diff --git a/README.md b/README.md index 55b65aa0fa..ecdb98ae68 100644 --- a/README.md +++ b/README.md @@ -60,8 +60,6 @@ spec: package: docker.io//provider-aws-ec2: ``` -Use `monolith` instead of `ec2` to build and publish the monolithic provider. - ### Add a New Resource Follow the guide [here](https://github.com/crossplane/upjet/blob/v0.10.0/docs/add-new-resource-short.md). diff --git a/docs/monolith/Configuration.md b/docs/monolith/Configuration.md deleted file mode 100644 index 510468d98d..0000000000 --- a/docs/monolith/Configuration.md +++ /dev/null @@ -1,551 +0,0 @@ ---- -title: Configuration -weight: 2 ---- -⚠️ **Warning:** The monolithic AWS provider (`upbound/provider-aws`) has been deprecated in favor of the [AWS provider family](https://marketplace.upbound.io/providers/upbound/provider-family-aws/). You can read more about the provider families in our [blog post](https://blog.upbound.io/new-provider-families) and the official documentation for the provider families is [here](https://docs.upbound.io/providers/provider-families/). We will continue support for the monolithic AWS provider until June 12, 2024. And you can find more information on migrating from the monolithic providers to the provider families [here](https://docs.upbound.io/providers/migration/). - -# AWS official provider documentation -Upbound supports and maintains the Upbound AWS official provider. - -## Install the provider-aws -### Prerequisites -#### Upbound Up command-line -The Upbound Up command-line simplifies configuration and management of Upbound -Universal Crossplane (UXP) and interacts with the Upbound Marketplace to manage -users and accounts. - -Install `up` with the command: -```shell -curl -sL "https://cli.upbound.io" | sh -``` -More information about the Up command-line is available in the [Upbound Up -documentation](https://docs.upbound.io/cli/). - -#### Upbound Universal Crossplane -UXP is the Upbound official enterprise-grade distribution of Crossplane for -self-hosted control planes. - -Install UXP into your Kubernetes cluster using the Up command-line. - -```shell -up uxp install -``` - -Find more information in the [Upbound UXP -documentation](https://docs.upbound.io/uxp/). - -_The Upbound AWS official provider may also be used with upstream [Crossplane](https://crossplane.io/docs/master/getting-started/install-configure.html)._ - -### Install the provider-aws - -Install the Upbound official AWS provider with the following configuration file - -```yaml -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - name: provider-aws -spec: - package: xpkg.upbound.io/upbound/provider-aws: -``` - -Define the provider-aws version with `spec.package`. - -Install the provider-aws with `kubectl apply -f`. - -Verify the configuration with `kubectl get providers`. - -```shell -$ kubectl get providers -NAME INSTALLED HEALTHY PACKAGE AGE -provider-aws True True xpkg.upbound.io/upbound/provider-aws:v0.41.0 62s -``` - -View the Crossplane [Provider CRD -definition](https://doc.crds.dev/github.com/crossplane/crossplane/pkg.crossplane.io/Provider/v1) -to view all available `Provider` options. - -## Configure the provider -The AWS provider requires credentials for authentication to AWS. The AWS -provider consumes the credentials from a Kubernetes secret object. - -### Configure authentication -Upbound supports authentication to AWS via access keys, service accounts or with -`AssumeRole`. - -Apply the specific authentication method with a `ProviderConfig` object, applied -to the `Provider`. - -#### Authenticate using AWS access keys -Authenticating with AWS access keys requires creating a Kubernetes secret object -and storing the AWS keys inside Kubernetes. - -##### Place the AWS access keys in a text file -Create a text file containing the AWS account `aws_access_key_id` and -`aws_secret_access_key`. The [AWS -documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds) -provides information on how to generate these keys. - -```ini -[default] -aws_access_key_id = -aws_secret_access_key = -``` - -More information about AWS credential files are in the [AWS credential file -documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). - -##### Generate