Christopher Haar haarchri

## xpkg-ecr.sh

echo "==> Set variables..."
export REGISTRY_URL="${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/${REPOSITORY_NAME}/${IMAGE_NAME}"
export HELM_EXPERIMENTAL_OCI=1
echo "==> Login to ecr..."
aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${REGISTRY_URL}
echo "==> Create and deploy xpkg..."
cd compositions
kubectl crossplane build configuration --name ${IMAGE_NAME}
kubectl crossplane push configuration ${REGISTRY_URL}:${IMAGE_TAG}

## efs-composition.yaml
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: example-efs
spec:
  writeConnectionSecretsToNamespace: crossplane-system
  compositeTypeRef:
    apiVersion: platform.example.intern/v1alpha1
    kind: Efs

## generate.yaml
group: kms.aws.devops.cloud
name: Key
version: v1alpha1
crd: ./.work/provider-aws/package/crds/kms.aws.crossplane.io_keys.yaml
ignore: true
compositions:
  - name: key
    provider: sop
    default: true

## gist:9a7e30a9e8ac7344703fda2ddaf006e0
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: eks.aws.example.com
  labels:
    provider: aws
spec:
  writeConnectionSecretsToNamespace: crossplane-system
  compositeTypeRef:
    apiVersion: aws.example.com/v1alpha1

## aws-provider-111111111111.yaml
---
apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
  name: aws-provider-111111111111
spec:
  credentials:
    source: InjectedIdentity

## aws-auth.yaml
[...]
    - name: aws-auth-configmap
      base:
        apiVersion: kubernetes.crossplane.io/v1alpha1
        kind: Object
        spec:
          forProvider:
            manifest:
              apiVersion: v1
              kind: ConfigMap

## gist:4b39112f5d00dbad815bb60d6dc4167f
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
  name: flux-system
  namespace: flux-system
spec:
  interval: 1m
  url: https://github.com/fluxcd/flux2-kustomize-helm-example.git
  ref:
    branch: main

## iam.yaml
---
apiVersion: identity.aws.crossplane.io/v1beta1
kind: IAMRole
metadata:
  name: lambda-exec-role
spec:
  forProvider:
    description: role for lambda execution
    assumeRolePolicyDocument:  |
      {

	echo "==> Set variables..."
	export REGISTRY_URL="${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/${REPOSITORY_NAME}/${IMAGE_NAME}"
	export HELM_EXPERIMENTAL_OCI=1
	echo "==> Login to ecr..."
	aws ecr get-login-password --region ${AWS_REGION} \| docker login --username AWS --password-stdin ${REGISTRY_URL}
	echo "==> Create and deploy xpkg..."
	cd compositions
	kubectl crossplane build configuration --name ${IMAGE_NAME}
	kubectl crossplane push configuration ${REGISTRY_URL}:${IMAGE_TAG}
	---
	apiVersion: apiextensions.crossplane.io/v1
	kind: Composition
	metadata:
	name: example-efs
	spec:
	writeConnectionSecretsToNamespace: crossplane-system
	compositeTypeRef:
	apiVersion: platform.example.intern/v1alpha1
	kind: Efs
	group: kms.aws.devops.cloud
	name: Key
	version: v1alpha1
	crd: ./.work/provider-aws/package/crds/kms.aws.crossplane.io_keys.yaml
	ignore: true
	compositions:
	- name: key
	provider: sop
	default: true
	---
	apiVersion: aws.crossplane.io/v1beta1
	kind: ProviderConfig
	metadata:
	name: aws-provider-111111111111
	spec:
	credentials:
	source: InjectedIdentity
	[...]
	- name: aws-auth-configmap
	base:
	apiVersion: kubernetes.crossplane.io/v1alpha1
	kind: Object
	spec:
	forProvider:
	manifest:
	apiVersion: v1
	kind: ConfigMap
	apiVersion: source.toolkit.fluxcd.io/v1beta1
	kind: GitRepository
	metadata:
	name: flux-system
	namespace: flux-system
	spec:
	interval: 1m
	url: https://github.com/fluxcd/flux2-kustomize-helm-example.git
	ref:
	branch: main
	---
	apiVersion: identity.aws.crossplane.io/v1beta1
	kind: IAMRole
	metadata:
	name: lambda-exec-role
	spec:
	forProvider:
	description: role for lambda execution
	assumeRolePolicyDocument: \|
	{