Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xpls crashes #276

Open
muvaf opened this issue Nov 7, 2022 · 0 comments
Open

xpls crashes #276

muvaf opened this issue Nov 7, 2022 · 0 comments
Labels
bug Something isn't working needs-epic-link Needs a link to an epic needs-points-label Needs a story points label needs-project Needs to be added to a project board

Comments

@muvaf
Copy link
Contributor

muvaf commented Nov 7, 2022

What happened?

It crashes with the following log:


[Trace - 7:00:33 PM] Sending notification 'initialized'.
Params: {}


[Trace - 7:00:33 PM] Sending notification 'textDocument/didOpen'.
Params: {
    "textDocument": {
        "uri": "file:///Users/muvaf/go/src/github.com/upbound/se-repo/configs/loki-config/cluster/k8s/crossplane.yaml",
        "languageId": "yaml",
        "version": 1,
        "text": "apiVersion: meta.pkg.crossplane.io/v1\nkind: Configuration\nmetadata:\n  name: platform-ref-aws\nspec:\n  crossplane:\n    version: \">=v1.7.0-0\"\n  dependsOn:\n    - provider: xpkg.upbound.io/upbound/provider-aws\n      version: \">=v0.18.0\"\n    - provider: xpkg.upbound.io/crossplane-contrib/provider-helm\n      version: \">=v0.12.0\"\n"
    }
}


