├── .github ├── CODEOWNERS ├── renovate.json5 └── workflows │ ├── ci.yaml │ ├── e2e.yaml │ ├── tag.yml │ └── yamllint.yaml ├── .gitignore ├── .gitmodules ├── .yamllint ├── LICENSE ├── Makefile ├── README.md ├── apis └── cluster │ ├── composition.yaml │ └── definition.yaml ├── crossplane.yaml ├── examples ├── app-claim.yaml ├── azure-default-provider.yaml ├── cluster-claim.yaml ├── configuration.yaml ├── mariadb-claim.yaml ├── network-xr.yaml └── postgres-claim.yaml ├── project.mk └── test └── setup.sh /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @upbound/team-solutions 2 | -------------------------------------------------------------------------------- /.github/renovate.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: 'https://docs.renovatebot.com/renovate-schema.json', 3 | extends: [ 4 | 'config:recommended', 5 | 'helpers:pinGitHubActionDigests', 6 | ':semanticCommits', 7 | ], 8 | rebaseWhen: 'auto', 9 | rebaseLabel: 'rebase', 10 | prConcurrentLimit: 5, 11 | autoApprove: true, 12 | automerge: true, 13 | automergeType: 'pr', 14 | baseBranches: [ 15 | 'main', 16 | ], 17 | labels: [ 18 | 'automated', 19 | 'run-e2e-tests', 20 | ], 21 | ignorePaths: [ // default renovate ignorePaths without '**/examples/**' 22 | '**/node_modules/**', 23 | '**/bower_components/**', 24 | '**/vendor/**', 25 | '**/__tests__/**', 26 | '**/test/**', 27 | '**/tests/**', 28 | '**/__fixtures__/**' 29 | ], 30 | crossplane: { 31 | fileMatch: ['(^|/)examples/.*\\.ya?ml$'] 32 | }, 33 | packageRules: [ 34 | { 35 | matchFileNames: [ 36 | '.github/**', 37 | ], 38 | groupName: 'github-actions dependencies', 39 | }, 40 | { 41 | matchFileNames: [ 42 | 'crossplane.yaml', 43 | ], 44 | groupName: 'crossplane dependencies', 45 | }, 46 | { 47 | matchFileNames: [ 48 | 'Makefile', 49 | ], 50 | groupName: 'Makefile dependencies', 51 | }, 52 | { 53 | matchManagers: ['crossplane'], 54 | matchFileNames: ['examples/**'], 55 | groupName: 'examples' 56 | }, 57 | ], 58 | customManagers: [ 59 | { 60 | customType: 'regex', 61 | description: 'Bump up version in the Makefile', 62 | fileMatch: [ 63 | '^Makefile$', 64 | ], 65 | matchStrings: [ 66 | 'UP_VERSION = (?.*?)\\n', 67 | ], 68 | datasourceTemplate: 'github-releases', 69 | depNameTemplate: 'upbound/up', 70 | }, 71 | { 72 | customType: 'regex', 73 | description: 'Bump uptest version in the Makefile', 74 | fileMatch: [ 75 | '^Makefile$', 76 | ], 77 | matchStrings: [ 78 | 'UPTEST_VERSION = (?.*?)\\n', 79 | ], 80 | datasourceTemplate: 'github-releases', 81 | depNameTemplate: 'upbound/uptest', 82 | }, 83 | { 84 | customType: 'regex', 85 | description: 'Bump providers/functions/configurations in crossplane.yaml', 86 | fileMatch: [ 87 | 'crossplane.yaml', 88 | ], 89 | matchStrings: [ 90 | '#\\s*renovate:\\s*datasource=(?[^\\s]+)\\s+depName=(?[^\\s]+)\\s*\\n\\s*version:\\s*"(?[^"]+)"', 91 | ], 92 | datasourceTemplate: '{{{datasource}}}', 93 | depNameTemplate: '{{{depName}}}', 94 | }, 95 | ], 96 | "git-submodules": { 97 | "enabled": true 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /.github/workflows/ci.yaml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | - release-* 8 | workflow_dispatch: {} 9 | 10 | env: 11 | DOCKER_BUILDX_VERSION: 'v0.8.2' 12 | 13 | XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }} 14 | 15 | jobs: 16 | detect-noop: 17 | runs-on: ubuntu-24.04 18 | outputs: 19 | noop: ${{ steps.noop.outputs.should_skip }} 20 | steps: 21 | - name: Detect No-op Changes 22 | id: noop 23 | uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1 24 | with: 25 | github_token: ${{ secrets.GITHUB_TOKEN }} 26 | paths_ignore: '["**.md", "**.png", "**.jpg"]' 27 | do_not_skip: '["workflow_dispatch", "schedule", "push"]' 28 | 29 | publish-artifacts: 30 | runs-on: ubuntu-24.04 31 | needs: detect-noop 32 | if: needs.detect-noop.outputs.noop != 'true' 33 | 34 | steps: 35 | - name: Setup Docker Buildx 36 | uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 37 | with: 38 | version: ${{ env.DOCKER_BUILDX_VERSION }} 39 | install: true 40 | 41 | - name: Checkout 42 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 43 | with: 44 | submodules: true 45 | 46 | - name: Fetch History 47 | run: git fetch --prune --unshallow 48 | 49 | - name: Build Artifacts 50 | run: make -j2 build.all 51 | env: 52 | # We're using docker buildx, which doesn't actually load the images it 53 | # builds by default. Specifying --load does so. 54 | BUILD_ARGS: "--load" 55 | 56 | - name: Publish Artifacts to GitHub 57 | uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 58 | with: 59 | name: output 60 | path: _output/** 61 | 62 | - name: Login to Upbound 63 | uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 64 | if: env.XPKG_ACCESS_ID != '' 65 | with: 66 | registry: xpkg.upbound.io 67 | username: ${{ secrets.XPKG_ACCESS_ID }} 68 | password: ${{ secrets.XPKG_TOKEN }} 69 | 70 | - name: Publish Artifacts 71 | if: env.XPKG_ACCESS_ID != '' 72 | run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} 73 | -------------------------------------------------------------------------------- /.github/workflows/e2e.yaml: -------------------------------------------------------------------------------- 1 | name: End to End Testing 2 | 3 | on: 4 | issue_comment: 5 | types: [created] 6 | pull_request: 7 | types: [labeled] 8 | jobs: 9 | e2e: 10 | uses: upbound/official-providers-ci/.github/workflows/pr-comment-trigger.yml@main 11 | with: 12 | package-type: configuration 13 | secrets: 14 | UPTEST_CLOUD_CREDENTIALS: ${{ secrets.UPTEST_CLOUD_CREDENTIALS }} 15 | UPTEST_DATASOURCE: ${{ secrets.UPTEST_DATASOURCE }} 16 | -------------------------------------------------------------------------------- /.github/workflows/tag.yml: -------------------------------------------------------------------------------- 1 | name: Tag 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | version: 7 | description: 'Release version (e.g. v0.1.0)' 8 | required: true 9 | message: 10 | description: 'Tag message' 11 | required: true 12 | 13 | jobs: 14 | create-tag: 15 | runs-on: ubuntu-24.04 16 | 17 | steps: 18 | - name: Checkout 19 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 20 | 21 | - name: Create Tag 22 | uses: negz/create-tag@39bae1e0932567a58c20dea5a1a0d18358503320 # v1 23 | with: 24 | version: ${{ github.event.inputs.version }} 25 | message: ${{ github.event.inputs.message }} 26 | token: ${{ secrets.GITHUB_TOKEN }} 27 | -------------------------------------------------------------------------------- /.github/workflows/yamllint.yaml: -------------------------------------------------------------------------------- 1 | name: yamllint 2 | on: [pull_request] 3 | jobs: 4 | yamllint: 5 | name: runner / yamllint 6 | runs-on: ubuntu-latest 7 | steps: 8 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 9 | - name: yamllint 10 | uses: reviewdog/action-yamllint@f01d8a48fd8d89f89895499fca2cff09f9e9e8c0 # v1.21.0 11 | with: 12 | reporter: github-pr-review 13 | filter_mode: nofilter 14 | yamllint_flags: 'apis/' 15 | fail_on_error: true 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.cache 2 | /.work 3 | /_output 4 | /results 5 | /.idea 6 | 7 | *.xpkg 8 | kubeconfig 9 | crossplane-azure-provider-key.json -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "build"] 2 | path = build 3 | url = https://github.com/crossplane/build.git 4 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | extends: default 2 | 3 | rules: 4 | line-length: disable 5 | document-start: disable -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # ==================================================================================== 2 | # Crossplane Configuration Package Makefile 3 | # ==================================================================================== 4 | 5 | # USAGE DOCUMENTATION 6 | # ==================================================================================== 7 | # 8 | # This is a generic Makefile to be used across repositories building Crossplane 9 | # configuration packages. It provides a comprehensive set of targets for development, 10 | # testing, and deployment. 11 | # 12 | # PROJECT CONFIGURATION 13 | # ------------------- 14 | # Create a project.mk file in your repository to configure project-specific settings. 15 | # Required variables: 16 | # - PROJECT_NAME: Name of your Crossplane configuration package 17 | # 18 | # Example project.mk: 19 | # PROJECT_NAME = custom-config 20 | # UPTEST_DEFAULT_TIMEOUT = 3600s 21 | # UPTEST_SKIP_IMPORT = true 22 | # 23 | # PRIMARY TARGETS 24 | # -------------- 25 | # 26 | # Development Tools: 27 | # ----------------- 28 | # - `yamllint` 29 | # Runs yamllint recursively on all files in the `api` folder to ensure YAML 30 | # quality and consistency 31 | # 32 | # - `check-examples` 33 | # Validates consistency between example configurations and dependencies: 34 | # - Compares Function package versions in examples/ against crossplane.yaml 35 | # - Ensures all Function versions in examples match dependency declarations 36 | # - Helps prevent version mismatches that could cause deployment issues 37 | # Example errors: 38 | # - Example using function-foo:v1.2.0 while crossplane.yaml specifies v1.1.0 39 | # - Missing Function dependencies in crossplane.yaml that are used in examples 40 | # Usage: Run before committing changes to ensure example validity 41 | # 42 | # Rendering and Validation: 43 | # ----------------- 44 | # - `render` 45 | # Renders the composition output for rapid feedback during template development. 46 | # Requirements: 47 | # - Claims must have these annotations: 48 | # render.crossplane.io/composition-path: apis/pat/composition.yaml 49 | # render.crossplane.io/function-path: examples/functions.yaml 50 | # Note: This only populates the cache. Use `render.show` to view output. 51 | # 52 | # - `render.show` 53 | # Displays the rendered YAML output. Useful for: 54 | # - Manual validation 55 | # - Piping to validation tools, e.g.: 56 | # make render.show | crossplane beta validate crossplane.yaml - 57 | # 58 | # Testing: 59 | # ----------------- 60 | # - `render.test` 61 | # Executes kcl-unit tests on rendered manifests. Tests should be: 62 | # - Located in the `test` folder 63 | # - Written as standard kcl-tests 64 | # This ensures the rendered output meets expected specifications. 65 | # 66 | # - `e2e` 67 | # Comprehensive end-to-end testing, including: 68 | # - Cluster creation 69 | # - Configuration setup 70 | # - Testing create, import, and delete operations 71 | # 72 | # Cloud Provider Requirements: 73 | # For configurations creating cloud provider resources, set: 74 | # UPTEST_CLOUD_CREDENTIALS - Provider-specific credentials: 75 | # - AWS: export UPTEST_CLOUD_CREDENTIALS=$(cat ~/.aws/credentials) 76 | # - GCP: export UPTEST_CLOUD_CREDENTIALS=$(cat gcp-sa.json) 77 | # - Azure: export UPTEST_CLOUD_CREDENTIALS=$(cat azure.json) 78 | # 79 | # Configuration Options: 80 | # - UPTEST_SKIP_DELETE (default: false) 81 | # Skip deletion testing of created resources 82 | # - UPTEST_SKIP_UPDATE (default: false) 83 | # Skip testing of claim updates 84 | # - UPTEST_SKIP_IMPORT (default: false) 85 | # Skip testing of resource imports 86 | # 87 | # Example Usage: 88 | # make e2e UPTEST_SKIP_DELETE=true 89 | # 90 | # LANGUAGE-SPECIFIC OPTIONS 91 | # ------------------------ 92 | # 93 | # KCL Support: 94 | # - KCL_COMPOSITION_PATH 95 | # Path to the KCL file generating composition.yaml 96 | # Default: apis/kcl/generate.k 97 | # 98 | # NOTE: The platform setting is constrained to linux_amd64 as Configuration package 99 | # images are not architecture-specific. This avoids unnecessary multi-arch image 100 | # generation. 101 | 102 | # ==================================================================================== 103 | # Project Configuration 104 | # ==================================================================================== 105 | 106 | # Include project.mk for project specific settings 107 | include project.mk 108 | 109 | ifndef PROJECT_NAME 110 | $(error PROJECT_NAME is not set. Please create `project.mk` and set it there.) 111 | endif 112 | 113 | # Project Configuration 114 | # ------------------ 115 | PROJECT_REPO := github.com/upbound/$(PROJECT_NAME) 116 | PLATFORMS ?= linux_amd64 117 | 118 | # Tool Versions 119 | # ------------------ 120 | UP_VERSION = v0.39.0 121 | UP_CHANNEL = stable 122 | CROSSPLANE_CLI_VERSION = v1.18.0 123 | CROSSPLANE_VERSION = v1.18.0-up.1 124 | UPTEST_VERSION = v1.2.0 125 | 126 | # Crossplane Configuration 127 | # ------------------ 128 | CROSSPLANE_CHART_REPO = https://charts.upbound.io/stable 129 | CROSSPLANE_CHART_NAME = universal-crossplane 130 | CROSSPLANE_NAMESPACE = upbound-system 131 | CROSSPLANE_ARGS = "--enable-usages" 132 | KIND_CLUSTER_NAME ?