├── .gitignore ├── LICENSE ├── README.md ├── claims ├── jet │ ├── jet-aks-claim.yaml │ ├── jet-eks-claim.yaml │ └── jet-gke-claim.yaml ├── native │ ├── xp-aks-claim.yaml │ ├── xp-eks-claim.yaml │ └── xp-gke-claim.yaml └── official │ ├── uxp-aks-claim.yaml │ ├── uxp-eks-claim.yaml │ └── uxp-gke-claim.yaml ├── configuration ├── jet │ ├── definition.yaml │ ├── jet-aks-composition.yaml │ ├── jet-eks-composition.yaml │ └── jet-gke-composition.yaml ├── native │ ├── crossplane.yaml │ ├── definition.yaml │ ├── xp-aks-composition.yaml │ ├── xp-eks-composition.yaml │ └── xp-gke-composition.yaml ├── official.yaml └── official │ ├── crossplane.yaml │ ├── definition.yaml │ ├── uxp-aks-composition.yaml │ ├── uxp-eks-composition.yaml │ └── uxp-gke-composition.yaml ├── debug ├── eks.yaml ├── gke.yaml └── pc.yaml ├── docs └── cloud-regions.MD ├── providers ├── eks-irsa-jet-provider.yaml ├── jet │ ├── jet-aws-providerconfig.yaml │ ├── jet-azure-providerconfig.yaml │ ├── jet-gcp-providerconfig.yaml │ └── jet-providers.yaml ├── native │ ├── xp-aws-providerconfig.yaml │ ├── xp-azure-providerconfig.yaml │ ├── xp-gcp-providerconfig.yaml │ └── xp-providers.yaml ├── official │ ├── uxp-aws-providerconfig.yaml │ ├── uxp-azure-providerconfig.yaml │ ├── uxp-gcp-providerconfig.yaml │ └── uxp-providers.yaml ├── secret-aws-provider.yaml ├── secret-azure-provider.yaml ├── secret-gcp-provider.yaml ├── service-providers.yaml └── temp-eks-irsa.yaml └── validation ├── aks.yaml ├── eks.yaml ├── native ├── xp-aws-bucket.yaml ├── xp-azure-bucket.yaml └── xp-gcp-bucket.yaml ├── official ├── uxp-aws-bucket.yaml ├── uxp-azure-bucket.yaml └── uxp-gcp-bucket.yaml ├── uxp-aws-vpc.yaml └── uxp-azure-rg.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | *.xpkg -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Scope 2 | This project was created to build managed Kubernetes `Composite Resource` (XR) with three 3 | compositions supporting three main cloud providers. 4 | Each XR can have one or more compositions. Each composition describes how XR should be created 5 | by defining provider package and list of resources (Managed Resources) which build it. 6 | This allows a Composition to act as a class of service. 7 | You can use it as a foundation to understand, build and operate managed Kubernetes Platform in the Cloud. 8 | This repository uses two crossplane distributions: 9 | * [XP - Crossplane](https://crossplane.io/) - upstream project 10 | * [UXP - Upbound Universal Crossplane](https://docs.upbound.io/uxp/) - downstream distribution of crossplane maintained by Upbound 11 | 12 | Thought it is possible to mix crossplane distributions with providers I will use following combinations in this repo: 13 | * XP + Native providers 14 | * UXP + Official providers 15 | 16 | ## What's new in Release v1.1 17 | Added support for official providers maintained by upbound. 18 | 19 | # Providers APIs 20 | Providers are Crossplane packages allowing provision the respective infrastructure. 21 | They differ between themselves by number of supported cloud resources (CRDs), written programming language 22 | and maintenance model. 23 | At that moment we can use two different cloud providers to build the composition: 24 | - Native (Classic) - maintained by XP community, the fastest one, written in Go with limited resource coverage. 25 | - Official - maintained by Upbound, the newest one based on Upjet, with coverage between Native and Jet-preview. 26 | 27 | There is another provider available, but it was [deprecated](https://github.com/crossplane/terrajet/issues/308) 28 | and has been replaced by Official one: 29 | - Jet - maintained by XP community, based on Terrajet, available in two packages one with similar coverage as 30 | classic provider and one (with -preview suffix) with full resource coverage. 31 | I will keep it for a time being in this project but it is not longer maintained and will be release in the future releases. 32 | 33 | 34 | To give you an idea about current coverage state, based on AWS provider: 35 | * [native 171 CRDs](https://doc.crds.dev/github.com/crossplane/provider-aws@v0.33.0) 36 | * [official 364 CRDs](https://doc.crds.dev/github.com/upbound/provider-aws@v0.18.0) 37 | * [jet 99 CRDs](https://doc.crds.dev/github.com/crossplane-contrib/provider-jet-aws@v0.5.0) 38 | * [jet-preview 780 CRDs](https://doc.crds.dev/github.com/crossplane-contrib/provider-jet-aws@v0.5.0-preview) 39 | 40 | ## Native Providers 41 | * [AWS Native](https://doc.crds.dev/github.com/crossplane/provider-aws) 42 | * [Azure Native](https://doc.crds.dev/github.com/crossplane/provider-azure) 43 | * [GCP Native](https://doc.crds.dev/github.com/crossplane/provider-gcp) 44 | 45 | ## Official providers 46 | * [AWS Official Doc](https://doc.crds.dev/github.com/upbound/provider-aws) or [AWS Marketplace](https://marketplace.upbound.io/providers/upbound/provider-aws/v0.20.0/crds) 47 | * [Azure Official](https://doc.crds.dev/github.com/upbound/provider-azure) or [Azure Marketplace](https://marketplace.upbound.io/providers/upbound/provider-azure/v0.19.0/crds) 48 | * [GCP Official](https://doc.crds.dev/github.com/upbound/provider-gcp) or [GCP Marketplace](https://marketplace.upbound.io/providers/upbound/provider-gcp/v0.18.0/crds) 49 | 50 | ## Jet Providers - deprecated 51 | All resources which are needed to provision managed Kubernetes cluster are defined in smaller 52 | classic-jet provider, so no need to install much bigger with -preview suffix. 53 | 54 | * [AWS Jet](https://doc.crds.dev/github.com/crossplane-contrib/provider-jet-aws) 55 | * [Azure Jet](https://doc.crds.dev/github.com/crossplane-contrib/provider-jet-azure) 56 | * [GCP Jet](https://doc.crds.dev/github.com/crossplane-contrib/provider-jet-gcp) 57 | 58 | ## Other Providers 59 | Post Provisioning use Helm and Kubernetes Providers. 60 | 61 | * [Helm](https://doc.crds.dev/github.com/crossplane-contrib/provider-helm) 62 | * [Kubernetes](https://doc.crds.dev/github.com/crossplane-contrib/provider-kubernetes) 63 | 64 | To demonstrate usage for both post provisioning resources I created following examples: 65 | * (Universal) Crossplane Provisioning using Helm Chart 66 | * Production Namespace Provisioning using Kubernetes Manifest 67 | 68 | # Quick Start 69 | 70 | Install Kubernetes Cluster. I recommend to use [Rancher Desktop](https://rancherdesktop.io/) for local cluster. 71 | 72 | ## Install crossplane 73 | 74 | ### Configure Upstream XP 75 | 76 | ``` 77 | # Install XP cli 78 | curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh 79 | 80 | # Install XP 81 | helm repo add crossplane-stable https://charts.crossplane.io/stable 82 | helm repo update 83 | 84 | helm upgrade --install \ 85 | crossplane crossplane-stable/crossplane \ 86 | --namespace crossplane-system \ 87 | --create-namespace \ 88 | --wait 89 | # --set nodeSelector."agentpool"=xpjetaks2 90 | 91 | # Verify status 92 | helm list -n crossplane-system 93 | kubectl get all -n crossplane-system 94 | ``` 95 | 96 | ### Configure Downstream UXP 97 | 98 | ``` 99 | # Install UP Command-Line 100 | brew install upbound/tap/up 101 | 102 | # Install UXP 103 | up uxp install 104 | 105 | # Verify status 106 | kubectl get pods -n upbound-system` 107 | ``` 108 | 109 | ## Setup Cloud Credentials 110 | - [Prepare cloud credentials](https://crossplane.io/docs/v1.10/reference/configure.html) 111 | 112 | As an output of above setup you should get three credentials files with following content. 113 | - aws-cred.conf 114 | ```yaml 115 | [default] 116 | aws_access_key_id = XXXXXXXXXX 117 | aws_secret_access_key = WFhYWFhYWFhYWA== 118 | ``` 119 | - azure-cred.json 120 | ```yaml 121 | { 122 | "clientId": "XXXXXXXXXX", 123 | "clientSecret": "WFhYWFhYWFhYWA==", 124 | "subscriptionId": "XXXXXXXXXX", 125 | "tenantId": "XXXXXXXXXX", 126 | "activeDirectoryEndpointUrl": "https://login.microsoftonline.com", 127 | "resourceManagerEndpointUrl": "https://management.azure.com/", 128 | "activeDirectoryGraphResourceId": "https://graph.windows.net/", 129 | "sqlManagementEndpointUrl": "https://management.core.windows.net:8443/", 130 | "galleryEndpointUrl": "https://gallery.azure.com/", 131 | "managementEndpointUrl": "https://management.core.windows.net/" 132 | } 133 | ``` 134 | - gcp-cred.json 135 | ```yaml 136 | { 137 | "type": "service_account", 138 | "project_id": "XXXXXXXXXX", 139 | "private_key_id": "XXXXXXXXXX", 140 | "private_key": "-----BEGIN PRIVATE KEY-----\nWFhYWFhYWFhYWA==\n-----END PRIVATE KEY-----\n", 141 | "client_email": "XXXXXXXXXX", 142 | "client_id": "XXXXXXXXXX", 143 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 144 | "token_uri": "https://oauth2.googleapis.com/token", 145 | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", 146 | "client_x509_cert_url": "XXXXXXXXXX" 147 | } 148 | ``` 149 | You can store them in cloud Key Vault (KV) or any other Secret Store. Below there is example how to get them from Azure Key Vault. 150 | To retrieve credential files from Azure KV you can use following: 151 | 152 | ```console 153 | KEYVAULT= 154 | az keyvault secret show --name uxpAwsCred --vault-name $KEYVAULT --query value -o tsv | sed -r 's@ aws@\naws@g' > aws-cred.conf 155 | az keyvault secret show --name uxpAzureCred --vault-name $KEYVAULT --query value -o tsv | jq > azure-cred.json 156 | az keyvault secret show --name uxpGcpCred --vault-name $KEYVAULT --query value -o tsv | jq > gcp-cred.json 157 | ``` 158 | 159 | ## Install and configure providers 160 | 161 | To be able to provision cloud resources using Crossplane we have to create and configure cloud provider resource. This resource stores the cloud information and is used by XP to interact with cloud provider. 162 | 163 | We need to provide two environment variables: 164 | - base64 encoded cloud credentials 165 | - name of the namespace, for UXP: `upbound-system` for XP: `crossplane-system` 166 | 167 | ### Native Providers 168 | 169 | ```console 170 | # XP Native 171 | kubectl apply -f providers/native/xp-providers.yaml 172 | 173 | # Service providers 174 | kubectl apply -f providers/service-providers.yaml 175 | 176 | # Verification 177 | kubectl get provider 178 | ``` 179 | 180 | #### Native AWS Provider 181 | 182 | ```console 183 | PROVIDER_SECRET_NAMESPACE=crossplane-system 184 | BASE64ENCODED_AWS_ACCOUNT_CREDS=$(base64 -i aws-cred.conf | tr -d "\n") 185 | 186 | eval "echo \"$(cat providers/secret-aws-provider.yaml)\"" | kubectl apply -f - 187 | eval "echo \"$(cat providers/native/xp-aws-providerconfig.yaml)\"" | kubectl apply -f - 188 | 189 | kubectl get providerconfig.aws.crossplane.io 190 | 191 | # Verification 192 | kubectl apply -f validation/native/xp-aws-bucket.yaml 193 | kubectl get Bucket.s3.aws.crossplane.io 194 | 195 | # AWS Validation using cmd (alternatively console UI) 196 | aws s3 ls --output table 197 | 198 | # Clean-up 199 | kubectl delete Bucket.s3.aws.crossplane.io xp-aws-bucket 200 | ``` 201 | 202 | #### Native Azure Provider 203 | 204 | ```console 205 | PROVIDER_SECRET_NAMESPACE=crossplane-system 206 | BASE64ENCODED_AZURE_ACCOUNT_CREDS=$(base64 -i azure-cred.json | tr -d "\n") 207 | 208 | eval "echo \"$(cat providers/secret-azure-provider.yaml)\"" | kubectl apply -f - 209 | eval "echo \"$(cat providers/native/xp-azure-providerconfig.yaml)\"" | kubectl apply -f - 210 | 211 | kubectl get providerconfig.azure.crossplane.io 212 | 213 | # Verification 214 | kubectl apply -f validation/native/xp-azure-bucket.yaml 215 | kubectl get Account.storage.azure.crossplane.io 216 | 217 | # Azure Validation using cmd (alternatively console UI) 218 | az group show --resource-group xp-azure-rg -o table 219 | az storage account show -g xp-azure-rg -n xpazurebucket007 -o table 220 | 221 | # Clean-up 222 | kubectl delete Account.storage.azure.crossplane.io xpazurebucket007 223 | ``` 224 | 225 | #### Native GCP Provider 226 | 227 | For GCP we need additionally environment variable: PROJECT_ID. 228 | 229 | ```console 230 | PROVIDER_SECRET_NAMESPACE=crossplane-system 231 | BASE64ENCODED_GCP_PROVIDER_CREDS=$(base64 -i gcp-cred.json | tr -d "\n") 232 | PROJECT_ID=$(gcloud projects list --filter='NAME:' --format="value(PROJECT_ID.scope())") 233 | 234 | eval "echo \"$(cat providers/secret-gcp-provider.yaml)\"" | kubectl apply -f - 235 | eval "echo \"$(cat providers/native/xp-gcp-providerconfig.yaml)\"" | kubectl apply -f - 236 | 237 | kubectl get providerconfig.gcp.crossplane.io 238 | 239 | # Verification 240 | kubectl apply -f validation/native/xp-gcp-bucket.yaml 241 | kubectl get Bucket.storage.gcp.crossplane.io -w 242 | 243 | # GCP Validation using cmd (alternatively console UI) 244 | gsutil ls -p 245 | 246 | kubectl delete Bucket.storage.gcp.crossplane.io xp-gcp-bucket 247 | ``` 248 | 249 | ### Official providers 250 | 251 | You can install official providers 252 | 253 | 254 | * using configuration 255 | 256 | ``` 257 | kubectl apply -f configuration/official.yaml 258 | watch kubectl get pkg 259 | ``` 260 | 261 | * manually by applying manifest files 262 | 263 | ```console 264 | # UXP 265 | kubectl apply -f providers/official/uxp-providers.yaml 266 | # Service providers 267 | kubectl apply -f providers/service-providers.yaml 268 | 269 | kubectl get provider.pkg 270 | ``` 271 | 272 | #### Official AWS Provider 273 | 274 | ```console 275 | PROVIDER_SECRET_NAMESPACE=upbound-system 276 | BASE64ENCODED_AWS_ACCOUNT_CREDS=$(base64 -i aws-cred.conf | tr -d "\n") 277 | 278 | eval "echo \"$(cat providers/secret-aws-provider.yaml)\"" | kubectl apply -f - 279 | kubectl apply -f providers/official/uxp-aws-providerconfig.yaml 280 | 281 | kubectl get providerconfig 282 | 283 | # Verification 284 | kubectl apply -f validation/official/uxp-aws-bucket.yaml 285 | kubectl get Bucket.s3.aws.upbound.io -w 286 | 287 | # AWS Validation using cmd (alternatively console UI) 288 | aws s3 ls --output table 289 | 290 | # Clean-up 291 | kubectl delete Bucket.s3.aws.upbound.io uxp-aws-bucket 292 | ``` 293 | 294 | #### Official Azure Provider 295 | 296 | ```console 297 | PROVIDER_SECRET_NAMESPACE=upbound-system 298 | BASE64ENCODED_AZURE_ACCOUNT_CREDS=$(base64 -i azure-cred.json | tr -d "\n") 299 | 300 | eval "echo \"$(cat providers/secret-azure-provider.yaml)\"" | kubectl apply -f - 301 | kubectl apply -f providers/official/uxp-azure-providerconfig.yaml 302 | 303 | kubectl get providerconfig 304 | 305 | # Verification 306 | kubectl apply -f validation/official/uxp-azure-bucket.yaml 307 | kubectl get account.storage.azure.upbound.io/uxpazurebucket007 -w 308 | 309 | # Azure Validation using cmd (alternatively console UI) 310 | az group show --resource-group uxp-azure-rg -o table 311 | az storage account show -g uxp-azure-rg -n uxpazurebucket007 -o table 312 | 313 | # Clean-up 314 | kubectl delete -f validation/uxp-azure-bucket.yaml 315 | ``` 316 | 317 | #### Official GCP Provider 318 | 319 | For GCP we need additionally third environment variable: PROJECT_ID. 320 | 321 | ```console 322 | PROVIDER_SECRET_NAMESPACE=upbound-system 323 | BASE64ENCODED_GCP_PROVIDER_CREDS=$(base64 -i gcp-cred.json | tr -d "\n") 324 | PROJECT_ID=$(gcloud projects list --filter='NAME:' --format="value(PROJECT_ID.scope())") 325 | 326 | eval "echo \"$(cat providers/secret-gcp-provider.yaml)\"" | kubectl apply -f - 327 | eval "echo \"$(cat providers/official/uxp-gcp-providerconfig.yaml)\"" | kubectl apply -f - 328 | 329 | kubectl get providerconfig 330 | 331 | # Verification 332 | kubectl apply -f validation/official/uxp-gcp-bucket.yaml 333 | kubectl get Bucket.storage.gcp.upbound.io -w 334 | 335 | # GCP Validation using cmd (alternatively console UI) 336 | gsutil ls -p 337 | 338 | kubectl delete Bucket.storage.gcp.upbound.io uxp-gcp-bucket 339 | ``` 340 | 341 | ### Jet Providers - deprecated 342 | 343 | ```console 344 | # XP Jet 345 | kubectl apply -f providers/jet-providers.yaml 346 | 347 | # Service providers 348 | kubectl apply -f providers/service-providers.yaml 349 | 350 | # Verification 351 | kubectl get provider 352 | ``` 353 | 354 | #### Jet AWS Provider 355 | 356 | ```console 357 | PROVIDER_SECRET_NAMESPACE=crossplane-system 358 | BASE64ENCODED_AWS_ACCOUNT_CREDS=$(base64 -i aws-cred.conf | tr -d "\n") 359 | 360 | eval "echo \"$(cat providers/secret-aws-provider.yaml)\"" | kubectl apply -f - 361 | eval "echo \"$(cat providers/jet-aws-provider.yaml)\"" | kubectl apply -f - 362 | 363 | kubectl get providerconfig.aws.jet.crossplane.io 364 | ``` 365 | 366 | #### Jet Azure Provider 367 | 368 | ```console 369 | PROVIDER_SECRET_NAMESPACE=crossplane-system 370 | BASE64ENCODED_AZURE_ACCOUNT_CREDS=$(base64 -i azure-cred.json | tr -d "\n") 371 | 372 | eval "echo \"$(cat providers/secret-azure-provider.yaml)\"" | kubectl apply -f - 373 | eval "echo \"$(cat providers/jet-azure-provider.yaml)\"" | kubectl apply -f - 374 | 375 | kubectl get providerconfig.azure.jet.crossplane.io 376 | ``` 377 | 378 | #### Jet GCP Provider 379 | 380 | For GCP we need additionally third environment variable: project ID. 381 | 382 | ```console 383 | PROVIDER_SECRET_NAMESPACE=crossplane-system 384 | BASE64ENCODED_GCP_PROVIDER_CREDS=$(base64 -i gcp-cred.json | tr -d "\n") 385 | PROJECT_ID=$(gcloud projects list --filter='NAME:' --format="value(PROJECT_ID.scope())") 386 | 387 | eval "echo \"$(cat providers/secret-gcp-provider.yaml)\"" | kubectl apply -f - 388 | eval "echo \"$(cat providers/jet-gcp-provider.yaml)\"" | kubectl apply -f - 389 | 390 | kubectl get providerconfig.gcp.jet.crossplane.io 391 | ``` 392 | 393 | ## Clean-up 394 | 395 | ```console 396 | unset BASE64ENCODED_AWS_ACCOUNT_CREDS BASE64ENCODED_AZURE_ACCOUNT_CREDS BASE64ENCODED_GCP_PROVIDER_CREDS PROJECT_ID PROVIDER_SECRET_NAMESPACE 397 | rm aws-cred.conf azure-cred.json gcp-cred.json 398 | ``` 399 | 400 | # Provisioning Infrastructure 401 | 402 | Crossplane divides responsibility for the infrastructure provisioning as follows: 403 | 1. Ops/SRE defines platform and APIs for Dev team 404 | 1. Dev consumes the infrastructure defined by Ops team 405 | 406 | ## Defining Infrastructure by Ops team 407 | 408 | Platform team creates compositions and composite resource definitions (XRDs) to define and configure 409 | managed kubernetes services infrastructure in cloud. 