Marketplace
BrowsePublish
Marketplace
upbound/platform-ref-aws@v1.1.0
xeks.aws.platformref.crossplane.io

xeks.aws.platformref.crossplane.io

xeks.aws.platformref.crossplane.io
upbound/platform-ref-aws@v1.1.0xeks.aws.platformref.crossplane.io
Type

Composition

Referenced XRD

XEKS

Source Codegithub.com/upbound/platform-ref-aws
Resources (10)

The following resources are composed to implement the referenced Composite Resource Definition (XRD).

Kind
Group
Version

Role

iam.aws.crossplane.io
v1beta1

RolePolicyAttachment

iam.aws.crossplane.io
v1beta1

Cluster

eks.aws.crossplane.io
v1beta1

Role

iam.aws.crossplane.io
v1beta1

RolePolicyAttachment

iam.aws.crossplane.io
v1beta1

RolePolicyAttachment

iam.aws.crossplane.io
v1beta1

RolePolicyAttachment

iam.aws.crossplane.io
v1beta1

NodeGroup

eks.aws.crossplane.io
v1alpha1

OpenIDConnectProvider

iam.aws.crossplane.io
v1beta1

ProviderConfig

helm.crossplane.io
v1beta1
YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
  name: xeks.aws.platformref.crossplane.io
  creationTimestamp: null
  labels:
    provider: aws
spec:
  compositeTypeRef:
    apiVersion: aws.platformref.crossplane.io/v1alpha1
    kind: XEKS
  resources:
    - name: controlplaneRole
      base:
        apiVersion: iam.aws.crossplane.io/v1beta1
        kind: Role
        metadata:
          labels:
            role: controlplane
        spec:
          forProvider:
            assumeRolePolicyDocument: |
              {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "eks.amazonaws.com"
                            ]
                        },
                        "Action": [
                            "sts:AssumeRole"
                        ]
                    }
                ]
              }
    - name: clusterRolePolicyAttachment
      base:
        apiVersion: iam.aws.crossplane.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
            roleNameSelector:
              matchControllerRef: true
              matchLabels:
                role: controlplane
    - name: kubernetesCluster
      base:
        apiVersion: eks.aws.crossplane.io/v1beta1
        kind: Cluster
        spec:
          forProvider:
            region: us-west-2
            resourcesVpcConfig:
              endpointPrivateAccess: true
              endpointPublicAccess: true
            roleArnSelector:
              matchControllerRef: true
              matchLabels:
                role: controlplane
            version: "1.21"
      patches:
        - fromFieldPath: metadata.annotations[crossplane.io/external-name]
          toFieldPath: metadata.annotations[crossplane.io/external-name]
        - fromFieldPath: metadata.uid
          toFieldPath: spec.writeConnectionSecretToRef.name
          transforms:
            - type: string
              string:
                fmt: "%s-ekscluster"
        - fromFieldPath: spec.writeConnectionSecretToRef.namespace
          toFieldPath: spec.writeConnectionSecretToRef.namespace
        - fromFieldPath: spec.id
          toFieldPath: spec.forProvider.resourcesVpcConfig.securityGroupIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]
        - fromFieldPath: spec.id
          toFieldPath: spec.forProvider.resourcesVpcConfig.subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.identity.oidc.issuer
          toFieldPath: status.eks.oidc
          policy:
            fromFieldPath: Optional
      connectionDetails:
        - fromConnectionSecretKey: kubeconfig
    - name: nodegroupRole
      base:
        apiVersion: iam.aws.crossplane.io/v1beta1
        kind: Role
        metadata:
          labels:
            role: nodegroup
        spec:
          forProvider:
            assumeRolePolicyDocument: |
              {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "ec2.amazonaws.com"
                            ]
                        },
                        "Action": [
                            "sts:AssumeRole"
                        ]
                    }
                ]
              }
    - name: workerNodeRolePolicyAttachment
      base:
        apiVersion: iam.aws.crossplane.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
            roleNameSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
    - name: cniRolePolicyAttachment
      base:
        apiVersion: iam.aws.crossplane.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
            roleNameSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
    - name: containerRegistryRolePolicyAttachment
      base:
        apiVersion: iam.aws.crossplane.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
            roleNameSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
    - name: nodeGroupPublic
      base:
        apiVersion: eks.aws.crossplane.io/v1alpha1
        kind: NodeGroup
        spec:
          forProvider:
            clusterNameSelector:
              matchControllerRef: true
            instanceTypes:
              - t3.medium
            nodeRoleSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
            region: us-west-2
            scalingConfig:
              desiredSize: 1
              maxSize: 100
              minSize: 1
            subnetSelector:
              matchLabels:
                access: public
      patches:
        - fromFieldPath: metadata.annotations[crossplane.io/external-name]
          toFieldPath: metadata.annotations[crossplane.io/external-name]
        - fromFieldPath: spec.parameters.nodes.count
          toFieldPath: spec.forProvider.scalingConfig.desiredSize
        - fromFieldPath: spec.parameters.nodes.size
          toFieldPath: spec.forProvider.instanceTypes[0]
          transforms:
            - type: map
              map:
                large: t3.large
                medium: t3.medium
                small: t3.small
        - fromFieldPath: spec.id
          toFieldPath: spec.forProvider.subnetSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]
    - name: oidcProvider
      base:
        apiVersion: iam.aws.crossplane.io/v1beta1
        kind: OpenIDConnectProvider
        spec:
          forProvider:
            clientIDList:
              - sts.amazonaws.com
            thumbprintList:
              - 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
      patches:
        - fromFieldPath: status.eks.oidc
          toFieldPath: spec.forProvider.url
          policy:
            fromFieldPath: Required
    - name: providerConfig
      base:
        apiVersion: helm.crossplane.io/v1beta1
        kind: ProviderConfig
        spec:
          credentials:
            secretRef:
              key: kubeconfig
            source: Secret
      patches:
        - fromFieldPath: spec.id
          toFieldPath: metadata.name
        - fromFieldPath: spec.writeConnectionSecretToRef.namespace
          toFieldPath: spec.credentials.secretRef.namespace
        - fromFieldPath: metadata.uid
          toFieldPath: spec.credentials.secretRef.name
          transforms:
            - type: string
              string:
                fmt: "%s-ekscluster"
      readinessChecks:
        - type: None
  writeConnectionSecretsToNamespace: upbound-system
Marketplace

Discover the building blocks for your internal cloud platform.

© 2022 Upbound, Inc.

SolutionsProvidersConfigurations
LearnDocumentationTry for Free
MorePrivacy PolicyTerms & Conditions
Marketplace

© 2022 Upbound, Inc.

Marketplace

Discover the building blocksfor your internal cloud platform.