= uptest-$(PROJECT_NAME) 133 | 134 | # XPKG Configuration 135 | # ------------------ 136 | XPKG_DIR = $(shell pwd) 137 | XPKG_IGNORE ?= .github/workflows/*.yaml,.github/workflows/*.yml,examples/*.yaml,.work/uptest-datasource.yaml,.cache/render/* 138 | XPKG_REG_ORGS ?= xpkg.upbound.io/upbound 139 | # NOTE: Skip promoting on xpkg.upbound.io as channel tags are inferred 140 | XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/upbound 141 | XPKGS = $(PROJECT_NAME) 142 | 143 | # Testing Configuration 144 | # ------------------ 145 | UPTEST_LOCAL_DEPLOY_TARGET = local.xpkg.deploy.configuration.$(PROJECT_NAME) 146 | UPTEST_DEFAULT_TIMEOUT ?= 2400s 147 | 148 | # KCL Configuration 149 | # ------------------ 150 | KCL_COMPOSITION_PATH ?= apis/kcl/generate.k 151 | LANG_KCL := $(shell find ./apis -type f -name '*.k') 152 | 153 | # Overwrite example list if it is set by CI 154 | # For example with comment `/test-examples="path/to/example.yaml"` 155 | ifdef UPTEST_EXAMPLE_LIST 156 | UPTEST_INPUT_MANIFESTS=$(UPTEST_EXAMPLE_LIST) 157 | endif 158 | 159 | # Include makelib files 160 | # ------------------ 161 | -include build/makelib/common.mk 162 | -include build/makelib/k8s_tools.mk 163 | -include build/makelib/xpkg.mk 164 | -include build/makelib/local.xpkg.mk 165 | -include build/makelib/controlplane.mk 166 | -include build/makelib/uptest.mk 167 | 168 | # ==================================================================================== 169 | # Targets 170 | # ==================================================================================== 171 | 172 | # Initial Setup 173 | # ------------------ 174 | # We want submodules to be set up the first time `make` is run. 175 | # We manage the build/ folder and its Makefiles as a submodule. 176 | # The first time `make` is run, the includes of build/*.mk files will 177 | # all fail, and this target will be run. The next time, the default as defined 178 | # by the includes will be run instead. 179 | fallthrough: submodules ## Initial setup and submodule initialization 180 | @echo Initial setup complete. Running make again . . . 181 | @make 182 | 183 | submodules: ## Update the submodules, including common build scripts 184 | @git submodule sync 185 | @git submodule update --init --recursive 186 | 187 | # Build Targets 188 | # ------------------ 189 | # We must ensure up is installed in tool cache prior to build as including the k8s_tools 190 | # machinery prior to the xpkg machinery sets UP to point to tool cache. 191 | build.init: $(UP) ## Initialize build requirements 192 | 193 | # KCL Targets 194 | # ------------------ 195 | ifdef LANG_KCL 196 | kcl: $(KCL) ## Generate KCL-based Composition 197 | @$(INFO) Generating kcl composition 198 | @$(KCL) $(KCL_COMPOSITION_PATH) 1>/dev/null 199 | @$(OK) Generated kcl composition 200 | 201 | render: kcl ## Render the composition output 202 | build.init: kcl 203 | .PHONY: kcl 204 | endif 205 | 206 | # Testing Targets 207 | # ------------------ 208 | render.test: $(CROSSPLANE_CLI) $(KCL) render ## Test rendered compositions 209 | @for RENDERED_COMPOSITION in $$(find .cache/render -maxdepth 1 -type f -name '*.yaml'); do \ 210 | $(INFO) "Testing $${RENDERED_COMPOSITION}"; \ 211 | export RENDERED_COMPOSITION; \ 212 | $(KCL) test test/ && \ 213 | $(OK) "Success testing \"$${RENDERED_COMPOSITION}\"!" || \ 214 | ($(ERR) "Failure testing \"$${RENDERED_COMPOSITION}\"!" && exit 1); \ 215 | done 216 | 217 | check-examples: ## Validate package versions in examples match dependencies 218 | @$(INFO) Checking if package versions in dependencies match examples 219 | @FN_EXAMPLES=$$( \ 220 | find examples -type f -name "*.yaml" | \ 221 | xargs $(YQ) -r -o=json 'select(.kind == "Function" and (.apiVersion | test("^pkg.crossplane.io/"))) | .spec.package' | \ 222 | sort -u); \ 223 | FN_DEPS=$$( \ 224 | $(YQ) '.spec.dependsOn[] | select(.function != null) | (.function + ":" + .version)' crossplane.yaml | \ 225 | sort -u \ 226 | ); \ 227 | if [ "$$FN_EXAMPLES" != "$$FN_DEPS" ]; then \ 228 | echo "Function package versions in examples and in crossplane.yaml don't match!"; \ 229 | echo "" ; \ 230 | echo "Versions in dependencies:"; \ 231 | echo "---" ; \ 232 | echo "$$FN_DEPS"; \ 233 | echo "" ; \ 234 | echo "Versions in examples:"; \ 235 | echo "---" ; \ 236 | echo "$$FN_EXAMPLES"; \ 237 | exit 1; \ 238 | fi; 239 | @$(OK) Package versions are sane 240 | 241 | # Help Targets 242 | # ------------------ 243 | help: help.local ## Display this help message 244 | 245 | help.local: 246 | @echo "Available targets:" 247 | @echo 248 | @grep -E '^[a-zA-Z_-]+.*:.*?## .*$$' Makefile | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' 249 | 250 | .PHONY: uptest e2e render yamllint help help.local check-examples render.test 251 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Azure Reference Platform 2 | 3 | This repository contains a reference Azure Platform Configuration for 4 | [Crossplane](https://crossplane.io/). It's a great starting point for building 5 | internal cloud platforms with Azure and offer a self-service API to your internal 6 | development teams. 7 | 8 | This platform offers APIs for setting up fully configured AKS clusters 9 | with secure networking, stateful cloud services (Database) that can securely 10 | connect to the AKS clusters, an Observability Stack, and a GitOps 11 | System. All these components are built using cloud service tools from 12 | the [Official Upbound Family Azure Provider](https://marketplace.upbound.io/providers/upbound/provider-family-azure). 13 | App deployments can securely connect to the infrastructure they need using secrets 14 | distributed directly to the app namespace. 