a Kubernetes secret with the AWS access keys -Create the secret with the command - -```shell -kubectl create secret generic \ - \ ---from-file=key-file= -``` - -For example, to create a secret named `aws-secret` from a text file named -`aws-credentials.txt` -```shell -$ kubectl create secret generic aws-secret --from-file=key-file=aws-credentials.txt -$ kubectl describe secret aws-secret -Name: aws-secret -Namespace: default -Labels: -Annotations: - -Type: Opaque - -Data -==== -key-file: 116 bytes -``` - -##### Create a ProviderConfig object -Apply the secret in a `ProviderConfig` Kubernetes configuration file. For -example using a secret named `aws-secret`: - -```yaml -apiVersion: aws.upbound.io/v1beta1 -kind: ProviderConfig -metadata: - name: default -spec: - credentials: - source: Secret - secretRef: - namespace: default - name: aws-secret - key: key-file -``` - -The `spec.secretRef` describes the parameters of the secret to use. -* `namespace` is the Kubernetes namespace the secret is in. -* `name` is the name of the Kubernetes `secret` object. -* `key` is the `Data` field from `kubectl describe secret`. - -View the [ProviderConfig -CRD](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/aws.upbound.io/ProviderConfig/v1beta1) -definition to view all available `ProviderConfig` options. - -#### Authenticate using IAM Roles for Service Accounts -Universal Crossplane clusters running inside Amazon Elastic Kubernetes Service -(`EKS`) can use [IAM Roles for Service Accounts -(`IRSA`)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) -to authenticate the AWS provider. - -An IRSA configuration requires multiple components: -* Enable the [IAM OIDC - provider](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) - for EKS. -* Creating an IAM policy granting the AWS provider access to AWS resources. -* Creating an IAM role for the AWS provider to associate with the AWS provider. -* Creating a Kubernetes service account. -* Create a `ControllerConfig` to associate the IAM role ARN. -* Apply the `ControllerConfig` to the `Provider`. -* Instruct the `ProviderConfig` to use `IRSA` credentials. - - - -##### Enable an IAM OIDC provider - -The EKS cluster must have an IAM OpenID Connect (`OIDC`) provider enabled to -configure IRSA. The AWS documentation contains full details on [enabling IAM -OIDC -providers](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html). - -Using the [`eksctl`](https://eksctl.io/) tool, create an IAM OIDC provider with -the command - -```shell -eksctl utils associate-iam-oidc-provider \ ---cluster \ ---approve -``` - -Confirm IAM OIDC provider creation using the [AWS -command-line](https://aws.amazon.com/cli/) -```shell -$ aws iam list-open-id-connect-providers -{ - "OpenIDConnectProviderList": [ - { - "Arn": "arn:aws:iam::000000000000:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/266A01FA1DBF8083FA1C23EB7D4736E4" - } - ] -} -``` - -##### Create an IAM policy -Define the actions the AWS provider can take by creating an IAM policy. - -For example, here is a custom IAM policy to enable `SystemAdministrator` level -access. -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] -} -``` -Apply the policy using the AWS command-line command -```shell -aws iam create-policy \ ---policy-name \ ---policy-document file:// -``` - -For example, to create a new policy named `custom-irsa-policy` from a policy -file named `custom-policy.json`: -```shell -$ aws iam create-policy --policy-name custom-irsa-policy --policy-document file://custom-policy.json -{ - "Policy": { - "PolicyName": "custom-irsa-policy", - "PolicyId": "ANPAZBZV2IPHDUBU5BF56", - "Arn": "arn:aws:iam::000000000000:policy/custom-irsa-policy", - "Path": "/", - "DefaultVersionId": "v1", - "AttachmentCount": 0, - "PermissionsBoundaryUsageCount": 0, - "IsAttachable": true, - "CreateDate": "2022-08-17T20:35:22+00:00", - "UpdateDate": "2022-08-17T20:35:22+00:00" - } -} -``` - -_Note:_ if you plan to use an AWS managed policy, a custom policy isn't -required. - -##### Create an IAM role -Creating a Kubernetes service account requires an IAM role to apply an IAM -policy. The AWS documentation contains full details on [creating a role and -assigning