CINXE.COM
AWS Quickstart · Crossplane v1.18
<!doctype html><html lang=en class=color-toggle-hidden color-theme=light><head><meta charset=utf-8><script type="text/javascript"> ;window.NREUM||(NREUM={});NREUM.init={distributed_tracing:{enabled:true},privacy:{cookies_enabled:true},ajax:{deny_list:["bam.nr-data.net"]}}; window.NREUM||(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var o=e[n]={exports:{}};t[n][0].call(o.exports,function(e){var o=t[n][1][e];return r(o||e)},o,o.exports)}return e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<n.length;o++)r(n[o]);return r}({1:[function(t,e,n){function r(t){try{s.console&&console.log(t)}catch(e){}}var o,i=t("ee"),a=t(32),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")!==-1&&(s.nrDev=!0))}catch(c){}s.nrDev&&i.on("internal-error",function(t){r(t.stack)}),s.dev&&i.on("fn-err",function(t,e,n){r(n.stack)}),s.dev&&(r("NR AGENT IN DEVELOPMENT MODE"),r("flags: "+a(s,function(t,e){return t}).join(", ")))},{}],2:[function(t,e,n){function r(t,e,n,r,s){try{l?l-=1:o(s||new UncaughtException(t,e,n),!0)}catch(f){try{i("ierr",[f,c.now(),!0])}catch(d){}}return"function"==typeof u&&u.apply(this,a(arguments))}function UncaughtException(t,e,n){this.message=t||"Uncaught error with no additional information",this.sourceURL=e,this.line=n}function o(t,e){var n=e?null:c.now();i("err",[t,n])}var i=t("handle"),a=t(33),s=t("ee"),c=t("loader"),f=t("gos"),u=window.onerror,d=!1,p="nr@seenError";if(!c.disabled){var l=0;c.features.err=!0,t(1),window.onerror=r;try{throw new Error}catch(h){"stack"in h&&(t(14),t(13),"addEventListener"in window&&t(7),c.xhrWrappable&&t(15),d=!0)}s.on("fn-start",function(t,e,n){d&&(l+=1)}),s.on("fn-err",function(t,e,n){d&&!n[p]&&(f(n,p,function(){return!0}),this.thrown=!0,o(n))}),s.on("fn-end",function(){d&&!this.thrown&&l>0&&(l-=1)}),s.on("internal-error",function(t){i("ierr",[t,c.now(),!0])})}},{}],3:[function(t,e,n){var r=t("loader");r.disabled||(r.features.ins=!0)},{}],4:[function(t,e,n){function r(){U++,L=g.hash,this[u]=y.now()}function o(){U--,g.hash!==L&&i(0,!0);var t=y.now();this[h]=~~this[h]+t-this[u],this[d]=t}function i(t,e){E.emit("newURL",[""+g,e])}function a(t,e){t.on(e,function(){this[e]=y.now()})}var s="-start",c="-end",f="-body",u="fn"+s,d="fn"+c,p="cb"+s,l="cb"+c,h="jsTime",m="fetch",v="addEventListener",w=window,g=w.location,y=t("loader");if(w[v]&&y.xhrWrappable&&!y.disabled){var x=t(11),b=t(12),E=t(9),R=t(7),O=t(14),T=t(8),P=t(15),S=t(10),M=t("ee"),N=M.get("tracer"),C=t(23);t(17),y.features.spa=!0;var L,U=0;M.on(u,r),b.on(p,r),S.on(p,r),M.on(d,o),b.on(l,o),S.on(l,o),M.buffer([u,d,"xhr-resolved"]),R.buffer([u]),O.buffer(["setTimeout"+c,"clearTimeout"+s,u]),P.buffer([u,"new-xhr","send-xhr"+s]),T.buffer([m+s,m+"-done",m+f+s,m+f+c]),E.buffer(["newURL"]),x.buffer([u]),b.buffer(["propagate",p,l,"executor-err","resolve"+s]),N.buffer([u,"no-"+u]),S.buffer(["new-jsonp","cb-start","jsonp-error","jsonp-end"]),a(T,m+s),a(T,m+"-done"),a(S,"new-jsonp"),a(S,"jsonp-end"),a(S,"cb-start"),E.on("pushState-end",i),E.on("replaceState-end",i),w[v]("hashchange",i,C(!0)),w[v]("load",i,C(!0)),w[v]("popstate",function(){i(0,U>1)},C(!0))}},{}],5:[function(t,e,n){function r(){var t=new PerformanceObserver(function(t,e){var n=t.getEntries();s(v,[n])});try{t.observe({entryTypes:["resource"]})}catch(e){}}function o(t){if(s(v,[window.performance.getEntriesByType(w)]),window.performance["c"+p])try{window.performance[h](m,o,!1)}catch(t){}else try{window.performance[h]("webkit"+m,o,!1)}catch(t){}}function i(t){}if(window.performance&&window.performance.timing&&window.performance.getEntriesByType){var a=t("ee"),s=t("handle"),c=t(14),f=t(13),u=t(6),d=t(23),p="learResourceTimings",l="addEventListener",h="removeEventListener",m="resourcetimingbufferfull",v="bstResource",w="resource",g="-start",y="-end",x="fn"+g,b="fn"+y,E="bstTimer",R="pushState",O=t("loader");if(!O.disabled){O.features.stn=!0,t(9),"addEventListener"in window&&t(7);var T=NREUM.o.EV;a.on(x,function(t,e){var n=t[0];n instanceof T&&(this.bstStart=O.now())}),a.on(b,function(t,e){var n=t[0];n instanceof T&&s("bst",[n,e,this.bstStart,O.now()])}),c.on(x,function(t,e,n){this.bstStart=O.now(),this.bstType=n}),c.on(b,function(t,e){s(E,[e,this.bstStart,O.now(),this.bstType])}),f.on(x,function(){this.bstStart=O.now()}),f.on(b,function(t,e){s(E,[e,this.bstStart,O.now(),"requestAnimationFrame"])}),a.on(R+g,function(t){this.time=O.now(),this.startPath=location.pathname+location.hash}),a.on(R+y,function(t){s("bstHist",[location.pathname+location.hash,this.startPath,this.time])}),u()?(s(v,[window.performance.getEntriesByType("resource")]),r()):l in window.performance&&(window.performance["c"+p]?window.performance[l](m,o,d(!1)):window.performance[l]("webkit"+m,o,d(!1))),document[l]("scroll",i,d(!1)),document[l]("keypress",i,d(!1)),document[l]("click",i,d(!1))}}},{}],6:[function(t,e,n){e.exports=function(){return"PerformanceObserver"in window&&"function"==typeof window.PerformanceObserver}},{}],7:[function(t,e,n){function r(t){for(var e=t;e&&!e.hasOwnProperty(u);)e=Object.getPrototypeOf(e);e&&o(e)}function o(t){s.inPlace(t,[u,d],"-",i)}function i(t,e){return t[1]}var a=t("ee").get("events"),s=t("wrap-function")(a,!0),c=t("gos"),f=XMLHttpRequest,u="addEventListener",d="removeEventListener";e.exports=a,"getPrototypeOf"in Object?(r(document),r(window),r(f.prototype)):f.prototype.hasOwnProperty(u)&&(o(window),o(f.prototype)),a.on(u+"-start",function(t,e){var n=t[1];if(null!==n&&("function"==typeof n||"object"==typeof n)){var r=c(n,"nr@wrapped",function(){function t(){if("function"==typeof n.handleEvent)return n.handleEvent.apply(n,arguments)}var e={object:t,"function":n}[typeof n];return e?s(e,"fn-",null,e.name||"anonymous"):n});this.wrapped=t[1]=r}}),a.on(d+"-start",function(t){t[1]=this.wrapped||t[1]})},{}],8:[function(t,e,n){function r(t,e,n){var r=t[e];"function"==typeof r&&(t[e]=function(){var t=i(arguments),e={};o.emit(n+"before-start",[t],e);var a;e[m]&&e[m].dt&&(a=e[m].dt);var s=r.apply(this,t);return o.emit(n+"start",[t,a],s),s.then(function(t){return o.emit(n+"end",[null,t],s),t},function(t){throw o.emit(n+"end",[t],s),t})})}var o=t("ee").get("fetch"),i=t(33),a=t(32);e.exports=o;var s=window,c="fetch-",f=c+"body-",u=["arrayBuffer","blob","json","text","formData"],d=s.Request,p=s.Response,l=s.fetch,h="prototype",m="nr@context";d&&p&&l&&(a(u,function(t,e){r(d[h],e,f),r(p[h],e,f)}),r(s,"fetch",c),o.on(c+"end",function(t,e){var n=this;if(e){var r=e.headers.get("content-length");null!==r&&(n.rxSize=r),o.emit(c+"done",[null,e],n)}else o.emit(c+"done",[t],n)}))},{}],9:[function(t,e,n){var r=t("ee").get("history"),o=t("wrap-function")(r);e.exports=r;var i=window.history&&window.history.constructor&&window.history.constructor.prototype,a=window.history;i&&i.pushState&&i.replaceState&&(a=i),o.inPlace(a,["pushState","replaceState"],"-")},{}],10:[function(t,e,n){function r(t){function e(){f.emit("jsonp-end",[],l),t.removeEventListener("load",e,c(!1)),t.removeEventListener("error",n,c(!1))}function n(){f.emit("jsonp-error",[],l),f.emit("jsonp-end",[],l),t.removeEventListener("load",e,c(!1)),t.removeEventListener("error",n,c(!1))}var r=t&&"string"==typeof t.nodeName&&"script"===t.nodeName.toLowerCase();if(r){var o="function"==typeof t.addEventListener;if(o){var a=i(t.src);if(a){var d=s(a),p="function"==typeof d.parent[d.key];if(p){var l={};u.inPlace(d.parent,[d.key],"cb-",l),t.addEventListener("load",e,c(!1)),t.addEventListener("error",n,c(!1)),f.emit("new-jsonp",[t.src],l)}}}}}function o(){return"addEventListener"in window}function i(t){var e=t.match(d);return e?e[1]:null}function a(t,e){var n=t.match(l),r=n[1],o=n[3];return o?a(o,e[r]):e[r]}function s(t){var e=t.match(p);return e&&e.length>=3?{key:e[2],parent:a(e[1],window)}:{key:t,parent:window}}var c=t(23),f=t("ee").get("jsonp"),u=t("wrap-function")(f);if(e.exports=f,o()){var d=/[?&](?:callback|cb)=([^&#]+)/,p=/(.*)\.([^.]+)/,l=/^(\w+)(\.|$)(.*)$/,h=["appendChild","insertBefore","replaceChild"];Node&&Node.prototype&&Node.prototype.appendChild?u.inPlace(Node.prototype,h,"dom-"):(u.inPlace(HTMLElement.prototype,h,"dom-"),u.inPlace(HTMLHeadElement.prototype,h,"dom-"),u.inPlace(HTMLBodyElement.prototype,h,"dom-")),f.on("dom-start",function(t){r(t[0])})}},{}],11:[function(t,e,n){var r=t("ee").get("mutation"),o=t("wrap-function")(r),i=NREUM.o.MO;e.exports=r,i&&(window.MutationObserver=function(t){return this instanceof i?new i(o(t,"fn-")):i.apply(this,arguments)},MutationObserver.prototype=i.prototype)},{}],12:[function(t,e,n){function r(t){var e=i.context(),n=s(t,"executor-",e,null,!1),r=new f(n);return i.context(r).getCtx=function(){return e},r}var o=t("wrap-function"),i=t("ee").get("promise"),a=t("ee").getOrSetContext,s=o(i),c=t(32),f=NREUM.o.PR;e.exports=i,f&&(window.Promise=r,["all","race"].forEach(function(t){var e=f[t];f[t]=function(n){function r(t){return function(){i.emit("propagate",[null,!o],a,!1,!1),o=o||!t}}var o=!1;c(n,function(e,n){Promise.resolve(n).then(r("all"===t),r(!1))});var a=e.apply(f,arguments),s=f.resolve(a);return s}}),["resolve","reject"].forEach(function(t){var e=f[t];f[t]=function(t){var n=e.apply(f,arguments);return t!==n&&i.emit("propagate",[t,!0],n,!1,!1),n}}),f.prototype["catch"]=function(t){return this.then(null,t)},f.prototype=Object.create(f.prototype,{constructor:{value:r}}),c(Object.getOwnPropertyNames(f),function(t,e){try{r[e]=f[e]}catch(n){}}),o.wrapInPlace(f.prototype,"then",function(t){return function(){var e=this,n=o.argsToArray.apply(this,arguments),r=a(e);r.promise=e,n[0]=s(n[0],"cb-",r,null,!1),n[1]=s(n[1],"cb-",r,null,!1);var c=t.apply(this,n);return r.nextPromise=c,i.emit("propagate",[e,!0],c,!1,!1),c}}),i.on("executor-start",function(t){t[0]=s(t[0],"resolve-",this,null,!1),t[1]=s(t[1],"resolve-",this,null,!1)}),i.on("executor-err",function(t,e,n){t[1](n)}),i.on("cb-end",function(t,e,n){i.emit("propagate",[n,!0],this.nextPromise,!1,!1)}),i.on("propagate",function(t,e,n){this.getCtx&&!e||(this.getCtx=function(){if(t instanceof Promise)var e=i.context(t);return e&&e.getCtx?e.getCtx():this})}),r.toString=function(){return""+f})},{}],13:[function(t,e,n){var r=t("ee").get("raf"),o=t("wrap-function")(r),i="equestAnimationFrame";e.exports=r,o.inPlace(window,["r"+i,"mozR"+i,"webkitR"+i,"msR"+i],"raf-"),r.on("raf-start",function(t){t[0]=o(t[0],"fn-")})},{}],14:[function(t,e,n){function r(t,e,n){t[0]=a(t[0],"fn-",null,n)}function o(t,e,n){this.method=n,this.timerDuration=isNaN(t[1])?0:+t[1],t[0]=a(t[0],"fn-",this,n)}var i=t("ee").get("timer"),a=t("wrap-function")(i),s="setTimeout",c="setInterval",f="clearTimeout",u="-start",d="-";e.exports=i,a.inPlace(window,[s,"setImmediate"],s+d),a.inPlace(window,[c],c+d),a.inPlace(window,[f,"clearImmediate"],f+d),i.on(c+u,r),i.on(s+u,o)},{}],15:[function(t,e,n){function r(t,e){d.inPlace(e,["onreadystatechange"],"fn-",s)}function o(){var t=this,e=u.context(t);t.readyState>3&&!e.resolved&&(e.resolved=!0,u.emit("xhr-resolved",[],t)),d.inPlace(t,y,"fn-",s)}function i(t){x.push(t),m&&(E?E.then(a):w?w(a):(R=-R,O.data=R))}function a(){for(var t=0;t<x.length;t++)r([],x[t]);x.length&&(x=[])}function s(t,e){return e}function c(t,e){for(var n in t)e[n]=t[n];return e}t(7);var f=t("ee"),u=f.get("xhr"),d=t("wrap-function")(u),p=t(23),l=NREUM.o,h=l.XHR,m=l.MO,v=l.PR,w=l.SI,g="readystatechange",y=["onload","onerror","onabort","onloadstart","onloadend","onprogress","ontimeout"],x=[];e.exports=u;var b=window.XMLHttpRequest=function(t){var e=new h(t);try{u.emit("new-xhr",[e],e),e.addEventListener(g,o,p(!1))}catch(n){try{u.emit("internal-error",[n])}catch(r){}}return e};if(c(h,b),b.prototype=h.prototype,d.inPlace(b.prototype,["open","send"],"-xhr-",s),u.on("send-xhr-start",function(t,e){r(t,e),i(e)}),u.on("open-xhr-start",r),m){var E=v&&v.resolve();if(!w&&!v){var R=1,O=document.createTextNode(R);new m(a).observe(O,{characterData:!0})}}else f.on("fn-end",function(t){t[0]&&t[0].type===g||a()})},{}],16:[function(t,e,n){function r(t){if(!s(t))return null;var e=window.NREUM;if(!e.loader_config)return null;var n=(e.loader_config.accountID||"").toString()||null,r=(e.loader_config.agentID||"").toString()||null,f=(e.loader_config.trustKey||"").toString()||null;if(!n||!r)return null;var h=l.generateSpanId(),m=l.generateTraceId(),v=Date.now(),w={spanId:h,traceId:m,timestamp:v};return(t.sameOrigin||c(t)&&p())&&(w.traceContextParentHeader=o(h,m),w.traceContextStateHeader=i(h,v,n,r,f)),(t.sameOrigin&&!u()||!t.sameOrigin&&c(t)&&d())&&(w.newrelicHeader=a(h,m,v,n,r,f)),w}function o(t,e){return"00-"+e+"-"+t+"-01"}function i(t,e,n,r,o){var i=0,a="",s=1,c="",f="";return o+"@nr="+i+"-"+s+"-"+n+"-"+r+"-"+t+"-"+a+"-"+c+"-"+f+"-"+e}function a(t,e,n,r,o,i){var a="btoa"in window&&"function"==typeof window.btoa;if(!a)return null;var s={v:[0,1],d:{ty:"Browser",ac:r,ap:o,id:t,tr:e,ti:n}};return i&&r!==i&&(s.d.tk=i),btoa(JSON.stringify(s))}function s(t){return f()&&c(t)}function c(t){var e=!1,n={};if("init"in NREUM&&"distributed_tracing"in NREUM.init&&(n=NREUM.init.distributed_tracing),t.sameOrigin)e=!0;else if(n.allowed_origins instanceof Array)for(var r=0;r<n.allowed_origins.length;r++){var o=h(n.allowed_origins[r]);if(t.hostname===o.hostname&&t.protocol===o.protocol&&t.port===o.port){e=!0;break}}return e}function f(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&!!NREUM.init.distributed_tracing.enabled}function u(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&!!NREUM.init.distributed_tracing.exclude_newrelic_header}function d(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&NREUM.init.distributed_tracing.cors_use_newrelic_header!