[Trace - 7:00:33 PM] Sending notification 'textDocument/didOpen'.
Params: {
    "textDocument": {
        "uri": "file:///Users/muvaf/go/src/github.com/upbound/se-repo/configs/loki-config/cluster/k8s/aws/eks/composition.yaml",
        "languageId": "yaml",
        "version": 1,
        "text": "apiVersion: apiextensions.crossplane.io/v1\nkind: Composition\nmetadata:\n  name: xeks.k8s.platformref.crossplane.io\n  labels:\n    cloud: aws\nspec:\n  compositeTypeRef:\n    apiVersion: platformref.crossplane.io/v1alpha1\n    kind: XK8s\n  resources:\n    - name: clusterRole\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: Role\n        metadata:\n          labels:\n            role: controlplane\n        spec:\n          forProvider:\n            assumeRolePolicy: |\n              {\n                \"Version\": \"2012-10-17\",\n                \"Statement\": [\n                    {\n                        \"Effect\": \"Allow\",\n                        \"Principal\": {\n                            \"Service\": [\n                                \"eks.amazonaws.com\"\n                            ]\n                        },\n                        \"Action\": [\n                            \"sts:AssumeRole\"\n                        ]\n                    }\n                ]\n              }\n    - name: clusterRolePolicyAttachment\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: RolePolicyAttachment\n        spec:\n          forProvider:\n            policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n            roleSelector:\n              matchControllerRef: true\n              matchLabels:\n                role: controlplane\n    - name: kubernetesCluster\n      base:\n        apiVersion: eks.aws.upbound.io/v1beta1\n        kind: Cluster\n        spec:\n          forProvider:\n            region: us-west-2\n            roleArnSelector:\n              matchControllerRef: true\n              matchLabels:\n                role: controlplane\n            vpcConfig:\n              - endpointPrivateAccess: true\n                endpointPublicAccess: true\n            #version: \"1.23\" # With this remarked out or ommitted, the Region default Kubernetes version will be selected\n      patches:\n        - fromFieldPath: \"spec.id\"\n          toFieldPath: spec.forProvider.vpcConfig[0].securityGroupIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]\n        - fromFieldPath: \"spec.id\"\n          toFieldPath: spec.forProvider.vpcConfig[0].subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]\n        - type: ToCompositeFieldPath\n          fromFieldPath: status.atProvider.identity[0].oidc[0].issuer\n          # toFieldPath: status.eks.oidc\n          toFieldPath: spec.oidc\n          policy:\n            fromFieldPath: Required\n        - type: ToCompositeFieldPath\n          fromFieldPath: spec.forProvider.roleArn\n          # toFieldPath: status.eks.accountID\n          toFieldPath: spec.accountID\n          policy:\n            fromFieldPath: Required\n          transforms:\n            - type: string\n              string:\n                type: Regexp\n                regexp:\n                  match: 'arn:aws:iam::(\\d+):.*'\n                  group: 1\n        - type: ToCompositeFieldPath\n          fromFieldPath: metadata.uid\n          # toFieldPath: status.eks.lokiSA\n          toFieldPath: spec.lokiSA\n          transforms:\n            - type: string\n              string:\n                fmt: \"loki-sa-%s\"\n        - type: ToCompositeFieldPath\n          fromFieldPath: metadata.uid\n          # toFieldPath: status.eks.lokiS3Bucket\n          toFieldPath: spec.lokiS3Bucket\n          transforms:\n            - type: string\n              string:\n                fmt: \"loki-s3-%s\"\n          policy:\n            fromFieldPath: Required\n        - type: ToCompositeFieldPath\n          fromFieldPath: metadata.name\n          toFieldPath: status.eks.clusterRef\n    - name: kubernetesClusterAuth\n      base:\n        apiVersion: eks.aws.upbound.io/v1beta1\n        kind: ClusterAuth\n        spec:\n          forProvider:\n            region: us-west-2\n            clusterNameSelector:\n              matchControllerRef: true\n      patches:\n        - fromFieldPath: spec.claim.namespace\n          toFieldPath: spec.writeConnectionSecretToRef.namespace\n        - fromFieldPath: status.eks.clusterRef\n          toFieldPath: spec.writeConnectionSecretToRef.name\n          transforms:\n            - type: string\n              string:\n                fmt: \"%s-ekscluster\"\n          policy:\n            fromFieldPath: Required\n      connectionDetails:\n        - fromConnectionSecretKey: kubeconfig\n    - name: nodegroupRole\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: Role\n        metadata:\n          