From 801fe5c989f569bf9a3993891bef7bdaa6b7615d Mon Sep 17 00:00:00 2001 From: Christopher Haar Date: Tue, 13 Aug 2024 15:58:24 +0200 Subject: [PATCH] feat(bump): add accessentry and bump deps (#78) * feat(bump): add accessentry and bump deps Signed-off-by: Christopher Haar * style(lint): fix lint issues Signed-off-by: Christopher Haar --------- Signed-off-by: Christopher Haar --- .gitignore | 3 +- Makefile | 48 ++- apis/composition-kcl.yaml | 39 -- apis/definition.yaml | 15 +- apis/kcl/generate.k | 77 ++++ apis/kcl/main.k | 287 ++++++++++++++ apis/{ => pat}/composition.yaml | 366 ++++++------------ apis/xeks.k | 359 ----------------- crossplane.yaml | 21 +- examples/configuration.yaml | 2 +- examples/functions.yaml | 12 +- examples/{eks-xr-kcl.yaml => kcl/eks-xr.yaml} | 7 +- .../network-xr.yaml} | 0 examples/{ => pat}/eks-xr.yaml | 7 +- examples/{ => pat}/network-xr.yaml | 0 generate-composition.k | 14 - 16 files changed, 558 insertions(+), 699 deletions(-) delete mode 100644 apis/composition-kcl.yaml create mode 100644 apis/kcl/generate.k create mode 100644 apis/kcl/main.k rename apis/{ => pat}/composition.yaml (63%) delete mode 100644 apis/xeks.k rename examples/{eks-xr-kcl.yaml => kcl/eks-xr.yaml} (67%) rename examples/{network-xr-kcl.yaml => kcl/network-xr.yaml} (100%) rename examples/{ => pat}/eks-xr.yaml (63%) rename examples/{ => pat}/network-xr.yaml (100%) delete mode 100644 generate-composition.k diff --git a/.gitignore b/.gitignore index 9fc889b..119de6c 100644 --- a/.gitignore +++ b/.gitignore @@ -3,9 +3,10 @@ /_output /results /.idea +/.kclvm *.xpkg kubeconfig # generated by kcl -apis/composition-kcl-generated.yaml +apis/kcl/composition.yaml diff --git a/Makefile b/Makefile index 0de1263..a61cd2c 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ CROSSPLANE_CLI_VERSION=v1.16.0 # ==================================================================================== # Setup XPKG XPKG_DIR = $(shell pwd) -XPKG_IGNORE = .github/workflows/*.yaml,.github/workflows/*.yml,examples/*.yaml,.work/uptest-datasource.yaml,apis/composition-kcl.yaml +XPKG_IGNORE = .github/workflows/*.yaml,.github/workflows/*.yml,examples/*.yaml,.work/uptest-datasource.yaml XPKG_REG_ORGS ?= xpkg.upbound.io/upbound # NOTE(hasheddan): skip promoting on xpkg.upbound.io as channel tags are # inferred. @@ -57,7 +57,7 @@ submodules: ## Update the submodules, such as the common build scripts. # We must ensure up is installed in tool cache prior to build as including the k8s_tools machinery prior to the xpkg # machinery sets UP to point to tool cache. -build.init: $(UP) kcl-generate +build.init: $(UP) kcl # ==================================================================================== # End to End Testing @@ -70,7 +70,7 @@ build.init: $(UP) kcl-generate SKIP_DELETE ?= uptest: $(UPTEST) $(KUBECTL) $(KUTTL) @$(INFO) running automated tests - @KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) $(UPTEST) e2e examples/network-xr.yaml,examples/network-xr-kcl.yaml,examples/eks-xr.yaml,examples/eks-xr-kcl.yaml --data-source="${UPTEST_DATASOURCE_PATH}" --setup-script=test/setup.sh --default-timeout=2400 $(SKIP_DELETE) || $(FAIL) + @KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) CROSSPLANE_NAMESPACE=$(CROSSPLANE_NAMESPACE) CROSSPLANE_CLI=$(CROSSPLANE_CLI) $(UPTEST) e2e "${UPTEST_EXAMPLE_LIST}" --data-source="${UPTEST_DATASOURCE_PATH}" --setup-script=test/setup.sh --default-timeout=2400 $(SKIP_DELETE) || $(FAIL) @$(OK) running automated tests # This target requires the following environment variables to be set: @@ -78,21 +78,45 @@ uptest: $(UPTEST) $(KUBECTL) $(KUTTL) # Use `make e2e SKIP_DELETE=--skip-delete` to skip deletion of resources created during the test. e2e: build controlplane.up local.xpkg.deploy.configuration.$(PROJECT_NAME) uptest ## Run uptest together with all dependencies. Use `make e2e SKIP_DELETE=--skip-delete` to skip deletion of resources. -kcl-generate: $(KCL) ## Generate KCL-based Composition - $(KCL) generate-composition.k - -render-kcl: kcl-generate $(CROSSPLANE_CLI) ## Crossplane render kcl generated composition - $(CROSSPLANE_CLI) beta render examples/eks-xr.yaml apis/composition-kcl-generated.yaml examples/functions.yaml -r - -render: $(CROSSPLANE_CLI) ## Crossplane render - $(CROSSPLANE_CLI) beta render examples/eks-xr.yaml apis/composition.yaml examples/functions.yaml -r +kcl: $(KCL) ## Generate KCL-based Composition + $(KCL) apis/kcl/generate.k + +render: kcl $(CROSSPLANE_CLI) ${YQ} + @indir="./examples"; \ + for file in $$(find $$indir -type f -name '*.yaml' ); do \ + doc_count=$$(grep -c '^---' "$$file"); \ + if [[ $$doc_count -gt 0 ]]; then \ + continue; \ + fi; \ + COMPOSITION=$$(${YQ} eval '.metadata.annotations."render.crossplane.io/composition-path"' $$file); \ + FUNCTION=$$(${YQ} eval '.metadata.annotations."render.crossplane.io/function-path"' $$file); \ + ENVIRONMENT=$$(${YQ} eval '.metadata.annotations."render.crossplane.io/environment-path"' $$file); \ + OBSERVE=$$(${YQ} eval '.metadata.annotations."render.crossplane.io/observe-path"' $$file); \ + if [[ "$$ENVIRONMENT" == "null" ]]; then \ + ENVIRONMENT=""; \ + fi; \ + if [[ "$$OBSERVE" == "null" ]]; then \ + OBSERVE=""; \ + fi; \ + if [[ "$$COMPOSITION" == "null" || "$$FUNCTION" == "null" ]]; then \ + continue; \ + fi; \ + ENVIRONMENT=$${ENVIRONMENT=="null" ? "" : $$ENVIRONMENT}; \ + OBSERVE=$${OBSERVE=="null" ? "" : $$OBSERVE}; \ + $(CROSSPLANE_CLI) beta render $$file $$COMPOSITION $$FUNCTION $${ENVIRONMENT:+-e $$ENVIRONMENT} $${OBSERVE:+-o $$OBSERVE} -x; \ + done yamllint: ## Static yamllint check @$(INFO) running yamllint @yamllint ./apis || $(FAIL) @$(OK) running yamllint +kcllint: ## Static kcllint check + @$(INFO) running kcllint + @$(KCL) lint ./apis/kcl/ || $(FAIL) + @$(OK) running kcllint + help.local: @grep -E '^[a-zA-Z_-]+.