15 | 16 | ## Overview 17 | 18 | This reference platform outlines a specialized API for generating an AKS cluster 19 | ([XCluster](apis/cluster/definition.yaml)) that incorporates XRs from the specified configurations: 20 | 21 | * [upbound-configuration-app](https://github.com/upbound/configuration-app) 22 | * [upbound-configuration-azure-database](https://github.com/upbound/configuration-azure-database) 23 | * [upbound-configuration-azure-aks](https://github.com/upbound/configuration-azure-aks) 24 | * [upbound-configuration-azure-network](https://github.com/upbound/configuration-azure-network) 25 | * [upbound-configuration-gitops-flux](https://github.com/upbound/configuration-gitops-flux) 26 | * [upbound-configuration-observability-oss](https://github.com/upbound/configuration-observability-oss) 27 | 28 | ```mermaid 29 | graph LR; 30 | MyApp(My App)---MyCluster(XRC: my-cluster); 31 | MyCluster---XRD1(XRD: XCluster); 32 | MyApp---MyDB(XRC: my-db); 33 | MyDB---XRD2(XRD: XPostgreSQLInstance); 34 | subgraph Configuration:upbound/platform-ref-azure; 35 | XRD1---Composition(XAKS, XNetwork, XServices); 36 | XRD2---Composition2(Composition); 37 | end 38 | subgraph Provider:upbound/provider-azure 39 | Composition---Network.MRs(MRs: ResourceGroup, VirtualNetwork, Subnet); 40 | Composition---AKS.MRs(MRs: KubernetesCluster); 41 | Composition2---Postgres.MRs(MRs: VirtualNetworkRule, Server); 42 | end 43 | 44 | style MyApp color:#000,fill:#e6e6e6,stroke:#000,stroke-width:2px 45 | style MyCluster color:#000,fill:#D68A82,stroke:#000,stroke-width:2px 46 | style MyDB color:#000,fill:#D68A82,stroke:#000,stroke-width:2px 47 | style Configuration:upbound/platform-ref-azure fill:#f1d16d,opacity:0.3 48 | style Provider:upbound/provider-azure fill:#81CABB,opacity:0.3 49 | style XRD1 color:#000,fill:#f1d16d,stroke:#000,stroke-width:2px,stroke-dasharray: 5 5 50 | style XRD2 color:#000,fill:#f1d16d,stroke:#000,stroke-width:2px,stroke-dasharray: 5 5 51 | style Composition color:#000,fill:#f1d16d,stroke:#000,stroke-width:2px 52 | style Composition2 color:#000,fill:#f1d16d,stroke:#000,stroke-width:2px 53 | 54 | style Network.MRs color:#000,fill:#81CABB,stroke:#000,stroke-width:2px 55 | style AKS.MRs color:#000,fill:#81CABB,stroke:#000,stroke-width:2px 56 | style Postgres.MRs color:#000,fill:#81CABB,stroke:#000,stroke-width:2px 57 | ``` 58 | 59 | Learn more about Composite Resources in the [Crossplane 60 | Docs](https://docs.crossplane.io/latest/concepts/compositions/). 61 | 62 | ## Quickstart 63 | 64 | ### Pre-Requisites 65 | 66 | Before we can install the reference platform we want to install the `up` CLI. 67 | This is a utility that makes following this quickstart guide easier. Everything 68 | described here can also be done in a declarative approach which we highly 69 | recommend for any production type use-case. 70 | 71 | 72 | To install `up` run this install script: 73 | ```console 74 | curl -sL https://cli.upbound.io | sh 75 | ``` 76 | See [up docs](https://docs.upbound.io/cli/) for more install options. 77 | 78 | To intstall `crossplane` CLI follow https://docs.crossplane.io/latest/cli/#installing-the-cli 79 | 80 | We need a running Crossplane control plane to install our instance. We are 81 | using [Universal Crossplane (UXP)](https://github.com/upbound/universal-crossplane). 82 | Ensure that your kubectl context points to the correct Kubernetes cluster or 83 | create a new [kind](https://kind.sigs.k8s.io) cluster: 84 | 85 | ```console 86 | kind create cluster 87 | ``` 88 | 89 | Finally install UXP into the `upbound-system` namespace: 90 | 91 | ```console 92 | up uxp install --set='args[0]=--enable-usages' 93 | ``` 94 | 95 | We will need [Usages](https://docs.crossplane.io/latest/concepts/usages/) alpha feature 96 | for the correct deployment and eventual de-provisioning of this reference platform. 97 | 98 | You can validate the install by inspecting all installed components: 99 | 100 | ```console 101 | kubectl get all -n upbound-system 102 | ``` 103 | 104 | ### Install the Azure Reference Platform 105 | 106 | Now you can install this reference platform. It's packaged as a [Crossplane 107 | configuration package](https://docs.crossplane.io/latest/concepts/packages/) 108 | so there is a single command to install it: 109 | 110 | ```console 111 | up ctp configuration install xpkg.upbound.io/upbound/platform-ref-azure:v0.12.0 112 | ``` 113 | 114 | Validate the install by inspecting the provider and configuration packages: 115 | ```console 116 | kubectl get configurations,configurationrevisions 117 | kubectl get configurations --watch 118 | ``` 119 | 120 | After all Configurations are ready, you can check the status of associated 121 | Providers that were pulled as dependencies 122 | 123 | ```console 124 | kubectl get providers,providerrevision 125 | ``` 126 | 127 | Check the 128 | [marketplace](https://marketplace.upbound.io/configurations/upbound/platform-ref-azure/) 129 | for the latest version of this platform. 130 | 131 | ### Configure the Azure provider 132 | 133 | Before we can use the reference platform we need to configure it with Azure 134 | credentials: 135 | 136 | ```console 137 | # Create a azure.json file with the azure cli: 138 | # Replace with your subscription ID. 139 | az ad sp create-for-rbac --sdk-auth --role Owner --scopes /subscriptions/ \ 140 | > azure.json 141 | 142 | # Create a K8s secret with the Azure creds: 143 | kubectl create secret generic azure-creds -n upbound-system --from-file=credentials=./azure.json 144 | 145 | # Configure the Azure Provider to use the secret: 146 | kubectl apply -f examples/azure-default-provider.yaml 147 | ``` 148 | 149 | See [provider-azure docs](https://docs.upbound.io/providers/provider-azure/authentication/) for more detailed configuration options 150 | 151 | ## Using the Azure reference platform 152 | 153 | 🎉 Congratulations. You have just installed your first Crossplane powered 154 | platform! 155 | 156 | Application developers can now use the platform to request resources which than 157 | will provisioned in Azure. This would usually done by bundling a claim as part of 158 | the application code. In our example here we simply create the claims directly: 159 | 160 | Create a custom defined cluster: 161 | ```console 162 | kubectl apply -f https://raw.githubusercontent.com/upbound/platform-ref-azure/main/examples/cluster-claim.yaml 163 | ``` 164 | 165 | Create a custom defined database: 166 | ```console 167 | kubectl apply -f https://raw.githubusercontent.com/upbound/platform-ref-azure/main/examples/mariadb-claim.yaml 168 | ``` 169 | 170 | **NOTE**: The database abstraction relies on the cluster claim to be ready - it 171 | uses the same network to have connectivity with the AKS cluster. 