410 | 411 | ### Native provider 412 | 413 | ```console 414 | # Compositions using Native providers 415 | kubectl apply -f configuration/native/definition.yaml 416 | kubectl apply -f configuration/native/xp-eks-composition.yaml 417 | kubectl apply -f configuration/native/xp-aks-composition.yaml 418 | kubectl apply -f configuration/native/xp-gke-composition.yaml 419 | ``` 420 | 421 | ### Official provider 422 | 423 | ```console 424 | # Using configuration 425 | kubectl apply -f configuration/official.yaml 426 | kubectl get pkg 427 | 428 | # Manually 429 | kubectl apply -f configuration/official/definition.yaml 430 | kubectl apply -f configuration/official/uxp-eks-composition.yaml 431 | kubectl apply -f configuration/official/uxp-aks-composition.yaml 432 | kubectl apply -f configuration/official/uxp-gke-composition.yaml 433 | ``` 434 | 435 | ### Jet provider - deprecated 436 | 437 | ```console 438 | # Compositions using Jet providers 439 | kubectl apply -f configuration/jet/definition.yaml 440 | kubectl apply -f configuration/jet/jet-eks-composition.yaml 441 | kubectl apply -f configuration/jet/jet-aks-composition.yaml 442 | kubectl apply -f configuration/jet/jet-gke-composition.yaml 443 | ``` 444 | 445 | ## Consuming the infrastructure by Dev team 446 | 447 | App team provisions infrastructure by creating claim objects for the XRDs defined by Ops team. 448 | In claim manifest file please ensure that you used supported [region](docs/cloud-regions.MD) 449 | 450 | ```console 451 | kubectl create ns managed 452 | 453 | # Claims using native provider 454 | kubectl apply -f claims/native/xp-eks-claim.yaml 455 | kubectl apply -f claims/native/xp-aks-claim.yaml 456 | kubectl apply -f claims/native/xp-gke-claim.yaml 457 | 458 | # Claims using official provider 459 | kubectl apply -f claims/official/uxp-eks-claim.yaml 460 | kubectl apply -f claims/official/uxp-aks-claim.yaml 461 | kubectl apply -f claims/official/uxp-gke-claim.yaml 462 | 463 | # Claims using jet provider - deprecated 464 | kubectl apply -f claims/jet/jet-eks-claim.yaml 465 | kubectl apply -f claims/jet/jet-aks-claim.yaml 466 | kubectl apply -f claims/jet/jet-gke-claim.yaml 467 | ``` 468 | 469 | ### Verifying Infrastructure status 470 | 471 | Dev team provisions Claims which either generate new Composite Resource (XR) or assign existing ones. 472 | 473 | We can check progress using: 474 | 475 | ``` 476 | kubectl get managedcluster -n managed 477 | # Example Output 478 | NAME CLUSTERNAME CONTROLPLANE NODEPOOL FARGATEPROFILE SYNCED READY CONNECTION-SECRET AGE 479 | xpaks cluster-xpaks Succeeded Succeeded NA4-cluster-xpaks True True xpaks 7m 480 | xpgke cluster-xpgke RUNNING RUNNING NA4-cluster-xpgke True True xpgke 9m1s 481 | xpeks cluster-xpeks ACTIVE ACTIVE ACTIVE True True xpeks 14m 482 | uxpaks cluster-uxpaks True True NA4-cluster-uxpaks True True uxpaks 5m59s 483 | uxpgke cluster-uxpgke True True NA4-cluster-uxpgke True True uxpgke 11m 484 | uxpeks cluster-uxpeks ACTIVE ACTIVE ACTIVE True True uxpeks 22m 485 | ``` 486 | 487 | You can check time for cluster readiness for different managed kubernetes under Age column. 488 | 489 | To verify status of Helm Charts and Kubernetes Object: 490 | ``` 491 | kubectl get Object,Release 492 | NAME SYNCED READY AGE 493 | object.kubernetes.crossplane.io/xpaks-ns-prod True True 23h 494 | 495 | NAME CHART VERSION SYNCED READY STATE REVISION DESCRIPTION AGE 496 | release.helm.crossplane.io/xpaks-crossplane crossplane 1.6.3 True True deployed 1 Install complete 23h 497 | ``` 498 | 499 | ### Accessing infrastructure 500 | 501 | #### Native providers 502 | 503 | ``` 504 | # Using secrets (eks and aks) 505 | kubectl -n managed get secret xpeks --output jsonpath="{.data.kubeconfig}" | base64 -d | tee kubeconfig 506 | kubectl -n managed get secret xpaks --output jsonpath="{.data.kubeconfig}" | base64 -d | tee kubeconfig 507 | 508 | export KUBECONFIG=$PWD/kubeconfig 509 | 510 | # Using Cloud APIs 511 | export KUBECONFIG=$PWD/kubeconfig 512 | gcloud container clusters get-credentials cluster-xpgke --region europe-west2 --project 513 | ``` 514 | 515 | #### Official providers 516 | 517 | ``` 518 | # Using secrets (eks and aks) 519 | kubectl -n managed get secret uxpaks --output jsonpath="{.data.kubeconfig}" | base64 -d | tee kubeconfig 520 | kubectl -n managed get secret uxpeks --output jsonpath="{.data.kubeconfig}" | base64 -d | tee kubeconfig 521 | 522 | export KUBECONFIG=$PWD/kubeconfig 523 | 524 | # Using Cloud APIs 525 | export KUBECONFIG=$PWD/kubeconfig 526 | gcloud container clusters get-credentials cluster-uxpgke --region europe-west2 --project 527 | az aks get-credentials --resource-group rg-uxpaks --name cluster-uxpaks --admin 528 | aws eks update-kubeconfig --region eu-west-1 --name cluster-uxpeks --alias uxpeks 529 | ``` 530 | 531 | ## Cleanup & Uninstall 532 | 533 | ### Delete Claims 534 | 535 | Deleting claims will take care of clean-up of all managed resources created to satisfy the claim. 536 | 537 | ```console 538 | # Native 539 | kubectl delete managedcluster -n managed xpeks 540 | kubectl delete managedcluster -n managed xpaks 541 | kubectl delete managedcluster -n managed xpgke 542 | 543 | # Official 544 | kubectl delete managedcluster -n managed uxpeks 545 | kubectl delete managedcluster -n managed uxpaks 546 | kubectl delete managedcluster -n managed uxpgke 547 | ``` 548 | 549 | ### Delete Cloud Configuration 550 | 551 | ```console 552 | kubectl get providerconfig 553 | 554 | # Clean-up Native Providers 555 | kubectl delete providerconfig.aws.crossplane.io/aws-xp-provider 556 | kubectl delete providerconfig.azure.crossplane.io/azure-xp-provider 557 | kubectl delete providerconfig.gcp.crossplane.io/gcp-xp-provider 558 | 559 | # Clean-up Official Providers 560 | kubectl delete providerconfig.aws.upbound.io/aws-uxp-provider 561 | kubectl delete providerconfig.azure.upbound.io/azure-uxp-provider 562 | kubectl delete providerconfig.gcp.upbound.io/gcp-uxp-provider 563 | 564 | # Clean-up Jet Providers 565 | kubectl delete providerconfig.aws.jet.crossplane.io/aws-jet-provider 566 | kubectl delete providerconfig.azure.jet.crossplane.io azure-jet-provider 567 | kubectl delete providerconfig.gcp.jet.crossplane.io gcp-jet-provider 568 | ``` 569 | 570 | ### Delete Cloud Secrets 571 | 572 | Name of the Namespace, for UXP: `upbound-system` for XP: `crossplane-system` 573 | 574 | ```console 575 | # Clean-up Crossplane Secrets 576 | kubectl delete secret -n crossplane-system aws-account-creds 577 | kubectl delete secret -n crossplane-system azure-account-creds 578 | kubectl delete secret -n crossplane-system gcp-account-creds 579 | 580 | # Clean-up Upbound Secrets 581 | kubectl delete secret -n upbound-system aws-account-creds 582 | kubectl delete secret -n upbound-system azure-account-creds 583 | kubectl delete secret -n upbound-system gcp-account-creds 584 | ``` 585 | 586 | ### Uninstall Provider 587 | 588 | ```console 589 | # native 590 | kubectl delete provider.pkg aws-provider 591 | kubectl delete provider.pkg azure-provider 592 | kubectl delete provider.pkg gcp-provider 593 | ## services 594 | kubectl delete provider.pkg provider-helm 595 | kubectl delete provider.pkg provider-kubernetes 596 | 597 | # official with manual 598 | kubectl delete provider.pkg aws-uxp-provider 599 | kubectl delete provider.pkg azure-uxp-provider 600 | kubectl delete provider.pkg gcp-uxp-provider 601 | kubectl delete provider.pkg provider-helm 602 | kubectl delete provider.pkg provider-kubernetes 603 | 604 | # official with configuration 605 | kubectl delete configuration.pkg.crossplane.io/natzka 606 | kubectl delete provider.pkg upbound-provider-aws 607 | kubectl delete provider.pkg upbound-provider-azure 608 | kubectl delete provider.pkg upbound-provider-gcp 609 | kubectl delete provider.pkg crossplane-contrib-provider-helm 610 | kubectl delete provider.pkg crossplane-contrib-provider-kubernetes 611 | 612 | # jet 613 | kubectl delete provider.pkg aws-jet-provider 614 | kubectl delete provider.pkg azure-jet-provider 615 | kubectl delete provider.pkg gcp-jet-provider 616 | 617 | # Verification 618 | kubectl get provider.pkg 619 | ``` 620 | 621 | ### Uninstall Crossplane 622 | 623 | ```console 624 | # XP 625 | helm delete crossplane --namespace crossplane-system 626 | kubectl get pods -n crossplane-system 627 | 628 | # UXP 629 | up uxp uninstall 630 | kubectl get pods -n upbound-system 631 | ``` 632 | 633 | # Troubleshooting 634 | 635 | ## Removing resources manually 636 | 637 | ``` 638 | kubectl patch --type json --patch='[ { "op": "remove", "path": "/metadata/finalizers" } ]' subnet.ec2.aws.upbound.io/uxpeks-pub-b 639 | ``` 640 | 641 | ## Compositions 642 | 643 | ``` 644 | kubectl get xmanagedcluster 645 | 646 | NAME CLUSTERNAME CONTROLPLANE NODEPOOL FARGATEPROFILE READY CONNECTION-SECRET AGE 647 | uxpeks uxpeks ACTIVE ACTIVE ACTIVE True uxpeks 4d4h 648 | uxpaks uxpaks True True NA4-uxpaks True uxpaks 4d 649 | uxpgke uxpgke True True NA4-uxpgke True uxpgke 2d16h 650 | 651 | # To find our which resource have issues within Composite resource: 652 | kubectl describe xmanagedcluster uxpeks-5zxn6 653 | 654 | ... 655 | Resource Refs: 656 | API Version: iam.aws.crossplane.io/v1beta1 657 | Kind: Role 658 | Name: xpeks-controlplane 659 | ... 660 | 661 | # To find out issue with not healthy resource 662 | 663 | kubectl get Role.iam.aws.crossplane.io 664 | kubectl describe Role.iam.aws.crossplane.io/xpeks-controlplane 665 | 666 | ``` 667 | ## Cloud resources 668 | 669 | ``` 670 | # Native and official providers 671 | 672 | kubectl get managed 673 | kubectl get aws 674 | kubectl get azure 675 | kubectl get gcp 676 | or 677 | kubectl get providerconfig | grep aws 678 | ``` 679 | 680 | # Supported Kubernetes Cluster properties 681 | 682 | 1. Cluster ID 683 | 1. Kubernetes Version 684 | 1. Node Size 685 | 1. Node Count 686 | 1. Region (Cross Cloud [Abstraction](docs/cloud-regions.MD) 687 | 1. FargateProfile Namespace (valid for EKS) 688 | 689 | # APIs in this Configuration 690 | 691 | ## Native providers 692 | 693 | * `configuration/native/` - Composite Resource Definition (XRD) with satisfying Compositions 694 | * [xmanagedcluster XRD](configuration/native/definition.yaml) 695 | * [eks composition](configuration/native/eks-composition.yaml) includes: 696 | * `Role` 697 | * `RolePolicyAttachment` 698 | * `VPC` 699 | * `SecurityGroup`, `SecurityGroupRule` 700 | * `Subnet` 701 | * `InternetGateway` 702 | * `RouteTable`, `Route`, `RouteTableAssociation` 703 | * `Cluster` 704 | * `NodeGroup` 705 | * `FargateProfile` 706 | * `Relase` 707 | * `Object` 708 | * [aks composition](configuration/native/aks-composition.yaml) includes: 709 | * `ResourceGroup` 710 | * `VirtualNetwork` 711 | * `Subnet` 712 | * `AKSCluster` 713 | * `Relase` 714 | * `Object` 715 | * [gke composition](configuration/native/gke-composition.yaml) includes: 716 | * `Network` 717 | * `Subnetwork` 718 | * `Cluster` 719 | * `NodePool` 720 | * `Relase` 721 | * `Object` 722 | * `providers/` - Provider Installation and Configuration 723 | * [Setup](providers/native/xp-providers.yaml) 724 | * [AWS Provider Config](providers/native/aws-providerconfig.yaml) 725 | * [Azure Provider Config](providers/native/azure-providerconfig.yaml) 726 | * [GCP Provider Config](providers/native/gcp-providerconfig.yaml) 727 | * `claims/native/` - Examples to consume defined by Ops XRDs 728 | * [EKS Claim](claims/native/eks-claim.yaml) 729 | * [AKS Claim](claims/native/aks-claim.yaml) 730 | * [GKE Claim](claims/native/gke-claim.yaml) 731 | 732 | ## Official providers 733 | 734 | * `configuration/official/` - Composite Resource Definition (XRD) with satisfying Compositions 735 | * [xmanagedcluster XRD](configuration/official/definition.yaml) 736 | * [eks composition](configuration/official/uxp-eks-composition.yaml) includes: 737 | * `Role` 738 | * `RolePolicyAttachment` 739 | * `VPC` 740 | * `SecurityGroup`, `SecurityGroupRule` 741 | * `Subnet` 742 | * `InternetGateway` 743 | * `RouteTable`, `Route`, `RouteTableAssociation` 744 | * `Cluster` 745 | * `NodeGroup` 746 | * `FargateProfile` 747 | * `ClusterAuth` 748 | * `Object` 749 | * `Relase` 750 | * [aks composition](configuration/official/uxp-aks-composition.yaml) includes: 751 | * `ResourceGroup` 752 | * `VirtualNetwork` 753 | * `Subnet` 754 | * `KubernetesCluster` 755 | * `KubernetesClusterNodePool` 756 | * `Relase` 757 | * `Object` 758 | * [gke composition](configuration/official/uxp-gke-composition.yaml) includes: 759 | * `Network` 760 | * `Subnetwork` 761 | * `Cluster` 762 | * `NodePool` 763 | * `Relase` 764 | * `Object` 765 | * `providers/official/` - Provider Installation and Configuration 766 | * [Setup](providers/official/uxp-providers.yaml) 767 | * [AWS Provider Config](providers/official/uxp-aws-providerconfig.yaml) 768 | * [Azure Provider Config](providers/official/uxp-azure-providerconfig.yaml) 769 | * [GCP Provider Config](providers/official/uxp-gcp-providerconfig.yaml) 770 | * `claims/official/` - Examples to consume defined by Ops XRDs 771 | * [EKS Claim](claims/official/uxp-eks-claim.yaml) 772 | * [AKS Claim](claims/official/uxp-aks-claim.yaml) 773 | * [GKE Claim](claims/official/uxp-gke-claim.yaml) 774 | 775 | ## Jet providers 776 | 777 | * `configuration/jet/` - Composite Resource Definition (XRD) with satisfying Compositions 778 | * [xmanagedcluster XRD](configuration/jet/definition.yaml) 779 | * [eks composition](configuration/jet/jet-eks-composition.yaml) includes: 780 | * `Role` 781 | * `RolePolicyAttachment` 782 | * `VPC` 783 | * `SecurityGroup`, `SecurityGroupRule` 784 | * `Subnet` 785 | * `InternetGateway` 786 | * `RouteTable`, `Route`, `RouteTableAssociation` 787 | * `Cluster` 788 | * `NodeGroup` 789 | * `FargateProfile` 790 | * `Relase` 791 | * `Object` 792 | * [aks composition](configuration/jet/jet-aks-composition.yaml) includes: 793 | * `ResourceGroup` 794 | * `VirtualNetwork` 795 | * `Subnet` 796 | * `KubernetesCluster` 797 | * `KubernetesClusterNodePool` 798 | * `Relase` 799 | * `Object` 800 | * [gke composition](configuration/jet/jet-gke-composition.yaml) includes: 801 | * `Network` 802 | * `Subnetwork` 803 | * `Cluster` 804 | * `NodePool` 805 | * `Relase` 806 | * `Object` 807 | * `providers/jet/` - Provider Installation and Configuration 808 | * [Setup](providers/jet/jet-providers.yaml) 809 | * [AWS Provider Config](providers/jet/jet-aws-providerconfig.yaml) 810 | * [Azure Provider Config](providers/jet/jet-azure-providerconfig.yaml) 811 | * [GCP Provider Config](providers/jet/jet-gcp-providerconfig.yaml) 812 | * `claims/jet/` - Examples to consume defined by Ops XRDs 813 | * [EKS Jet Claim](claims/jet/jet-eks-claim.yaml) 814 | * [AKS Jet Claim](claims/jet/jet-aks-claim.yaml) 815 | * [GKE Jet Claim](claims/jet/jet-gke-claim.yaml) 816 | 817 | # Contributing workflow 818 | 819 | Here’s how we suggest you go about proposing a change to this project: 820 | 821 | 1. [Fork this project][fork] to your account. 822 | 2. [Create a branch][branch] for the change you intend to make. 823 | 3. Make your changes to your fork. 824 | 4. [Send a pull request][pr] from your fork’s branch to our `main` branch. 825 | 826 | Using the web-based interface to make changes is fine too, and will help you 827 | by automatically forking the project and prompting to send a pull request too. 828 | 829 | [fork]: https://help.github.com/articles/fork-a-repo/ 830 | [branch]: https://help.github.com/articles/creating-and-deleting-branches-within-your-repository 831 | [pr]: https://help.github.com/articles/using-pull-requests/ 832 | -------------------------------------------------------------------------------- /claims/jet/jet-aks-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: xpjetaks 5 | namespace: managed 6 | labels: 7 | owner: andrzej 8 | spec: 9 | id: xpjetaks 10 | compositionSelector: 11 | matchLabels: 12 | cluster: aks 13 | provider: jet 14 | parameters: 15 | version: "1.22.11" 16 | # nodeSize: small 17 | # nodeCount: 3 18 | # region: use1 19 | # region: eus 20 | region: euw1 21 | writeConnectionSecretToRef: 22 | name: xpjetaks 23 | -------------------------------------------------------------------------------- /claims/jet/jet-eks-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: xpjeteks 5 | namespace: managed 6 | labels: 7 | owner: andrzej 8 | spec: 9 | id: xpjeteks 10 | compositionSelector: 11 | matchLabels: 12 | cluster: eks 13 | provider: jet 14 | parameters: 15 | version: "1.22" 16 | fargateNamespace: default 17 | # nodeSize: small ### Supported values: small, medium, large 18 | # nodeCount: 3 19 | # region: apne2 20 | # region: usw1 21 | region: euw1 22 | writeConnectionSecretToRef: 23 | name: xpjeteks 24 | -------------------------------------------------------------------------------- /claims/jet/jet-gke-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: xpjetgke 5 | namespace: managed 6 | labels: 7 | owner: andrzej 8 | spec: 9 | id: xpjetgke 10 | compositionSelector: 11 | matchLabels: 12 | cluster: gke 13 | provider: jet 14 | parameters: 15 | version: "latest" 16 | # nodeSize: small ### Supported values: small, medium, large 17 | # nodeCount: 3 18 | # region: use1, eus 19 | region: euc 20 | writeConnectionSecretToRef: 21 | name: xpjetgke -------------------------------------------------------------------------------- /claims/native/xp-aks-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: xpaks 5 | namespace: managed 6 | labels: 7 | owner: natzka 8 | spec: 9 | id: xpaks 10 | compositionSelector: 11 | matchLabels: 12 | cluster: aks 13 | provider: native 14 | parameters: 15 | version: "1.23.12" 16 | # nodeSize: small ### Supported values: small, medium, large 17 | # nodeCount: 3 18 | # region: use1, eus, euc 19 | region: euw1 20 | writeConnectionSecretToRef: 21 | name: xpaks 22 | -------------------------------------------------------------------------------- /claims/native/xp-eks-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: xpeks 5 | namespace: managed 6 | labels: 7 | owner: natzka 8 | spec: 9 | id: xpeks 10 | compositionSelector: 11 | matchLabels: 12 | cluster: eks 13 | provider: native 14 | parameters: 15 | version: "1.23" 16 | fargateNamespace: default 17 | # nodeSize: small ### Supported values: small, medium, large 18 | # nodeCount: 3 19 | region: euw1 20 | writeConnectionSecretToRef: 21 | name: xpeks 22 | -------------------------------------------------------------------------------- /claims/native/xp-gke-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: xpgke 5 | namespace: managed 6 | labels: 7 | owner: natzka 8 | spec: 9 | id: xpgke 10 | compositionSelector: 11 | matchLabels: 12 | cluster: gke 13 | provider: native 14 | parameters: 15 | version: "1.23" 16 | # version: "latest" 17 | # nodeSize: small ### Supported values: small, medium, large 18 | # nodeCount: 3 19 | # region: use1, euc 20 | region: euw2 21 | writeConnectionSecretToRef: 22 | name: xpgke 23 | -------------------------------------------------------------------------------- /claims/official/uxp-aks-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: uxpaks 5 | namespace: managed 6 | labels: 7 | owner: natzka 8 | spec: 9 | id: uxpaks 10 | compositionSelector: 11 | matchLabels: 12 | cluster: aks 13 | provider: official 14 | parameters: 15 | version: "1.23.12" 16 | # nodeSize: small ### Supported values: small, medium, large 17 | # nodeCount: 3 18 | # region: use1, eus, euc 19 | region: euw1 20 | writeConnectionSecretToRef: 21 | name: uxpaks 22 | -------------------------------------------------------------------------------- /claims/official/uxp-eks-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: uxpeks 5 | namespace: managed 6 | labels: 7 | owner: natzka 8 | spec: 9 | id: uxpeks 10 | compositionSelector: 11 | matchLabels: 12 | cluster: eks 13 | provider: official 14 | parameters: 15 | version: "1.23" 16 | fargateNamespace: default 17 | # nodeSize: small ### Supported values: small, medium, large 18 | # nodeCount: 3 19 | # region: use1, eus, euc 20 | region: euw1 21 | writeConnectionSecretToRef: 22 | name: uxpeks 23 | -------------------------------------------------------------------------------- /claims/official/uxp-gke-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: compositions.io/v1alpha1 2 | kind: ManagedCluster 3 | metadata: 4 | name: uxpgke 5 | namespace: managed 6 | labels: 7 | owner: andrzej 8 | spec: 9 | id: uxpgke 10 | compositionSelector: 11 | matchLabels: 12 | cluster: gke 13 | provider: official 14 | parameters: 15 | version: "latest" 16 | # nodeSize: small ### Supported values: small, medium, large 17 | # nodeCount: 3 18 | # region: use1, eus, euc 19 | region: euw2 20 | writeConnectionSecretToRef: 21 | name: uxpgke 22 | -------------------------------------------------------------------------------- /configuration/jet/definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: CompositeResourceDefinition 3 | metadata: 4 | name: xmanagedclusters.compositions.io 5 | annotations: 6 | compositions.io/ui-schema: |- 7 | --- 8 | configSections: 9 | - title: Cluster Info 10 | description: Information about cluster 11 | items: 12 | - name: id 13 | controlType: singleInput 14 | type: string 15 | path: ".spec.id" 16 | title: Cluster ID 17 | description: Cluster ID that other objects refer to 18 | validation: 19 | - required: true 20 | customError: Cluster ID is required 21 | - name: type 22 | controlType: singleSelect 23 | path: ".spec.compositionRef.name" 24 | title: Cluster type 25 | description: The type of the cluster 26 | enum: 27 | - eks 28 | - gke 29 | - aks 30 | validation: 31 | - required: true 32 | customError: Cluster type is required. 