                namespace: default
      patches:
        - fromFieldPath: spec.parameters.id
          toFieldPath: spec.providerConfigRef.name
        - fromFieldPath: spec.parameters.id
          toFieldPath: metadata.name
          transforms:
            - type: string
              string:
                fmt: "%s-irsa-settings"
        - fromFieldPath: spec.parameters.id
          toFieldPath: spec.forProvider.manifest.metadata.name
          transforms:
            - type: string
              string:
                fmt: "%s-irsa-settings"
        - fromFieldPath: status.eks.oidcArn
          toFieldPath: spec.forProvider.manifest.data.oidc_arn
        - fromFieldPath: status.eks.oidcUri
          toFieldPath: spec.forProvider.manifest.data.oidc_host
    - name: aws-auth
      base:
        apiVersion: kubernetes.crossplane.io/v1alpha1
        kind: Object
        spec:
          deletionPolicy: Orphan
          forProvider:
            manifest:
              apiVersion: v1
              kind: ConfigMap
              metadata:
                name: aws-auth
                namespace: kube-system
      patches:
        - fromFieldPath: spec.parameters.id
          toFieldPath: spec.providerConfigRef.name
        - fromFieldPath: spec.parameters.id
          toFieldPath: metadata.name
          transforms:
            - type: string
              string:
                fmt: "%s-aws-auth"
        - type: CombineFromComposite
          combine:
            variables:
              - fromFieldPath: status.eks.nodeGroupRoleArn
              - fromFieldPath: spec.parameters.iam.userArn
              - fromFieldPath: spec.parameters.iam.roleArn
            strategy: string
            string:
              fmt: |
                - groups:
                  - system:bootstrappers
                  - system:nodes
                  rolearn: %s
                  username: system:node:{{EC2PrivateDNSName}}
                - groups:
                  - system:masters
                  userarn: %s
                  username: adminuser
                - groups:
                  - system:masters
                  rolearn: %s
                  username: adminrole
          toFieldPath: spec.forProvider.manifest.data.mapRoles
          policy:
            fromFieldPath: Optional
  writeConnectionSecretsToNamespace: upbound-system
Marketplace

Discover the building blocks for your internal cloud platform.

© 2022 Upbound, Inc.

SolutionsProvidersConfigurations
LearnDocumentationTry for Free
MorePrivacy PolicyTerms & Conditions
Marketplace

© 2022 Upbound, Inc.

Marketplace

Discover the building blocksfor your internal cloud platform.