172 | 173 | Now deploy the sample application: 174 | 175 | ``` 176 | kubectl apply -f https://raw.githubusercontent.com/upbound/platform-ref-azure/main/examples/app-claim.yaml 177 | ``` 178 | 179 | **NOTE**: application has a strong dependency on mariadb type of the database 180 | 181 | You can verify status by inspecting the claims, composites and managed 182 | resources: 183 | 184 | ```console 185 | kubectl get claim,composite,managed 186 | ``` 187 | 188 | To get nice representation of the Claim deployment status you can use 189 | [crossplane beta trace](https://docs.crossplane.io/latest/cli/command-reference/#beta-trace) command 190 | 191 | ```console 192 | crossplane beta trace cluster.aws.platformref.upbound.io/platform-ref-aws 193 | ``` 194 | 195 | To delete the provisioned resources you would simply delete the claims again: 196 | 197 | ```console 198 | kubectl delete -f https://raw.githubusercontent.com/upbound/platform-ref-azure/main/examples/cluster-claim.yaml,https://raw.githubusercontent.com/upbound/platform-ref-azure/main/examples/mariadb-claim.yaml,https://raw.githubusercontent.com/upbound/platform-ref-azure/main/examples/app-claim.yaml 199 | ``` 200 | 201 | To uninstall the provider & platform configuration: 202 | 203 | ```console 204 | kubectl delete configurations.pkg.crossplane.io upbound-platform-ref-azure 205 | kubectl delete configurations.pkg.crossplane.io upbound-configuration-app 206 | kubectl delete configurations.pkg.crossplane.io upbound-configuration-azure-database 207 | kubectl delete configurations.pkg.crossplane.io upbound-configuration-azure-aks 208 | kubectl delete configurations.pkg.crossplane.io upbound-configuration-azure-network 209 | kubectl delete configurations.pkg.crossplane.io upbound-configuration-gitops-flux 210 | kubectl delete configurations.pkg.crossplane.io upbound-configuration-observability-oss 211 | 212 | kubectl delete providers.pkg.crossplane.io crossplane-contrib-provider-helm 213 | kubectl delete providers.pkg.crossplane.io crossplane-contrib-provider-kubernetes 214 | kubectl delete providers.pkg.crossplane.io grafana-provider-grafana 215 | kubectl delete providers.pkg.crossplane.io upbound-provider-azure-containerservice 216 | kubectl delete providers.pkg.crossplane.io upbound-provider-azure-dbformariadb 217 | kubectl delete providers.pkg.crossplane.io upbound-provider-azure-dbforpostgresql 218 | kubectl delete providers.pkg.crossplane.io upbound-provider-azure-network 219 | kubectl delete providers.pkg.crossplane.io upbound-provider-family-azure 220 | ``` 221 | 222 | ## Customize for your Organization 223 | 224 | So far we have used the existing reference platform but haven't made any 225 | changes. 226 | 227 | For the following examples we are using `my-org` and `my-platform`: 228 | 229 | ```console 230 | ORG=my-org 231 | PLATFORM=my-platform 232 | ``` 233 | 234 | ### Pre-Requisites 235 | First you need to create a [free Upbound 236 | account](https://accounts.upbound.io/register) to push your custom platform. 237 | Afterwards you can log in: 238 | 239 | ```console 240 | up login 241 | ``` 242 | 243 | ### Make the changes 244 | 245 | To make your changes clone this repository: 246 | 247 | ```console 248 | git clone https://github.com/upbound/platform-ref-azure.git $PLATFORM && cd $PLATFORM 249 | ``` 250 | 251 | ### Build and push your platform 252 | 253 | To share your new platform you need to build and distribute this package. 254 | 255 | To build the package use the `up xpkg build` command: 256 | 257 | ```console 258 | up xpkg build --name package.xpkg --package-root=. --examples-root=examples --ignore=".github/workflows/*.yaml,.github/workflows/*.yml,examples/*.yaml,.work/uptest-datasource.yaml" 259 | ``` 260 | 261 | Afterwards you can push it to the marketplace. It will be not automatically 262 | listed but the OCI repository will be publicly accessible. 263 | 264 | ```console 265 | TAG=v0.1.0 266 | up repo -a $ORG create ${PLATFORM} 267 | up xpkg push ${ORG}/${PLATFORM}:${TAG} -f package.xpkg 268 | ``` 269 | 270 | ## Using your custom platform 271 | 272 | Now to use your custom platform, you can pull the Configuration package from 273 | your repository 274 | 275 | ```console 276 | up ctp configuration install xpkg.upbound.io/${ORG}/${PLATFORM}:${TAG} --package-pull-secrets=personal-pull-secret 277 | ``` 278 | 279 | For alternative declarative installation approach see the [example Configuration 280 | manifest](examples/configuration.yaml). Please update to your org, platform and 281 | tag before applying. 282 | 283 | 🎉 Congratulations. You have just build and installed your first custom 284 | Crossplane powered platform! 285 | 286 | 287 | ## Questions? 288 | 289 | For any questions, thoughts and comments don't hesitate to [reach 290 | out](https://www.upbound.io/contact) or drop by 291 | [slack.crossplane.io](https://slack.crossplane.io), and say hi! 292 | -------------------------------------------------------------------------------- /apis/cluster/composition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: Composition 3 | metadata: 4 | name: xclusters.azure.platformref.upbound.io 5 | spec: 6 | writeConnectionSecretsToNamespace: upbound-system 7 | compositeTypeRef: 8 | apiVersion: azure.platformref.upbound.io/v1alpha1 9 | kind: XCluster 10 | mode: Pipeline 11 | pipeline: 12 | - step: patch-and-transform 13 | functionRef: 14 | name: crossplane-contrib-function-patch-and-transform 15 | input: 16 | apiVersion: pt.fn.crossplane.io/v1beta1 17 | kind: Resources 18 | resources: 19 | - name: compositeNetworkAKS 20 | base: 21 | apiVersion: azure.platform.upbound.io/v1alpha1 22 | kind: XNetwork 23 | patches: 24 | - type: FromCompositeFieldPath 25 | fromFieldPath: spec.parameters.id 26 | toFieldPath: spec.parameters.id 27 | - type: FromCompositeFieldPath 28 | fromFieldPath: spec.parameters.region 29 | toFieldPath: spec.parameters.region 30 | - type: FromCompositeFieldPath 31 | fromFieldPath: spec.parameters.deletionPolicy 32 | toFieldPath: spec.parameters.deletionPolicy 33 | - type: FromCompositeFieldPath 