Getting Started with Switchblade

Requirements

x86_64 platform
AWS Access (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY required)
Azure access (`AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID` required)
Kubernetes access
Switchblade license key

Installation

Create namespace for switchblade

kubectl create ns operators

Install License and AWS Access keys (replace variables or set environment variables accordingly)

kubectl create secret -n operators generic credentials --from-literal AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --from-literal AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --from-literal LICENSE_KEY=$LICENSE_KEY

Create state bucket

// use favorite IaC or console or CLI
aws s3api create-bucket --acl private --bucket mycompany-myenvironment-switchblade-state

Download and extract deployment package

wget https://s3.amazonaws.com/software.boundless.distributions/switchblade-0.0.6.tgz
tar xvf switchblade-0.0.6.tgz

Edit deployment.yaml

# update with values from step 3
        - name: AWS_STATE_BUCKET
          value: ""
        - name: AWS_STATE_BUCKET_REGION
          value: ""

Install yamls into cluster

# If installing for first time
kubectl create -f crd.yaml
kubectl create -f rbac.yaml
kubectl apply -f deployment.yaml

# If upgrading
kubectl replace -f crd.yaml
kubectl replace -f rbac.yaml
kubectl apply -f deployment.yaml

Azure setup for Switchblade

Create Enterprise Application

In the Azure portal, navigate to Azure EntraId > App registrations > New registration.
Name the application and click register.
Export the application (client) ID and directory (tenant) ID.

export AZURE_TENANT_ID="Your Azure Tenant ID"

export AZURE_CLIENT_ID="Your Azure Client ID"

Generate Client Secret

In the Azure portal, go to Azure EntraId > App registrations > Select the Enterprise Application you created.
Navigate To Certificates & Secrets > New client secret.
Choose an expiry period, and click Add.
Export the generated secret value.

export AZURE_CLIENT_SECRET="Your Azure Client Secret"

Assign API Permissions (optional, only required for EntraId resources)

App registrations > Select the Enterprise Application you created.
Go to API permissions > Add a permission > Microsoft Graph > Application permissions > Select the following permissions:
- User.ReadWrite.All
- Directory.ReadWrite.All
- Group.ReadWrite.All
- User.ManageIdentities.All
- User.Export.All
- AppRoleAssignment.ReadWrite.All
Click Add permissions.
Grant Admin Consent for default directory.

Assign Permissions

In the Azure portal, go to Entra Id default directory.
Navigate to Roles and Administrators.
Click on Global Administrator.
Click Add assignments > Search for the Enterprise Application you created > Next > Enter justification > Assign.

Add Application To Your Subscription

In the Azure portal, go to subscriptions.
Select the subscription you will add the application to and will be using with Switchblade.
Export the subscription ID.

export AZURE_SUBSCRIPTION_ID="Your Azure Subscription ID"

Navigate to Access control (IAM) > Add > Add role assignment.
Select Privileged Permissions > Owner
Click next > Select members > Search for the Enterprise Application you created > Select allow user to assign all roles > Click Assign.
Click next > select “Allow user to assign all roles (highly privileged)” > Click Review + assign. > Click Review + assign.

AWS

AwsProviderSpec

region

string

The region for the aws provider

EKS

A managed Kubernetes service that automates key tasks like patching, node provisioning, and updates.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1

kind: Eks

metadata:

spec:

provider:

region: us-west-2

cluster:

version: “1.21”

roleArn: arn:aws:iam::123456789012:role/eks-cluster-role

subnetIds:

– subnet-abcdef01

– subnet-abcdef02

tags:

Name: my-eks-cluster

Environment: Dev

oidcProvider:

issuerUrl: “https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E”

clientId: “example-id”

endpoint:

public: true

private: false

addons:

– name: coredns

addonVersion: “1.8.4”

logTypes:

– “api”

– “audit”

nodeGroups:

primary:

amiType: AL2_x86_64

capacityType: ON_DEMAND

diskSize: 20

instanceTypes:

– m5.large

labels:

role: primary

launchTemplate:

version: “1”

scalingConfig:

desiredSize: 2

maxSize: 3

minSize: 1

subnets:

– subnet-abcdef01

tags:

Name: primary-nodes

Environment: Dev

taints:

– key: “key1”

value: “value1”

effect: “NoSchedule”

EKS Inputs

provider*

cluster

AwsProviderSpec

EksClusterSpec

Provider specifies the AWS provider settings for the EKS cluster.

Cluster specifies the configuration for the EKS cluster.

EksClusterSpec

addons

logTypes

nodeGroups

roleArn

subnetIds*

tags

oidcProvider

version

endpoint

[]AddOnSpec

[]types.LogType

map[string]EksNodeGroupSpec

string

[]string

map[string]string

OidcProviderSpec

string

EndPointSpec

Addons specifies the add-ons to enable for the EKS cluster.

LogTypes specifies the types of logs to enable.

NodeGroups specifies the node groups for the EKS cluster.

RoleArn specifies the ARN of the IAM role for the EKS cluster.

SubnetIds specifies the IDs of the subnets for the EKS cluster.

Tags are metadata to assign to the EKS cluster.

OidcProvider specifies the OIDC identity provider for the EKS cluster.

Version specifies the Kubernetes version for the EKS cluster.

Endpoint specifies the public and private access points for the EKS cluster.

AddOnSpec

name*

addonVersion

string

Name specifies the name of the add-on.

AddonVersion specifies the version of the add-on.

EksNodeGroupSpec

amiType

capacityType

clientRequestToken

diskSize

instanceTypes

labels

launchTemplate

maxUnavailable

maxUnavailablePercentage

nodeRoleArn

releaseVersion

remoteAccess

scalingConfig

subnets

tags

taints

version

string

int32

[]string

map[string]string

LaunchTemplateSpec

int32

string

NodeGroupRemoteAccessSpec

EksNodeGroupScalingConfig

[]string

map[string]string

[]EksNodeGroupTaint

string

AmiType specifies the AMI type for the node group.

CapacityType specifies the EC2 capacity type.

ClientRequestToken is an idempotency token.

DiskSize specifies the root disk size.

InstanceTypes specifies the types of instances in the node group.

Labels to apply to the Kubernetes nodes.

LaunchTemplate specifies the launch template for the node group.

MaxUnavailable specifies the maximum number of nodes that can be unavailable during an update.

MaxUnavailablePercentage specifies the max percentage of nodes that can be unavailable during an update.

NodeRoleArn specifies the ARN of the role for the nodes.

ReleaseVersion specifies the release version of the node group.

RemoteAccess specifies the remote access settings.

ScalingConfig specifies the scaling settings for the node group.

Subnets specifies which subnets to associate with the node group.

Tags are metadata to assign to the node group.

Taints to apply to the Kubernetes nodes.

Version specifies the Kubernetes version for the node group.

OidcProviderSpec

clientIdList*

thumbprintList*

url*

[]string

string

ClientIdList specifies the list of client IDs for the OIDC identity provider.

ThumbprintList specifies the list of thumbprints of the OIDC identity provider's server certificate(s).

Url is the URL of the OIDC identity provider.

EndPointSpec

public

private

bool

Public indicates whether the endpoint is publicly accessible.

Private indicates whether the endpoint is privately accessible.

LaunchTemplateSpec

name

version

string

Name specifies the name of the launch template.

Version specifies the version of the launch template.

NodeGroupRemoteAccessSpec

ec2SshKey

sourceSecurityGroups

string

[]string

Ec2SshKey specifies the EC2 SSH key.

SourceSecurityGroups specifies the security groups for SSH.

EksNodeGroupScalingConfig

desiredSize

maxSize

minSize

int32

DesiredSize specifies the desired number of worker nodes.

MaxSize specifies the maximum number of worker nodes.

MinSize specifies the minimum number of worker nodes.

EksNodeGroupTaint

key

value

effect

string

Key is the taint key to apply.

Value is the taint value to apply.

Effect is the taint effect to apply.

EKS Outputs

addons

arn

clusterRole

clusterType

condition

endpoint

issuer

logTypes

nodeGroups

oidcProvider

map[string]EksAddonStatus

string

metav1.Condition

string

[]types.LogType

map[string]EksNodeGroupStatus

string

Addons defines the observed state of the configured add-ons.

Arn is the Amazon Resource Name of the cluster.

ClusterRole is the role ARN associated with the cluster.

ClusterType specifies the type of the cluster.

Condition indicates the condition of the cluster.

Endpoint is the cluster endpoint.

Issuer is the OIDC issuer for the cluster.

LogTypes are the types of logs that are enabled.

NodeGroups defines the observed state of the configured node groups.

OidcProvider is the OIDC provider associated with the cluster.

EksAddonStatus

condition

arn

version

metav1.Condition

string

Condition indicates the condition of the add-on.

Arn is the Amazon Resource Name of the add-on.

Version is the version of the add-on.

EksNodeGroupStatus

condition

id

nodeRole

metav1.Condition

string

Condition indicates the condition of the node group.

Arn is the Amazon Resource Name of the node group.

NodeRole is the role associated with the node group.

VPC

A customizable virtual network where you can launch AWS resources, providing network isolation and security for your applications.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1

kind: Vpc

metadata:

spec:

provider:

region: us-east-1

cidrBlock: “10.0.0.0/16”

subnets:

– cidrBlock: “10.0.1.0/24”

type: “public”

zone: “us-east-1a”

tags:

Name: “switchblade-sample-public-subnet”

– cidrBlock: “10.0.2.0/24”

type: “private”

zone: “us-east-1b”

tags:

Name: “switchblade-sample-private-subnet”

natGateway:

zones:

– “us-east-1a”

– “us-east-1b”

routeTables:

– name: “switchblade-sample-route-table”

routes:

– destination: “0.0.0.0/0”

routeTableId: “rtb-12345678”

gatewayId: “igw-12345678”

subnets:

– “subnet-12345678”

tags:

Name: “switchblade-sample-route-table”

endpoints:

– service: “com.amazonaws.us-east-1.s3”

type: “Gateway”

peers:

– peerCidr: “192.168.0.0/16”

peerRegion: “us-west-1”

peerOwnerId: “123456789012”

peerVpcId: “vpc-abcdef12”

routeTableIds:

– “rtb-12345678”

autoAccept: true

tags:

Name: “switchblade-sample-vpc”

Project: “Switchblade”

VPC Inputs

provider*

cidrBlock*

subnets*

natGateway

routeTables

endpoints

peers

tags

AwsProviderSpec

string

[]SubnetSpec

NatGatewaySpec

[]RouteTableSpec

[]EndpointSpec

[]PeerSpec

map[string]string

Provider specifies the AWS provider settings for this VPC.

