diff --git a/apis/app/composition.yaml b/apis/app/composition.yaml index 84abdd5..622a6b3 100644 --- a/apis/app/composition.yaml +++ b/apis/app/composition.yaml @@ -77,7 +77,7 @@ spec: kind: Usage spec: of: - apiVersion: aws.platformref.upbound.io/v1alpha1 + apiVersion: aws.platform.upbound.io/v1alpha1 kind: XEKS by: apiVersion: helm.crossplane.io/v1beta1 @@ -86,4 +86,4 @@ spec: matchControllerRef: true patches: - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.of.resourceSelector.matchLabels[xeks.aws.platformref.upbound.io/cluster-id] + toFieldPath: spec.of.resourceSelector.matchLabels[xeks.aws.platform.upbound.io/cluster-id] diff --git a/apis/cluster/composition.yaml b/apis/cluster/composition.yaml index b94d466..5b5eb00 100644 --- a/apis/cluster/composition.yaml +++ b/apis/cluster/composition.yaml @@ -29,14 +29,14 @@ spec: fromFieldPath: Required name: compositeNetworkEKS - base: - apiVersion: aws.platformref.upbound.io/v1alpha1 + apiVersion: aws.platform.upbound.io/v1alpha1 kind: XEKS connectionDetails: - fromConnectionSecretKey: kubeconfig name: compositeClusterEKS patches: - fromFieldPath: spec.parameters.id - toFieldPath: metadata.labels[xeks.aws.platformref.upbound.io/cluster-id] + toFieldPath: metadata.labels[xeks.aws.platform.upbound.io/cluster-id] - fromFieldPath: spec.parameters.id toFieldPath: spec.parameters.id - fromFieldPath: spec.parameters.region @@ -65,10 +65,6 @@ spec: toFieldPath: spec.parameters.iam.roleArn - fromFieldPath: spec.parameters.iam.userArn toFieldPath: spec.parameters.iam.userArn - - fromFieldPath: status.subnetIds - toFieldPath: spec.parameters.subnetIds - policy: - fromFieldPath: Required - base: apiVersion: aws.platformref.upbound.io/v1alpha1 kind: XServices @@ -99,7 +95,7 @@ spec: kind: Usage spec: of: - apiVersion: aws.platformref.upbound.io/v1alpha1 + apiVersion: aws.platform.upbound.io/v1alpha1 kind: XEKS resourceSelector: matchControllerRef: true diff --git a/apis/cluster/eks/composition.yaml b/apis/cluster/eks/composition.yaml deleted file mode 100644 index 28f1376..0000000 --- a/apis/cluster/eks/composition.yaml +++ /dev/null @@ -1,459 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: xeks.aws.platformref.upbound.io - labels: - provider: aws -spec: - writeConnectionSecretsToNamespace: upbound-system - compositeTypeRef: - apiVersion: aws.platformref.upbound.io/v1alpha1 - kind: XEKS - patchSets: - - name: providerConfigRef - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - name: deletionPolicy - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.deletionPolicy - - name: region - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.forProvider.region - resources: - - name: controlplaneRole - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: Role - metadata: - labels: - role: controlplane - spec: - forProvider: - assumeRolePolicy: | - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "eks.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - } - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - name: clusterRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy - roleSelector: - matchControllerRef: true - matchLabels: - role: controlplane - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - name: kubernetesCluster - base: - apiVersion: eks.aws.upbound.io/v1beta1 - kind: Cluster - spec: - forProvider: - roleArnSelector: - matchControllerRef: true - matchLabels: - role: controlplane - vpcConfig: - - endpointPrivateAccess: true - endpointPublicAccess: true - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - type: PatchSet - patchSetName: region - - fromFieldPath: spec.parameters.subnetIds - toFieldPath: spec.forProvider.vpcConfig[0].subnetIds - - fromFieldPath: spec.parameters.version - toFieldPath: spec.forProvider.version - - type: ToCompositeFieldPath - fromFieldPath: status.atProvider.identity[0].oidc[0].issuer - toFieldPath: status.eks.oidc - policy: - fromFieldPath: Optional - - type: ToCompositeFieldPath - fromFieldPath: status.atProvider.identity[0].oidc[0].issuer - toFieldPath: status.eks.oidcUri - transforms: - - type: string - string: - type: TrimPrefix - trim: 'https://' - policy: - fromFieldPath: Optional - - type: ToCompositeFieldPath - fromFieldPath: status.atProvider.roleArn - toFieldPath: status.eks.accountId - transforms: - - type: string - string: - type: Regexp - regexp: - match: 'arn:aws:iam::(\d+):.