Last active
December 15, 2021 12:46
-
-
Save sqerison/9b3aa1d639155cda9b3434222a3da37f to your computer and use it in GitHub Desktop.
Crossplane examples
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[default] | |
aws_access_key_id = ASIAAAAAAAAAAAEXAMPLE | |
aws_secret_access_key = GP27Hkaef3lf5igm35gi38rbj3eexample |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl create secret generic aws-creds -n crossplane-system --from-file=creds=./aws-creds.conf | |
### | |
# Example: | |
### | |
apiVersion: v1 | |
data: | |
creds: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkID0gQVNJQUFBQUFBQUFBQUFFWEFNUExFCmF3c19zZWNyZXRfYWNjZXNzX2tleSA9IEdQMjdIa2FlZjNsZjVpZ20zNWdpMzhyYmozZWV4YW1wbGUK | |
kind: Secret | |
metadata: | |
name: aws-creds | |
namespace: crossplane | |
type: Opaque |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: pkg.crossplane.io/v1alpha1 | |
kind: ControllerConfig | |
metadata: | |
name: aws-config | |
annotations: | |
eks.amazonaws.com/role-arn: arn:aws:iam::$AWS_ACCOUNT_ID:role/$IAM_ROLE_NAME | |
spec: | |
podSecurityContext: | |
fsGroup: 2000 | |
--- | |
apiVersion: pkg.crossplane.io/v1 | |
kind: Provider | |
metadata: | |
name: provider-aws | |
spec: | |
package: crossplane/provider-aws:alpha | |
controllerConfigRef: | |
name: aws-config | |
--- | |
apiVersion: aws.crossplane.io/v1beta1 | |
kind: ProviderConfig | |
metadata: | |
name: provider-aws | |
spec: | |
credentials: | |
source: InjectedIdentity |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: pkg.crossplane.io/v1 | |
kind: Provider | |
metadata: | |
name: provider-aws | |
spec: | |
package: crossplane/provider-aws:alpha | |
--- | |
apiVersion: aws.crossplane.io/v1beta1 | |
kind: ProviderConfig | |
metadata: | |
name: default | |
spec: | |
credentials: | |
source: Secret | |
secretRef: | |
namespace: crossplane-system | |
name: aws-creds | |
key: creds |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl create namespace crossplane-system | |
helm repo add crossplane-stable https://charts.crossplane.io/stable | |
helm repo update | |
helm install crossplane --namespace crossplane-system crossplane-stable/crossplane |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### https://github.com/crossplane/provider-aws/blob/master/AUTHENTICATION.md | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Principal": { | |
"Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_PROVIDER}" | |
}, | |
"Action": "sts:AssumeRoleWithWebIdentity", | |
"Condition": { | |
"StringLike": { | |
"${OIDC_PROVIDER}:sub": "system:serviceaccount:crossplane-system:provider-aws-*" | |
} | |
} | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: s3.aws.crossplane.io/v1beta1 | |
kind: Bucket | |
metadata: | |
name: crossplane-demo | |
annotations: | |
# This will be the actual bucket name. It must be globally unique, so you | |
# probably want to change it before trying to apply this example. | |
crossplane.io/external-name: crossplane-demo-example-name | |
spec: | |
deletionPolicy: Delete | |
forProvider: | |
acl: private | |
locationConstraint: us-east-1 | |
paymentConfiguration: | |
payer: BucketOwner | |
serverSideEncryptionConfiguration: | |
rules: | |
- applyServerSideEncryptionByDefault: | |
sseAlgorithm: AES256 | |
versioningConfiguration: | |
status: Enabled |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment