The following resources are composed to implement the referenced Composite Resource Definition (XRD).
VPC
InternetGateway
Subnet
Subnet
Subnet
Subnet
RouteTable
Route
MainRouteTableAssociation
RouteTableAssociation
RouteTableAssociation
RouteTableAssociation
RouteTableAssociation
SecurityGroup
SecurityGroupRule
SecurityGroupRule
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: xnetworks.aws.net.starter.org
creationTimestamp: null
labels:
provider: aws
spec:
compositeTypeRef:
apiVersion: net.starter.org/v1alpha1
kind: XNetwork
patchSets:
- name: network-id
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.id
toFieldPath: metadata.labels[aws.net.starter.org/network-id]
resources:
- name: platform-vcp
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: VPC
spec:
forProvider:
cidrBlock: 192.168.0.0/16
enableDnsHostnames: true
enableDnsSupport: true
region: us-west-2
tags:
Name: platform-vpc
Owner: Platform Team
patches:
- type: PatchSet
patchSetName: network-id
- name: gateway
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: InternetGateway
spec:
forProvider:
region: us-west-2
vpcIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- name: subnet-public-west-2a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: public
zone: us-west-2a
spec:
forProvider:
availabilityZone: us-west-2a
cidrBlock: 192.168.0.0/18
mapPublicIpOnLaunch: true
region: us-west-2
tags:
kubernetes.io/role/elb: "1"
vpcIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- type: ToCompositeFieldPath
fromFieldPath: metadata.annotations[crossplane.io/external-name]
toFieldPath: status.subnetIds[0]
- name: subnet-public-west-2b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: public
zone: us-west-2b
spec:
forProvider:
availabilityZone: us-west-2b
cidrBlock: 192.168.64.0/18
mapPublicIpOnLaunch: true
region: us-west-2
tags:
kubernetes.io/role/elb: "1"
vpcIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- type: ToCompositeFieldPath
fromFieldPath: metadata.annotations[crossplane.io/external-name]
toFieldPath: status.subnetIds[1]
- name: subnet-private-west-2a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: private
zone: us-west-2a
spec:
forProvider:
availabilityZone: us-west-2a
cidrBlock: 192.168.128.0/18
region: us-west-2
tags:
kubernetes.io/role/internal-elb: "1"
vpcIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- type: ToCompositeFieldPath
fromFieldPath: metadata.annotations[crossplane.io/external-name]
toFieldPath: status.subnetIds[2]
- name: subnet-private-west-2b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
labels:
access: private
zone: us-west-2b
spec:
forProvider:
availabilityZone: us-west-2b
cidrBlock: 192.168.192.0/18
region: us-west-2
tags:
kubernetes.io/role/internal-elb: "1"
vpcIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- type: ToCompositeFieldPath
fromFieldPath: metadata.annotations[crossplane.io/external-name]
toFieldPath: status.subnetIds[3]
- name: routeTable
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTable
spec:
forProvider:
region: us-west-2
vpcIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- name: route
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Route
spec:
forProvider:
destinationCidrBlock: 0.0.0.0/0
gatewayIdSelector:
matchControllerRef: true
region: us-west-2
routeTableIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- name: mainRouteTableAssociation
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: MainRouteTableAssociation
spec:
forProvider:
region: us-west-2
routeTableIdSelector:
matchControllerRef: true
vpcIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- name: RouteTableAssociation-public-a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
region: us-west-2
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
zone: us-west-2a
patches:
- type: PatchSet
patchSetName: network-id
- name: RouteTableAssociation-public-b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
region: us-west-2
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: public
zone: us-west-2b
patches:
- type: PatchSet
patchSetName: network-id
- name: RouteTableAssociation-private-a
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
region: us-west-2
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: private
zone: us-west-2a
patches:
- type: PatchSet
patchSetName: network-id
- name: RouteTableAssociation-private-b
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
spec:
forProvider:
region: us-west-2
routeTableIdSelector:
matchControllerRef: true
subnetIdSelector:
matchControllerRef: true
matchLabels:
access: private
zone: us-west-2b
patches:
- type: PatchSet
patchSetName: network-id
- name: securityGroup
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroup
spec:
forProvider:
description: Allow access to databases
name: platform-ref-aws-cluster
region: us-west-2
vpcIdSelector:
matchControllerRef: true
patches:
- type: PatchSet
patchSetName: network-id
- type: ToCompositeFieldPath
fromFieldPath: metadata.annotations[crossplane.io/external-name]
toFieldPath: status.securityGroupIds[0]
- name: securityGroupRulePostgres
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroupRule
spec:
forProvider:
cidrBlocks:
- 0.0.0.0/0
description: Everywhere
fromPort: 5432
protocol: tcp
region: us-west-2
securityGroupIdSelector:
matchControllerRef: true
toPort: 5432
type: ingress
patches:
- type: PatchSet
patchSetName: network-id
- name: securityGroupRuleMysql
base:
apiVersion: ec2.aws.upbound.io/v1beta1
kind: SecurityGroupRule
spec:
forProvider:
cidrBlocks:
- 0.0.0.0/0
description: Everywhere
fromPort: 3306
protocol: tcp
region: us-west-2
securityGroupIdSelector:
matchControllerRef: true
toPort: 3306
type: ingress
patches:
- type: PatchSet
patchSetName: network-id
writeConnectionSecretsToNamespace: upbound-system