34 | fromFieldPath: spec.parameters.providerConfigName 35 | toFieldPath: spec.parameters.providerConfigName 36 | - type: FromCompositeFieldPath 37 | fromFieldPath: spec.parameters.networkSelector 38 | toFieldPath: spec.compositionSelector.matchLabels[type] 39 | 40 | - name: compositeClusterAKS 41 | base: 42 | apiVersion: azure.platform.upbound.io/v1alpha1 43 | kind: XAKS 44 | connectionDetails: 45 | - type: FromConnectionSecretKey 46 | fromConnectionSecretKey: kubeconfig 47 | name: kubeconfig 48 | patches: 49 | - type: FromCompositeFieldPath 50 | fromFieldPath: spec.parameters.id 51 | toFieldPath: metadata.labels[xaks.azure.platform.upbound.io/cluster-id] 52 | - type: FromCompositeFieldPath 53 | fromFieldPath: spec.parameters.id 54 | toFieldPath: spec.parameters.id 55 | - type: FromCompositeFieldPath 56 | fromFieldPath: spec.parameters.region 57 | toFieldPath: spec.parameters.region 58 | - type: FromCompositeFieldPath 59 | fromFieldPath: spec.parameters.deletionPolicy 60 | toFieldPath: spec.parameters.deletionPolicy 61 | - type: FromCompositeFieldPath 62 | fromFieldPath: spec.parameters.providerConfigName 63 | toFieldPath: spec.parameters.providerConfigName 64 | - type: FromCompositeFieldPath 65 | fromFieldPath: metadata.uid 66 | toFieldPath: spec.writeConnectionSecretToRef.name 67 | transforms: 68 | - type: string 69 | string: 70 | fmt: '%s-aks' 71 | type: Format 72 | - type: FromCompositeFieldPath 73 | fromFieldPath: spec.writeConnectionSecretToRef.namespace 74 | toFieldPath: spec.writeConnectionSecretToRef.namespace 75 | - type: FromCompositeFieldPath 76 | fromFieldPath: spec.parameters.version 77 | toFieldPath: spec.parameters.version 78 | - type: FromCompositeFieldPath 79 | fromFieldPath: spec.parameters.nodes.count 80 | toFieldPath: spec.parameters.nodes.count 81 | - type: FromCompositeFieldPath 82 | fromFieldPath: spec.parameters.nodes.instanceType 83 | toFieldPath: spec.parameters.nodes.instanceType 84 | 85 | - name: XOss 86 | base: 87 | apiVersion: observe.platform.upbound.io/v1alpha1 88 | kind: XOss 89 | patches: 90 | - type: FromCompositeFieldPath 91 | fromFieldPath: spec.parameters.deletionPolicy 92 | toFieldPath: spec.parameters.deletionPolicy 93 | - type: FromCompositeFieldPath 94 | fromFieldPath: spec.parameters.id 95 | toFieldPath: spec.parameters.id 96 | - type: FromCompositeFieldPath 97 | fromFieldPath: spec.parameters.operators.prometheus.version 98 | toFieldPath: spec.parameters.operators.prometheus.version 99 | 100 | - name: XFlux 101 | base: 102 | apiVersion: gitops.platform.upbound.io/v1alpha1 103 | kind: XFlux 104 | patches: 105 | - type: FromCompositeFieldPath 106 | fromFieldPath: spec.parameters.deletionPolicy 107 | toFieldPath: spec.parameters.deletionPolicy 108 | - type: FromCompositeFieldPath 109 | fromFieldPath: spec.parameters.id 110 | toFieldPath: spec.parameters.providerConfigName 111 | - type: FromCompositeFieldPath 112 | fromFieldPath: spec.parameters.operators.flux.version 113 | toFieldPath: spec.parameters.operators.flux.version 114 | - type: FromCompositeFieldPath 115 | fromFieldPath: spec.parameters.operators.flux-sync.version 116 | toFieldPath: spec.parameters.operators.flux-sync.version 117 | - type: FromCompositeFieldPath 118 | fromFieldPath: spec.parameters.gitops 119 | toFieldPath: spec.parameters.source 120 | 121 | - name: usageXEksByXFlux 122 | base: 123 | apiVersion: apiextensions.crossplane.io/v1alpha1 124 | kind: Usage 125 | spec: 126 | by: 127 | apiVersion: gitops.platform.upbound.io/v1alpha1 128 | kind: XFlux 129 | resourceSelector: 130 | matchControllerRef: true 131 | of: 132 | apiVersion: azure.platform.upbound.io/v1alpha1 133 | kind: XAKS 134 | resourceSelector: 135 | matchControllerRef: true 136 | 137 | - name: usageXEksByXOss 138 | base: 139 | apiVersion: apiextensions.crossplane.io/v1alpha1 140 | kind: Usage 141 | spec: 142 | by: 143 | apiVersion: observe.platform.upbound.io/v1alpha1 144 | kind: XOss 145 | resourceSelector: 146 | matchControllerRef: true 147 | of: 148 | apiVersion: azure.platform.upbound.io/v1alpha1 149 | kind: XAKS 150 | resourceSelector: 151 | matchControllerRef: true 152 | 153 | - name: usageXAksByArbitraryLabeledRelease 154 | base: 155 | apiVersion: apiextensions.crossplane.io/v1alpha1 156 | kind: Usage 157 | spec: 158 | by: 159 | apiVersion: helm.crossplane.io/v1beta1 160 | kind: Release 161 | resourceSelector: 162 | matchLabels: 163 | platform.upbound.io/deletion-ordering: enabled 164 | of: 165 | apiVersion: azure.platform.upbound.io/v1alpha1 166 | kind: XAKS 167 | resourceSelector: 168 | matchControllerRef: true 169 | readinessChecks: 170 | - type: None 171 | -------------------------------------------------------------------------------- /apis/cluster/definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.crossplane.io/v1 2 | kind: CompositeResourceDefinition 3 | metadata: 4 | name: xclusters.azure.platformref.upbound.io 5 | spec: 6 | # We require Foreground Deletion for cases where XRs are generated without a Claim, like in XServices. 7 | # In such situations, XService is deleted right away, 8 | # taking the Usage and XAKS with it, 9 | # which causes issues for Release.helm's deletion process. 10 | defaultCompositeDeletePolicy: Foreground 11 | group: azure.platformref.upbound.io 12 | names: 13 | kind: XCluster 14 | plural: xclusters 15 | claimNames: 16 | kind: Cluster 17 | plural: clusters 18 | connectionSecretKeys: 19 | - kubeconfig 20 | versions: 21 | - name: v1alpha1 22 | served: true 23 | referenceable: true 24 | schema: 25 | openAPIV3Schema: 26 | type: object 27 | properties: 28 | spec: 29 | type: object 30 | properties: 31 | parameters: 32 | type: object 33 | description: Cluster configuration parameters. 34 | properties: 35 | id: 36 | type: string 37 | description: ID of this Cluster that other objects will use to refer to it. 38 | region: 39 | type: string 40 | description: Region is the region you'd like your resource to be created in. 41 | networkSelector: 42 | type: string 43 | description: NetworkSelector employs a specific type of network architecture. 