labels:\n            role: nodegroup\n        spec:\n          forProvider:\n            assumeRolePolicy: |\n              {\n                \"Version\": \"2012-10-17\",\n                \"Statement\": [\n                    {\n                        \"Effect\": \"Allow\",\n                        \"Principal\": {\n                            \"Service\": [\n                                \"ec2.amazonaws.com\"\n                            ]\n                        },\n                        \"Action\": [\n                            \"sts:AssumeRole\"\n                        ]\n                    }\n                ]\n              }\n    - name: workerNodeRolePolicyAttachment\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: RolePolicyAttachment\n        spec:\n          forProvider:\n            policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\n            roleSelector:\n              matchControllerRef: true\n              matchLabels:\n                role: nodegroup\n    - name: cniRolePolicyAttachment\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: RolePolicyAttachment\n        spec:\n          forProvider:\n            policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\n            roleSelector:\n              matchControllerRef: true\n              matchLabels:\n                role: nodegroup\n    - name: containerRegistryRolePolicyAttachment\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: RolePolicyAttachment\n        spec:\n          forProvider:\n            policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\n            roleSelector:\n              matchControllerRef: true\n              matchLabels:\n                role: nodegroup\n    - name: nodeGroupPublic\n      base:\n        apiVersion: eks.aws.upbound.io/v1beta1\n        kind: NodeGroup\n        spec:\n          forProvider:\n            region: us-west-2\n            clusterNameSelector:\n              matchControllerRef: true\n            nodeRoleArnSelector:\n              matchControllerRef: true\n              matchLabels:\n                role: nodegroup\n            subnetIdSelector:\n              matchLabels:\n                access: public\n            scalingConfig:\n              - desiredSize: 1\n                minSize: 1\n                maxSize: 100\n            instanceTypes:\n              - t3.medium\n            version: \"1.23\"\n      patches:\n        - fromFieldPath: \"spec.parameters.nodes.count\"\n          toFieldPath: \"spec.forProvider.scalingConfig[0].desiredSize\"\n        - fromFieldPath: \"spec.parameters.nodes.size\"\n          toFieldPath: \"spec.forProvider.instanceTypes[0]\"\n          transforms:\n            - type: map\n              map:\n                small: t3.small\n                medium: t3.medium\n                large: t3.large\n        - fromFieldPath: \"spec.id\"\n          toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]\n### Create EKS cluster OIDC Provider\n    - name: cluster-oidc-provider\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: OpenIDConnectProvider\n        spec:\n          forProvider:\n            clientIDList:\n              - sts.amazonaws.com\n            thumbprintList:\n              - \"9e99a48a9960b14926bb7f3b02e22da2b0ab7280\"\n      patches:\n        # - fromFieldPath: status.eks.oidc\n        - fromFieldPath: spec.oidc\n          toFieldPath: spec.forProvider.url\n          policy:\n            fromFieldPath: Required\n### The following Loki IAM resources are created to support the option of installing the Loki chart\n    - name: loki-iam-role\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: Role\n        metadata:\n          labels:\n            role: \"loki-iam-role\"\n        spec:\n         forProvider:\n      patches:\n        - type: CombineFromComposite\n          combine:\n            variables:\n            # - fromFieldPath: status.eks.accountID\n            - fromFieldPath: spec.accountID\n            # - fromFieldPath: status.eks.oidc\n            - fromFieldPath: spec.oidc\n            # - fromFieldPath: status.eks.oidc\n            - fromFieldPath: spec.oidc\n            - fromFieldPath: metadata.labels[crossplane.io/claim-namespace]\n            # - fromFieldPath: status.eks.lokiSA\n            - fromFieldPath: spec.lokiSA\n            strategy: string\n            string:\n              fmt: |\n                {\n                  \"Version\": \"2012-10-17\",\n                  \"Statement\": [\n                    {\n                      \"Effect\": \"Allow\",\n                      \"Principal\": {\n                        \"Federated\": \"arn:aws:iam::%s:oidc-provider/%s\"\n                      },\n                      \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n                      \"Condition\": {\n                        \"StringEquals\": {\n                          \"%s:sub\": \"system:serviceaccount:%s:%s\"\n                        }\n                      }\n                    }\n                  ]\n                }\n          toFieldPath: spec.forProvider.assumeRolePolicy\n          policy:\n            fromFieldPath: Required\n    - name: loki-policy-s3\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: Policy\n        metadata:\n          labels:\n            policy: \"loki-s3-policy\"\n        spec:\n          forProvider:\n      patches:\n        - type: CombineFromComposite\n          combine:\n            variables:\n            # - fromFieldPath: status.eks.lokiS3Bucket\n            - fromFieldPath: spec.lokiS3Bucket\n            # - fromFieldPath: status.eks.lokiS3Bucket\n            - fromFieldPath: spec.lokiS3Bucket\n            strategy: string\n            string:\n              fmt: |\n                {\n                  \"Version\": \"2012-10-17\",\n                  \"Statement\": [\n                      {\n                          \"Effect\": \"Allow\",\n                          \"Action\": [\n                              \"s3:ListObjects\",\n                              \"s3:ListBucket\",\n                              \"s3:PutObject\",\n                              \"s3:GetObject\",\n                              \"s3:DeleteObject\"\n                          ],\n                          \"Resource\": [\n                              \"arn:aws:s3:::%s\"\n                          ]\n                      },\n                      {\n                          \"Effect\": \"Allow\",\n                          \"Action\": [\n                              \"s3:ListBucket\"\n                          ],\n                          \"Resource\": [\n                              \"arn:aws:s3:::%s\"\n                          ]\n                      }\n                  ]\n                }\n          toFieldPath: spec.forProvider.policy\n          policy:\n            fromFieldPath: Required\n    - name: loki-policy-s3-attachment\n      base:\n        apiVersion: iam.aws.upbound.io/v1beta1\n        kind: RolePolicyAttachment\n        spec:\n          forProvider:\n            policyArnSelector:\n              matchControllerRef: true\n              matchLabels:\n                policy: \"loki-s3-policy\"\n            roleSelector:\n              matchControllerRef: true\n              matchLabels:\n                role: \"loki-iam-role\"\n### Provider configs for provider-helm and provider-kubernetes\n    - name: eks-providerConfig\n      base:\n        apiVersion: kubernetes.crossplane.io/v1alpha1\n        kind: ProviderConfig\n        metadata:\n          name: default\n        spec:\n          credentials:\n            source: Secret\n            secretRef:\n              key: kubeconfig\n      patches:\n        - fromFieldPath: spec.claim.namespace\n          toFieldPath: spec.credentials.secretRef.namespace\n        - fromFieldPath: status.eks.clusterRef\n          toFieldPath: spec.credentials.secretRef.name\n          transforms:\n            - type: string\n              string:\n                fmt: \"%s-ekscluster\"\n          policy:\n            fromFieldPath: Required\n      readinessChecks:\n        - type: None\n    - name: helm-providerConfig\n      base:\n        apiVersion: helm.crossplane.io/v1beta1\n        kind: ProviderConfig\n        metadata:\n          name: default\n        spec:\n          credentials:\n            source: Secret\n            secretRef:\n              key: kubeconfig\n      patches:\n        - fromFieldPath: spec.claim.namespace\n          toFieldPath: spec.credentials.secretRef.namespace\n        - fromFieldPath: status.eks.clusterRef\n          toFieldPath: spec.credentials.secretRef.name\n          transforms:\n            - type: string\n              string:\n                fmt: \"%s-ekscluster\"\n          policy:\n            fromFieldPath: Required\n    # - name: helm-in-cluster-providerConfig\n    #   base:\n    #     apiVersion: helm.crossplane.io/v1beta1\n    #     kind: ProviderConfig\n    #     metadata:\n    #       name: default\n    #     spec:\n    #       credentials:\n    #         source: InjectedIdentity\n### Install Loki chart\n    - name: cluster-loki\n      base:\n        apiVersion: platformref.crossplane.io/v1alpha1\n        kind: XChart\n        spec:\n          compositionSelector:\n            matchLabels:\n              chart: cluster-loki\n      patches:\n        - fromFieldPath: status.eks.clusterRef\n          toFieldPath: spec.clusterRef\n          policy:\n            fromFieldPath: Required\n        - fromFieldPath: spec.claim.namespace\n          toFieldPath: spec.namespace"
    }
}