33 | - title: Node Group 34 | description: Information about Node Group 35 | items: 36 | - name: version 37 | controlType: singleInput 38 | type: string 39 | path: ".spec.parameters.version" 40 | title: Kubernetes version 41 | description: Supported by provider Kubernetes version 42 | validation: 43 | - required: true 44 | customError: Kubernetes version type is required. 45 | - name: region 46 | controlType: singleSelect 47 | path: ".spec.parameters.region" 48 | title: Cloud Region 49 | description: Cloud region for provisioned resources 50 | enum: 51 | - use1 52 | - use2 53 | - usw1 54 | - usw2 55 | - cac 56 | - sae 57 | - afs 58 | - euc 59 | - euw1 60 | - euw2 61 | - euw3 62 | - eus 63 | - eun 64 | - ape 65 | - aps1 66 | - apne1 67 | - apne2 68 | - apne3 69 | - apse1 70 | - apse2 71 | - apse3 72 | default: use1 73 | validation: 74 | - required: false 75 | - name: nodeSize 76 | controlType: singleSelect 77 | path: ".spec.parameters.nodeSize" 78 | title: Node Size 79 | description: Supported; small, medium or large. The specific size is determined by the vendor. 80 | enum: 81 | - small 82 | - medium 83 | - large 84 | default: small 85 | validation: 86 | - required: false 87 | - name: nodeCount 88 | controlType: singleInput 89 | type: integer 90 | path: ".spec.parameters.nodeCount" 91 | title: Desired Node Count 92 | description: The initial number of nodes. The number of the nodes might increase due to enabled autoscaler. 93 | default: 1 94 | validation: 95 | - minimum: 1 96 | - maximum: 10 97 | - required: false 98 | spec: 99 | connectionSecretKeys: 100 | - kubeconfig 101 | defaultCompositionRef: 102 | name: aks 103 | group: compositions.io 104 | names: 105 | kind: XManagedCluster 106 | plural: xmanagedclusters 107 | claimNames: 108 | kind: ManagedCluster 109 | plural: managedclusters 110 | versions: 111 | - name: v1alpha1 112 | served: true 113 | referenceable: true 114 | schema: 115 | openAPIV3Schema: 116 | type: object 117 | properties: 118 | spec: 119 | type: object 120 | properties: 121 | id: 122 | type: string 123 | description: Cluster ID that other objects refer to 124 | parameters: 125 | type: object 126 | properties: 127 | version: 128 | description: Supported by provider Kubernetes version 129 | type: string 130 | region: 131 | description: Cloud region for provisioned resources 132 | type: string 133 | default: use1 134 | nodeSize: 135 | description: The node's size; supported; small, medium, large 136 | type: string 137 | default: small 138 | nodeCount: 139 | description: The desired number of nodes 140 | type: integer 141 | default: 1 142 | fargateNamespace: 143 | description: The Namespace for Fargate Profile 144 | type: string 145 | default: default 146 | required: 147 | - version 148 | required: 149 | - id 150 | - parameters 151 | status: 152 | type: object 153 | properties: 154 | clusterName: 155 | description: The cluster name 156 | type: string 157 | controlPlaneStatus: 158 | description: The control plane status 159 | type: string 160 | nodePoolStatus: 161 | description: The node pool status 162 | type: string 163 | fargateProfileStatus: 164 | description: The Fargate Profile status 165 | type: string 166 | additionalPrinterColumns: 167 | - name: clusterName 168 | type: string 169 | jsonPath: ".status.clusterName" 170 | - name: controlPlane 171 | type: string 172 | jsonPath: ".status.controlPlaneStatus" 173 | - name: nodePool 174 | type: string 175 | jsonPath: ".status.nodePoolStatus" 176 | - name: fargateProfile 177 | type: string 178 | jsonPath: ".status.fargateProfileStatus" 179 | -------------------------------------------------------------------------------- /configuration/jet/jet-aks-composition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: jet-aks 5 | labels: 6 | crossplane.io/xrd: xmanagedclusters.compositions.io 7 | provider: jet 8 | cluster: aks 9 | spec: 10 | compositeTypeRef: 11 | apiVersion: compositions.io/v1alpha1 12 | kind: XManagedCluster 13 | writeConnectionSecretsToNamespace: crossplane-system 14 | patchSets: 15 | - name: metadata 16 | patches: 17 | - fromFieldPath: metadata.labels 18 | - name: region 19 | patches: 20 | - fromFieldPath: spec.parameters.region 21 | toFieldPath: spec.forProvider.location 22 | transforms: 23 | - type: map 24 | map: 25 | use1: eastus 26 | use2: eastus2 27 | usw1: westus 28 | usw2: westus2 29 | cac: canadacentral 30 | sae: brazilsouth 31 | afs: southafricanorth 32 | euc: germanywestcentral 33 | euw1: northeurope 34 | euw2: uksouth 35 | euw3: francecentral 36 | eus: switzerlandnorth 37 | eun: swedencentral 38 | ape: eastasia 39 | aps1: westindia 40 | apne1: japaneast 41 | apne2: koreacentral 42 | apne3: japanwest 43 | apse1: southeastasia 44 | apse2: australiaeast 45 | apse3: australiacentral 46 | resources: 47 | - name: resourcegroup 48 | base: 49 | apiVersion: azure.jet.crossplane.io/v1alpha2 50 | kind: ResourceGroup 51 | spec: 52 | providerConfigRef: 53 | name: azure-jet-provider 54 | patches: 55 | - type: PatchSet 56 | patchSetName: metadata 57 | - type: PatchSet 58 | patchSetName: region 59 | - fromFieldPath: spec.id 60 | toFieldPath: metadata.name 61 | transforms: 62 | - type: string 63 | string: 64 | fmt: "rg-%s" 65 | - type: ToCompositeFieldPath 66 | fromFieldPath: metadata.name 67 | toFieldPath: metadata.labels.resourcegroup 68 | - name: vnet 69 | base: 70 | apiVersion: network.azure.jet.crossplane.io/v1alpha2 71 | kind: VirtualNetwork 72 | spec: 73 | forProvider: 74 | resourceGroupNameSelector: 75 | matchControllerRef: true 76 | addressSpace: 77 | - 10.244.32.0/19 78 | providerConfigRef: 79 | name: azure-jet-provider 80 | patches: 81 | - type: PatchSet 82 | patchSetName: metadata 83 | - type: PatchSet 84 | patchSetName: region 85 | - fromFieldPath: spec.id 86 | toFieldPath: metadata.name 87 | transforms: 88 | - type: string 89 | string: 90 | fmt: "vnet-%s" 91 | - name: subnet 92 | base: 93 | apiVersion: network.azure.jet.crossplane.io/v1alpha2 94 | kind: Subnet 95 | spec: 96 | forProvider: 97 | resourceGroupNameSelector: 98 | matchControllerRef: true 99 | virtualNetworkNameSelector: 100 | matchControllerRef: true 101 | addressPrefixes: 102 | - "10.244.32.0/22" 103 | providerConfigRef: 104 | name: azure-jet-provider 105 | patches: 106 | - type: PatchSet 107 | patchSetName: metadata 108 | - fromFieldPath: spec.id 109 | toFieldPath: metadata.name 110 | transforms: 111 | - type: string 112 | string: 113 | fmt: "snet-%s" 114 | - name: akscluster 115 | base: 116 | apiVersion: containerservice.azure.jet.crossplane.io/v1alpha2 117 | kind: KubernetesCluster 118 | spec: 119 | forProvider: 120 | dnsPrefix: xpjet 121 | roleBasedAccessControl: 122 | - enabled: true 123 | resourceGroupNameSelector: 124 | matchControllerRef: true 125 | defaultNodePool: 126 | - name: default 127 | nodeCount: 1 128 | vmSize: Standard_D2s_v3 129 | vnetSubnetIdSelector: 130 | matchControllerRef: true 131 | identity: 132 | - type: "SystemAssigned" 133 | writeConnectionSecretToRef: 134 | namespace: crossplane-system 135 | providerConfigRef: 136 | name: azure-jet-provider 137 | patches: 138 | - type: PatchSet 139 | patchSetName: metadata 140 | - type: PatchSet 141 | patchSetName: region 142 | - fromFieldPath: spec.id 143 | toFieldPath: metadata.name 144 | - fromFieldPath: spec.id 145 | toFieldPath: spec.writeConnectionSecretToRef.name 146 | transforms: 147 | - type: string 148 | string: 149 | fmt: "%s-akscluster" 150 | - fromFieldPath: spec.parameters.version 151 | toFieldPath: spec.forProvider.kubernetesVersion 152 | # - fromFieldPath: spec.id 153 | # toFieldPath: spec.forProvider.defaultNodePool[0].name 154 | # - fromFieldPath: spec.parameters.nodeCount 155 | # toFieldPath: spec.forProvider.defaultNodePool[0].nodeCount 156 | # - fromFieldPath: spec.parameters.nodeSize 157 | # toFieldPath: spec.forProvider.defaultNodePool[0].vmSize 158 | # transforms: 159 | # - type: map 160 | # map: 161 | # small: Standard_D2s_v3 162 | # medium: Standard_D4s_v3 163 | # large: Standard_D8s_v3 164 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 165 | - type: ToCompositeFieldPath 166 | fromFieldPath: metadata.name 167 | toFieldPath: status.clusterName 168 | - type: ToCompositeFieldPath 169 | fromFieldPath: status.conditions[0].status 170 | toFieldPath: status.controlPlaneStatus 171 | - type: ToCompositeFieldPath 172 | fromFieldPath: metadata.name 173 | toFieldPath: status.fargateProfileStatus 174 | transforms: 175 | - type: string 176 | string: 177 | fmt: "NA4-%s" 178 | connectionDetails: 179 | - fromConnectionSecretKey: kubeconfig 180 | readinessChecks: 181 | - type: MatchString 182 | fieldPath: status.conditions[0].status 183 | matchString: "True" 184 | - name: aksnode 185 | base: 186 | apiVersion: containerservice.azure.jet.crossplane.io/v1alpha2 187 | kind: KubernetesClusterNodePool 188 | spec: 189 | forProvider: 190 | kubernetesClusterIdSelector: 191 | matchControllerRef: true 192 | vnetSubnetIdSelector: 193 | matchControllerRef: true 194 | providerConfigRef: 195 | name: azure-jet-provider 196 | patches: 197 | - type: PatchSet 198 | patchSetName: metadata 199 | - fromFieldPath: spec.id 200 | toFieldPath: metadata.name 201 | - fromFieldPath: spec.parameters.nodeCount 202 | toFieldPath: spec.forProvider.nodeCount 203 | - fromFieldPath: spec.parameters.nodeSize 204 | toFieldPath: spec.forProvider.vmSize 205 | transforms: 206 | - type: map 207 | map: 208 | small: Standard_D2s_v3 209 | medium: Standard_D4s_v3 210 | large: Standard_D8s_v3 211 | - type: ToCompositeFieldPath 212 | fromFieldPath: status.conditions[0].status 213 | toFieldPath: status.nodePoolStatus 214 | readinessChecks: 215 | - type: MatchString 216 | fieldPath: status.conditions[0].status 217 | matchString: "True" 218 | 219 | - name: helm 220 | base: 221 | apiVersion: helm.crossplane.io/v1beta1 222 | kind: ProviderConfig 223 | spec: 224 | credentials: 225 | source: Secret 226 | secretRef: 227 | key: kubeconfig 228 | patches: 229 | - fromFieldPath: spec.id 230 | toFieldPath: metadata.name 231 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 232 | toFieldPath: spec.credentials.secretRef.namespace 233 | - fromFieldPath: spec.id 234 | toFieldPath: spec.credentials.secretRef.name 235 | transforms: 236 | - type: string 237 | string: 238 | fmt: "%s-akscluster" 239 | readinessChecks: 240 | - type: None 241 | - name: helm-crossplane 242 | base: 243 | apiVersion: helm.crossplane.io/v1beta1 244 | kind: Release 245 | spec: 246 | rollbackLimit: 3 247 | forProvider: 248 | namespace: crossplane-system 249 | chart: 250 | name: crossplane 251 | repository: https://charts.crossplane.io/stable 252 | version: "1.7.0" 253 | patches: 254 | - fromFieldPath: spec.id 255 | toFieldPath: metadata.name 256 | transforms: 257 | - type: string 258 | string: 259 | fmt: "%s-crossplane" 260 | - fromFieldPath: spec.id 261 | toFieldPath: spec.providerConfigRef.name 262 | - name: kubernetes 263 | base: 264 | apiVersion: kubernetes.crossplane.io/v1alpha1 265 | kind: ProviderConfig 266 | spec: 267 | credentials: 268 | source: Secret 269 | secretRef: 270 | key: kubeconfig 271 | patches: 272 | - fromFieldPath: spec.id 273 | toFieldPath: metadata.name 274 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 275 | toFieldPath: spec.credentials.secretRef.namespace 276 | - fromFieldPath: spec.id 277 | toFieldPath: spec.credentials.secretRef.name 278 | transforms: 279 | - type: string 280 | string: 281 | fmt: "%s-akscluster" 282 | readinessChecks: 283 | - type: None 284 | - name: k8s-ns-prod 285 | base: 286 | apiVersion: kubernetes.crossplane.io/v1alpha1 287 | kind: Object 288 | spec: 289 | forProvider: 290 | manifest: 291 | apiVersion: v1 292 | kind: Namespace 293 | metadata: 294 | name: production 295 | patches: 296 | - fromFieldPath: spec.id 297 | toFieldPath: metadata.name 298 | transforms: 299 | - type: string 300 | string: 301 | fmt: "%s-ns-prod" 302 | - fromFieldPath: spec.id 303 | toFieldPath: spec.providerConfigRef.name 304 | -------------------------------------------------------------------------------- /configuration/jet/jet-gke-composition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: jet-gke 5 | labels: 6 | crossplane.io/xrd: xmanagedclusters.compositions.io 7 | provider: jet 8 | cluster: gke 9 | spec: 10 | compositeTypeRef: 11 | apiVersion: compositions.io/v1alpha1 12 | kind: XManagedCluster 13 | writeConnectionSecretsToNamespace: crossplane-system 14 | patchSets: 15 | - name: metadata 16 | patches: 17 | - fromFieldPath: metadata.labels 18 | - name: region 19 | patches: 20 | - fromFieldPath: spec.parameters.region 21 | toFieldPath: spec.forProvider.region 22 | transforms: 23 | - type: map 24 | map: 25 | use1: us-east4 26 | use2: us-east1 27 | usw1: us-west2 28 | usw2: us-west1 29 | cac: northamerica-northeast1 30 | sae: southamerica-east1 31 | afs: asia-east1 32 | euc: europe-west3 33 | euw1: europe-west4 34 | euw2: europe-west2 35 | euw3: europe-west1 36 | eus: europe-west6 37 | eun: europe-north1 38 | ape: asia-east2 39 | aps1: asia-south1 40 | apne1: asia-northeast1 41 | apne2: asia-northeast3 42 | apne3: asia-northeast2 43 | apse1: asia-southeast1 44 | apse2: australia-southeast1 45 | apse3: asia-southeast2 46 | - name: location 47 | patches: 48 | - fromFieldPath: spec.parameters.region 49 | toFieldPath: spec.forProvider.location 50 | transforms: 51 | - type: map 52 | map: 53 | use1: us-east4 54 | use2: us-east1 55 | usw1: us-west2 56 | usw2: us-west1 57 | cac: northamerica-northeast1 58 | sae: southamerica-east1 59 | afs: asia-east1 60 | euc: europe-west3 61 | euw1: europe-west4 62 | euw2: europe-west2 63 | euw3: europe-west1 64 | eus: europe-west6 65 | eun: europe-north1 66 | ape: asia-east2 67 | aps1: asia-south1 68 | apne1: asia-northeast1 69 | apne2: asia-northeast3 70 | apne3: asia-northeast2 71 | apse1: asia-southeast1 72 | apse2: australia-southeast1 73 | apse3: asia-southeast2 74 | resources: 75 | - name: compute-net 76 | base: 77 | apiVersion: compute.gcp.jet.crossplane.io/v1alpha2 78 | kind: Network 79 | spec: 80 | forProvider: 81 | autoCreateSubnetworks: false 82 | routingConfig: 83 | routingMode: REGIONAL 84 | providerConfigRef: 85 | name: gcp-jet-provider 86 | patches: 87 | - type: PatchSet 88 | patchSetName: metadata 89 | - fromFieldPath: spec.id 90 | toFieldPath: metadata.name 91 | - name: compute-subnet 92 | base: 93 | apiVersion: compute.gcp.jet.crossplane.io/v1alpha2 94 | kind: Subnetwork 95 | spec: 96 | forProvider: 97 | networkSelector: 98 | matchControllerRef: true 99 | privateIpGoogleAccess: true 100 | ipCidrRange: 172.16.0.0/16 101 | secondaryIpRange: # secondaryIpRanges in classic 102 | - rangeName: pods 103 | ipCidrRange: 10.200.0.0/14 104 | - rangeName: services 105 | ipCidrRange: 10.204.0.0/16 106 | providerConfigRef: 107 | name: gcp-jet-provider 108 | patches: 109 | - type: PatchSet 110 | patchSetName: metadata 111 | - type: PatchSet 112 | patchSetName: region 113 | - fromFieldPath: spec.id 114 | toFieldPath: metadata.name 115 | - name: gkecluster 116 | base: 117 | apiVersion: container.gcp.jet.crossplane.io/v1alpha2 118 | kind: Cluster 119 | metadata: 120 | labels: 121 | fargateProfile: "NOT-APPLICABLE" 122 | spec: 123 | forProvider: 124 | initialNodeCount: 1 # jet only 125 | removeDefaultNodePool: true # jet only 126 | addonsConfig: 127 | - networkPolicyConfig: 128 | - disabled: false 129 | # gcePersistentDiskCsiDriverConfig: 130 | # enabled: true 131 | ipAllocationPolicy: 132 | - clusterSecondaryRangeName: pods 133 | servicesSecondaryRangeName: services 134 | # createSubnetwork: false 135 | # useIpAliases: true 136 | loggingService: logging.googleapis.com/kubernetes 137 | # masterAuth: 138 | # username: 139 | # masterAuthorizedNetworksConfig: 140 | # enabled: false 141 | monitoringService: monitoring.googleapis.com/kubernetes 142 | networkPolicy: 143 | - enabled: true 144 | # networkSelector: 145 | # matchControllerRef: true 146 | networkConfig: 147 | enableIntraNodeVisibility: true 148 | # subnetworkSelector: 149 | # matchControllerRef: true 150 | releaseChannel: 151 | - channel: UNSPECIFIED 152 | writeConnectionSecretToRef: 153 | namespace: crossplane-system 154 | providerConfigRef: 155 | name: gcp-jet-provider 156 | patches: 157 | - type: PatchSet 158 | patchSetName: metadata 159 | - type: PatchSet 160 | patchSetName: location 161 | - fromFieldPath: spec.id 162 | toFieldPath: metadata.name 163 | - fromFieldPath: spec.id 164 | toFieldPath: spec.forProvider.network 165 | - fromFieldPath: spec.id 166 | toFieldPath: spec.forProvider.subnetwork 167 | - fromFieldPath: spec.parameters.version 168 | toFieldPath: spec.forProvider.initialClusterVersion 169 | - fromFieldPath: spec.id 170 | toFieldPath: spec.writeConnectionSecretToRef.name 171 | transforms: 172 | - type: string 173 | string: 174 | fmt: "%s-gkecluster" 175 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 176 | - type: ToCompositeFieldPath 177 | fromFieldPath: metadata.name 178 | toFieldPath: status.clusterName 179 | - type: ToCompositeFieldPath 180 | fromFieldPath: status.conditions[0].status 181 | toFieldPath: status.controlPlaneStatus 182 | - type: ToCompositeFieldPath 183 | fromFieldPath: metadata.name 184 | toFieldPath: status.fargateProfileStatus 185 | transforms: 186 | - type: string 187 | string: 188 | fmt: "NA4-%s" 189 | connectionDetails: 190 | - fromConnectionSecretKey: kubeconfig 191 | readinessChecks: 192 | - type: MatchString 193 | fieldPath: status.conditions[0].status 194 | matchString: "True" 195 | - name: gkenode 196 | base: 197 | apiVersion: container.gcp.jet.crossplane.io/v1alpha2 198 | kind: NodePool 199 | spec: 200 | forProvider: 201 | clusterSelector: 202 | matchControllerRef: true 203 | config: 204 | oauthScopes: 205 | - https://www.googleapis.com/auth/cloud-platform 206 | - https://www.googleapis.com/auth/devstorage.read_only 207 | - https://www.googleapis.com/auth/logging.write 208 | - https://www.googleapis.com/auth/monitoring 209 | - https://www.googleapis.com/auth/compute 210 | shieldedInstanceConfig: 211 | enableIntegrityMonitoring: true 212 | enableSecureBoot: true 213 | autoscaling: 214 | - enabled: true 215 | minNodeCount: 1 216 | maxNodeCount: 5 217 | management: 218 | - autoRepair: true 219 | autoUpgrade: false 220 | providerConfigRef: 221 | name: gcp-jet-provider 222 | patches: 223 | - type: PatchSet 224 | patchSetName: metadata 225 | - fromFieldPath: spec.id 226 | toFieldPath: metadata.name 227 | - fromFieldPath: spec.parameters.nodeCount 228 | toFieldPath: spec.forProvider.autoscaling[0].minNodeCount 229 | - fromFieldPath: spec.parameters.nodeCount 230 | toFieldPath: spec.forProvider.initialNodeCount 231 | - fromFieldPath: spec.parameters.nodeSize 232 | toFieldPath: spec.forProvider.config.machineType 233 | transforms: 234 | - type: map 235 | map: 236 | small: e2-standard-2 237 | medium: e2-standard-4 238 | large: e2-standard-16 239 | - type: ToCompositeFieldPath 240 | fromFieldPath: status.conditions[0].status 241 | toFieldPath: status.nodePoolStatus 242 | readinessChecks: 243 | - type: MatchString 244 | fieldPath: status.conditions[0].status 245 | matchString: "True" 246 | 247 | - name: helm 248 | base: 249 | apiVersion: helm.crossplane.io/v1beta1 250 | kind: ProviderConfig 251 | spec: 252 | credentials: 253 | source: Secret 254 | secretRef: 255 | key: kubeconfig 256 | identity: 257 | type: GoogleApplicationCredentials 258 | source: Secret 259 | secretRef: 260 | name: gcp-account-creds 261 | key: credentials 262 | patches: 263 | - fromFieldPath: spec.id 264 | toFieldPath: metadata.name 265 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 266 | toFieldPath: spec.credentials.secretRef.namespace 267 | - fromFieldPath: spec.id 268 | toFieldPath: spec.credentials.secretRef.name 269 | transforms: 270 | - type: string 271 | string: 272 | fmt: "%s-gkecluster" 273 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 274 | toFieldPath: spec.identity.secretRef.namespace 275 | readinessChecks: 276 | - type: None 277 | - name: helm-crossplane 278 | base: 279 | apiVersion: helm.crossplane.io/v1beta1 280 | kind: Release 281 | spec: 282 | rollbackLimit: 3 283 | forProvider: 284 | namespace: crossplane-system 285 | chart: 286 | name: crossplane 287 | repository: https://charts.crossplane.io/stable 288 | version: "1.6.3" 289 | patches: 290 | - fromFieldPath: spec.id 291 | toFieldPath: metadata.name 292 | transforms: 293 | - type: string 294 | string: 295 | fmt: "%s-crossplane" 296 | - fromFieldPath: spec.id 297 | toFieldPath: spec.providerConfigRef.name 298 | - name: kubernetes 299 | base: 300 | apiVersion: kubernetes.crossplane.io/v1alpha1 301 | kind: ProviderConfig 302 | spec: 303 | credentials: 304 | source: Secret 305 | secretRef: 306 | key: kubeconfig 307 | identity: 308 | type: GoogleApplicationCredentials 309 | source: Secret 310 | secretRef: 311 | namespace: crossplane-system 312 | name: gcp-account-creds 313 | key: credentials 314 | patches: 315 | - fromFieldPath: spec.id 316 | toFieldPath: metadata.name 317 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 318 | toFieldPath: spec.credentials.secretRef.namespace 319 | - fromFieldPath: spec.id 320 | toFieldPath: spec.credentials.secretRef.name 321 | transforms: 322 | - type: string 323 | string: 324 | fmt: "%s-gkecluster" 325 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 326 | toFieldPath: spec.identity.secretRef.namespace 327 | readinessChecks: 328 | - type: None 329 | - name: k8s-ns-prod 330 | base: 331 | apiVersion: kubernetes.crossplane.io/v1alpha1 332 | kind: Object 333 | spec: 334 | forProvider: 335 | manifest: 336 | apiVersion: v1 337 | kind: Namespace 338 | metadata: 339 | name: production 340 | patches: 341 | - fromFieldPath: spec.id 342 | toFieldPath: metadata.name 343 | transforms: 344 | - type: string 345 | string: 346 | fmt: "%s-ns-prod" 347 | - fromFieldPath: spec.id 348 | toFieldPath: spec.providerConfigRef.name -------------------------------------------------------------------------------- /configuration/native/crossplane.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: meta.pkg.crossplane.io/v1 3 | kind: Configuration 4 | metadata: 5 | name: managed-kubernetes-native 6 | annotations: 7 | meta.crossplane.io/maintainer: AndrzejKozlowski 8 | meta.crossplane.io/source: github.com/NatzkaLabsOpenSource/managed-kubernetes 9 | meta.crossplane.io/license: Apache-2.0 10 | meta.crossplane.io/description: | 11 | Fully operational managed Kubernetes clusters (AKS, EKS and GKE) 12 | with supporting services using native providers. 13 | meta.crossplane.io/readme: | 14 | A Configuration package that provision fully operational Kubernetes clusters 15 | across multiple cloud providers, such AWS (EKS), Azure (AKS) and GCP (GKE) 16 | with supporting infrastructure service such as Crossplane (XP) using native providers. 17 | spec: 18 | crossplane: 19 | version: ">=v1.9" 20 | dependsOn: 21 | - provider: xpkg.upbound.io/crossplane-contrib/provider-aws 22 | version: ">=v0.34.0" 23 | - provider: xpkg.upbound.io/crossplane-contrib/provider-azure 24 | version: ">=v0.20.1" 25 | - provider: xpkg.upbound.io/crossplane-contrib/provider-gcp 26 | version: ">=v0.22.0" 27 | - provider: xpkg.upbound.io/crossplane-contrib/provider-helm 28 | version: ">=v0.12.0" 29 | - provider: xpkg.upbound.io/crossplane-contrib/provider-kubernetes 30 | version: ">=v0.5.0" 31 | -------------------------------------------------------------------------------- /configuration/native/definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: CompositeResourceDefinition 3 | metadata: 4 | name: xmanagedclusters.compositions.io 5 | annotations: 6 | compositions.io/ui-schema: |- 7 | --- 8 | configSections: 9 | - title: Cluster Info 10 | description: Information about cluster 11 | items: 12 | - name: id 13 | controlType: singleInput 14 | type: string 15 | path: ".spec.id" 16 | title: Cluster ID 17 | description: Cluster ID that other objects refer to 18 | validation: 19 | - required: true 20 | customError: Cluster ID is required 21 | - name: type 22 | controlType: singleSelect 23 | path: ".spec.compositionRef.name" 24 | title: Cluster type 25 | description: The type of the cluster 26 | enum: 27 | - eks 28 | - gke 29 | - aks 30 | validation: 31 | - required: true 32 | customError: Cluster type is required. 33 | - title: Node Group 34 | description: Information about Node Group 35 | items: 36 | - name: version 37 | controlType: singleInput 38 | type: string 39 | path: ".spec.parameters.version" 40 | title: Kubernetes version 41 | description: Supported by provider Kubernetes version 42 | validation: 43 | - required: true 44 | customError: Kubernetes version type is required. 45 | - name: region 46 | controlType: singleSelect 47 | path: ".spec.parameters.region" 48 | title: Cloud Region 49 | description: Cloud region for provisioned resources 50 | enum: 51 | - use1 52 | - use2 53 | - usw1 54 | - usw2 55 | - cac 56 | - sae 57 | - afs 58 | - euc 59 | - euw1 60 | - euw2 61 | - euw3 62 | - eus 63 | - eun 64 | - ape 65 | - aps1 66 | - apne1 67 | - apne2 68 | - apne3 69 | - apse1 70 | - apse2 71 | - apse3 72 | default: use1 73 | validation: 74 | - required: false 75 | - name: nodeSize 76 | controlType: singleSelect 77 | path: ".spec.parameters.nodeSize" 78 | title: Node Size 79 | description: Supported; small, medium or large. The specific size is determined by the vendor. 80 | enum: 81 | - small 82 | - medium 83 | - large 84 | default: small 85 | validation: 86 | - required: false 87 | - name: nodeCount 88 | controlType: singleInput 89 | type: integer 90 | path: ".spec.parameters.nodeCount" 91 | title: Desired Node Count 92 | description: The initial number of nodes. The number of the nodes might increase due to enabled autoscaler. 93 | default: 1 94 | validation: 95 | - minimum: 1 96 | - maximum: 10 97 | - required: false 98 | spec: 99 | connectionSecretKeys: 100 | - kubeconfig 101 | defaultCompositionRef: 102 | name: aks 103 | group: compositions.io 104 | names: 105 | kind: XManagedCluster 106 | plural: xmanagedclusters 107 | claimNames: 108 | kind: ManagedCluster 109 | plural: managedclusters 110 | versions: 111 | - name: v1alpha1 112 | served: true 113 | referenceable: true 114 | schema: 115 | openAPIV3Schema: 116 | type: object 117 | properties: 118 | spec: 119 | type: object 120 | properties: 121 | id: 122 | type: string 123 | description: Cluster ID that other objects refer to 124 | parameters: 125 | type: object 126 | properties: 127 | version: 128 | description: Supported by provider Kubernetes version 129 | type: string 130 | region: 131 | description: Cloud region for provisioned resources 132 | type: string 133 | default: use1 134 | nodeSize: 135 | description: The node's size; supported; small, medium, large 136 | type: string 137 | default: small 138 | nodeCount: 139 | description: The desired number of nodes 140 | type: integer 141 | default: 1 142 | fargateNamespace: 143 | description: The Namespace for Fargate Profile 144 | type: string 145 | default: default 146 | required: 147 | - version 148 | required: 149 | - id 150 | - parameters 151 | status: 152 | type: object 153 | properties: 154 | clusterName: 155 | description: The cluster name 156 | type: string 157 | controlPlaneStatus: 158 | description: The control plane status 159 | type: string 160 | nodePoolStatus: 161 | description: The node pool status 162 | type: string 163 | fargateProfileStatus: 164 | description: The Fargate Profile status 165 | type: string 166 | additionalPrinterColumns: 167 | - name: clusterName 168 | type: string 169 | jsonPath: ".status.clusterName" 170 | - name: controlPlane 171 | type: string 172 | jsonPath: ".status.controlPlaneStatus" 173 | - name: nodePool 174 | type: string 175 | jsonPath: ".status.nodePoolStatus" 176 | - name: fargateProfile 177 | type: string 178 | jsonPath: ".status.fargateProfileStatus" 179 | -------------------------------------------------------------------------------- /configuration/native/xp-aks-composition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: native-aks 5 | labels: 6 | crossplane.io/xrd: xmanagedclusters.compositions.io 7 | provider: native 8 | cluster: aks 9 | spec: 10 | compositeTypeRef: 11 | apiVersion: compositions.io/v1alpha1 12 | kind: XManagedCluster 13 | writeConnectionSecretsToNamespace: crossplane-system 14 | patchSets: 15 | - name: metadata 16 | patches: 17 | - fromFieldPath: metadata.labels 18 | - name: region 19 | patches: 20 | - fromFieldPath: spec.parameters.region 21 | toFieldPath: spec.location 22 | transforms: 23 | - type: map 24 | map: 25 | use1: eastus 26 | use2: eastus2 27 | usw1: westus 28 | usw2: westus2 29 | cac: canadacentral 30 | sae: brazilsouth 31 | afs: southafricanorth 32 | euc: germanywestcentral 33 | euw1: northeurope 34 | euw2: uksouth 35 | euw3: francecentral 36 | eus: switzerlandnorth 37 | eun: swedencentral 38 | ape: eastasia 39 | aps1: westindia 40 | apne1: japaneast 41 | apne2: koreacentral 42 | apne3: japanwest 43 | apse1: southeastasia 44 | apse2: australiaeast 45 | apse3: australiacentral 46 | 47 | resources: 48 | - name: resourcegroup 49 | base: 50 | apiVersion: azure.crossplane.io/v1alpha3 51 | kind: ResourceGroup 52 | spec: 53 | providerConfigRef: 54 | name: azure-xp-provider 55 | patches: 56 | - type: PatchSet 57 | patchSetName: metadata 58 | - type: PatchSet 59 | patchSetName: region 60 | - fromFieldPath: spec.id 61 | toFieldPath: metadata.name 62 | transforms: 63 | - type: string 64 | string: 65 | fmt: "rg-%s" 66 | - type: ToCompositeFieldPath 67 | fromFieldPath: metadata.name 68 | toFieldPath: metadata.labels.resourcegroup 69 | 70 | - name: vnet 71 | base: 72 | apiVersion: network.azure.crossplane.io/v1alpha3 73 | kind: VirtualNetwork 74 | spec: 75 | resourceGroupNameSelector: 76 | matchControllerRef: true 77 | properties: 78 | addressSpace: 79 | addressPrefixes: 80 | - 10.2.0.0/16 81 | providerConfigRef: 82 | name: azure-xp-provider 83 | patches: 84 | - type: PatchSet 85 | patchSetName: metadata 86 | - type: PatchSet 87 | patchSetName: region 88 | - fromFieldPath: spec.id 89 | toFieldPath: metadata.name 90 | transforms: 91 | - type: string 92 | string: 93 | fmt: "vnet-%s" 94 | 95 | - name: subnet 96 | base: 97 | apiVersion: network.azure.crossplane.io/v1alpha3 98 | kind: Subnet 99 | spec: 100 | resourceGroupNameSelector: 101 | matchControllerRef: true 102 | virtualNetworkNameSelector: 103 | matchControllerRef: true 104 | properties: 105 | addressPrefix: 10.2.0.0/24 106 | providerConfigRef: 107 | name: azure-xp-provider 108 | patches: 109 | - type: PatchSet 110 | patchSetName: metadata 111 | - fromFieldPath: spec.id 112 | toFieldPath: metadata.name 113 | transforms: 114 | - type: string 115 | string: 116 | fmt: "snet-%s" 117 | 118 | - name: aks 119 | base: 120 | apiVersion: compute.azure.crossplane.io/v1alpha3 121 | kind: AKSCluster 122 | spec: 123 | dnsNamePrefix: xpnative 124 | disableRBAC: false 125 | resourceGroupNameSelector: 126 | matchControllerRef: true 127 | vnetSubnetIDSelector: 128 | matchControllerRef: true 129 | writeConnectionSecretToRef: 130 | namespace: crossplane-system 131 | providerConfigRef: 132 | name: azure-xp-provider 133 | patches: 134 | - type: PatchSet 135 | patchSetName: metadata 136 | - type: PatchSet 137 | patchSetName: region 138 | - fromFieldPath: spec.id 139 | toFieldPath: metadata.name 140 | transforms: 141 | - type: string 142 | string: 143 | fmt: "cluster-%s" 144 | - type: ToCompositeFieldPath 145 | fromFieldPath: metadata.name 146 | toFieldPath: status.clusterName 147 | - fromFieldPath: spec.parameters.version 148 | toFieldPath: spec.version 149 | - fromFieldPath: spec.parameters.nodeCount 150 | toFieldPath: spec.nodeCount 151 | - fromFieldPath: spec.parameters.nodeSize 152 | toFieldPath: spec.nodeVMSize 153 | transforms: 154 | - type: map 155 | map: 156 | small: Standard_D2s_v3 157 | medium: Standard_D4s_v3 158 | large: Standard_D8s_v3 159 | - fromFieldPath: spec.id 160 | toFieldPath: spec.writeConnectionSecretToRef.name 161 | transforms: 162 | - type: string 163 | string: 164 | fmt: "%s-akscluster" 165 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 166 | - type: ToCompositeFieldPath 167 | fromFieldPath: status.state 168 | toFieldPath: status.controlPlaneStatus 169 | - type: ToCompositeFieldPath 170 | fromFieldPath: status.state 171 | toFieldPath: status.nodePoolStatus 172 | - type: ToCompositeFieldPath 173 | fromFieldPath: metadata.name 174 | toFieldPath: status.fargateProfileStatus 175 | transforms: 176 | - type: string 177 | string: 178 | fmt: "NA4-%s" 179 | connectionDetails: 180 | - fromConnectionSecretKey: kubeconfig 181 | readinessChecks: 182 | - type: MatchString 183 | fieldPath: "status.state" 184 | matchString: "Succeeded" 185 | 186 | - name: kubernetes 187 | base: 188 | apiVersion: kubernetes.crossplane.io/v1alpha1 189 | kind: ProviderConfig 190 | spec: 191 | credentials: 192 | source: Secret 193 | secretRef: 194 | key: kubeconfig 195 | patches: 196 | - fromFieldPath: spec.id 197 | toFieldPath: metadata.name 198 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 199 | toFieldPath: spec.credentials.secretRef.namespace 200 | - fromFieldPath: spec.id 201 | toFieldPath: spec.credentials.secretRef.name 202 | transforms: 203 | - type: string 204 | string: 205 | fmt: "%s-akscluster" 206 | readinessChecks: 207 | - type: None 208 | - name: k8s-ns-prod 209 | base: 210 | apiVersion: kubernetes.crossplane.io/v1alpha1 211 | kind: Object 212 | spec: 213 | forProvider: 214 | manifest: 215 | apiVersion: v1 216 | kind: Namespace 217 | metadata: 218 | name: crossplane-system 219 | patches: 220 | - fromFieldPath: spec.id 221 | toFieldPath: metadata.name 222 | transforms: 223 | - type: string 224 | string: 225 | fmt: "%s-ns-xp" 226 | - fromFieldPath: spec.id 227 | toFieldPath: spec.providerConfigRef.name 228 | 229 | - name: helm 230 | base: 231 | apiVersion: helm.crossplane.io/v1beta1 232 | kind: ProviderConfig 233 | spec: 234 | credentials: 235 | source: Secret 236 | secretRef: 237 | key: kubeconfig 238 | patches: 239 | - fromFieldPath: spec.id 240 | toFieldPath: metadata.name 241 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 242 | toFieldPath: spec.credentials.secretRef.namespace 243 | - fromFieldPath: spec.id 244 | toFieldPath: spec.credentials.secretRef.name 245 | transforms: 246 | - type: string 247 | string: 248 | fmt: "%s-akscluster" 249 | readinessChecks: 250 | - type: None 251 | - name: helm-xp 252 | base: 253 | apiVersion: helm.crossplane.io/v1beta1 254 | kind: Release 255 | spec: 256 | rollbackLimit: 3 257 | forProvider: 258 | namespace: crossplane-system 259 | chart: 260 | name: crossplane 261 | repository: https://charts.crossplane.io/stable 262 | version: "1.10.1" 263 | patches: 264 | - fromFieldPath: spec.id 265 | toFieldPath: metadata.name 266 | transforms: 267 | - type: string 268 | string: 269 | fmt: "%s-crossplane" 270 | - fromFieldPath: spec.id 271 | toFieldPath: spec.providerConfigRef.name 272 | -------------------------------------------------------------------------------- /configuration/native/xp-eks-composition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: native-eks 5 | labels: 6 | crossplane.io/xrd: xmanagedclusters.compositions.io 7 | provider: native 8 | cluster: eks 9 | spec: 10 | compositeTypeRef: 11 | apiVersion: compositions.io/v1alpha1 12 | kind: XManagedCluster 13 | writeConnectionSecretsToNamespace: crossplane-system 14 | patchSets: 15 | - name: metadata 16 | patches: 17 | - fromFieldPath: metadata.labels 18 | - name: region 19 | patches: 20 | - fromFieldPath: spec.parameters.region 21 | toFieldPath: spec.forProvider.region 22 | transforms: 23 | - type: map 24 | map: # Standard AZs: a-c; Fargate Support 25 | use1: us-east-1 # a-f 26 | use2: us-east-2 27 | usw1: us-west-1 # ac 28 | usw2: us-west-2 # a-d 29 | cac: ca-central-1 # abd, FG: ab 30 | sae: sa-east-1 31 | afs: af-south-1 # default: disabled 32 | euc: eu-central-1 33 | euw1: eu-west-1 34 | euw2: eu-west-2 35 | euw3: eu-west-3 36 | eus: eu-south-1 # default: disabled 37 | eun: eu-north-1 38 | ape: ap-east-1 # default: disabled 39 | aps1: ap-south-1 40 | apne1: ap-northeast-1 # acd 41 | apne2: ap-northeast-2 # a-d 42 | apne3: ap-northeast-3 43 | apse1: ap-southeast-1 44 | apse2: ap-southeast-2 45 | apse3: ap-southeast-3 # default: disabled 46 | - name: snet-zone-1 47 | patches: 48 | - fromFieldPath: spec.parameters.region 49 | toFieldPath: metadata.labels.zone 50 | transforms: 51 | - type: map 52 | map: 53 | use1: us-east-1a 54 | use2: us-east-2a 55 | usw1: us-west-1a 56 | usw2: us-west-2a 57 | cac: ca-central-1a 58 | sae: sa-east-1a 59 | afs: af-south-1a 60 | euc: eu-central-1a 61 | euw1: eu-west-1a 62 | euw2: eu-west-2a 63 | euw3: eu-west-3a 64 | eus: eu-south-1a 65 | eun: eu-north-1a 66 | ape: ap-east-1a 67 | aps1: ap-south-1a 