CidrBlock is the IPv4 network range for the VPC.

Subnets specifies the subnets to be created within this VPC.

NatGateway specifies the NAT Gateway settings for this VPC.

RouteTables specifies the route tables to be created for this VPC.

Endpoints specifies the VPC Endpoints to be created for this VPC.

Peers specifies the VPCs to be peered with this VPC.

Tags are metadata to assign to the VPC.

SubnetSpec

cidrBlock*

type*

zone*

tags

string

map[string]string

CidrBlock is the IPv4 network range for the subnet.

Type is the type of the subnet.

Zone is the availability zone where the subnet is created.

Tags are metadata to assign to the subnet.

NatGatewaySpec

zones*

[]string

Zones are the availability zones for the NAT Gateway.

RouteTableSpec

name*

routes

subnets

tags

string

[]RouteSpec

[]string

map[string]string

Name is the name of the Route Table.

Routes specifies the routes to be added to this Route Table.

Subnets specifies the subnets associated with this Route Table.

Tags are metadata to assign to the Route Table.

EndpointSpec

service

policy

privateDnsEnabled

routeTableIds

securityGroupIds

subnetIds

tags

type

string

map[string]string

bool

[]string

map[string]string

string

Service specifies the service to be accessed via this endpoint.

Policy defines the policy for the endpoint.

PrivateDnsEnabled indicates whether private DNS is enabled for this endpoint.

RouteTableIds specifies the route tables to associate with the endpoint.

SecurityGroupIds specifies the security groups to associate with the endpoint.

SubnetIds specifies the subnets to associate with the endpoint.

Tags are metadata to assign to the endpoint.

Type specifies the type of the endpoint.

PeerSpec

peerCidr*

peerRegion*

peerOwnerId*

peerVpcId*

routeTableIds*

autoAccept

tags

string

[]string

bool

map[string]string

PeerCidr specifies the CIDR block of the peer VPC.

PeerRegion specifies the region of the peer VPC.

PeerOwnerId specifies the owner ID of the peer VPC.

PeerVpcId specifies the VPC ID of the peer VPC.

RouteTableIds specifies the route tables to update with the peering connection.

AutoAccept specifies whether the peering request will be auto-accepted.

Tags are metadata to assign to the peering connection.

RouteSpec

destination*

routeTableId*

gatewayId

natGatewayId

transitGatewayId

vpcEndpointId

vpcPeeringConnectionId

string

Destination specifies the CIDR block of the route.

RouteTableId is the ID of the Route Table to which this route will be added.

GatewayId is the ID of the internet gateway or virtual private gateway.

NatGatewayId is the ID of the NAT gateway.

TransitGatewayId is the ID of the transit gateway.

VpcEndpointId is the ID of the VPC endpoint.

VpcPeeringConnectionId is the ID of the VPC peering connection.

VPC Outputs

condition

vpcId

subnets

internetGateway

natGateway

routeTables

metav1.Condition

string

map[string]SubnetStatus

InternetGatewayStatus

map[string]NatGatewayStatus

map[string]RouteTableStatus

Condition provides the current condition of this VPC.

Id is the AWS VPC ID.

Subnets provides the status of subnets within this VPC.

InternetGateway provides the status of the internet gateway within this VPC.

NatGateways provides the status of NAT gateways within this VPC.

RouteTables provides the status of route tables within this VPC.

SubnetStatus

condition

cidrBlock

id

type

zone

metav1.Condition

string

Condition provides the current condition of this Subnet.

CidrBlock is the CIDR block of this Subnet.

Id is the AWS Subnet ID.

Type specifies whether the subnet is public, private, or isolated.

Zone is the availability zone where the subnet resides.

InternetGatewayStatus

condition

id

metav1.Condition

string

Condition provides the current condition of this Internet Gateway.

Id is the AWS Internet Gateway ID.

NatGatewayStatus

condition

id

elasticIp

zone

metav1.Condition

string

Condition provides the current condition of this NAT Gateway.

Id is the AWS NAT Gateway ID.

ElasticIp is the elastic IP associated with this NAT Gateway.

Zone is the availability zone where the NAT Gateway resides.

RouteTableStatus

condition

name

type

id

associations

routes

metav1.Condition

string

map[string]string

map[string]RouteStatus

Condition provides the current condition of this Route Table.

Name is the name of the Route Table.

Type specifies the type of the Route Table.

Id is the AWS Route Table ID.

Associations specifies the associated subnets.

Routes specifies the status of routes within this Route Table.

RouteStatus

condition

destination

metav1.Condition

string

Condition provides the current condition of this Route.

Destination is the CIDR block of the route.

IAM

Provides user management and policy control for AWS resources.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1

kind: Iam

metadata:

spec:

provider:

region: us-west-2

instanceProfile:

role: my-instance-role

tags:

Name: my-instance-profile

Environment: Dev

oidcProvider:

clientIdList:

– “example-client-id”

thumbprintList:

– “example-thumbprint”

url: “https://example-oidc-provider.com”

policy:

description: “This is my custom IAM policy.”

path: “/custom/”

statement:

– Effect: “Allow”

Action:

– “s3:GetObject”

Resource: “*”

tags:

Environment: Dev

role:

description: “This is my custom IAM role.”

path: “/custom/”

policy:

statement:

– Effect: “Allow”

Action:

– “s3:ListBucket”

Resource: “*”

policyArns:

– “arn:aws:iam::aws:policy/AdministratorAccess”

trustPolicy:

statement:

– Effect: “Allow”

Principal:

Service:

– “eks.amazonaws.com”

Action:

– “sts:AssumeRole”

tags:

Environment: Dev

user:

createAccessKey: true

path: “/custom/”

permissionsBoundary: “arn:aws:iam::aws:policy/ReadOnlyAccess”

policy:

statement:

– Effect: “Allow”

Action:

– “s3:PutObject”

Resource: “*”

tags:

Environment: Dev

userGroup:

path: “/custom/”

policy:

statement:

– Effect: “Allow”

Action:

– “ec2:DescribeInstances”

Resource: “*”

users:

– “my-user”

IAM Inputs

provider*

instanceProfile

oidcProvider

policy

role

user

userGroup

AwsProviderSpec

InstanceProfileSpec

OidcProviderSpec

IamPolicySpec

RoleSpec

UserSpec

UserGroupSpec

Provider specifies the AWS provider settings for IAM.

InstanceProfile specifies the AWS instance profile.

OidcProvider specifies the OpenID Connect provider settings.

Policy specifies the IAM policy settings.

Role specifies the IAM role settings.

User specifies the IAM user settings.

UserGroup specifies the IAM user group settings.

InstanceProfileSpec

name*

role*

tags

string

map[string]string

Name is the name of the instance profile.

Role is the IAM role associated with this instance profile.

Tags are metadata to assign to the Instance Profile.

OidcProviderSpec

clientIdList*

thumbprintList*

url*

[]string

string

ClientIdList specifies the list of client IDs for the OIDC identity provider.

ThumbprintList specifies the list of thumbprints of the OIDC identity provider's server certificate(s).

Url is the URL of the OIDC identity provider.

IamPolicySpec

name

description

path

Statement*

tags

string

[]apiext.JSON

map[string]string

Name is the name of the policy.

Description is the description of the policy.

Path is the optional path of the policy.

Statement is the list of policy statements.

Tags are metadata to assign to the policy.

RoleSpec

name*

description

path

policy

policyArns

sessionDuration

trustPolicy*

tags

string

IamPolicySpec

[]string

int32

IamPolicySpec

map[string]string

Name is the name of the role.

Description is the description of the role.

Path is the optional path of the role.

Policy is the inline policy for the role.

PolicyArns is the list of policy ARNs attached to the role.

SessionDuration is the maximum session duration for the role.

TrustPolicy is the trust relationship policy for the role.

Tags are metadata to assign to the role.

UserSpec

name*

createAccessKey

path

permissionsBoundary

policy

policyArns

tags

string

bool

string

IamPolicySpec

[]string

map[string]string

Name is the name of the user.

CreateAccessKey indicates whether to create an access key for the user.

Path is the optional path of the user.

PermissionsBoundary is the permissions boundary for the user.

Policy is the inline policy for the user.

PolicyArns is the list of policy ARNs attached to the user.

Tags are metadata to assign to the user.

UserGroupSpec

name*

path

policy

policyArns

users

string

IamPolicySpec

[]string

Name is the name of the user group.

Path is the optional path of the user group.

Policy is the inline policy for the user group.

PolicyArns is the list of policy ARNs attached to the user group.

Users are the IAM users that are members of this user group.

IAM Outputs

condition

instanceProfile

oidcProvider

policy

role

user

userGroup

metav1.Condition

InstanceProfileStatus

OidcProviderStatus

PolicyStatus

RoleStatus

UserStatus

UserGroupStatus

Condition provides the current status condition of the IAM resources.

InstanceProfile reports the status of the AWS instance profile.

OidcProvider reports the status of the OpenID Connect provider.

Policy reports the status of the IAM policy.

Role reports the status of the IAM role.

User reports the status of the IAM user.

