Examples
See the examples below:
OAM
OAM Component
dynamodb.yaml
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
name: sample-dynamodb
namespace: samples
annotations:
definition.oam.dev/description: "Sample AWS dynamoDB resource"
spec:
workload:
type: autodetects.core.oam.dev
schematic:
cue:
template: |
import("encoding/json")
output: {
apiVersion: "dynamodb.aws.crossplane.io/v1alpha1"
kind: "Table"
metadata: {
name: context.name
namespace: context.namespace
}
spec: {
forProvider: {
attributeDefinitions: [
for _, v in parameter.attributes {
attributeName: v.name
attributeType: v.type
}
]
keySchema: [
for _, v in parameter.primaryKey {
attributeName: v.name
keyType: v.type
}
]
globalSecondaryIndexes: [
for _, gs in parameter.globalSecondary {
indexName: gs.name
projection: {
projectionType: gs.projection
}
provisionedThroughput: {
readCapacityUnits: gs.rcu
writeCapacityUnits: gs.wcu
}
keySchema:[
for _, v in gsi.keySchema {
attributeName: v.name
keyType: v.type
}
]
}
]
provisionedThroughput: {
readCapacityUnits: 1
writeCapacityUnits: 1
}
billingMode: "PROVISIONED"
region: parameter.region
sseSpecification: enabled: true
}
providerConfigRef: name: "aws-provider"
}
}
outputs: {
"policy": {
apiVersion: "iam.aws.crossplane.io/v1beta1"
kind: "Policy"
metadata: name: context.name+"-policy"
spec: {
forProvider: {
name: context.name+"-policy"
document:
json.Marshal({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"dynamodb:UpdateTimeToLive",
"dynamodb:UpdateItem",
"dynamodb:Scan",
"dynamodb:PutItem",
"dynamodb:GetItem",
"dynamodb:DescribeTimeToLive",
"dynamodb:DescribeTable",
"dynamodb:DeleteItem",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:BatchGetItem",
"dynamodb:Query",
],
Resource: [
"arn:aws:dynamodb:"+parameter.region+":*:table/"+context.name,
"arn:aws:dynamodb:"+parameter.region+":*:table/"+context.name+"/*"
]
}
]
})
}
providerConfigRef: name: "aws-provider"
}
}
"attach": {
apiVersion: "iam.aws.crossplane.io/v1beta1"
kind: "RolePolicyAttachment"
metadata: name: context.name+"-role-policy-attachment"
spec: {
forProvider: {
policyArnRef: name: context.name+"-policy"
roleNameRef: name: context.appName
}
providerConfigRef: name: "aws-provider"
}
}
}
parameter: {
// +usage=region where resource will be create us-east-1 is default value
region: *"us-east-1" | string
// +usage=attribute definitions using format {name: ... type: ...}
attributes: [...{name:string,type:string}]
// +usage=keys definitions using format {name: ... type: ...}
primaryKey: [...{name:string,type:string}]
globalSecondary: [...{name:string,projection:string,wcu:int,rcu:int,keySchema:[...{name:string,type:string}]}]
}
rds.yaml
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
name: sample-rds-postgres
namespace: samples
annotations:
definition.oam.dev/description: "Sample postgres resource"
spec:
workload:
type: autodetects.core.oam.dev
schematic:
cue:
template: |
import("encoding/json")
dbGroupName: parameter.dbName+"-group" | string
dbSubnetGroup: parameter.dbName+"-subnet" | string
output: {
apiVersion: "rds.aws.crossplane.io/v1alpha1"
kind: "DBInstance"
metadata: name: parameter.dbName
spec: {
forProvider: {
region: parameter.region
allocatedStorage: 20
applyImmediately: true
autoMinorVersionUpgrade: true
autogeneratePassword: true
backupRetentionPeriod: 12
dbInstanceClass: "db.m5.large"
dbName: parameter.dbName
dbParameterGroupName: dbGroupName
dbSubnetGroupName: dbSubnetGroup
vpcSecurityGroupIDRefs: [
{
"name": parameter.dbName+"-security"
}
]
engine: "postgres"
engineVersion: "12.9"
masterUserPasswordSecretRef: {
name: parameter.dbName+"-masteruser"
namespace: context.namespace
key: "password"
}
masterUsername: "adminuser"
preferredBackupWindow: "7:00-8:00"
preferredMaintenanceWindow: "Sat:8:00-Sat:11:00"
publiclyAccessible: false
skipFinalSnapshot: true
storageEncrypted: true
storageType: "gp2"
}
providerConfigRef: name: "aws-provider"
writeConnectionSecretToRef: {
name: parameter.dbName+"-secret"
namespace: context.namespace
}
}
}
outputs: {
"network": {
apiVersion: "database.aws.crossplane.io/v1beta1"
kind: "DBSubnetGroup"
metadata: name: parameter.dbName+"-subnet
spec: {
forProvider: {
description: parameter.dbName+" group"
region: parameter.region
subnetIds: parameter.subnetIds
}
providerConfigRef: name: "aws-provider"
}
}
"parametergroup": {
apiVersion: "rds.aws.crossplane.io/v1alpha1"
kind: "DBParameterGroup"
metadata: name: parameter.dbName+"-group"
spec: {
forProvider: {
description: parameter.dbName+" group"
region: parameter.region
dbParameterGroupFamily: "postgres12"
parameters: [
for _, v in parameter.dbParameters {
{
applyMethod: v.applyMethod
parameterName: v.parameterName
parameterValue: v.parameterValue
}
}
]
}
providerConfigRef: name: "aws-provider"
}
}
"policy": {
apiVersion: "iam.aws.crossplane.io/v1beta1"
kind: "Policy"
metadata: name: context.appName+"-policy"
spec: {
forProvider: {
name: context.appName+"-policy"
document:
json.Marshal({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"rds-data:ExecuteSql",
"rds-data:ExecuteStatement",
"rds-data:BatchExecuteStatement",
"rds-data:BeginTransaction",
"rds-data:CommitTransaction",
"rds-data:RollbackTransaction"
],
Resource: ["arn:aws:rds:*:*:db:"+parameter.dbName]
}
]
})
}
providerConfigRef: name: "aws-provider"
}
}
"security": {
apiVersion: "ec2.aws.crossplane.io/v1beta1",
kind: "SecurityGroup"
metadata: name: parameter.dbName+"-security"
spec: {
forProvider: {
region: parameter.region,
vpcId: parameter.vpcId
groupName: parameter.dbName+"-security"
description: "Allow access to PostgreSQL",
ingress: [
{
"fromPort": 5432,
"toPort": 5432,
"ipProtocol": "tcp",
"ipRanges": [
{
"cidrIp": "0.0.0.0/0",
"description": "Everywhere"
}
]
}
]
}
providerConfigRef: name: "aws-provider"
}
}
"attach": {
apiVersion: "iam.aws.crossplane.io/v1beta1"
kind: "RolePolicyAttachment"
metadata: name: context.appName+"-role-policy-attachment"
spec: {
forProvider: {
policyArnRef: name: context.appName+"-policy"
roleNameRef: name: context.appName
}
providerConfigRef: name: "aws-provider"
}
}
}
parameter: {
// +usage=region where resource will be create us-east-1 is default value
region: *"us-east-1" | string
// +usage=namespace where resource will be create
dbName: string
// VPC id
vpcId: string
// +usage=subnet ids
subnetIds: [...]
dbParameters: [...{applyMethod:string,parameterName:string,parameterValue:string}]
}
microservice.yaml
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
name: microservice
namespace: samples
annotations:
definition.oam.dev/description: "Sample custom microservice resource"
spec:
schematic:
cue:
template: |
import (
"strconv",
)
output: {
apiVersion: "apps/v1"
kind: "Deployment"
spec: {
selector: matchLabels: {
"app.oam.dev/component": context.name
}
template: {
metadata: {
labels: {
if parameter.labels != _|_ {
parameter.labels
}
"app.oam.dev/name": context.appName
"app.oam.dev/component": context.name
}
if parameter.annotations != _|_ {
annotations: parameter.annotations
}
}
spec: {
serviceAccount: context.name
serviceAccountName: context.name
}
containers: [{
name: context.name
image: parameter.image
imagePullPolicy: "Always"
if context["config"] != _|_ {
env: context.config
}
resources: {
limits: cpu: 1
requests: cpu: 1
}
}]
}
}
}
}
exposePorts: [
port: parameter.port
targetPort: parameter.port
name: "default"
,
]
outputs: {
webserviceExpose: {
apiVersion: "v1"
kind: "Service"
metadata: name: context.name
spec: {
selector: "app.oam.dev/component": context.name
ports: exposePorts
type: "ClusterIP"
}
}
approle: {
apiVersion: "iam.aws.crossplane.io/v1beta1"
kind: "Role"
metadata: name: context.appName
spec: {
forProvider: {
assumeRolePolicyDocument:
json.Marshal({
Version: "2012-10-17"
Statement: [
{
Effect: "Allow"
Principal: Federated: parameter.clusterOidc
Action: "sts:AssumeRoleWithWebIdentity"
}
]
})
}
providerConfigRef: name: "aws-provider"
}
}
serviceAccount: {
apiVersion: "v1"
kind: "ServiceAccount"
metadata: {
name: context.name
annotations: "eks.amazonaws.com/role-arn": "arn:aws:iam::"+parameter.accountId+":role/"+context.appName
}
}
}
parameter: {
accountId: | string
clusterOidc: | string
port: | int
// +usage=Specify the labels in the workload
labels?: [string]: string
// +usage=Specify the annotations in the workload
annotations?: [string]: string
// +usage=Which image would you like to use for your service
// +short=i
image: string
}
status:
customStatus: |-
import "strconv"
ready: {
if context.output.status.readyReplicas == _|_ {
readyReplicas: 0
}
if context.output.status.readyReplicas != _|_ {
readyReplicas: context.output.status.readyReplicas
}
}
message: "Ready:" + strconv.FormatInt(ready.readyReplicas, 10) + "/" + strconv.FormatInt(context.output.spec.replicas, 10)
workload:
definition:
apiVersion: apps/v1
kind: Deployment
type: deployments.apps
OAM Application
Application using a microservice and Dynamodb
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: application1
namespace: sample-application
spec:
components:
- name: sample-microsever
type: microservice
properties:
accountId: "ACCOUNT_ID"
clusterOidc: "CLUSTER"
port: 80
image: IMAGE
- name: sample-db
type: sample-dynamodb
properties:
attributes:
- name: data
type: S
primaryKey:
- name: pk
type: HASH
- name: sk
type: RANGE
globalSecondary:
- name: GSI-1
projection: ALL
wcu: 1
rcu: 1
keySchema:
- name: sk
type: HASH
- name: data
type: RANGE
Application using a microservice and Postgres
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: application2
namespace: sample-application
spec:
components:
- name: sample-microsever
type: microservice
properties:
accountId: "ACCOUNT_ID"
clusterOidc: "CLUSTER"
port: 80
image: IMAGE
- name: sample-postgres
type: sample-rds-postgres
properties:
region: "us-east-1"
dbName: runtimeenginedb
vpcId: VPC
subnetIds:
- SUBNET1
- SUBNET2
Crossplane
Component example using Crossplane
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
name: runtime-dynamodb
namespace: vela-system
annotations:
definition.oam.dev/description: "Stackspot Package: AWS DynamoDB Resource"
spec:
workload:
type: autodetects.core.oam.dev
schematic:
cue:
template: |
import("encoding/json")
output: {
apiVersion: "dynamodb.aws.crossplane.io/v1alpha1"
kind: "Table"
metadata: {
name: context.name
namespace: context.namespace
}
spec: {
forProvider: {
attributeDefinitions: [
for _, v in parameter.attributes {
attributeName: v.name
attributeType: v.type
}
]
keySchema: [
for _, v in parameter.primaryKeySchema {
attributeName: v.name
keyType: v.type
}
]
globalSecondaryIndexes: [
for _, gsi in parameter.globalSecondaryIndexes {
indexName: gsi.name
projection: {
projectionType: gsi.projection
}
provisionedThroughput: {
readCapacityUnits: gsi.rcu
writeCapacityUnits: gsi.wcu
}
keySchema:[
for _, v in gsi.keySchema {
attributeName: v.name
keyType: v.type
}
]
}
]
provisionedThroughput: {
readCapacityUnits: parameter.rcu
writeCapacityUnits: parameter.wcu
}
billingMode: "PROVISIONED"
region: parameter.region
sseSpecification: enabled: true
}
providerConfigRef: name: "aws-provider"
}
}
outputs: {
"policy": {
apiVersion: "iam.aws.crossplane.io/v1beta1"
kind: "Policy"
metadata: name: context.name+"-policy"
spec: {
forProvider: {
name: context.name+"-policy"
document:
json.Marshal({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"dynamodb:UpdateTimeToLive",
"dynamodb:UpdateItem",
"dynamodb:Scan",
"dynamodb:PutItem",
"dynamodb:GetItem",
"dynamodb:DescribeTimeToLive",
"dynamodb:DescribeTable",
"dynamodb:DeleteItem",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:BatchGetItem",
"dynamodb:Query",
],
Resource: [
"arn:aws:dynamodb:"+parameter.region+":*:table/"+context.name,
"arn:aws:dynamodb:"+parameter.region+":*:table/"+context.name+"/*"
]
}
]
})
}
providerConfigRef: name: "aws-provider"
}
}
"attach": {
apiVersion: "iam.aws.crossplane.io/v1beta1"
kind: "RolePolicyAttachment"
metadata: name: context.name+"-role-policy-attachment"
spec: {
forProvider: {
policyArnRef: name: context.name+"-policy"
roleNameRef: name: context.appName
}
providerConfigRef: name: "aws-provider"
}
}
}
parameter: {
// +usage=region where resource will be create us-east-1 is default value
region: *"us-east-1" | string
// +usage=Read Capacity Unit
rcu: *1 | int
// +usage=Write Capacity Unit
wcu: *1 | int
// +usage=attribute definitions using format {name: ... type: ...}
attributes: [...{name:string,type:string}]
// +usage=keys definitions using format {name: ... type: ...}
primaryKeySchema: [...{name:string,type:string}]
globalSecondaryIndexes: [...{name:string,projection:string,wcu:int,rcu:int,keySchema:[...{name:string,type:string}]}]
}
Terraform
Component example using Terraform
apiVersion: core.oam.dev/v1beta1
kind: ComponentDefinition
metadata:
name: runtimes-tf-dynamo-aws
namespace: vela-system
annotations:
definition.oam.dev/description: "Stackspot Package (terraform): AWS DynamoDB Resource"
spec:
workload:
type: autodetects.core.oam.dev
schematic:
cue:
template: |
output: {
apiVersion: "terraform.appvia.io/v1alpha1"
kind: "Configuration"
metadata: {
name: context.name
namespace: context.namespace
}
spec: {
enableAutoApproval: true
module: "https://github.com/terraform-aws-modules/terraform-aws-dynamodb-table.git?ref=v3.1.1"
providerRef: {
name: "aws-irsa"
}
variables: {
name: context.name
hash_key: parameter.hashKey
attributes: [
for _, v in parameter.attributes {
{
name: v.name
type: v.type
}
}
]
}
}
}
parameter: {
hashKey: string
attributes: [...{name:string,type:string}]
}
Was this page helpful?