68 | apne1: ap-northeast-1a 69 | apne2: ap-northeast-2a 70 | apne3: ap-northeast-3a 71 | apse1: ap-southeast-1a 72 | apse2: ap-southeast-2a 73 | apse3: ap-southeast-3a 74 | - fromFieldPath: spec.parameters.region 75 | toFieldPath: spec.forProvider.availabilityZone 76 | transforms: 77 | - type: map 78 | map: 79 | use1: us-east-1a 80 | use2: us-east-2a 81 | usw1: us-west-1a 82 | usw2: us-west-2a 83 | cac: ca-central-1a 84 | sae: sa-east-1a 85 | afs: af-south-1a 86 | euc: eu-central-1a 87 | euw1: eu-west-1a 88 | euw2: eu-west-2a 89 | euw3: eu-west-3a 90 | eus: eu-south-1a 91 | eun: eu-north-1a 92 | ape: ap-east-1a 93 | aps1: ap-south-1a 94 | apne1: ap-northeast-1a 95 | apne2: ap-northeast-2a 96 | apne3: ap-northeast-3a 97 | apse1: ap-southeast-1a 98 | apse2: ap-southeast-2a 99 | apse3: ap-southeast-3a 100 | - name: snet-zone-2 101 | patches: 102 | - fromFieldPath: spec.parameters.region 103 | toFieldPath: metadata.labels.zone 104 | transforms: 105 | - type: map 106 | map: 107 | use1: us-east-1b 108 | use2: us-east-2b 109 | usw1: us-west-1a # No b zone 110 | usw2: us-west-2b 111 | cac: ca-central-1b 112 | sae: sa-east-1b 113 | afs: af-south-1b 114 | euc: eu-central-1b 115 | euw1: eu-west-1b 116 | euw2: eu-west-2b 117 | euw3: eu-west-3b 118 | eus: eu-south-1b 119 | eun: eu-north-1b 120 | ape: ap-east-1b 121 | aps1: ap-south-1b 122 | apne1: ap-northeast-1d # No b zone 123 | apne2: ap-northeast-2b 124 | apne3: ap-northeast-3b 125 | apse1: ap-southeast-1b 126 | apse2: ap-southeast-2b 127 | apse3: ap-southeast-3b 128 | - fromFieldPath: spec.parameters.region 129 | toFieldPath: spec.forProvider.availabilityZone 130 | transforms: 131 | - type: map 132 | map: 133 | use1: us-east-1b 134 | use2: us-east-2b 135 | usw1: us-west-1a # No b zone 136 | usw2: us-west-2b 137 | cac: ca-central-1b 138 | sae: sa-east-1b 139 | afs: af-south-1b 140 | euc: eu-central-1b 141 | euw1: eu-west-1b 142 | euw2: eu-west-2b 143 | euw3: eu-west-3b 144 | eus: eu-south-1b 145 | eun: eu-north-1b 146 | ape: ap-east-1b 147 | aps1: ap-south-1b 148 | apne1: ap-northeast-1d # No b zone 149 | apne2: ap-northeast-2b 150 | apne3: ap-northeast-3b 151 | apse1: ap-southeast-1b 152 | apse2: ap-southeast-2b 153 | apse3: ap-southeast-3b 154 | - name: snet-zone-3 155 | patches: 156 | - fromFieldPath: spec.parameters.region 157 | toFieldPath: metadata.labels.zone 158 | transforms: 159 | - type: map 160 | map: 161 | use1: us-east-1c 162 | use2: us-east-2c 163 | usw1: us-west-1c 164 | usw2: us-west-2c 165 | cac: ca-central-1b # No c zone; d zone not support FG 166 | sae: sa-east-1c 167 | afs: af-south-1c 168 | euc: eu-central-1c 169 | euw1: eu-west-1c 170 | euw2: eu-west-2c 171 | euw3: eu-west-3c 172 | eus: eu-south-1c 173 | eun: eu-north-1c 174 | ape: ap-east-1c 175 | aps1: ap-south-1c 176 | apne1: ap-northeast-1c 177 | apne2: ap-northeast-2c 178 | apne3: ap-northeast-3c 179 | apse1: ap-southeast-1c 180 | apse2: ap-southeast-2c 181 | apse3: ap-southeast-3c 182 | - fromFieldPath: spec.parameters.region 183 | toFieldPath: spec.forProvider.availabilityZone 184 | transforms: 185 | - type: map 186 | map: 187 | use1: us-east-1c 188 | use2: us-east-2c 189 | usw1: us-west-1c 190 | usw2: us-west-2c 191 | cac: ca-central-1b # No c zone; d zone not support FG 192 | sae: sa-east-1c 193 | afs: af-south-1c 194 | euc: eu-central-1c 195 | euw1: eu-west-1c 196 | euw2: eu-west-2c 197 | euw3: eu-west-3c 198 | eus: eu-south-1c 199 | eun: eu-north-1c 200 | ape: ap-east-1c 201 | aps1: ap-south-1c 202 | apne1: ap-northeast-1c 203 | apne2: ap-northeast-2c 204 | apne3: ap-northeast-3c 205 | apse1: ap-southeast-1c 206 | apse2: ap-southeast-2c 207 | apse3: ap-southeast-3c 208 | - name: route-zones 209 | patches: 210 | - fromFieldPath: spec.parameters.region 211 | toFieldPath: spec.forProvider.associations[0].subnetIdSelector.matchLabels.zone 212 | transforms: 213 | - type: map 214 | map: 215 | use1: us-east-1a 216 | use2: us-east-2a 217 | usw1: us-west-1a 218 | usw2: us-west-2a 219 | cac: ca-central-1a 220 | sae: sa-east-1a 221 | afs: af-south-1a 222 | euc: eu-central-1a 223 | euw1: eu-west-1a 224 | euw2: eu-west-2a 225 | euw3: eu-west-3a 226 | eus: eu-south-1a 227 | eun: eu-north-1a 228 | ape: ap-east-1a 229 | aps1: ap-south-1a 230 | apne1: ap-northeast-1a 231 | apne2: ap-northeast-2a 232 | apne3: ap-northeast-3a 233 | apse1: ap-southeast-1a 234 | apse2: ap-southeast-2a 235 | apse3: ap-southeast-3a 236 | - fromFieldPath: spec.parameters.region 237 | toFieldPath: spec.forProvider.associations[1].subnetIdSelector.matchLabels.zone 238 | transforms: 239 | - type: map 240 | map: 241 | use1: us-east-1b 242 | use2: us-east-2b 243 | usw1: us-west-1a # No b zone 244 | usw2: us-west-2b 245 | cac: ca-central-1b 246 | sae: sa-east-1b 247 | afs: af-south-1b 248 | euc: eu-central-1b 249 | euw1: eu-west-1b 250 | euw2: eu-west-2b 251 | euw3: eu-west-3b 252 | eus: eu-south-1b 253 | eun: eu-north-1b 254 | ape: ap-east-1b 255 | aps1: ap-south-1b 256 | apne1: ap-northeast-1d # No b zone 257 | apne2: ap-northeast-2b 258 | apne3: ap-northeast-3b 259 | apse1: ap-southeast-1b 260 | apse2: ap-southeast-2b 261 | apse3: ap-southeast-3b 262 | - fromFieldPath: spec.parameters.region 263 | toFieldPath: spec.forProvider.associations[2].subnetIdSelector.matchLabels.zone 264 | transforms: 265 | - type: map 266 | map: 267 | use1: us-east-1c 268 | use2: us-east-2c 269 | usw1: us-west-1c 270 | usw2: us-west-2c 271 | cac: ca-central-1b # No c zone; d zone not support FG 272 | sae: sa-east-1c 273 | afs: af-south-1c 274 | euc: eu-central-1c 275 | euw1: eu-west-1c 276 | euw2: eu-west-2c 277 | euw3: eu-west-3c 278 | eus: eu-south-1c 279 | eun: eu-north-1c 280 | ape: ap-east-1c 281 | aps1: ap-south-1c 282 | apne1: ap-northeast-1c 283 | apne2: ap-northeast-2c 284 | apne3: ap-northeast-3c 285 | apse1: ap-southeast-1c 286 | apse2: ap-southeast-2c 287 | apse3: ap-southeast-3c 288 | 289 | resources: 290 | # IAM Roles 291 | - name: iamrole-controlplane 292 | base: 293 | apiVersion: iam.aws.crossplane.io/v1beta1 294 | kind: Role 295 | spec: 296 | forProvider: 297 | assumeRolePolicyDocument: | 298 | { 299 | "Version": "2012-10-17", 300 | "Statement": [ 301 | { 302 | "Effect": "Allow", 303 | "Principal": { 304 | "Service": [ 305 | "eks.amazonaws.com" 306 | ] 307 | }, 308 | "Action": [ 309 | "sts:AssumeRole" 310 | ] 311 | } 312 | ] 313 | } 314 | providerConfigRef: 315 | name: aws-xp-provider 316 | patches: 317 | - fromFieldPath: spec.id 318 | toFieldPath: metadata.name 319 | transforms: 320 | - type: string 321 | string: 322 | fmt: "%s-controlplane" 323 | - fromFieldPath: spec.id 324 | toFieldPath: metadata.labels.role 325 | transforms: 326 | - type: string 327 | string: 328 | fmt: "%s-controlplane" 329 | - name: iamrole-nodegroup 330 | base: 331 | apiVersion: iam.aws.crossplane.io/v1beta1 332 | kind: Role 333 | spec: 334 | forProvider: 335 | assumeRolePolicyDocument: | 336 | { 337 | "Version": "2012-10-17", 338 | "Statement": [ 339 | { 340 | "Effect": "Allow", 341 | "Principal": { 342 | "Service": [ 343 | "ec2.amazonaws.com" 344 | ] 345 | }, 346 | "Action": [ 347 | "sts:AssumeRole" 348 | ] 349 | } 350 | ] 351 | } 352 | providerConfigRef: 353 | name: aws-xp-provider 354 | patches: 355 | - fromFieldPath: spec.id 356 | toFieldPath: metadata.name 357 | transforms: 358 | - type: string 359 | string: 360 | fmt: "%s-nodegroup" 361 | - fromFieldPath: spec.id 362 | toFieldPath: metadata.labels.role 363 | transforms: 364 | - type: string 365 | string: 366 | fmt: "%s-nodegroup" 367 | - name: iamrole-fargateprofile 368 | base: 369 | apiVersion: iam.aws.crossplane.io/v1beta1 370 | kind: Role 371 | spec: 372 | forProvider: 373 | assumeRolePolicyDocument: | 374 | { 375 | "Version": "2012-10-17", 376 | "Statement": [ 377 | { 378 | "Effect": "Allow", 379 | "Principal": { 380 | "Service": [ 381 | "eks-fargate-pods.amazonaws.com" 382 | ] 383 | }, 384 | "Action": [ 385 | "sts:AssumeRole" 386 | ] 387 | } 388 | ] 389 | } 390 | providerConfigRef: 391 | name: aws-xp-provider 392 | patches: 393 | - fromFieldPath: spec.id 394 | toFieldPath: metadata.name 395 | transforms: 396 | - type: string 397 | string: 398 | fmt: "%s-fargateprofile" 399 | - fromFieldPath: spec.id 400 | toFieldPath: metadata.labels.role 401 | transforms: 402 | - type: string 403 | string: 404 | fmt: "%s-fargateprofile" 405 | 406 | # IAM ROLE POLICY ATTCHMENTS 407 | - name: iamrolepolicy-cp-001 408 | base: 409 | apiVersion: iam.aws.crossplane.io/v1beta1 410 | kind: RolePolicyAttachment 411 | spec: 412 | forProvider: 413 | policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy 414 | roleNameSelector: 415 | matchControllerRef: true 416 | providerConfigRef: 417 | name: aws-xp-provider 418 | patches: 419 | - fromFieldPath: spec.id 420 | toFieldPath: metadata.name 421 | transforms: 422 | - type: string 423 | string: 424 | fmt: "%s-cp-001" 425 | - fromFieldPath: spec.id 426 | toFieldPath: spec.forProvider.roleNameSelector.matchLabels.role 427 | transforms: 428 | - type: string 429 | string: 430 | fmt: "%s-controlplane" 431 | - name: iamrolepolicy-cp-002 432 | base: 433 | apiVersion: iam.aws.crossplane.io/v1beta1 434 | kind: RolePolicyAttachment 435 | spec: 436 | forProvider: 437 | policyArn: arn:aws:iam::aws:policy/AmazonEKSServicePolicy 438 | roleNameSelector: 439 | matchControllerRef: true 440 | providerConfigRef: 441 | name: aws-xp-provider 442 | patches: 443 | - fromFieldPath: spec.id 444 | toFieldPath: metadata.name 445 | transforms: 446 | - type: string 447 | string: 448 | fmt: "%s-cp-002" 449 | - fromFieldPath: spec.id 450 | toFieldPath: spec.forProvider.roleNameSelector.matchLabels.role 451 | transforms: 452 | - type: string 453 | string: 454 | fmt: "%s-controlplane" 455 | - name: iamrolepolicy-ng-001 456 | base: 457 | apiVersion: iam.aws.crossplane.io/v1beta1 458 | kind: RolePolicyAttachment 459 | spec: 460 | forProvider: 461 | policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy 462 | roleNameSelector: 463 | matchControllerRef: true 464 | providerConfigRef: 465 | name: aws-xp-provider 466 | patches: 467 | - fromFieldPath: spec.id 468 | toFieldPath: metadata.name 469 | transforms: 470 | - type: string 471 | string: 472 | fmt: "%s-ng-001" 473 | - fromFieldPath: spec.id 474 | toFieldPath: spec.forProvider.roleNameSelector.matchLabels.role 475 | transforms: 476 | - type: string 477 | string: 478 | fmt: "%s-nodegroup" 479 | - name: iamrolepolicy-ng-002 480 | base: 481 | apiVersion: iam.aws.crossplane.io/v1beta1 482 | kind: RolePolicyAttachment 483 | spec: 484 | forProvider: 485 | policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly 486 | roleNameSelector: 487 | matchControllerRef: true 488 | providerConfigRef: 489 | name: aws-xp-provider 490 | patches: 491 | - fromFieldPath: spec.id 492 | toFieldPath: metadata.name 493 | transforms: 494 | - type: string 495 | string: 496 | fmt: "%s-ng-002" 497 | - fromFieldPath: spec.id 498 | toFieldPath: spec.forProvider.roleNameSelector.matchLabels.role 499 | transforms: 500 | - type: string 501 | string: 502 | fmt: "%s-nodegroup" 503 | - name: iamrolepolicy-ng-003 504 | base: 505 | apiVersion: iam.aws.crossplane.io/v1beta1 506 | kind: RolePolicyAttachment 507 | spec: 508 | forProvider: 509 | policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy 510 | roleNameSelector: 511 | matchControllerRef: true 512 | providerConfigRef: 513 | name: aws-xp-provider 514 | patches: 515 | - fromFieldPath: spec.id 516 | toFieldPath: metadata.name 517 | transforms: 518 | - type: string 519 | string: 520 | fmt: "%s-ng-003" 521 | - fromFieldPath: spec.id 522 | toFieldPath: spec.forProvider.roleNameSelector.matchLabels.role 523 | transforms: 524 | - type: string 525 | string: 526 | fmt: "%s-nodegroup" 527 | - name: iamrolepolicy-fp-001 528 | base: 529 | apiVersion: iam.aws.crossplane.io/v1beta1 530 | kind: RolePolicyAttachment 531 | spec: 532 | forProvider: 533 | policyArn: arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy 534 | roleNameSelector: 535 | matchControllerRef: true 536 | providerConfigRef: 537 | name: aws-xp-provider 538 | patches: 539 | - fromFieldPath: spec.id 540 | toFieldPath: metadata.name 541 | transforms: 542 | - type: string 543 | string: 544 | fmt: "%s-fp-001" 545 | - fromFieldPath: spec.id 546 | toFieldPath: spec.forProvider.roleNameSelector.matchLabels.role 547 | transforms: 548 | - type: string 549 | string: 550 | fmt: "%s-fargateprofile" 551 | 552 | - name: ec2vpc 553 | base: 554 | apiVersion: ec2.aws.crossplane.io/v1beta1 555 | kind: VPC 556 | spec: 557 | forProvider: 558 | cidrBlock: 10.0.0.0/16 559 | tags: 560 | - key: Name 561 | value: eks-vpc 562 | providerConfigRef: 563 | name: aws-xp-provider 564 | patches: 565 | - type: PatchSet 566 | patchSetName: region 567 | - fromFieldPath: spec.id 568 | toFieldPath: metadata.name 569 | 570 | - name: ec2sg-ng 571 | base: 572 | apiVersion: ec2.aws.crossplane.io/v1beta1 573 | kind: SecurityGroup 574 | spec: 575 | forProvider: 576 | description: Cluster communication with worker nodes 577 | groupName: ekscluster-sg 578 | vpcIdSelector: 579 | matchControllerRef: true 580 | egress: 581 | - ipProtocol: "-1" 582 | ipRanges: 583 | - cidrIp: "0.0.0.0/0" 584 | providerConfigRef: 585 | name: aws-xp-provider 586 | patches: 587 | - type: PatchSet 588 | patchSetName: region 589 | - fromFieldPath: spec.id 590 | toFieldPath: metadata.name 591 | transforms: 592 | - type: string 593 | string: 594 | fmt: "%s-sg" 595 | 596 | # - name: ec2sg-rule 597 | # base: 598 | # apiVersion: ec2.aws.crossplane.io/v1alpha1 599 | # kind: SecurityGroupRule 600 | # spec: 601 | # forProvider: 602 | # securityGroupIdSelector: 603 | # matchControllerRef: true 604 | # type: egress 605 | # protocol: "-1" 606 | # cidrBlock: "0.0.0.0/0" 607 | # providerConfigRef: 608 | # name: aws-xp-provider 609 | # patches: 610 | # - type: PatchSet 611 | # patchSetName: region 612 | # - fromFieldPath: spec.id 613 | # toFieldPath: metadata.name 614 | # transforms: 615 | # - type: string 616 | # string: 617 | # fmt: "%s-sgrule" 618 | 619 | - name: ec2snet-pub-a 620 | base: 621 | apiVersion: ec2.aws.crossplane.io/v1beta1 622 | kind: Subnet 623 | metadata: 624 | labels: 625 | access: public 626 | spec: 627 | forProvider: 628 | cidrBlock: 10.0.0.0/24 629 | vpcIdSelector: 630 | matchControllerRef: true 631 | mapPublicIPOnLaunch: true 632 | tags: 633 | - key: Name 634 | value: eks-snet-pub 635 | - key: kubernetes.io/role/elb 636 | value: "1" 637 | providerConfigRef: 638 | name: aws-xp-provider 639 | patches: 640 | - type: PatchSet 641 | patchSetName: region 642 | - type: PatchSet 643 | patchSetName: snet-zone-1 644 | - fromFieldPath: spec.id 645 | toFieldPath: metadata.name 646 | transforms: 647 | - type: string 648 | string: 649 | fmt: "%s-pub-a" 650 | - name: ec2snet-pub-b 651 | base: 652 | apiVersion: ec2.aws.crossplane.io/v1beta1 653 | kind: Subnet 654 | metadata: 655 | labels: 656 | access: public 657 | spec: 658 | forProvider: 659 | cidrBlock: 10.0.1.0/24 660 | vpcIdSelector: 661 | matchControllerRef: true 662 | mapPublicIPOnLaunch: true 663 | tags: 664 | - key: Name 665 | value: eks-snet-pub 666 | - key: kubernetes.io/role/elb 667 | value: "1" 668 | providerConfigRef: 669 | name: aws-xp-provider 670 | patches: 671 | - type: PatchSet 672 | patchSetName: region 673 | - type: PatchSet 674 | patchSetName: snet-zone-2 675 | - fromFieldPath: spec.id 676 | toFieldPath: metadata.name 677 | transforms: 678 | - type: string 679 | string: 680 | fmt: "%s-pub-b" 681 | - name: ec2snet-pub-c 682 | base: 683 | apiVersion: ec2.aws.crossplane.io/v1beta1 684 | kind: Subnet 685 | metadata: 686 | labels: 687 | access: public 688 | spec: 689 | forProvider: 690 | cidrBlock: 10.0.2.0/24 691 | vpcIdSelector: 692 | matchControllerRef: true 693 | mapPublicIPOnLaunch: true 694 | tags: 695 | - key: Name 696 | value: eks-snet-pub 697 | - key: kubernetes.io/role/elb 698 | value: "1" 699 | providerConfigRef: 700 | name: aws-xp-provider 701 | patches: 702 | - type: PatchSet 703 | patchSetName: region 704 | - type: PatchSet 705 | patchSetName: snet-zone-3 706 | - fromFieldPath: spec.id 707 | toFieldPath: metadata.name 708 | transforms: 709 | - type: string 710 | string: 711 | fmt: "%s-pub-c" 712 | 713 | - name: ec2snet-prv-a 714 | base: 715 | apiVersion: ec2.aws.crossplane.io/v1beta1 716 | kind: Subnet 717 | metadata: 718 | labels: 719 | access: private 720 | spec: 721 | forProvider: 722 | cidrBlock: 10.0.100.0/24 723 | vpcIdSelector: 724 | matchControllerRef: true 725 | mapPublicIPOnLaunch: true 726 | tags: 727 | - key: Name 728 | value: eks-snet-prv 729 | providerConfigRef: 730 | name: aws-xp-provider 731 | patches: 732 | - type: PatchSet 733 | patchSetName: region 734 | - type: PatchSet 735 | patchSetName: snet-zone-1 736 | - fromFieldPath: spec.id 737 | toFieldPath: metadata.name 738 | transforms: 739 | - type: string 740 | string: 741 | fmt: "%s-prv-a" 742 | - name: ec2snet-prv-b 743 | base: 744 | apiVersion: ec2.aws.crossplane.io/v1beta1 745 | kind: Subnet 746 | metadata: 747 | labels: 748 | access: private 749 | spec: 750 | forProvider: 751 | cidrBlock: 10.0.101.0/24 752 | vpcIdSelector: 753 | matchControllerRef: true 754 | mapPublicIPOnLaunch: true 755 | tags: 756 | - key: Name 757 | value: eks-snet-prv 758 | providerConfigRef: 759 | name: aws-xp-provider 760 | patches: 761 | - type: PatchSet 762 | patchSetName: region 763 | - type: PatchSet 764 | patchSetName: snet-zone-2 765 | - fromFieldPath: spec.id 766 | toFieldPath: metadata.name 767 | transforms: 768 | - type: string 769 | string: 770 | fmt: "%s-prv-b" 771 | - name: ec2snet-prv-c 772 | base: 773 | apiVersion: ec2.aws.crossplane.io/v1beta1 774 | kind: Subnet 775 | metadata: 776 | labels: 777 | access: private 778 | spec: 779 | forProvider: 780 | cidrBlock: 10.0.102.0/24 781 | vpcIdSelector: 782 | matchControllerRef: true 783 | mapPublicIPOnLaunch: true 784 | tags: 785 | - key: Name 786 | value: eks-snet-prv 787 | providerConfigRef: 788 | name: aws-xp-provider 789 | patches: 790 | - type: PatchSet 791 | patchSetName: region 792 | - type: PatchSet 793 | patchSetName: snet-zone-3 794 | - fromFieldPath: spec.id 795 | toFieldPath: metadata.name 796 | transforms: 797 | - type: string 798 | string: 799 | fmt: "%s-prv-c" 800 | 801 | - name: ec2-ig 802 | base: 803 | apiVersion: ec2.aws.crossplane.io/v1beta1 804 | kind: InternetGateway 805 | spec: 806 | forProvider: 807 | vpcIdSelector: 808 | matchControllerRef: true 809 | providerConfigRef: 810 | name: aws-xp-provider 811 | patches: 812 | - type: PatchSet 813 | patchSetName: region 814 | - fromFieldPath: spec.id 815 | toFieldPath: metadata.name 816 | 817 | - name: ec2-rt 818 | base: 819 | apiVersion: ec2.aws.crossplane.io/v1beta1 820 | kind: RouteTable 821 | spec: 822 | forProvider: 823 | vpcIdSelector: 824 | matchControllerRef: true 825 | routes: 826 | - destinationCidrBlock: 0.0.0.0/0 827 | gatewayIdSelector: 828 | matchControllerRef: true 829 | associations: 830 | - subnetIdSelector: 831 | matchControllerRef: true 832 | matchLabels: 833 | zone: a 834 | access: public 835 | - subnetIdSelector: 836 | matchControllerRef: true 837 | matchLabels: 838 | zone: b 839 | access: public 840 | - subnetIdSelector: 841 | matchControllerRef: true 842 | matchLabels: 843 | zone: c 844 | access: public 845 | providerConfigRef: 846 | name: aws-xp-provider 847 | patches: 848 | - type: PatchSet 849 | patchSetName: region 850 | - type: PatchSet 851 | patchSetName: route-zones 852 | - fromFieldPath: spec.id 853 | toFieldPath: metadata.name 854 | transforms: 855 | - type: string 856 | string: 857 | fmt: "%s-rt" 858 | 859 | - name: ekscluster 860 | base: 861 | apiVersion: eks.aws.crossplane.io/v1beta1 862 | kind: Cluster 863 | spec: 864 | forProvider: 865 | roleArnSelector: 866 | matchControllerRef: true 867 | resourcesVpcConfig: 868 | endpointPrivateAccess: true 869 | endpointPublicAccess: true 870 | subnetIdSelector: 871 | matchControllerRef: true 872 | writeConnectionSecretToRef: 873 | namespace: crossplane-system 874 | providerConfigRef: 875 | name: aws-xp-provider 876 | patches: 877 | - type: PatchSet 878 | patchSetName: region 879 | - fromFieldPath: spec.id 880 | toFieldPath: metadata.name 881 | transforms: 882 | - type: string 883 | string: 884 | fmt: "cluster-%s" 885 | - fromFieldPath: spec.id 886 | toFieldPath: spec.forProvider.roleArnSelector.matchLabels.role 887 | transforms: 888 | - type: string 889 | string: 890 | fmt: "%s-controlplane" 891 | - fromFieldPath: spec.parameters.version 892 | toFieldPath: spec.forProvider.version 893 | - fromFieldPath: spec.id 894 | toFieldPath: spec.writeConnectionSecretToRef.name 895 | transforms: 896 | - type: string 897 | string: 898 | fmt: "%s-ekscluster" 899 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 900 | - type: ToCompositeFieldPath 901 | fromFieldPath: metadata.name 902 | toFieldPath: status.clusterName 903 | - type: ToCompositeFieldPath 904 | fromFieldPath: status.atProvider.status 905 | toFieldPath: status.controlPlaneStatus 906 | connectionDetails: 907 | - fromConnectionSecretKey: kubeconfig 908 | readinessChecks: 909 | - type: MatchString 910 | fieldPath: status.atProvider.status 911 | matchString: ACTIVE 912 | 913 | - name: eksnode 914 | base: 915 | apiVersion: eks.aws.crossplane.io/v1alpha1 916 | kind: NodeGroup 917 | spec: 918 | forProvider: 919 | clusterNameSelector: 920 | matchControllerRef: true 921 | nodeRoleSelector: 922 | matchControllerRef: true 923 | subnetSelector: 924 | matchControllerRef: true 925 | matchLabels: 926 | access: public 927 | scalingConfig: 928 | maxSize: 10 929 | providerConfigRef: 930 | name: aws-xp-provider 931 | patches: 932 | - type: PatchSet 933 | patchSetName: region 934 | - fromFieldPath: spec.id 935 | toFieldPath: metadata.name 936 | - fromFieldPath: spec.parameters.nodeSize 937 | toFieldPath: spec.forProvider.instanceTypes[0] 938 | transforms: 939 | - type: map 940 | map: 941 | small: t3.small 942 | medium: t3.medium 943 | large: t3.large 944 | - fromFieldPath: spec.parameters.nodeCount 945 | toFieldPath: spec.forProvider.scalingConfig.minSize 946 | - fromFieldPath: spec.parameters.minNodeCount 947 | toFieldPath: spec.forProvider.scalingConfig.desiredSize 948 | - fromFieldPath: spec.id 949 | toFieldPath: spec.forProvider.nodeRoleSelector.matchLabels.role 950 | transforms: 951 | - type: string 952 | string: 953 | fmt: "%s-nodegroup" 954 | - type: ToCompositeFieldPath 955 | fromFieldPath: status.atProvider.status 956 | toFieldPath: status.nodePoolStatus 957 | readinessChecks: 958 | - type: MatchString 959 | fieldPath: status.atProvider.status 960 | matchString: ACTIVE 961 | 962 | - name: eksfargate 963 | base: 964 | apiVersion: eks.aws.crossplane.io/v1beta1 965 | kind: FargateProfile 966 | spec: 967 | forProvider: 968 | clusterNameSelector: 969 | matchControllerRef: true 970 | podExecutionRoleArnSelector: 971 | matchControllerRef: true 972 | subnetSelector: 973 | matchControllerRef: true 974 | matchLabels: 975 | access: private 976 | providerConfigRef: 977 | name: aws-xp-provider 978 | patches: 979 | - type: PatchSet 980 | patchSetName: region 981 | - fromFieldPath: spec.id 982 | toFieldPath: metadata.name 983 | - fromFieldPath: spec.parameters.fargateNamespace 984 | toFieldPath: spec.forProvider.selectors[0].namespace 985 | - fromFieldPath: spec.id 986 | toFieldPath: spec.forProvider.podExecutionRoleArnSelector.matchLabels.role 987 | transforms: 988 | - type: string 989 | string: 990 | fmt: "%s-fargateprofile" 991 | - type: ToCompositeFieldPath 992 | fromFieldPath: status.atProvider.status 993 | toFieldPath: status.fargateProfileStatus 994 | readinessChecks: 995 | - type: MatchString 996 | fieldPath: status.atProvider.status 997 | matchString: ACTIVE 998 | 999 | - name: kubernetes 1000 | base: 1001 | apiVersion: kubernetes.crossplane.io/v1alpha1 1002 | kind: ProviderConfig 1003 | spec: 1004 | credentials: 1005 | source: Secret 1006 | secretRef: 1007 | key: kubeconfig 1008 | patches: 1009 | - fromFieldPath: spec.id 1010 | toFieldPath: metadata.name 1011 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 1012 | toFieldPath: spec.credentials.secretRef.namespace 1013 | - fromFieldPath: spec.id 1014 | toFieldPath: spec.credentials.secretRef.name 1015 | transforms: 1016 | - type: string 1017 | string: 1018 | fmt: "%s-ekscluster" 1019 | readinessChecks: 1020 | - type: None 1021 | - name: k8s-ns-xp 1022 | base: 1023 | apiVersion: kubernetes.crossplane.io/v1alpha1 1024 | kind: Object 1025 | spec: 1026 | forProvider: 1027 | manifest: 1028 | apiVersion: v1 1029 | kind: Namespace 1030 | metadata: 1031 | name: crossplane-system 1032 | patches: 1033 | - fromFieldPath: spec.id 1034 | toFieldPath: metadata.name 1035 | transforms: 1036 | - type: string 1037 | string: 1038 | fmt: "%s-ns-xp" 1039 | - fromFieldPath: spec.id 1040 | toFieldPath: spec.providerConfigRef.name 1041 | 1042 | - name: helm 1043 | base: 1044 | apiVersion: helm.crossplane.io/v1beta1 1045 | kind: ProviderConfig 1046 | spec: 1047 | credentials: 1048 | source: Secret 1049 | secretRef: 1050 | key: kubeconfig 1051 | patches: 1052 | - fromFieldPath: spec.id 1053 | toFieldPath: metadata.name 1054 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 1055 | toFieldPath: spec.credentials.secretRef.namespace 1056 | - fromFieldPath: spec.id 1057 | toFieldPath: spec.credentials.secretRef.name 1058 | transforms: 1059 | - type: string 1060 | string: 1061 | fmt: "%s-ekscluster" 1062 | readinessChecks: 1063 | - type: None 1064 | - name: helm-xp 1065 | base: 1066 | apiVersion: helm.crossplane.io/v1beta1 1067 | kind: Release 1068 | spec: 1069 | rollbackLimit: 3 1070 | forProvider: 1071 | namespace: crossplane-system 1072 | chart: 1073 | name: crossplane 1074 | repository: https://charts.crossplane.io/stable 1075 | version: "1.10.1" 1076 | patches: 1077 | - fromFieldPath: spec.id 1078 | toFieldPath: metadata.name 1079 | transforms: 1080 | - type: string 1081 | string: 1082 | fmt: "%s-crossplane" 1083 | - fromFieldPath: spec.id 1084 | toFieldPath: spec.providerConfigRef.name 1085 | -------------------------------------------------------------------------------- /configuration/native/xp-gke-composition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: native-gke 5 | labels: 6 | crossplane.io/xrd: xmanagedclusters.compositions.io 7 | provider: native 8 | cluster: gke 9 | spec: 10 | compositeTypeRef: 11 | apiVersion: compositions.io/v1alpha1 12 | kind: XManagedCluster 13 | writeConnectionSecretsToNamespace: crossplane-system 14 | patchSets: 15 | - name: metadata 16 | patches: 17 | - fromFieldPath: metadata.labels 18 | - name: region 19 | patches: 20 | - fromFieldPath: spec.parameters.region 21 | toFieldPath: spec.forProvider.region 22 | transforms: 23 | - type: map 24 | map: 25 | use1: us-east4 26 | use2: us-east1 27 | usw1: us-west2 28 | usw2: us-west1 29 | cac: northamerica-northeast1 30 | sae: southamerica-east1 31 | afs: asia-east1 32 | euc: europe-west3 33 | euw1: europe-west4 34 | euw2: europe-west2 35 | euw3: europe-west1 36 | eus: europe-west6 37 | eun: europe-north1 38 | ape: asia-east2 39 | aps1: asia-south1 40 | apne1: asia-northeast1 41 | apne2: asia-northeast3 42 | apne3: asia-northeast2 43 | apse1: asia-southeast1 44 | apse2: australia-southeast1 45 | apse3: asia-southeast2 46 | - name: location 47 | patches: 48 | - fromFieldPath: spec.parameters.region 49 | toFieldPath: spec.forProvider.location 50 | transforms: 51 | - type: map 52 | map: 53 | use1: us-east4 54 | use2: us-east1 55 | usw1: us-west2 56 | usw2: us-west1 57 | cac: northamerica-northeast1 58 | sae: southamerica-east1 59 | afs: asia-east1 60 | euc: europe-west3 61 | euw1: europe-west4 62 | euw2: europe-west2 63 | euw3: europe-west1 64 | eus: europe-west6 65 | eun: europe-north1 66 | ape: asia-east2 67 | aps1: asia-south1 68 | apne1: asia-northeast1 69 | apne2: asia-northeast3 70 | apne3: asia-northeast2 71 | apse1: asia-southeast1 72 | apse2: australia-southeast1 73 | apse3: asia-southeast2 74 | 75 | resources: 76 | - name: compute-net 77 | base: 78 | apiVersion: compute.gcp.crossplane.io/v1beta1 79 | kind: Network 80 | spec: 81 | forProvider: 82 | autoCreateSubnetworks: false 83 | routingConfig: 84 | routingMode: REGIONAL 85 | providerConfigRef: 86 | name: gcp-xp-provider 87 | patches: 88 | - type: PatchSet 89 | patchSetName: metadata 90 | - fromFieldPath: spec.id 91 | toFieldPath: metadata.name 92 | transforms: 93 | - type: string 94 | string: 95 | fmt: "vnet-%s" 96 | 97 | - name: compute-subnet 98 | base: 99 | apiVersion: compute.gcp.crossplane.io/v1beta1 100 | kind: Subnetwork 101 | spec: 102 | forProvider: 103 | networkSelector: 104 | matchControllerRef: true 105 | privateIpGoogleAccess: true 106 | ipCidrRange: 192.168.0.0/24 107 | secondaryIpRanges: 108 | - rangeName: pods 109 | ipCidrRange: 10.1.0.0/20 110 | - rangeName: services 111 | ipCidrRange: 172.16.0.0/16 112 | providerConfigRef: 113 | name: gcp-xp-provider 114 | patches: 115 | - type: PatchSet 116 | patchSetName: metadata 117 | - type: PatchSet 118 | patchSetName: region 119 | - fromFieldPath: spec.id 120 | toFieldPath: metadata.name 121 | transforms: 122 | - type: string 123 | string: 124 | fmt: "snet-%s" 125 | 126 | - name: gkecluster 127 | base: 128 | apiVersion: container.gcp.crossplane.io/v1beta2 129 | kind: Cluster 130 | spec: 131 | forProvider: 132 | addonsConfig: 133 | gcePersistentDiskCsiDriverConfig: 134 | enabled: true 135 | networkPolicyConfig: 136 | disabled: false 137 | ipAllocationPolicy: 138 | clusterSecondaryRangeName: pods 139 | createSubnetwork: false 140 | servicesSecondaryRangeName: services 141 | useIpAliases: true 142 | loggingService: logging.googleapis.com/kubernetes 143 | masterAuth: 144 | username: 145 | masterAuthorizedNetworksConfig: 146 | enabled: false 147 | monitoringService: monitoring.googleapis.com/kubernetes 148 | networkPolicy: 149 | enabled: true 150 | networkSelector: 151 | matchControllerRef: true 152 | networkConfig: 153 | enableIntraNodeVisibility: true 154 | subnetworkSelector: 155 | matchControllerRef: true 156 | writeConnectionSecretToRef: 157 | namespace: crossplane-system 158 | providerConfigRef: 159 | name: gcp-xp-provider 160 | patches: 161 | - type: PatchSet 162 | patchSetName: metadata 163 | - type: PatchSet 164 | patchSetName: location 165 | - fromFieldPath: spec.id 166 | toFieldPath: metadata.name 167 | transforms: 168 | - type: string 169 | string: 170 | fmt: "cluster-%s" 171 | - type: ToCompositeFieldPath 172 | fromFieldPath: metadata.name 173 | toFieldPath: status.clusterName 174 | - fromFieldPath: spec.parameters.version 175 | toFieldPath: spec.forProvider.initialClusterVersion 176 | - fromFieldPath: spec.id 177 | toFieldPath: spec.writeConnectionSecretToRef.name 178 | transforms: 179 | - type: string 180 | string: 181 | fmt: "%s-gkecluster" 182 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 183 | - type: ToCompositeFieldPath 184 | fromFieldPath: status.atProvider.status 185 | toFieldPath: status.controlPlaneStatus 186 | - type: ToCompositeFieldPath 187 | fromFieldPath: metadata.name 188 | toFieldPath: status.fargateProfileStatus 189 | transforms: 190 | - type: string 191 | string: 192 | fmt: "NA4-%s" 193 | connectionDetails: 194 | - fromConnectionSecretKey: kubeconfig 195 | readinessChecks: 196 | - type: MatchString 197 | fieldPath: "status.atProvider.status" 198 | matchString: "RUNNING" 199 | 200 | - name: gkenode 201 | base: 202 | apiVersion: container.gcp.crossplane.io/v1beta1 203 | kind: NodePool 204 | spec: 205 | forProvider: 206 | clusterSelector: 207 | matchControllerRef: true 208 | config: 209 | oauthScopes: 210 | - https://www.googleapis.com/auth/cloud-platform 211 | - https://www.googleapis.com/auth/devstorage.read_only 212 | - https://www.googleapis.com/auth/logging.write 213 | - https://www.googleapis.com/auth/monitoring 214 | - https://www.googleapis.com/auth/compute 215 | - https://www.googleapis.com/auth/servicecontrol 216 | - https://www.googleapis.com/auth/service.management.readonly 217 | - https://www.googleapis.com/auth/trace.append 218 | shieldedInstanceConfig: 219 | enableIntegrityMonitoring: true 220 | enableSecureBoot: true 221 | autoscaling: 222 | autoprovisioned: false 223 | enabled: true 224 | maxNodeCount: 10 225 | management: 226 | autoRepair: true 227 | autoUpgrade: false 228 | providerConfigRef: 229 | name: gcp-xp-provider 230 | patches: 231 | - type: PatchSet 232 | patchSetName: metadata 233 | - fromFieldPath: spec.id 234 | toFieldPath: metadata.name 235 | transforms: 236 | - type: string 237 | string: 238 | fmt: "ng0%s" 239 | - fromFieldPath: spec.parameters.nodeCount 240 | toFieldPath: spec.forProvider.autoscaling.minNodeCount 241 | - fromFieldPath: spec.parameters.nodeCount 242 | toFieldPath: spec.forProvider.initialNodeCount 243 | - fromFieldPath: spec.parameters.nodeSize 244 | toFieldPath: spec.forProvider.config.machineType 245 | transforms: 246 | - type: map 247 | map: 248 | small: e2-standard-2 249 | medium: e2-standard-4 250 | large: e2-standard-16 251 | - type: ToCompositeFieldPath 252 | fromFieldPath: status.atProvider.status 253 | toFieldPath: status.nodePoolStatus 254 | readinessChecks: 255 | - type: MatchString 256 | fieldPath: status.atProvider.status 257 | matchString: RUNNING 258 | 259 | - name: kubernetes 260 | base: 261 | apiVersion: kubernetes.crossplane.io/v1alpha1 262 | kind: ProviderConfig 263 | spec: 264 | credentials: 265 | source: Secret 266 | secretRef: 267 | key: kubeconfig 268 | identity: 269 | type: GoogleApplicationCredentials 270 | source: Secret 271 | secretRef: 272 | namespace: crossplane-system 273 | name: gcp-account-creds 274 | key: credentials 275 | patches: 276 | - fromFieldPath: spec.id 277 | toFieldPath: metadata.name 278 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 279 | toFieldPath: spec.credentials.secretRef.namespace 280 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 281 | toFieldPath: spec.identity.secretRef.namespace 282 | - fromFieldPath: spec.id 283 | toFieldPath: spec.credentials.secretRef.name 284 | transforms: 285 | - type: string 286 | string: 287 | fmt: "%s-gkecluster" 288 | readinessChecks: 289 | - type: None 290 | - name: k8s-ns-xp 291 | base: 292 | apiVersion: kubernetes.crossplane.io/v1alpha1 293 | kind: Object 294 | spec: 295 | forProvider: 296 | manifest: 297 | apiVersion: v1 298 | kind: Namespace 299 | metadata: 300 | name: crossplane-system 301 | patches: 302 | - fromFieldPath: spec.id 303 | toFieldPath: metadata.name 304 | transforms: 305 | - type: string 306 | string: 307 | fmt: "%s-ns-xp" 308 | - fromFieldPath: spec.id 309 | toFieldPath: spec.providerConfigRef.name 310 | 311 | - name: helm 312 | base: 313 | apiVersion: helm.crossplane.io/v1beta1 314 | kind: ProviderConfig 315 | spec: 316 | credentials: 317 | source: Secret 318 | secretRef: 319 | key: kubeconfig 320 | identity: 321 | type: GoogleApplicationCredentials 322 | source: Secret 323 | secretRef: 324 | name: gcp-account-creds 325 | key: credentials 326 | patches: 327 | - fromFieldPath: spec.id 328 | toFieldPath: metadata.name 329 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 330 | toFieldPath: spec.credentials.secretRef.namespace 331 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 332 | toFieldPath: spec.identity.secretRef.namespace 333 | - fromFieldPath: spec.id 334 | toFieldPath: spec.credentials.secretRef.name 335 | transforms: 336 | - type: string 337 | string: 338 | fmt: "%s-gkecluster" 339 | readinessChecks: 340 | - type: None 341 | - name: helm-xp 342 | base: 343 | apiVersion: helm.crossplane.io/v1beta1 344 | kind: Release 345 | spec: 346 | rollbackLimit: 3 347 | forProvider: 348 | namespace: crossplane-system 349 | chart: 350 | name: crossplane 351 | repository: https://charts.crossplane.io/stable 352 | version: "1.10.1" 353 | patches: 354 | - fromFieldPath: spec.id 355 | toFieldPath: metadata.name 356 | transforms: 357 | - type: string 358 | string: 359 | fmt: "%s-crossplane" 360 | - fromFieldPath: spec.id 361 | toFieldPath: spec.providerConfigRef.name 362 | -------------------------------------------------------------------------------- /configuration/official.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pkg.crossplane.io/v1 2 | kind: Configuration 3 | metadata: 4 | name: natzka 5 | spec: 6 | package: xpkg.upbound.io/andrzej/natzka:v1.0 7 | # packagePullSecrets: 8 | # - name: package-pull-secret 9 | -------------------------------------------------------------------------------- /configuration/official/crossplane.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: meta.pkg.crossplane.io/v1 3 | kind: Configuration 4 | metadata: 5 | name: managed-kubernetes 6 | annotations: 7 | meta.crossplane.io/maintainer: AndrzejKozlowski 8 | meta.crossplane.io/source: github.com/NatzkaLabsOpenSource/managed-kubernetes 9 | meta.crossplane.io/license: Apache-2.0 10 | meta.crossplane.io/description: | 11 | Fully operational managed Kubernetes clusters (AKS, EKS and GKE) 12 | with supporting services. 13 | meta.crossplane.io/readme: | 14 | A Configuration package that provision fully operational Kubernetes clusters 15 | across multiple cloud providers, such AWS (EKS), Azure (AKS) and GCP (GKE) 16 | with supporting infrastructure service such as Upbound Universal Crossplane (UXP) 17 | spec: 18 | crossplane: 19 | version: ">=v1.9.0-0" 20 | dependsOn: 21 | - provider: xpkg.upbound.io/upbound/provider-aws 22 | version: ">=v0.21.0" 23 | - provider: xpkg.upbound.io/upbound/provider-azure 24 | version: ">=v0.19.0" 25 | - provider: xpkg.upbound.io/upbound/provider-gcp 26 | version: ">=v0.19.0" 27 | - provider: xpkg.upbound.io/crossplane-contrib/provider-helm 28 | version: ">=v0.12.0" 29 | - provider: xpkg.upbound.io/crossplane-contrib/provider-kubernetes 30 | version: ">=v0.5.0" 31 | -------------------------------------------------------------------------------- /configuration/official/definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: CompositeResourceDefinition 3 | metadata: 4 | name: xmanagedclusters.compositions.io 5 | annotations: 6 | compositions.io/ui-schema: |- 7 | --- 8 | configSections: 9 | - title: Cluster Info 10 | description: Information about cluster 11 | items: 12 | - name: id 13 | controlType: singleInput 14 | type: string 15 | path: ".spec.id" 16 | title: Cluster ID 17 | description: Cluster ID that other objects refer to 18 | validation: 19 | - required: true 20 | customError: Cluster ID is required 21 | - name: type 22 | controlType: singleSelect 23 | path: ".spec.compositionRef.name" 24 | title: Cluster type 25 | description: The type of the cluster 26 | enum: 27 | - eks 28 | - gke 29 | - aks 30 | validation: 31 | - required: true 32 | customError: Cluster type is required. 33 | - title: Node Group 34 | description: Information about Node Group 35 | items: 36 | - name: version 37 | controlType: singleInput 38 | type: string 39 | path: ".spec.parameters.version" 40 | title: Kubernetes version 41 | description: Supported by provider Kubernetes version 42 | validation: 43 | - required: true 44 | customError: Kubernetes version type is required. 45 | - name: region 46 | controlType: singleSelect 47 | path: ".spec.parameters.region" 48 | title: Cloud Region 49 | description: Cloud region for provisioned resources 50 | enum: 51 | - use1 52 | - use2 53 | - usw1 54 | - usw2 55 | - cac 56 | - sae 57 | - afs 58 | - euc 59 | - euw1 60 | - euw2 61 | - euw3 62 | - eus 63 | - eun 64 | - ape 65 | - aps1 66 | - apne1 67 | - apne2 68 | - apne3 69 | - apse1 70 | - apse2 71 | - apse3 72 | default: use1 73 | validation: 74 | - required: false 75 | - name: nodeSize 76 | controlType: singleSelect 77 | path: ".spec.parameters.nodeSize" 78 | title: Node Size 79 | description: Supported; small, medium or large. The specific size is determined by the vendor. 80 | enum: 81 | - small 82 | - medium 83 | - large 84 | default: small 85 | validation: 86 | - required: false 87 | - name: nodeCount 88 | controlType: singleInput 89 | type: integer 90 | path: ".spec.parameters.nodeCount" 91 | title: Desired Node Count 92 | description: The initial number of nodes. The number of the nodes might increase due to enabled autoscaler. 93 | default: 1 94 | validation: 95 | - minimum: 1 96 | - maximum: 10 97 | - required: false 98 | spec: 99 | connectionSecretKeys: 100 | - kubeconfig 101 | defaultCompositionRef: 102 | name: aks 103 | group: compositions.io 104 | names: 105 | kind: XManagedCluster 106 | plural: xmanagedclusters 107 | claimNames: 108 | kind: ManagedCluster 109 | plural: managedclusters 110 | versions: 111 | - name: v1alpha1 112 | served: true 113 | referenceable: true 114 | schema: 115 | openAPIV3Schema: 116 | type: object 117 | properties: 118 | spec: 119 | type: object 120 | properties: 121 | id: 122 | type: string 123 | description: Cluster ID that other objects refer to 124 | parameters: 125 | type: object 126 | properties: 127 | version: 128 | description: Supported by provider Kubernetes version 129 | type: string 130 | region: 131 | description: Cloud region for provisioned resources 132 | type: string 133 | default: use1 134 | nodeSize: 135 | description: The node's size; supported; small, medium, large 136 | type: string 137 | default: small 138 | nodeCount: 139 | description: The desired number of nodes 140 | type: integer 141 | default: 1 142 | fargateNamespace: 143 | description: The Namespace for Fargate Profile 144 | type: string 145 | default: default 146 | required: 147 | - version 148 | required: 149 | - id 150 | - parameters 151 | status: 152 | type: object 153 | properties: 154 | clusterName: 155 | description: The cluster name 156 | type: string 157 | controlPlaneStatus: 158 | description: The control plane status 159 | type: string 160 | nodePoolStatus: 161 | description: The node pool status 162 | type: string 163 | fargateProfileStatus: 164 | description: The Fargate Profile status 165 | type: string 166 | additionalPrinterColumns: 167 | - name: clusterName 168 | type: string 169 | jsonPath: ".status.clusterName" 170 | - name: controlPlane 171 | type: string 172 | jsonPath: ".status.controlPlaneStatus" 173 | - name: nodePool 174 | type: string 175 | jsonPath: ".status.nodePoolStatus" 176 | - name: fargateProfile 177 | type: string 178 | jsonPath: ".status.fargateProfileStatus" 179 | -------------------------------------------------------------------------------- /configuration/official/uxp-aks-composition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: official-aks 5 | labels: 6 | crossplane.io/xrd: xmanagedclusters.compositions.io 7 | provider: official 8 | cluster: aks 9 | spec: 10 | compositeTypeRef: 11 | apiVersion: compositions.io/v1alpha1 12 | kind: XManagedCluster 13 | writeConnectionSecretsToNamespace: upbound-system 14 | patchSets: 15 | - name: metadata 16 | patches: 17 | - fromFieldPath: metadata.labels 18 | - name: region 19 | patches: 20 | - fromFieldPath: spec.parameters.region 21 | toFieldPath: spec.forProvider.location 22 | transforms: 23 | - type: map 24 | map: 25 | use1: eastus 26 | use2: eastus2 27 | usw1: westus 28 | usw2: westus2 29 | cac: canadacentral 30 | sae: brazilsouth 31 | afs: southafricanorth 32 | euc: germanywestcentral 33 | euw1: northeurope 34 | euw2: uksouth 35 | euw3: francecentral 36 | eus: switzerlandnorth 37 | eun: swedencentral 38 | ape: eastasia 39 | aps1: westindia 40 | apne1: japaneast 41 | apne2: koreacentral 42 | apne3: japanwest 43 | apse1: southeastasia 44 | apse2: australiaeast 45 | apse3: australiacentral 46 | 47 | resources: 48 | - name: rg 49 | base: 50 | apiVersion: azure.upbound.io/v1beta1 51 | kind: ResourceGroup 52 | spec: 53 | providerConfigRef: 54 | name: azure-uxp-provider 55 | patches: 56 | - type: PatchSet 57 | patchSetName: metadata 58 | - type: PatchSet 59 | patchSetName: region 60 | - fromFieldPath: spec.id 61 | toFieldPath: metadata.name 62 | transforms: 63 | - type: string 64 | string: 65 | fmt: "rg-%s" 66 | - type: FromCompositeFieldPath 67 | fromFieldPath: metadata.name 68 | toFieldPath: metadata.labels.resourcegroup 69 | 70 | - name: vnet 71 | base: 72 | apiVersion: network.azure.upbound.io/v1beta1 73 | kind: VirtualNetwork 74 | spec: 75 | forProvider: 76 | resourceGroupNameSelector: 77 | matchControllerRef: true 78 | addressSpace: 79 | - 10.0.0.0/16 80 | providerConfigRef: 81 | name: azure-uxp-provider 82 | patches: 83 | - type: PatchSet 84 | patchSetName: metadata 85 | - type: PatchSet 86 | patchSetName: region 87 | - fromFieldPath: spec.id 88 | toFieldPath: metadata.name 89 | transforms: 90 | - type: string 91 | string: 92 | fmt: "vnet-%s" 93 | 94 | - name: subnet 95 | base: 96 | apiVersion: network.azure.upbound.io/v1beta1 97 | kind: Subnet 98 | spec: 99 | forProvider: 100 | resourceGroupNameSelector: 101 | matchControllerRef: true 102 | virtualNetworkNameSelector: 103 | matchControllerRef: true 104 | addressPrefixes: 105 | - 10.0.0.0/19 106 | providerConfigRef: 107 | name: azure-uxp-provider 108 | patches: 109 | - type: PatchSet 110 | patchSetName: metadata 111 | - fromFieldPath: spec.id 112 | toFieldPath: metadata.name 113 | transforms: 114 | - type: string 115 | string: 116 | fmt: "snet-%s" 117 | 118 | - name: akscluster 119 | base: 120 | apiVersion: containerservice.azure.upbound.io/v1beta1 121 | kind: KubernetesCluster 122 | spec: 123 | forProvider: 124 | dnsPrefix: uxpjet 125 | roleBasedAccessControlEnabled: true 126 | resourceGroupNameSelector: 127 | matchControllerRef: true 128 | defaultNodePool: 129 | - name: default 130 | nodeCount: 1 131 | vmSize: Standard_D2s_v3 132 | vnetSubnetIdSelector: 133 | matchControllerRef: true 134 | identity: 135 | - type: SystemAssigned 136 | writeConnectionSecretToRef: 137 | namespace: upbound-system 138 | providerConfigRef: 139 | name: azure-uxp-provider 140 | patches: 141 | - type: PatchSet 142 | patchSetName: metadata 143 | - type: PatchSet 144 | patchSetName: region 145 | - fromFieldPath: spec.id 146 | toFieldPath: metadata.name 147 | transforms: 148 | - type: string 149 | string: 150 | fmt: "cluster-%s" 151 | - fromFieldPath: spec.id 152 | toFieldPath: spec.writeConnectionSecretToRef.name 153 | transforms: 154 | - type: string 155 | string: 156 | fmt: "%s-akscluster" 157 | - fromFieldPath: spec.parameters.version 158 | toFieldPath: spec.forProvider.kubernetesVersion 159 | # Values for default node group hardcoded 160 | # - fromFieldPath: spec.id 161 | # toFieldPath: spec.forProvider.defaultNodePool[0].name 162 | # - fromFieldPath: spec.parameters.nodeCount 163 | # toFieldPath: spec.forProvider.defaultNodePool[0].nodeCount 164 | # - fromFieldPath: spec.parameters.nodeSize 165 | # toFieldPath: spec.forProvider.defaultNodePool[0].vmSize 166 | # transforms: 167 | # - type: map 168 | # map: 169 | # small: Standard_D2s_v3 170 | # medium: Standard_D4s_v3 171 | # large: Standard_D8s_v3 172 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 173 | - type: ToCompositeFieldPath 174 | fromFieldPath: metadata.name 175 | toFieldPath: status.clusterName 176 | - type: ToCompositeFieldPath 177 | fromFieldPath: status.conditions[0].status 178 | toFieldPath: status.controlPlaneStatus 179 | - type: ToCompositeFieldPath 180 | fromFieldPath: metadata.name 181 | toFieldPath: status.fargateProfileStatus 182 | transforms: 183 | - type: string 184 | string: 185 | fmt: "NA4-%s" 186 | connectionDetails: 187 | - fromConnectionSecretKey: kubeconfig 188 | readinessChecks: 189 | - type: MatchString 190 | fieldPath: status.conditions[0].status 191 | matchString: "True" 192 | 193 | - name: aksnode 194 | base: 195 | apiVersion: containerservice.azure.upbound.io/v1beta1 196 | kind: KubernetesClusterNodePool 197 | spec: 198 | forProvider: 199 | kubernetesClusterIdSelector: 200 | matchControllerRef: true 201 | vnetSubnetIdSelector: 202 | matchControllerRef: true 203 | providerConfigRef: 204 | name: azure-uxp-provider 205 | patches: 206 | - type: PatchSet 207 | patchSetName: metadata 208 | - fromFieldPath: spec.id 209 | toFieldPath: metadata.name 210 | transforms: 211 | - type: string 212 | string: 213 | fmt: "ng0%s" 214 | - fromFieldPath: spec.parameters.nodeCount 215 | toFieldPath: spec.forProvider.nodeCount 216 | - fromFieldPath: spec.parameters.nodeSize 217 | toFieldPath: spec.forProvider.vmSize 218 | transforms: 219 | - type: map 220 | map: 221 | small: Standard_D2s_v3 222 | medium: Standard_D4s_v3 223 | large: Standard_D8s_v3 224 | - type: ToCompositeFieldPath 225 | fromFieldPath: status.conditions[0].status 226 | toFieldPath: status.nodePoolStatus 227 | readinessChecks: 228 | - type: MatchString 229 | fieldPath: status.conditions[0].status 230 | matchString: "True" 231 | 232 | - name: kubernetes 233 | base: 234 | apiVersion: kubernetes.crossplane.io/v1alpha1 235 | kind: ProviderConfig 236 | spec: 237 | credentials: 238 | source: Secret 239 | secretRef: 240 | key: kubeconfig 241 | patches: 242 | - fromFieldPath: spec.id 243 | toFieldPath: metadata.name 244 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 245 | toFieldPath: spec.credentials.secretRef.namespace 246 | - fromFieldPath: spec.id 247 | toFieldPath: spec.credentials.secretRef.name 248 | transforms: 249 | - type: string 250 | string: 251 | fmt: "%s-akscluster" 252 | readinessChecks: 253 | - type: None 254 | - name: k8s-ns-xp 255 | base: 256 | apiVersion: kubernetes.crossplane.io/v1alpha1 257 | kind: Object 258 | spec: 259 | forProvider: 260 | manifest: 261 | apiVersion: v1 262 | kind: Namespace 263 | metadata: 264 | name: upbound-system 265 | patches: 266 | - fromFieldPath: spec.id 267 | toFieldPath: metadata.name 268 | transforms: 269 | - type: string 270 | string: 271 | fmt: "%s-ns-xp" 272 | - fromFieldPath: spec.id 273 | toFieldPath: spec.providerConfigRef.name 274 | 275 | - name: helm 276 | base: 277 | apiVersion: helm.crossplane.io/v1beta1 278 | kind: ProviderConfig 279 | spec: 280 | credentials: 281 | source: Secret 282 | secretRef: 283 | key: kubeconfig 284 | patches: 285 | - fromFieldPath: spec.id 286 | toFieldPath: metadata.name 287 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 288 | toFieldPath: spec.credentials.secretRef.namespace 289 | - fromFieldPath: spec.id 290 | toFieldPath: spec.credentials.secretRef.name 291 | transforms: 292 | - type: string 293 | string: 294 | fmt: "%s-akscluster" 295 | readinessChecks: 296 | - type: None 297 | - name: helm-uxp 298 | base: 299 | apiVersion: helm.crossplane.io/v1beta1 300 | kind: Release 301 | spec: 302 | rollbackLimit: 3 303 | forProvider: 304 | namespace: upbound-system 305 | chart: 306 | name: universal-crossplane 307 | repository: https://charts.upbound.io/stable 308 | version: "1.9.1-up.2" 309 | patches: 310 | - fromFieldPath: spec.id 311 | toFieldPath: metadata.name 312 | transforms: 313 | - type: string 314 | string: 315 | fmt: "%s-uxp" 316 | - fromFieldPath: spec.id 317 | toFieldPath: spec.providerConfigRef.name 318 | -------------------------------------------------------------------------------- /configuration/official/uxp-gke-composition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: official-gke 5 | labels: 6 | crossplane.io/xrd: xmanagedclusters.compositions.io 7 | provider: official 8 | cluster: gke 9 | spec: 10 | compositeTypeRef: 11 | apiVersion: compositions.io/v1alpha1 12 | kind: XManagedCluster 13 | writeConnectionSecretsToNamespace: upbound-system 14 | patchSets: 15 | - name: metadata 16 | patches: 17 | - fromFieldPath: metadata.labels 18 | - name: region 19 | patches: 20 | - fromFieldPath: spec.parameters.region 21 | toFieldPath: spec.forProvider.region 22 | transforms: 23 | - type: map 24 | map: 25 | use1: us-east4 26 | use2: us-east1 27 | usw1: us-west2 28 | usw2: us-west1 29 | cac: northamerica-northeast1 30 | sae: southamerica-east1 31 | afs: asia-east1 32 | euc: europe-west3 33 | euw1: europe-west4 34 | euw2: europe-west2 35 | euw3: europe-west1 36 | eus: europe-west6 37 | eun: europe-north1 38 | ape: asia-east2 39 | aps1: asia-south1 40 | apne1: asia-northeast1 41 | apne2: asia-northeast3 42 | apne3: asia-northeast2 43 | apse1: asia-southeast1 44 | apse2: australia-southeast1 45 | apse3: asia-southeast2 46 | - name: location 47 | patches: 48 | - fromFieldPath: spec.parameters.region 49 | toFieldPath: spec.forProvider.location 50 | transforms: 51 | - type: map 52 | map: 53 | use1: us-east4 54 | use2: us-east1 55 | usw1: us-west2 56 | usw2: us-west1 57 | cac: northamerica-northeast1 58 | sae: southamerica-east1 59 | afs: asia-east1 60 | euc: europe-west3 61 | euw1: europe-west4 62 | euw2: europe-west2 63 | euw3: europe-west1 64 | eus: europe-west6 65 | eun: europe-north1 66 | ape: asia-east2 67 | aps1: asia-south1 68 | apne1: asia-northeast1 69 | apne2: asia-northeast3 70 | apne3: asia-northeast2 71 | apse1: asia-southeast1 72 | apse2: australia-southeast1 73 | apse3: asia-southeast2 74 | 75 | resources: 76 | - name: compute-net 77 | base: 78 | apiVersion: compute.gcp.upbound.io/v1beta1 79 | kind: Network 80 | spec: 81 | forProvider: 82 | autoCreateSubnetworks: false 83 | routingMode: REGIONAL 84 | providerConfigRef: 85 | name: gcp-uxp-provider 86 | patches: 87 | - type: PatchSet 88 | patchSetName: metadata 89 | - fromFieldPath: spec.id 90 | toFieldPath: metadata.name 91 | transforms: 92 | - type: string 93 | string: 94 | fmt: "vnet-%s" 95 | 96 | - name: compute-subnet 97 | base: 98 | apiVersion: compute.gcp.upbound.io/v1beta1 99 | kind: Subnetwork 100 | spec: 101 | forProvider: 102 | networkSelector: 103 | matchControllerRef: true 104 | privateIpGoogleAccess: true 105 | ipCidrRange: 172.16.0.0/16 106 | secondaryIpRange: 107 | - rangeName: pods 108 | ipCidrRange: 10.200.0.0/14 109 | - rangeName: services 110 | ipCidrRange: 10.204.0.0/16 111 | providerConfigRef: 112 | name: gcp-uxp-provider 113 | patches: 114 | - type: PatchSet 115 | patchSetName: metadata 116 | - type: PatchSet 117 | patchSetName: region 118 | - fromFieldPath: spec.id 119 | toFieldPath: metadata.name 120 | transforms: 121 | - type: string 122 | string: 123 | fmt: "snet-%s" 124 | 125 | - name: gkecluster 126 | base: 127 | apiVersion: container.gcp.upbound.io/v1beta1 128 | kind: Cluster 129 | spec: 130 | forProvider: 131 | initialNodeCount: 1 132 | removeDefaultNodePool: true 133 | addonsConfig: 134 | - gcpFilestoreCsiDriverConfig: 135 | - enabled: true 136 | networkPolicyConfig: 137 | - disabled: false 138 | ipAllocationPolicy: 139 | - clusterSecondaryRangeName: pods 140 | servicesSecondaryRangeName: services 141 | networkPolicy: 142 | - enabled: true 143 | networkSelector: 144 | matchControllerRef: true 145 | enableIntraNodeVisibility: true 146 | subnetworkSelector: 147 | matchControllerRef: true 148 | releaseChannel: 149 | - channel: UNSPECIFIED 150 | writeConnectionSecretToRef: 151 | namespace: upbound-system 152 | providerConfigRef: 153 | name: gcp-uxp-provider 154 | patches: 155 | - type: PatchSet 156 | patchSetName: metadata 157 | - type: PatchSet 158 | patchSetName: location 159 | - fromFieldPath: spec.id 160 | toFieldPath: metadata.name 161 | transforms: 162 | - type: string 163 | string: 164 | fmt: "cluster-%s" 165 | # 2 below Not needed ? 