*' - group: 1 - policy: - fromFieldPath: Optional - - name: kubernetesClusterAuth - base: - apiVersion: eks.aws.upbound.io/v1beta1 - kind: ClusterAuth - spec: - forProvider: - clusterNameSelector: - matchControllerRef: true - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - type: PatchSet - patchSetName: region - - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.writeConnectionSecretToRef.namespace - - fromFieldPath: metadata.uid - toFieldPath: spec.writeConnectionSecretToRef.name - transforms: - - type: string - string: - fmt: "%s-ekscluster" - connectionDetails: - - fromConnectionSecretKey: kubeconfig - - name: nodegroupRole - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: Role - metadata: - labels: - role: nodegroup - spec: - forProvider: - assumeRolePolicy: | - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "ec2.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - } - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - type: ToCompositeFieldPath - fromFieldPath: status.atProvider.arn - toFieldPath: status.eks.nodeGroupRoleArn - policy: - fromFieldPath: Optional - - name: workerNodeRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy - roleSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - name: cniRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy - roleSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - name: ebsCsiRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy - roleSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - name: containerRegistryRolePolicyAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - spec: - forProvider: - policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly - roleSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - name: nodeGroupPublic - base: - apiVersion: eks.aws.upbound.io/v1beta1 - kind: NodeGroup - spec: - forProvider: - clusterNameSelector: - matchControllerRef: true - nodeRoleArnSelector: - matchControllerRef: true - matchLabels: - role: nodegroup - subnetIdSelector: - matchLabels: - access: public - scalingConfig: - - minSize: 1 - maxSize: 100 - desiredSize: 1 - instanceTypes: - - t3.medium - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - type: PatchSet - patchSetName: region - - fromFieldPath: spec.parameters.nodes.count - toFieldPath: spec.forProvider.scalingConfig[0].desiredSize - - fromFieldPath: spec.parameters.nodes.instanceType - toFieldPath: spec.forProvider.instanceTypes[0] - - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[networks.aws.platform.upbound.io/network-id] - - name: ebsCsiAddon - base: - apiVersion: eks.aws.upbound.io/v1beta1 - kind: Addon - metadata: - annotations: - crossplane.io/external-name: aws-ebs-csi-driver - spec: - forProvider: - addonName: aws-ebs-csi-driver - clusterNameSelector: - matchControllerRef: true - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - type: PatchSet - patchSetName: region - - name: oidcProvider - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: OpenIDConnectProvider - spec: - forProvider: - clientIdList: - - sts.amazonaws.com - thumbprintList: - - "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - fromFieldPath: status.eks.oidc - toFieldPath: spec.forProvider.url - policy: - fromFieldPath: Required - - type: ToCompositeFieldPath - fromFieldPath: status.atProvider.arn - toFieldPath: status.eks.oidcArn - policy: - fromFieldPath: Optional - - name: providerConfigHelm - base: - apiVersion: helm.crossplane.io/v1beta1 - kind: ProviderConfig - spec: - credentials: - source: Secret - secretRef: - key: kubeconfig - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.credentials.secretRef.namespace - - fromFieldPath: metadata.uid - toFieldPath: spec.credentials.secretRef.name - transforms: - - type: string - string: - fmt: "%s-ekscluster" - readinessChecks: - - type: None - - name: providerConfigKubernetes - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: ProviderConfig - spec: - credentials: - source: Secret - secretRef: - key: kubeconfig - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.credentials.secretRef.namespace - - fromFieldPath: metadata.uid - toFieldPath: spec.credentials.secretRef.name - transforms: - - type: string - string: - fmt: "%s-ekscluster" - readinessChecks: - - type: None - - name: irsaSettings - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: Object - spec: - deletionPolicy: Orphan - forProvider: - manifest: - apiVersion: v1 - kind: ConfigMap - metadata: - namespace: default - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: spec.providerConfigRef.name - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - transforms: - - type: string - string: - fmt: "%s-irsa-settings" - - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.manifest.metadata.name - transforms: - - type: string - string: - fmt: "%s-irsa-settings" - - fromFieldPath: status.eks.oidcArn - toFieldPath: spec.forProvider.manifest.data.oidc_arn - - fromFieldPath: status.eks.oidcUri - toFieldPath: spec.forProvider.manifest.data.oidc_host - - name: awsAuth - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: Object - spec: - deletionPolicy: Orphan - forProvider: - manifest: - apiVersion: v1 - kind: ConfigMap - metadata: - namespace: kube-system - name: aws-auth - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: spec.providerConfigRef.name - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - transforms: - - type: string - string: - fmt: "%s-aws-auth" - - type: CombineFromComposite - combine: - variables: - - fromFieldPath: status.eks.nodeGroupRoleArn - - fromFieldPath: spec.parameters.iam.roleArn - strategy: string - string: - fmt: | - - groups: - - system:bootstrappers - - system:nodes - rolearn: %s - username: system:node:{{EC2PrivateDNSName}} - - groups: - - system:masters - rolearn: %s - username: adminrole - toFieldPath: spec.forProvider.manifest.data.mapRoles - policy: - fromFieldPath: Optional - - type: CombineFromComposite - combine: - variables: - - fromFieldPath: spec.parameters.iam.userArn - strategy: string - string: - fmt: | - - groups: - - system:masters - userarn: %s - username: adminuser - toFieldPath: spec.forProvider.manifest.data.mapUsers - policy: - fromFieldPath: Optional diff --git a/apis/cluster/eks/definition.yaml b/apis/cluster/eks/definition.yaml deleted file mode 100644 index 8e4a072..0000000 --- a/apis/cluster/eks/definition.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: CompositeResourceDefinition -metadata: - name: xeks.aws.platformref.upbound.io -spec: - connectionSecretKeys: - - kubeconfig - group: aws.platformref.upbound.io - names: - kind: XEKS - plural: xeks - versions: - - name: v1alpha1 - served: true - referenceable: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - parameters: - type: object - description: EKS configuration parameters. - properties: - id: - type: string - description: ID of this Cluster that other objects will use to refer to it. - region: - type: string - description: Region is the region you'd like your resource to be created in. - iam: - type: object - description: IAM configuration to connect as ClusterAdmin. - properties: - roleArn: - description: The IAM Role ARN to connect as ClusterAdmin. - type: string - default: roleArn - userArn: - description: The IAM User ARN to connect as ClusterAdmin. - type: string - default: userArn - deletionPolicy: - description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete - enum: - - Delete - - Orphan - type: string - default: Delete - providerConfigName: - description: Crossplane ProviderConfig to use for provisioning this resources - type: string - default: default - version: - description: Kubernetes version - type: string - enum: - - "1.28" - - "1.27" - - "1.26" - - "1.25" - default: "1.27" - subnetIds: - type: array - items: - type: string - nodes: - type: object - description: EKS node configuration parameters. - properties: - count: - type: integer - description: Desired node count, from 1 to 100. - instanceType: - type: string - description: instance types associated with the Node Group. - default: t3.small - required: - - count - - instanceType - required: - - id - - region - - deletionPolicy - - providerConfigName - - nodes - - subnetIds - required: - - parameters - status: - description: A Status represents the observed state - properties: - eks: - description: Freeform field containing status information for eks - type: object - x-kubernetes-preserve-unknown-fields: true - type: object diff --git a/crossplane.yaml b/crossplane.yaml index cb42f7b..c8de03d 100644 --- a/crossplane.yaml +++ b/crossplane.yaml @@ -41,6 +41,8 @@ spec: - provider: xpkg.upbound.io/upbound/provider-aws-iam version: ">=v0.36.0" - configuration: xpkg.upbound.io/upbound/configuration-aws-network - version: ">=v0.1.0" + version: ">=v0.2.0" - configuration: xpkg.upbound.io/upbound/configuration-aws-database version: ">=v0.1.0" + - configuration: xpkg.upbound.io/upbound/configuration-aws-eks + version: ">=v0.1.0"