The following resources are composed to implement the referenced Composite Resource Definition (XRD).
ServiceAccount
ServiceAccountKey
ProjectIAMMember
Cluster
NodePool
ProviderConfig
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: xgke.gcp.platformref.upbound.io
creationTimestamp: null
labels:
provider: GCP
spec:
compositeTypeRef:
apiVersion: gcp.platformref.upbound.io/v1alpha1
kind: XGKE
resources:
- name: service-account
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccount
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.displayName
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.email
toFieldPath: status.gke.serviceAccount
policy:
fromFieldPath: Required
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.id
toFieldPath: status.gke.project
transforms:
- type: string
string:
type: Regexp
regexp:
match: projects\/(.+)\/serviceAccounts\/.*
group: 1
policy:
fromFieldPath: Required
- name: service-account-key
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccountKey
spec:
forProvider:
serviceAccountIdSelector:
matchControllerRef: true
patches:
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-sakey"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- name: project-iam-member
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ProjectIAMMember
spec:
forProvider:
role: roles/container.admin
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.member
transforms:
- type: string
string:
fmt: serviceAccount:%s
policy:
fromFieldPath: Required
- fromFieldPath: status.gke.project
toFieldPath: spec.forProvider.project
policy:
fromFieldPath: Required
- name: gke-cluster
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
spec:
forProvider:
enableIntranodeVisibility: true
initialNodeCount: 1
ipAllocationPolicy:
- clusterSecondaryRangeName: pods
servicesSecondaryRangeName: services
location: us-west2
loggingService: logging.googleapis.com/kubernetes
monitoringService: monitoring.googleapis.com/kubernetes
patches:
- fromFieldPath: metadata.uid
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- type: string
string:
fmt: "%s-gkecluster"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- fromFieldPath: spec.parameters.XNetworkSelector.matchLabels
toFieldPath: spec.forProvider.networkSelector.matchLabels
- fromFieldPath: spec.parameters.XNetworkSelector.matchLabels
toFieldPath: spec.forProvider.subnetworkSelector.matchLabels
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
policy:
fromFieldPath: Required
connectionDetails:
- fromConnectionSecretKey: kubeconfig
- name: node-pool
base:
apiVersion: container.gcp.upbound.io/v1beta1
kind: NodePool
spec:
forProvider:
autoscaling:
- maxNodeCount: 3
minNodeCount: 1
clusterSelector:
matchControllerRef: true
initialNodeCount: 1
location: us-west2
management:
- autoRepair: true
autoUpgrade: true
maxPodsPerNode: 55
nodeConfig:
- diskSizeGb: 10
imageType: COS_CONTAINERD
machineType: e2-medium
metadata:
disable-legacy-endpoints: "true"
oauthScopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: true
shieldedInstanceConfig:
- enableIntegrityMonitoring: true
enableSecureBoot: true
patches:
- fromFieldPath: spec.parameters.nodes.size
toFieldPath: spec.forProvider.nodeConfig[0].machineType
transforms:
- type: map
map:
large: n1-standard-32
medium: n1-standard-16
small: n1-standard-4
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.initialNodeCount
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.autoscaling[0].minNodeCount
- fromFieldPath: spec.parameters.nodes.count
toFieldPath: spec.forProvider.autoscaling[0].maxNodeCount
- fromFieldPath: status.gke.serviceAccount
toFieldPath: spec.forProvider.nodeConfig[0].serviceAccount
policy:
fromFieldPath: Required
- name: helm-provider-config
base:
apiVersion: helm.crossplane.io/v1beta1
kind: ProviderConfig
spec:
credentials:
secretRef:
key: kubeconfig
source: Secret
identity:
secretRef:
key: private_key
source: Secret
type: GoogleApplicationCredentials
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.credentials.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.credentials.secretRef.name
transforms:
- type: string
string:
fmt: "%s-gkecluster"
- fromFieldPath: spec.writeConnectionSecretToRef.namespace
toFieldPath: spec.identity.secretRef.namespace
- fromFieldPath: metadata.uid
toFieldPath: spec.identity.secretRef.name
transforms:
- type: string
string:
fmt: "%s-sakey"
readinessChecks:
- type: None
writeConnectionSecretsToNamespace: upbound-system
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.