==!1}function p(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&!!NREUM.init.distributed_tracing.cors_use_tracecontext_headers}var l=t(29),h=t(18);e.exports={generateTracePayload:r,shouldGenerateTrace:s}},{}],17:[function(t,e,n){function r(t){var e=this.params,n=this.metrics;if(!this.ended){this.ended=!0;for(var r=0;r<p;r++)t.removeEventListener(d[r],this.listener,!1);e.aborted||(n.duration=a.now()-this.startTime,this.loadCaptureCalled||4!==t.readyState?null==e.status&&(e.status=0):i(this,t),n.cbTime=this.cbTime,s("xhr",[e,n,this.startTime,this.endTime,"xhr"],this))}}function o(t,e){var n=c(e),r=t.params;r.hostname=n.hostname,r.port=n.port,r.protocol=n.protocol,r.host=n.hostname+":"+n.port,r.pathname=n.pathname,t.parsedOrigin=n,t.sameOrigin=n.sameOrigin}function i(t,e){t.params.status=e.status;var n=v(e,t.lastSize);if(n&&(t.metrics.rxSize=n),t.sameOrigin){var r=e.getResponseHeader("X-NewRelic-App-Data");r&&(t.params.cat=r.split(", ").pop())}t.loadCaptureCalled=!0}var a=t("loader");if(a.xhrWrappable&&!a.disabled){var s=t("handle"),c=t(18),f=t(16).generateTracePayload,u=t("ee"),d=["load","error","abort","timeout"],p=d.length,l=t("id"),h=t(24),m=t(22),v=t(19),w=t(23),g=NREUM.o.REQ,y=window.XMLHttpRequest;a.features.xhr=!0,t(15),t(8),u.on("new-xhr",function(t){var e=this;e.totalCbs=0,e.called=0,e.cbTime=0,e.end=r,e.ended=!1,e.xhrGuids={},e.lastSize=null,e.loadCaptureCalled=!1,e.params=this.params||{},e.metrics=this.metrics||{},t.addEventListener("load",function(n){i(e,t)},w(!1)),h&&(h>34||h<10)||t.addEventListener("progress",function(t){e.lastSize=t.loaded},w(!1))}),u.on("open-xhr-start",function(t){this.params={method:t[0]},o(this,t[1]),this.metrics={}}),u.on("open-xhr-end",function(t,e){"loader_config"in NREUM&&"xpid"in NREUM.loader_config&&this.sameOrigin&&e.setRequestHeader("X-NewRelic-ID",NREUM.loader_config.xpid);var n=f(this.parsedOrigin);if(n){var r=!1;n.newrelicHeader&&(e.setRequestHeader("newrelic",n.newrelicHeader),r=!0),n.traceContextParentHeader&&(e.setRequestHeader("traceparent",n.traceContextParentHeader),n.traceContextStateHeader&&e.setRequestHeader("tracestate",n.traceContextStateHeader),r=!0),r&&(this.dt=n)}}),u.on("send-xhr-start",function(t,e){var n=this.metrics,r=t[0],o=this;if(n&&r){var i=m(r);i&&(n.txSize=i)}this.startTime=a.now(),this.listener=function(t){try{"abort"!==t.type||o.loadCaptureCalled||(o.params.aborted=!0),("load"!==t.type||o.called===o.totalCbs&&(o.onloadCalled||"function"!=typeof e.onload))&&o.end(e)}catch(n){try{u.emit("internal-error",[n])}catch(r){}}};for(var s=0;s<p;s++)e.addEventListener(d[s],this.listener,w(!1))}),u.on("xhr-cb-time",function(t,e,n){this.cbTime+=t,e?this.onloadCalled=!0:this.called+=1,this.called!==this.totalCbs||!this.onloadCalled&&"function"==typeof n.onload||this.end(n)}),u.on("xhr-load-added",function(t,e){var n=""+l(t)+!!e;this.xhrGuids&&!this.xhrGuids[n]&&(this.xhrGuids[n]=!0,this.totalCbs+=1)}),u.on("xhr-load-removed",function(t,e){var n=""+l(t)+!!e;this.xhrGuids&&this.xhrGuids[n]&&(delete this.xhrGuids[n],this.totalCbs-=1)}),u.on("xhr-resolved",function(){this.endTime=a.now()}),u.on("addEventListener-end",function(t,e){e instanceof y&&"load"===t[0]&&u.emit("xhr-load-added",[t[1],t[2]],e)}),u.on("removeEventListener-end",function(t,e){e instanceof y&&"load"===t[0]&&u.emit("xhr-load-removed",[t[1],t[2]],e)}),u.on("fn-start",function(t,e,n){e instanceof y&&("onload"===n&&(this.onload=!0),("load"===(t[0]&&t[0].type)||this.onload)&&(this.xhrCbStart=a.now()))}),u.on("fn-end",function(t,e){this.xhrCbStart&&u.emit("xhr-cb-time",[a.now()-this.xhrCbStart,this.onload,e],e)}),u.on("fetch-before-start",function(t){function e(t,e){var n=!1;return e.newrelicHeader&&(t.set("newrelic",e.newrelicHeader),n=!0),e.traceContextParentHeader&&(t.set("traceparent",e.traceContextParentHeader),e.traceContextStateHeader&&t.set("tracestate",e.traceContextStateHeader),n=!0),n}var n,r=t[1]||{};"string"==typeof t[0]?n=t[0]:t[0]&&t[0].url?n=t[0].url:window.URL&&t[0]&&t[0]instanceof URL&&(n=t[0].href),n&&(this.parsedOrigin=c(n),this.sameOrigin=this.parsedOrigin.sameOrigin);var o=f(this.parsedOrigin);if(o&&(o.newrelicHeader||o.traceContextParentHeader))if("string"==typeof t[0]||window.URL&&t[0]&&t[0]instanceof URL){var i={};for(var a in r)i[a]=r[a];i.headers=new Headers(r.headers||{}),e(i.headers,o)&&(this.dt=o),t.length>1?t[1]=i:t.push(i)}else t[0]&&t[0].headers&&e(t[0].headers,o)&&(this.dt=o)}),u.on("fetch-start",function(t,e){this.params={},this.metrics={},this.startTime=a.now(),this.dt=e,t.length>=1&&(this.target=t[0]),t.length>=2&&(this.opts=t[1]);var n,r=this.opts||{},i=this.target;"string"==typeof i?n=i:"object"==typeof i&&i instanceof g?n=i.url:window.URL&&"object"==typeof i&&i instanceof URL&&(n=i.href),o(this,n);var s=(""+(i&&i instanceof g&&i.method||r.method||"GET")).toUpperCase();this.params.method=s,this.txSize=m(r.body)||0}),u.on("fetch-done",function(t,e){this.endTime=a.now(),this.params||(this.params={}),this.params.status=e?e.status:0;var n;"string"==typeof this.rxSize&&this.rxSize.length>0&&(n=+this.rxSize);var r={txSize:this.txSize,rxSize:n,duration:a.now()-this.startTime};s("xhr",[this.params,r,this.startTime,this.endTime,"fetch"],this)})}},{}],18:[function(t,e,n){var r={};e.exports=function(t){if(t in r)return r[t];var e=document.createElement("a"),n=window.location,o={};e.href=t,o.port=e.port;var i=e.href.split("://");!o.port&&i[1]&&(o.port=i[1].split("/")[0].split("@").pop().split(":")[1]),o.port&&"0"!==o.port||(o.port="https"===i[0]?"443":"80"),o.hostname=e.hostname||n.hostname,o.pathname=e.pathname,o.protocol=i[0],"/"!==o.pathname.charAt(0)&&(o.pathname="/"+o.pathname);var a=!e.protocol||":"===e.protocol||e.protocol===n.protocol,s=e.hostname===document.domain&&e.port===n.port;return o.sameOrigin=a&&(!e.hostname||s),"/"===o.pathname&&(r[t]=o),o}},{}],19:[function(t,e,n){function r(t,e){var n=t.responseType;return"json"===n&&null!==e?e:"arraybuffer"===n||"blob"===n||"json"===n?o(t.response):"text"===n||""===n||void 0===n?o(t.responseText):void 0}var o=t(22);e.exports=r},{}],20:[function(t,e,n){function r(){}function o(t,e,n,r){return function(){return u.recordSupportability("API/"+e+"/called"),i(t+e,[f.now()].concat(s(arguments)),n?null:this,r),n?void 0:this}}var i=t("handle"),a=t(32),s=t(33),c=t("ee").get("tracer"),f=t("loader"),u=t(25),d=NREUM;"undefined"==typeof window.newrelic&&(newrelic=d);var p=["setPageViewName","setCustomAttribute","setErrorHandler","finished","addToTrace","inlineHit","addRelease"],l="api-",h=l+"ixn-";a(p,function(t,e){d[e]=o(l,e,!0,"api")}),d.addPageAction=o(l,"addPageAction",!0),d.setCurrentRouteName=o(l,"routeName",!0),e.exports=newrelic,d.interaction=function(){return(new r).get()};var m=r.prototype={createTracer:function(t,e){var n={},r=this,o="function"==typeof e;return i(h+"tracer",[f.now(),t,n],r),function(){if(c.emit((o?"":"no-")+"fn-start",[f.now(),r,o],n),o)try{return e.apply(this,arguments)}catch(t){throw c.emit("fn-err",[arguments,this,t],n),t}finally{c.emit("fn-end",[f.now()],n)}}}};a("actionText,setName,setAttribute,save,ignore,onEnd,getContext,end,get".split(","),function(t,e){m[e]=o(h,e)}),newrelic.noticeError=function(t,e){"string"==typeof t&&(t=new Error(t)),u.recordSupportability("API/noticeError/called"),i("err",[t,f.now(),!1,e])}},{}],21:[function(t,e,n){function r(t){if(NREUM.init){for(var e=NREUM.init,n=t.split("."),r=0;r<n.length-1;r++)if(e=e[n[r]],"object"!=typeof e)return;return e=e[n[n.length-1]]}}e.exports={getConfiguration:r}},{}],22:[function(t,e,n){e.exports=function(t){if("string"==typeof t&&t.length)return t.length;if("object"==typeof t){if("undefined"!=typeof ArrayBuffer&&t instanceof ArrayBuffer&&t.byteLength)return t.byteLength;if("undefined"!=typeof Blob&&t instanceof Blob&&t.size)return t.size;if(!("undefined"!=typeof FormData&&t instanceof FormData))try{return JSON.stringify(t).length}catch(e){return}}}},{}],23:[function(t,e,n){var r=!1;try{var o=Object.defineProperty({},"passive",{get:function(){r=!0}});window.addEventListener("testPassive",null,o),window.removeEventListener("testPassive",null,o)}catch(i){}e.exports=function(t){return r?{passive:!0,capture:!!t}:!!t}},{}],24:[function(t,e,n){var r=0,o=navigator.userAgent.match(/Firefox[\/\s](\d+\.\d+)/);o&&(r=+o[1]),e.exports=r},{}],25:[function(t,e,n){function r(t,e){var n=[a,t,{name:t},e];return i("storeMetric",n,null,"api"),n}function o(t,e){var n=[s,t,{name:t},e];return i("storeEventMetrics",n,null,"api"),n}var i=t("handle"),a="sm",s="cm";e.exports={constants:{SUPPORTABILITY_METRIC:a,CUSTOM_METRIC:s},recordSupportability:r,recordCustom:o}},{}],26:[function(t,e,n){function r(){return s.exists&&performance.now?Math.round(performance.now()):(i=Math.max((new Date).getTime(),i))-a}function o(){return i}var i=(new Date).getTime(),a=i,s=t(34);e.exports=r,e.exports.offset=a,e.exports.getLastTimestamp=o},{}],27:[function(t,e,n){function r(t){return!(!t||!t.protocol||"file:"===t.protocol)}e.exports=r},{}],28:[function(t,e,n){function r(t,e){var n=t.getEntries();n.forEach(function(t){"first-paint"===t.name?p("timing",["fp",Math.floor(t.startTime)]):"first-contentful-paint"===t.name&&p("timing",["fcp",Math.floor(t.startTime)])})}function o(t,e){var n=t.getEntries();if(n.length>0){var r=n[n.length-1];if(c&&c<r.startTime)return;p("lcp",[r])}}function i(t){t.getEntries().forEach(function(t){t.hadRecentInput||p("cls",[t])})}function a(t){if(t instanceof v&&!g){var e=Math.round(t.timeStamp),n={type:t.type};e<=l.now()?n.fid=l.now()-e:e>l.offset&&e<=Date.now()?(e-=l.offset,n.fid=l.now()-e):e=l.now(),g=!0,p("timing",["fi",e,n])}}function s(t){"hidden"===t&&(c=l.now(),p("pageHide",[c]))}if(!("init"in NREUM&&"page_view_timing"in NREUM.init&&"enabled"in NREUM.init.page_view_timing&&NREUM.init.page_view_timing.enabled===!1)){var c,f,u,d,p=t("handle"),l=t("loader"),h=t(31),m=t(23),v=NREUM.o.EV;if("PerformanceObserver"in window&&"function"==typeof window.PerformanceObserver){f=new PerformanceObserver(r);try{f.observe({entryTypes:["paint"]})}catch(w){}u=new PerformanceObserver(o);try{u.observe({entryTypes:["largest-contentful-paint"]})}catch(w){}d=new PerformanceObserver(i);try{d.observe({type:"layout-shift",buffered:!0})}catch(w){}}if("addEventListener"in document){var g=!1,y=["click","keydown","mousedown","pointerdown","touchstart"];y.forEach(function(t){document.addEventListener(t,a,m(!1))})}h(s)}},{}],29:[function(t,e,n){function r(){function t(){return e?15&e[n++]:16*Math.random()|0}var e=null,n=0,r=window.crypto||window.msCrypto;r&&r.getRandomValues&&(e=r.getRandomValues(new Uint8Array(31)));for(var o,i="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",a="",s=0;s<i.length;s++)o=i[s],"x"===o?a+=t().toString(16):"y"===o?(o=3&t()|8,a+=o.toString(16)):a+=o;return a}function o(){return a(16)}function i(){return a(32)}function a(t){function e(){return n?15&n[r++]:16*Math.random()|0}var n=null,r=0,o=window.crypto||window.msCrypto;o&&o.getRandomValues&&Uint8Array&&(n=o.getRandomValues(new Uint8Array(31)));for(var i=[],a=0;a<t;a++)i.push(e().toString(16));return i.join("")}e.exports={generateUuid:r,generateSpanId:o,generateTraceId:i}},{}],30:[function(t,e,n){function r(t,e){if(!o)return!1;if(t!==o)return!1;if(!e)return!0;if(!i)return!1;for(var n=i.split("."),r=e.split("."),a=0;a<r.length;a++)if(r[a]!==n[a])return!1;return!0}var o=null,i=null,a=/Version\/(\S+)\s+Safari/;if(navigator.userAgent){var s=navigator.userAgent,c=s.match(a);c&&s.indexOf("Chrome")===-1&&s.indexOf("Chromium")===-1&&(o="Safari",i=c[1])}e.exports={agent:o,version:i,match:r}},{}],31:[function(t,e,n){function r(t){function e(){t(s&&document[s]?document[s]:document[i]?"hidden":"visible")}"addEventListener"in document&&a&&document.addEventListener(a,e,o(!1))}var o=t(23);e.exports=r;var i,a,s;"undefined"!=typeof document.hidden?(i="hidden",a="visibilitychange",s="visibilityState"):"undefined"!=typeof document.msHidden?(i="msHidden",a="msvisibilitychange"):"undefined"!=typeof document.webkitHidden&&(i="webkitHidden",a="webkitvisibilitychange",s="webkitVisibilityState")},{}],32:[function(t,e,n){function r(t,e){var n=[],r="",i=0;for(r in t)o.call(t,r)&&(n[i]=e(r,t[r]),i+=1);return n}var o=Object.prototype.hasOwnProperty;e.exports=r},{}],33:[function(t,e,n){function r(t,e,n){e||(e=0),"undefined"==typeof n&&(n=t?t.length:0);for(var r=-1,o=n-e||0,i=Array(o<0?0:o);++r<o;)i[r]=t[e+r];return i}e.exports=r},{}],34:[function(t,e,n){e.exports={exists:"undefined"!=typeof window.performance&&window.performance.timing&&"undefined"!=typeof window.performance.timing.navigationStart}},{}],ee:[function(t,e,n){function r(){}function o(t){function e(t){return t&&t instanceof r?t:t?f(t,c,a):a()}function n(n,r,o,i,a){if(a!==!1&&(a=!0),!l.aborted||i){t&&a&&t(n,r,o);for(var s=e(o),c=m(n),f=c.length,u=0;u<f;u++)c[u].apply(s,r);var p=d[y[n]];return p&&p.push([x,n,r,s]),s}}function i(t,e){g[t]=m(t).concat(e)}function h(t,e){var n=g[t];if(n)for(var r=0;r<n.length;r++)n[r]===e&&n.splice(r,1)}function m(t){return g[t]||[]}function v(t){return p[t]=p[t]||o(n)}function w(t,e){l.aborted||u(t,function(t,n){e=e||"feature",y[n]=e,e in d||(d[e]=[])})}var g={},y={},x={on:i,addEventListener:i,removeEventListener:h,emit:n,get:v,listeners:m,context:e,buffer:w,abort:s,aborted:!1};return x}function i(t){return f(t,c,a)}function a(){return new r}function s(){(d.api||d.feature)&&(l.aborted=!0,d=l.backlog={})}var c="nr@context",f=t("gos"),u=t(32),d={},p={},l=e.exports=o();e.exports.getOrSetContext=i,l.backlog=d},{}],gos:[function(t,e,n){function r(t,e,n){if(o.call(t,e))return t[e];var r=n();if(Object.defineProperty&&Object.keys)try{return Object.defineProperty(t,e,{value:r,writable:!0,enumerable:!1}),r}catch(i){}return t[e]=r,r}var o=Object.prototype.hasOwnProperty;e.exports=r},{}],handle:[function(t,e,n){function r(t,e,n,r){o.buffer([t],r),o.emit(t,e,n)}var o=t("ee").get("handle");e.exports=r,r.ee=o},{}],id:[function(t,e,n){function r(t){var e=typeof t;return!t||"object"!==e&&"function"!==e?