it to the Kubernetes service -account](https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html). - -_Note:_ `eksctl` is the simplest way to create the required role, attach the -policy and generate a service account. You **must** change the role trust policy -after creating it with `eksctl`. - -To use `eksctl` to create a new service account and IAM role use the command -`eksctl create iamserviceaccount`. - -```shell -eksctl create iamserviceaccount \ ---name \ ---role-name \ ---cluster ---attach-policy-arn \ ---namespace upbound-system \ ---approve -``` - -| Configuration option | Description | -| ---- | ---- | -| `--name` | The name of the Kubernetes service account to create. | -| `--role-name` | The name of the AWS IAM role to create. | -| `--cluster` | The name of the EKS cluster. | -| `--attach-policy-arn` | The ARN of the policy to attach to this service account and role. | -| `--namespace` | The namespace to create the Kubernetes service account in. This must be the same namespace as Universal Crossplane. (The Universal Crossplane default namespace is `upbound-system`.) | - -For example, to create a new service account with the configuration: - -| Configuration option | Configuration value | -| ---- | ---- | -| `--name` | `my-upbound-sa` | -| `--role-name` | `eks-test-role` | -| `--cluster` | `upbound-docs` | -| `--attach-policy-arn` | `arn:aws:iam::000000000000:policy/custom-irsa-policy` | -| `--namespace` | `upbound-system` | - -Use the command -```shell -eksctl create iamserviceaccount \ ---name my-upbound-sa \ ---role-name eks-test-role \ ---cluster upbound-docs \ ---attach-policy-arn arn:aws:iam::000000000000:policy/custom-irsa-policy \ ---namespace upbound-system \ ---approve -``` - -_Note:_ the policy ARN value comes from the `Arn` field from the command `aws -iam create-policy`. To find the ARN of the policy use the command `aws iam -list-policies` replacing `POLICY_NAME` with the name of the policy. - -```shell -$ aws iam list-policies --query 'Policies[?PolicyName==`POLICY_NAME`].Arn' --output text` -arn:aws:iam::000000000000:policy/custom-irsa-policy -``` - -Verify the creation of the service account with the command `kubectl describe sa --n `. The `Annotations` field is the newly -created IAM role. - -From the example service account named `my-upbound-sa`: -```yaml -$ kubectl describe sa \ --n upbound-system \ -my-upbound-sa -Name: my-upbound-sa -Namespace: upbound-system -Labels: app.kubernetes.io/managed-by=eksctl -Annotations: eks.amazonaws.com/role-arn: arn:aws:iam::000000000000:role/eks-test-role -Image pull secrets: -Mountable secrets: my-upbound-sa-token-spq5k -Tokens: my-upbound-sa-token-spq5k -Events: -``` - -Confirm the attachment between the IAM policy and new IAM role with the command -```shell -aws iam list-attached-role-policies \ ---role-name \ ---query AttachedPolicies[].PolicyArn \ ---output text -``` - -For example, -```shell -$ aws iam list-attached-role-policies \ ---role-name eks-test-role \ ---query AttachedPolicies[].PolicyArn \ ---output text -arn:aws:iam::000000000000:policy/custom-irsa-policy -``` -The output of the command matches the policy ARN. - - -Next, verify the new IAM role with the command `aws iam get-role --role-name - --query Role.AssumeRolePolicyDocument`. - -Using the example role name `eks-test-role` -```shell -$ aws iam get-role \ ---role-name eks-test-role \ ---query Role.AssumeRolePolicyDocument -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::000000000000:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/266A01FA1DBF8083FA1C23EB7D4736E4" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "oidc.eks.us-east-2.amazonaws.com/id/266A01FA1DBF8083FA1C23EB7D4736E4:aud": "sts.amazonaws.com", - "oidc.eks.us-east-2.amazonaws.com/id/266A01FA1DBF8083FA1C23EB7D4736E4:sub": "system:serviceaccount:upbound-system:my-upbound-sa" - } - } - } - ] -} -``` -##### Update the IAM role -The IAM role created by `eksctl` doesn't have the correct `Conditions` for the -AWS provider. - -Update the role `Trust relationship`. - -Use the output of `aws iam-get role` as a starting template. - -* Replace the `Condition.StringEquals` with `Condition.StringLike`. -```shell -"Condition": { - "StringLike": { -``` - -* Replace the body of the new `Condition.StringLike` with the provider string. -First, get the `OIDC issuer` with the command `aws eks decribe-cluster --name -`. - -For example, -```shell -$ aws eks describe-cluster --name upbound-docs --query "cluster.identity.oidc.issuer" --output text | sed -E 's_^https?://__' -oidc.eks.us-east-2.amazonaws.com/id/266A01FA1DBF8083FA1C23EB7D4736E4 -``` -Use this value to build the new contents, in the form: -`":sub": "system:serviceaccount::provider-aws-*"` - -For example, using the previous output: - -`"oidc.eks.us-east-2.amazonaws.com/id/266A01FA1DBF8083FA1C23EB7D4736E4:sub": -"system:serviceaccount:upbound-system:provider-aws-*"` - -The value `provider-aws-*` defines the AWS provider and version that needs to -authenticate. Using `*` allows any AWS provider version to authenticate. - -An example of the final JSON file. -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::000000000000:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/266A01FA1DBF8083FA1C23EB7D4736E4" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringLike": { - "oidc.eks.us-east-2.amazonaws.com/id/266A01FA1DBF8083FA1C23EB7D4736E4:sub": "system:serviceaccount:upbound-system:provider-aws-*" - } - } - } - ] -} -``` - -* Apply the new trust policy. Use the command `aws iam -update-assume-role-policy` to apply the trust policy. - -```shell -aws iam update-assume-role-policy \ ---role-name \ ---policy-document file:// -``` - -For example, -```shell -aws iam update-assume-role-policy \ ---role-name eks-test-role \ ---policy-document file://role.json -``` - -##### Create a ControllerConfig -A `ControllerConfig` creates settings used by the `Provider` deployment. - -For IRSA, the `ControllerConfig` provides an `annotation` of the ARN of the role -used by the Kubernetes service account. - -First, use `kubectl describe service-account -n upbound-system` to get -the ARN value. - -```yaml -$ kubectl describe service-account \ -my-upbound-sa \ --n upbound-system -Name: my-upbound-sa -Namespace: upbound-system -Labels: app.kubernetes.io/managed-by=eksctl -Annotations: eks.amazonaws.com/role-arn: arn:aws:iam::000000000000:role/eks-test-role -Image pull secrets: -Mountable secrets: my-upbound-sa-token-spq5k -Tokens: my-upbound-sa-token-spq5k -Events: -``` - -The `Annotations` value is the input for the `ControllerConfig`. - -_Note:_ the `ControllerConfig` required for IRSA configuration doesn't require a -`spec` body. - -```yaml -apiVersion: pkg.crossplane.io/v1alpha1 -kind: ControllerConfig -metadata: - name: irsa-controllerconfig - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::000000000000:role/eks-test-role -spec: -``` - -Apply the `ControllerConfig` with `kubectl apply -f` and verify the installation -with `kubectl get controllerconfig`. - -```shell -$ kubectl apply -f controller-config.yml -$ kubectl get controllerconfig -NAME AGE -irsa-controllerconfig 6s -``` - -##### Create a Provider -The `Provider` object references the `ControllerConfig` to use the AWS IAM role -ARN. - -The `Provider.spec.controllerConfigRef.name` must match the -`ControllerConfig.name` value. - -```yaml -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - name: provider-aws -spec: - package: xpkg.upbound.io/upbound/provider-aws:latest - controllerConfigRef: - name: irsa-controllerconfig -``` - -Apply the `Provider` object with `kubectl apply -f` and verify with `kubectl get -providers`. - -```shell -$ kubectl apply -f provider.yaml -$ kubectl get providers -NAME INSTALLED HEALTHY PACKAGE AGE -provider-aws True True xpkg.upbound.io/upbound/provider-aws:latest 83s -``` - -_Note_: it may take up to five minutes for the provider `HEALTHY` value to be -`True`. - -##### Create a ProviderConfig -The `ProviderConfig` explicitly configures the official AWS provider to use -`IRSA` authentication. - -Define the `ProviderConfig.spec.credentials.source` as `IRSA`. - -```yaml -apiVersion: aws.upbound.io/v1beta1 -kind: ProviderConfig -metadata: - name: default -spec: - credentials: - source: IRSA -``` - -_Note:_ the value `IRSA` is case sensitive. - -Apply the `ProviderConfig` with `kubectl apply -f` and verify with `kubectl get -providerconfigs`. - -```shell -$ kubectl apply -f providerconfig.yaml -$ kubectl get providerconfigs -NAME AGE -providerconfig.aws.upbound.io/default 46s -``` - -The official AWS provider now uses the `IRSA` role for authentication to AWS. diff --git a/docs/monolith/Quickstart.md b/docs/monolith/Quickstart.md deleted file mode 100644 index e633a28fa5..0000000000 --- a/docs/monolith/Quickstart.md +++ /dev/null @@ -1,434 +0,0 @@ ---- -title: Quickstart -weight: 1 ---- -⚠️ **Warning:** The monolithic AWS provider (`upbound/provider-aws`) has been deprecated in favor of the [AWS provider family](https://marketplace.upbound.io/providers/upbound/provider-family-aws/). You can read more about the provider families in our [blog post](https://blog.upbound.io/new-provider-families) and the official documentation for the provider families is [here](https://docs.upbound.io/providers/provider-families/). We will continue support for the monolithic AWS provider until June 12, 2024. And you can find more information on migrating from the monolithic providers to the provider families [here](https://docs.upbound.io/providers/migration/). - -# Quickstart - -This guide walks through the process to install Upbound Universal Crossplane and -install the AWS official provider. For more details about the AWS official -provider read the -[Configuration](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/docs/configuration) -. - -To install and use AWS official provider: -* Install Upbound Universal Crossplane (UXP) into your Kubernetes cluster. -* Install the `Provider` and apply a `ProviderConfig`. -* Create a *managed resource* in AWS with Kubernetes. - -You can walk through this quickstart in one of two ways: -* copy and paste - A list of commands to run to create a managed resource in - AWS. You can then inspect the Kubernetes cluster and AWS console for more - information. -* guided tour - A step-by-step walk through of the required commands and - descriptions on what the commands do. - -## Prerequisites -This quickstart requires: -* a Kubernetes cluster with permissions to create pods and secrets -* a host with `kubectl` installed and configured to access the Kubernetes - cluster -* an AWS account with permissions to create an S3 storage bucket -* AWS [access - keys](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds) - -## Copy and paste quickstart - -You can either run a single Bash script or run each command individually. - -_Note:_ all commands use the current `kubeconfig` context and configuration. - -### Bash script -Run the following to download and install -```shell -curl -sLO "https://raw.githubusercontent.com/upbound/provider-aws/main/docs/quickstart.sh" -chmod +x quickstart.sh -./quickstart.sh -``` - -### Shell commands - -_Note:_ run each command individually or copy to a local to prevent issues -running the commands in the terminal. - -```shell -#!/usr/bin/env bash -set -eE - -read -p "AWS access_key_id: " aws_access_key; read -sp "AWS secret_access_key: " aws_secret_key; export AWS_KEY=$aws_access_key; export AWS_SECRET=$aws_secret_key; printf "\n" - -if ! up --version > /dev/null 2>&1; then printf "Installing up CLI...\n"; curl -sL "https://cli.upbound.io" | sh; sudo mv up /usr/local/bin/; fi - -if ! kubectl -n upbound-system get deployment crossplane > /dev/null 2>&1; then printf "Installing UXP...\n" && up uxp install; fi - -printf "Checking the UXP installation (this only takes a minute)...\n" -kubectl -n upbound-system wait deployment crossplane --for=condition=Available --timeout=180s - - -printf "Installing the provider (this will take a few minutes)...