XGKE
upbound/configuration-caas@v0.2.0
Resources (7)
The following resources are composed to implement the referenced Composite Resource Definition (XRD).
Kind
Group
Version
ServiceAccount
cloudplatform.gcp.upbound.io
v1beta1
ServiceAccountKey
cloudplatform.gcp.upbound.io
v1beta1
ProjectIAMMember
cloudplatform.gcp.upbound.io
v1beta1
Cluster
container.gcp.upbound.io
v1beta1
NodePool
container.gcp.upbound.io
v1beta1
ProviderConfig
helm.crossplane.io
v1beta1
ProviderConfig
kubernetes.crossplane.io
v1alpha1
YAML
Composition
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: xgke.gcp.caas.upbound.io
creationTimestamp: null
labels:
provider: GCP
spec:
compositeTypeRef:
apiVersion: gcp.caas.upbound.io/v1alpha1
kind: XGKE
patchSets:
- name: providerConfigRef
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.providerConfigRef.name
- name: deletionPolicy
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.deletionPolicy
toFieldPath: spec.deletionPolicy
- name: region
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.location
resources:
- name: service-account
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccount
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.displayName
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.email
toFieldPath: status.gke.serviceAccount
policy:
fromFieldPath: Required
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.id
toFieldPath: status.gke.project
transforms:
- type: string
string:
type: Regexp
regexp:
match: projects\/(.+)\/serviceAccounts\/.*
group: 1
policy:
fromFieldPath: Required
- name: service-account-key
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccountKey
spec:
forProvider:
serviceAccountIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-sakey"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- name: project-iam-member
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ProjectIAMMember
spec:
forProvider:
role: roles/container.admin
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.member
transforms:
- type: string
string:
fmt: serviceAccount:%s
policy:
fromFieldPath: Required
- fromFieldPath: status.gke.project
toFieldPath: spec.forProvider.project
policy:
fromFieldPath: Required
- name: gke-cluster
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
spec:
forProvider:
enableIntranodeVisibility: true
initialNodeCount: 1
ipAllocationPolicy:
- clusterSecondaryRangeName: pods
servicesSecondaryRangeName: services
loggingService: logging.googleapis.com/kubernetes
monitoringService: monitoring.googleapis.com/kubernetes
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: PatchSet
patchSetName: region
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-gkecluster"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.networkSelector.matchLabels[networks.gcp.caas.upbound.io/network-id]
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.subnetworkSelector.matchLabels[networks.gcp.caas.upbound.io/network-id]
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
policy:
fromFieldPath: Required
connectionDetails:
- fromConnectionSecretKey: kubeconfig
- name: node-pool
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: NodePool
spec:
forProvider:
autoscaling:
- maxNodeCount: 1
minNodeCount: 1
clusterSelector:
matchControllerRef: true
initialNodeCount: 1
management:
- autoRepair: true
autoUpgrade: true
maxPodsPerNode: 55
nodeConfig:
- diskSizeGb: 10
imageType: COS_CONTAINERD
machineType: e2-medium
metadata:
disable-legacy-endpoints: "true"
oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: true
shieldedInstanceConfig:
- enableIntegrityMonitoring: true
enableSecureBoot: true
patches:
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: PatchSet
patchSetName: region
- fromFieldPath: spec.parameters.nodes.instanceType
toFieldPath: spec.forProvider.nodeConfig[0].machineType
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.initialNodeCount
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.autoscaling[0].minNodeCount
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.autoscaling[0].maxNodeCount
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
policy:
fromFieldPath: Required
- name: providerConfig-helm
base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
identity:
secretRef:
key: private_key
source: Secret
type: GoogleApplicationCredentials
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-gkecluster"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.identity.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.identity.secretRef.name
transforms:
- type: string
string:
fmt: "%s-sakey"
readinessChecks:
- type: None
- name: providerConfig-kubernetes
base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
identity:
secretRef:
key: private_key
source: Secret
type: GoogleApplicationCredentials
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-gkecluster"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.identity.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.identity.secretRef.name
transforms:
- type: string
string:
fmt: "%s-sakey"
readinessChecks:
- type: None
writeConnectionSecretsToNamespace: upbound-system