-1:t===window?0:a(t,i,function(){return o++})}var o=1,i="nr@id",a=t("gos");e.exports=r},{}],loader:[function(t,e,n){function r(){if(!P++){var t=T.info=NREUM.info,e=v.getElementsByTagName("script")[0];if(setTimeout(f.abort,3e4),!(t&&t.licenseKey&&t.applicationID&&e))return f.abort();c(R,function(e,n){t[e]||(t[e]=n)});var n=a();s("mark",["onload",n+T.offset],null,"api"),s("timing",["load",n]);var r=v.createElement("script");0===t.agent.indexOf("http://")||0===t.agent.indexOf("https://")?r.src=t.agent:r.src=h+"://"+t.agent,e.parentNode.insertBefore(r,e)}}function o(){"complete"===v.readyState&&i()}function i(){s("mark",["domContent",a()+T.offset],null,"api")}var a=t(26),s=t("handle"),c=t(32),f=t("ee"),u=t(30),d=t(27),p=t(21),l=t(23),h=p.getConfiguration("ssl")===!1?"http":"https",m=window,v=m.document,w="addEventListener",g="attachEvent",y=m.XMLHttpRequest,x=y&&y.prototype,b=!d(m.location);NREUM.o={ST:setTimeout,SI:m.setImmediate,CT:clearTimeout,XHR:y,REQ:m.Request,EV:m.Event,PR:m.Promise,MO:m.MutationObserver};var E=""+location,R={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",agent:"js-agent.newrelic.com/nr-spa-1212.min.js"},O=y&&x&&x[w]&&!/CriOS/.test(navigator.userAgent),T=e.exports={offset:a.getLastTimestamp(),now:a,origin:E,features:{},xhrWrappable:O,userAgent:u,disabled:b};if(!b){t(20),t(28),v[w]?(v[w]("DOMContentLoaded",i,l(!1)),m[w]("load",r,l(!1))):(v[g]("onreadystatechange",o),m[g]("onload",r)),s("mark",["firstbyte",a.getLastTimestamp()],null,"api");var P=0}},{}],"wrap-function":[function(t,e,n){function r(t,e){function n(e,n,r,c,f){function nrWrapper(){var i,a,u,p;try{a=this,i=d(arguments),u="function"==typeof r?r(i,a):r||{}}catch(l){o([l,"",[i,a,c],u],t)}s(n+"start",[i,a,c],u,f);try{return p=e.apply(a,i)}catch(h){throw s(n+"err",[i,a,h],u,f),h}finally{s(n+"end",[i,a,p],u,f)}}return a(e)?e:(n||(n=""),nrWrapper[p]=e,i(e,nrWrapper,t),nrWrapper)}function r(t,e,r,o,i){r||(r="");var s,c,f,u="-"===r.charAt(0);for(f=0;f<e.length;f++)c=e[f],s=t[c],a(s)||(t[c]=n(s,u?c+r:r,o,c,i))}function s(n,r,i,a){if(!h||e){var s=h;h=!0;try{t.emit(n,r,i,e,a)}catch(c){o([c,n,r,i],t)}h=s}}return t||(t=u),n.inPlace=r,n.flag=p,n}function o(t,e){e||(e=u);try{e.emit("internal-error",t)}catch(n){}}function i(t,e,n){if(Object.defineProperty&&Object.keys)try{var r=Object.keys(t);return r.forEach(function(n){Object.defineProperty(e,n,{get:function(){return t[n]},set:function(e){return t[n]=e,e}})}),e}catch(i){o([i],n)}for(var a in t)l.call(t,a)&&(e[a]=t[a]);return e}function a(t){return!(t&&t instanceof Function&&t.apply&&!t[p])}function s(t,e){var n=e(t);return n[p]=t,i(t,n,u),n}function c(t,e,n){var r=t[e];t[e]=s(r,n)}function f(){for(var t=arguments.length,e=new Array(t),n=0;n<t;++n)e[n]=arguments[n];return e}var u=t("ee"),d=t(33),p="nr@original",l=Object.prototype.hasOwnProperty,h=!1;e.exports=r,e.exports.wrapFunction=s,e.exports.wrapInPlace=c,e.exports.argsToArray=f},{}]},{},["loader",2,17,5,3,4]); ;NREUM.loader_config={accountID:"3768898",trustKey:"3768898",agentID:"1134285132",licenseKey:"NRJS-2bc9f9fb1efc463f27c",applicationID:"1134285132"} ;NREUM.info={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net",licenseKey:"NRJS-2bc9f9fb1efc463f27c",applicationID:"1134285132",sa:1} newrelic.addRelease("", "Remove-ControllerConfig-r-production-4dd74f6-17d951-17d94f"); </script><meta name=viewport content="width=device-width,initial-scale=1"><meta name=author content="Crossplane Community"><meta name=color-scheme content="light dark"><meta name=docsearch:language content="en"><meta name=generator content="Hugo 0.119.0"><link rel=preload href=/fonts/Avenir-Roman.woff2 as=font type=font/woff2 crossorigin><meta property="og:image" content="/img/crossplane-logo-og.webp"><meta property="twitter:card" content="/img/crossplane-logo-og.webp"><meta property="og:image:width" content="600"><meta property="og:image:height" content="199"><meta property="og:image:alt" content="Crossplane name and popsicle logo"><meta property="twitter:image:alt" content="Crossplane name and popsicle logo"><meta property="og:type" content="website"><meta name=twitter:site content="@crossplane_io"><meta property="og:site_name" content="Crossplane Documentation"><meta name=description content="Crossplane lets you build a control plane with Kubernetes-style declarative and API-driven configuration and management for anything."><meta property="og:url" content="https://docs.crossplane.io/latest/getting-started/provider-aws/"><meta name=docsearch:modified content="January 1, 1"><title>AWS Quickstart · Crossplane v1.18</title><link rel=canonical href=https://docs.crossplane.io/latest/getting-started/provider-aws/><script>(()=>{var e=window.matchMedia("(prefers-color-scheme: dark)").matches,t=localStorage.getItem("darkSwitch")!==null&&localStorage.getItem("darkSwitch")==="dark",n=localStorage.getItem("darkSwitch")!==null&&localStorage.getItem("darkSwitch")==="light";n&&(e=!1),t||e?document.documentElement.setAttribute("color-theme","dark"):document.documentElement.setAttribute("color-theme","light")})()</script><link rel=stylesheet href=https://cdn.jsdelivr.net/npm/@docsearch/css@3 media=print onload='this.media="all"'><link rel=preconnect href=https://9UXKYX61NK-dsn.algolia.net crossorigin data-proofer-ignore><link href="https://docs.crossplane.io/scss/docs.0346bfd4a8aeace526724de64ddada78a0e5122b3b0c83b1021770d6ddef1160.css" rel=stylesheet><link rel=apple-touch-icon sizes=180x180 href=/apple-touch-icon.png><link rel=icon type=image/png sizes=32x32 href=/favicon-32x32.png><link rel=icon type=image/png sizes=192x192 href=/android-chrome-192x192.png><link rel=icon type=image/png sizes=16x16 href=/favicon-16x16.png><link rel=manifest href=/site.webmanifest><link rel=mask-icon href=/safari-pinned-tab.svg color=#f87c44><meta name=apple-mobile-web-app-title content="Crossplane Docs"><meta name=application-name content="Crossplane Docs"><meta name=msapplication-TileColor content="#333f5b"><meta name=theme-color content="#ffffff"><meta property="og:title" content="Crossplane Docs · v1.18 · AWS Quickstart"><meta property="og:description" content="Connect Crossplane to AWS to create and manage cloud resources from Kubernetes with the Upbound AWS Provider. This guide is in two parts: Part 1 walks through installing Crossplane, configuring the …"></head><body><svg xmlns="http://www.w3.org/2000/svg" style="display:none"><symbol id="check2" viewBox="0 0 16 16"><path d="M13.854 3.646a.5.5.0 010 .708l-7 7a.5.5.0 01-.708.0l-3.5-3.5a.5.5.0 11.708-.708L6.5 10.293l6.646-6.647a.5.5.0 01.708.0z"/></symbol><symbol id="x" viewBox="0 0 16 16"><path d="M2.146 2.854a.5.5.0 11.708-.708L8 7.293l5.146-5.147a.5.5.0 01.708.708L8.707 8l5.147 5.146a.5.5.0 01-.708.708L8 8.707l-5.146 5.147a.5.5.0 01-.708-.708L7.293 8 2.146 2.854z"/></symbol><symbol id="chevron-expand" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M3.646 9.146a.5.5.0 01.708.0L8 12.793l3.646-3.647a.5.5.0 01.708.708l-4 4a.5.5.0 01-.708.0l-4-4a.5.5.0 010-.708zm0-2.292a.5.5.0 00.708.0L8 3.207l3.646 3.647a.5.5.0 00.708-.708l-4-4a.5.5.0 00-.708.0l-4 4a.5.5.0 000 .708z"/></symbol><symbol id="clipboard" viewBox="0 0 16 16"><path d="M4 1.5H3a2 2 0 00-2 2V14a2 2 0 002 2h10a2 2 0 002-2V3.5a2 2 0 00-2-2h-1v1h1a1 1 0 011 1V14a1 1 0 01-1 1H3a1 1 0 01-1-1V3.5a1 1 0 011-1h1v-1z"/><path d="M9.5 1a.5.5.0 01.5.5v1a.5.5.0 01-.5.5h-3A.5.5.0 016 2.5v-1a.5.5.0 01.5-.5h3zm-3-1A1.5 1.5.0 005 1.5v1A1.5 1.5.0 006.5 4h3A1.5 1.5.0 0011 2.5v-1A1.5 1.5.0 009.5.0h-3z"/></symbol><symbol id="plus" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8 2a.5.5.0 01.5.5v5h5a.5.5.0 010 1h-5v5a.5.5.0 01-1 0v-5h-5a.5.5.0 010-1h5v-5A.5.5.0 018 2z"/></symbol><symbol id="three-dots" viewBox="0 0 16 16"><path d="M3 9.5a1.5 1.5.0 110-3 1.5 1.5.0 010 3zm5 0a1.5 1.5.0 110-3 1.5 1.5.0 010 3zm5 0a1.5 1.5.0 110-3 1.5 1.5.0 010 3z"/></symbol><symbol id="info" viewBox="0 0 16 16"><path d="M8 15A7 7 0 118 1a7 7 0 010 14zm0 1A8 8 0 108 0a8 8 0 000 16z"/><path d="m8.93 6.588-2.29.287-.082.38.45.083c.294.07.352.176.288.469l-.738 3.468c-.194.897.105 1.319.808 1.319.545.0 1.178-.252 1.465-.598l.088-.416c-.2.176-.492.246-.686.246-.275.0-.375-.193-.304-.533L8.93 6.588zM9 4.5a1 1 0 11-2 0 1 1 0 012 0z"/></symbol><symbol id="check" viewBox="0 0 16 16"><path d="M8 15A7 7 0 118 1a7 7 0 010 14zm0 1A8 8 0 108 0a8 8 0 000 16z"/><path d="M10.97 4.97a.235.235.0 00-.02.022L7.477 9.417 5.384 7.323a.75.75.0 00-1.06 1.06L6.97 11.03a.75.75.0 001.079-.02l3.992-4.99A.75.75.0 0010.97 4.97z"/></symbol><symbol id="exclamation" viewBox="0 0 16 16"><path d="M8 15A7 7 0 118 1a7 7 0 010 14zm0 1A8 8 0 108 0a8 8 0 000 16z"/><path d="M7.002 11a1 1 0 112 0 1 1 0 01-2 0zM7.1 4.995a.905.905.0 111.8.0l-.35 3.507a.552.552.0 01-1.1.0L7.1 4.995z"/></symbol><symbol id="x-circle" viewBox="0 0 16 16"><path d="M8 15A7 7 0 118 1a7 7 0 010 14zm0 1A8 8 0 108 0a8 8 0 000 16z"/><path d="M4.646 4.646a.5.5.0 01.708.0L8 7.293l2.646-2.647a.5.5.0 01.708.708L8.707 8l2.647 2.646a.5.5.0 01-.708.708L8 8.707l-2.646 2.647a.5.5.0 01-.708-.708L7.293 8 4.646 5.354a.5.5.0 010-.708z"/></symbol><symbol id="fire" viewBox="0 0 16 16"><path d="M8 16c3.314.0 6-2 6-5.5.0-1.5-.5-4-2.5-6 .25 1.5-1.25 2-1.25 2C11 4 9 .5 6 0c.357 2 .5 4-2 6-1.25 1-2 2.729-2 4.5C2 14 4.686 16 8 16zm0-1c-1.657.0-3-1-3-2.75.0-.75.25-2 1.25-3C6.125 10 7 10.5 7 10.5c-.375-1.25.5-3.25 2-3.5-.179 1-.25 2 1 3 .625.5 1 1.364 1 2.25C11 14 9.657 15 8 15z"/></symbol><symbol id="search" viewBox="0 0 16 16"><path d="M11.742 10.344a6.5 6.5.0 10-1.397 1.398h-.001c.03.04.062.078.098.115l3.85 3.85a1 1 0 001.415-1.414l-3.85-3.85a1.007 1.007.0 00-.115-.1zM12 6.5a5.5 5.5.0 11-11 0 5.5 5.5.0 0111 0z"/></symbol><symbol id="clipboard-check" viewBox="0 0 16 16"><path d="M6.5.0A1.5 1.5.0 005 1.5v1A1.5 1.5.0 006.5 4h3A1.5 1.5.0 0011 2.5v-1A1.5 1.5.0 009.5.0h-3zm3 1a.5.5.0 01.5.5v1a.5.5.0 01-.5.5h-3A.5.5.0 016 2.5v-1a.5.5.0 01.5-.5h3z"/><path d="M4 1.5H3a2 2 0 00-2 2V14a2 2 0 002 2h10a2 2 0 002-2V3.5a2 2 0 00-2-2h-1v1A2.5 2.5.0 019.5 5h-3A2.5 2.5.0 014 2.5v-1zm6.854 7.354-3 3a.5.5.0 01-.708.0l-1.5-1.5a.5.5.0 01.708-.708L7.5 10.793l2.646-2.647a.5.5.0 01.708.708z"/></symbol><symbol id="pencil-square" viewBox="0 0 16 16"><path d="M15.502 1.94a.5.5.0 010 .706L14.459 3.69l-2-2L13.502.646a.5.5.0 01.707.0l1.293 1.293zm-1.75 2.456-2-2L4.939 9.21a.5.5.0 00-.121.196l-.805 2.414a.25.25.0 00.316.316l2.414-.805a.5.5.0 00.196-.12l6.813-6.814z"/><path fill-rule="evenodd" d="M1 13.5A1.5 1.5.0 002.5 15h11a1.5 1.5.0 001.5-1.5v-6a.5.5.0 00-1 0v6a.5.5.0 01-.5.5h-11a.5.5.0 01-.5-.5v-11a.5.5.0 01.5-.5H9a.5.5.0 000-1H2.5A1.5 1.5.0 001 2.5v11z"/></symbol><symbol id="github" viewBox="0 0 16 16"><path d="M8 0C3.58.0.0 3.58.0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38.0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95.0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12.0.0.67-.21 2.2.82.64-.18 1.32-.27 2-.27s1.36.09 2 .27c1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15.0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48.0 1.07-.01 1.93-.01 2.2.0.21.15.46.55.38A8.012 8.012.0 0016 8c0-4.42-3.58-8-8-8z"/></symbol><symbol id="box-arrow-up-right" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8.636 3.5a.5.5.0 00-.5-.5H1.5A1.5 1.5.0 000 4.5v10A1.5 1.5.0 001.5 16h10a1.5 1.5.0 001.5-1.5V7.864a.5.5.0 00-1 0V14.5a.5.5.0 01-.5.5h-10a.5.5.0 01-.5-.5v-10a.5.5.0 01.5-.5h6.636a.5.5.0 00.5-.5z"/><path fill-rule="evenodd" d="M16 .5a.5.5.0 00-.5-.5h-5a.5.5.0 000 1h3.793L6.146 9.146a.5.5.0 10.708.708L15 1.707V5.5a.5.5.0 001 0v-5z"/></symbol></svg><header class="navbar docs-navbar navbar-expand-lg py-0 align-items-center"><div class=docs-left-toggle><button class=navbar-toggler type=button data-bs-toggle=offcanvas data-bs-target=#bdSidebar aria-controls=bdSidebar aria-label="Toggle docs content"><svg xmlns="http://www.w3.org/2000/svg" width="1.5rem" height="1.5rem" fill="currentcolor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M2.5 11.5A.5.5.0 013 11h10a.5.5.0 010 1H3a.5.5.0 01-.5-.5zm0-4A.5.5.0 013 7h10a.5.5.0 010 1H3a.5.5.0 01-.5-.5zm0-4A.5.5.0 013 3h10a.5.5.0 010 1H3a.5.5.0 01-.5-.5z"/></svg> <span class="d-none fs-6 pe-1">Browse</span></button></div><div class="docs-right-toggle order-3"><button class=navbar-toggler type=button data-bs-toggle=offcanvas data-bs-target=#offcanvas aria-controls=offcanvas aria-label="Toggle Crossplane navigation"><svg class="bi white" aria-hidden="true"><use xlink:href="#three-dots"/></svg></button></div><div class=navbar-brand><a href=https://www.crossplane.io aria-label=Crossplane><img src=/img/crossplane-logo.svg alt="Crossplane logo" srcset="/img/crossplane-logo.svg 1x, /img/crossplane-logo.svg 2x" width=152px decoding=async data-nimg=future loading=lazy></a></div><div class="w-100 offcanvas-lg offcanvas-end" tabindex=-1 id=offcanvas aria-labelledby=offcanvasLabel><div class="offcanvas-body p-0"><div class="offcanvas-header p-0"><div class=navbar-brand><a href=https://www.crossplane.io aria-label=Crossplane><img src=/img/crossplane-logo.svg alt="Crossplane logo" srcset="/img/crossplane-logo.svg 1x, /img/crossplane-logo.svg 2x" width=152px decoding=async data-nimg=future loading=lazy></a></div><button type=button class="btn-close btn-close-white" data-bs-dismiss=offcanvas aria-label=Close data-bs-target=#offcanvas></button></div><div class="navbar-center-links collapse navbar-collapse justify-content-evenly show"><ul class="navbar-nav align-items-center"><li class=nav-item><a class=navbar-link href=https://www.crossplane.io/why-control-planes>Why Control Planes?