diff --git a/.gitignore b/.gitignore index d529be4..7ab44f1 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,6 @@ init *.xpkg kubeconfig -examples/datasource.yaml \ No newline at end of file +examples/datasource.yaml +/apis/composition.yaml +/apis/.kclvm diff --git a/Makefile b/Makefile index 7eb1204..04af491 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ UPTEST_VERSION = v0.11.1 # certain conventions such as the default examples root or package directory. XPKG_DIR = $(shell pwd) XPKG_EXAMPLES_DIR = .up/examples -XPKG_IGNORE = .github/workflows/*.yml,.github/workflows/*.yaml,init/*.yaml,examples/*.yaml,.work/uptest-datasource.yaml,examples/**/*.yaml,gitops/*.yaml +XPKG_IGNORE = .github/workflows/*.yml,.github/workflows/*.yaml,init/*.yaml,examples/*.yaml,.work/uptest-datasource.yaml,examples/**/*.yaml,gitops/*.yaml,apis/template.yaml XPKG_REG_ORGS ?= xpkg.upbound.io/upbound # NOTE(hasheddan): skip promoting on xpkg.upbound.io as channel tags are diff --git a/apis/cluster/composition.yaml b/apis/cluster/composition.yaml deleted file mode 100644 index dc03e00..0000000 --- a/apis/cluster/composition.yaml +++ /dev/null @@ -1,238 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: xclusters.spaces.platformref.upbound.io -spec: - writeConnectionSecretsToNamespace: upbound-system - compositeTypeRef: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XCluster - mode: Pipeline - pipeline: - - step: patch-and-transform - functionRef: - name: upboundcare-function-conditional-patch-and-transform - input: - apiVersion: pt.fn.crossplane.io/v1beta1 - kind: Resources - resources: - - name: XNetworkAWS - condition: observed.composite.resource.spec.parameters.cloud == "aws" - base: - apiVersion: aws.platform.upbound.io/v1alpha1 - kind: XNetwork - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.networkSelector - toFieldPath: spec.compositionSelector.matchLabels[type] - - type: ToCompositeFieldPath - fromFieldPath: status.subnetIds - policy: - fromFieldPath: Required - toFieldPath: status.subnetIds - - - name: XEKS - condition: observed.composite.resource.spec.parameters.cloud == "aws" - base: - apiVersion: aws.platform.upbound.io/v1alpha1 - kind: XEKS - connectionDetails: - - type: FromConnectionSecretKey - fromConnectionSecretKey: kubeconfig - name: kubeconfig - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: metadata.labels[xeks.aws.platform.upbound.io/cluster-id] - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - - type: FromCompositeFieldPath - fromFieldPath: metadata.uid - toFieldPath: spec.writeConnectionSecretToRef.name - transforms: - - type: string - string: - fmt: '%s-eks' - type: Format - - type: FromCompositeFieldPath - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.writeConnectionSecretToRef.namespace - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.version - toFieldPath: spec.parameters.version - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.nodes.count - toFieldPath: spec.parameters.nodes.count - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.nodes.instanceType - toFieldPath: spec.parameters.nodes.instanceType - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.iam.roleArn - toFieldPath: spec.parameters.iam.roleArn - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.iam.userArn - toFieldPath: spec.parameters.iam.userArn - - - name: XNetworkAZURE - condition: observed.composite.resource.spec.parameters.cloud == "azure" - base: - apiVersion: azure.platform.upbound.io/v1alpha1 - kind: XNetwork - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.networkSelector - toFieldPath: spec.compositionSelector.matchLabels[type] - - - name: XAKS - condition: observed.composite.resource.spec.parameters.cloud == "azure" - base: - apiVersion: azure.platform.upbound.io/v1alpha1 - kind: XAKS - connectionDetails: - - type: FromConnectionSecretKey - fromConnectionSecretKey: kubeconfig - name: kubeconfig - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: metadata.labels[xaks.azure.platform.upbound.io/cluster-id] - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: metadata.uid - toFieldPath: spec.writeConnectionSecretToRef.name - transforms: - - type: string - string: - fmt: '%s-aks' - type: Format - - type: FromCompositeFieldPath - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.writeConnectionSecretToRef.namespace - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.version - toFieldPath: spec.parameters.version - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.nodes.count - toFieldPath: spec.parameters.nodes.count - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.nodes.instanceType - toFieldPath: spec.parameters.nodes.instanceType - - - name: XNetworkGCP - condition: observed.composite.resource.spec.parameters.cloud == "gcp" - base: - apiVersion: gcp.platform.upbound.io/v1alpha1 - kind: XNetwork - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.networkSelector - toFieldPath: spec.compositionSelector.matchLabels[type] - - - name: XGKE - condition: observed.composite.resource.spec.parameters.cloud == "gcp" - base: - apiVersion: gcp.platform.upbound.io/v1alpha1 - kind: XGKE - connectionDetails: - - type: FromConnectionSecretKey - fromConnectionSecretKey: kubeconfig - name: kubeconfig - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: metadata.labels[xgke.gcp.platform.upbound.io/cluster-id] - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - - type: FromCompositeFieldPath - fromFieldPath: metadata.uid - toFieldPath: spec.writeConnectionSecretToRef.name - transforms: - - type: string - string: - fmt: '%s-gke' - type: Format - - type: FromCompositeFieldPath - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.writeConnectionSecretToRef.namespace - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.version - toFieldPath: spec.parameters.version - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.nodes.count - toFieldPath: spec.parameters.nodes.count - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.nodes.instanceType - toFieldPath: spec.parameters.nodes.instanceType diff --git a/apis/cluster/definition.yaml b/apis/cluster/definition.yaml deleted file mode 100644 index 080d9f2..0000000 --- a/apis/cluster/definition.yaml +++ /dev/null @@ -1,109 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: CompositeResourceDefinition -metadata: - name: xclusters.spaces.platformref.upbound.io -spec: - defaultCompositeDeletePolicy: Foreground - group: spaces.platformref.upbound.io - names: - kind: XCluster - plural: xclusters - claimNames: - kind: Cluster - plural: clusters - connectionSecretKeys: - - kubeconfig - versions: - - name: v1alpha1 - additionalPrinterColumns: - - jsonPath: .spec.parameters.cloud - name: CLOUD - type: string - - jsonPath: .spec.compositionRevisionRef.name - name: COMPOSITION REVISION - type: string - served: true - referenceable: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - parameters: - type: object - description: Cluster configuration parameters. - properties: - cloud: - description: Cloud is the cloud provider you'd like your cluster resources to be created in. - type: string - enum: - - aws - - gcp - - azure - id: - type: string - description: ID of this Cluster that other objects will use to refer to it. - region: - type: string - description: Region is the region you'd like your resource to be created in. - iam: - type: object - description: IAM configuration to connect as ClusterAdmin. - properties: - roleArn: - description: The IAM Role ARN to connect as ClusterAdmin. - type: string - userArn: - description: The IAM User ARN to connect as ClusterAdmin. - type: string - networkSelector: - type: string - description: NetworkSelector employs a specific type of network architecture. - enum: - - basic - default: basic - deletionPolicy: - description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete - enum: - - Delete - - Orphan - type: string - default: Delete - providerConfigName: - description: Crossplane ProviderConfig to use for provisioning this resources - type: string - default: default - version: - type: string - description: Kubernetes version of the Cluster - nodes: - type: object - description: Cluster node configuration parameters. - properties: - count: - type: integer - description: Desired node count, from 1 to 100. - instanceType: - type: string - description: instance types associated with the Node Group. - required: - - count - - instanceType - required: - - deletionPolicy - - id - - cloud - - nodes - - providerConfigName - - region - required: - - parameters - status: - type: object - properties: - subnetIds: - type: array - items: - type: string diff --git a/apis/composition.yaml b/apis/composition.yaml deleted file mode 100644 index 7c95700..0000000 --- a/apis/composition.yaml +++ /dev/null @@ -1,179 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: xspaces.spaces.platformref.upbound.io -spec: - writeConnectionSecretsToNamespace: upbound-system - compositeTypeRef: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XSpace - mode: Pipeline - pipeline: - - step: patch-and-transform - functionRef: - name: upboundcare-function-conditional-patch-and-transform - input: - apiVersion: pt.fn.crossplane.io/v1beta1 - kind: Resources - resources: - - name: managed-kubernetes-cluster - base: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XCluster - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.cloud - toFieldPath: spec.parameters.cloud - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.version - toFieldPath: spec.parameters.version - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.iam - toFieldPath: spec.parameters.iam - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.nodes - toFieldPath: spec.parameters.nodes - - - name: spaces-init - base: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XInit - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.certmanager - toFieldPath: spec.parameters.operators.certmanager - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.ingressnginx - toFieldPath: spec.parameters.operators.ingressnginx - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.externaldns - toFieldPath: spec.parameters.operators.externaldns - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.crossplane - toFieldPath: spec.parameters.operators.crossplane - - - name: spaces-core - base: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XCore - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.spaces - toFieldPath: spec.parameters.spaces - - - name: usageXInitByXCore - base: - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - spec: - by: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XCore - resourceSelector: - matchControllerRef: true - of: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XInit - resourceSelector: - matchControllerRef: true - readinessChecks: - - type: None - - - name: usageXClusterByXInit - base: - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - spec: - by: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XInit - resourceSelector: - matchControllerRef: true - of: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XCluster - resourceSelector: - matchControllerRef: true - readinessChecks: - - type: None - - - name: argocd - condition: | - "argocd" in observed.composite.resource.spec.parameters.operators && - observed.composite.resource.spec.parameters.operators.argocd.enabled == true - base: - apiVersion: gitops.platform.upbound.io/v1alpha1 - kind: XArgo - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.argocd.ingressUrl - toFieldPath: spec.parameters.ingressUrl - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.argocd.git - toFieldPath: spec.parameters.source.git - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.argocd.resourceExclusions - toFieldPath: spec.parameters.resourceExclusions - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.argocd.resourceInclusions - toFieldPath: spec.parameters.resourceInclusions - - - name: usageXClusterByXArgo - condition: | - "argocd" in observed.composite.resource.spec.parameters.operators && - observed.composite.resource.spec.parameters.operators.argocd.enabled == true - base: - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - spec: - by: - apiVersion: gitops.platform.upbound.io/v1alpha1 - kind: XArgo - resourceSelector: - matchControllerRef: true - of: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XCluster - resourceSelector: - matchControllerRef: true - - - step: ordered-creation - functionRef: - name: crossplane-contrib-function-sequencer - input: - apiVersion: template.fn.crossplane.io/v1beta1 - kind: Input - rules: - - sequence: - - managed-kubernetes-cluster - - spaces-init - - sequence: - - spaces-init - - spaces-core - - sequence: - - spaces-core - - argocd - - sequence: - - spaces-core - - usageXClusterByXArgo diff --git a/apis/definition.yaml b/apis/definition.yaml index 814b5d3..82eb931 100644 --- a/apis/definition.yaml +++ b/apis/definition.yaml @@ -58,23 +58,17 @@ spec: userArn: description: The IAM User ARN to connect as ClusterAdmin. type: string - networkSelector: - type: string - description: NetworkSelector employs a specific type of network architecture. - enum: - - basic - default: basic deletionPolicy: description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete enum: - Delete - Orphan type: string - default: Delete + default: "Delete" providerConfigName: description: Crossplane ProviderConfig to use for provisioning this resources type: string - default: default + default: "default" version: type: string description: Kubernetes version of the Cluster @@ -97,16 +91,8 @@ spec: default: certmanager: enabled: true - version: "v1.14.3" ingressnginx: enabled: true - version: "4.9.1" - externaldns: - version: "6.34.2" - crossplane: - enabled: true - version: "v1.15.2-up.1" - providers: [] properties: argocd: type: object @@ -118,7 +104,6 @@ spec: version: type: string description: "Specifies the version of argocd helm-chart to use." - default: "5.51.1" ingressUrl: type: string description: set ingressUrl for argocd server @@ -152,7 +137,6 @@ spec: type: object default: enabled: true - version: "v1.14.3" properties: enabled: type: boolean @@ -161,15 +145,12 @@ spec: version: type: string description: "Specifies the version of cert-manager to use." - default: "v1.14.3" required: - enabled - - version ingressnginx: type: object default: enabled: true - version: "4.9.1" properties: enabled: type: boolean @@ -178,99 +159,31 @@ spec: version: type: string description: "Specifies the version of ingress-nginx to use." - default: "4.9.1" required: - enabled - - version externaldns: type: object - properties: - aws: - type: object - properties: - enabled: - type: boolean - description: "Indicates if AWS external-dns is enabled." - default: true - route53ZoneId: - type: string - description: "The Route53 zone ID for external-dns to manage." - route53ZoneName: - type: string - description: "The Route53 zone name for external-dns to manage." - gcp: - type: object - properties: - enabled: - type: boolean - description: "Indicates if GCP external-dns is enabled." - default: true - zoneName: - type: string - description: "The Managed Zone for external-dns to manage." - dnsProject: - type: string - description: "The ID of the Project where the DNS is managed." - version: - type: string - description: "Specifies the version of external-dns to use." - default: "6.34.2" - required: - - version - crossplane: - type: object - default: - enabled: true - version: "v1.15.2-up.1" - providers: [] properties: enabled: type: boolean - description: "Indicates if Crossplane is enabled." + description: "Indicates if external-dns is enabled." default: true + id: + type: string + name: + type: string version: type: string - description: "Specifies the version of Crossplane to use." - default: "v1.15.2-up.1" - providers: - type: array - items: - type: object - properties: - name: - type: string - description: "The name of the Crossplane provider." - package: - type: string - description: "The package of the Crossplane provider." - enabled: - type: boolean - description: "Indicates if the Crossplane provider is enabled." - default: true - localRbac: - type: boolean - description: "Indicates if local RBAC is enabled for the provider." + description: "Specifies the version of external-dns to use." required: - enabled - - version - - providers spaces: type: object description: "Defines the configuration for spaces." - default: - version: "1.3.0" - account: "" - clusterType: "" - dns: - spacesRouterDomain: "" - pullSecretRef: - name: upbound-provider-helm-pull - namespace: upbound-system properties: version: type: string description: "The version of the space configuration." - default: "1.3.0" dns: type: object properties: @@ -282,32 +195,21 @@ spec: account: type: string description: "The account identifier for the space." - clusterType: - type: string - description: "The type of cluster to deploy for the space." pullSecretRef: type: object - default: - name: upbound-provider-helm-pull - namespace: upbound-system properties: name: type: string description: "The name of the pull secret to use." - default: upbound-provider-helm-pull namespace: type: string description: "The namespace of the pull secret." - default: upbound-system required: - name - namespace required: - - version - dns - account - - clusterType - - pullSecretRef required: - cloud - deletionPolicy diff --git a/apis/generate.k b/apis/generate.k new file mode 100644 index 0000000..00932d9 --- /dev/null +++ b/apis/generate.k @@ -0,0 +1,30 @@ +import file +import yaml + +_composition = yaml.decode(file.read("apis/template.yaml")) | { + spec: { + pipeline = [ + { + step: "kcl" + functionRef: { + name: "crossplane-contrib-function-kcl" + } + input: { + apiVersion: "krm.kcl.dev/v1alpha1" + kind: "KCLRun" + spec: { + source = (file.read("apis/main.k")) + } + } + }, + { + step: "automatically-detect-ready-composed-resources" + functionRef: { + name: "crossplane-contrib-function-auto-ready" + }, + }, + ] + } +} + +file.write("apis/composition.yaml", yaml.encode(_composition)) diff --git a/apis/irsa/composition.yaml b/apis/irsa/composition.yaml deleted file mode 100644 index 1748d04..0000000 --- a/apis/irsa/composition.yaml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: xirsas.aws.platform.upbound.io -spec: - compositeTypeRef: - apiVersion: aws.platform.upbound.io/v1alpha1 - kind: XIRSA - mode: Pipeline - pipeline: - - step: patch-and-transform - functionRef: - name: crossplane-contrib-function-patch-and-transform - input: - apiVersion: pt.fn.crossplane.io/v1beta1 - kind: Resources - patchSets: - - name: Name - patches: - - fromFieldPath: metadata.name - toFieldPath: metadata.annotations[crossplane.io/external-name] - type: FromCompositeFieldPath - - name: providerConfigRef - patches: - - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - type: FromCompositeFieldPath - - name: deletionPolicy - patches: - - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.deletionPolicy - type: FromCompositeFieldPath - resources: - - name: irsaRole - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: Role - metadata: - labels: - resource: Role - patches: - - patchSetName: Name - type: PatchSet - - patchSetName: providerConfigRef - type: PatchSet - - patchSetName: deletionPolicy - type: PatchSet - - fromFieldPath: status.atProvider.arn - policy: - fromFieldPath: Optional - toFieldPath: status.roleArn - type: ToCompositeFieldPath - - fromFieldPath: status.conditions - policy: - fromFieldPath: Optional - toFieldPath: status.observed.role.conditions - type: ToCompositeFieldPath - - combine: - strategy: string - string: - fmt: | - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "%s" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "%s": { - "%s:sub": "system:serviceaccount:%s:%s" - } - } - } - ] - } - variables: - - fromFieldPath: status.irsa.oidc_arn - - fromFieldPath: spec.parameters.condition - - fromFieldPath: status.irsa.oidc_host - - fromFieldPath: spec.parameters.serviceAccount.namespace - - fromFieldPath: spec.parameters.serviceAccount.name - toFieldPath: spec.forProvider.assumeRolePolicy - type: CombineFromComposite - - - name: irsaPolicy - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: Policy - metadata: - labels: - resource: Policy - patches: - - patchSetName: providerConfigRef - type: PatchSet - - patchSetName: deletionPolicy - type: PatchSet - - fromFieldPath: spec.parameters.policyDocument - toFieldPath: spec.forProvider.policy - type: FromCompositeFieldPath - - fromFieldPath: metadata.annotations[crossplane.io/external-name] - toFieldPath: status.policyArn - type: ToCompositeFieldPath - - fromFieldPath: status.conditions - policy: - fromFieldPath: Optional - toFieldPath: status.observed.policy.conditions - type: ToCompositeFieldPath - - - name: irsaAttachment - base: - apiVersion: iam.aws.upbound.io/v1beta1 - kind: RolePolicyAttachment - metadata: - labels: - resource: RolePolicyAttachment - spec: - forProvider: - policyArnSelector: - matchControllerRef: true - matchLabels: - resource: Policy - roleSelector: - matchControllerRef: true - matchLabels: - resource: Role - patches: - - patchSetName: providerConfigRef - type: PatchSet - - patchSetName: deletionPolicy - type: PatchSet - - fromFieldPath: status.conditions - policy: - fromFieldPath: Optional - toFieldPath: status.observed.rpa.conditions - type: ToCompositeFieldPath - - - name: irsaSettings - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: Object - spec: - deletionPolicy: Orphan - forProvider: - manifest: - apiVersion: v1 - kind: ConfigMap - metadata: - namespace: default - managementPolicy: Observe - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: spec.providerConfigRef.name - type: FromCompositeFieldPath - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - transforms: - - string: - fmt: '%s-irsa-settings' - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.manifest.metadata.name - transforms: - - string: - fmt: '%s-irsa-settings' - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: status.atProvider.manifest.data.oidc_arn - policy: - fromFieldPath: Optional - toFieldPath: status.irsa.oidc_arn - type: ToCompositeFieldPath - - fromFieldPath: status.atProvider.manifest.data.oidc_host - policy: - fromFieldPath: Optional - toFieldPath: status.irsa.oidc_host - type: ToCompositeFieldPath diff --git a/apis/irsa/definition.yaml b/apis/irsa/definition.yaml deleted file mode 100644 index 02fe6b1..0000000 --- a/apis/irsa/definition.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: CompositeResourceDefinition -metadata: - name: xirsas.aws.platform.upbound.io - labels: - provider: aws -spec: - claimNames: - kind: IRSA - plural: irsas - group: aws.platform.upbound.io - names: - kind: XIRSA - plural: xirsas - versions: - - name: v1alpha1 - served: true - referenceable: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - parameters: - type: object - description: IRSA configuration parameters. - properties: - id: - type: string - description: ID of this Cluster that other objects will use to refer to it. - deletionPolicy: - description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete - enum: - - Delete - - Orphan - type: string - default: Delete - providerConfigName: - description: Crossplane ProviderConfig to use for provisioning this resources - type: string - default: default - serviceAccount: - type: object - description: Configuration for SA - properties: - name: - type: string - description: name kubernetes SA - namespace: - type: string - description: namespace kubernetes SA - required: - - name - - namespace - condition: - type: string - description: This is the whether or not the equals is a hard match or like query - default: StringEquals - enum: - - StringEquals - - StringLike - policyDocument: - type: string - description: The JSON policy document that is the content for the policy. - required: - - id - - condition - - policyDocument - - serviceAccount - required: - - parameters - status: - type: object - properties: - irsa: - description: Freeform field containing status information for irsa - type: object - x-kubernetes-preserve-unknown-fields: true - roleArn: - description: The arn of the role - type: string - policyArn: - description: The arn of the policy - type: string - observed: - description: Freeform field containing information about the observed status. - type: object - x-kubernetes-preserve-unknown-fields: true diff --git a/apis/main.k b/apis/main.k new file mode 100644 index 0000000..c353f9c --- /dev/null +++ b/apis/main.k @@ -0,0 +1,429 @@ +import regex + +oxr = option("params").oxr +_ocds = option("params").ocds +_dxr = option("params").dxr +dcds = option("params").dcds + +_metadata = lambda name: str -> any { + { annotations = { "krm.kcl.dev/composition-resource-name" = name }} +} + +get = lambda x: any, y: str, d: any -> any { + """ + Get an item from a dictionary using a dot separated path. + If the item is not found, return a default value. + """ + p = regex.split(y, "\.") + c = p[0] + y = ".".join(p[1:]) + x[c] if len(p) == 1 and c in x else d if c not in x else get(x[c], y, d) +} + +_defaults = { + id: get(oxr, "spec.parameters.id", "") + region: get(oxr, "spec.parameters.region", "") + deletionPolicy: get(oxr, "spec.parameters.deletionPolicy", "Delete") + providerConfigName: get(oxr, "spec.providerConfigName", "default") +} + +_items = [{ + apiVersion: "aws.platform.upbound.io/v1alpha1" + kind: "XNetwork" + metadata: _metadata("network") + spec.parameters: _defaults +} if get(oxr, "spec.parameters.cloud", "") == "aws" else {} ] + +_items += [{ + apiVersion: "aws.platform.upbound.io/v1alpha1" + kind: "XEKS" + metadata: _metadata("kubernetes") | { + annotations: { + "xeks.aws.platform.upbound.io/cluster-id" = get(oxr, "spec.parameters.id", "") + } + } + spec: { + parameters: _defaults | { + version: get(oxr, "spec.parameters.version", "") + nodes: get(oxr, "spec.parameters.nodes", "") + iam: get(oxr, "spec.parameters.iam", "") + } + writeConnectionSecretToRef: { + name: get(oxr, "metadata.uid", "") + "-ekscluster" + namespace: get(oxr, "spec.writeConnectionSecretToRef.namespace", "") + } + } +} if get(oxr, "spec.parameters.cloud", "") == "aws" else {} ] + +_items += [{ + apiVersion: "gitops.platform.upbound.io/v1alpha1" + kind: "XArgo" + metadata: _metadata("argocd") + spec:{ + parameters: { + deletionPolicy: get(oxr, "spec.parameters.deletionPolicy", "Delete") + providerConfigName: get(oxr, "spec.parameters.id", "") + ingressUrl: get(oxr, "spec.parameters.operators.argocd.ingressUrl", "") + operators: { + argocd: { + version: get(oxr, "spec.parameters.operators.argocd.version", "7.1.1") + } + } + source: { + git: get(oxr, "spec.parameters.operators.argocd.git", "") + }, + resourceExclusions: get(oxr, "spec.parameters.operators.argocd.resourceExclusions", "") + resourceInclusions: get(oxr, "spec.parameters.operators.argocd.resourceInclusions", "") + }, + } +} if get(_ocds, "kubernetes.Resource", {}) and get(oxr, "spec.parameters.operators.argocd.enabled", "") and all_true([ + c.status == "True" for c in get(_ocds, "kubernetes.Resource.status.conditions", []) +]) else {} ] + +_items += [{ + apiVersion: "apiextensions.crossplane.io/v1alpha1" + kind: "Usage" + metadata: _metadata("usage-by-argocd-of-kubernetes") + spec: { + by: { + apiVersion: "gitops.platform.upbound.io/v1alpha1" + kind: "XArgo" + resourceSelector: { + matchControllerRef: True + }, + }, + of: { + + apiVersion: get(_ocds, "kubernetes.Resource.apiVersion", "") + kind: get(_ocds, "kubernetes.Resource.kind", "") + resourceSelector: { + matchControllerRef: True + }, + }, + }, +} if get(_ocds, "kubernetes.Resource", {}) and get(oxr, "spec.parameters.operators.argocd.enabled", "") and all_true([ + c.status == "True" for c in get(_ocds, "kubernetes.Resource.status.conditions", []) +]) else {} ] + +_items += [{ + apiVersion: "kubernetes.crossplane.io/v1alpha2" + kind: "Object" + metadata: _metadata("space-pull-secret") + spec: { + references: [ + { + patchesFrom: { + apiVersion: "v1" + kind: "Secret" + name: "upbound-pull-secret" + namespace: "upbound-system" + fieldPath: "data[.dockerconfigjson]" + }, + toFieldPath: "data[.dockerconfigjson]" + }, + ], + deletionPolicy: get(oxr, "spec.parameters.deletionPolicy", "Delete") + forProvider: { + manifest: { + "apiVersion": "v1", + "kind": "Secret", + "type": "kubernetes.io/dockerconfigjson", + "metadata": { + "name": "upbound-pull-secret", + "namespace": "upbound-system", + }, + }, + }, + providerConfigRef.name: get(oxr, "spec.parameters.id", "") + }, +} if get(_ocds, "kubernetes.Resource", {}) and all_true([ + c.status == "True" for c in get(_ocds, "kubernetes.Resource.status.conditions", []) +]) else {} ] + +_items += [{ + apiVersion: "helm.crossplane.io/v1beta1" + kind: "Release" + metadata: _metadata("cert-manager") | { + annotations: { + "crossplane.io/external-name" = "cert-manager" + } + } + spec: { + rollbackLimit: 3, + deletionPolicy: get(oxr, "spec.parameters.deletionPolicy", "Delete") + forProvider: { + namespace: "cert-manager", + chart: { + name: "cert-manager", + version: get(oxr, "spec.parameters.operators.certmanager.version", "v1.14.3") + repository: get(oxr, "", "https://charts.jetstack.io") + }, + values: { + installCRDs: True, + }, + waitTimeout: "360s" + }, + providerConfigRef.name: get(oxr, "spec.parameters.id", "") + }, +} if get(_ocds, "kubernetes.Resource", {}) and all_true([ + c.status == "True" for c in get(_ocds, "kubernetes.Resource.status.conditions", []) +]) else {} ] + +_items += [{ + apiVersion: "helm.crossplane.io/v1beta1" + kind: "Release" + metadata: _metadata("ingress-nginx") | { + annotations: { + "crossplane.io/external-name" = "ingress-nginx" + } + } + spec: { + rollbackLimit: 3, + deletionPolicy: get(oxr, "spec.parameters.deletionPolicy", "Delete") + forProvider: { + namespace: "ingress-nginx" + chart: { + name: "ingress-nginx" + version: get(oxr, "spec.parameters.operators.ingressnginx.version", "4.9.1") + repository: get(oxr, "", "https://kubernetes.github.io/ingress-nginx") + } + set: [ + { + name: "controller.service.type" + value: "LoadBalancer" + }, + { + name: "controller.allowSnippetAnnotations", + value: "true" + }, + if get(oxr, "spec.parameters.cloud", "") == "aws": + { + name: 'controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-type"' + value: "/external" + }, + { + name: 'controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-scheme"' + value: "internet-facing" + }, + { + name: 'controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-nlb-target-type"' + value: "ip" + }, + { + name: 'controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-healthcheck-protocol"' + value: "http" + }, + { + name: 'controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-healthcheck-path"' + value: "/healthz" + }, + { + name: 'controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-healthcheck-port"' + value: "10254" + } + ], + }, + providerConfigRef.name: get(oxr, "spec.parameters.id", "") + }, +} if get(_ocds, "kubernetes.Resource", {}) and all_true([ + c.status == "True" for c in get(_ocds, "kubernetes.Resource.status.conditions", []) +]) else {} ] + +# releaseExternalDns = { +# apiVersion: "helm.crossplane.io/v1beta1" +# kind: "Release" +# metadata: { +# annotations: { +# "crossplane.io/external-name": "external-dns" +# } +# }, +# spec: { +# rollbackLimit: 3, +# deletionPolicy: oxr.spec.parameters.deletionPolicy or "Delete" +# forProvider: { +# namespace: "external-dns" +# chart: { +# name: "external-dns" +# version: oxr.spec.parameters.operators.externaldns.version or "6.34.2" +# repository: "https://charts.bitnami.com/bitnami" +# }, +# values: { +# replicaCount: 1 +# domainFilters: [ +# oxr.spec.parameters.operators.externaldns.name +# ], +# serviceAccount: { +# annotations: [ +# if oxr.spec.parameters.cloud == "aws": +# { +# "eks.amazonaws.com/role-arn": oxr.status.status.externalDNS.IRSARoleArn +# }, +# if oxr.spec.parameters.cloud == "gcp": +# { +# "iam.gke.io/gcp-service-account": oxr.status.status.externalDNS.googleServiceAccount.email +# }, +# ], +# }, +# txtOwnerId: "upbound-spaces-" + oxr.metadata.uid +# provider: oxr.spec.parameters.cloud +# policy: "sync" +# source: "ingress" +# registry: "txt" +# if oxr.spec.parameters.cloud == "aws": +# aws: { +# batchChangeSize: 4 +# zoneType: "public" +# region: "us-east-1" +# }, +# if oxr.spec.parameters.cloud == "gcp": +# google: { +# project: oxr.spec.parameters.operators.externaldns.gcp.dnsProject +# } +# rbac: { +# create: True +# }, +# serviceAccount: { +# create: True +# name: "external-dns" +# }, +# metrics: { +# enabled: False +# serviceMonitor: { +# enabled: False +# }, +# }, +# replicas: 2 +# podDisruptionBudget: { +# minAvailable: 1 +# }, +# }, + +# }, +# providerConfigRef: { +# name: oxr.spec.parameters.providerConfigName or "default" +# }, +# } +# } + +# if oxr.spec.parameters.cloud == "aws": +# _identityExternalDNS = { +# apiVersion: "aws.platform.upbound.io/v1alpha1" +# kind: "XIRSA" +# spec: { +# parameters: { +# id: oxr.spec.parameters.providerConfigName or "default" +# condition: "StringEquals" +# serviceAccount: { +# name: "external-dns" +# namespace: "external-dns" +# }, +# policyDocument: """ +# { +# "Version":"2012-10-17", +# "Statement":[ +# { +# "Effect":"Allow", +# "Action":[ +# "route53:ListResourceRecordSets", +# "route53:ListHostedZones" +# ], +# "Resource":"*" +# }, +# { +# "Effect":"Allow", +# "Action":"route53:ChangeResourceRecordSets", +# "Resource":"arn:aws:route53:::hostedzone/${oxr.spec.parameters.operators.externaldns.aws.route53ZoneId} +# } +# ] +# } +# """ +# }, +# } + +# } + +# if oxr.spec.parameters.cloud == "gcp": +# _identityExternalDNS = { +# apiVersion: "gcp.platform.upbound.io/v1alpha1" +# kind: "XWorkloadIdentity" +# spec: { +# parameters: { +# id: oxr.spec.parameters.providerConfigName +# dnsProject: oxr.spec.parameters.operators.externaldns.gcp.dnsProject +# serviceAccount: { +# name: "external-dns" +# namespace: "external-dns" +# }, +# }, +# }, +# } + +_items += [{ + apiVersion: "helm.crossplane.io/v1beta1" + kind: "Release" + metadata: _metadata("spaces") | { + annotations: { + "crossplane.io/external-name" = "spaces" + } + } + spec: { + rollbackLimit: 3, + forProvider: { + namespace: "upbound-system" + chart: { + pullSecretRef: get(oxr, "spec.parameters.spaces.pullSecretRef", {"name": "upbound-provider-helm-pull", "namespace": "upbound-system"}) + version: get(oxr, "spec.parameters.spaces.version", "1.6.0") + name: "spaces" + repository: get(oxr, "", "oci://us-west1-docker.pkg.dev/orchestration-build/upbound-environments") + }, + set: [ + { + name: "account" + value: get(oxr, "spec.parameters.spaces.account", "") + }, + if get(oxr, "spec.parameters.cloud", "") == "gcp": + { + name: "clusterType" + value: "gke" + } + if get(oxr, "spec.parameters.cloud", "") == "aws": + { + name: "clusterType" + value: "eks" + } + if get(oxr, "spec.parameters.cloud", "") == "azure": + { + name: "clusterType" + value: "aks" + } + { + name: "ingress.host" + value: get(oxr, "spec.parameters.spaces.dns.spacesRouterDomain", "") + }, + { + name: "features.alpha.eso.enabled" + value: "true" + }, + { + name: "features.alpha.eso.namespace" + value: "external-secrets" + }, + { + name: "features.alpha.argocdPlugin.enabled" + value: "true" + }, + { + name: "features.alpha.argocdPlugin.target.secretNamespace" + value: "argocd" + }, + ], + }, + providerConfigRef.name: get(oxr, "spec.parameters.id", "") + } +} if get(_ocds, "kubernetes.Resource", {}) and all_true([ + c.status == "True" for c in get(_ocds, "kubernetes.Resource.status.conditions", []) +]) else {} ] + +# ToDo(haarchri): add more conditions for prereq + +items = _items \ No newline at end of file diff --git a/apis/space-core/composition.yaml b/apis/space-core/composition.yaml deleted file mode 100644 index 0adfe15..0000000 --- a/apis/space-core/composition.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: xcore.spaces.platformref.upbound.io -spec: - writeConnectionSecretsToNamespace: upbound-system - compositeTypeRef: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XCore - mode: Pipeline - pipeline: - - step: patch-and-transform - functionRef: - name: upboundcare-function-conditional-patch-and-transform - input: - apiVersion: pt.fn.crossplane.io/v1beta1 - kind: Resources - resources: - - name: spaces - base: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - spec: - rollbackLimit: 3 - forProvider: - namespace: upbound-system - chart: - name: spaces - repository: oci://us-west1-docker.pkg.dev/orchestration-build/upbound-environments - set: - - name: "account" - - name: "clusterType" - - name: "ingress.host" - - name: "features.alpha.eso.enabled" - value: "true" - - name: "features.alpha.eso.namespace" - value: "external-secrets" - - name: "features.alpha.argocdPlugin.enabled" - value: "true" - - name: "features.alpha.argocdPlugin.target.secretNamespace" - value: "argocd" - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.spaces.account - toFieldPath: spec.forProvider.set[0].value - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.spaces.clusterType - toFieldPath: spec.forProvider.set[1].value - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.spaces.dns.spacesRouterDomain - toFieldPath: spec.forProvider.set[2].value - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.spaces.pullSecretRef - toFieldPath: spec.forProvider.chart.pullSecretRef - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.spaces.version - toFieldPath: spec.forProvider.chart.version diff --git a/apis/space-core/definition.yaml b/apis/space-core/definition.yaml deleted file mode 100644 index 2a49f22..0000000 --- a/apis/space-core/definition.