Use secret for storing connectioninfo (bucketname) in s3-irsa example (…

…#177) * Eksctl update (#2) * Update package version and args to match terraform bootstrap * Add deployment for crossplane helm provider and argocd to eksctl bootstrap * temporary change to region for testing with existing deployment in us-west-2 * Adjust permission boundary to allow CreateRole Quotes around ACCOUNT_ID in environmentconfig * Change region to us-east-1 to match default in terraform bootstrap Remove Deny for CreateRole Add missing ControllerConfig apply for Helm Provider * Request changes from PR Review * Install ArgoCD chart from cli instead of via crossplane helm provider * S3 secret fix (#4) * Add annotations to for saving s3 bucket as secret for s3irsa example * Add writeConnectionSecretToRef to base.spec in Composition Change writeConnectionSecretToRef.name in claim in case of conflicts * Add annotations for ConnectionSecret to s3irsa composition * use secret for bucketname * corrected connectiondetails * change secret key to match configmap remove configmap * feat(upgrade): upgrading aws-provider and fixing warnings (#179) * fixing some warnings * matching service * reverting a test * feat(upgrade): upbound aws-provider to 1.2.1 and clearing warnings * upgrading eksclt as well * apigw warning cleanup * Update CODEOWNERS (#180) Adding Navya to Codeowners * Resolving merge conflicts Eksctl update (#2) * Update package version and args to match terraform bootstrap * Add deployment for crossplane helm provider and argocd to eksctl bootstrap * temporary change to region for testing with existing deployment in us-west-2 * Adjust permission boundary to allow CreateRole Quotes around ACCOUNT_ID in environmentconfig * Change region to us-east-1 to match default in terraform bootstrap Remove Deny for CreateRole Add missing ControllerConfig apply for Helm Provider * Merge conflicts fix Request changes from PR Review * Install ArgoCD chart from cli instead of via crossplane helm provider * Merge conflict fix S3 secret fix (#4) * Add annotations to for saving s3 bucket as secret for s3irsa example * Add writeConnectionSecretToRef to base.spec in Composition Change writeConnectionSecretToRef.name in claim in case of conflicts * Add annotations for ConnectionSecret to s3irsa composition * use secret for bucketname * corrected connectiondetails * change secret key to match configmap remove configmap * Resolve merge conflict for provider version * Resolve merge confict * Resolve merge conflict - add cr --------- Co-authored-by: candonov <25967713+candonov@users.noreply.github.com>
awslabs · Mar 25, 2024 · b03d0b2 · b03d0b2
1 parent e86b468
commit b03d0b2
Show file tree