</a></li><li class=nav-item><a class=navbar-link aria-current=page href=https://docs.crossplane.io/>Documentation</a></li><li class=nav-item><a class=navbar-link href=https://www.crossplane.io/community>Community</a></li><li class=nav-item><a class=navbar-link href=https://blog.crossplane.io/>Blog</a></li></ul></div><div class="navbar-icons flex-shrink-1 show"><ul class=navbar-nav><li class="nav-item col-xs p-2"><a class=navbar-link href=https://github.com/crossplane title="Crossplane Github Repository" target=_blank rel=noopener><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentcolor" class="icon-github" viewBox="0 0 16 16"><path d="M8 0C3.58.0.0 3.58.0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38.0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95.0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12.0.0.67-.21 2.2.82.64-.18 1.32-.27 2-.27s1.36.09 2 .27c1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15.0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48.0 1.07-.01 1.93-.01 2.2.0.21.15.46.55.38A8.012 8.012.0 0016 8c0-4.42-3.58-8-8-8z"/></svg><span class=icon-label>Crossplane GitHub</span></a></li><li class="nav-item col-xs p-2"><div id=slack><a class=navbar-link href=https://slack.crossplane.io title="Join the Crossplane Slack" target=_blank rel=noopener><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentcolor" class="icon-slack" viewBox="0 0 16 16"><path d="M3.362 10.11c0 .926-.756 1.681-1.681 1.681S0 11.036.0 10.111C0 9.186.756 8.43 1.68 8.43h1.682v1.68zm.846.0c0-.924.756-1.68 1.681-1.68s1.681.756 1.681 1.68v4.21c0 .924-.756 1.68-1.68 1.68a1.685 1.685.0 01-1.682-1.68v-4.21zM5.89 3.362c-.926.0-1.682-.756-1.682-1.681S4.964.0 5.89.0s1.68.756 1.68 1.68v1.682H5.89zm0 .846c.924.0 1.68.756 1.68 1.681S6.814 7.57 5.89 7.57H1.68C.757 7.57.0 6.814.0 5.89c0-.926.756-1.682 1.68-1.682h4.21zm6.749 1.682c0-.926.755-1.682 1.68-1.682.925.0 1.681.756 1.681 1.681s-.756 1.681-1.68 1.681h-1.681V5.89zm-.848.0c0 .924-.755 1.68-1.68 1.68A1.685 1.685.0 018.43 5.89V1.68C8.43.757 9.186.0 10.11.0c.926.0 1.681.756 1.681 1.68v4.21zm-1.681 6.748c.926.0 1.682.756 1.682 1.681S11.036 16 10.11 16s-1.681-.756-1.681-1.68v-1.682h1.68zm0-.847c-.924.0-1.68-.755-1.68-1.68.0-.925.756-1.681 1.68-1.681h4.21c.924.0 1.68.756 1.68 1.68.0.926-.756 1.681-1.68 1.681h-4.21z"/></svg><span class=icon-label>Crossplane Slack</span></a></div></li><li class="nav-item col-x p-2"><div class="vr d-lg-flex mx-lg-2 text-white"></div></li><li class="nav-item col-xs p-2"><div class="form-check form-switch color-switcher"><input class="d-flex form-check-input" type=checkbox id=darkSwitch> <label class="d-flex navbar-link form-check-label" for=darkSwitch>Dark Mode</label></div></li></ul></div></div></div></header><div class="bd-layout docs-container" data-bs-spy=scroll data-bs-target=#TableOfContents data-bs-threshold=0,1 data-bs-root-margin="0% 0% -75%"><aside class=bd-sidebar><div class="offcanvas-lg offcanvas-start bd-sidebar-container" tabindex=-1 id=bdSidebar aria-labelledby=bdSidebarOffcanvasLabel><div class="offcanvas-header pb-4 border-bottom"><div class="d-flex offcanvas-title fw-bold" id=bdNavbarOffcanvasLabel>Crossplane Documentation - v</div><div class=d-flex><button type=button class="btn-close bi align-self-center p-0" data-bs-dismiss=offcanvas aria-label=Close data-bs-target=#bdSidebar></button></div></div><div class=offcanvas-body><div class="container-fluid p-0"><div class="search-container d-flex row pt-3 ps-4 docsearch opacity-50" data-bs-target=#bdSidebar data-bs-dismiss=offcanvas aria-label="Docs navigation"><div class=p-0 id=docSearch></div></div><nav class="bd-links-nav w-100" aria-label="Docs navigation"><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/latest/>Overview</a></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100 active-parent"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/latest/getting-started/>Getting Started</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" checked aria-label="Close or Expand Getting Started Section"> <label for=collapse-efba6416 class=sidebar-label data-bs-toggle=collapse data-bs-target=#collapse-efba6416 aria-expanded=false aria-label="Close or Expand Getting Started Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse show" id=collapse-efba6416><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/getting-started/introduction/>Crossplane Introduction</a></div></div><div class="container flex-row collapse show" id=collapse-efba6416><div class="d-flex flex-column"><a class="bd-links d-flex active" href=https://docs.crossplane.io/latest/getting-started/provider-aws/>AWS Quickstart</a></div></div><div class="container flex-row collapse show" id=collapse-efba6416><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/getting-started/provider-azure/>Azure Quickstart</a></div></div><div class="container flex-row collapse show" id=collapse-efba6416><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/getting-started/provider-gcp/>GCP Quickstart</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/latest/software/>Install, Upgrade and Uninstall</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand Install, Upgrade and Uninstall Section"> <label for=collapse-501dbad3 class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-501dbad3 aria-expanded=false aria-label="Close or Expand Install, Upgrade and Uninstall Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-501dbad3><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/software/install/>Install Crossplane</a></div></div><div class="container flex-row collapse" id=collapse-501dbad3><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/software/upgrade/>Upgrade Crossplane</a></div></div><div class="container flex-row collapse" id=collapse-501dbad3><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/software/uninstall/>Uninstall Crossplane</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/latest/concepts/>Concepts</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand Concepts Section"> <label for=collapse-4e897d67 class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-4e897d67 aria-expanded=false aria-label="Close or Expand Concepts Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/pods/>Crossplane Pods</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/providers/>Providers</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/managed-resources/>Managed Resources</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/compositions/>Compositions</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/composition-revisions/>Composition Revisions</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/composite-resource-definitions/>Composite Resource Definitions</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/composite-resources/>Composite Resources</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/claims/>Claims</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/environment-configs/>Environment Configurations</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/usages/>Usages</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/connection-details/>Connection Details</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/packages/>Configuration Packages</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/server-side-apply/>Server-Side Apply</a></div></div><div class="container flex-row collapse" id=collapse-4e897d67><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/concepts/image-configs/>Image Configs</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/latest/guides/>Guides</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand Guides Section"> <label for=collapse-81c7893d class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-81c7893d aria-expanded=false aria-label="Close or Expand Guides Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/disaster-recovery/>Disaster Recovery with Crossplane</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/metrics/>Metrics</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/function-patch-and-transform/>Function Patch and Transform</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/write-a-composition-function-in-go/>Write a Composition Function in Go</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/write-a-composition-function-in-python/>Write a Composition Function in Python</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/import-existing-resources/>Import Existing Resources</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/vault-as-secret-store/>Vault as an External Secret Store</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/vault-injection/>Vault Credential Injection</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/multi-tenant/>Multi-Tenant Crossplane</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/crossplane-with-argo-cd/>Configuring Crossplane with Argo CD</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/self-signed-ca-certs/>Self-Signed CA Certs</a></div></div><div class="container flex-row collapse" id=collapse-81c7893d><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/guides/troubleshoot-crossplane/>Troubleshoot Crossplane</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/latest/cli/>CLI Reference</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand CLI Reference Section"> <label for=collapse-c88095d9 class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-c88095d9 aria-expanded=false aria-label="Close or Expand CLI Reference Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-c88095d9><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/cli/command-reference/>Command Reference</a></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/latest/api/>API Reference</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand API Reference Section"> <label for=collapse-5bb69ef1 class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-5bb69ef1 aria-expanded=false aria-label="Close or Expand API Reference Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href=https://docs.crossplane.io/latest/learn/>Learn More</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><input type=checkbox class="d-flex sidebar-checkbox" aria-label="Close or Expand Learn More Section"> <label for=collapse-8c90ec3f class="sidebar-label collapsed" data-bs-toggle=collapse data-bs-target=#collapse-8c90ec3f aria-expanded=false aria-label="Close or Expand Learn More Section"><svg class="flex bi sidebar-icon plus"><use xlink:href="#plus"/></svg><svg class="flex bi sidebar-icon x"><use xlink:href="#x"/></svg></label></div></div><div class="container flex-row collapse" id=collapse-8c90ec3f><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/learn/release-cycle/>Release Cycle</a></div></div><div class="container flex-row collapse" id=collapse-8c90ec3f><div class="d-flex flex-column"><a class="bd-links d-flex" href=https://docs.crossplane.io/latest/learn/feature-lifecycle/>Feature Lifecycle</a></div></div></div><div class="section-container container pe-0 pt-1"><div class=nav-container><a href=https://docs.crossplane.io/contribute/ class="d-inline-flex align-items-center">Contributing Guide</a></div></div><div class="section-container container pe-0 pt-1"><div class="container nav-container pe-0 d-flex w-100"><a class="d-flex w-100 border-0" href="https://github.com/orgs/crossplane/projects/20/views/9?pane=info" target=_blank>Crossplane Roadmap</a><div class="d-flex flex-shrink-1 sidebar-control-container align-self-center"><a href="https://github.com/orgs/crossplane/projects/20/views/9?pane=info"><svg class="flex bi"><use xlink:href="#box-arrow-up-right"/></svg></a></div></div></div></nav></div></div></aside><main class="bd-main order-1"><div class="bd-intro pt-2 ps-lg-2"><div class="d-md-flex flex-md-row-reverse align-items-center justify-content-between"><div class="mb-3 mb-md-0 d-flex"><div class="dropdown float-end bd-dropdown"><a class="btn btn-outline-secondary dropdown-toggle bd-dropdown-item text-reset" href=# role=button id=dropdownMenuLink data-bs-toggle=dropdown aria-haspopup=true aria-expanded=false>v1.18<div class="badge rounded-pill latest">Latest</div></a><div class="dropdown-menu bd-border-color bd-dropdown" aria-labelledby=dropdownMenuLink><a class="dropdown-item bd-dropdown-item" href=https://docs.crossplane.io/master/getting-started/provider-aws/>master</a> <a class="dropdown-item bd-dropdown-item active" aria-current=true href=https://docs.crossplane.io/v1.18/getting-started/provider-aws/>v1.18<div class="badge rounded-pill latest">Latest</div></a><a class="dropdown-item bd-dropdown-item" href=https://docs.crossplane.io/v1.17/getting-started/provider-aws/>v1.17</a> <a class="dropdown-item bd-dropdown-item" href=https://docs.crossplane.io/v1.16/getting-started/provider-aws/>v1.16</a></div></div></div><h1 class="bd-title mb-0" id=content>AWS Quickstart</h1></div></div><div class="bd-toc mt-3 mb-5 my-lg-0 ps-xl-3 mb-lg-5"><button class="btn btn-link p-md-0 mb-2 mb-md-0 text-decoration-none bd-toc-toggle d-md-none" type=button data-bs-toggle=collapse data-bs-target=#tocContents aria-expanded=false aria-controls=tocContents> On this page<svg class="bi d-md-none ms-2" aria-hidden="true"><use xlink:href="#chevron-expand"/></svg></button> <strong class="d-none d-md-block h6 my-2">On this page</strong><hr class="d-none d-md-block my-2"><div class="collapse bd-toc-collapse" id=tocContents><nav id=TableOfContents><ul class=nav><li class=nav-item><a class=nav-link href=#prerequisites>Prerequisites</a></li><li class=nav-item><a class=nav-link href=#install-the-aws-provider>Install the AWS provider</a></li><li class=nav-item><a class=nav-link href=#create-a-kubernetes-secret-for-aws>Create a Kubernetes secret for AWS</a><ul class=nav><li class=nav-item><a class=nav-link href=#generate-an-aws-key-pair-file>Generate an AWS key-pair file</a></li><li class=nav-item><a class=nav-link href=#create-a-kubernetes-secret-with-the-aws-credentials>Create a Kubernetes secret with the AWS credentials</a></li></ul></li><li class=nav-item><a class=nav-link href=#create-a-providerconfig>Create a ProviderConfig</a></li><li class=nav-item><a class=nav-link href=#create-a-managed-resource>Create a managed resource</a></li><li class=nav-item><a class=nav-link href=#delete-the-managed-resource>Delete the managed resource</a></li><li class=nav-item><a class=nav-link href=#next-steps>Next steps</a></li></ul></li></ul></nav><nav class=pt-3><div class=pb-2><svg class="bi" width="1em" height="1em"><use xlink:href="#pencil-square"/></svg><span class=ps-1><a target=_blank href="https://github.com/crossplane/docs/issues/new?title=[Web%20Bug]%20-%20AWS%20Quickstart&body=%3c!