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: CompositeResourceDefinition -metadata: - name: xcore.spaces.platformref.upbound.io -spec: - defaultCompositeDeletePolicy: Foreground - group: spaces.platformref.upbound.io - names: - kind: XCore - plural: xcore - versions: - - name: v1alpha1 - additionalPrinterColumns: - - jsonPath: .spec.parameters.spaces.version - name: SPACES - type: string - served: true - referenceable: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - parameters: - type: object - properties: - providerConfigName: - type: string - spaces: - type: object - description: "Defines the configuration for spaces." - properties: - version: - type: string - description: "The version of the space configuration." - dns: - type: object - properties: - spacesRouterDomain: - type: string - description: "The domain for the spaces router." - account: - type: string - description: "The account identifier for the space." - clusterType: - type: string - description: "The type of cluster to deploy for the space." - pullSecretRef: - type: object - properties: - name: - type: string - description: "The name of the pull secret to use." - namespace: - type: string - description: "The namespace of the pull secret." - status: - type: object - properties: - status: - description: Freeform field containing status information - type: object - x-kubernetes-preserve-unknown-fields: true diff --git a/apis/space-init/composition.yaml b/apis/space-init/composition.yaml deleted file mode 100644 index e1e21da..0000000 --- a/apis/space-init/composition.yaml +++ /dev/null @@ -1,568 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: xinit.spaces.platformref.upbound.io -spec: - writeConnectionSecretsToNamespace: upbound-system - compositeTypeRef: - apiVersion: spaces.platformref.upbound.io/v1alpha1 - kind: XInit - mode: Pipeline - pipeline: - - step: providers - functionRef: - name: crossplane-contrib-function-go-templating - input: - apiVersion: gotemplating.fn.crossplane.io/v1beta1 - kind: GoTemplate - source: Inline - inline: - template: | - {{ $spec := .observed.composite.resource.spec }} - {{- range $i, $provider := $spec.parameters.operators.crossplane.providers }} - --- - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - metadata: - annotations: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-p - labels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-p - spec: - forProvider: - manifest: - apiVersion: pkg.crossplane.io/v1 - kind: Provider - metadata: - name: {{ $provider.name }} - spec: - package: {{ $provider.package }} - {{- if $provider.localRbac }} - runtimeConfigRef: - apiVersion: pkg.crossplane.io/v1beta1 - kind: DeploymentRuntimeConfig - name: {{ $provider.name }} - {{- end }} - providerConfigRef: - name: {{ $spec.parameters.providerConfigName }} - --- - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - metadata: - annotations: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-p-usage - spec: - by: - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - resourceSelector: - matchControllerRef: true - matchLabels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-p - of: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - resourceSelector: - matchControllerRef: true - matchLabels: - type: crossplane - {{- if $provider.localRbac }} - --- - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - metadata: - annotations: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-drc - labels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-drc - spec: - forProvider: - manifest: - apiVersion: pkg.crossplane.io/v1beta1 - kind: DeploymentRuntimeConfig - metadata: - name: {{ $provider.name }} - spec: - serviceAccountTemplate: - metadata: - name: provider-kubernetes - providerConfigRef: - name: {{ $spec.parameters.providerConfigName }} - --- - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - metadata: - annotations: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-drc-usage - spec: - by: - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - resourceSelector: - matchControllerRef: true - matchLabels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-drc - of: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - resourceSelector: - matchControllerRef: true - matchLabels: - type: crossplane - --- - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - metadata: - annotations: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-crb - labels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-crb - spec: - forProvider: - manifest: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: {{ $provider.name }}-admin-binding - subjects: - - kind: ServiceAccount - name: {{ $provider.name }} - namespace: upbound-system - roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io - providerConfigRef: - name: {{ $spec.parameters.providerConfigName }} - --- - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - metadata: - annotations: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-crb-usage - spec: - by: - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - resourceSelector: - matchControllerRef: true - matchLabels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-crb - of: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - resourceSelector: - matchControllerRef: true - matchLabels: - type: crossplane - --- - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - metadata: - annotations: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-pc - labels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-pc - spec: - forProvider: - manifest: - {{- if eq $provider.name "provider-kubernetes" }} - apiVersion: kubernetes.crossplane.io/v1alpha1 - {{- end }} - {{- if eq $provider.name "provider-helm" }} - apiVersion: helm.crossplane.io/v1beta1 - {{- end }} - kind: ProviderConfig - metadata: - name: upbound-cluster - spec: - credentials: - source: InjectedIdentity - providerConfigRef: - name: {{ $spec.parameters.providerConfigName }} - --- - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - metadata: - annotations: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-pc-usage - spec: - by: - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - resourceSelector: - matchControllerRef: true - matchLabels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-pc - of: - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - resourceSelector: - matchControllerRef: true - matchLabels: - gotemplating.fn.crossplane.io/composition-resource-name: {{ $spec.parameters.providerConfigName }}-{{ $provider.name }}-p - {{- end }} - {{- end }} - - - step: patch-and-transform - functionRef: - name: upboundcare-function-conditional-patch-and-transform - input: - apiVersion: pt.fn.crossplane.io/v1beta1 - kind: Resources - resources: - - name: copy-provider-helm-pull-secret - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: Object - spec: - references: - - patchesFrom: - apiVersion: v1 - kind: Secret - name: upbound-provider-helm-pull - namespace: upbound-system - fieldPath: data[username] - toFieldPath: data[username] - - patchesFrom: - apiVersion: v1 - kind: Secret - name: upbound-provider-helm-pull - namespace: upbound-system - fieldPath: data[password] - toFieldPath: data[password] - forProvider: - manifest: - apiVersion: v1 - kind: Secret - metadata: - name: upbound-provider-helm-pull - namespace: upbound-system - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - - name: copy-crossplane-pull-secret - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: Object - spec: - references: - - patchesFrom: - apiVersion: v1 - kind: Secret - name: upbound-pull-secret - namespace: upbound-system - fieldPath: data[.dockerconfigjson] - toFieldPath: data[.dockerconfigjson] - forProvider: - manifest: - apiVersion: v1 - kind: Secret - type: kubernetes.io/dockerconfigjson - metadata: - name: upbound-pull-secret - namespace: upbound-system - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - - name: cert-manager - condition: observed.composite.resource.spec.parameters.operators.certmanager.enabled == true - base: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - spec: - rollbackLimit: 3 - forProvider: - namespace: cert-manager - chart: - name: cert-manager - repository: https://charts.jetstack.io - values: - installCRDs: true - waitTimeout: "360s" - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.certmanager.version - toFieldPath: spec.forProvider.chart.version - - - name: ingress-nginx - condition: observed.composite.resource.spec.parameters.operators.ingressnginx.enabled == true - base: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - spec: - rollbackLimit: 3 - forProvider: - namespace: ingress-nginx - chart: - name: ingress-nginx - repository: https://kubernetes.github.io/ingress-nginx - set: - - name: "controller.service.type" - value: "LoadBalancer" - - name: "controller.allowSnippetAnnotations" - value: "true" - - name: controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path" - value: "/healthz" - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.ingressnginx.version - toFieldPath: spec.forProvider.chart.version - - type: ToCompositeFieldPath - fromFieldPath: metadata.annotations[crossplane.io/external-name] - toFieldPath: status.status.ingressNginxName - policy: - fromFieldPath: Optional - - - name: external-dns-irsa - condition: | - "externaldns" in observed.composite.resource.spec.parameters.operators && - "aws" in observed.composite.resource.spec.parameters.operators.externaldns && - observed.composite.resource.spec.parameters.operators.externaldns.aws.enabled == true - base: - apiVersion: aws.platform.upbound.io/v1alpha1 - kind: XIRSA - spec: - parameters: - condition: StringEquals - serviceAccount: - name: external-dns - namespace: external-dns - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.id - - type: ToCompositeFieldPath - fromFieldPath: status.roleArn - toFieldPath: status.status.externalDNS.IRSARoleArn - policy: - fromFieldPath: Optional - - type: CombineFromComposite - policy: - fromFieldPath: Required - combine: - variables: - - fromFieldPath: spec.parameters.operators.externaldns.aws.route53ZoneId - strategy: string - string: - fmt: | - { - "Version":"2012-10-17", - "Statement":[ - { - "Effect":"Allow", - "Action":[ - "route53:ListResourceRecordSets", - "route53:ListHostedZones" - ], - "Resource":"*" - }, - { - "Effect":"Allow", - "Action":"route53:ChangeResourceRecordSets", - "Resource":"arn:aws:route53:::hostedzone/%s" - } - ] - } - toFieldPath: spec.parameters.policyDocument - - - name: external-dns - condition: | - "externaldns" in observed.composite.resource.spec.parameters.operators && - "aws" in observed.composite.resource.spec.parameters.operators.externaldns && - observed.composite.resource.spec.parameters.operators.externaldns.aws.enabled == true - base: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - spec: - forProvider: - namespace: external-dns - chart: - name: external-dns - repository: https://charts.bitnami.com/bitnami - values: - replicaCount: 1 - provider: aws - policy: sync - source: ingress - registry: txt - aws: - batchChangeSize: 4 - zoneType: public - region: us-east-1 - rbac: - create: true - serviceAccount: - create: true - name: external-dns - metrics: - enabled: false - serviceMonitor: - enabled: false - replicas: 2 - podDisruptionBudget: - minAvailable: 1 - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.externaldns.version - toFieldPath: spec.forProvider.chart.version - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.externaldns.aws.route53ZoneName - toFieldPath: spec.forProvider.values.domainFilters[0] - - type: FromCompositeFieldPath - fromFieldPath: status.status.externalDNS.IRSARoleArn - toFieldPath: spec.forProvider.values.serviceAccount.annotations[eks.amazonaws.com/role-arn] - policy: - fromFieldPath: Required - - type: FromCompositeFieldPath - fromFieldPath: metadata.uid - toFieldPath: spec.forProvider.values.txtOwnerId - transforms: - - string: - fmt: 'upbound-spaces-%s' - type: Format - type: string - - - name: external-dns-workloadidentity - condition: | - "externaldns" in observed.composite.resource.spec.parameters.operators && - "gcp" in observed.composite.resource.spec.parameters.operators.externaldns && - observed.composite.resource.spec.parameters.operators.externaldns.gcp.enabled == true - base: - apiVersion: gcp.platform.upbound.io/v1alpha1 - kind: XWorkloadIdentity - spec: - parameters: - condition: StringEquals - serviceAccount: - name: external-dns - namespace: external-dns - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.externaldns.gcp.dnsProject - toFieldPath: spec.parameters.dnsProject - - type: ToCompositeFieldPath - fromFieldPath: status.googleServiceAccount.email - toFieldPath: status.status.externalDNS.googleServiceAccount.email - policy: - fromFieldPath: Optional - - - name: external-dns - condition: | - "externaldns" in observed.composite.resource.spec.parameters.operators && - "gcp" in observed.composite.resource.spec.parameters.operators.externaldns && - observed.composite.resource.spec.parameters.operators.externaldns.gcp.enabled == true - base: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - spec: - forProvider: - namespace: external-dns - chart: - name: external-dns - repository: https://charts.bitnami.com/bitnami - values: - replicaCount: 1 - provider: google - policy: sync - source: ingress - registry: txt - google: - batchChangeSize: 4 - rbac: - create: true - serviceAccount: - create: true - name: external-dns - metrics: - enabled: false - serviceMonitor: - enabled: false - replicas: 2 - podDisruptionBudget: - minAvailable: 1 - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.externaldns.version - toFieldPath: spec.forProvider.chart.version - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.externaldns.gcp.zoneName - toFieldPath: spec.forProvider.values.domainFilters[0] - - type: FromCompositeFieldPath - fromFieldPath: status.status.externalDNS.googleServiceAccount.email - toFieldPath: spec.forProvider.values.serviceAccount.annotations[iam.gke.io/gcp-service-account] - policy: - fromFieldPath: Required - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.externaldns.gcp.dnsProject - toFieldPath: spec.forProvider.values.google.project - - type: FromCompositeFieldPath - fromFieldPath: metadata.uid - toFieldPath: spec.forProvider.values.txtOwnerId - transforms: - - string: - fmt: 'upbound-spaces-%s' - type: Format - type: string - - - name: universal-crossplane - condition: observed.composite.resource.spec.parameters.operators.crossplane.enabled == true - base: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - metadata: - labels: - type: crossplane - spec: - rollbackLimit: 3 - forProvider: - namespace: upbound-system - chart: - name: universal-crossplane - repository: https://charts.upbound.io/stable - values: - args: - - --enable-usages - - --max-reconcile-rate=1000 - resourcesCrossplane: - limits: - cpu: 2000m - memory: 4096Mi - requests: - cpu: 1000m - memory: 2048Mi - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.crossplane.version - toFieldPath: spec.forProvider.chart.version - transforms: - - type: string - string: - type: TrimPrefix - trim: "v" - - - step: automatically-detect-ready-composed-resources - functionRef: - name: crossplane-contrib-function-auto-ready diff --git a/apis/space-init/definition.yaml b/apis/space-init/definition.yaml deleted file mode 100644 index ffa9982..0000000 --- a/apis/space-init/definition.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: CompositeResourceDefinition -metadata: - name: xinit.spaces.platformref.upbound.io -spec: - defaultCompositeDeletePolicy: Foreground - group: spaces.platformref.upbound.io - names: - kind: XInit - plural: xinit - versions: - - name: v1alpha1 - additionalPrinterColumns: - - jsonPath: .spec.parameters.operators.crossplane.version - name: CROSSPLANE - type: string - served: true - referenceable: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - parameters: - type: object - properties: - providerConfigName: - type: string - operators: - type: object - description: "Defines the operators to be deployed with their enabled status and versions." - properties: - certmanager: - type: object - properties: - enabled: - type: boolean - description: "Indicates if cert-manager is enabled." - version: - type: string - description: "Specifies the version of cert-manager to use." - ingressnginx: - type: object - properties: - enabled: - type: boolean - description: "Indicates if ingress-nginx is enabled." - version: - type: string - description: "Specifies the version of ingress-nginx to use." - externaldns: - type: object - properties: - aws: - type: object - properties: - enabled: - type: boolean - description: "Indicates if AWS external-dns is enabled." - route53ZoneId: - type: string - description: "The Route53 zone ID for external-dns to manage." - route53ZoneName: - type: string - description: "The Route53 zone name for external-dns to manage." - gcp: - type: object - properties: - enabled: - type: boolean - description: "Indicates if GCP external-dns is enabled." - default: true - zoneName: - type: string - description: "The Managed Zone for external-dns to manage." - dnsProject: - type: string - description: "The ID of the Project where the DNS is managed." - version: - type: string - description: "Specifies the version of external-dns to use." - crossplane: - type: object - properties: - enabled: - type: boolean - description: "Indicates if Crossplane is enabled." - version: - type: string - description: "Specifies the version of Crossplane to use." - providers: - type: array - items: - type: object - properties: - name: - type: string - description: "The name of the Crossplane provider." - package: - type: string - description: "The package of the Crossplane provider." - enabled: - type: boolean - description: "Indicates if the Crossplane provider is enabled." - localRbac: - type: boolean - description: "Indicates if local RBAC is enabled for the provider." - status: - type: object - properties: - status: - description: Freeform field containing status information - type: object - x-kubernetes-preserve-unknown-fields: true diff --git a/apis/template.yaml b/apis/template.yaml new file mode 100644 index 0000000..08d64cd --- /dev/null +++ b/apis/template.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: xspaces.spaces.platformref.upbound.io +spec: + writeConnectionSecretsToNamespace: upbound-system + compositeTypeRef: + apiVersion: spaces.platformref.upbound.io/v1alpha1 + kind: XSpace + mode: Pipeline + pipeline: + - step: kcl + functionRef: + name: crossplane-contrib-function-kcl + input: + apiVersion: krm.kcl.dev/v1alpha1 + kind: KCLRun + spec: + source: main.k + + - step: automatically-detect-ready-composed-resources + functionRef: + name: crossplane-contrib-function-auto-ready diff --git a/apis/workload-identity/composition.yaml b/apis/workload-identity/composition.yaml deleted file mode 100644 index cc279ca..0000000 --- a/apis/workload-identity/composition.yaml +++ /dev/null @@ -1,172 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: xworkloadidentity.gcp.platform.upbound.io -spec: - compositeTypeRef: - apiVersion: gcp.platform.upbound.io/v1alpha1 - kind: XWorkloadIdentity - mode: Pipeline - pipeline: - - step: patch-and-transform - functionRef: - name: crossplane-contrib-function-patch-and-transform - input: - apiVersion: pt.fn.crossplane.io/v1beta1 - kind: Resources - patchSets: - - name: Name - patches: - - fromFieldPath: metadata.name - toFieldPath: metadata.annotations[crossplane.io/external-name] - type: FromCompositeFieldPath - - name: providerConfigRef - patches: - - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - type: FromCompositeFieldPath - - name: deletionPolicy - patches: - - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.deletionPolicy - type: FromCompositeFieldPath - resources: - - name: serviceaccount - base: - apiVersion: cloudplatform.gcp.upbound.io/v1beta1 - kind: ServiceAccount - patches: - - type: PatchSet - patchSetName: Name - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - fromFieldPath: status.workloadIdentity.gkeProject - toFieldPath: spec.forProvider.project - type: FromCompositeFieldPath - - fromFieldPath: status.atProvider.email - toFieldPath: status.googleServiceAccount.email - type: ToCompositeFieldPath - - fromFieldPath: status.atProvider.id - toFieldPath: status.googleServiceAccount.id - type: ToCompositeFieldPath - - - name: projectiammember-dns-admin - base: - apiVersion: cloudplatform.gcp.upbound.io/v1beta1 - kind: ProjectIAMMember - spec: - forProvider: - role: roles/dns.admin - patches: - - type: PatchSet - patchSetName: Name - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - fromFieldPath: spec.parameters.dnsProject - toFieldPath: spec.forProvider.project - type: FromCompositeFieldPath - - fromFieldPath: status.googleServiceAccount.email - toFieldPath: spec.forProvider.member - type: FromCompositeFieldPath - transforms: - - string: - fmt: 'serviceAccount:%s' - type: Format - type: string - - - name: serviceaccountiammember - base: - apiVersion: cloudplatform.gcp.upbound.io/v1beta1 - kind: ServiceAccountIAMMember - spec: - forProvider: - role: roles/iam.workloadIdentityUser - patches: - - type: PatchSet - patchSetName: Name - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - fromFieldPath: status.googleServiceAccount.id - toFieldPath: spec.forProvider.serviceAccountId - type: FromCompositeFieldPath - - combine: - strategy: string - string: - fmt: "serviceAccount:%s.svc.id.goog[%s/%s]" - variables: - - fromFieldPath: status.workloadIdentity.gkeProject - - fromFieldPath: spec.parameters.serviceAccount.namespace - - fromFieldPath: spec.parameters.serviceAccount.name - toFieldPath: spec.forProvider.member - type: CombineFromComposite - - - name: projectiammember-workload-identity-user - base: - apiVersion: cloudplatform.gcp.upbound.io/v1beta1 - kind: ProjectIAMMember - spec: - forProvider: - role: roles/iam.workloadIdentityUser - patches: - - type: PatchSet - patchSetName: Name - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - fromFieldPath: status.workloadIdentity.gkeProject - toFieldPath: spec.forProvider.project - type: FromCompositeFieldPath - - fromFieldPath: status.googleServiceAccount.email - toFieldPath: spec.forProvider.member - type: FromCompositeFieldPath - transforms: - - string: - fmt: 'serviceAccount:%s' - type: Format - type: string - - - name: workloadIdentitySettings - base: - apiVersion: kubernetes.crossplane.io/v1alpha2 - kind: Object - spec: - deletionPolicy: Orphan - forProvider: - manifest: - apiVersion: v1 - kind: ConfigMap - metadata: - namespace: default - managementPolicies: ["Observe"] - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: spec.providerConfigRef.name - type: FromCompositeFieldPath - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - transforms: - - string: - fmt: '%s-workload-identity-settings' - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.manifest.metadata.name - transforms: - - string: - fmt: '%s-workload-identity-settings' - type: Format - type: string - type: FromCompositeFieldPath - - fromFieldPath: status.atProvider.manifest.data.gkeProject - policy: - fromFieldPath: Optional - toFieldPath: status.workloadIdentity.gkeProject - type: ToCompositeFieldPath diff --git a/apis/workload-identity/definition.yaml b/apis/workload-identity/definition.yaml deleted file mode 100644 index bf47441..0000000 --- a/apis/workload-identity/definition.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: CompositeResourceDefinition -metadata: - name: xworkloadidentities.gcp.platform.upbound.io - labels: - provider: gcp -spec: - claimNames: - kind: WorkloadIdentity - plural: workloadidentities - group: gcp.platform.upbound.io - names: - kind: XWorkloadIdentity - plural: xworkloadidentities - versions: - - name: v1alpha1 - served: true - referenceable: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - parameters: - type: object - description: Workload Identity configuration parameters. - properties: - id: - type: string - description: ID of this Workload Identity that other objects will use to refer to it. - deletionPolicy: - description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete. - enum: - - Delete - - Orphan - type: string - default: Delete - providerConfigName: - description: Crossplane ProviderConfig to use for provisioning this resources. - type: string - default: default - serviceAccount: - type: object - description: Configuration for SA - properties: - name: - type: string - description: name kubernetes SA - namespace: - type: string - description: namespace kubernetes SA - required: - - name - - namespace - condition: - type: string - description: This is the whether or not the equals is a hard match or like query - default: StringEquals - enum: - - StringEquals - - StringLike - dnsProject: - type: string - description: The Project ID where the DNS managed zone lives. - required: - - id - - serviceAccount - - dnsProject - required: - - parameters - status: - type: object - properties: - workloadIdentity: - description: Freeform field containing status information for Workload Identity. - type: object - x-kubernetes-preserve-unknown-fields: true - observed: - description: Freeform field containing information about the observed status. - type: object - x-kubernetes-preserve-unknown-fields: true - googleServiceAccount: - type: object - description: Configuration for GSA - properties: - email: - type: string - description: email Google SA - id: - type: string - description: id Google SA - required: - - email - - id diff --git a/crossplane.yaml b/crossplane.yaml index caf4190..40acaf7 100644 --- a/crossplane.yaml +++ b/crossplane.yaml @@ -30,23 +30,21 @@ spec: - configuration: xpkg.upbound.io/upbound/configuration-gcp-gke # renovate: datasource=github-releases depName=upbound/configuration-gcp-gke version: "v0.7.0" + - configuration: xpkg.upbound.io/upbound/configuration-gitops-argocd + # renovate: datasource=github-releases depName=upbound/configuration-gitops-argocd + version: "v0.9.0" + - configuration: xpkg.upbound.io/upbound/configuration-gcp-gke-workload-identity + # renovate: datasource=github-releases depName=upbound/configuration-gcp-gke-workload-identity + version: "v0.1.0" + # - configuration: xpkg.upbound.io/upbound/configuration-aws-eks-irsa + # # renovate: datasource=github-releases depName=upbound/configuration-aws-eks-irsa + # version: "v0.7.0" - provider: xpkg.upbound.io/upbound/provider-gcp-dns # renovate: datasource=github-releases depName=upbound/provider-gcp version: "v1.2.0" - - configuration: xpkg.upbound.io/upbound/configuration-gitops-argocd - # renovate: datasource=github-releases depName=upbound/configuration-gitops-argocd + - function: xpkg.upbound.io/crossplane-contrib/function-kcl + # renovate: datasource=github-releases depName=crossplane-contrib/function-kcl version: "v0.9.0" - - function: xpkg.upbound.io/upboundcare/function-conditional-patch-and-transform - version: "v0.4.0" - - function: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform - # renovate: datasource=github-releases depName=crossplane-contrib/function-patch-and-transform - version: "v0.4.0" - function: xpkg.upbound.io/crossplane-contrib/function-auto-ready # renovate: datasource=github-releases depName=crossplane-contrib/function-auto-ready version: "v0.2.1" - - function: xpkg.upbound.io/crossplane-contrib/function-go-templating - # renovate: datasource=github-releases depName=crossplane-contrib/function-go-templating - version: "v0.4.1" - - function: xpkg.upbound.io/crossplane-contrib/function-sequencer - # renovate: datasource=github-releases depName=crossplane-contrib/function-sequencer - version: "v0.1.2" diff --git a/examples/aws-host-space.yaml b/examples/aws-host-space.yaml index 30c9139..bd22a52 100644 --- a/examples/aws-host-space.yaml +++ b/examples/aws-host-space.yaml @@ -27,19 +27,10 @@ spec: roleArn: ${data.awsAdminRoleArn} operators: externaldns: - aws: - # To leverage external-dns for managing the spaces.dns.spacesRouterDomain zone entry, - # substitute the placeholder values with your actual Route53 Zone ID and Route53 Zone Name. - route53ZoneId: ${data.route53ZoneId} - route53ZoneName: ${data.route53ZoneName} - crossplane: - providers: - - name: provider-helm - package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.17.0 - localRbac: true - - name: provider-kubernetes - package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.12.1 - localRbac: true + # To leverage external-dns for managing the spaces.dns.spacesRouterDomain zone entry, + # substitute the placeholder values with your actual Route53 Zone ID and Route53 Zone Name. + id: ${data.route53ZoneId} + name: ${data.route53ZoneName} argocd: enabled: true ingressUrl: argocd-platform-ref-upbound-spaces.