[Trace - 7:00:33 PM] Received request 'client/registerCapability - (0)'.
Params: {
    "registrations": [
        {
            "id": "workspace/didChangeWatchedFiles-1",
            "method": "workspace/didChangeWatchedFiles",
            "registerOptions": {
                "watchers": [
                    {
                        "globPattern": "**/*.yaml",
                        "kind": 7
                    }
                ]
            }
        }
    ]
}


[Trace - 7:00:33 PM] Sending response 'client/registerCapability - (0)'. Processing request took 0ms
No result returned.


[Trace - 7:00:33 PM] Received notification 'textDocument/publishDiagnostics'.
Params: {
    "uri": "file:///Users/muvaf/go/src/github.com/upbound/se-repo/configs/loki-config/cluster/k8s/crossplane.yaml",
    "diagnostics": []
}


[Trace - 7:00:33 PM] Received notification 'textDocument/publishDiagnostics'.
Params: {
    "uri": "file:///Users/muvaf/go/src/github.com/upbound/se-repo/configs/loki-config/cluster/k8s/crossplane.yaml",
    "diagnostics": []
}


panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x1043f4614]

goroutine 66 [running]:
github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevisionTransform(...)
	github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:167
github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevisionPatch({{0x1400057d518, 0x14}, 0x14004afaca0, 0x0, 0x14004afacd0, 0x0, {0x14004ae2600, 0x1, 0x4}, 0x14004afacb0})
	github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:145 +0x3a4
github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevisionComposedTemplate({0x14004afac10, {{0x14002a38a20, 0x107, 0x120}, {0x0, 0x0}}, {0x140047fa300, 0x7, 0x9}, {0x0, ...}, ...})
	github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:100 +0x1c4
github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevisionSpec({{{0x14002a6f8f0, 0x22}, {0x140047d8a78, 0x4}}, {0x0, 0x0, 0x0}, {0x14000a1a000, 0x10, 0x13}, ...}, ...)
	github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:68 +0x2b8
github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevision(0x14000346000, 0x24f9?, {0x0, 0x0})
	github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:38 +0x154
github.com/upbound/up/internal/xpkg/snapshot.(*CompositionValidator).marshal(0x14001d0f7e8?, {0x104ff2940?, 0x14000610398?})
	github.com/upbound/up/internal/xpkg/snapshot/composition.go:125 +0x98
github.com/upbound/up/internal/xpkg/snapshot.(*CompositionValidator).Validate(0x1400441f880, {0x104ff2940?, 0x14000610398?})
	github.com/upbound/up/internal/xpkg/snapshot/composition.go:69 +0x34
github.com/upbound/up/internal/xpkg/snapshot/validator.(*ObjectValidator).Validate(0x104c950c0?, {0x104ff2940, 0x14000610398})
	github.com/upbound/up/internal/xpkg/snapshot/validator/validator.go:80 +0x108
github.com/upbound/up/internal/xpkg/snapshot.(*Snapshot).Validate(0x1400049f110, {0x140029cf7a0?, 0x104b14be0?})
	github.com/upbound/up/internal/xpkg/snapshot/snapshot.go:461 +0x2ec
github.com/upbound/up/internal/xpls/server.(*Server).DidOpen(0x14000340ea0, {0x10502fa70, 0x140000583e8}, 0x140046b5a80)
	github.com/upbound/up/internal/xpls/server/server.go:193 +0x60
github.com/upbound/up/internal/xpls/dispatcher.(*Dispatcher).Dispatch(0x14000479860, {0x10502fa70, 0x140000583e8}, {0x105032870, 0x14000340ea0}, 0x104dbe100?, 0x140044b5770)
	github.com/upbound/up/internal/xpls/dispatcher/dispatcher.go:100 +0x380
github.com/upbound/up/internal/xpls/handler.(*Handler).Handle(0x14000507e58?, {0x10502fa70?, 0x140000583e8?}, 0x102f04954?, 0x14000507e78?)
	github.com/upbound/up/internal/xpls/handler/handler.go:69 +0x48
github.com/sourcegraph/jsonrpc2.(*Conn).readMessages(0x140009901b0, {0x10502fa70, 0x140000583e8})
	github.com/sourcegraph/jsonrpc2@v0.1.0/jsonrpc2.go:553 +0x2d4
created by github.com/sourcegraph/jsonrpc2.NewConn
	github.com/sourcegraph/jsonrpc2@v0.1.0/jsonrpc2.go:334 +0x2a8
[Error - 7:00:33 PM] Connection to server got closed. Server will not be restarted.

How can we reproduce it?

Have the following files in a directory.