--%20What%27s%20the%20problem?%20--%3e%0a%0a%0aURL:%20https://docs.crossplane.io/latest/getting-started/provider-aws/">Report a problem</a></span></div><div><svg class="bi" width="1em" height="1em"><use xlink:href="#github"/></svg><span class=ps-1><a href=https://github.com/crossplane/docs/tree/master/content/latest/getting-started/provider-aws.md>View page source</a></span></div></div></nav></div><div class="bd-content ps-lg-2 DocSearch-content"><p>Connect Crossplane to AWS to create and manage cloud resources from Kubernetes with the <a href=https://marketplace.upbound.io/providers/upbound/provider-family-aws>Upbound AWS Provider</a>.</p><p>This guide is in two parts:</p><ul><li>Part 1 walks through installing Crossplane, configuring the provider to authenticate to AWS and creating a <em>Managed Resource</em> in AWS directly from your Kubernetes cluster. This shows Crossplane can communicate with AWS.</li><li><a href=https://docs.crossplane.io/latest/getting-started/provider-aws-part-2/>Part 2</a> shows how to build and access a custom API with Crossplane.</li></ul><h2 id=prerequisites>Prerequisites <a class=anchor-link id=prerequisites href=#prerequisites aria-label="Link to this section: Prerequisites"></a></h2><p>This quickstart requires:</p><ul><li>a Kubernetes cluster with at least 2 GB of RAM</li><li>permissions to create pods and secrets in the Kubernetes cluster</li><li><a href=https://helm.sh/>Helm</a> version v3.2.0 or later</li><li>an AWS account with permissions to create an S3 storage bucket</li><li>AWS <a href=https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds>access keys</a></li></ul><div class=gdoc-include><h2 id=install-crossplane>Install Crossplane <a class=anchor-link id=install-crossplane href=#install-crossplane aria-label="Link to this section: Install Crossplane"></a></h2><p>Crossplane installs into an existing Kubernetes cluster.</p><div class="admonition tip d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="tip:"><use xlink:href="#check"/></svg><span class=ps-1>Tip</span></div><div class=admonition-content>If you don’t have a Kubernetes cluster create one locally with <a href=https://kind.sigs.k8s.io/>Kind</a>.</div></div><h3 id=install-the-crossplane-helm-chart>Install the Crossplane Helm chart <a class=anchor-link id=install-the-crossplane-helm-chart href=#install-the-crossplane-helm-chart aria-label="Link to this section: Install the Crossplane Helm chart"></a></h3><p>Helm enables Crossplane to install all its Kubernetes components through a <em>Helm Chart</em>.</p><p>Enable the Crossplane Helm Chart repository:</p><div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-0-1><a class=lnlinks href=#hl-0-1>1</a></span><span class=cl>helm repo add <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-0-2><a class=lnlinks href=#hl-0-2>2</a></span><span class=cl><span class=se></span>crossplane-stable https://charts.crossplane.io/stable </span></span><span class=line><span class=ln id=hl-0-3><a class=lnlinks href=#hl-0-3>3</a></span><span class=cl>helm repo update </span></span></code></pre></div><p>Run the Helm dry-run to see all the Crossplane components Helm installs.</p><div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-1-1><a class=lnlinks href=#hl-1-1>1</a></span><span class=cl>helm install crossplane <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-1-2><a class=lnlinks href=#hl-1-2>2</a></span><span class=cl><span class=se></span>crossplane-stable/crossplane <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-1-3><a class=lnlinks href=#hl-1-3>3</a></span><span class=cl><span class=se></span>--dry-run --debug <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-1-4><a class=lnlinks href=#hl-1-4>4</a></span><span class=cl><span class=se></span>--namespace crossplane-system <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-1-5><a class=lnlinks href=#hl-1-5>5</a></span><span class=cl><span class=se></span>--create-namespace </span></span></code></pre></div><div class="accordion mb-3" id=view-the-helm-dry-run-961-Parent><div class=accordion-item><h2 class=accordion-header id=view-the-helm-dry-run-961><button class="accordion-button collapsed" type=button data-bs-toggle=collapse data-bs-target=#view-the-helm-dry-run-961-Content aria-expanded=false aria-controls=view-the-helm-dry-run-961-Content> View the Helm dry-run</button></h2><div id=view-the-helm-dry-run-961-Content class="accordion-collapse collapse" aria-labelledby=view-the-helm-dry-run-961 data-bs-parent=#view-the-helm-dry-run-961-Parent><div class="accordion-body rounded-bottom"><div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-0-1><a class=lnlinks href=#hl-0-1> 1</a></span><span class=cl>helm install crossplane <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-0-2><a class=lnlinks href=#hl-0-2> 2</a></span><span class=cl><span class=se></span>crossplane-stable/crossplane <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-0-3><a class=lnlinks href=#hl-0-3> 3</a></span><span class=cl><span class=se></span>--dry-run --debug <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-0-4><a class=lnlinks href=#hl-0-4> 4</a></span><span class=cl><span class=se></span>--namespace crossplane-system <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-0-5><a class=lnlinks href=#hl-0-5> 5</a></span><span class=cl><span class=se></span>--create-namespace </span></span><span class=line><span class=ln id=hl-0-6><a class=lnlinks href=#hl-0-6> 6</a></span><span class=cl>install.go:214: <span class=o>[</span>debug<span class=o>]</span> Original chart version: <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-7><a class=lnlinks href=#hl-0-7> 7</a></span><span class=cl>install.go:216: <span class=o>[</span>debug<span class=o>]</span> setting version to >0.0.0-0 </span></span><span class=line><span class=ln id=hl-0-8><a class=lnlinks href=#hl-0-8> 8</a></span><span class=cl>install.go:231: <span class=o>[</span>debug<span class=o>]</span> CHART PATH: /Users/plumbis/Library/Caches/helm/repository/crossplane-1.15.0.tgz </span></span><span class=line><span class=ln id=hl-0-9><a class=lnlinks href=#hl-0-9> 9</a></span><span class=cl> </span></span><span class=line><span class=ln id=hl-0-10><a class=lnlinks href=#hl-0-10> 10</a></span><span class=cl>NAME: crossplane </span></span><span class=line><span class=ln id=hl-0-11><a class=lnlinks href=#hl-0-11> 11</a></span><span class=cl>LAST DEPLOYED: Mon Feb <span class=m>12</span> 14:46:15 <span class=m>2024</span> </span></span><span class=line><span class=ln id=hl-0-12><a class=lnlinks href=#hl-0-12> 12</a></span><span class=cl>NAMESPACE: default </span></span><span class=line><span class=ln id=hl-0-13><a class=lnlinks href=#hl-0-13> 13</a></span><span class=cl>STATUS: pending-install </span></span><span class=line><span class=ln id=hl-0-14><a class=lnlinks href=#hl-0-14> 14</a></span><span class=cl>REVISION: <span class=m>1</span> </span></span><span class=line><span class=ln id=hl-0-15><a class=lnlinks href=#hl-0-15> 15</a></span><span class=cl>TEST SUITE: None </span></span><span class=line><span class=ln id=hl-0-16><a class=lnlinks href=#hl-0-16> 16</a></span><span class=cl>USER-SUPPLIED VALUES: </span></span><span class=line><span class=ln id=hl-0-17><a class=lnlinks href=#hl-0-17> 17</a></span><span class=cl><span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-18><a class=lnlinks href=#hl-0-18> 18</a></span><span class=cl> </span></span><span class=line><span class=ln id=hl-0-19><a class=lnlinks href=#hl-0-19> 19</a></span><span class=cl>COMPUTED VALUES: </span></span><span class=line><span class=ln id=hl-0-20><a class=lnlinks href=#hl-0-20> 20</a></span><span class=cl>affinity: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-21><a class=lnlinks href=#hl-0-21> 21</a></span><span class=cl>args: <span class=o>[]</span> </span></span><span class=line><span class=ln id=hl-0-22><a class=lnlinks href=#hl-0-22> 22</a></span><span class=cl>configuration: </span></span><span class=line><span class=ln id=hl-0-23><a class=lnlinks href=#hl-0-23> 23</a></span><span class=cl> packages: <span class=o>[]</span> </span></span><span class=line><span class=ln id=hl-0-24><a class=lnlinks href=#hl-0-24> 24</a></span><span class=cl>customAnnotations: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-25><a class=lnlinks href=#hl-0-25> 25</a></span><span class=cl>customLabels: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-26><a class=lnlinks href=#hl-0-26> 26</a></span><span class=cl>deploymentStrategy: RollingUpdate </span></span><span class=line><span class=ln id=hl-0-27><a class=lnlinks href=#hl-0-27> 27</a></span><span class=cl>extraEnvVarsCrossplane: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-28><a class=lnlinks href=#hl-0-28> 28</a></span><span class=cl>extraEnvVarsRBACManager: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-29><a class=lnlinks href=#hl-0-29> 29</a></span><span class=cl>extraObjects: <span class=o>[]</span> </span></span><span class=line><span class=ln id=hl-0-30><a class=lnlinks href=#hl-0-30> 30</a></span><span class=cl>extraVolumeMountsCrossplane: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-31><a class=lnlinks href=#hl-0-31> 31</a></span><span class=cl>extraVolumesCrossplane: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-32><a class=lnlinks href=#hl-0-32> 32</a></span><span class=cl><span class=k>function</span>: </span></span><span class=line><span class=ln id=hl-0-33><a class=lnlinks href=#hl-0-33> 33</a></span><span class=cl> packages: <span class=o>[]</span> </span></span><span class=line><span class=ln id=hl-0-34><a class=lnlinks href=#hl-0-34> 34</a></span><span class=cl>hostNetwork: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-35><a class=lnlinks href=#hl-0-35> 35</a></span><span class=cl>image: </span></span><span class=line><span class=ln id=hl-0-36><a class=lnlinks href=#hl-0-36> 36</a></span><span class=cl> pullPolicy: IfNotPresent </span></span><span class=line><span class=ln id=hl-0-37><a class=lnlinks href=#hl-0-37> 37</a></span><span class=cl> repository: xpkg.upbound.io/crossplane/crossplane </span></span><span class=line><span class=ln id=hl-0-38><a class=lnlinks href=#hl-0-38> 38</a></span><span class=cl> tag: <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-39><a class=lnlinks href=#hl-0-39> 39</a></span><span class=cl>imagePullSecrets: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-40><a class=lnlinks href=#hl-0-40> 40</a></span><span class=cl>leaderElection: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-41><a class=lnlinks href=#hl-0-41> 41</a></span><span class=cl>metrics: </span></span><span class=line><span class=ln id=hl-0-42><a class=lnlinks href=#hl-0-42> 42</a></span><span class=cl> enabled: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-43><a class=lnlinks href=#hl-0-43> 43</a></span><span class=cl>nodeSelector: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-44><a class=lnlinks href=#hl-0-44> 44</a></span><span class=cl>packageCache: </span></span><span class=line><span class=ln id=hl-0-45><a class=lnlinks href=#hl-0-45> 45</a></span><span class=cl> configMap: <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-46><a class=lnlinks href=#hl-0-46> 46</a></span><span class=cl> medium: <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-47><a class=lnlinks href=#hl-0-47> 47</a></span><span class=cl> pvc: <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-48><a class=lnlinks href=#hl-0-48> 48</a></span><span class=cl> sizeLimit: 20Mi </span></span><span class=line><span class=ln id=hl-0-49><a class=lnlinks href=#hl-0-49> 49</a></span><span class=cl>podSecurityContextCrossplane: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-50><a class=lnlinks href=#hl-0-50> 50</a></span><span class=cl>podSecurityContextRBACManager: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-51><a class=lnlinks href=#hl-0-51> 51</a></span><span class=cl>priorityClassName: <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-52><a class=lnlinks href=#hl-0-52> 52</a></span><span class=cl>provider: </span></span><span class=line><span class=ln id=hl-0-53><a class=lnlinks href=#hl-0-53> 53</a></span><span class=cl> packages: <span class=o>[]</span> </span></span><span class=line><span class=ln id=hl-0-54><a class=lnlinks href=#hl-0-54> 54</a></span><span class=cl>rbacManager: </span></span><span class=line><span class=ln id=hl-0-55><a class=lnlinks href=#hl-0-55> 55</a></span><span class=cl> affinity: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-56><a class=lnlinks href=#hl-0-56> 56</a></span><span class=cl> args: <span class=o>[]</span> </span></span><span class=line><span class=ln id=hl-0-57><a class=lnlinks href=#hl-0-57> 57</a></span><span class=cl> deploy: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-58><a class=lnlinks href=#hl-0-58> 58</a></span><span class=cl> leaderElection: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-59><a class=lnlinks href=#hl-0-59> 59</a></span><span class=cl> nodeSelector: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-60><a class=lnlinks href=#hl-0-60> 60</a></span><span class=cl> replicas: <span