Hide file tree

Showing 9 changed files with 20 additions and 30 deletions.
diff --git a/bootstrap/eksctl/README.md b/bootstrap/eksctl/README.md
@@ -118,7 +118,7 @@ helm install crossplane crossplane-stable/crossplane \
 --namespace crossplane-system \
 --create-namespace \
 --set args='{"--enable-environment-configs"}' \
---version 1.13.2 # Get the latest version from https://github.com/crossplane/crossplane/releases
+--version 1.15.0 # Get the latest version from https://github.com/crossplane/crossplane/releases
 
 ```
 

diff --git a/bootstrap/eksctl/crossplane/aws-provider.yaml b/bootstrap/eksctl/crossplane/aws-provider.yaml
@@ -23,4 +23,4 @@ spec:
   args:
       - --debug
       - --enable-management-policies
-      
+
diff --git a/bootstrap/eksctl/crossplane/environmentconfig.yaml b/bootstrap/eksctl/crossplane/environmentconfig.yaml
@@ -6,4 +6,3 @@ data:
   awsAccountID: "ACCOUNT_ID"
   eksOIDC: OIDC_PROVIDER
   vpcID: VPC_ID
-
diff --git a/compositions/upbound-aws-provider/s3-irsa/s3-irsa.yaml b/compositions/upbound-aws-provider/s3-irsa/s3-irsa.yaml
@@ -12,6 +12,7 @@ metadata:
     awsblueprints.io/provider: aws
     awsblueprints.io/environment: dev
 spec:
+  writeConnectionSecretsToNamespace: crossplane-system
   compositeTypeRef:
     apiVersion: awsblueprints.io/v1alpha1
     kind: XS3IRSA
@@ -28,6 +29,8 @@ spec:
         kind: XObjectStorage
         metadata:
           name: standard-object-storage
+      connectionDetails:
+        - fromConnectionSecretKey: bucketName
       patches:
         - type: PatchSet
           patchSetName: common-fields-composition

diff --git a/compositions/upbound-aws-provider/s3/general-purpose.yaml b/compositions/upbound-aws-provider/s3/general-purpose.yaml
@@ -10,6 +10,7 @@ metadata:
     awsblueprints.io/environment: dev
     s3.awsblueprints.io/configuration: standard
 spec:
+  writeConnectionSecretsToNamespace: crossplane-system
   compositeTypeRef:
     apiVersion: awsblueprints.io/v1alpha1
     kind: XObjectStorage
@@ -42,6 +43,10 @@ spec:
                 fmt: "bucket-%s"
   resources:
     - name: s3-bucket
+      connectionDetails:
+        - type: FromFieldPath
+          name: bucketName
+          fromFieldPath: status.atProvider.id
       base:
         apiVersion: s3.aws.upbound.io/v1beta1
         kind: Bucket
@@ -50,6 +55,8 @@ spec:
           forProvider:
             region: us-west-2
             forceDestroy: true # be careful with this
+            writeConnectionSecretToRef:
+              namespace: crossplane-system
       patches:
         - type: PatchSet
           patchSetName: common-fields
@@ -98,29 +105,4 @@ spec:
           toFieldPath: spec.providerConfigRef.name
         - fromFieldPath: spec.resourceConfig.region
           toFieldPath: spec.forProvider.region
-    - name: config-map
-      base:
-        apiVersion: kubernetes.crossplane.io/v1alpha1
-        kind: Object
-        spec:
-          forProvider:
-            manifest:
-              apiVersion: v1
-              kind: ConfigMap
-              metadata:
-                name: #to-be-patched
-                namespace: #to-be-patched
-              data:
-                bucketName: #to-be-patched
-      patches:
-        - type: FromCompositeFieldPath
-          fromFieldPath: metadata.labels[crossplane.io/claim-namespace]
-          toFieldPath: spec.forProvider.manifest.metadata.namespace
-        - type: FromCompositeFieldPath
-          fromFieldPath: metadata.labels[crossplane.io/claim-name]
-          toFieldPath: spec.forProvider.manifest.metadata.name
-        - type: FromCompositeFieldPath
-          fromFieldPath: status.bucketName
-          toFieldPath: spec.forProvider.manifest.data.bucketName
-          policy:
-            fromFieldPath: Required
+
diff --git a/examples/upbound-aws-provider/composite-resources/s3-irsa/helm-chart/templates/claim.yaml b/examples/upbound-aws-provider/composite-resources/s3-irsa/helm-chart/templates/claim.yaml
@@ -9,6 +9,8 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-wave: "-10"
 spec:
+  writeConnectionSecretToRef:
+    name: {{ include "s3-irsa-app.name" . }}
   resourceConfig:
     providerConfigName: aws-provider-config
     region: us-east-1

diff --git a/...les/upbound-aws-provider/composite-resources/s3-irsa/helm-chart/templates/deployment.yaml b/...les/upbound-aws-provider/composite-resources/s3-irsa/helm-chart/templates/deployment.yaml
@@ -36,7 +36,7 @@ spec:
         env:
         - name: BUCKET_NAME
           valueFrom:
-            configMapKeyRef:
+            secretKeyRef:
               name: {{ include "s3-irsa-app.name" . }}
               key: bucketName
       restartPolicy: Always
diff --git a/examples/upbound-aws-provider/composite-resources/s3-irsa/s3-irsa.yaml b/examples/upbound-aws-provider/composite-resources/s3-irsa/s3-irsa.yaml
@@ -3,6 +3,8 @@ kind: S3IRSA
 metadata:
   name: s3-irsa-test
 spec:
+  writeConnectionSecretToRef:
+    name: s3-irsa-test
   resourceConfig:
     providerConfigName: aws-provider-config
     region: us-east-1
diff --git a/examples/upbound-aws-provider/composite-resources/s3.yaml b/examples/upbound-aws-provider/composite-resources/s3.yaml
@@ -3,6 +3,8 @@ kind: ObjectStorage
 metadata:
   name: test-bucket-awsblueprint-123456789
 spec:
+  writeConnectionSecretToRef:
+    name: s3bucket
   resourceConfig:
     providerConfigName: aws-provider-config
     region: us-east-1
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,4 +23,4 @@ spec:
		args:
		- --debug
		- --enable-management-policies
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,4 +6,3 @@ data:
		awsAccountID: "ACCOUNT_ID"
		eksOIDC: OIDC_PROVIDER
		vpcID: VPC_ID