\n" -cat < -EOF -``` - -Verify the provider installed with `kubectl describe providers` and `kubectl get -providers`. This `kubectl describe providers` output is from an installed -provider. -``` -$ kubectl describe provider - -Name: provider-aws -Namespace: -Labels: -Annotations: -API Version: pkg.crossplane.io/v1 -Kind: Provider -# Output truncated -Status: - Conditions: - Last Transition Time: 2022-09-02T20:46:26Z - Reason: HealthyPackageRevision - Status: True - Type: Healthy - Last Transition Time: 2022-09-02T20:46:09Z - Reason: ActivePackageRevision - Status: True - Type: Installed - Current Identifier: xpkg.upbound.io/upbound/provider-aws:latest - Current Revision: provider-aws-ab4a3525fb0b -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Warning InstallPackageRevision 9s (x5 over 14s) packages/provider.pkg.crossplane.io current package revision health is unknown - Normal InstallPackageRevision 5s (x2 over 5s) packages/provider.pkg.crossplane.io Successfully installed package revision -``` - -The `INSTALLED` value should be `True`. It may take up to 5 minutes for -`HEALTHY` to report true. -```shell -$ kubectl get provider -NAME INSTALLED HEALTHY PACKAGE AGE -provider-aws True True xpkg.upbound.io/upbound/provider-aws:latest 5s -``` - -If there are issues downloading and installing the provider the `INSTALLED` -field is empty. - -```shell -$ kubectl get providers -NAME INSTALLED HEALTHY PACKAGE AGE -provider-aws xpkg.upbound.io/upbound/provider-aws:latest 62s -``` - -Use `kubectl describe providers` for more information. - -### Create a Kubernetes secret for AWS -The provider-aws requires credentials to create and manage AWS resources. - -#### Generate an AWS key-pair file -Create a text file containing the AWS account `aws_access_key_id` and -`aws_secret_access_key`. The [AWS -documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds) -provides information on how to generate these keys. - -```ini -[default] -aws_access_key_id = -aws_secret_access_key = -``` - -Save this text file as `aws-credentials.txt`. - -#### Create a Kubernetes secret with AWS credentials -Use `kubectl create secret -n upbound-system` to generate a Kubernetes secret -object inside the Kubernetes cluster. - -```shell -kubectl create secret \ -generic aws-secret \ --n upbound-system \ ---from-file=creds=./aws-credentials.txt -``` - -View the secret with `kubectl describe secret` -```shell -$ kubectl describe secret aws-secret -n upbound-system -Name: aws-secret -Namespace: upbound-system -Labels: -Annotations: - -Type: Opaque - -Data -==== -creds: 114 bytes -``` -_Note:_ the size may be larger if there are extra blank space in your text file. - -### Create a ProviderConfig -Create a `ProviderConfig` Kubernetes configuration file to attach the AWS -credentials to the installed official provider-aws. - -```yaml -cat < -Annotations: crossplane.io/external-name: upbound-bucket-fb8360b455dd9 -API Version: s3.aws.upbound.io/v1beta1 -Kind: Bucket -# Output truncated -Spec: - Deletion Policy: Delete - For Provider: - Region: us-east-1 - Tags: - Crossplane - Kind: bucket.s3.aws.upbound.io - Crossplane - Name: upbound-bucket-fb8360b455dd9 - Crossplane - Providerconfig: default - Provider Config Ref: - Name: default -Status: - At Provider: - Conditions: - Last Transition Time: 2022-07-25T15:55:41Z - Message: connect failed: cannot get terraform setup: cannot get AWS config: cannot get referenced Provider: ProviderConfig.aws.upbound.io "default" not found - Reason: ReconcileError - Status: False - Type: Synced -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Warning CannotConnectToProvider 1s (x3 over 2s) managed/s3.aws.upbound.io/v1beta1, kind=bucket cannot get terraform setup: cannot get AWS config: cannot get referenced Provider: ProviderConfig.aws.upbound.io "default" not found -``` -The output indicates the `Bucket` is using a `ProviderConfig` named `default`. -The applied `ProviderConfig` is `my-config`. - -```shell -$ kubectl get providerconfig -NAME AGE -providerconfig.aws.upbound.io/my-config 114s -``` - -### Delete the managed resource -Remove the managed resource by using `kubectl delete -f` with the same `Bucket` -object file. Verify removal of the bucket with `kubectl get buckets.s3` - -```shell -$ kubectl delete -f bucket.yml -bucket.s3.aws.upbound.io "upbound-bucket-fb8360b455dd9" deleted - -$ kubectl get buckets.s3 -No resources found -``` diff --git a/docs/monolith/index.json b/docs/monolith/index.json deleted file mode 100755 index 1e113e8db9..0000000000 --- a/docs/monolith/index.json +++ /dev/null @@ -1,10 +0,0 @@ -[ - { - "name": "Quickstart", - "location": "Quickstart.md" - }, - { - "name": "Configuration", - "location": "Configuration.md" - } -] \ No newline at end of file