166 | - fromFieldPath: spec.id 167 | toFieldPath: spec.forProvider.network 168 | - fromFieldPath: spec.id 169 | toFieldPath: spec.forProvider.subnetwork 170 | - fromFieldPath: spec.parameters.version 171 | toFieldPath: spec.forProvider.initialClusterVersion 172 | - fromFieldPath: spec.id 173 | toFieldPath: spec.writeConnectionSecretToRef.name 174 | transforms: 175 | - type: string 176 | string: 177 | fmt: "%s-gkecluster" 178 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 179 | - type: ToCompositeFieldPath 180 | fromFieldPath: metadata.name 181 | toFieldPath: status.clusterName 182 | - type: ToCompositeFieldPath 183 | fromFieldPath: status.conditions[0].status 184 | toFieldPath: status.controlPlaneStatus 185 | - type: ToCompositeFieldPath 186 | fromFieldPath: metadata.name 187 | toFieldPath: status.fargateProfileStatus 188 | transforms: 189 | - type: string 190 | string: 191 | fmt: "NA4-%s" 192 | connectionDetails: 193 | - fromConnectionSecretKey: kubeconfig 194 | readinessChecks: 195 | - type: MatchString 196 | fieldPath: "status.conditions[0].status" 197 | matchString: "True" 198 | 199 | - name: gkenode 200 | base: 201 | apiVersion: container.gcp.upbound.io/v1beta1 202 | kind: NodePool 203 | spec: 204 | forProvider: 205 | clusterSelector: 206 | matchControllerRef: true 207 | nodeConfig: 208 | - oauthScopes: 209 | - https://www.googleapis.com/auth/cloud-platform 210 | - https://www.googleapis.com/auth/devstorage.read_only 211 | - https://www.googleapis.com/auth/logging.write 212 | - https://www.googleapis.com/auth/monitoring 213 | - https://www.googleapis.com/auth/compute 214 | shieldedInstanceConfig: 215 | - enableIntegrityMonitoring: true 216 | enableSecureBoot: true 217 | autoscaling: 218 | - maxNodeCount: 10 219 | management: 220 | - autoRepair: true 221 | autoUpgrade: false 222 | providerConfigRef: 223 | name: gcp-uxp-provider 224 | patches: 225 | - type: PatchSet 226 | patchSetName: metadata 227 | - fromFieldPath: spec.id 228 | toFieldPath: metadata.name 229 | transforms: 230 | - type: string 231 | string: 232 | fmt: "ng0%s" 233 | - fromFieldPath: spec.parameters.nodeCount 234 | toFieldPath: spec.forProvider.autoscaling[0].minNodeCount 235 | - fromFieldPath: spec.parameters.nodeCount 236 | toFieldPath: spec.forProvider.initialNodeCount 237 | - fromFieldPath: spec.parameters.nodeSize 238 | toFieldPath: spec.forProvider.nodeConfig[0].machineType 239 | transforms: 240 | - type: map 241 | map: 242 | small: e2-standard-2 243 | medium: e2-standard-4 244 | large: e2-standard-16 245 | - type: ToCompositeFieldPath 246 | fromFieldPath: status.conditions[0].status 247 | toFieldPath: status.nodePoolStatus 248 | readinessChecks: 249 | - type: MatchString 250 | fieldPath: status.conditions[0].status 251 | matchString: "True" 252 | 253 | - name: kubernetes 254 | base: 255 | apiVersion: kubernetes.crossplane.io/v1alpha1 256 | kind: ProviderConfig 257 | spec: 258 | credentials: 259 | source: Secret 260 | secretRef: 261 | key: kubeconfig 262 | identity: 263 | type: GoogleApplicationCredentials 264 | source: Secret 265 | secretRef: 266 | name: gcp-account-creds 267 | key: credentials 268 | patches: 269 | - fromFieldPath: spec.id 270 | toFieldPath: metadata.name 271 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 272 | toFieldPath: spec.credentials.secretRef.namespace 273 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 274 | toFieldPath: spec.identity.secretRef.namespace 275 | - fromFieldPath: spec.id 276 | toFieldPath: spec.credentials.secretRef.name 277 | transforms: 278 | - type: string 279 | string: 280 | fmt: "%s-gkecluster" 281 | readinessChecks: 282 | - type: None 283 | - name: k8s-ns-xp 284 | base: 285 | apiVersion: kubernetes.crossplane.io/v1alpha1 286 | kind: Object 287 | spec: 288 | forProvider: 289 | manifest: 290 | apiVersion: v1 291 | kind: Namespace 292 | metadata: 293 | name: upbound-system 294 | patches: 295 | - fromFieldPath: spec.id 296 | toFieldPath: metadata.name 297 | transforms: 298 | - type: string 299 | string: 300 | fmt: "%s-ns-xp" 301 | - fromFieldPath: spec.id 302 | toFieldPath: spec.providerConfigRef.name 303 | 304 | - name: helm 305 | base: 306 | apiVersion: helm.crossplane.io/v1beta1 307 | kind: ProviderConfig 308 | spec: 309 | credentials: 310 | source: Secret 311 | secretRef: 312 | key: kubeconfig 313 | identity: 314 | type: GoogleApplicationCredentials 315 | source: Secret 316 | secretRef: 317 | name: gcp-account-creds 318 | key: credentials 319 | patches: 320 | - fromFieldPath: spec.id 321 | toFieldPath: metadata.name 322 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 323 | toFieldPath: spec.credentials.secretRef.namespace 324 | - fromFieldPath: spec.id 325 | toFieldPath: spec.credentials.secretRef.name 326 | transforms: 327 | - type: string 328 | string: 329 | fmt: "%s-gkecluster" 330 | - fromFieldPath: spec.writeConnectionSecretToRef.namespace 331 | toFieldPath: spec.identity.secretRef.namespace 332 | readinessChecks: 333 | - type: None 334 | - name: helm-uxp 335 | base: 336 | apiVersion: helm.crossplane.io/v1beta1 337 | kind: Release 338 | spec: 339 | rollbackLimit: 3 340 | forProvider: 341 | namespace: upbound-system 342 | chart: 343 | name: universal-crossplane 344 | repository: https://charts.upbound.io/stable 345 | version: "1.9.1-up.2" 346 | patches: 347 | - fromFieldPath: spec.id 348 | toFieldPath: metadata.name 349 | transforms: 350 | - type: string 351 | string: 352 | fmt: "%s-uxp" 353 | - fromFieldPath: spec.id 354 | toFieldPath: spec.providerConfigRef.name 355 | -------------------------------------------------------------------------------- /debug/eks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: iam.aws.upbound.io/v1beta1 3 | kind: Role 4 | metadata: 5 | name: sample-eks-cluster 6 | spec: 7 | forProvider: 8 | assumeRolePolicy: | 9 | { 10 | "Version": "2012-10-17", 11 | "Statement": [ 12 | { 13 | "Effect": "Allow", 14 | "Principal": { 15 | "Service": "eks.amazonaws.com" 16 | }, 17 | "Action": "sts:AssumeRole" 18 | } 19 | ] 20 | } 21 | providerConfigRef: 22 | name: aws-uxp-provider 23 | --- 24 | apiVersion: iam.aws.upbound.io/v1beta1 25 | kind: RolePolicyAttachment 26 | metadata: 27 | name: sample-cluster-policy 28 | spec: 29 | forProvider: 30 | policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy 31 | roleRef: 32 | name: sample-eks-cluster 33 | providerConfigRef: 34 | name: aws-uxp-provider 35 | --- 36 | apiVersion: ec2.aws.upbound.io/v1beta1 37 | kind: VPC 38 | metadata: 39 | labels: 40 | upjet.upbound.io/test-group: apigatewayv2-vpclink 41 | name: sample-vpc 42 | spec: 43 | forProvider: 44 | cidrBlock: 172.16.0.0/16 45 | region: eu-west-1 46 | tags: 47 | Name: DemoVpc 48 | providerConfigRef: 49 | name: aws-uxp-provider 50 | --- 51 | apiVersion: ec2.aws.upbound.io/v1beta1 52 | kind: Subnet 53 | metadata: 54 | labels: 55 | upjet.upbound.io/test-group: apigatewayv2-vpclink 56 | name: sample-subnet1 57 | spec: 58 | forProvider: 59 | availabilityZone: eu-west-1a 60 | cidrBlock: 172.16.0.0/24 61 | region: eu-west-1 62 | vpcIdRef: 63 | name: sample-vpc 64 | providerConfigRef: 65 | name: aws-uxp-provider 66 | --- 67 | apiVersion: ec2.aws.upbound.io/v1beta1 68 | kind: Subnet 69 | metadata: 70 | labels: 71 | upjet.upbound.io/test-group: apigatewayv2-vpclink 72 | name: sample-subnet2 73 | spec: 74 | forProvider: 75 | availabilityZone: eu-west-1b 76 | cidrBlock: 172.16.1.0/24 77 | region: eu-west-1 78 | vpcIdRef: 79 | name: sample-vpc 80 | providerConfigRef: 81 | name: aws-uxp-provider 82 | --- 83 | apiVersion: eks.aws.upbound.io/v1beta1 84 | kind: Cluster 85 | metadata: 86 | annotations: 87 | uptest.upbound.io/timeout: "2400" 88 | labels: 89 | testing.upbound.io/example-name: example 90 | name: sample-eks-cluster 91 | spec: 92 | forProvider: 93 | region: eu-west-1 94 | roleArnRef: 95 | name: sample-eks-cluster 96 | vpcConfig: 97 | - subnetIdRefs: 98 | - name: sample-subnet1 99 | - name: sample-subnet2 100 | providerConfigRef: 101 | name: eks-uxp-provider 102 | writeConnectionSecretToRef: 103 | name: cluster-eks 104 | namespace: default 105 | providerConfigRef: 106 | name: aws-uxp-provider 107 | --- 108 | apiVersion: eks.aws.upbound.io/v1beta1 109 | kind: ClusterAuth 110 | metadata: 111 | name: auth 112 | spec: 113 | forProvider: 114 | clusterNameSelector: 115 | matchLabels: 116 | testing.upbound.io/example-name: example 117 | region: eu-west-1 118 | writeConnectionSecretToRef: 119 | name: cluster-conn 120 | namespace: upbound-system 121 | providerConfigRef: 122 | name: aws-uxp-provider 123 | -------------------------------------------------------------------------------- /debug/gke.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: container.gcp.upbound.io/v1beta1 2 | kind: Cluster 3 | metadata: 4 | annotations: 5 | meta.upbound.io/example-id: container/v1beta1/cluster 6 | labels: 7 | testing.upbound.io/example-name: cluster 8 | name: cluster 9 | spec: 10 | forProvider: 11 | initialNodeCount: 1 12 | location: europe-west2 13 | removeDefaultNodePool: false 14 | providerConfigRef: 15 | name: gcp-uxp-provider 16 | writeConnectionSecretToRef: 17 | name: cluster 18 | namespace: default 19 | -------------------------------------------------------------------------------- /debug/pc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.crossplane.io/v1beta1 2 | kind: ProviderConfig 3 | metadata: 4 | name: helm-provider 5 | spec: 6 | credentials: 7 | source: Secret 8 | secretRef: 9 | name: uxpaks 10 | namespace: upbound-system 11 | key: kubeconfig 12 | -------------------------------------------------------------------------------- /docs/cloud-regions.MD: -------------------------------------------------------------------------------- 1 | # Supported Regions 2 | 3 | | AWS Name | AWS | Azure | GCP | Code 4 | |--|--|--|--|--| 5 | | US East (N. Virginia) | us-east-1 | eastus | us-east4 | USE1 | 6 | | US East (Ohio) | us-east-2 | eastus2 | us-east1 | USE2 | 7 | | US West (N. California) | us-west-1 | westus | us-west2 | USW1 | 8 | | US West (Oregon) | us-west-2 | westus2 | us-west1 | USW2 | 9 | | Canada (Central) | ca-central-1 | canadacentral | northamerica-northeast1 | CAC | 10 | | | | | | | 11 | | South America (São Paulo) | sa-east-1 | brazilsouth | southamerica-east1 | SAE | 12 | | | | | | | 13 | | Africa (Cape Town) | af-south-1 | southafricanorth | asia-east1 | AFS | 14 | | Europe (Frankfurt) | eu-central-1 | germanywestcentral | europe-west3 | EUC | 15 | | Europe (Ireland) | eu-west-1 | northeurope | europe-west4 | EUW1 | 16 | | Europe (London) | eu-west-2 | uksouth | europe-west2 | EUW2 | 17 | | Europe (Paris) | eu-west-3 | francecentral | europe-west1 | EUW3 | 18 | | Europe (Milan) | eu-south-1 | switzerlandnorth | europe-west6 | EUS | 19 | | Europe (Stockholm) | eu-north-1 | swedencentral | europe-north1 | EUN | 20 | | | | | | | 21 | | Asia Pacific (Hong Kong) | ap-east-1 | eastasia | asia-east2 | APE | 22 | | Asia Pacific (Mumbai) | ap-south-1 | westindia | asia-south1 | APS1 | 23 | | Asia Pacific (Tokyo) | ap-northeast-1 | japaneast | asia-northeast1 | APNE1 | 24 | | Asia Pacific (Seoul) | ap-northeast-2 | koreacentral | asia-northeast3 | APEN2 | 25 | | Asia Pacific (Osaka) | ap-northeast-3 | japanwest | asia-northeast2 | APEN3 | 26 | | Asia Pacific (Singapore) | ap-southeast-1 | southeastasia | asia-southeast1 | APSE1 | 27 | | Asia Pacific (Sydney) | ap-southeast-2 | australiaeast | australia-southeast1 | APSE2 | 28 | | Asia Pacific (Jakarta) | ap-southeast-3 | australiacentral | asia-southeast2 | APSE3 | 29 | 30 | # Availability Zones (AZ) in AWS 31 | 32 | ## Disabled by default 33 | 34 | Following AZs have to be enabled in console before usage 35 | 36 | ``` 37 | afs: af-south-1 # default: disabled 38 | eus: eu-south-1 # default: disable` 39 | ape: ap-east-1 # default: disabled 40 | apse3: ap-southeast-3 # default: disable` 41 | ``` 42 | 43 | ## AZs in regions 44 | 45 | Three Standard AZs for most of the regions with postfix a,b,c: 46 | ``` 47 | us-east-2: us-east-2a, us-east-2b, us-east-2c 48 | ``` 49 | Exception without influence on XR 50 | 51 | * use1: us-east-1 # a-f, 6 zones 52 | * usw2: us-west-2 # a-d, 4 zones 53 | * apne2: ap-northeast-2 # a-d, 4 zones 54 | 55 | Exceptions important for XR resources: Subnet and Route Tables 56 | 57 | * usw1: us-west-1 # ac, no B zone, in XR Zone B mapped to A 58 | * cac: ca-central-1 # abd, no C Zone, in XR Zone C mapped to B (Fargate profile not supported in zone D) 59 | * apne1: ap-northeast-1 # acd, no B zone, in XR Zone B mapped to D 60 | -------------------------------------------------------------------------------- /providers/eks-irsa-jet-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1alpha1 3 | kind: ControllerConfig 4 | metadata: 5 | name: aws-config 6 | annotations: 7 | eks.amazonaws.com/role-arn: arn:aws:iam::${AWS_ACCOUNT_ID}:role/${AWS_IAM_ROLE} 8 | spec: 9 | podSecurityContext: 10 | fsGroup: 2000 11 | --- 12 | apiVersion: pkg.crossplane.io/v1 13 | kind: Provider 14 | metadata: 15 | name: aws-jet-provider 16 | spec: 17 | package: crossplane/provider-jet-aws:main # v0.4.2 18 | controllerConfigRef: 19 | name: aws-config -------------------------------------------------------------------------------- /providers/jet/jet-aws-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: aws.jet.crossplane.io/v1alpha1 3 | kind: ProviderConfig 4 | metadata: 5 | name: aws-jet-provider 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | namespace: ${PROVIDER_SECRET_NAMESPACE} 11 | name: aws-account-creds 12 | key: credentials -------------------------------------------------------------------------------- /providers/jet/jet-azure-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: azure.jet.crossplane.io/v1alpha1 3 | kind: ProviderConfig 4 | metadata: 5 | name: azure-jet-provider 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | namespace: ${PROVIDER_SECRET_NAMESPACE} 11 | name: azure-account-creds 12 | key: credentials -------------------------------------------------------------------------------- /providers/jet/jet-gcp-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gcp.jet.crossplane.io/v1alpha1 3 | kind: ProviderConfig 4 | metadata: 5 | name: gcp-jet-provider 6 | spec: 7 | projectID: ${PROJECT_ID} 8 | credentials: 9 | source: Secret 10 | secretRef: 11 | namespace: ${PROVIDER_SECRET_NAMESPACE} 12 | name: gcp-account-creds 13 | key: credentials 14 | -------------------------------------------------------------------------------- /providers/jet/jet-providers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pkg.crossplane.io/v1alpha1 2 | kind: ControllerConfig 3 | metadata: 4 | name: aws-jet-config 5 | # annotations: 6 | # eks.amazonaws.com/role-arn: arn:aws:iam::$AWS_ACCOUNT_ID\:role/$IAM_ROLE_NAME 7 | spec: 8 | # podSecurityContext: 9 | # fsGroup: 2000 10 | args: 11 | - --debug 12 | - --terraform-native-provider-path 13 | - "" 14 | --- 15 | apiVersion: pkg.crossplane.io/v1 16 | kind: Provider 17 | metadata: 18 | name: aws-jet-provider 19 | spec: 20 | package: crossplane/provider-jet-aws:main 21 | # package: crossplane/provider-jet-aws:v0.5.0 22 | # No SecurityGroup fix 23 | controllerConfigRef: 24 | name: aws-jet-config 25 | --- 26 | apiVersion: pkg.crossplane.io/v1 27 | kind: Provider 28 | metadata: 29 | name: azure-jet-provider 30 | spec: 31 | package: crossplane/provider-jet-azure:v0.12.0 32 | --- 33 | apiVersion: pkg.crossplane.io/v1 34 | kind: Provider 35 | metadata: 36 | name: gcp-jet-provider 37 | spec: 38 | package: crossplane/provider-jet-gcp:v0.2.0 39 | -------------------------------------------------------------------------------- /providers/native/xp-aws-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: aws.crossplane.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: aws-xp-provider 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | namespace: ${PROVIDER_SECRET_NAMESPACE} 11 | name: aws-account-creds 12 | key: credentials 13 | -------------------------------------------------------------------------------- /providers/native/xp-azure-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: azure.crossplane.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: azure-xp-provider 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | namespace: ${PROVIDER_SECRET_NAMESPACE} 11 | name: azure-account-creds 12 | key: credentials 13 | -------------------------------------------------------------------------------- /providers/native/xp-gcp-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gcp.crossplane.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: gcp-xp-provider 6 | spec: 7 | projectID: ${PROJECT_ID} 8 | credentials: 9 | source: Secret 10 | secretRef: 11 | namespace: ${PROVIDER_SECRET_NAMESPACE} 12 | name: gcp-account-creds 13 | key: credentials 14 | -------------------------------------------------------------------------------- /providers/native/xp-providers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1 3 | kind: Provider 4 | metadata: 5 | name: aws-provider 6 | spec: 7 | package: xpkg.upbound.io/crossplane-contrib/provider-aws:v0.34.0 8 | --- 9 | apiVersion: pkg.crossplane.io/v1 10 | kind: Provider 11 | metadata: 12 | name: azure-provider 13 | spec: 14 | package: xpkg.upbound.io/crossplane-contrib/provider-azure:v0.20.1 15 | --- 16 | apiVersion: pkg.crossplane.io/v1 17 | kind: Provider 18 | metadata: 19 | name: gcp-provider 20 | spec: 21 | package: xpkg.upbound.io/crossplane-contrib/provider-gcp:v0.22.0 22 | -------------------------------------------------------------------------------- /providers/official/uxp-aws-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: aws.upbound.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: aws-uxp-provider 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | namespace: upbound-system 11 | name: aws-account-creds 12 | key: credentials 13 | -------------------------------------------------------------------------------- /providers/official/uxp-azure-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: azure.upbound.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: azure-uxp-provider 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | namespace: upbound-system 11 | name: azure-account-creds 12 | key: credentials 13 | -------------------------------------------------------------------------------- /providers/official/uxp-gcp-providerconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gcp.upbound.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: gcp-uxp-provider 6 | spec: 7 | projectID: ${PROJECT_ID} 8 | credentials: 9 | source: Secret 10 | secretRef: 11 | namespace: ${PROVIDER_SECRET_NAMESPACE} 12 | name: gcp-account-creds 13 | key: credentials 14 | -------------------------------------------------------------------------------- /providers/official/uxp-providers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1 3 | kind: Provider 4 | metadata: 5 | name: aws-uxp-provider 6 | spec: 7 | package: xpkg.upbound.io/upbound/provider-aws:v0.21.0 8 | --- 9 | apiVersion: pkg.crossplane.io/v1 10 | kind: Provider 11 | metadata: 12 | name: azure-uxp-provider 13 | spec: 14 | package: xpkg.upbound.io/upbound/provider-azure:v0.19.0 15 | --- 16 | apiVersion: pkg.crossplane.io/v1 17 | kind: Provider 18 | metadata: 19 | name: gcp-uxp-provider 20 | spec: 21 | package: xpkg.upbound.io/upbound/provider-gcp:v0.19.0 22 | -------------------------------------------------------------------------------- /providers/secret-aws-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: aws-account-creds 6 | namespace: ${PROVIDER_SECRET_NAMESPACE} 7 | type: Opaque 8 | data: 9 | credentials: ${BASE64ENCODED_AWS_ACCOUNT_CREDS} -------------------------------------------------------------------------------- /providers/secret-azure-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: azure-account-creds 6 | namespace: ${PROVIDER_SECRET_NAMESPACE} 7 | type: Opaque 8 | data: 9 | credentials: ${BASE64ENCODED_AZURE_ACCOUNT_CREDS} -------------------------------------------------------------------------------- /providers/secret-gcp-provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: gcp-account-creds 6 | namespace: ${PROVIDER_SECRET_NAMESPACE} 7 | type: Opaque 8 | data: 9 | credentials: ${BASE64ENCODED_GCP_PROVIDER_CREDS} -------------------------------------------------------------------------------- /providers/service-providers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: pkg.crossplane.io/v1 3 | kind: Provider 4 | metadata: 5 | name: provider-kubernetes 6 | spec: 7 | package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.5.0 8 | --- 9 | apiVersion: pkg.crossplane.io/v1 10 | kind: Provider 11 | metadata: 12 | name: provider-helm 13 | spec: 14 | package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.12.0 15 | -------------------------------------------------------------------------------- /providers/temp-eks-irsa.yaml: -------------------------------------------------------------------------------- 1 | SERVICE_ACCOUNT=$(kubectl get providers.pkg.crossplane.io aws-jet-provider -o jsonpath="{.status.currentRevision}") 2 | OIDC_PROVIDER=$(aws eks describe-cluster --name $EKS_CLUSTER_NAME --region $AWS_REGION --query "cluster.identity.oidc.issuer" --output text | sed -e "s/^https:\/\///") 3 | 4 | read -r -d '' TRUST_RELATIONSHIP < trust.json 24 | 25 | aws iam create-role \ 26 | --role-name "${IAM_ROLE_NAME}" \ 27 | --assume-role-policy-document file://trust.json \ 28 | --description "IAM role for Crossplane provider-aws" 29 | 30 | aws iam attach-role-policy --role-name "${IAM_ROLE_NAME}" --policy-arn=arn:aws:iam::aws:policy/AdministratorAccess 31 | 32 | rm trust.json 33 | 34 | cat <