UserGroup reports the status of the IAM user group.

InstanceProfileStatus

condition

arn

name

role

metav1.Condition

string

Condition provides the current condition of this Instance Profile.

Arn is the Amazon Resource Name (ARN) for this Instance Profile.

Name is the name of the Instance Profile.

Role is the IAM role associated with this Instance Profile.

OidcProviderStatus

condition

arn

role

metav1.Condition

string

Condition provides the current condition of this OIDC Provider.

Arn is the Amazon Resource Name (ARN) for this OIDC Provider.

Url is the URL of the OIDC Provider.

PolicyStatus

condition

arn

name

version

metav1.Condition

string

Condition provides the current condition of this Policy.

Arn is the Amazon Resource Name (ARN) for this Policy.

Name is the name of the Policy.

Version is the version of the Policy.

RoleStatus

condition

arn

name

metav1.Condition

string

Condition provides the current condition of this Role.

Arn is the Amazon Resource Name (ARN) for this Role.

Name is the name of the Role.

UserStatus

condition

arn

name

accessKey

secret

metav1.Condition

string

Condition provides the current condition of this User.

Arn is the Amazon Resource Name (ARN) for this User.

Name is the name of the User.

AccessKey is the access key for this User.

SecretKey is the secret key for this User.

UserGroupStatus

condition

arn

name

users

metav1.Condition

string

[]string

Condition provides the current condition of this User Group.

Arn is the Amazon Resource Name (ARN) for this User Group.

Name is the name of the User Group.

Users are the IAM users that are members of this User Group.

RDS

A managed relational database service that supports multiple database engines.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1

kind: Rds

metadata:

spec:

provider:

region: us-west-2

globalCluster:

engine: “aurora”

engineVersion: “5.7”

clusters:

myCluster1:

provider:

region: us-west-2

engine: “aurora-mysql”

engineVersion: “5.7”

username: “root”

password: “rootpass”

storageEncrypted: true

backupRetentionPeriod: 7

availabilityZones:

– “us-west-2a”

– “us-west-2b”

instances:

instance1:

tags:

Name: “myInstance1”

Environment: “Dev”

parameterGroup:

parameters:

time_zone: “UTC”

family: “mysql”

subnetGroup:

subnets:

– “subnet-abc123”

– “subnet-def456”

tags:

Name: “myCluster1”

Environment: “Dev”

myCluster2:

provider:

region: us-west-2

engine: “aurora-postgresql”

engineVersion: “10”

username: “postgres”

password: “postgrespass”

storageEncrypted: true

backupRetentionPeriod: 7

availabilityZones:

– “us-west-2a”

– “us-west-2b”

parameterGroup:

parameters:

max_connections: “100”

family: “postgres”

subnetGroup:

subnets:

– “subnet-ghi789”

– “subnet-jkl012”

tags:

Name: “myCluster2”

Environment: “Prod”

RDS Inputs

provider*

globalCluster

clusters*

AwsProviderSpec

GlobalClusterSpec

map[string]*RdsClusterSpec

Provider specifies the AWS provider settings.

GlobalCluster specifies the global cluster settings.

Clusters specifies the cluster settings.

GlobalClusterSpec

engine*

engineVersion

string

Engine specifies the database engine.

EngineVersion specifies the database engine version.

RdsClusterSpec

provider*

engine*

engineVersion

username*

password*

storageEncrypted*

backupRetentionPeriod*

availabilityZones*

instances

parameterGroup*

subnetGroup*

tags

AwsProviderSpec

string

bool

int32

string

map[string]*RdsInstanceSpec

ParameterGroupSpec

SubnetGroupSpec

map[string]string

Provider specifies the AWS provider settings for the cluster.

Engine specifies the database engine.

EngineVersion specifies the database engine version.

Username specifies the database username.

Password specifies the database password.

StorageEncrypted specifies whether the database storage is encrypted.

BackupRetentionPeriod specifies the number of days to retain backups.

AvailabilityZones specifies the availability zones to deploy the cluster.

Instances specifies the database instances.

ParameterGroup specifies the database parameter group.

SubnetGroup specifies the database subnet group.

Tags specifies the database tags.

RdsInstanceSpec

class*

tags

string

map[string]string

Class specifies the database instance class.

Tags specifies the database instance tags.

ParameterGroupSpec

parameters

family*

map[string]string

string

Parameters specifies the database parameter group parameters.

Family specifies the database parameter group family.

SubnetGroupSpec

subnets*

string

Subnets specifies the database subnet group subnets.

RDS Outputs

globalCluster

clusters

GlobalClusterStatus

map[string]RdsClusterStatus

Status provides current condition of global cluster if it exists

Status provides current condition of clusters if they exist

GlobalClusterStatus

condition

identifier

arn

metav1.Condition

string

Condition provides current condition of global cluster

Identifier provides the global cluster identifier

Arn provides the global cluster ARN

RdsClusterStatus

condition

identifier

arn

endpoint

readerEndpoint

instances

parameterGroup

subnetGroup

metav1.Condition

string

map[string]RdsInstanceStatus

ParameterGroupStatus

SubnetGroupStatus

Condition provides current condition of cluster

Identifier provides the cluster identifier

Arn provides the cluster ARN

Endpoint provides the cluster endpoint

ReaderEndpoint provides the cluster reader endpoint

Instances provides the current condition of instances if they exist

ParameterGroup provides the current condition of parameter group

SubnetGroup provides the current condition of subnet group

RdsInstanceStatus

condition

arn

metav1.Condition

string

Condition provides current condition of instance

Arn provides the instance ARN

ParameterGroupStatus

condition

arn

metav1.Condition

string

Condition provides current condition of parameter group

Arn provides the parameter group ARN

SubnetGroupStatus

condition

arn

metav1.Condition

string

Condition provides current condition of subnet group

Arn provides the subnet group ARN

KMS

A secure and resilient service that helps you manage cryptographic keys for your applications.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1

kind: Kms

metadata:

spec:

provider:

region: us-west-2

aliases:

– my-kms-alias1

– my-kms-alias2

description: “This is my KMS key for application X”

policy:

Version: “2012-10-17”

Statement:

– Sid: “Allow administration of the key”

Effect: “Allow”

Principal:

AWS: “arn:aws:iam::account-ID-without-hyphens:root”

Action:

– “kms:Create*”

– “kms:Describe*”

– “kms:Enable*”

– “kms:List*”

– “kms:Put*”

– “kms:Update*”

– “kms:Revoke*”

– “kms:Disable*”

– “kms:Get*”

– “kms:Delete*”

– “kms:TagResource”

– “kms:UntagResource”

– “kms:ScheduleKeyDeletion”

– “kms:CancelKeyDeletion”

Resource: “*”

replicas:

us-east-1:

aliases:

– my-kms-replica-alias1

– my-kms-replica-alias2

us-west-1:

aliases:

– my-kms-replica-alias3

– my-kms-replica-alias4

KMS Inputs

provider*

aliases

description

policy

replicas

AwsProviderSpec

[]string

string

map[string]apiext.JSON

map[string]KmsReplicaSpec

Provider specifies the AWS provider settings for this KMS key.

Aliases are the aliases to be mapped to the KMS key.

Description is the description of the KMS key.

Policy defines the policy for the KMS key.

Replicas specifies the regions where replicas of this KMS key should exist.

KmsReplicaSpec

aliases

[]string

Aliases are the aliases to be mapped to the replica KMS key.

KMS Outputs

condition

keyId

region

aliases

replicas

metav1.Condition

string

[]KmsAliasStatus

map[string]KmsReplicaStatus

Condition provides the current condition of this KMS key.

KeyId is the AWS KMS key ID.

Region is the AWS region where this key exists.

Aliases provides the status of each alias for this KMS key.

Replicas provides the status of each replica for this KMS key.

KmsAliasStatus

condition

name

metav1.Condition

string

Condition provides the current condition of this alias.

Name is the alias name.

KmsReplicaStatus

condition

keyId

region

aliases

metav1.Condition

string

[]KmsAliasStatus

Condition provides the current condition of this replica KMS key.

KeyId is the AWS KMS key ID for this replica.

Region is the AWS region where this replica key exists.

Aliases provides the status of each alias for this replica KMS key.

EC2

Use Amazon EC2 for scalable computing capacity in the AWS Cloud so you can develop and deploy applications without hardware constraints.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1
kind: Ec2
metadata:
labels:
app.kubernetes.io/name: ec2
app.kubernetes.io/instance: ec2-sample
app.kubernetes.io/part-of: switchblade
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: switchblade
name: ec2-sample

spec:
provider:
region: us-east-1
securityGroup:
name: group222
vpcId: vpc-0af6dca97ac881d3a
tags:
tag: tag
egress:
– fromPort: 30
protocol: All
toPort: 40
cidrBlocks:
– 10.0.0.0/16
ingress:
– fromPort: 60
toPort: 80
protocol: TCP
cidrBlocks:
– 0.0.0.0/16
instance:
imageId: ami-0889a44b331db0194
instanceType: t3.medium
keyName: boundless
securityGroupIds:
– sg-0b79d8f04392685b1
– sg-0b5c5f55df36fe031
subnetId: subnet-074934a8420fbae54
tags:
Project: MyProject
volumes:
– deviceName: /dev/sda1
volumeSize: 200
volumeId: vol-0e47a6a740b5fef5d
volumeType: gp2
deleteOnTermination: true
loadBalancer:
name: “example-load-balancer222”
scheme: “internet-facing”
type: “application”
instanceId: i-0a7f6bf3834d3a200
subnets:
– subnet-074934a8420fbae54
– subnet-08b3e56bd0402bdbb
– subnet-074934a8420fbae54
securityGroups:
– sg-0b79d8f04392685b1
– sg-0e8853e4e5c0cbfab
tags:
tagKey1: “tagValue1”
targetGroup:
name: “example-target-group2222”
port: 80
tags:
tagKey1: “tagValue1”
protocol: “HTTP”
vpcId: vpc-0af6dca97ac881d3a
targetType: “instance”
healthCheck:
protocol: “HTTP”
port: “traffic-port”
path: “/”
intervalSeconds: 30
timeoutSeconds: 5
healthyThreshold: 5
unhealthyThreshold: 2
successCodes: “200-299”

EC2 Inputs

provider

instance

securrityGroup

loadBalancer

targetGroup

AwsProviderSpec

Ec2InstanceSpec

SecurityGroupSpec

LoadBalancerSpec

TargetGroupSpec

Provider specifies the AWS provider settings for this EC2 instance.

Instance specifies the EC2 instance details. Optional.

SecurityGroup specifies the security group settings. Optional.

LoadBalancer specifies the load balancer settings. Optional.

TargetGroups specifies the target groups for the load balancer.

SecurityGroupSpec

name

vpcId

egress

ingress

ipProtocol

tags

string

[]SecurityGroupRuleConfig

string

map[string]string

Name specifies the name of the security group.

VpcId specifies the VPC ID where the security group should be created.

Egress specifies the egress rules.

Ingress specifies the ingress rules.

IpProtocol specifies the IP protocol to use.

Tags are metadata to assign to the security group.

SecurityGroupRuleConfig

fromPort

toPort

Protocol

cidrBlocks

int32

string

[]string

FromPort specifies the starting port for the rule.

ToPort specifies the ending port for the rule.

Protocol specifies the protocol used in the rule.

CidrBlocks specifies the CIDR blocks for the rule

Ec2InstanceSpec

name

imageId

instanceType

tags

keyName

securityGroupIds

subnetId

volumes

userData

instanceProfileArn

publicKey

targetGroupArn

string

map[string]string

string

[]volumeSpec

string

Name specifies the name of the EC2 instance.

ImageId specifies the AMI ID for the EC2 instance.

InstanceType specifies the instance type.

Tags are metadata to assign to the EC2 instance.

KeyName specifies the key pair name.

SecurityGroupIds specifies the IDs of the security groups.

SubnetId specifies the subnet ID for the EC2 instance.

Volumes specifies the volumes to attach to the EC2 instance.

UserData specifies the user data to pass to the EC2 instance.

InstanceProfileArn specifies the ARN of the IAM instance profile.

PublicKey specifies the public key for the EC2 instance.

TargetGroupArn specifies the ARN of the target group.

VolumeSpec

deviceName

deleteOnTermination

volumeSize

volumeType

volumeId

string

bool

int32

string

DeviceName specifies the device name for this volume.

DeleteOnTermination specifies whether the volume should be deleted upon instance termination.

VolumeSize specifies the size of the volume.

VolumeType specifies the type of the volume.

VolumeId specifies the ID of the EBS volume.

LoadBalancerSpec

name

type

subnets

securityGroups

scheme

instanceId

tags

string

[]string

string

map[string]string

Name specifies the name of the load balancer.

Type specifies the type of the load balancer.

SecurityGroups specifies the security groups for the load balancer.

Scheme specifies the scheme for the load balancer.

InstanceId specifies the instance ID for the load balancer.

Tags are metadata to assign to the load balancer.

EC2 Outputs

Status

Instance

SecurityGroup

LoadBalancer

TargetGroup

Ec2InstanceStatus

SecurityGroupStatus

LoadBalancerStatus

TargetGroupStatus

Instance state

Security group state

load balancer state

target group state

SecurityGroupStatus

Condition

Name

Arn

Id

metav1.Condtion

string

Condition indicates the condition of the security group.

Name specifies the name of the security group.

Arn specifies the Amazon Resource Name of the security group.

Id specifies the ID of the security group.

LoadBalancerStatus

Condition

Name

Arn

Id

ListenerArns

metav1.Condtion

string

[]string

Condition indicates the condition of the load balancer.

Name specifies the name of the load balancer.

Arn specifies the Amazon Resource Name of the load balancer.

Id specifies the ID of the load balancer.

ListenerArns specifies the ARNs of the listeners.

TargetGroupStatus

Condition

Name

Arn

Id

metav1.Condtion

string

Condition indicates the condition of the target group.

Name specifies the name of the target group.

Arn specifies the Amazon Resource Name of the target group.

Id specifies the ID of the target group.

S3

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1
kind: S3
metadata:
labels:
app.kubernetes.io/name: s3
app.kubernetes.io/instance: s3-akhil
app.kubernetes.io/part-of: switchblade
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: switchblade
name: s3-akhil
annotations:
s3.aws.boundless.software/import.s3.Arn: arn:aws:s3:::my-akhil-s3-bucket
spec:
provider:
region: us-east-1
bucket:
bucketName: my-akhil-s3-bucket
locationConstraint: “us-west-2”
acl: “private”
encryptionKeyARN: arn:aws:kms:us-east-1:818674127672:key/1a7b98d6-0b3a-458f-84cc-9dc70780d373
tags:
environment: “test”
epic: “true”
bucketPolicy:
Version: 2012-10-17
Statement:
– Sid: PublicReadGetObject
Effect: Allow
Principal:
AWS: “*”
Action:
– s3:GetObject
– s3:PutObject
– s3:DeleteObject
Resource: arn:aws:s3:::my-akhil-s3-bucket/*
website:
IndexDocument: “index.html”
ErrorDocument: “error.html”

S3 Inputs

Spec

Provider

Bucket

AwsProviderSpec

S3BucketSpec

bucketName

encryptionKeyARN

bucketPolicy

website

locationConstraint

acl

tags

string

S3BucketPolicy

S3BucketWebsite

string

map[string]string

Name of the S3 bucket.

ARN of the encryption key.

bucket policy configuratio.

website configuration for the bucket.

location constraint.

access control list.

key-value pair tags.

S3BucketPolicy

version

statement

string

[]S3BucketPolicyAction

Version of the policy.

List of policy actions.

S3BucketWebsite

indexDocument

errorDocument

string

The index document for the website.

The Error document for the website.

S3BucketPolicyAction

sid

effect

principal

action

resource

string

map[string]string

[]string

string

Statement ID.

Effect (Allow/Deny).

The principal the policy applies to.

The action to take.

The resource to apply the action to.

S3 Outputs

S3Status

Condition

Arn

Name

EncryptionKeyARN

Policy

Website

metav1.Condition

string

S3BucketPolicy

S3BucketWebsite

The condition of the s3 bucket

The ARN of the S3 bucket.

The name of the bucket.

The ARN of the encryption key.

The policy applied to the bucket.

The website configuration of the bucket.

S3Status

Condition

Arn

Name

EncryptionKeyARN

Policy

Website

metav1.Condition

string

S3BucketPolicy

S3BucketWebsite

The condition of the s3 bucket

The ARN of the S3 bucket.

The name of the bucket.

The ARN of the encryption key.

The policy applied to the bucket.

The website configuration of the bucket.

Route 53

Amazon Route 53 is a highly available and scalable cloud domain name system (DNS) service. Enables to customize DNS routing policies to reduce latency.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1
kind: Route53
metadata:
labels:
app.kubernetes.io/name: route53
app.kubernetes.io/instance: route53-sample
app.kubernetes.io/part-of: switchblade
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: switchblade
name: route53-sample
spec:
provider:
region: us-east-1
zone:
name: kurtzone30.com
records:
kurt3.kurtzone30.com:
type: A
ttl: 200
weight: 3
records:
– 192.0.0.235
cname.kurtzone30.com:
type: CNAME
ttl: 200
location: AF
records:
– kurt1.kurtzone30.com
txt22.kurtzone30.com:
type: TXT
ttl: 200
failover: SECONDARY
records:
– “test22”
akhil.kurtzone30.com:
type: MX
ttl: 200
records:
– 10 inbound-smtp.region.amazonaws.com

Route 53 Inputs

Spec

Provider

Records

Zone

AwsProviderSpec

map[string]Route53RecordSpec

Route53ZoneSpec

Provider for the resources

Defines the records to be created within your zone

Specifies how the zone will be created

Route53ZoneSpec

Name

string

Name for the zone

Route53RecordSpec

isAlias

dnsName

records

ttl

type

weight

location

region

failover

mulitValueAnswer

ipBased

bool

string

[]string

int32

string

int32

string

bool

string

Defines if the record is an alias

DNS name for the record

defines the values to be used for the record

defines the ttl for the record

defines the type of record

Optional to be used for weighted records

Optional for location based records

Optional for regional records

Optional for failover records

Optional for multivalue records

Optional for IPbased records

Route 53 Outputs

Route53Status

Records

Zone

map[string]Route53RecordStatus

Route53ZoneStatus

Specifies the state of the records

Specifies the state of the zone

Route53ZoneStatus

Condtion

Id

Nameservers

metav1.condition

string

[]string

Observes the condition of the resource

The Id of the zone

the nameservers used by the zone

Route53RecordStatus

Condition

IsAlias

Type

Values

SetIdentifier

TTL

Zone

Spec

metav1.condition

bool

string

[]string

string

int32

string

Route53RecordSpec

Observes the condition of the resource

Specifies if the record is an alias

specifies the type

specifies the values

specifies the set identifier

observes the ttl

shows the zone the record belongs to

records how it was created

OpenSearch

OpenSearch is a family of software consisting of a search engine, and OpenSearch Dashboards, a data visualization dashboard for that search engine.