crossplane.yaml

apiVersion: meta.pkg.crossplane.io/v1
kind: Configuration
metadata:
  name: platform-ref-aws
spec:
  crossplane:
    version: ">=v1.7.0-0"
  dependsOn:
    - provider: xpkg.upbound.io/upbound/provider-aws
      version: ">=v0.18.0"
    - provider: xpkg.upbound.io/crossplane-contrib/provider-helm
      version: ">=v0.12.0"

definition.yaml

apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name: xk8s.platformref.crossplane.io
spec:
  group: platformref.crossplane.io
  names:
    kind: XK8s
    plural: xk8s
  versions:
  - name: v1alpha1
    served: true
    referenceable: true
    schema:
      openAPIV3Schema:
        type: object
        properties:
          spec:
            type: object
            properties:
              oidc:
                type: string
              accountID:
                type: string
              lokiSA:
                type: string
              lokiS3Bucket:
                type: string
              claim:
                type: object
                properties:
                  namespace:
                    type: string
              id:
                type: string
                description: ID of this Cluster that other objects will use to refer to it.
              parameters:
                type: object
                description: EKS configuration parameters.
                properties:
                  nodes:
                    type: object
                    description: EKS node configuration parameters.
                    properties:
                      count:
                        type: integer
                        description: Desired node count, from 1 to 100.
                      size:
                        type: string
                        description: Size of node.
                        enum:
                        - small
                        - medium
                        - large
                    required:
                    - count
                    - size
                required:
                - nodes
            required:
            - parameters
          # status:
          #   description: A Status represents the observed state
          #   properties:
          #     eks:
          #       description: Freeform field containing status information for eks
          #       type: object
          #       x-kubernetes-preserve-unknown-fields: true
          #   type: object

