search

upbound / up

The @upbound CLI
Apache License 2.0
52 stars 41 forks source link

xpls crashes #276

Open muvaf opened 1 year ago

muvaf commented 1 year ago

What happened?

It crashes with the following log:

``` [Trace - 7:00:33 PM] Sending notification 'initialized'. Params: {} [Trace - 7:00:33 PM] Sending notification 'textDocument/didOpen'. Params: { "textDocument": { "uri": "file:///Users/muvaf/go/src/github.com/upbound/se-repo/configs/loki-config/cluster/k8s/crossplane.yaml", "languageId": "yaml", "version": 1, "text": "apiVersion: meta.pkg.crossplane.io/v1\nkind: Configuration\nmetadata:\n name: platform-ref-aws\nspec:\n crossplane:\n version: \">=v1.7.0-0\"\n dependsOn:\n - provider: xpkg.upbound.io/upbound/provider-aws\n version: \">=v0.18.0\"\n - provider: xpkg.upbound.io/crossplane-contrib/provider-helm\n version: \">=v0.12.0\"\n" } } [Trace - 7:00:33 PM] Sending notification 'textDocument/didOpen'. Params: { "textDocument": { "uri": "file:///Users/muvaf/go/src/github.com/upbound/se-repo/configs/loki-config/cluster/k8s/aws/eks/composition.yaml", "languageId": "yaml", "version": 1, "text": "apiVersion: apiextensions.crossplane.io/v1\nkind: Composition\nmetadata:\n name: xeks.k8s.platformref.crossplane.io\n labels:\n cloud: aws\nspec:\n compositeTypeRef:\n apiVersion: platformref.crossplane.io/v1alpha1\n kind: XK8s\n resources:\n - name: clusterRole\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: Role\n metadata:\n labels:\n role: controlplane\n spec:\n forProvider:\n assumeRolePolicy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": [\n \"eks.amazonaws.com\"\n ]\n },\n \"Action\": [\n \"sts:AssumeRole\"\n ]\n }\n ]\n }\n - name: clusterRolePolicyAttachment\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: RolePolicyAttachment\n spec:\n forProvider:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n roleSelector:\n matchControllerRef: true\n matchLabels:\n role: controlplane\n - name: kubernetesCluster\n base:\n apiVersion: eks.aws.upbound.io/v1beta1\n kind: Cluster\n spec:\n forProvider:\n region: us-west-2\n roleArnSelector:\n matchControllerRef: true\n matchLabels:\n role: controlplane\n vpcConfig:\n - endpointPrivateAccess: true\n endpointPublicAccess: true\n #version: \"1.23\" # With this remarked out or ommitted, the Region default Kubernetes version will be selected\n patches:\n - fromFieldPath: \"spec.id\"\n toFieldPath: spec.forProvider.vpcConfig[0].securityGroupIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]\n - fromFieldPath: \"spec.id\"\n toFieldPath: spec.forProvider.vpcConfig[0].subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]\n - type: ToCompositeFieldPath\n fromFieldPath: status.atProvider.identity[0].oidc[0].issuer\n # toFieldPath: status.eks.oidc\n toFieldPath: spec.oidc\n policy:\n fromFieldPath: Required\n - type: ToCompositeFieldPath\n fromFieldPath: spec.forProvider.roleArn\n # toFieldPath: status.eks.accountID\n toFieldPath: spec.accountID\n policy:\n fromFieldPath: Required\n transforms:\n - type: string\n string:\n type: Regexp\n regexp:\n match: 'arn:aws:iam::(\\d+):.*'\n group: 1\n - type: ToCompositeFieldPath\n fromFieldPath: metadata.uid\n # toFieldPath: status.eks.lokiSA\n toFieldPath: spec.lokiSA\n transforms:\n - type: string\n string:\n fmt: \"loki-sa-%s\"\n - type: ToCompositeFieldPath\n fromFieldPath: metadata.uid\n # toFieldPath: status.eks.lokiS3Bucket\n toFieldPath: spec.lokiS3Bucket\n transforms:\n - type: string\n string:\n fmt: \"loki-s3-%s\"\n policy:\n fromFieldPath: Required\n - type: ToCompositeFieldPath\n fromFieldPath: metadata.name\n toFieldPath: status.eks.clusterRef\n - name: kubernetesClusterAuth\n base:\n apiVersion: eks.aws.upbound.io/v1beta1\n kind: ClusterAuth\n spec:\n forProvider:\n region: us-west-2\n clusterNameSelector:\n matchControllerRef: true\n patches:\n - fromFieldPath: spec.claim.namespace\n toFieldPath: spec.writeConnectionSecretToRef.namespace\n - fromFieldPath: status.eks.clusterRef\n toFieldPath: spec.writeConnectionSecretToRef.name\n transforms:\n - type: string\n string:\n