44 | enum: 45 | - basic 46 | default: basic 47 | deletionPolicy: 48 | description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete 49 | enum: 50 | - Delete 51 | - Orphan 52 | type: string 53 | default: Delete 54 | providerConfigName: 55 | description: Crossplane ProviderConfig to use for provisioning this resources 56 | type: string 57 | default: default 58 | version: 59 | type: string 60 | description: Kubernetes version of the Cluster 61 | enum: 62 | - "1.31" 63 | - "1.30" 64 | - "1.29" 65 | default: "1.31" 66 | nodes: 67 | type: object 68 | description: Cluster node configuration parameters. 69 | properties: 70 | count: 71 | type: integer 72 | description: Desired node count, from 1 to 100. 73 | instanceType: 74 | type: string 75 | description: instance types associated with the Node Group. 76 | default: Standard_B2s 77 | required: 78 | - count 79 | - instanceType 80 | operators: 81 | description: Configuration for operators. 82 | type: object 83 | default: 84 | flux: 85 | version: "2.10.6" 86 | flux-sync: 87 | version: "1.7.2" 88 | prometheus: 89 | version: "52.1.0" 90 | properties: 91 | flux: 92 | description: Configuration for the Flux GitOps operator. 93 | type: object 94 | properties: 95 | version: 96 | description: flux helm-chart version to run. 97 | type: string 98 | default: "2.10.6" 99 | required: 100 | - version 101 | flux-sync: 102 | description: Configuration for the Flux Sync Helm-Chart. 103 | type: object 104 | properties: 105 | version: 106 | description: flux sync helm-chart version to run. 107 | type: string 108 | default: "1.7.2" 109 | required: 110 | - version 111 | prometheus: 112 | description: Configuration for the Prometheus Helm-Chart. 113 | type: object 114 | properties: 115 | version: 116 | description: prometheus helm-chart version to run. 117 | type: string 118 | default: "52.1.0" 119 | required: 120 | - version 121 | gitops: 122 | description: GitOps configure gitops system 123 | type: object 124 | properties: 125 | git: 126 | type: object 127 | properties: 128 | interval: 129 | default: "5m0s" 130 | description: Interval at which the GitRepository URL is checked for 131 | updates. This interval is approximate and may be subject to jitter 132 | to ensure efficient use of resources. 133 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ 134 | type: string 135 | timeout: 136 | default: "60s" 137 | description: Timeout for Git operations like cloning, defaults to 138 | 60s. 139 | pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ 140 | type: string 141 | url: 142 | description: URL specifies the Git repository URL, it can be an HTTP/S 143 | or SSH address. 144 | pattern: ^(http|https|ssh)://.*$ 145 | type: string 146 | path: 147 | type: string 148 | default: "/" 149 | ref: 150 | description: Reference specifies the Git reference to resolve and 151 | monitor for changes. 152 | type: object 153 | properties: 154 | name: 155 | description: "Name of the reference to check out; takes precedence 156 | over Branch, Tag and SemVer. \n It must be a valid Git reference: 157 | https://git-scm.com/docs/git-check-ref-format#_description Examples: 158 | \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", 159 | \"refs/merge-requests/1/head\"" 160 | type: string 161 | required: 162 | - interval 163 | - timeout 164 | - url 165 | - path 166 | - ref 167 | required: 168 | - git 169 | required: 170 | - deletionPolicy 171 | - gitops 172 | - id 173 | - nodes 174 | - operators 175 | - providerConfigName 176 | - region 177 | required: 178 | - parameters 179 | -------------------------------------------------------------------------------- /crossplane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: meta.pkg.crossplane.io/v1alpha1 2 | kind: Configuration 3 | metadata: 4 | name: platform-ref-azure 5 | annotations: 6 | meta.crossplane.io/maintainer: Upbound 7 | meta.crossplane.io/source: github.com/upbound/platform-ref-azure 8 | meta.crossplane.io/license: Apache-2.0 9 | meta.crossplane.io/description: | 10 | This reference platform Configuration for Kubernetes and Data Services 11 | is a starting point to build, run, and operate your own internal cloud 12 | platform and offer a self-service console and API to your internal teams. 13 | 14 | meta.crossplane.io/readme: | 15 | This reference platform `Configuration` for Kubernetes and Data Services 16 | is a starting point to build, run, and operate your own internal cloud 17 | platform and offer a self-service console and API to your internal teams. 18 | It provides platform APIs to provision fully configured AKS clusters, 19 | with secure networking, and stateful cloud services designed to 20 | securely connect to the nodes in each AKS cluster -- all composed using 21 | cloud service primitives from the [Upbound Official Azure 22 | Provider](https://marketplace.upbound.io/providers/upbound/provider-azure). App 23 | deployments can securely connect to the infrastructure they need using 24 | secrets distributed directly to the app namespace. 25 | 26 | [Quickstart 27 | Guide](https://github.com/upbound/platform-ref-azure/#quickstart) 28 | 29 | [Customize for your 30 | Organization](https://github.com/upbound/platform-ref-azure/#customize-for-your-organization) 31 | 32 | To learn more checkout the [GitHub 33 | repo](https://github.com/upbound/platform-ref-azure/) that you can copy and 34 | customize to meet the exact needs of your organization! 35 | spec: 36 | crossplane: 37 | version: ">=v1.14.1-0" 38 | dependsOn: 39 | - configuration: xpkg.upbound.io/upbound/configuration-azure-network 40 | # renovate: datasource=github-releases depName=upbound/configuration-azure-network 41 | version: "v0.14.0" 42 | - configuration: xpkg.upbound.io/upbound/configuration-azure-aks 43 | # renovate: datasource=github-releases depName=upbound/configuration-azure-aks 44 | version: "v0.12.0" 45 | - configuration: xpkg.upbound.io/upbound/configuration-azure-database 46 | # renovate: datasource=github-releases depName=upbound/configuration-azure-database 47 | version: "v0.15.0" 48 | - configuration: xpkg.upbound.io/upbound/configuration-app 49 | # renovate: datasource=github-releases depName=upbound/configuration-app 50 | version: "v0.11.0" 51 | - configuration: xpkg.upbound.io/upbound/configuration-observability-oss 52 | # renovate: datasource=github-releases depName=upbound/configuration-observability-oss 53 | version: "v0.9.0" 54 | - configuration: xpkg.upbound.io/upbound/configuration-gitops-flux 55 | # renovate: datasource=github-releases depName=upbound/configuration-gitops-flux 56 | version: "v0.10.0" 57 | -------------------------------------------------------------------------------- /examples/app-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: platform.upbound.io/v1alpha1 2 | kind: App 3 | metadata: 4 | name: platform-ref-azure-cluster-ghost 5 | namespace: default 6 | labels: 7 | platform.upbound.io/deletion-ordering: enabled 8 | spec: 9 | compositeDeletePolicy: Foreground 10 | parameters: 11 | providerConfigName: platform-ref-azure-cluster 12 | passwordSecretRef: 13 | namespace: default 14 | name: platform-ref-azure-cluster-db-conn-mariadb 15 | writeConnectionSecretToRef: 16 | name: platform-ref-azure-cluster-app-conn 17 | -------------------------------------------------------------------------------- /examples/azure-default-provider.