aws/eks/composition.yaml

apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: xeks.k8s.platformref.crossplane.io
  labels:
    cloud: aws
spec:
  compositeTypeRef:
    apiVersion: platformref.crossplane.io/v1alpha1
    kind: XK8s
  resources:
    - name: clusterRole
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: Role
        metadata:
          labels:
            role: controlplane
        spec:
          forProvider:
            assumeRolePolicy: |
              {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "eks.amazonaws.com"
                            ]
                        },
                        "Action": [
                            "sts:AssumeRole"
                        ]
                    }
                ]
              }
    - name: clusterRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: controlplane
    - name: kubernetesCluster
      base:
        apiVersion: eks.aws.upbound.io/v1beta1
        kind: Cluster
        spec:
          forProvider:
            region: us-west-2
            roleArnSelector:
              matchControllerRef: true
              matchLabels:
                role: controlplane
            vpcConfig:
              - endpointPrivateAccess: true
                endpointPublicAccess: true
            #version: "1.23" # With this remarked out or ommitted, the Region default Kubernetes version will be selected
      patches:
        - fromFieldPath: "spec.id"
          toFieldPath: spec.forProvider.vpcConfig[0].securityGroupIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]
        - fromFieldPath: "spec.id"
          toFieldPath: spec.forProvider.vpcConfig[0].subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.identity[0].oidc[0].issuer
          # toFieldPath: status.eks.oidc
          toFieldPath: spec.oidc
          policy:
            fromFieldPath: Required
        - type: ToCompositeFieldPath
          fromFieldPath: spec.forProvider.roleArn
          # toFieldPath: status.eks.accountID
          toFieldPath: spec.accountID
          policy:
            fromFieldPath: Required
          transforms:
            - type: string
              string:
                type: Regexp
                regexp:
                  match: 'arn:aws:iam::(\d+):.*'
                  group: 1
        - type: ToCompositeFieldPath
          fromFieldPath: metadata.uid
          # toFieldPath: status.eks.lokiSA
          toFieldPath: spec.lokiSA
          transforms:
            - type: string
              string:
                fmt: "loki-sa-%s"
        - type: ToCompositeFieldPath
          fromFieldPath: metadata.uid
          # toFieldPath: status.eks.lokiS3Bucket
          toFieldPath: spec.lokiS3Bucket
          transforms:
            - type: string
              string:
                fmt: "loki-s3-%s"
          policy:
            fromFieldPath: Required
        - type: ToCompositeFieldPath
          fromFieldPath: metadata.name
          toFieldPath: status.eks.clusterRef
    - name: kubernetesClusterAuth
      base:
        apiVersion: eks.aws.upbound.io/v1beta1
        kind: ClusterAuth
        spec:
          forProvider:
            region: us-west-2
            clusterNameSelector:
              matchControllerRef: true
      patches:
        - fromFieldPath: spec.claim.namespace
          toFieldPath: spec.writeConnectionSecretToRef.namespace
        - fromFieldPath: status.eks.clusterRef
          toFieldPath: spec.writeConnectionSecretToRef.name
          transforms:
            - type: string
              string:
                fmt: "%s-ekscluster"
          policy:
            fromFieldPath: Required
      connectionDetails:
        - fromConnectionSecretKey: kubeconfig
    - name: nodegroupRole
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: Role
        metadata:
          labels:
            role: nodegroup
        spec:
          forProvider:
            assumeRolePolicy: |
              {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "ec2.amazonaws.com"
                            ]
                        },
                        "Action": [
                            "sts:AssumeRole"
                        ]
                    }
                ]
              }
    - name: workerNodeRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
    - name: cniRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
    - name: containerRegistryRolePolicyAttachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
    - name: nodeGroupPublic
      base:
        apiVersion: eks.aws.upbound.io/v1beta1
        kind: NodeGroup
        spec:
          forProvider:
            region: us-west-2
            clusterNameSelector:
              matchControllerRef: true
            nodeRoleArnSelector:
              matchControllerRef: true
              matchLabels:
                role: nodegroup
            subnetIdSelector:
              matchLabels:
                access: public
            scalingConfig:
              - desiredSize: 1
                minSize: 1
                maxSize: 100
            instanceTypes:
              - t3.medium
            version: "1.23"
      patches:
        - fromFieldPath: "spec.parameters.nodes.count"
          toFieldPath: "spec.forProvider.scalingConfig[0].desiredSize"
        - fromFieldPath: "spec.parameters.nodes.size"
          toFieldPath: "spec.forProvider.instanceTypes[0]"
          transforms:
            - type: map
              map:
                small: t3.small
                medium: t3.medium
                large: t3.large
        - fromFieldPath: "spec.id"
          toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]
### Create EKS cluster OIDC Provider
    - name: cluster-oidc-provider
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: OpenIDConnectProvider
        spec:
          forProvider:
            clientIDList:
              - sts.amazonaws.com
            thumbprintList:
              - "9e99a48a9960b14926bb7f3b02e22da2b0ab7280"
      patches:
        # - fromFieldPath: status.eks.oidc
        - fromFieldPath: spec.oidc
          toFieldPath: spec.forProvider.url
          policy:
            fromFieldPath: Required