Example yaml file:

apiVersion: aws.boundless.software/v1alpha1

kind: OpenSearch

metadata:

labels:

app.kubernetes.io/name: opensearch

app.kubernetes.io/instance: opensearch-sample

app.kubernetes.io/part-of: switchblade

app.kubernetes.io/managed-by: kustomize

app.kubernetes.io/created-by: switchblade

spec:

provider:

region: us-east-1

collection:

type: VECTORSEARCH

networkPolicy:

– rules:

– resourceType: dashboard

resources:

– tst

– resourceType: collection

resources:

– name7

accessPolicy:

– principals:

– arn:aws:iam::818674127672:role/org-admin

rules:

– resourceType: collection

permissions:

– aoss:DeleteCollectionItems

resources:

– name7

encryptionPolicy:

kmsKeyArn: arn:aws:kms:us-east-1:818674127672:key/b4543d4d-84a7-465f-b8ff-16721fa10f29

rules:

– resourceType: collection

resources:

– name7

– test

domain:

vpcId: vpc-0af6dca97ac881d3a

volumeSize: 100

iamArn: arn:aws:iam::818674127672:role/org-admin

clusterConfig:

instanceType: r6g.large.search

instanceCount: 2

masterNodeCount: 2

masterNodeType: m6g.large.search

vpcConfig:

subnetIds:

– subnet-0127e31fd3eda2cb7

securityGroupIds:

– sg-0b79d8f04392685b1

OpenSearch Inputs

Spec

provider

domain

collection

AwsProviderSpec

DomainSpec

CollectionSpec

Provider specifies the AWS provider settings for this OpenSearch domain. Required.

Domain specifies the OpenSearch domain settings. Optional

CollectionSpec specifies the OpenSearch collection settings. Optional

CollectionSpec

name

type

accessPolicy

networkPolicy

encryptionPolicy

tags

string

[]AccessRuleSpec

[]NetworkRuleSpec

encryptionPolicySpec

map[string]string

Name for the collection. Required

Type of the collection. Required

The spec for the access policy. Optional

The Spec for the network policy. Optional

The spec for the encryption policy. Optional

Tags for the collection. Optional

AccessRuleSpec

principals

rules

[]string

[]ruleSpec

Principals specifies the principals to be authorized to access the collection. Required.

List of rules to be applied to the access policy. Required.

RuleSpec

resourceType

resources

permissions

string

[]string

The resource type to be given permissions. Required.

The resources to be given permissions. Required

The list of permission to be applied to the resources. Required for access policy.

NetworkRuleSpec

rules

vpcEndpoint

[]RuleSpec

string

The Rules to be applied to the network policy. Required

The vpc endpoint to be used by the network policy rule. Optional

EncryptionPolicySpec

rules

KmsKeyArn

[]RuleSpec

string

The Rules to be applied to the encryption policy. Required

The kmskey to be used to encrypt the collection. Optional

DomainSpec

name

vpcId

iamArn

volumeSize

clusterConfig

vpcConfig

tags

string

int32

ClusterConfig

VPCConfig

map[string]string

Name of the opensearch domain. Required

VpcId is the id of the vpc to be used by the domain. Required

The arn of the role to be used by the domain. Required.

Size of the volume to be used by the domain. Required.

The configuration of the domain cluster. Optional.

The vpc configuration of the domain. Optional.

tags to be applied to the domain.

VPCConfig

subnetIds

securityGroupIds

[]string

The subnet Ids to be used by the domain. Optional

The securityGroupIds to be used by the domain. Optional

ClusterConfig

instanceType

instanceCount

masterNodeCount

masterNodeType

string

int32

string

The type of the instances for the domain. Required.

The number of instances for the domain. Required.

The number of master node. Required.

The type of master nodes. Required.

OpenSearch Outputs

Status

Domain

Collection

DomainStatus

CollectionStatus

The current status of the Domain.

The current status of the collection.

DomainStatus

Collection

Arn

Name

Endpoint

metav1.Condition

string

The condition of the Domain

The Arn of the domain

Name of the domain

Endpoint of the domain

CollectionStatus

Condition

Arn

AccessPolicy

EncryptionPolicy

NetworkPolicy

Id

Name

metav1.Condition

string

AccessPolicyStatus

EncryptionPolicyStatus

NetworkPolicyStatus

string

The condition of the collection

The Arn of the collection

The status of the access policy

the status of the encryption policy

The status of the network policy

The Id of the collection

The name of the collection

NetworkPolicyStatus

Condition

Name

Arn

PolicyVersion

metav1.Condition

string

The condition of the network policy

The name of the network policy

The Arn of the network policy

The version of the network policy

AccessPolicyStatus

Condition

Name

Arn

PolicyVersion

metav1.Condition

string

The condition of the Access policy

The name of the Access policy

The Arn of the Access policy

The version of the Access policy

EncryptionPolicyStatus

Condition

Name

Arn

PolicyVersion

metav1.Condition

string

The condition of the Encryption policy

The name of the Encryption policy

The Arn of the Encryption policy

The version of the Encryption policy

Azure

AzureProviderSpec

Region

string

The region to create your resources in. Required.

Resource Group

A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.

Example yaml file:

apiVersion: azure.boundless.software/v1alpha1

kind: ResourceGroup

metadata:

spec:

provider:

region: eastus

Resource Group Inputs

ResourceGroupSpec

Provider

Name

Tags

AzureProviderSpec

string

map[string]string

The provider for the resource group. Required.

The name of the resource group. Required.

The tags for the resource group. Optional

Resource Group Outputs

ResourceGroupStatus

Condition

Name

Id

metav1.Condition

string

The condition of the resource group

The name of the resource group

The Id of the resource group

EntraID

Microsoft Entra ID is a cloud-based identity and access management service that enables your employees access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Example yaml file:

apiVersion: azure.boundless.software/v1alpha1

kind: EntraID

metadata:

spec:

provider:

region: eastus

user:

displayName: “Test User”

mailNickname: “TestUser”

passwordProfile:

password: “Password123!”

group:

displayName: “TestGroup”

mailNickname: “TestGroup”

groupType: “Microsoft 365”

enterpriseApplication:

displayName: “TestApp”

EntraID Inputs

EntraIDSpec

Provider

User

Group

EnterpriseApplication

AzureProviderSpec

AzureUserSpec

AzureGroupSpec

AzureEnterpriseAppSpec

The Provider for the EntraID resources. Required.

The spec for the user. Optional.

The spec for the group. Optional.

The spec for the EnterpriseApp. Optional.

AzureUserSpec

DisplayName

MailNickname

Domain

AccountEnabled

PasswordProfile

AssignedRoles

string

bool

AzureUserPasswordProfileSpec

[]string

The display name for the user. Required.

The mailnickname for the user. Required.

The domain for your user to be created in. Optional, if empty default domain name is used.

Wether or not the account is enabled. Optional, defaults to true.

The password profile for the user. Required.

The roles to be assigned to the user. Optional.

AzureUserPasswordProfileSpec

Password

ForceChangePasswordNextLogin

string

bool

The password for the user. Required.

Wether or not the user must reset their password on the next login. Optional, defaults to true.

AzureGroupSpec

DisplayName

MailNickname

SecurityEnabled

MailEnabled

GroupType

Description

Members

AssignedRoles

string

bool

string

[]MemberSpec

[]string

The display name for the group. Required.

The mailnickname for the group. Required.

Wether or not security is enabled. Optional.

Wether or not mail is enabled. Optional.

The type for the group. Acceptable inputs are "Microsoft 365" and "security"

The description for the group. Optional.

The user ids to be assigned to the group. Optional.

The roles to be assigned to the group. Optional.

MemberSpec

Name

Id

string

The name of the user. Optional (must supply name or id)

The id of the user. Optional (must supply name or id)

AzureEnterpriseApplicationSpec

Displayname

AssignedRoles

string

[]string

The display name of the enterprise application. Required.

The roles to be assigned to the enterprise application. Optional.

EntraID Outputs

EntraIDStatus

Condition

User

Group

EnterpriseApplication

metav1.Condition

AzureUserStatus

AzureGroupStatus

AzureEnterpriseApplicationStatus

The condition of the entra id resources

The status of the user

The status of the Group

The status of the enterprise app

AzureUserStatus

Condition

DisplayName

MailNickame

UserPrincipalName

Id

AssignedRoles

metav1.Condition

string

[]AssignedRole

The condition of the User

The display name of the User

The mail nickname of the user

The UserPrincipalName of the User

The User id

The roles assigned to the User

AssignedRole

Name

string

The name of the role

AzureGroupStatus

Condition

DisplayName

MailNickname

Members

Id

AssignedRoles

metav1.Condition

string

map[string]MemberStatus

string

[]AssignedRole

The condition of the group

The display name of the group

The mail nickname of the group

The Members of the group

The id of the group

The roles assigned to the group

AzureEnterpriseApplicationStatus

Condition

Name

AppId

Id

ServicePrincipal

Key

Roles

metav1.Condition

string

ServicePrincipalStatus

KeyStatus

[]AssignedRole

The condition of the app

The name of the app

The appId of the app

The id of the app

The status of service principal of the app

The status of the keys associated with the app

The roles assigned to the app

KeyStatus

Name

Id

string

The name of the key

The id of the key

ServicePrincipalStatus

Name

AppId

Id

string

The name of the service principal

The app id of the service principal

The Id of the service principal

OpenAI

Azure OpenAI Service offers industry-leading coding and language AI models that you can fine-tune to your specific needs for a variety of use cases.

Example yaml file:

apiVersion: azure.boundless.software/v1alpha1

kind: OpenAI

metadata:

spec:

provider:

region: eastus2

resourceGroup: newOpenAi

OpenAI Inputs

OpenAISpec

Provider

ResourceGroup

Deployments

Networking

PrivateEndpoints

Tags

AzureProviderSpec

string

map[string]DeploymentSpec

NetworkingSpec

[]PrivateEndpointSpec

map[string]string

The provider for the OpenAI resources. Required.

The resource group for the OpenAI resources. Required.

The model deployments inside the account. Optional.

The networking config for the account. Optional.

The private endpoints for the account. Optional.

The tags for the account. Optional.

NetworkingSpec

PrivateAccessOnly

IpRules

SubnetIDs

bool

[]string

Decides wether or not the account can only be accessed by private endpoints. Optional.