fmt: \"%s-ekscluster\"\n policy:\n fromFieldPath: Required\n connectionDetails:\n - fromConnectionSecretKey: kubeconfig\n - name: nodegroupRole\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: Role\n metadata:\n labels:\n role: nodegroup\n spec:\n forProvider:\n assumeRolePolicy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": [\n \"ec2.amazonaws.com\"\n ]\n },\n \"Action\": [\n \"sts:AssumeRole\"\n ]\n }\n ]\n }\n - name: workerNodeRolePolicyAttachment\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: RolePolicyAttachment\n spec:\n forProvider:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\n roleSelector:\n matchControllerRef: true\n matchLabels:\n role: nodegroup\n - name: cniRolePolicyAttachment\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: RolePolicyAttachment\n spec:\n forProvider:\n policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\n roleSelector:\n matchControllerRef: true\n matchLabels:\n role: nodegroup\n - name: containerRegistryRolePolicyAttachment\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: RolePolicyAttachment\n spec:\n forProvider:\n policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\n roleSelector:\n matchControllerRef: true\n matchLabels:\n role: nodegroup\n - name: nodeGroupPublic\n base:\n apiVersion: eks.aws.upbound.io/v1beta1\n kind: NodeGroup\n spec:\n forProvider:\n region: us-west-2\n clusterNameSelector:\n matchControllerRef: true\n nodeRoleArnSelector:\n matchControllerRef: true\n matchLabels:\n role: nodegroup\n subnetIdSelector:\n matchLabels:\n access: public\n scalingConfig:\n - desiredSize: 1\n minSize: 1\n maxSize: 100\n instanceTypes:\n - t3.medium\n version: \"1.23\"\n patches:\n - fromFieldPath: \"spec.parameters.nodes.count\"\n toFieldPath: \"spec.forProvider.scalingConfig[0].desiredSize\"\n - fromFieldPath: \"spec.parameters.nodes.size\"\n toFieldPath: \"spec.forProvider.instanceTypes[0]\"\n transforms:\n - type: map\n map:\n small: t3.small\n medium: t3.medium\n large: t3.large\n - fromFieldPath: \"spec.id\"\n toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id]\n### Create EKS cluster OIDC Provider\n - name: cluster-oidc-provider\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: OpenIDConnectProvider\n spec:\n forProvider:\n clientIDList:\n - sts.amazonaws.com\n thumbprintList:\n - \"9e99a48a9960b14926bb7f3b02e22da2b0ab7280\"\n patches:\n # - fromFieldPath: status.eks.oidc\n - fromFieldPath: spec.oidc\n toFieldPath: spec.forProvider.url\n policy:\n fromFieldPath: Required\n### The following Loki IAM resources are created to support the option of installing the Loki chart\n - name: loki-iam-role\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: Role\n metadata:\n labels:\n role: \"loki-iam-role\"\n spec:\n forProvider:\n patches:\n - type: CombineFromComposite\n combine:\n variables:\n # - fromFieldPath: status.eks.accountID\n - fromFieldPath: spec.accountID\n # - fromFieldPath: status.eks.oidc\n - fromFieldPath: spec.oidc\n # - fromFieldPath: status.eks.oidc\n - fromFieldPath: spec.oidc\n - fromFieldPath: metadata.labels[crossplane.io/claim-namespace]\n # - fromFieldPath: status.eks.lokiSA\n - fromFieldPath: spec.lokiSA\n strategy: string\n string:\n fmt: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Federated\": \"arn:aws:iam::%s:oidc-provider/%s\"\n },\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Condition\": {\n \"StringEquals\": {\n \"%s:sub\": \"system:serviceaccount:%s:%s\"\n }\n }\n }\n ]\n }\n toFieldPath: spec.forProvider.assumeRolePolicy\n policy:\n fromFieldPath: Required\n - name: loki-policy-s3\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: Policy\n metadata:\n labels:\n policy: \"loki-s3-policy\"\n spec:\n forProvider:\n patches:\n - type: CombineFromComposite\n combine:\n variables:\n # - fromFieldPath: status.eks.lokiS3Bucket\n - fromFieldPath: spec.lokiS3Bucket\n # - fromFieldPath: status.eks.lokiS3Bucket\n - fromFieldPath: spec.lokiS3Bucket\n strategy: string\n string:\n fmt: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListObjects\",\n \"s3:ListBucket\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:DeleteObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::%s\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::%s\"\n ]\n }\n ]\n }\n toFieldPath: spec.forProvider.policy\n policy:\n fromFieldPath: Required\n - name: loki-policy-s3-attachment\n base:\n apiVersion: iam.aws.upbound.io/v1beta1\n kind: RolePolicyAttachment\n spec:\n forProvider:\n policyArnSelector:\n matchControllerRef: true\n matchLabels:\n policy: \"loki-s3-policy\"\n roleSelector:\n matchControllerRef: true\n matchLabels:\n role: \"loki-iam-role\"\n### Provider configs for provider-helm and provider-kubernetes\n - name: eks-providerConfig\n base:\n apiVersion: kubernetes.crossplane.io/v1alpha1\n kind: ProviderConfig\n metadata:\n name: default\n spec:\n credentials:\n source: Secret\n secretRef:\n key: kubeconfig\n patches:\n - fromFieldPath: spec.claim.namespace\n toFieldPath: spec.credentials.secretRef.namespace\n - fromFieldPath: status.eks.clusterRef\n toFieldPath: spec.credentials.secretRef.name\n transforms:\n - type: string\n string:\n fmt: \"%s-ekscluster\"\n policy:\n fromFieldPath: Required\n readinessChecks:\n - type: None\n - name: helm-providerConfig\n base:\n apiVersion: helm.crossplane.io/v1beta1\n kind: ProviderConfig\n metadata:\n name: default\n spec:\n credentials:\n source: Secret\n secretRef:\n key: kubeconfig\n patches:\n - fromFieldPath: spec.claim.namespace\n toFieldPath: spec.credentials.secretRef.namespace\n - fromFieldPath: status.eks.clusterRef\n toFieldPath: spec.credentials.secretRef.name\n transforms:\n - type: string\n string:\n fmt: \"%s-ekscluster\"\n policy:\n fromFieldPath: Required\n # - name: helm-in-cluster-providerConfig\n # base:\n # apiVersion: helm.crossplane.io/v1beta1\n # kind: ProviderConfig\n # metadata:\n # name: default\n # spec:\n # credentials:\n # source: InjectedIdentity\n### Install Loki chart\n - name: cluster-loki\n base:\n apiVersion: platformref.crossplane.io/v1alpha1\n kind: XChart\n spec:\n compositionSelector:\n matchLabels:\n chart: cluster-loki\n patches:\n - fromFieldPath: status.eks.clusterRef\n toFieldPath: spec.clusterRef\n policy:\n fromFieldPath: Required\n - fromFieldPath: spec.claim.namespace\n toFieldPath: spec.namespace" } } [Trace - 7:00:33 PM] Received request 'client/registerCapability - (0)'. Params: { "registrations": [ { "id": "workspace/didChangeWatchedFiles-1", "method": "workspace/didChangeWatchedFiles", "registerOptions": { "watchers": [ { "globPattern": "**/*.yaml", "kind": 7 } ] } } ] } [Trace - 7:00:33 PM] Sending response 'client/registerCapability - (0)'. Processing request took 0ms No result returned. [Trace - 7:00:33 PM] Received notification 'textDocument/publishDiagnostics'. Params: { "uri": "file:///Users/muvaf/go/src/github.com/upbound/se-repo/configs/loki-config/cluster/k8s/crossplane.yaml", "diagnostics": [] } [Trace - 7:00:33 PM] Received notification 'textDocument/publishDiagnostics'. Params: { "uri": "file:///Users/muvaf/go/src/github.com/upbound/se-repo/configs/loki-config/cluster/k8s/crossplane.yaml", "diagnostics": [] } panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x1043f4614] goroutine 66 [running]: github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevisionTransform(...) github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:167 github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevisionPatch({{0x1400057d518, 0x14}, 0x14004afaca0, 0x0, 0x14004afacd0, 0x0, {0x14004ae2600, 0x1, 0x4}, 0x14004afacb0}) github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:145 +0x3a4 github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevisionComposedTemplate({0x14004afac10, {{0x14002a38a20, 0x107, 0x120}, {0x0, 0x0}}, {0x140047fa300, 0x7, 0x9}, {0x0, ...}, ...}) github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:100 +0x1c4 github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevisionSpec({{{0x14002a6f8f0, 0x22}, {0x140047d8a78, 0x4}}, {0x0, 0x0, 0x0}, {0x14000a1a000, 0x10, 0x13}, ...