xgke.gcp.platform.upbound.io
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: xgke.gcp.platform.upbound.io
creationTimestamp: null
labels:
provider: gcp
spec:
compositeTypeRef:
apiVersion: gcp.platform.upbound.io/v1alpha1
kind: XGKE
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: crossplane-contrib-function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
patchSets:
- name: providerConfigRef
patches:
- fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- name: deletionPolicy
patches:
- fromFieldPath: spec.parameters.deletionPolicy
toFieldPath: spec.deletionPolicy
type: FromCompositeFieldPath
- name: region
patches:
- fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.location
type: FromCompositeFieldPath
resources:
- base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccount
name: serviceaccount
patches:
- patchSetName: providerConfigRef
type: PatchSet
- patchSetName: deletionPolicy
type: PatchSet
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.displayName
type: FromCompositeFieldPath
- fromFieldPath: status.atProvider.email
toFieldPath: status.gke.serviceAccount
type: ToCompositeFieldPath
- fromFieldPath: status.atProvider.id
toFieldPath: status.gke.project
transforms:
- string:
regexp:
group: 1
match: projects\/(.+)\/serviceAccounts\/.*
type: Regexp
type: string
type: ToCompositeFieldPath
- base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccountKey
spec:
forProvider:
serviceAccountIdSelector:
matchControllerRef: true
name: serviceaccountkey
patches:
- patchSetName: providerConfigRef
type: PatchSet
- patchSetName: deletionPolicy
type: PatchSet
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- string:
fmt: "%s-sakey"
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
type: FromCompositeFieldPath
- base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ProjectIAMMember
spec:
forProvider:
role: roles/container.admin
name: projectiammember
patches:
- patchSetName: providerConfigRef
type: PatchSet
- patchSetName: deletionPolicy
type: PatchSet
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
type: FromCompositeFieldPath
- fromFieldPath: status.gke.serviceAccount
policy:
fromFieldPath: Required
toFieldPath: spec.forProvider.member
transforms:
- string:
fmt: serviceAccount:%s
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: status.gke.project
policy:
fromFieldPath: Required
toFieldPath: spec.forProvider.project
type: FromCompositeFieldPath
- base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
spec:
forProvider:
deletionProtection: false
enableIntranodeVisibility: true
initialNodeCount: 1
ipAllocationPolicy:
- clusterSecondaryRangeName: pods
servicesSecondaryRangeName: services
loggingService: logging.googleapis.com/kubernetes
monitoringService: monitoring.googleapis.com/kubernetes
connectionDetails:
- fromConnectionSecretKey: kubeconfig
name: kubeconfig
type: FromConnectionSecretKey
name: gkecluster
patches:
- patchSetName: providerConfigRef
type: PatchSet
- patchSetName: deletionPolicy
type: PatchSet
- patchSetName: region
type: PatchSet
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- string:
fmt: "%s-gkecluster"
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.networkSelector.matchLabels[networks.gcp.platform.upbound.io/network-id]
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.subnetworkSelector.matchLabels[networks.gcp.platform.upbound.io/network-id]
type: FromCompositeFieldPath
- fromFieldPath: status.gke.serviceAccount
policy:
fromFieldPath: Required
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.nodeVersion
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.minMasterVersion
type: FromCompositeFieldPath
- base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: NodePool
spec:
forProvider:
autoscaling:
- maxNodeCount: 1
minNodeCount: 1
clusterSelector:
matchControllerRef: true
initialNodeCount: 1
management:
- autoRepair: true
autoUpgrade: true
maxPodsPerNode: 55
nodeConfig:
- diskSizeGb: 10
imageType: COS_CONTAINERD
machineType: e2-medium
metadata:
disable-legacy-endpoints: "true"
oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: true
shieldedInstanceConfig:
- enableIntegrityMonitoring: true
enableSecureBoot: true
name: node-pool
patches:
- patchSetName: providerConfigRef
type: PatchSet
- patchSetName: deletionPolicy
type: PatchSet
- patchSetName: region
type: PatchSet
- fromFieldPath: spec.parameters.nodes.instanceType
toFieldPath: spec.forProvider.nodeConfig[0].machineType
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.initialNodeCount
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.autoscaling[0].minNodeCount
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.autoscaling[0].maxNodeCount
type: FromCompositeFieldPath
- fromFieldPath: status.gke.serviceAccount
policy:
fromFieldPath: Required
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
type: FromCompositeFieldPath
- base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
identity:
secretRef:
key: private_key
source: Secret
type: GoogleApplicationCredentials
name: providerConfigHelm
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- string:
fmt: "%s-gkecluster"
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.identity.secretRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: metadata.uid
toFieldPath: spec.identity.secretRef.name
transforms:
- string:
fmt: "%s-sakey"
type: Format
type: string
type: FromCompositeFieldPath
readinessChecks:
- type: None
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
identity:
secretRef:
key: private_key
source: Secret
type: GoogleApplicationCredentials
name: providerConfigKubernetes
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.name
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- string:
fmt: "%s-gkecluster"
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.identity.secretRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: metadata.uid
toFieldPath: spec.identity.secretRef.name
transforms:
- string:
fmt: "%s-sakey"
type: Format
type: string
type: FromCompositeFieldPath
readinessChecks:
- type: None
writeConnectionSecretsToNamespace: upbound-system