*:.*?## .*$$' Makefile | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' -.PHONY: uptest e2e render yamllint help.local +.PHONY: uptest e2e render yamllint kcllint help.local diff --git a/apis/composition-kcl.yaml b/apis/composition-kcl.yaml deleted file mode 100644 index 0dc96b2..0000000 --- a/apis/composition-kcl.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: kcl.xeks.aws.platform.upbound.io - labels: - provider: aws - function: kcl -spec: - writeConnectionSecretsToNamespace: upbound-system - compositeTypeRef: - apiVersion: aws.platform.upbound.io/v1alpha1 - kind: XEKS - mode: Pipeline - pipeline: - - step: kcl - functionRef: - name: crossplane-contrib-function-kcl - input: - apiVersion: krm.kcl.dev/v1alpha1 - kind: KCLRun - spec: - source: apis/xeks.k # Replaced by kcl generation, see `make kcl-generate` - - - step: automatically-detect-ready-composed-resources - functionRef: - name: crossplane-contrib-function-auto-ready - - - step: sequence-creation - functionRef: - name: crossplane-contrib-function-sequencer - input: - apiVersion: sequencer.fn.crossplane.io/v1beta1 - kind: Input - rules: - - sequence: - - kubernetesCluster - - cniAddon - - nodeGroupPublic - - ebsCsiAddon diff --git a/apis/definition.yaml b/apis/definition.yaml index e1b0636..f344906 100644 --- a/apis/definition.yaml +++ b/apis/definition.yaml @@ -4,7 +4,7 @@ metadata: name: xeks.aws.platform.upbound.io spec: defaultCompositionRef: - name: xeks.aws.platform.upbound.io + name: pat.xeks.aws.platform.upbound.io connectionSecretKeys: - kubeconfig group: aws.platform.upbound.io @@ -36,18 +36,9 @@ spec: type: object description: IAM configuration to connect as ClusterAdmin. properties: - roleArn: - description: The IAM Role ARN to connect as ClusterAdmin. + principalArn: + description: The principal ARN to connect as ClusterAdmin. type: string - default: roleArn - userArn: - description: The IAM User ARN to connect as ClusterAdmin. - type: string - default: userArn - autoscalerArn: - description: The AutoScaler Role ARN to connect as ClusterAdmin. - type: string - default: autoscalerArn deletionPolicy: description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete enum: diff --git a/apis/kcl/generate.k b/apis/kcl/generate.k new file mode 100644 index 0000000..7f92cc5 --- /dev/null +++ b/apis/kcl/generate.k @@ -0,0 +1,77 @@ +import file +import yaml + +_composition = { + apiVersion: "apiextensions.crossplane.io/v1", + kind: "Composition", + metadata: { + name: "kcl.xeks.aws.platform.upbound.io", + labels: { + provider: "aws", + function: "kcl", + }, + }, + spec: { + writeConnectionSecretsToNamespace: "upbound-system", + compositeTypeRef: { + apiVersion: "aws.platform.upbound.io/v1alpha1" + kind: "XEKS" + }, + mode: "Pipeline", + pipeline: [ + { + step: "kcl" + functionRef: { + name: "crossplane-contrib-function-kcl" + } + input: { + apiVersion: "krm.kcl.dev/v1alpha1" + kind: "KCLRun" + spec: { + source = (file.read("apis/kcl/main.k")) + } + } + }, + { + step: "automatically-detect-ready-composed-resources" + functionRef: { + name: "crossplane-contrib-function-auto-ready" + }, + }, + { + step: "sequence-creation" + functionRef: { + name: "crossplane-contrib-function-sequencer" + } + input: { + apiVersion: "sequencer.fn.crossplane.io/v1beta1" + kind: "Input" + rules: [ + { + sequence: [ + "kubernetesCluster" + "kubernetesClusterAuth" + "vpc-cni-addon" + "nodeGroupPublic" + ] + }, + { + sequence: [ + "nodeGroupPublic" + "aws-ebs-csi-driver-addon" + ] + }, + { + sequence: [ + "nodeGroupPublic" + "eks-pod-identity-agent-addon" + ] + } + ] + } + } + ] + } +} + +file.write("apis/kcl/composition.yaml", yaml.encode(_composition)) \ No newline at end of file diff --git a/apis/kcl/main.k b/apis/kcl/main.k new file mode 100644 index 0000000..a79fbb0 --- /dev/null +++ b/apis/kcl/main.k @@ -0,0 +1,287 @@ +xrName = option("params")?.oxr?.metadata.name +region = option("params")?.oxr?.spec.parameters.region or "" +id = option("params")?.oxr?.spec.parameters.id or "" + +_metadata = lambda name: str -> any { + { annotations = { "krm.kcl.dev/composition-resource-name" = name }} +} + +_defaults ={ + deletionPolicy = option("params")?.oxr?.spec.parameters.deletionPolicy or "Delete" + providerConfigRef.name = option("params")?.oxr?.spec.parameters.providerConfigName or "default" +} + +_items = [{ + apiVersion = "iam.aws.upbound.io/v1beta1" + kind = "Role" + metadata = _metadata("controlplaneRole") | { + labels: { + role = "controlplane" + } + } + spec: _defaults | { + forProvider = { + forceDetachPolicies = True + managedPolicyArns = [ + "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" + ] + assumeRolePolicy = """{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "eks.amazonaws.com" + ] + }, + "Action": [ + "sts:AssumeRole" + ] + } + ] + } + """ + } + } +}] + +kubernetesVersion = option("params")?.oxr?.spec.parameters.version or "" +_items += [{ + apiVersion = "eks.aws.upbound.io/v1beta2" + kind = "Cluster" + metadata = _metadata("kubernetesCluster") + spec: _defaults | { + forProvider = { + region = region + version = kubernetesVersion + roleArnSelector = { + matchControllerRef = True + matchLabels = { + role = "controlplane" + } + } + vpcConfig = { + endpointPrivateAccess = True + subnetIdSelector.matchLabels = { + "networks.aws.platform.upbound.io/network-id" = id + access = "public" + } + } + } + } +}] + +clusterSecurityGroupId = option("params")?.ocds?.kubernetesCluster?.Resource?.status?.atProvider?.vpcConfig?.clusterSecurityGroupId or False +if clusterSecurityGroupId: + _items += [{ + apiVersion = "ec2.aws.upbound.io/v1beta1" + kind = "SecurityGroup" + metadata = { + annotations = { + **_metadata("clusterSecurityGroupImport").annotations + "crossplane.io/external-name" = clusterSecurityGroupId + } + } + spec: _defaults | { + forProvider = { + region = region + tags = { + "eks.aws.platform.upbound.io/discovery" = id + } + } + } + }] + +uid = option("params")?.oxr?.metadata.uid or "" +connectionSecretNamespace = option("params")?.oxr?.spec.writeConnectionSecretToRef.namespace or "upbound-system" +_items += [{ + apiVersion = "eks.aws.upbound.io/v1beta1" + kind = "ClusterAuth" + metadata = _metadata("kubernetesClusterAuth") + spec: _defaults | { + forProvider = { + region = region + clusterNameSelector.matchControllerRef = True + } + writeConnectionSecretToRef = { + name = "{}-ekscluster".format(uid) + namespace = connectionSecretNamespace + } + } +}] + +_items += [{ + apiVersion = "iam.aws.upbound.io/v1beta1" + kind = "Role" + metadata = _metadata("nodegroupRole") | { + labels = { + role = "nodegroup" + } + } + spec: _defaults | { + forProvider = { + forceDetachPolicies = True + managedPolicyArns = [ + "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", + "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", + "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", + "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + assumeRolePolicy = """{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "ec2.amazonaws.com" + ] + }, + "Action": [ + "sts:AssumeRole" + ] + } + ] + } + """ + } + } +}] + +nodeCount = option("params")?.oxr?.spec.parameters.nodes.count or "" +instanceType = option("params")?.oxr?.spec.parameters.nodes.instanceType or "" +_items += [{ + apiVersion = "eks.aws.upbound.io/v1beta2" + kind = "NodeGroup" + metadata = _metadata("nodeGroupPublic") + spec: _defaults | { + initProvider = { + scalingConfig = { + desiredSize = nodeCount + } + } + forProvider = { + region = region + clusterNameSelector.matchControllerRef = True + nodeRoleArnSelector = { + matchControllerRef = True + matchLabels = { + role = "nodegroup" + } + } + scalingConfig = { + maxSize = 100 + minSize = 1 + } + instanceTypes = [instanceType] + subnetIdSelector.matchLabels = { + "networks.aws.platform.upbound.io/network-id" = id + access = "public" + } + } + } +}] + +principalArn = option("params")?.oxr?.spec?.parameters?.iam?.principalArn or False +if principalArn : + _items += [{ + apiVersion: "eks.aws.upbound.io/v1beta1" + kind: "AccessEntry" + metadata = _metadata("accessEntry") + spec: _defaults | { + forProvider = { + region = region + clusterNameSelector = { + matchControllerRef = True + } + type = "STANDARD" + if principalArn: + principalArn = principalArn + } + } + }] + +if principalArn : + _items += [{ + apiVersion: "eks.aws.upbound.io/v1beta1" + kind: "AccessPolicyAssociation" + metadata = _metadata("accessPolicyAssociation") + spec: _defaults | { + forProvider = { + region = region + accessScope: { + type: "cluster" + } + clusterNameSelector = { + matchControllerRef = True + } + policyArn: "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + principalArnSelector = { + matchControllerRef = True + } + } + } + }] + +addons = [ + { + name: "aws-ebs-csi-driver", + }, + { + name: "vpc-cni" + configurationValues: '{"env": {"AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG":"false"}}' # see https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md for different options + }, + { + name: "eks-pod-identity-agent" + } +] + +_items += [{ + apiVersion = "eks.aws.upbound.io/v1beta1" + kind = "Addon" + metadata = _metadata("{}-addon".format(a.name)) + spec: _defaults | { + forProvider = { + region = region + addonName = a.name + clusterNameSelector.matchControllerRef = True + if "configurationValues" in a : + configurationValues: a.configurationValues + } + } +} for a in addons] + +providerConfigTypes = ["helm", "kubernetes"] +_items += [{ + apiVersion = "{}.crossplane.io/v1alpha1".format(t) + kind = "ProviderConfig" + metadata = { + name = id + annotations = { + **_metadata("providerConfig-{}".format(t)).annotations + "krm.kcl.dev/ready": "True" + } + } + spec.credentials = { + secretRef = { + name = "{}-ekscluster".format(uid) + namespace = connectionSecretNamespace + key = "kubeconfig" + } + source = "Secret" + } +} for t in providerConfigTypes] + +_items += [{ + apiVersion: "meta.krm.kcl.dev/v1alpha1" + kind: "CompositeConnectionDetails" + if "kubernetesClusterAuth" in option("params").ocds: + data: { + kubeconfig = option("params")?.ocds?.kubernetesClusterAuth?.ConnectionDetails.kubeconfig + } + else: + data: {} +}] + +items = _items \ No newline at end of file diff --git a/apis/composition.yaml b/apis/pat/composition.yaml similarity index 63% rename from apis/composition.yaml rename to apis/pat/composition.yaml index 1114dd2..aeb30fd 100644 --- a/apis/composition.yaml +++ b/apis/pat/composition.yaml @@ -1,7 +1,7 @@ apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: - name: xeks.aws.platform.upbound.io + name: pat.xeks.aws.platform.upbound.io labels: provider: aws function: patch-and-transform @@ -44,6 +44,9 @@ spec: role: controlplane spec: forProvider: + forceDetachPolicies: true + managedPolicyArns: + - arn:aws:iam::aws:policy/AmazonEKSClusterPolicy assumeRolePolicy: | { "Version": "2012-10-17", @@ -67,39 +70,25 @@ spec: - patchSetName: deletionPolicy type: PatchSet - - name: clusterRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy - roleSelector: - matchControllerRef: true - matchLabels: - role: controlplane - patches: - - patchSetName: providerConfigRef - type: PatchSet - - patchSetName: deletionPolicy - type: PatchSet - - name: kubernetesCluster base: - apiVersion: eks.aws.upbound.io/v1beta1 + apiVersion: eks.aws.upbound.io/v1beta2 kind: Cluster spec: forProvider: + accessConfig: + authenticationMode: API + bootstrapClusterCreatorAdminPermissions: true roleArnSelector: matchControllerRef: true matchLabels: role: controlplane vpcConfig: - - endpointPrivateAccess: true - endpointPublicAccess: true - subnetIdSelector: - matchLabels: - access: public + endpointPrivateAccess: true + endpointPublicAccess: true + subnetIdSelector: + matchLabels: + access: public patches: - patchSetName: providerConfigRef type: PatchSet @@ -108,26 +97,11 @@ spec: - patchSetName: region type: PatchSet - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.vpcConfig[0].subnetIdSelector.matchLabels[networks.aws.platform.upbound.io/network-id] + toFieldPath: spec.forProvider.vpcConfig.subnetIdSelector.matchLabels[networks.aws.platform.upbound.io/network-id] type: FromCompositeFieldPath - fromFieldPath: spec.parameters.version toFieldPath: spec.forProvider.version type: FromCompositeFieldPath - - fromFieldPath: status.atProvider.identity[0].oidc[0].issuer - policy: - fromFieldPath: Optional - toFieldPath: status.eks.oidc - type: ToCompositeFieldPath - - fromFieldPath: status.atProvider.identity[0].oidc[0].issuer - policy: - fromFieldPath: Optional - toFieldPath: status.eks.oidcUri - transforms: - - string: - trim: https:// - type: TrimPrefix - type: string - type: ToCompositeFieldPath - fromFieldPath: status.atProvider.roleArn policy: fromFieldPath: Optional @@ -140,7 +114,7 @@ spec: type: Regexp type: string type: ToCompositeFieldPath - - fromFieldPath: status.atProvider.vpcConfig[0].clusterSecurityGroupId + - fromFieldPath: status.atProvider.vpcConfig.clusterSecurityGroupId policy: fromFieldPath: Optional toFieldPath: status.eks.clusterSecurityGroupId @@ -205,6 +179,12 @@ spec: role: nodegroup spec: forProvider: + forceDetachPolicies: true + managedPolicyArns: + - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy + - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy + - arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy + - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly assumeRolePolicy: | { "Version": "2012-10-17", @@ -233,77 +213,9 @@ spec: toFieldPath: status.eks.nodeGroupRoleArn type: ToCompositeFieldPath - - name: workerNodeRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy - roleSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - patches: - - patchSetName: providerConfigRef - type: PatchSet - - patchSetName: deletionPolicy - type: PatchSet - - - name: cniRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy - roleSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - patches: - - patchSetName: providerConfigRef - type: PatchSet - - patchSetName: deletionPolicy - type: PatchSet - - - name: ebsCsiRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy - roleSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - patches: - - patchSetName: providerConfigRef - type: PatchSet - - patchSetName: deletionPolicy - type: PatchSet - - - name: containerRegistryRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly - roleSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - patches: - - patchSetName: providerConfigRef - type: PatchSet - - patchSetName: deletionPolicy - type: PatchSet - - name: nodeGroupPublic base: - apiVersion: eks.aws.upbound.io/v1beta1 + apiVersion: eks.aws.upbound.io/v1beta2 kind: NodeGroup spec: forProvider: @@ -316,9 +228,8 @@ spec: matchLabels: role: nodegroup scalingConfig: - - desiredSize: 1 - maxSize: 100 - minSize: 1 + maxSize: 100 + minSize: 1 subnetIdSelector: matchLabels: access: public @@ -330,7 +241,7 @@ spec: - patchSetName: region type: PatchSet - fromFieldPath: spec.parameters.nodes.count - toFieldPath: spec.forProvider.scalingConfig[0].desiredSize + toFieldPath: spec.initProvider.scalingConfig.desiredSize type: FromCompositeFieldPath - fromFieldPath: spec.parameters.nodes.instanceType toFieldPath: spec.forProvider.instanceTypes[0] @@ -344,7 +255,7 @@ spec: toFieldPath: status.eks.clusterName type: ToCompositeFieldPath - - name: ebsCsiAddon + - name: aws-ebs-csi-driver-addon base: apiVersion: eks.aws.upbound.io/v1beta1 kind: Addon @@ -354,6 +265,14 @@ spec: clusterNameSelector: matchControllerRef: true patches: + - fromFieldPath: metadata.name + toFieldPath: metadata.name + transforms: + - string: + fmt: '%s-ebs-csi-addon' + type: Format + type: string + type: FromCompositeFieldPath - patchSetName: providerConfigRef type: PatchSet - patchSetName: deletionPolicy @@ -361,7 +280,32 @@ spec: - patchSetName: region type: PatchSet - - name: cniAddon + - name: eks-pod-identity-agent-addon + base: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: Addon + spec: + forProvider: + addonName: eks-pod-identity-agent + clusterNameSelector: + matchControllerRef: true + patches: + - fromFieldPath: metadata.name + toFieldPath: metadata.name + transforms: + - string: + fmt: '%s-pod-identity-addon' + type: Format + type: string + type: FromCompositeFieldPath + - patchSetName: providerConfigRef + type: PatchSet + - patchSetName: deletionPolicy + type: PatchSet + - patchSetName: region + type: PatchSet + + - name: vpc-cni-addon base: apiVersion: eks.aws.upbound.io/v1beta1 kind: Addon @@ -373,6 +317,14 @@ spec: preserve: false configurationValues: '{"env": {"AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG":"false"}}' # see https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md for different options patches: + - fromFieldPath: metadata.name + toFieldPath: metadata.name + transforms: + - string: + fmt: '%s-cni-addon' + type: Format + type: string + type: FromCompositeFieldPath - patchSetName: providerConfigRef type: PatchSet - patchSetName: deletionPolicy @@ -380,33 +332,48 @@ spec: - patchSetName: region type: PatchSet - - name: oidcProvider + - name: accessEntry base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: OpenIDConnectProvider + apiVersion: eks.aws.upbound.io/v1beta1 + kind: AccessEntry spec: forProvider: - clientIdList: - - sts.amazonaws.com - thumbprintList: - - 9e99a48a9960b14926bb7f3b02e22da2b0ab7280 + clusterNameSelector: + matchControllerRef: true + type: STANDARD patches: + - fromFieldPath: spec.parameters.iam.principalArn + toFieldPath: spec.forProvider.principalArn + type: FromCompositeFieldPath - patchSetName: providerConfigRef type: PatchSet - patchSetName: deletionPolicy type: PatchSet - - fromFieldPath: status.eks.oidc - policy: - fromFieldPath: Required - toFieldPath: spec.forProvider.url - type: FromCompositeFieldPath - - fromFieldPath: status.atProvider.arn - policy: - fromFieldPath: Optional - toFieldPath: status.eks.oidcArn - type: ToCompositeFieldPath + - patchSetName: region + type: PatchSet - - name: providerConfigHelm + - name: accessPolicyAssociation + base: + apiVersion: eks.aws.upbound.io/v1beta1 + kind: AccessPolicyAssociation + spec: + forProvider: + accessScope: + type: cluster + clusterNameSelector: + matchControllerRef: true + policyArn: arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy + principalArnSelector: + matchControllerRef: true + patches: + - patchSetName: providerConfigRef + type: PatchSet + - patchSetName: deletionPolicy + type: PatchSet + - patchSetName: region + type: PatchSet + + - name: providerConfig-helm base: apiVersion: helm.crossplane.io/v1beta1 kind: ProviderConfig @@ -433,7 +400,7 @@ spec: readinessChecks: - type: None - - name: providerConfigKubernetes + - name: providerConfig-kubernetes base: apiVersion: kubernetes.crossplane.io/v1alpha1 kind: ProviderConfig @@ -460,110 +427,21 @@ spec: readinessChecks: - type: None - - name: irsaSettings - base: - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - spec: - deletionPolicy: Orphan - forProvider: - manifest: - apiVersion: v1 - kind: ConfigMap - metadata: - namespace: default - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: spec.providerConfigRef.name - type: FromCompositeFieldPath - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - transforms: - - string: - fmt: '%s-irsa-settings' - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.manifest.metadata.name - transforms: - - string: - fmt: '%s-irsa-settings' - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: status.eks.oidcArn - toFieldPath: spec.forProvider.manifest.data.oidc_arn - type: FromCompositeFieldPath - - fromFieldPath: status.eks.oidcUri - toFieldPath: spec.forProvider.manifest.data.oidc_host - type: FromCompositeFieldPath - - - name: awsAuth - base: - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - spec: - deletionPolicy: Orphan - forProvider: - manifest: - apiVersion: v1 - kind: ConfigMap - metadata: - name: aws-auth - namespace: kube-system - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: spec.providerConfigRef.name - type: FromCompositeFieldPath - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - transforms: - - string: - fmt: '%s-aws-auth' - type: Format - type: string - type: FromCompositeFieldPath - - combine: - strategy: string - string: - fmt: | - - groups: - - system:bootstrappers - - system:nodes - rolearn: %s - username: system:node:{{EC2PrivateDNSName}} - - groups: - - system:bootstrappers - - system:nodes - rolearn: %s - username: system:node:{{EC2PrivateDNSName}} - - groups: - - system:masters - rolearn: %s - username: adminrole - variables: - - fromFieldPath: status.eks.nodeGroupRoleArn - - fromFieldPath: spec.parameters.iam.autoscalerArn - - fromFieldPath: spec.parameters.iam.roleArn - policy: - fromFieldPath: Optional - toFieldPath: spec.forProvider.manifest.data.mapRoles - type: CombineFromComposite - - combine: - strategy: string - string: - fmt: | - - groups: - - system:masters - userarn: %s - username: adminuser - variables: - - fromFieldPath: spec.parameters.iam.userArn - policy: - fromFieldPath: Optional - toFieldPath: spec.forProvider.manifest.data.mapUsers - type: CombineFromComposite + - step: filter-composed-resources + functionRef: + name: crossplane-contrib-function-cel-filter + input: + apiVersion: cel.fn.crossplane.io/v1beta1 + kind: Filters + filters: + - name: accessEntry + expression: | + "iam" in observed.composite.resource.spec.parameters && + "principalArn" in observed.composite.resource.spec.parameters.iam + - name: accessPolicyAssociation + expression: | + "iam" in observed.composite.resource.spec.parameters && + "principalArn" in observed.composite.resource.spec.parameters.iam - step: sequence-creation functionRef: @@ -574,6 +452,12 @@ spec: rules: - sequence: - kubernetesCluster - - cniAddon + - kubernetesClusterAuth + - vpc-cni-addon + - nodeGroupPublic + - sequence: + - nodeGroupPublic + - aws-ebs-csi-driver-addon + - sequence: - nodeGroupPublic - - ebsCsiAddon + - eks-pod-identity-agent-addon diff --git a/apis/xeks.k b/apis/xeks.k deleted file mode 100644 index c170e29..0000000 --- a/apis/xeks.k +++ /dev/null @@ -1,359 +0,0 @@ -xrName = option("params")?.oxr?.metadata.name -providerConfigName = option("params")?.oxr?.spec.parameters.providerConfigName or "default" -deletionPolicy = option("params")?.oxr?.spec.parameters.deletionPolicy or "Delete" -region = option("params")?.oxr?.spec.parameters.region or "" -id = option("params")?.oxr?.spec.parameters.id or "" - -role = { - apiVersion = "iam.aws.upbound.io/v1beta1" - kind = "Role" - metadata.name = xrName + "-iam-role" - metadata.labels = { - "role" = "controlplane" - } - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider.assumeRolePolicy = """{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "eks.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - } - """ -} - -clusterRolePolicyAttachment = { - apiVersion = "iam.aws.upbound.io/v1beta1" - kind = "RolePolicyAttachment" - metadata.name = xrName + "-cluster-role-policy-attachment" - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - policyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" - roleSelector = { - matchControllerRef = True - matchLabels = { - "role" = "controlplane" - } - } - } -} - -kubernetesVersion = option("params")?.oxr?.spec.parameters.version or "" -kubernetesCluster = { - apiVersion = "eks.aws.upbound.io/v1beta1" - kind = "Cluster" - metadata.name = xrName + "-kubernetes-cluster" - metadata.annotations = { - "krm.kcl.dev/composition-resource-name" = "kubernetesCluster" - } - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - region = region - version = kubernetesVersion - roleArnSelector = { - matchControllerRef = True - matchLabels = { - "role" = "controlplane" - } - } - vpcConfig = [ - { - endpointPrivateAccess = True - subnetIdSelector.matchLabels = { - "access" = "public" - "networks.aws.platform.upbound.io/network-id" = id - } - } - ] - } -} - -clusterSecurityGroupId = option("params")?.ocds?[kubernetesCluster.metadata.name]?.Resource?.status?.atProvider?.vpcConfig?[0]?.clusterSecurityGroupId or False -if clusterSecurityGroupId: - clusterSecurityGroupImport = { - apiVersion = "ec2.aws.upbound.io/v1beta1" - kind = "SecurityGroup" - metadata.name = clusterSecurityGroupId - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - region = region - tags = { - "eks.aws.platform.upbound.io/discovery" = id - } - } - } - -uid = option("params")?.oxr?.metadata.uid or "" -connectionSecretNamespace = option("params")?.oxr?.spec.writeConnectionSecretToRef.namespace or "upbound-system" -kubernetesClusterAuth = { - apiVersion = "eks.aws.upbound.io/v1beta1" - kind = "ClusterAuth" - metadata.name = xrName + "-cluster-auth" - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - region = region - clusterNameSelector.matchControllerRef = True - } - spec.writeConnectionSecretToRef = { - name = "{}-ekscluster".format(uid) - namespace = connectionSecretNamespace - } -} - -nodegroupRole = { - apiVersion = "iam.aws.upbound.io/v1beta1" - kind = "Role" - metadata.name = xrName + "-nodegroup-role" - metadata.labels = { - "role" = "nodegroup" - } - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider.assumeRolePolicy = """{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "ec2.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - } - """ -} - -nodeGroupRolePolicies = [ - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", - "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", -] - -nodeGroupRolePolicyAttachments = [{ - apiVersion = "iam.aws.upbound.io/v1beta1" - kind = "RolePolicyAttachment" - metadata.name = xrName + "-nodegroup-rpa-{}".format(i) - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - policyArn = p - roleSelector = { - matchControllerRef = True - matchLabels = { - "role" = "nodegroup" - } - } - } -} for i, p in nodeGroupRolePolicies] - - -nodeCount = option("params")?.oxr?.spec.parameters.nodes.count or "" -instanceType = option("params")?.oxr?.spec.parameters.nodes.instanceType or "" -nodeGroupPublic = { - apiVersion = "eks.aws.upbound.io/v1beta1" - kind = "NodeGroup" - metadata.name = xrName + "-nodegroup-public" - metadata.annotations = { - "krm.kcl.dev/composition-resource-name" = "nodeGroupPublic" - } - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - region = region - clusterNameSelector.matchControllerRef = True - nodeRoleArnSelector = { - matchControllerRef = True - matchLabels = { - "role" = "nodegroup" - } - } - scalingConfig = [{ - desiredSize = nodeCount - maxSize = 100 - minSize = 1 - }] - instanceTypes = [instanceType] - subnetIdSelector.matchLabels = { - "networks.aws.platform.upbound.io/network-id" = id - "access" = "public" - } - } -} - -cniAddon = { - apiVersion = "eks.aws.upbound.io/v1beta1" - kind = "Addon" - metadata.name = xrName + "-cni-addon" - metadata.annotations = { - "krm.kcl.dev/composition-resource-name" = "cniAddon" - } - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - region = region - addonName = "vpc-cni" - clusterNameSelector.matchControllerRef = True - configurationValues = '{"env": {"AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG":"false"}}' # see https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md for different options - } -} - -ebsCsiAddon = { - apiVersion = "eks.aws.upbound.io/v1beta1" - kind = "Addon" - metadata.name = xrName + "-ebs-csi-addon" - metadata.annotations = { - "krm.kcl.dev/composition-resource-name" = "ebsCsiAddon" - } - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - region = region - addonName = "aws-ebs-csi-driver" - clusterNameSelector.matchControllerRef = True - } -} - -eksOidcIssuer = option("params")?.ocds?[kubernetesCluster.metadata.name]?.Resource?.status?.atProvider?.identity?[0]?.oidc?[0]?.issuer or "" -if len(eksOidcIssuer) > 0: - oidcProvider = { - apiVersion = "iam.aws.upbound.io/v1beta1" - kind = "OpenIDConnectProvider" - metadata.name = xrName + "-oidc-provider" - spec.providerConfigRef.name = providerConfigName - spec.deletionPolicy = deletionPolicy - spec.forProvider = { - clientIdList = ["sts.amazonaws.com"] - thumbprintList = ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280"] - url = eksOidcIssuer - } - } - -providerConfigTypes = ["helm", "kubernetes"] -providerConfigs = [{ - apiVersion = "{}.crossplane.io/v1alpha1".format(t) - kind = "ProviderConfig" - metadata.name = id - metadata.annotations = { - "krm.kcl.dev/ready": "True" - "krm.kcl.dev/composition-resource-name" = "providerConfig-" + t - } - spec.credentials = { - secretRef = { - name = "{}-ekscluster".format(uid) - namespace = connectionSecretNamespace - key = "kubeconfig" - } - source = "Secret" - } -} for t in providerConfigTypes] - -oidcArn = option("params")?.ocds?[kubernetesCluster.metadata.name]?.Resource?.status?.atProvider?.arn or "" -oidcHost = eksOidcIssuer.strip("https://") or "" -irsaSettings = { - apiVersion = "kubernetes.crossplane.io/v1alpha2" - kind = "Object" - metadata.name = id + "-irsa-settings" - spec.providerConfigRef.name = id - spec.deletionPolicy = "Orphan" - spec.forProvider = { - manifest: { - apiVersion = "v1" - kind = "ConfigMap" - metadata.namespace = "default" - metadata.name = "{}-irsa-settings".format(id) - data = { - oidc_arn = oidcArn - oidc_host = oidcHost - } - } - } -} - -nodeGroupRoleArn = option("params")?.ocds?[nodegroupRole.metadata.name]?.Resource?.status?.atProvider?.arn or "" -autoscalerArn = option("params")?.oxr?.spec.parameters.iam.autoscalerArn or "" -adminRoleArn = option("params")?.oxr?.spec.parameters.iam.roleArn or "" -adminUser = option("params")?.oxr?.spec.parameters.iam.userArn or "" -awsAuth = { - apiVersion = "kubernetes.crossplane.io/v1alpha2" - kind = "Object" - metadata.name = id + "-aws-auth" - spec.providerConfigRef.name = id - spec.deletionPolicy = "Orphan" - spec.forProvider = { - manifest: { - apiVersion = "v1" - kind = "ConfigMap" - metadata.namespace = "kube-system" - metadata.name = "aws-auth" - data = { - mapRoles = """\ -- groups: - - system:bootstrappers - - system:nodes - rolearn: ${nodeGroupRoleArn} - username: system:node:{{EC2PrivateDNSName}} -- groups: - - system:bootstrappers - - system:nodes - rolearn: ${autoscalerArn} - username: system:node:{{EC2PrivateDNSName}} -- groups: - - system:masters - rolearn: ${adminRoleArn} - username: adminrole""" - mapUsers = """\ -- groups: - - system:masters - userarn: ${adminUser} - username: adminuser""" - } - } - } -} - -connectionDetails = { - apiVersion: "meta.krm.kcl.dev/v1alpha1" - kind: "CompositeConnectionDetails" - if kubernetesClusterAuth.metadata.name in option("params").ocds: - data: { - kubeconfig = option("params")?.ocds[kubernetesClusterAuth.metadata.name].ConnectionDetails.kubeconfig - } - else: - data: {} -} - -items = [ - role - clusterRolePolicyAttachment - kubernetesCluster - clusterSecurityGroupImport - kubernetesClusterAuth - nodegroupRole - nodeGroupPublic - oidcProvider - irsaSettings - awsAuth - connectionDetails - cniAddon - ebsCsiAddon -] + nodeGroupRolePolicyAttachments + providerConfigs diff --git a/crossplane.yaml b/crossplane.yaml index 112ab89..eacf507 100644 --- a/crossplane.yaml +++ b/crossplane.yaml @@ -13,35 +13,38 @@ metadata: spec: crossplane: - version: ">=v1.14.1-0" + version: ">=v1.15.1-0" dependsOn: - configuration: xpkg.upbound.io/upbound/configuration-aws-network # renovate: datasource=github-releases depName=upbound/configuration-aws-network - version: "v0.12.0" + version: "v0.17.0" - provider: xpkg.upbound.io/crossplane-contrib/provider-helm # renovate: datasource=github-releases depName=crossplane-contrib/provider-helm - version: "v0.17.0" + version: "v0.19.0" - provider: xpkg.upbound.io/crossplane-contrib/provider-kubernetes # renovate: datasource=github-releases depName=crossplane-contrib/provider-kubernetes - version: "v0.12.1" + version: "v0.14.1" - provider: xpkg.upbound.io/upbound/provider-aws-ec2 # renovate: datasource=github-releases depName=upbound/provider-aws - version: "v1.2.0" + version: "v1.11.0" - provider: xpkg.upbound.io/upbound/provider-aws-eks # renovate: datasource=github-releases depName=upbound/provider-aws - version: "v1.2.0" + version: "v1.11.0" - provider: xpkg.upbound.io/upbound/provider-aws-iam # renovate: datasource=github-releases depName=upbound/provider-aws - version: "v1.2.0" + version: "v1.11.0" - function: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform # renovate: datasource=github-releases depName=crossplane-contrib/function-patch-and-transform - version: "v0.4.0" + version: "v0.7.0" - function: xpkg.upbound.io/crossplane-contrib/function-kcl # renovate: datasource=github-releases depName=crossplane-contrib/function-kcl - version: "v0.6.0" + version: "v0.9.4" - function: xpkg.upbound.io/crossplane-contrib/function-auto-ready # renovate: datasource=github-releases depName=crossplane-contrib/function-auto-ready version: "v0.2.1" - function: xpkg.upbound.io/crossplane-contrib/function-sequencer # renovate: datasource=github-releases depName=crossplane-contrib/function-sequencer version: "v0.1.2" + - function: xpkg.upbound.io/crossplane-contrib/function-cel-filter + # renovate: datasource=github-releases depName=crossplane-contrib/function-cel-filter + version: "v0.1.1" diff --git a/examples/configuration.yaml b/examples/configuration.yaml index a9e32c4..d2d3873 100644 --- a/examples/configuration.yaml +++ b/examples/configuration.yaml @@ -3,4 +3,4 @@ kind: Configuration metadata: name: cofiguration-aws-eks spec: - package: xpkg.upbound.io/upbound/configuration-aws-eks:v0.1.0 + package: xpkg.upbound.io/upbound/configuration-aws-eks:v0.12.0 diff --git a/examples/functions.yaml b/examples/functions.yaml index 2e87d3d..4811c6d 100644 --- a/examples/functions.yaml +++ b/examples/functions.yaml @@ -3,14 +3,14 @@ kind: Function metadata: name: crossplane-contrib-function-patch-and-transform spec: - package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.4.0 + package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.7.0 --- apiVersion: pkg.crossplane.io/v1beta1 kind: Function metadata: name: crossplane-contrib-function-kcl spec: - package: xpkg.upbound.io/crossplane-contrib/function-kcl:v0.5.1 + package: xpkg.upbound.io/crossplane-contrib/function-kcl:v0.9.4 --- apiVersion: pkg.crossplane.io/v1beta1 kind: Function @@ -25,4 +25,10 @@ metadata: name: crossplane-contrib-function-sequencer spec: package: xpkg.upbound.io/crossplane-contrib/function-sequencer:v0.1.2 - +--- +apiVersion: pkg.crossplane.io/v1beta1 +kind: Function +metadata: + name: crossplane-contrib-function-cel-filter +spec: + package: xpkg.upbound.io/crossplane-contrib/function-cel-filter:v0.1.1 diff --git a/examples/eks-xr-kcl.yaml b/examples/kcl/eks-xr.yaml similarity index 67% rename from examples/eks-xr-kcl.yaml rename to examples/kcl/eks-xr.yaml index 5d7af29..f7ec106 100644 --- a/examples/eks-xr-kcl.yaml +++ b/examples/kcl/eks-xr.yaml @@ -2,6 +2,9 @@ apiVersion: aws.platform.upbound.io/v1alpha1 kind: XEKS metadata: name: configuration-aws-eks-kcl + annotations: + render.crossplane.io/composition-path: apis/kcl/composition.yaml + render.crossplane.io/function-path: examples/functions.yaml spec: compositionSelector: matchLabels: @@ -10,10 +13,6 @@ spec: id: configuration-aws-eks-kcl region: us-west-2 version: "1.27" - iam: - # replace with your custom arn like: - # roleArn: arn:aws:iam::123456789:role/AWSReservedSSO_AdministratorAccess_d703c73ed340fde7 - roleArn: ${data.aws_eks_iam_default_admin} nodes: count: 1 instanceType: t3.small diff --git a/examples/network-xr-kcl.yaml b/examples/kcl/network-xr.yaml similarity index 100% rename from examples/network-xr-kcl.yaml rename to examples/kcl/network-xr.yaml diff --git a/examples/eks-xr.yaml b/examples/pat/eks-xr.yaml similarity index 63% rename from examples/eks-xr.yaml rename to examples/pat/eks-xr.yaml index 23b6cd3..4ca9126 100644 --- a/examples/eks-xr.yaml +++ b/examples/pat/eks-xr.yaml @@ -2,15 +2,14 @@ apiVersion: aws.platform.upbound.io/v1alpha1 kind: XEKS metadata: name: configuration-aws-eks + annotations: + render.crossplane.io/composition-path: apis/pat/composition.yaml + render.crossplane.io/function-path: examples/functions.yaml spec: parameters: id: configuration-aws-eks region: us-west-2 version: "1.27" - iam: - # replace with your custom arn like: - # roleArn: arn:aws:iam::123456789:role/AWSReservedSSO_AdministratorAccess_d703c73ed340fde7 - roleArn: ${data.aws_eks_iam_default_admin} nodes: count: 3 instanceType: t3.small diff --git a/examples/network-xr.yaml b/examples/pat/network-xr.yaml similarity index 100% rename from examples/network-xr.yaml rename to examples/pat/network-xr.yaml diff --git a/generate-composition.k b/generate-composition.k deleted file mode 100644 index c29d48c..0000000 --- a/generate-composition.k +++ /dev/null @@ -1,14 +0,0 @@ -import file -import yaml - -composition = yaml.decode(file.read("apis/composition-kcl.yaml")) - -_kcl_step = composition.spec.pipeline[0] - -kcl_file = _kcl_step.input.spec.source - -_kcl_step.input.spec.source = file.read(kcl_file) - -composition_yaml = yaml.encode(composition) - -file.write("apis/composition-kcl-generated.yaml", composition_yaml)