The IP rules for the account. Optional.

The subnets to be routed to through the internet. Optional.

DeploymentSpec

Version

Model

TokenRateLimit

string

int32

The version for the deployment. Required.

The model of the deployment. Required.

The token rate limit for the deployment. Optional.

PrivateEndpointSpec

SubnetID

Location

string

The subnet ID for the private endpoint. Required.

The location of the subnet. Required.

OpenAI Outputs

OpenAIStatus

Condition

ResourceGroup

Deployments

PrivateEndpoints

Networking

Location

Name

ID

Endpoint

Keys

metav1.Condition

string

map[string]DeploymentStatus

map[string]PrivateEndpointStatus

NetworkingStatus

string

KeysStatus

The condition of the Account.

The resource group used by the OpenAI resources.

The current deployment status in the account.

The status of the private endpoints in the account.

The networking status of the account.

The location the account was created in.

The name of the account.

The ID of the account.

The public endpoint of the account.

The access keys of the account.

PrivateEndpointStatus

Condition

ID

CustomDNSIPAddress

SubnetId

Location

PrivateLinkServiceConnectionName

CustomNetworkInterfaceName

metav1.Condition

string

The condition of private endpoint.

The id of the private endpoint.

The IP of the endpoint.

The subnet id of the endpoint

The location of the subnet and endpoint.

The name of the private link service connection name

The name of the custom network interface name.

NetworkingStatus

PrivateAccessOnly

IpRules

SubnetIDs

bool

[]string

The current status of wether or not the account is only accessable by private endpoint.

The IP rules of the account.

The subnet ids linked with the account by the internet.

KeysStatus

PrimaryKey

SecondaryKey

string

The primary key of the openai account.

The secondary key of the openai account.

DeploymentStatus

Condition

ID

Version

Model

TokenRateLimit

metav1.Condition

string

int32

The condition of the deployment.

The id of the deployment.

The version of the deployment.

The model of the deployment.

The token rate limit of the deployment.

Virtual Network

Azure Virtual Network is a service that provides the fundamental building block for your private network in Azure.

Example yaml file:

apiVersion: azure.boundless.software/v1alpha1

kind: VirtualNetwork

metadata:

spec:

provider:

region: eastus

cidrBlock: “10.1.0.0/16”

resourceGroupName: resourcegroup-sample

subnets:

– name: privatesubnet1

cidrBlock: “10.1.128.0/24”

type: “private”

– name: privatesubnet2

cidrBlock: “10.1.160.0/24”

type: “private”

Virtual Network Inputs

VirtualNetworkSpec

Provider

CidrBlock

AddressSpace

ResourceGroupName

Subnets

NatGateway

NetworkSecurityGroups

RouteTables

DdosProtectionPlan

Peers

Tags

[]string

AzureProviderSpec

string

[]SubnetSpec

NatGatewaySpec

[]NetworkSecurityGroupSpec

[]RouteTableSpec

string

[]PeerSpec

map[string]string

The provider of the virtual network resources. Required.

The cidr block for the virtual network. Required.

The address space for the virtual network. Optional

The resource group to be used by the virtual network resources. Required.

The subnets for the virtual network. Optional.

The nat gateway for the virtual network. Optional.

The network security groups for the virtual network. Optional.

The route table for the virtual network. Optional.

The ddos protection plan for the virtual network. Optional.

The peers for the virtual network. Optional.

The tags for the virtual network. Optional.

PeerSpec

Name

RemoteVirtualNetworkID

AllowForwardedTraffic

AllowGatewayTransit

AllowVirtualNetworkAccess

RemoteAllowForwardedTraffic

RemoteAllowGatewayTransit

RemoteAllowVirtualNetworkAccess

string

bool

Name is the name of the VNet peering connection. Required.

RemoteVirtualNetworkID is the ID of the remote VNet. Required.

AllowForwardedTraffic specifies whether the local VNet allows forwarded traffic. Required.

AllowGatewayTransit specifies whether the local VNet allows gateway transit. Required.

AllowVirtualNetworkAccess specifies whether the local VNet allows access to the remote VNet. Required.

RemoteAllowForwardedTraffic specifies whether the remote VNet allows forwarded traffic. Required.

RemoteAllowGatewayTransit specifies whether the remote VNet allows gateway transit. Required.

RemoteAllowVirtualNetworkAccess specifies whether the remote VNet allows access to the local VNet. Required.

NetworkSecurityGroupSpec

Name

SecurityRules

Subnets

Tags

string

[]SecurityRuleSpec

[]string

map[string]string

Name is the name of the Network Security Group. Required.

SecurityRules are the security rules associated with this Network Security Group. Required.

Subnets specifies the associated subnets. Required.

Tags are metadata to assign to the Network Security Group. Optional.

NetworkSecurityGroupSpec

Name

Description

DestinationAddressPrefix

DestinationPortRange

SourceAddressPrefix

SourcePortRange

Priority

Access

Protocol

Direction

string

bool

string

Name is the name of the security rule. Required.

Description is the description of the security rule. Optional.

DestinationAddressPrefix is the CIDR block of the destination. Optional.

DestinationPortRange is the port range of the destination. Optional.

SourceAddressPrefix is the CIDR block of the source. Optional.

SourcePortRange is the port range of the source. Optional.

Priority is the priority of the security rule. Optional.

Access is the access type of the security rule. Optional.

Protocol is the protocol of the security rule. Optional.

Direction is the direction of the security rule. Required.

SubnetSpec

Name

CidrBlock

Type

Zone

string

The name of the subnet. Required.

CidrBlock is the IPv4 network range for the subnet. Required.

Type specifies whether the subnet is public, private. Required.

Zone is the availability zone for the private subnet. Optional.

NatGatewaySpec

Zones

[]ZoneSpec

Zones are the availability zones for the NAT Gateway. Required.

ZoneSpec

Zone

Subnets

string

[]string

Zone is the availability zone for the NAT Gateway. Required.

Subnet is the subnet for the NAT Gateway. Required.

RouteTableSpec

Name

Routes

Subnets

Tags

string

[]RouteSpec

[]string

map[string]string

Name is the name of the Route Table. Required.

Routes specifies the routes to be added to this Route Table. Optional.

Subnets specifies the subnets associated with this Route Table. Optional.

Tags are metadata to assign to the Route Table. Optional.

RouteSpec

Destination

RouteTableId

NatGatewayId

TransitGatewayId

VpcEndpointId

VpcPeeringConnectionId

string

Destination specifies the CIDR block of the route. Required.

RouteTableId is the ID of the Route Table to which this route will be added. Required.

NatGatewayId is the ID of the NAT gateway. Optional.

TransitGatewayId is the ID of the transit gateway. Optional.

VpcEndpointId is the ID of the VPC endpoint. Optional.

VpcPeeringConnectionId is the ID of the VPC peering connection. Optional.

Virtual Network Outputs

VirtualNetworkStatus

Condition

Name

Id

DdosProtectionPlaneId

Peers

Subnets

NatGateways

RouteTables

NetworkSecurityGroups

metav1.Condtiion

string

map[string]PeerStatus

map[string]SubnetStatus

map[string]NatGatewayStatus

map[string]RouteTableStatus

map[string]NetworkSecurityGroupStatus

The condition of the virtual network.

The name of the virtual network.

The id of the virtual network.

The id of the ddos protection plan.

Peers provides the status of VNet peering connections.

Subnets provides the status of subnets within this VPC.

NatGateways provides the status of NAT gateways within this VPC.

The status of the route tables in the virtual network.

The network security groups status.

PeerStatus

Condition

Name

Id

RemoteId

metav1.Condtiion

string

Condition provides the current condition of this VNet peering connection.

Name is the name of the VNet peering connection.

Id is the Azure VNet peering connection ID.

RemoteId is the ID of the remote VNet.

NetworkSecurityGroupStatus

Condition

Id

Name

Tags

SecurityRules

Associations

metav1.Condtiion

string

map[string]string

[]string

map[string]string

Condition provides the current condition of this Network Security Group.

Id is the Azure Network Security Group ID.

Name is the name of the Network Security Group.

Tags are metadata assigned to the Network Security Group.

SecurityRules are the security rules associated with this Network Security Group.

Associations specifies the associated subnets.

SubnetStatus

Condition

CidrBlock

Id

Type

Zone

Name

Associations

Tags

metav1.Condtiion

string

map[string]string

Condition provides the current condition of this Subnet.

CidrBlock is the CIDR block of this Subnet.

Id is the Azure Subnet ID.

Type specifies whether the subnet is public, private, or isolated.

Zone is the availability zone where the subnet resides.

Name is the name of the subnet.

Associations specifies the associated subnets.

Tags are metadata assigned to the subnet.

NatGatewayStatus

Condition

Name

Id

PublicIP

Zone

Associations

metav1.Condtiion

string

map[string]string

Condition provides the current condition of this NAT Gateway.

Name is the name of the NAT Gateway.

Id is the Azure NAT Gateway ID.

PublicIp is the public IP associated with this NAT Gateway.

Zone is the availability zone where the NAT Gateway resides.

Associations specifies the associated subnets.

NatGatewayStatus

Condition

Name

Type

Id

Associations

Routes

metav1.Condtiion

string

map[string]string

map[string]RouteStatus

Condition provides the current condition of this Route Table.

Name is the name of the Route Table.

Type specifies the type of the Route Table.

Id is the Azure Route Table ID.

Associations specifies the associated subnets.

Routes specifies the status of routes within this Route Table.

NatGatewayStatus

Condition

Destination

metav1.Condtiion

string

Condition provides the current condition of this Route.

Destination is the CIDR block of the route.

Managed Identity

Managed identities for Azure resources provide Azure services with an automatically managed identity in Microsoft Entra ID.