class=m>1</span> </span></span><span class=line><span class=ln id=hl-0-61><a class=lnlinks href=#hl-0-61> 61</a></span><span class=cl> skipAggregatedClusterRoles: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-62><a class=lnlinks href=#hl-0-62> 62</a></span><span class=cl> tolerations: <span class=o>[]</span> </span></span><span class=line><span class=ln id=hl-0-63><a class=lnlinks href=#hl-0-63> 63</a></span><span class=cl>registryCaBundleConfig: </span></span><span class=line><span class=ln id=hl-0-64><a class=lnlinks href=#hl-0-64> 64</a></span><span class=cl> key: <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-65><a class=lnlinks href=#hl-0-65> 65</a></span><span class=cl> name: <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-66><a class=lnlinks href=#hl-0-66> 66</a></span><span class=cl>replicas: <span class=m>1</span> </span></span><span class=line><span class=ln id=hl-0-67><a class=lnlinks href=#hl-0-67> 67</a></span><span class=cl>resourcesCrossplane: </span></span><span class=line><span class=ln id=hl-0-68><a class=lnlinks href=#hl-0-68> 68</a></span><span class=cl> limits: </span></span><span class=line><span class=ln id=hl-0-69><a class=lnlinks href=#hl-0-69> 69</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-70><a class=lnlinks href=#hl-0-70> 70</a></span><span class=cl> memory: 512Mi </span></span><span class=line><span class=ln id=hl-0-71><a class=lnlinks href=#hl-0-71> 71</a></span><span class=cl> requests: </span></span><span class=line><span class=ln id=hl-0-72><a class=lnlinks href=#hl-0-72> 72</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-73><a class=lnlinks href=#hl-0-73> 73</a></span><span class=cl> memory: 256Mi </span></span><span class=line><span class=ln id=hl-0-74><a class=lnlinks href=#hl-0-74> 74</a></span><span class=cl>resourcesRBACManager: </span></span><span class=line><span class=ln id=hl-0-75><a class=lnlinks href=#hl-0-75> 75</a></span><span class=cl> limits: </span></span><span class=line><span class=ln id=hl-0-76><a class=lnlinks href=#hl-0-76> 76</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-77><a class=lnlinks href=#hl-0-77> 77</a></span><span class=cl> memory: 512Mi </span></span><span class=line><span class=ln id=hl-0-78><a class=lnlinks href=#hl-0-78> 78</a></span><span class=cl> requests: </span></span><span class=line><span class=ln id=hl-0-79><a class=lnlinks href=#hl-0-79> 79</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-80><a class=lnlinks href=#hl-0-80> 80</a></span><span class=cl> memory: 256Mi </span></span><span class=line><span class=ln id=hl-0-81><a class=lnlinks href=#hl-0-81> 81</a></span><span class=cl>securityContextCrossplane: </span></span><span class=line><span class=ln id=hl-0-82><a class=lnlinks href=#hl-0-82> 82</a></span><span class=cl> allowPrivilegeEscalation: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-83><a class=lnlinks href=#hl-0-83> 83</a></span><span class=cl> readOnlyRootFilesystem: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-84><a class=lnlinks href=#hl-0-84> 84</a></span><span class=cl> runAsGroup: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-85><a class=lnlinks href=#hl-0-85> 85</a></span><span class=cl> runAsUser: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-86><a class=lnlinks href=#hl-0-86> 86</a></span><span class=cl>securityContextRBACManager: </span></span><span class=line><span class=ln id=hl-0-87><a class=lnlinks href=#hl-0-87> 87</a></span><span class=cl> allowPrivilegeEscalation: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-88><a class=lnlinks href=#hl-0-88> 88</a></span><span class=cl> readOnlyRootFilesystem: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-89><a class=lnlinks href=#hl-0-89> 89</a></span><span class=cl> runAsGroup: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-90><a class=lnlinks href=#hl-0-90> 90</a></span><span class=cl> runAsUser: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-91><a class=lnlinks href=#hl-0-91> 91</a></span><span class=cl>serviceAccount: </span></span><span class=line><span class=ln id=hl-0-92><a class=lnlinks href=#hl-0-92> 92</a></span><span class=cl> customAnnotations: <span class=o>{}</span> </span></span><span class=line><span class=ln id=hl-0-93><a class=lnlinks href=#hl-0-93> 93</a></span><span class=cl>tolerations: <span class=o>[]</span> </span></span><span class=line><span class=ln id=hl-0-94><a class=lnlinks href=#hl-0-94> 94</a></span><span class=cl>webhooks: </span></span><span class=line><span class=ln id=hl-0-95><a class=lnlinks href=#hl-0-95> 95</a></span><span class=cl> enabled: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-96><a class=lnlinks href=#hl-0-96> 96</a></span><span class=cl> </span></span><span class=line><span class=ln id=hl-0-97><a class=lnlinks href=#hl-0-97> 97</a></span><span class=cl>HOOKS: </span></span><span class=line><span class=ln id=hl-0-98><a class=lnlinks href=#hl-0-98> 98</a></span><span class=cl>MANIFEST: </span></span><span class=line><span class=ln id=hl-0-99><a class=lnlinks href=#hl-0-99> 99</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-100><a class=lnlinks href=#hl-0-100> 100</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-serviceaccount.yaml</span> </span></span><span class=line><span class=ln id=hl-0-101><a class=lnlinks href=#hl-0-101> 101</a></span><span class=cl>apiVersion: v1 </span></span><span class=line><span class=ln id=hl-0-102><a class=lnlinks href=#hl-0-102> 102</a></span><span class=cl>kind: ServiceAccount </span></span><span class=line><span class=ln id=hl-0-103><a class=lnlinks href=#hl-0-103> 103</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-104><a class=lnlinks href=#hl-0-104> 104</a></span><span class=cl> name: rbac-manager </span></span><span class=line><span class=ln id=hl-0-105><a class=lnlinks href=#hl-0-105> 105</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-106><a class=lnlinks href=#hl-0-106> 106</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-107><a class=lnlinks href=#hl-0-107> 107</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-108><a class=lnlinks href=#hl-0-108> 108</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-109><a class=lnlinks href=#hl-0-109> 109</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-110><a class=lnlinks href=#hl-0-110> 110</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-111><a class=lnlinks href=#hl-0-111> 111</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-112><a class=lnlinks href=#hl-0-112> 112</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-113><a class=lnlinks href=#hl-0-113> 113</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-114><a class=lnlinks href=#hl-0-114> 114</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-115><a class=lnlinks href=#hl-0-115> 115</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-116><a class=lnlinks href=#hl-0-116> 116</a></span><span class=cl><span class=c1># Source: crossplane/templates/serviceaccount.yaml</span> </span></span><span class=line><span class=ln id=hl-0-117><a class=lnlinks href=#hl-0-117> 117</a></span><span class=cl>apiVersion: v1 </span></span><span class=line><span class=ln id=hl-0-118><a class=lnlinks href=#hl-0-118> 118</a></span><span class=cl>kind: ServiceAccount </span></span><span class=line><span class=ln id=hl-0-119><a class=lnlinks href=#hl-0-119> 119</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-120><a class=lnlinks href=#hl-0-120> 120</a></span><span class=cl> name: crossplane </span></span><span class=line><span class=ln id=hl-0-121><a class=lnlinks href=#hl-0-121> 121</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-122><a class=lnlinks href=#hl-0-122> 122</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-123><a class=lnlinks href=#hl-0-123> 123</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-124><a class=lnlinks href=#hl-0-124> 124</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-125><a class=lnlinks href=#hl-0-125> 125</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-126><a class=lnlinks href=#hl-0-126> 126</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-127><a class=lnlinks href=#hl-0-127> 127</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-128><a class=lnlinks href=#hl-0-128> 128</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-129><a class=lnlinks href=#hl-0-129> 129</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-130><a class=lnlinks href=#hl-0-130> 130</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-131><a class=lnlinks href=#hl-0-131> 131</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-132><a class=lnlinks href=#hl-0-132> 132</a></span><span class=cl><span class=c1># Source: crossplane/templates/secret.yaml</span> </span></span><span class=line><span class=ln id=hl-0-133><a class=lnlinks href=#hl-0-133> 133</a></span><span class=cl><span class=c1># The reason this is created empty and filled by the init container is we want</span> </span></span><span class=line><span class=ln id=hl-0-134><a class=lnlinks href=#hl-0-134> 134</a></span><span class=cl><span class=c1># to manage the lifecycle of the secret via Helm. This way whenever Crossplane</span> </span></span><span class=line><span class=ln id=hl-0-135><a class=lnlinks href=#hl-0-135> 135</a></span><span class=cl><span class=c1># is deleted, the secret is deleted as well.</span> </span></span><span class=line><span class=ln id=hl-0-136><a class=lnlinks href=#hl-0-136> 136</a></span><span class=cl>apiVersion: v1 </span></span><span class=line><span class=ln id=hl-0-137><a class=lnlinks href=#hl-0-137> 137</a></span><span class=cl>kind: Secret </span></span><span class=line><span class=ln id=hl-0-138><a class=lnlinks href=#hl-0-138> 138</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-139><a class=lnlinks href=#hl-0-139> 139</a></span><span class=cl> name: crossplane-root-ca </span></span><span class=line><span class=ln id=hl-0-140><a class=lnlinks href=#hl-0-140> 140</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-141><a class=lnlinks href=#hl-0-141> 141</a></span><span class=cl>type: Opaque </span></span><span class=line><span class=ln id=hl-0-142><a class=lnlinks href=#hl-0-142> 142</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-143><a class=lnlinks href=#hl-0-143> 143</a></span><span class=cl><span class=c1># Source: crossplane/templates/secret.yaml</span> </span></span><span class=line><span class=ln id=hl-0-144><a class=lnlinks href=#hl-0-144> 144</a></span><span class=cl><span class=c1># The reason this is created empty and filled by the init container is we want</span> </span></span><span class=line><span class=ln id=hl-0-145><a class=lnlinks href=#hl-0-145> 145</a></span><span class=cl><span class=c1># to manage the lifecycle of the secret via Helm. This way whenever Crossplane</span> </span></span><span class=line><span class=ln id=hl-0-146><a class=lnlinks href=#hl-0-146> 146</a></span><span class=cl><span class=c1># is deleted, the secret is deleted as well.</span> </span></span><span class=line><span class=ln id=hl-0-147><a class=lnlinks href=#hl-0-147> 147</a></span><span class=cl>apiVersion: v1 </span></span><span class=line><span class=ln id=hl-0-148><a class=lnlinks href=#hl-0-148> 148</a></span><span class=cl>kind: Secret </span></span><span class=line><span class=ln id=hl-0-149><a class=lnlinks href=#hl-0-149> 149</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-150><a class=lnlinks href=#hl-0-150> 150</a></span><span class=cl> name: crossplane-tls-server </span></span><span class=line><span class=ln id=hl-0-151><a class=lnlinks href=#hl-0-151> 151</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-152><a class=lnlinks href=#hl-0-152> 152</a></span><span class=cl>type: Opaque </span></span><span class=line><span class=ln id=hl-0-153><a class=lnlinks href=#hl-0-153> 153</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-154><a class=lnlinks href=#hl-0-154> 154</a></span><span class=cl><span class=c1># Source: crossplane/templates/secret.yaml</span> </span></span><span class=line><span class=ln id=hl-0-155><a class=lnlinks href=#hl-0-155> 155</a></span><span class=cl><span class=c1># The reason this is created empty and filled by the init container is we want</span> </span></span><span class=line><span class=ln id=hl-0-156><a class=lnlinks href=#hl-0-156> 156</a></span><span class=cl><span class=c1># to manage the lifecycle of the secret via Helm. This way whenever Crossplane</span> </span></span><span class=line><span class=ln id=hl-0-157><a class=lnlinks href=#hl-0-157> 157</a></span><span class=cl><span class=c1># is deleted, the secret is deleted as well.