XGKE
upbound/platform-ref-gcp@v0.4.0
Resources (6)
The following resources are composed to implement the referenced Composite Resource Definition (XRD).
Kind
Group
Version
ServiceAccount
cloudplatform.gcp.upbound.io
v1beta1
ServiceAccountKey
cloudplatform.gcp.upbound.io
v1beta1
ProjectIAMMember
cloudplatform.gcp.upbound.io
v1beta1
Cluster
container.gcp.upbound.io
v1beta1
NodePool
container.gcp.upbound.io
v1beta1
ProviderConfig
helm.crossplane.io
v1beta1
YAML
Composition
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: xgke.gcp.platformref.upbound.io
creationTimestamp: null
labels:
provider: GCP
spec:
compositeTypeRef:
apiVersion: gcp.platformref.upbound.io/v1alpha1
kind: XGKE
resources:
- name: service-account
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccount
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.displayName
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.email
toFieldPath: status.gke.serviceAccount
policy:
fromFieldPath: Required
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.id
toFieldPath: status.gke.project
transforms:
- type: string
string:
type: Regexp
regexp:
match: projects\/(.+)\/serviceAccounts\/.*
group: 1
policy:
fromFieldPath: Required
- name: service-account-key
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccountKey
spec:
forProvider:
serviceAccountIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-sakey"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- name: project-iam-member
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ProjectIAMMember
spec:
forProvider:
role: roles/container.admin
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.member
transforms:
- type: string
string:
fmt: serviceAccount:%s
policy:
fromFieldPath: Required
- fromFieldPath: status.gke.project
toFieldPath: spec.forProvider.project
policy:
fromFieldPath: Required
- name: gke-cluster
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
spec:
forProvider:
enableIntranodeVisibility: true
initialNodeCount: 1
ipAllocationPolicy:
- clusterSecondaryRangeName: pods
servicesSecondaryRangeName: services
location: us-west2
loggingService: logging.googleapis.com/kubernetes
monitoringService: monitoring.googleapis.com/kubernetes
patches:
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-gkecluster"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- fromFieldPath: spec.parameters.XNetworkSelector.matchLabels
toFieldPath: spec.forProvider.networkSelector.matchLabels
- fromFieldPath: spec.parameters.XNetworkSelector.matchLabels
toFieldPath: spec.forProvider.subnetworkSelector.matchLabels
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
policy:
fromFieldPath: Required
connectionDetails:
- fromConnectionSecretKey: kubeconfig
- name: node-pool
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: NodePool
spec:
forProvider:
autoscaling:
- maxNodeCount: 3
minNodeCount: 1
clusterSelector:
matchControllerRef: true
initialNodeCount: 1
location: us-west2
management:
- autoRepair: true
autoUpgrade: true
maxPodsPerNode: 55
nodeConfig:
- diskSizeGb: 10
imageType: COS_CONTAINERD
machineType: e2-medium
metadata:
disable-legacy-endpoints: "true"
oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: true
shieldedInstanceConfig:
- enableIntegrityMonitoring: true
enableSecureBoot: true
patches:
- fromFieldPath: spec.parameters.nodes.size
toFieldPath: spec.forProvider.nodeConfig[0].machineType
transforms:
- type: map
map:
large: n1-standard-32
medium: n1-standard-16
small: n1-standard-4
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.initialNodeCount
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.autoscaling[0].minNodeCount
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.autoscaling[0].maxNodeCount
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
policy:
fromFieldPath: Required
- name: helm-provider-config
base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
identity:
secretRef:
key: private_key
source: Secret
type: GoogleApplicationCredentials
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-gkecluster"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.identity.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.identity.secretRef.name
transforms:
- type: string
string:
fmt: "%s-sakey"
readinessChecks:
- type: None
writeConnectionSecretsToNamespace: upbound-system