Example yaml file:

apiVersion: azure.boundless.software/v1alpha1

kind: ManagedIdentities

metadata:

spec:

provider:

region: “eastus”

resourceGroup: resourcegroup-sample

Managed Identity Inputs

ManagedIdentitiesSpec

Provider

ResourceGroup

Tags

AzureProviderSpec

string

map[string]string

The provider for the managed identity resource. Required.

The resource group for the managed identity resource. Required.

The tags for the managed identity resource. Optional.

Managed Identity Outputs

ManagedIdentitiesStatus

Condition

Name

Id

metav1.condition

string

The condition of the managed identity resource.

The name of the managed identity resource.

The Id of the managed identity resource.

AKS

AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure.

Example yaml file:

apiVersion: azure.boundless.software/v1alpha1

kind: Aks

metadata:

spec:

provider:

region: “eastus”

resourceGroupName: “akhil-resourcegroup-sample”

sku:

tier: “Free”

identity:

type: “UserAssigned”

userAssignedIdentities:

– <user-assigned-identity-id>

properties:

kubernetesVersion: “1.27.9”

autoUpgradeProfile:

upgradeChannel: “Patch”

apiServerAccessProfile:

enablePrivateCluster: true

publicNetworkAccess: Enabled

networkProfile:

networkPlugin: “Kubenet”

networkPolicy: “Calico”

dnsPrefix: “aks”

enableRBAC: true

defaultAgentPool:

osSKU: “Ubuntu”

osType: “Linux”

availabilityZones:

– “1”

vmSize: “Standard_B2s”

scaleSetPriority: “Regular”

scaleSetEvictionPolicy: “Delete”

vnetSubnetID: <vnet-subnet-id>

spotMaxPrice: -1

maxPods: 30

enableNodePublicIP: false

nodeLabels:

environment: “production”

servicePrincipalProfile:

clientId: <service-principal-client-id>

secret: <service-principal-secret>

AKS Inputs

AksSpec

Provider

Name

ResourceGroupName

Tags

Sku

Identity

Properties

AgentPoolProfiles

AzureProviderSpec

string

map[string]string

ManagedClusterSKU

ManagedClusterIdentity

ManagedClusterProperties

AgentPoolProfileSpec

The provider of the AKS resources. Required.

The name of the AKS cluster. Required.

The resource group of the AKS resources. Required.

The tags of the AKS resources. Optional.

The SKU of the AKS resources. Required.

The identity of the AKS resources. Required.

The properties of the AKS cluster. Required.

The agent pools of the AKS cluster. Optional.

ManagedClusterSKU

Name

Tier

string

The name of the SKU for the AKS cluster. Required.

The tier of the SKU for the AKS cluster. Required.

ManagedClusterIdentity

Type

UserAssignedIdentities

string

[]string

The identity type for the AKS cluster. Required.

The user assigned identities for the AKS cluster. Optional.

ManagedClusterProperties

KubernetesVersion

AutoUpgradeProfile

APIServerAccessProfile

AddonProfiles

DiskEncryptionSetID

PublicNetworkAccess

NetworkProfile

DNSPrefix

ServicePrincipalProfile

EnableRBAC

AADProfile

DefaultAgentPool

LinuxProfile

WindowsProfile

string

ManagedClusterAutoUpgradeProfile

ManagedClusterAPIServerAccessProfile

map[string]*ManagedClusterAddonProfile

string

NetworkProfile

string

ManagedClusterServicePrincipalProfile

bool

ManagedClusterAADProfile

DefaultAgentPool

LinuxProfile

WindowsProfile

The kubernetes version for the AKS cluster. Required.

The auto upgrade profile for the AKS cluster. Optional.

The APIServerAccessProfile for the AKS cluster. Optional.

The addon profiles for the AKS cluster. Optional.

The disk encryption Id for the AKS cluster. Optional.

Decides wether or not the cluster will be publically accessable. Required.

The network profile for the AKS cluster. Optional.

The DNS prefix for the AKS cluster. Optional.

The service principal profile for the AKS cluster. Optional.

Decides wether or not RBAC is enabled for the AKS cluster. Optional.

The AAD profile for the AKS cluster. Optional.

The default agent pool for the AKS cluster. Optional.

The linux profile for the AKS cluster. Optional.

The windows profile for the AKS cluster. Optional.

ManagedClusterAPIServerAccessProfile

AuthorizedIPRanges

DisableRunCommand

EnablePrivateCluster

EnablePrivateClusterFQDN

PrivateDNSZone

[]string

bool

string

The authorized IP ranges for the AKS cluster. Optional.

Decides wether or not run command is disabled. Optional.

Decides wether or not private cluster is disabled. Optional.

Decides wether or not Private cluster public FQDN is enabled. Optional.

The private DNS zone for the AKS cluster. Optional.

DefaultAgentPool

OSSKU

OsType

AvailabilityZones

VMSize

VnetSubnetID

LinuxProfile

WindowsProfile

Count

ScaleSetPriority

ScaleSetEvictionPolicy

SpotMaxPrice

EnableAutoScaling

MaxCount

MinCount

MaxPods

EnableNodePublicIP

Nodelabels

NodeTaints

Tags

string

[]string

string

LinuxProfile

WindowsProfile

int32

string

int32

bool

int32

bool

map[string]string

[]string

map[string]string

The OSSKU for the default node pool. Required.

The OS type for the default node pool. Required.

The availability zones for the default node pool. Required.

The vm size for the default node pool. Required.

The subnet id for the default node pool. Optional.

The linux profile for the default node pool. Optional.

The windows profile for the default node pool. Optional.

The count for the default node pool. Required.

The scale set priority for the default node pool. Optional.

The scale set eviction policy for the default node pool. Optional.

The max spot price for the default node pool. Optional.

Decides wether or not auto scaling is enabled for the default node pool. Optional.

The max count for the default node pool. Optional.

The min count for the default node pool. Optional.

The max pods for the default node pool. Optional.

Decides wether or not the public ip is enabled for the default node pool. Optional.

The node labels for the default node pool. Optional.

The node taints for the default node pool. Optional.

The tags for the default node pool. Optional.

ManagedClusterAutoUpgradeProfile

UpgradeChannel

string

The upgrade channel for the AKS cluster. Required.

AgentPoolProfileSpec

Name

Mode

OSSKU

OSDiskSizeGB

OsType

AvailabilityZones

VMSize

VnetSubnetID

Count

ScaleSetPriority

ScaleSetEvictionPolicy

SpotMaxPrice

EnableAutoScaling

MaxCount

MinCount

MaxPods

EnableNodePublicIP

NodeLabels

NodeTaints

Tags

MaxSurge

string

int32

string

int32

string

int32

bool

int32

bool

map[string]string

[]string

map[string]string

string

The name for the agent pool. Required.

The mode for the agent pool. Required.

The OSSKU for the agent pool. Required.

The OS disk size for the agent pool. Required.

The OS type for the agent pool. Required.

The availability zones for the agent pool. Required.

The Vm size for the agent pool. Required.

The vnet subnet id for the agent pool. Optional.

The count for the agent pool. Required.

The scale set priority for the agent pool. Required.

The scale set eviction policy for the agent pool. Optional.

The max spot price for the agent pool. Optional.

Decides wether or not auto scaling is enabled for the agent pool. Optional.

The max count for the agent pool. Optional.

The min count for the agent pool. Optional.

The max pods for the agent pool. Optional.

Decides wether or not public ip is enabled for the agent pool. Optional.

The node labels for the agent pool. Optional.

The node taints for the agent pool. Optional.

The tags for the agent pool. Optional.

The max surge for the agent pool. Optional.

LinuxProfile

AdminUsername

SSH

string

SSHConfiguration

The admin username for the linux profile. Required.

The SSH configuration for the Linux Profile. Required.

SSHConfiguration

PublicKeys

[]SSHPublicKey

The public keys for the Linux Profile. Required.

SSHPublicKey

KeyData

string

The key data for the public key. Required.

WindowsProfile

AdminUsername

AdminPassword

EnableCSIProxy

GmsaProfile

LicenseType

string

bool

GmsaProfile

string

The username for the AKS cluster. Optional.

Decides wether or not CSI proxy is enabled for the AKS cluster. Optional.

The Gmsa profile for the AKS cluster. Optional.

The license type for the AKS cluster. Optional.

GmsaProfile

Enabled

DNSServer

RootDomainName

bool

string

Wether or not GmsaProfile is enabled or not. Optional.

The DNS server for the Gmsa profile. Optional.

The Root domain name. Optional.

ManagedClusterAddonProfile

Enabled

Config

bool

map[string]string

Wether or not addon profile is enabled or not. Required.

The config for the addon profile. Optional

NetworkProfile

NetworkPlugin

NetworkPolicy

LoadBalancerSKU

string

The network plugin. Required.

The network policy. Required.

The loadbalancer SKU. Optional.

ManagedClusterServicePrincipalProfile

clientID

Secret

string

The client id for the service principal. Required.

The client secret for the service principal. Required.

ManagedClusterAADProfile

Managed

EnableAzureRBAC

AdminGroupObjectIDs

ClientAppID

ServerAppID

TenantID

ServerAppSecret

bool

[]string

string

If the AAD profile is managed. Required.

Wether RBAC is enabled for the AAD profile. Required.

The admin group objects for the AAD profile. Required.

The client app ID for the AAD profile. Required.

The server app ID for the AAD profile. Required.

The tenant ID for the AAD profile. Required.

The server app secret for the AAD profile. Required.

AKS Outputs

AKSStatus

Condition

Name

Id

AgentPoolStatus

metav1.condition

string

map[string]AgentPoolStatus

The condition of the AKS cluster.

The name of the AKS cluster.

The ID of the AKS cluster.

The status of the agent pools.

AgentPoolStatus

Condition

Name

Id

metav1.condition

string

The condition of the Agent pool.

The name of the Agent pool.

The ID of the Agent pool.