}, ...) github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:68 +0x2b8 github.com/crossplane/crossplane/controller/apiextensions/compositions.NewCompositionRevision(0x14000346000, 0x24f9?, {0x0, 0x0}) github.com/crossplane/crossplane/controller/apiextensions@v0.0.0-00010101000000-000000000000/compositions/revision.go:38 +0x154 github.com/upbound/up/internal/xpkg/snapshot.(*CompositionValidator).marshal(0x14001d0f7e8?, {0x104ff2940?, 0x14000610398?}) github.com/upbound/up/internal/xpkg/snapshot/composition.go:125 +0x98 github.com/upbound/up/internal/xpkg/snapshot.(*CompositionValidator).Validate(0x1400441f880, {0x104ff2940?, 0x14000610398?}) github.com/upbound/up/internal/xpkg/snapshot/composition.go:69 +0x34 github.com/upbound/up/internal/xpkg/snapshot/validator.(*ObjectValidator).Validate(0x104c950c0?, {0x104ff2940, 0x14000610398}) github.com/upbound/up/internal/xpkg/snapshot/validator/validator.go:80 +0x108 github.com/upbound/up/internal/xpkg/snapshot.(*Snapshot).Validate(0x1400049f110, {0x140029cf7a0?, 0x104b14be0?}) github.com/upbound/up/internal/xpkg/snapshot/snapshot.go:461 +0x2ec github.com/upbound/up/internal/xpls/server.(*Server).DidOpen(0x14000340ea0, {0x10502fa70, 0x140000583e8}, 0x140046b5a80) github.com/upbound/up/internal/xpls/server/server.go:193 +0x60 github.com/upbound/up/internal/xpls/dispatcher.(*Dispatcher).Dispatch(0x14000479860, {0x10502fa70, 0x140000583e8}, {0x105032870, 0x14000340ea0}, 0x104dbe100?, 0x140044b5770) github.com/upbound/up/internal/xpls/dispatcher/dispatcher.go:100 +0x380 github.com/upbound/up/internal/xpls/handler.(*Handler).Handle(0x14000507e58?, {0x10502fa70?, 0x140000583e8?}, 0x102f04954?, 0x14000507e78?) github.com/upbound/up/internal/xpls/handler/handler.go:69 +0x48 github.com/sourcegraph/jsonrpc2.(*Conn).readMessages(0x140009901b0, {0x10502fa70, 0x140000583e8}) github.com/sourcegraph/jsonrpc2@v0.1.0/jsonrpc2.go:553 +0x2d4 created by github.com/sourcegraph/jsonrpc2.NewConn github.com/sourcegraph/jsonrpc2@v0.1.0/jsonrpc2.go:334 +0x2a8 [Error - 7:00:33 PM] Connection to server got closed. Server will not be restarted. ```

How can we reproduce it?

Have the following files in a directory.

crossplane.yaml ```yaml apiVersion: meta.pkg.crossplane.io/v1 kind: Configuration metadata: name: platform-ref-aws spec: crossplane: version: ">=v1.7.0-0" dependsOn: - provider: xpkg.upbound.io/upbound/provider-aws version: ">=v0.18.0" - provider: xpkg.upbound.io/crossplane-contrib/provider-helm version: ">=v0.12.0" ``` definition.yaml ```yaml apiVersion: apiextensions.crossplane.io/v1 kind: CompositeResourceDefinition metadata: name: xk8s.platformref.crossplane.io spec: group: platformref.crossplane.io names: kind: XK8s plural: xk8s versions: - name: v1alpha1 served: true referenceable: true schema: openAPIV3Schema: type: object properties: spec: type: object properties: oidc: type: string accountID: type: string lokiSA: type: string lokiS3Bucket: type: string claim: type: object properties: namespace: type: string id: type: string description: ID of this Cluster that other objects will use to refer to it. parameters: type: object description: EKS configuration parameters. properties: nodes: type: object description: EKS node configuration parameters. properties: count: type: integer description: Desired node count, from 1 to 100. size: type: string description: Size of node. enum: - small - medium - large required: - count - size required: - nodes required: - parameters # status: # description: A Status represents the observed state # properties: # eks: # description: Freeform field containing status information for eks # type: object # x-kubernetes-preserve-unknown-fields: true # type: object ``` aws/eks/composition.yaml ```yaml apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: name: xeks.k8s.platformref.crossplane.io labels: cloud: aws spec: compositeTypeRef: apiVersion: platformref.crossplane.io/v1alpha1 kind: XK8s resources: - name: clusterRole base: apiVersion: iam.aws.upbound.io/v1beta1 kind: Role metadata: labels: role: controlplane spec: forProvider: assumeRolePolicy: | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "eks.