${data.route53ZoneName} @@ -74,7 +65,6 @@ spec: spaces: dns: spacesRouterDomain: platform-ref-upbound-spaces.${data.route53ZoneName} - clusterType: eks account: platform-ref writeConnectionSecretToRef: name: hostcluster-kubeconfig diff --git a/examples/azure-host-space.yaml b/examples/azure-host-space.yaml index 55d751f..e643dae 100644 --- a/examples/azure-host-space.yaml +++ b/examples/azure-host-space.yaml @@ -14,14 +14,6 @@ spec: count: 1 instanceType: standard_d8s_v3 operators: - crossplane: - providers: - - name: provider-helm - package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.17.0 - localRbac: true - - name: provider-kubernetes - package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.12.1 - localRbac: true argocd: enabled: true ingressUrl: argocd-platform-ref-upbound-spaces.${data.route53ZoneName} @@ -56,7 +48,6 @@ spec: spaces: dns: spacesRouterDomain: platform-ref-upbound-spaces-aks.${data.route53ZoneName} - clusterType: aks account: platform-ref writeConnectionSecretToRef: name: hostcluster-aks-kubeconfig diff --git a/examples/functions.yaml b/examples/functions.yaml index 89a5329..0f71e3a 100644 --- a/examples/functions.yaml +++ b/examples/functions.yaml @@ -1,26 +1,5 @@ apiVersion: pkg.crossplane.io/v1beta1 kind: Function -metadata: - name: upboundcare-function-conditional-patch-and-transform -spec: - package: xpkg.upbound.io/upboundcare/function-conditional-patch-and-transform:v0.4.0 ---- -apiVersion: pkg.crossplane.io/v1beta1 -kind: Function -metadata: - name: crossplane-contrib-function-patch-and-transform -spec: - package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.3.0 ---- -apiVersion: pkg.crossplane.io/v1beta1 -kind: Function -metadata: - name: crossplane-contrib-function-go-templating -spec: - package: xpkg.upbound.io/crossplane-contrib/function-go-templating:v0.4.1 ---- -apiVersion: pkg.crossplane.io/v1beta1 -kind: Function metadata: name: crossplane-contrib-function-auto-ready spec: @@ -29,6 +8,6 @@ spec: apiVersion: pkg.crossplane.io/v1beta1 kind: Function metadata: - name: crossplane-contrib-function-sequencer + name: crossplane-contrib-function-kcl spec: - package: xpkg.upbound.io/crossplane-contrib/function-sequencer:v0.1.0 + package: xpkg.upbound.io/crossplane-contrib/function-kcl:v0.9.0 diff --git a/examples/gcp-host-space.yaml b/examples/gcp-host-space.yaml index e4fd9dc..d5330f5 100644 --- a/examples/gcp-host-space.yaml +++ b/examples/gcp-host-space.yaml @@ -15,20 +15,10 @@ spec: instanceType: e2-standard-4 operators: externaldns: - gcp: - enabled: true - # To leverage external-dns for managing the spaces.dns.spacesRouterDomain zone entry, - # substitute the placeholder values with your actual Managed Zone Name and GCP DNS Project Name. - zoneName: ${data.gcpZoneName} - dnsProject: ${data.gcpDNSProject} - crossplane: - providers: - - name: provider-helm - package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.17.0 - localRbac: true - - name: provider-kubernetes - package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.12.1 - localRbac: true + # To leverage external-dns for managing the spaces.dns.spacesRouterDomain zone entry, + # substitute the placeholder values with your actual Managed Zone Name and GCP DNS Project Name. + name: ${data.gcpZoneName} + id: ${data.gcpDNSProject} argocd: enabled: true ingressUrl: argocd-platform-ref-upbound-spaces.${data.gcpZoneName} @@ -63,7 +53,6 @@ spec: spaces: dns: spacesRouterDomain: platform-ref-upbound-spaces-gke.${data.gcpZoneName} - clusterType: gke account: platform-ref writeConnectionSecretToRef: name: hostcluster-gcp-kubeconfig diff --git a/examples/xr/aws-hostcluster.yaml b/examples/xr/aws-hostcluster.yaml deleted file mode 100644 index b05e110..0000000 --- a/examples/xr/aws-hostcluster.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: spaces.platformref.upbound.io/v1alpha1 -kind: Cluster -metadata: - name: aws-spaces-hostcluster - namespace: default - annotations: - render.crossplane.io/composition-path: apis/cluster/composition.yaml - render.crossplane.io/function-path: examples/functions.yaml -spec: - compositeDeletePolicy: Foreground - parameters: - cloud: aws - id: aws-spaces-hostcluster - region: us-west-2 - version: "1.27" - iam: - # Important: Please specify an iamRoleArn to access the AWS EKS Cluster deployed as part of CNOE. - # Without specifying a valid roleArn, you will not be able to log in to the EKS cluster. - # If you are using AWS SSO Roles, ensure to remove 'aws-reserved/sso.amazonaws.com/' from the ARN. - # For example, convert this: - # arn:aws:iam::123456789:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_d703c73ed340fde7 - # To this: - # arn:aws:iam::123456789:role/AWSReservedSSO_AdministratorAccess_d703c73ed340fde7 - # roleArn: arn:aws:iam::123456789:role/AWSReservedSSO_AdministratorAccess_d703c73ed340fde7 - roleArn: ${data.awsAdminRoleArn} - nodes: - count: 5 - instanceType: m5.2xlarge - writeConnectionSecretToRef: - name: aws-spaces-hostcluster-kubeconfig diff --git a/examples/xr/azure-hostcluster.yaml b/examples/xr/azure-hostcluster.yaml deleted file mode 100644 index 08815eb..0000000 --- a/examples/xr/azure-hostcluster.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: spaces.platformref.upbound.io/v1alpha1 -kind: Cluster -metadata: - name: azure-spaces-hostcluster - namespace: default - annotations: - render.crossplane.io/composition-path: apis/cluster/composition.yaml - render.crossplane.io/function-path: examples/functions.yaml -spec: - compositeDeletePolicy: Foreground - parameters: - cloud: azure - id: azure-spaces-hostcluster - region: westus - version: "1.27.3" - nodes: - count: 1 - instanceType: Standard_B2s - writeConnectionSecretToRef: - name: azure-spaces-hostcluster-kubeconfig diff --git a/examples/xr/gcp-hostcluster.yaml b/examples/xr/gcp-hostcluster.yaml deleted file mode 100644 index 3ad514f..0000000 --- a/examples/xr/gcp-hostcluster.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: spaces.platformref.upbound.io/v1alpha1 -kind: Cluster -metadata: - name: gcp-spaces-hostcluster - namespace: default - annotations: - render.crossplane.io/composition-path: apis/cluster/composition.yaml - render.crossplane.io/function-path: examples/functions.yaml -spec: - compositeDeletePolicy: Foreground - parameters: - cloud: gcp - id: gcp-spaces-hostcluster - region: us-west2 - version: latest - nodes: - count: 3 - instanceType: n1-standard-4 - writeConnectionSecretToRef: - name: gcp-spaces-hostcluster-kubeconfig diff --git a/examples/xr/space-core.yaml b/examples/xr/space-core.yaml deleted file mode 100644 index 772bee9..0000000 --- a/examples/xr/space-core.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: spaces.platformref.upbound.io/v1alpha1 -kind: XCore -metadata: - name: space-base - annotations: - render.crossplane.io/composition-path: apis/space-core/composition.yaml - render.crossplane.io/function-path: examples/functions.yaml -spec: - parameters: - providerConfigName: aws-spaces-hostcluster - spaces: - version: 1.3.0 - dns: - spacesRouterDomain: platform-ref-upbound-spaces.${data.route53ZoneName} - clusterType: eks - account: platform-ref - pullSecretRef: - name: upbound-provider-helm-pull - namespace: upbound-system diff --git a/examples/xr/space-init.yaml b/examples/xr/space-init.yaml deleted file mode 100644 index fe0455f..0000000 --- a/examples/xr/space-init.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: spaces.platformref.upbound.io/v1alpha1 -kind: XInit -metadata: - name: space-base - annotations: - render.crossplane.io/composition-path: apis/space-init/composition.yaml - render.crossplane.io/function-path: examples/functions.yaml -spec: - parameters: - providerConfigName: aws-spaces-hostcluster - operators: - certmanager: - enabled: true - version: v1.14.3 - ingressnginx: - enabled: true - version: "4.9.1" - externaldns: - aws: - enabled: true - route53ZoneId: ${data.route53ZoneId} - route53ZoneName: ${data.route53ZoneName} - version: "6.34.2" - crossplane: - enabled: true - version: v1.15.2-up.1 - providers: - - name: provider-helm - package: xpkg.upbound.io/crossplane-contrib/provider-helm:v0.17.0 - enabled: true - localRbac: true - - name: provider-kubernetes - package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.12.1 - enabled: true - localRbac: true