</span> </span></span><span class=line><span class=ln id=hl-0-158><a class=lnlinks href=#hl-0-158> 158</a></span><span class=cl>apiVersion: v1 </span></span><span class=line><span class=ln id=hl-0-159><a class=lnlinks href=#hl-0-159> 159</a></span><span class=cl>kind: Secret </span></span><span class=line><span class=ln id=hl-0-160><a class=lnlinks href=#hl-0-160> 160</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-161><a class=lnlinks href=#hl-0-161> 161</a></span><span class=cl> name: crossplane-tls-client </span></span><span class=line><span class=ln id=hl-0-162><a class=lnlinks href=#hl-0-162> 162</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-163><a class=lnlinks href=#hl-0-163> 163</a></span><span class=cl>type: Opaque </span></span><span class=line><span class=ln id=hl-0-164><a class=lnlinks href=#hl-0-164> 164</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-165><a class=lnlinks href=#hl-0-165> 165</a></span><span class=cl><span class=c1># Source: crossplane/templates/clusterrole.yaml</span> </span></span><span class=line><span class=ln id=hl-0-166><a class=lnlinks href=#hl-0-166> 166</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-167><a class=lnlinks href=#hl-0-167> 167</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-168><a class=lnlinks href=#hl-0-168> 168</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-169><a class=lnlinks href=#hl-0-169> 169</a></span><span class=cl> name: crossplane </span></span><span class=line><span class=ln id=hl-0-170><a class=lnlinks href=#hl-0-170> 170</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-171><a class=lnlinks href=#hl-0-171> 171</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-172><a class=lnlinks href=#hl-0-172> 172</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-173><a class=lnlinks href=#hl-0-173> 173</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-174><a class=lnlinks href=#hl-0-174> 174</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-175><a class=lnlinks href=#hl-0-175> 175</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-176><a class=lnlinks href=#hl-0-176> 176</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-177><a class=lnlinks href=#hl-0-177> 177</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-178><a class=lnlinks href=#hl-0-178> 178</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-179><a class=lnlinks href=#hl-0-179> 179</a></span><span class=cl>aggregationRule: </span></span><span class=line><span class=ln id=hl-0-180><a class=lnlinks href=#hl-0-180> 180</a></span><span class=cl> clusterRoleSelectors: </span></span><span class=line><span class=ln id=hl-0-181><a class=lnlinks href=#hl-0-181> 181</a></span><span class=cl> - matchLabels: </span></span><span class=line><span class=ln id=hl-0-182><a class=lnlinks href=#hl-0-182> 182</a></span><span class=cl> rbac.crossplane.io/aggregate-to-crossplane: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-183><a class=lnlinks href=#hl-0-183> 183</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-184><a class=lnlinks href=#hl-0-184> 184</a></span><span class=cl><span class=c1># Source: crossplane/templates/clusterrole.yaml</span> </span></span><span class=line><span class=ln id=hl-0-185><a class=lnlinks href=#hl-0-185> 185</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-186><a class=lnlinks href=#hl-0-186> 186</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-187><a class=lnlinks href=#hl-0-187> 187</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-188><a class=lnlinks href=#hl-0-188> 188</a></span><span class=cl> name: crossplane:system:aggregate-to-crossplane </span></span><span class=line><span class=ln id=hl-0-189><a class=lnlinks href=#hl-0-189> 189</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-190><a class=lnlinks href=#hl-0-190> 190</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-191><a class=lnlinks href=#hl-0-191> 191</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-192><a class=lnlinks href=#hl-0-192> 192</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-193><a class=lnlinks href=#hl-0-193> 193</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-194><a class=lnlinks href=#hl-0-194> 194</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-195><a class=lnlinks href=#hl-0-195> 195</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-196><a class=lnlinks href=#hl-0-196> 196</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-197><a class=lnlinks href=#hl-0-197> 197</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-198><a class=lnlinks href=#hl-0-198> 198</a></span><span class=cl> crossplane.io/scope: <span class=s2>"system"</span> </span></span><span class=line><span class=ln id=hl-0-199><a class=lnlinks href=#hl-0-199> 199</a></span><span class=cl> rbac.crossplane.io/aggregate-to-crossplane: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-200><a class=lnlinks href=#hl-0-200> 200</a></span><span class=cl>rules: </span></span><span class=line><span class=ln id=hl-0-201><a class=lnlinks href=#hl-0-201> 201</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-202><a class=lnlinks href=#hl-0-202> 202</a></span><span class=cl> - <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-203><a class=lnlinks href=#hl-0-203> 203</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-204><a class=lnlinks href=#hl-0-204> 204</a></span><span class=cl> - events </span></span><span class=line><span class=ln id=hl-0-205><a class=lnlinks href=#hl-0-205> 205</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-206><a class=lnlinks href=#hl-0-206> 206</a></span><span class=cl> - create </span></span><span class=line><span class=ln id=hl-0-207><a class=lnlinks href=#hl-0-207> 207</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-208><a class=lnlinks href=#hl-0-208> 208</a></span><span class=cl> - patch </span></span><span class=line><span class=ln id=hl-0-209><a class=lnlinks href=#hl-0-209> 209</a></span><span class=cl> - delete </span></span><span class=line><span class=ln id=hl-0-210><a class=lnlinks href=#hl-0-210> 210</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-211><a class=lnlinks href=#hl-0-211> 211</a></span><span class=cl> - apiextensions.k8s.io </span></span><span class=line><span class=ln id=hl-0-212><a class=lnlinks href=#hl-0-212> 212</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-213><a class=lnlinks href=#hl-0-213> 213</a></span><span class=cl> - customresourcedefinitions </span></span><span class=line><span class=ln id=hl-0-214><a class=lnlinks href=#hl-0-214> 214</a></span><span class=cl> - customresourcedefinitions/status </span></span><span class=line><span class=ln id=hl-0-215><a class=lnlinks href=#hl-0-215> 215</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-216><a class=lnlinks href=#hl-0-216> 216</a></span><span class=cl> - <span class=s2>"*"</span> </span></span><span class=line><span class=ln id=hl-0-217><a class=lnlinks href=#hl-0-217> 217</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-218><a class=lnlinks href=#hl-0-218> 218</a></span><span class=cl> - <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-219><a class=lnlinks href=#hl-0-219> 219</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-220><a class=lnlinks href=#hl-0-220> 220</a></span><span class=cl> - secrets </span></span><span class=line><span class=ln id=hl-0-221><a class=lnlinks href=#hl-0-221> 221</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-222><a class=lnlinks href=#hl-0-222> 222</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-223><a class=lnlinks href=#hl-0-223> 223</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-224><a class=lnlinks href=#hl-0-224> 224</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-225><a class=lnlinks href=#hl-0-225> 225</a></span><span class=cl> - create </span></span><span class=line><span class=ln id=hl-0-226><a class=lnlinks href=#hl-0-226> 226</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-227><a class=lnlinks href=#hl-0-227> 227</a></span><span class=cl> - patch </span></span><span class=line><span class=ln id=hl-0-228><a class=lnlinks href=#hl-0-228> 228</a></span><span class=cl> - delete </span></span><span class=line><span class=ln id=hl-0-229><a class=lnlinks href=#hl-0-229> 229</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-230><a class=lnlinks href=#hl-0-230> 230</a></span><span class=cl> - <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-231><a class=lnlinks href=#hl-0-231> 231</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-232><a class=lnlinks href=#hl-0-232> 232</a></span><span class=cl> - serviceaccounts </span></span><span class=line><span class=ln id=hl-0-233><a class=lnlinks href=#hl-0-233> 233</a></span><span class=cl> - services </span></span><span class=line><span class=ln id=hl-0-234><a class=lnlinks href=#hl-0-234> 234</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-235><a class=lnlinks href=#hl-0-235> 235</a></span><span class=cl> - <span class=s2>"*"</span> </span></span><span class=line><span class=ln id=hl-0-236><a class=lnlinks href=#hl-0-236> 236</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-237><a class=lnlinks href=#hl-0-237> 237</a></span><span class=cl> - apiextensions.crossplane.io </span></span><span class=line><span class=ln id=hl-0-238><a class=lnlinks href=#hl-0-238> 238</a></span><span class=cl> - pkg.crossplane.io </span></span><span class=line><span class=ln id=hl-0-239><a class=lnlinks href=#hl-0-239> 239</a></span><span class=cl> - secrets.crossplane.io </span></span><span class=line><span class=ln id=hl-0-240><a class=lnlinks href=#hl-0-240> 240</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-241><a class=lnlinks href=#hl-0-241> 241</a></span><span class=cl> - <span class=s2>"*"</span> </span></span><span class=line><span class=ln id=hl-0-242><a class=lnlinks href=#hl-0-242> 242</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-243><a class=lnlinks href=#hl-0-243> 243</a></span><span class=cl> - <span class=s2>"*"</span> </span></span><span class=line><span class=ln id=hl-0-244><a class=lnlinks href=#hl-0-244> 244</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-245><a class=lnlinks href=#hl-0-245> 245</a></span><span class=cl> - extensions </span></span><span class=line><span class=ln id=hl-0-246><a class=lnlinks href=#hl-0-246> 246</a></span><span class=cl> - apps </span></span><span class=line><span class=ln id=hl-0-247><a class=lnlinks href=#hl-0-247> 247</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-248><a class=lnlinks href=#hl-0-248> 248</a></span><span class=cl> - deployments </span></span><span class=line><span class=ln id=hl-0-249><a class=lnlinks href=#hl-0-249> 249</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-250><a class=lnlinks href=#hl-0-250> 250</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-251><a class=lnlinks href=#hl-0-251> 251</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-252><a class=lnlinks href=#hl-0-252> 252</a></span><span class=cl> - create </span></span><span class=line><span class=ln id=hl-0-253><a class=lnlinks href=#hl-0-253> 253</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-254><a class=lnlinks href=#hl-0-254> 254</a></span><span class=cl> - patch </span></span><span class=line><span class=ln id=hl-0-255><a class=lnlinks href=#hl-0-255> 255</a></span><span class=cl> - delete </span></span><span class=line><span class=ln id=hl-0-256><a class=lnlinks href=#hl-0-256> 256</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-257><a class=lnlinks href=#hl-0-257> 257</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-258><a class=lnlinks href=#hl-0-258> 258</a></span><span class=cl> - <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-259><a class=lnlinks href=#hl-0-259> 259</a></span><span class=cl> - coordination.k8s.io </span></span><span class=line><span class=ln id=hl-0-260><a class=lnlinks href=#hl-0-260> 260</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-261><a class=lnlinks href=#hl-0-261> 261</a></span><span class=cl> - configmaps </span></span><span class=line><span class=ln id=hl-0-262><a class=lnlinks href=#hl-0-262> 262</a></span><span class=cl> - leases </span></span><span class=line><span class=ln id=hl-0-263><a class=lnlinks href=#hl-0-263> 263</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-264><a class=lnlinks href=#hl-0-264> 264</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-265><a class=lnlinks href=#hl-0-265> 265</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-266><a class=lnlinks href=#hl-0-266> 266</a></span><span class=cl> - create </span></span><span class=line><span class=ln id=hl-0-267><a class=lnlinks href=#hl-0-267> 267</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-268><a class=lnlinks href=#hl-0-268> 268</a></span><span class=cl> - patch </span></span><span class=line><span class=ln id=hl-0-269><a class=lnlinks href=#hl-0-269> 269</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-270><a class=lnlinks href=#hl-0-270> 270</a></span><span class=cl> - delete </span></span><span class=line><span class=ln id=hl-0-271><a class=lnlinks href=#hl-0-271> 271</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-272><a class=lnlinks href=#hl-0-272> 272</a></span><span class=cl> - admissionregistration.k8s.io </span></span><span class=line><span class=ln id=hl-0-273><a class=lnlinks href=#hl-0-273> 273</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-274><a class=lnlinks href=#hl-0-274> 274</a></span><span class=cl> - validatingwebhookconfigurations </span></span><span class=line><span class=ln id=hl-0-275><a class=lnlinks href=#hl-0-275> 275</a></span><span class=cl> - mutatingwebhookconfigurations </span></span><span class=line><span class=ln id=hl-0-276><a class=lnlinks href=#hl-0-276> 276</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-277><a class=lnlinks href=#hl-0-277> 277</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-278><a class=lnlinks href=#hl-0-278> 278</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-279><a class=lnlinks href=#hl-0-279> 279</a></span><span class=cl> - create </span></span><span class=line><span class=ln id=hl-0-280><a class=lnlinks href=#hl-0-280> 280</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-281><a class=lnlinks href=#hl-0-281> 281</a></span><span class=cl> - patch </span></span><span class=line><span class=ln id=hl-0-282><a class=lnlinks href=#hl-0-282> 282</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-283><a class=lnlinks href=#hl-0-283> 283</a></span><span class=cl> - delete </span></span><span class=line><span class=ln id=hl-0-284><a class=lnlinks href=#hl-0-284> 284</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-285><a class=lnlinks href=#hl-0-285> 