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] } - name: clusterRolePolicyAttachment base: apiVersion: iam.aws.upbound.io/v1beta1 kind: RolePolicyAttachment spec: forProvider: policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy roleSelector: matchControllerRef: true matchLabels: role: controlplane - name: kubernetesCluster base: apiVersion: eks.aws.upbound.io/v1beta1 kind: Cluster spec: forProvider: region: us-west-2 roleArnSelector: matchControllerRef: true matchLabels: role: controlplane vpcConfig: - endpointPrivateAccess: true endpointPublicAccess: true #version: "1.23" # With this remarked out or ommitted, the Region default Kubernetes version will be selected patches: - fromFieldPath: "spec.id" toFieldPath: spec.forProvider.vpcConfig[0].securityGroupIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id] - fromFieldPath: "spec.id" toFieldPath: spec.forProvider.vpcConfig[0].subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id] - type: ToCompositeFieldPath fromFieldPath: status.atProvider.identity[0].oidc[0].issuer # toFieldPath: status.eks.oidc toFieldPath: spec.oidc policy: fromFieldPath: Required - type: ToCompositeFieldPath fromFieldPath: spec.forProvider.roleArn # toFieldPath: status.eks.accountID toFieldPath: spec.accountID policy: fromFieldPath: Required transforms: - type: string string: type: Regexp regexp: match: 'arn:aws:iam::(\d+):.*' group: 1 - type: ToCompositeFieldPath fromFieldPath: metadata.uid # toFieldPath: status.eks.lokiSA toFieldPath: spec.lokiSA transforms: - type: string string: fmt: "loki-sa-%s" - type: ToCompositeFieldPath fromFieldPath: metadata.uid # toFieldPath: status.eks.lokiS3Bucket toFieldPath: spec.lokiS3Bucket transforms: - type: string string: fmt: "loki-s3-%s" policy: fromFieldPath: Required - type: ToCompositeFieldPath fromFieldPath: metadata.name toFieldPath: status.eks.clusterRef - name: kubernetesClusterAuth base: apiVersion: eks.aws.upbound.io/v1beta1 kind: ClusterAuth spec: forProvider: region: us-west-2 clusterNameSelector: matchControllerRef: true patches: - fromFieldPath: spec.claim.namespace toFieldPath: spec.writeConnectionSecretToRef.namespace - fromFieldPath: status.eks.clusterRef toFieldPath: spec.writeConnectionSecretToRef.name transforms: - type: string string: fmt: "%s-ekscluster" policy: fromFieldPath: Required connectionDetails: - fromConnectionSecretKey: kubeconfig - name: nodegroupRole base: apiVersion: iam.aws.upbound.io/v1beta1 kind: Role metadata: labels: role: nodegroup spec: forProvider: assumeRolePolicy: | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] } - name: workerNodeRolePolicyAttachment base: apiVersion: iam.aws.upbound.io/v1beta1 kind: RolePolicyAttachment spec: forProvider: policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy roleSelector: matchControllerRef: true matchLabels: role: nodegroup - name: cniRolePolicyAttachment base: apiVersion: iam.aws.upbound.io/v1beta1 kind: RolePolicyAttachment spec: forProvider: policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy roleSelector: matchControllerRef: true matchLabels: role: nodegroup - name: containerRegistryRolePolicyAttachment base: apiVersion: iam.aws.upbound.io/v1beta1 kind: RolePolicyAttachment spec: forProvider: policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly roleSelector: matchControllerRef: true matchLabels: role: nodegroup - name: nodeGroupPublic base: apiVersion: eks.aws.upbound.io/v1beta1 kind: NodeGroup spec: forProvider: region: us-west-2 clusterNameSelector: matchControllerRef: true nodeRoleArnSelector: matchControllerRef: true matchLabels: role: nodegroup subnetIdSelector: matchLabels: access: public scalingConfig: - desiredSize: 1 minSize: 1 maxSize: 100 instanceTypes: - t3.medium version: "1.23" patches: - fromFieldPath: "spec.parameters.nodes.count" toFieldPath: "spec.forProvider.scalingConfig[0].desiredSize" - fromFieldPath: "spec.parameters.nodes.size" toFieldPath: "spec.forProvider.instanceTypes[0]" transforms: - type: map map: small: t3.small medium: t3.medium large: t3.large - fromFieldPath: "spec.id" toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[networks.aws.platformref.crossplane.io/network-id] ### Create EKS cluster OIDC Provider - name: cluster-oidc-provider base: apiVersion: iam.aws.upbound.io/v1beta1 kind: OpenIDConnectProvider spec: forProvider: clientIDList: - sts.amazonaws.com thumbprintList: - "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" patches: # - fromFieldPath: status.eks.oidc - fromFieldPath: spec.oidc toFieldPath: spec.forProvider.url policy: fromFieldPath: Required ### The following Loki IAM resources are created to support the option of installing the Loki chart - name: loki-iam-role base: apiVersion: iam.aws.upbound.io/v1beta1 kind: Role metadata: labels: role: "loki-iam-role" spec: forProvider: patches: - type: CombineFromComposite combine: variables: # - fromFieldPath: status.eks.accountID - fromFieldPath: spec.accountID # - fromFieldPath: status.eks.oidc - fromFieldPath: spec.oidc # - fromFieldPath: status.eks.oidc - fromFieldPath: spec.oidc - fromFieldPath: metadata.labels[crossplane.io/claim-namespace] # - fromFieldPath: status.eks.lokiSA - fromFieldPath: spec.lokiSA strategy: string string: fmt: | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::%s:oidc-provider/%s" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "%s:sub": "system:serviceaccount:%s:%s" } } } ] } toFieldPath: spec.forProvider.assumeRolePolicy policy: fromFieldPath: Required - name: loki-policy-s3 base: apiVersion: iam.aws.upbound.io/v1beta1 kind: Policy metadata: labels: policy: "loki-s3-policy" spec: forProvider: patches: - type: CombineFromComposite combine: variables: # - fromFieldPath: status.eks.lokiS3Bucket - fromFieldPath: spec.lokiS3Bucket # - fromFieldPath: status.eks.lokiS3Bucket - fromFieldPath: spec.lokiS3Bucket strategy: string string: fmt: | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListObjects", "s3:ListBucket", "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::%s" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::%s" ] } ] } toFieldPath: spec.forProvider.policy policy: fromFieldPath: Required - name: loki-policy-s3-attachment base: apiVersion: iam.aws.upbound.io/v1beta1 kind: RolePolicyAttachment spec: forProvider: policyArnSelector: matchControllerRef: true matchLabels: policy: "loki-s3-policy" roleSelector: matchControllerRef: true matchLabels: role: "loki-iam-role" ### Provider configs for provider-helm and provider-kubernetes - name: eks-providerConfig base: apiVersion: kubernetes.crossplane.io/v1alpha1 kind: ProviderConfig metadata: name: default spec: credentials: source: Secret secretRef: key: kubeconfig patches: - fromFieldPath: spec.claim.namespace toFieldPath: spec.credentials.secretRef.namespace - fromFieldPath: status.eks.clusterRef toFieldPath: spec.credentials.secretRef.name transforms: - type: string string: fmt: "%s-ekscluster" policy: fromFieldPath: Required readinessChecks: - type: None - name: helm-providerConfig base: apiVersion: helm.crossplane.io/v1beta1 kind: ProviderConfig metadata: name: default spec: credentials: source: Secret secretRef: key: kubeconfig patches: - fromFieldPath: spec.claim.namespace toFieldPath: spec.credentials.secretRef.namespace - fromFieldPath: status.eks.clusterRef toFieldPath: spec.credentials.secretRef.name transforms: - type: string string: fmt: "%s-ekscluster" policy: fromFieldPath: Required # - name: helm-in-cluster-providerConfig # base: # apiVersion: helm.crossplane.io/v1beta1 # kind: ProviderConfig # metadata: # name: default # spec: # credentials: # source: InjectedIdentity ### Install Loki chart - name: cluster-loki base: apiVersion: platformref.crossplane.io/v1alpha1 kind: XChart spec: compositionSelector: matchLabels: chart: cluster-loki patches: - fromFieldPath: status.eks.clusterRef toFieldPath: spec.clusterRef policy: fromFieldPath: Required - fromFieldPath: spec.claim.namespace toFieldPath: spec.namespace ```

Run up xpkg dep.

Open VSCode.

What environment did it happen in?

up v0.14.0 VSCode v1.73.0 Upbound plugin v0.0.5