### The following Loki IAM resources are created to support the option of installing the Loki chart
    - name: loki-iam-role
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: Role
        metadata:
          labels:
            role: "loki-iam-role"
        spec:
         forProvider:
      patches:
        - type: CombineFromComposite
          combine:
            variables:
            # - fromFieldPath: status.eks.accountID
            - fromFieldPath: spec.accountID
            # - fromFieldPath: status.eks.oidc
            - fromFieldPath: spec.oidc
            # - fromFieldPath: status.eks.oidc
            - fromFieldPath: spec.oidc
            - fromFieldPath: metadata.labels[crossplane.io/claim-namespace]
            # - fromFieldPath: status.eks.lokiSA
            - fromFieldPath: spec.lokiSA
            strategy: string
            string:
              fmt: |
                {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Principal": {
                        "Federated": "arn:aws:iam::%s:oidc-provider/%s"
                      },
                      "Action": "sts:AssumeRoleWithWebIdentity",
                      "Condition": {
                        "StringEquals": {
                          "%s:sub": "system:serviceaccount:%s:%s"
                        }
                      }
                    }
                  ]
                }
          toFieldPath: spec.forProvider.assumeRolePolicy
          policy:
            fromFieldPath: Required
    - name: loki-policy-s3
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: Policy
        metadata:
          labels:
            policy: "loki-s3-policy"
        spec:
          forProvider:
      patches:
        - type: CombineFromComposite
          combine:
            variables:
            # - fromFieldPath: status.eks.lokiS3Bucket
            - fromFieldPath: spec.lokiS3Bucket
            # - fromFieldPath: status.eks.lokiS3Bucket
            - fromFieldPath: spec.lokiS3Bucket
            strategy: string
            string:
              fmt: |
                {
                  "Version": "2012-10-17",
                  "Statement": [
                      {
                          "Effect": "Allow",
                          "Action": [
                              "s3:ListObjects",
                              "s3:ListBucket",
                              "s3:PutObject",
                              "s3:GetObject",
                              "s3:DeleteObject"
                          ],
                          "Resource": [
                              "arn:aws:s3:::%s"
                          ]
                      },
                      {
                          "Effect": "Allow",
                          "Action": [
                              "s3:ListBucket"
                          ],
                          "Resource": [
                              "arn:aws:s3:::%s"
                          ]
                      }
                  ]
                }
          toFieldPath: spec.forProvider.policy
          policy:
            fromFieldPath: Required
    - name: loki-policy-s3-attachment
      base:
        apiVersion: iam.aws.upbound.io/v1beta1
        kind: RolePolicyAttachment
        spec:
          forProvider:
            policyArnSelector:
              matchControllerRef: true
              matchLabels:
                policy: "loki-s3-policy"
            roleSelector:
              matchControllerRef: true
              matchLabels:
                role: "loki-iam-role"
### Provider configs for provider-helm and provider-kubernetes
    - name: eks-providerConfig
      base:
        apiVersion: kubernetes.crossplane.io/v1alpha1
        kind: ProviderConfig
        metadata:
          name: default
        spec:
          credentials:
            source: Secret
            secretRef:
              key: kubeconfig
      patches:
        - fromFieldPath: spec.claim.namespace
          toFieldPath: spec.credentials.secretRef.namespace
        - fromFieldPath: status.eks.clusterRef
          toFieldPath: spec.credentials.secretRef.name
          transforms:
            - type: string
              string:
                fmt: "%s-ekscluster"
          policy:
            fromFieldPath: Required
      readinessChecks:
        - type: None
    - name: helm-providerConfig
      base:
        apiVersion: helm.crossplane.io/v1beta1
        kind: ProviderConfig
        metadata:
          name: default
        spec:
          credentials:
            source: Secret
            secretRef:
              key: kubeconfig
      patches:
        - fromFieldPath: spec.claim.namespace
          toFieldPath: spec.credentials.secretRef.namespace
        - fromFieldPath: status.eks.clusterRef
          toFieldPath: spec.credentials.secretRef.name
          transforms:
            - type: string
              string:
                fmt: "%s-ekscluster"
          policy:
            fromFieldPath: Required
    # - name: helm-in-cluster-providerConfig
    #   base:
    #     apiVersion: helm.crossplane.io/v1beta1
    #     kind: ProviderConfig
    #     metadata:
    #       name: default
    #     spec:
    #       credentials:
    #         source: InjectedIdentity
### Install Loki chart
    - name: cluster-loki
      base:
        apiVersion: platformref.crossplane.io/v1alpha1
        kind: XChart
        spec:
          compositionSelector:
            matchLabels:
              chart: cluster-loki
      patches:
        - fromFieldPath: status.eks.clusterRef
          toFieldPath: spec.clusterRef
          policy:
            fromFieldPath: Required
        - fromFieldPath: spec.claim.namespace
          toFieldPath: spec.namespace

Run up xpkg dep.

Open VSCode.

What environment did it happen in?

up v0.14.0
VSCode v1.73.0
Upbound plugin v0.0.5
@muvaf muvaf added bug Something isn't working needs-project Needs to be added to a project board needs-epic-link Needs a link to an epic needs-points-label Needs a story points label labels Nov 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-epic-link Needs a link to an epic needs-points-label Needs a story points label needs-project Needs to be added to a project board
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@muvaf