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: azure.upbound.io/v1beta1 2 | kind: ProviderConfig 3 | metadata: 4 | name: default 5 | spec: 6 | credentials: 7 | source: Secret 8 | secretRef: 9 | namespace: upbound-system 10 | name: azure-creds 11 | key: credentials 12 | -------------------------------------------------------------------------------- /examples/cluster-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: azure.platformref.upbound.io/v1alpha1 2 | kind: Cluster 3 | metadata: 4 | name: platform-ref-azure-cluster 5 | namespace: default 6 | spec: 7 | compositeDeletePolicy: Foreground 8 | parameters: 9 | id: platform-ref-azure-cluster 10 | region: westus 11 | version: "1.31" 12 | nodes: 13 | count: 1 14 | instanceType: Standard_B2s 15 | gitops: 16 | git: 17 | url: https://github.com/upbound/platform-ref-azure/ 18 | ref: 19 | # refs/heads/main 20 | # refs/tags/v0.1.0 21 | # refs/pull/420/head 22 | # refs/merge-requests/1/head 23 | name: refs/heads/main 24 | writeConnectionSecretToRef: 25 | name: platform-ref-azure-cluster-kubeconfig 26 | -------------------------------------------------------------------------------- /examples/configuration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pkg.crossplane.io/v1 2 | kind: Configuration 3 | metadata: 4 | name: upbound-platform-ref-azure 5 | spec: 6 | package: xpkg.upbound.io/upbound/platform-ref-azure:v0.13.0 7 | -------------------------------------------------------------------------------- /examples/mariadb-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: azure.platform.upbound.io/v1alpha1 2 | kind: SQLInstance 3 | metadata: 4 | name: platform-ref-azure-cluster-db-mariadb 5 | namespace: default 6 | spec: 7 | compositionSelector: 8 | matchLabels: 9 | dbengine: mariadb 10 | parameters: 11 | region: westus 12 | storageGB: 5 #Minimum value is 5 13 | version: "10.3" 14 | passwordSecretRef: 15 | namespace: default 16 | name: mariadbsecret 17 | key: password 18 | networkRef: 19 | id: platform-ref-azure-cluster #This field must match the cluster XR spec.parameters.id 20 | writeConnectionSecretToRef: 21 | name: platform-ref-azure-cluster-db-conn-mariadb #Must be unique for each instance 22 | --- 23 | apiVersion: v1 24 | data: 25 | password: dXBiMHVuZHIwY2s1ITMxMzM3 26 | kind: Secret 27 | metadata: 28 | name: mariadbsecret 29 | namespace: default 30 | type: Opaque 31 | -------------------------------------------------------------------------------- /examples/network-xr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: azure.platformref.upbound.io/v1alpha1 2 | kind: XNetwork 3 | metadata: 4 | name: ref-azure-network 5 | spec: 6 | parameters: 7 | id: ref-azure-network-from-xr 8 | region: westus 9 | -------------------------------------------------------------------------------- /examples/postgres-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: azure.platform.upbound.io/v1alpha1 2 | kind: SQLInstance 3 | metadata: 4 | name: platform-ref-azure-cluster-db-postgresql 5 | namespace: default 6 | spec: 7 | compositionSelector: 8 | matchLabels: 9 | dbengine: postgres 10 | parameters: 11 | region: westus 12 | storageGB: 5 #Minimum value is 5 13 | version: "11" 14 | passwordSecretRef: 15 | namespace: default 16 | name: psqlsecret 17 | key: password 18 | networkRef: 19 | id: platform-ref-azure-cluster #This field must match the cluster XR spec.parameters.id 20 | writeConnectionSecretToRef: 21 | name: platform-ref-azure-cluster-db-conn-postgresql #Must be unique for each instance 22 | --- 23 | apiVersion: v1 24 | data: 25 | password: dXBiMHVuZHIwY2s1ITMxMzM3 26 | kind: Secret 27 | metadata: 28 | name: psqlsecret 29 | namespace: default 30 | type: Opaque 31 | -------------------------------------------------------------------------------- /project.mk: -------------------------------------------------------------------------------- 1 | PROJECT_NAME := platform-ref-azure 2 | UPTEST_INPUT_MANIFESTS := examples/cluster-claim.yaml,examples/mariadb-claim.yaml,examples/app-claim.yaml 3 | UPTEST_SKIP_IMPORT := true 4 | UPTEST_SKIP_UPDATE := true 5 | -------------------------------------------------------------------------------- /test/setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -aeuo pipefail 3 | 4 | echo "Running setup.sh" 5 | echo "Waiting until all configuration packages are healthy/installed..." 6 | "${KUBECTL}" wait configuration.pkg --all --for=condition=Healthy --timeout 5m 7 | "${KUBECTL}" wait configuration.pkg --all --for=condition=Installed --timeout 5m 8 | "${KUBECTL}" wait configurationrevisions.pkg --all --for=condition=Healthy --timeout 5m 9 | 10 | echo "Creating cloud credential secret..." 11 | "${KUBECTL}" -n upbound-system create secret generic azure-creds --from-literal=credentials="${UPTEST_CLOUD_CREDENTIALS}" \ 12 | --dry-run=client -o yaml | "${KUBECTL}" apply -f - 13 | 14 | echo "Waiting until all installed provider packages are healthy..." 15 | "${KUBECTL}" wait provider.pkg --all --for condition=Healthy --timeout 5m 16 | 17 | echo "Waiting for all pods to come online..." 18 | "${KUBECTL}" -n upbound-system wait --for=condition=Available deployment --all --timeout=5m 19 | 20 | echo "Waiting for all XRDs to be established..." 21 | "${KUBECTL}" wait xrd --all --for condition=Established 22 | 23 | echo "Creating a default provider config..." 24 | cat <