Virtual Machine

Azure Virtual Machines offers a range of networking capabilities and related services such as Azure Virtual Network, public and private IP addresses,

Example yaml file:

apiVersion: azure.boundless.software/v1alpha1

kind: VirtualMachine

metadata:

spec:

provider:

region: eastus

resourceGroup: resourcegroup-sample

networkingSpec:

subnetId: <Your subnet id>

createPublicIP: true

availabilityZone: 1

vmImageSpec:

publisher: MicrosoftWindowsServer

offer: WindowsServer

sku: 2019-Datacenter

version: latest

osProfileSpec:

adminUsername: azureuser

adminPassword: “Password123!”

hardwareSpec:

vmSize: Standard_B1s

diskSpec:

osDiskSize: 127

Virtual Machine Inputs

VirtualMachineSpec

Provider

ResourceGroup

VMImageSpec

OsProfileSpec

HardwareSpec

NetworkingSpec

AvailabilityZone

AvailabilitySetId

DiskSpec

Tags

AzureProviderSpec

string

VmImageSpec

OSProfileSpec

HardwareSpec

VMNetworkingSpec

int32

string

DiskSpec

map[string]string

The provider for the VirtualMachine resource. Required

The resource group for the VirtualMachine resource. Required

The VM image spec for the VirtualMachine resource. Required

The OS profile for the VirtualMachine resource. Required

The hardware spec for the VirtualMachine resource. Required

The networking for the VirtualMachine resource. optional

The availability zone for the VirtualMachine resource. Optional

The availability set ID for the VirtualMachine resource. Optional

The OS disk for the VirtualMachine resource. Optional

The tags for the VirtualMachine resource. Optional

VMImageSpec

Offer

Publisher

SKU

Version

string

The offer for the image. Required.

The publisher of the image. Required.

The SKU of the image. Required.

The version of the image. Required.

DiskSpec

OSDiskSize

Caching

DiskId

DataDisks

WriteAcceleratorEnabled

Encryption

StorageAccountType

int32

string

map[string]DataDiskSpec

bool

OSDiskEncryptionSpec

string

The size of the OS disk for the VirtualMachine resource. Required.

The caching of the OS disk for the VirtualMachine resource. Optional.

The disk ID for the VirtualMachine resource. Only required when attaching an existing disk. Optional.

The data disks for the VirtualMachine resource. Optional.

The write accelerator enabled for the VirtualMachine resource. Optional.

The encryption spec for the VirtualMachine resource. Optional.

The storage account type for the VirtualMachine resource. Optional.

OSDiskEncryptionSpec

EncryptionVaultId

SecretId

string

The encryption key ID for the VirtualMachine resource. Required.

The secret ID for the VirtualMachine resource. Required.

DataDiskSpec

DiskId

Size

Caching

StorageAccountType

string

int32

string

The disk ID for the VirtualMachine resource. Only required when attaching an existing disk.

The size of the data disk for the VirtualMachine resource. Required.

The caching of the data disk for the VirtualMachine resource. Optional.

The storage account type for the Disk. Optional.

HardwareSpec

VMSize

string

The size for the virtual machine. Required.

VMNetworkingSpec

LoadBalancerBackendAddressPoolIds

CreatePublicIP

SubnetId

NetworkInterfaceId

[]string

bool

string

The load balancer backend address pool IDs for the VirtualMachine resource. Optional.

Decides wether or not to create a public IP for the VirtualMachine resource. Optional.

The subnet ID for the virtual machine. Only required if you are not supplying the NIC.

The network interface ID for the virtual machine. Optional.

OSProfileSpec

AdminUsername

AdminPassword

string

The username for the virtual machine. Required.

The password for the virtual machine. Required.

Virtual Machine Outputs

VirtualMachineStatus

Condition

Name

Location

Password

Username

Zone

ID

VMSize

Networking

VirtualMachineScalesetId

DataDisks

Image

OSDisk

metav1.condition

string

VMNetworkingStatus

string

map[string]DataDiskStatus

ImageStatus

OSDiskStatus

The condition of the virtual machine.

The name of the virtual machine.

The location of the virtual machine.

The password of the virtual machine.

The username of the virtual machine.

The availability zone of the virtual machine.

The id of the virtual machine.

The size of the virtual machine.

The networking status of the virtual machine.

The scale set ID of the virtual machine.

The data disks attached to the virtual machine.

The image of the virtual machine.

The OSDisk of the virtual machine.

ImageStatus

Offer

Publisher

SKU

Version

string

The offer of the image.

The publisher of the image.

The SKU of the image.

The version of the image.

OSDiskStatus

Size

Id

Caching

int32

string

The size of the OS disk for the VirtualMachine resource.

The ID of the OS disk for the VirtualMachine resource.

The caching of the OS disk for the VirtualMachine resource.

VMNetworkingStatus

PublicIpAddress

SubnetId

NetworkInterfaceId

LoadBalancerBackendAddressPoolIds

string

[]string

The public IP address of the VirtualMachine resource.

The subnet ID of the VirtualMachine resource.

The network interface ID of the VirtualMachine resource.

The load balancer backend address pool IDs for the VirtualMachine resource.

DataDiskStatus

Size

ID

Caching

Lun

int32

string

int32

The size of the data disk for the VirtualMachine resource.

The ID of the data disk for the VirtualMachine resource.

The caching of the data disk for the VirtualMachine resource.

The LUN of the data disk for the VirtualMachine resource.

Core

Helm

A package manager for Kubernetes that helps you define, install, and upgrade even the most complex Kubernetes applications.

Example yaml file:

apiVersion: helm.boundless.software/v1alpha1

kind: Helm

metadata:

spec:

repo: “https://charts.bitnami.com/bitnami”

chart: “wordpress”

version: “12.0.3”

values:

mariadb:

enabled: false

externalDatabase:

host: “my-database-host”

user: “my-database-user”

password: “my-database-password”

istio:

enabled: true

ingress:

host: “my-helm-app.local”

—

# helmList (multiple charts)

apiVersion: core.boundless.software/v1alpha1

kind: HelmList

items:

– metadata:

namespace: default

spec:

repo: https://charts.bitnami.com/bitnami

chart: mysql

version: 9.3.4

values:

auth:

database: wordpress

username: wordpress

password: wordpress

– metadata:

namespace: default

spec:

repo: https://charts.bitnami.com/bitnami

chart: wordpress

istio:

virtualService:

gateways:

– istio-system/default-gateway

hosts:

– example.boundless.software

http:

– destination:

host: wordpress.default.svc.cluster.local

port:

number: 80

version: 15.2.5

values:

wordpressUsername: admin

wordpressPassword: wordpress

wordpressEmail: “example@boundless.software”

wordpressFirstName: Switchblade

wordpressLastName: Operator

wordpressBlogName: Switchblade

serviceAccount:

create: true

mariadb:

enabled: false

externalDatabase:

host: mysql.default.svc.cluster.local

user: wordpress

password: wordpress

database: wordpress

service:

type: ClusterIP

wordpressExtraConfigContent: |

$scheme = ‘http://’;

if ( ‘on’ === $_SERVER[‘HTTPS’] ) {

$scheme = ‘https://’;

}

if ( ! defined( ‘WP_HOME’ ) ) {

define( ‘WP_HOME’, rtrim( getenv( ‘WP_HOME’ ) ?: $scheme . $_SERVER[‘HTTP_HOST’], ‘/’ ) );

}

if ( ! defined( ‘WP_SITEURL’ ) ) {

define( ‘WP_SITEURL’, rtrim( getenv( ‘WP_SITEURL’ ), ‘/’ ) ?: WP_HOME . ‘/wp’ );

}

unset( $scheme );

if ( ! defined( ‘AUTOMATIC_UPDATER_DISABLED’ ) ) {

define( ‘AUTOMATIC_UPDATER_DISABLED’, true );

}

if ( ! defined( ‘DISABLE_WP_CRON’ ) ) {

define( ‘DISABLE_WP_CRON’, getenv( ‘DISABLE_WP_CRON’ ) ?: false );

}

if ( ! defined( ‘DISALLOW_FILE_EDIT’ ) ) {

// Disable the plugin and theme file editor in the admin

define( ‘DISALLOW_FILE_EDIT’, “true” === strtolower( getenv( ‘DISALLOW_FILE_EDIT’ ) ?: “true” ) );

}

if ( ! defined( ‘DISALLOW_FILE_MODS’ ) ) {

// Disable plugin and theme updates and installation from the admin

define( ‘DISALLOW_FILE_MODS’, “true” === strtolower( getenv( ‘DISALLOW_FILE_MODS’ ) ?: “true” ) );

}

Helm Inputs

repo*

chart*

version*

values

istio

string

map[string]apiext.JSON

common.IstioSpec

Repository is the Helm repository URL.

Chart is the Helm chart name.

Version is the Helm chart version.

Values are the values to be passed to the Helm chart.

Istio specifies the Istio settings for the Helm chart.

IstioSpec

destinationRule

virtualService

IstioDestinationRuleSpec

IstioVirtualServiceSpec

DestinationRuleSpec is the spec for a DestinationRule.

VirtualServiceSpec is the spec for a VirtualService.

IstioDestinationRuleSpec

host*

tlsMode*

string

Host is the host name of the service.

TlsMode is the TLS mode for the DestinationRule.

IstioVirtualServiceSpec

gateways*

host*

http

[]string

[]IstioVirtualServiceHttpSpec

Gateways is the list of gateways to which this VirtualService is applied.

Hosts is the list of hosts exposed by this VirtualService.

Http is the list of HTTP routes for the VirtualService.

Helm Outputs

condition

appVersion

chart

repo

version

metav1.Condition

string

Condition provides the current condition of this Helm chart.

AppVersion is the Helm chart app version.

Chart is the Helm chart name.

Repository is the Helm repository URL.

Version is the Helm chart version.