285</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-allowed-provider-permissions.yaml</span> </span></span><span class=line><span class=ln id=hl-0-286><a class=lnlinks href=#hl-0-286> 286</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-287><a class=lnlinks href=#hl-0-287> 287</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-288><a class=lnlinks href=#hl-0-288> 288</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-289><a class=lnlinks href=#hl-0-289> 289</a></span><span class=cl> name: crossplane:allowed-provider-permissions </span></span><span class=line><span class=ln id=hl-0-290><a class=lnlinks href=#hl-0-290> 290</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-291><a class=lnlinks href=#hl-0-291> 291</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-292><a class=lnlinks href=#hl-0-292> 292</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-293><a class=lnlinks href=#hl-0-293> 293</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-294><a class=lnlinks href=#hl-0-294> 294</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-295><a class=lnlinks href=#hl-0-295> 295</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-296><a class=lnlinks href=#hl-0-296> 296</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-297><a class=lnlinks href=#hl-0-297> 297</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-298><a class=lnlinks href=#hl-0-298> 298</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-299><a class=lnlinks href=#hl-0-299> 299</a></span><span class=cl>aggregationRule: </span></span><span class=line><span class=ln id=hl-0-300><a class=lnlinks href=#hl-0-300> 300</a></span><span class=cl> clusterRoleSelectors: </span></span><span class=line><span class=ln id=hl-0-301><a class=lnlinks href=#hl-0-301> 301</a></span><span class=cl> - matchLabels: </span></span><span class=line><span class=ln id=hl-0-302><a class=lnlinks href=#hl-0-302> 302</a></span><span class=cl> rbac.crossplane.io/aggregate-to-allowed-provider-permissions: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-303><a class=lnlinks href=#hl-0-303> 303</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-304><a class=lnlinks href=#hl-0-304> 304</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-clusterrole.yaml</span> </span></span><span class=line><span class=ln id=hl-0-305><a class=lnlinks href=#hl-0-305> 305</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-306><a class=lnlinks href=#hl-0-306> 306</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-307><a class=lnlinks href=#hl-0-307> 307</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-308><a class=lnlinks href=#hl-0-308> 308</a></span><span class=cl> name: crossplane-rbac-manager </span></span><span class=line><span class=ln id=hl-0-309><a class=lnlinks href=#hl-0-309> 309</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-310><a class=lnlinks href=#hl-0-310> 310</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-311><a class=lnlinks href=#hl-0-311> 311</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-312><a class=lnlinks href=#hl-0-312> 312</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-313><a class=lnlinks href=#hl-0-313> 313</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-314><a class=lnlinks href=#hl-0-314> 314</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-315><a class=lnlinks href=#hl-0-315> 315</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-316><a class=lnlinks href=#hl-0-316> 316</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-317><a class=lnlinks href=#hl-0-317> 317</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-318><a class=lnlinks href=#hl-0-318> 318</a></span><span class=cl>rules: </span></span><span class=line><span class=ln id=hl-0-319><a class=lnlinks href=#hl-0-319> 319</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-320><a class=lnlinks href=#hl-0-320> 320</a></span><span class=cl> - <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-321><a class=lnlinks href=#hl-0-321> 321</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-322><a class=lnlinks href=#hl-0-322> 322</a></span><span class=cl> - events </span></span><span class=line><span class=ln id=hl-0-323><a class=lnlinks href=#hl-0-323> 323</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-324><a class=lnlinks href=#hl-0-324> 324</a></span><span class=cl> - create </span></span><span class=line><span class=ln id=hl-0-325><a class=lnlinks href=#hl-0-325> 325</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-326><a class=lnlinks href=#hl-0-326> 326</a></span><span class=cl> - patch </span></span><span class=line><span class=ln id=hl-0-327><a class=lnlinks href=#hl-0-327> 327</a></span><span class=cl> - delete </span></span><span class=line><span class=ln id=hl-0-328><a class=lnlinks href=#hl-0-328> 328</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-329><a class=lnlinks href=#hl-0-329> 329</a></span><span class=cl> - <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-330><a class=lnlinks href=#hl-0-330> 330</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-331><a class=lnlinks href=#hl-0-331> 331</a></span><span class=cl> - namespaces </span></span><span class=line><span class=ln id=hl-0-332><a class=lnlinks href=#hl-0-332> 332</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-333><a class=lnlinks href=#hl-0-333> 333</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-334><a class=lnlinks href=#hl-0-334> 334</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-335><a class=lnlinks href=#hl-0-335> 335</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-336><a class=lnlinks href=#hl-0-336> 336</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-337><a class=lnlinks href=#hl-0-337> 337</a></span><span class=cl> - apps </span></span><span class=line><span class=ln id=hl-0-338><a class=lnlinks href=#hl-0-338> 338</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-339><a class=lnlinks href=#hl-0-339> 339</a></span><span class=cl> - deployments </span></span><span class=line><span class=ln id=hl-0-340><a class=lnlinks href=#hl-0-340> 340</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-341><a class=lnlinks href=#hl-0-341> 341</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-342><a class=lnlinks href=#hl-0-342> 342</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-343><a class=lnlinks href=#hl-0-343> 343</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-344><a class=lnlinks href=#hl-0-344> 344</a></span><span class=cl><span class=c1># The RBAC manager creates a series of RBAC roles for each namespace it sees.</span> </span></span><span class=line><span class=ln id=hl-0-345><a class=lnlinks href=#hl-0-345> 345</a></span><span class=cl><span class=c1># These RBAC roles are controlled (in the owner reference sense) by the namespace.</span> </span></span><span class=line><span class=ln id=hl-0-346><a class=lnlinks href=#hl-0-346> 346</a></span><span class=cl><span class=c1># The RBAC manager needs permission to set finalizers on Namespaces in order to</span> </span></span><span class=line><span class=ln id=hl-0-347><a class=lnlinks href=#hl-0-347> 347</a></span><span class=cl><span class=c1># create resources that block their deletion when the</span> </span></span><span class=line><span class=ln id=hl-0-348><a class=lnlinks href=#hl-0-348> 348</a></span><span class=cl><span class=c1># OwnerReferencesPermissionEnforcement admission controller is enabled.</span> </span></span><span class=line><span class=ln id=hl-0-349><a class=lnlinks href=#hl-0-349> 349</a></span><span class=cl><span class=c1># See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement</span> </span></span><span class=line><span class=ln id=hl-0-350><a class=lnlinks href=#hl-0-350> 350</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-351><a class=lnlinks href=#hl-0-351> 351</a></span><span class=cl> - <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-352><a class=lnlinks href=#hl-0-352> 352</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-353><a class=lnlinks href=#hl-0-353> 353</a></span><span class=cl> - namespaces/finalizers </span></span><span class=line><span class=ln id=hl-0-354><a class=lnlinks href=#hl-0-354> 354</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-355><a class=lnlinks href=#hl-0-355> 355</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-356><a class=lnlinks href=#hl-0-356> 356</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-357><a class=lnlinks href=#hl-0-357> 357</a></span><span class=cl> - apiextensions.crossplane.io </span></span><span class=line><span class=ln id=hl-0-358><a class=lnlinks href=#hl-0-358> 358</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-359><a class=lnlinks href=#hl-0-359> 359</a></span><span class=cl> - compositeresourcedefinitions </span></span><span class=line><span class=ln id=hl-0-360><a class=lnlinks href=#hl-0-360> 360</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-361><a class=lnlinks href=#hl-0-361> 361</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-362><a class=lnlinks href=#hl-0-362> 362</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-363><a class=lnlinks href=#hl-0-363> 363</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-364><a class=lnlinks href=#hl-0-364> 364</a></span><span class=cl><span class=c1># The RBAC manager creates a series of RBAC cluster roles for each XRD it sees.</span> </span></span><span class=line><span class=ln id=hl-0-365><a class=lnlinks href=#hl-0-365> 365</a></span><span class=cl><span class=c1># These cluster roles are controlled (in the owner reference sense) by the XRD.</span> </span></span><span class=line><span class=ln id=hl-0-366><a class=lnlinks href=#hl-0-366> 366</a></span><span class=cl><span class=c1># The RBAC manager needs permission to set finalizers on XRDs in order to</span> </span></span><span class=line><span class=ln id=hl-0-367><a class=lnlinks href=#hl-0-367> 367</a></span><span class=cl><span class=c1># create resources that block their deletion when the</span> </span></span><span class=line><span class=ln id=hl-0-368><a class=lnlinks href=#hl-0-368> 368</a></span><span class=cl><span class=c1># OwnerReferencesPermissionEnforcement admission controller is enabled.</span> </span></span><span class=line><span class=ln id=hl-0-369><a class=lnlinks href=#hl-0-369> 369</a></span><span class=cl><span class=c1># See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement</span> </span></span><span class=line><span class=ln id=hl-0-370><a class=lnlinks href=#hl-0-370> 370</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-371><a class=lnlinks href=#hl-0-371> 371</a></span><span class=cl> - apiextensions.crossplane.io </span></span><span class=line><span class=ln id=hl-0-372><a class=lnlinks href=#hl-0-372> 372</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-373><a class=lnlinks href=#hl-0-373> 373</a></span><span class=cl> - compositeresourcedefinitions/finalizers </span></span><span class=line><span class=ln id=hl-0-374><a class=lnlinks href=#hl-0-374> 374</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-375><a class=lnlinks href=#hl-0-375> 375</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-376><a class=lnlinks href=#hl-0-376> 376</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-377><a class=lnlinks href=#hl-0-377> 377</a></span><span class=cl> - pkg.crossplane.io </span></span><span class=line><span class=ln id=hl-0-378><a class=lnlinks href=#hl-0-378> 378</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-379><a class=lnlinks href=#hl-0-379> 379</a></span><span class=cl> - providerrevisions </span></span><span class=line><span class=ln id=hl-0-380><a class=lnlinks href=#hl-0-380> 380</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-381><a class=lnlinks href=#hl-0-381> 381</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-382><a class=lnlinks href=#hl-0-382> 382</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-383><a class=lnlinks href=#hl-0-383> 383</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-384><a class=lnlinks href=#hl-0-384> 384</a></span><span class=cl><span class=c1># The RBAC manager creates a series of RBAC cluster roles for each ProviderRevision</span> </span></span><span class=line><span class=ln id=hl-0-385><a class=lnlinks href=#hl-0-385> 385</a></span><span class=cl><span class=c1># it sees. These cluster roles are controlled (in the owner reference sense) by the</span> </span></span><span class=line><span class=ln id=hl-0-386><a class=lnlinks href=#hl-0-386> 386</a></span><span class=cl><span class=c1># ProviderRevision. The RBAC manager needs permission to set finalizers on</span> </span></span><span class=line><span class=ln id=hl-0-387><a class=lnlinks href=#hl-0-387> 387</a></span><span class=cl><span class=c1># ProviderRevisions in order to create resources that block their deletion when the</span> </span></span><span class=line><span class=ln id=hl-0-388><a class=lnlinks href=#hl-0-388> 388</a></span><span class=cl><span class=c1># OwnerReferencesPermissionEnforcement admission controller is enabled.</span> </span></span><span class=line><span class=ln id=hl-0-389><a class=lnlinks href=#hl-0-389> 389</a></span><span class=cl><span class=c1># See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement</span> </span></span><span class=line><span class=ln id=hl-0-390><a class=lnlinks href=#hl-0-390> 390</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-391><a class=lnlinks href=#hl-0-391> 391</a></span><span class=cl> - pkg.crossplane.io </span></span><span class=line><span class=ln id=hl-0-392><a class=lnlinks href=#hl-0-392> 392</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-393><a class=lnlinks href=#hl-0-393> 393</a></span><span class=cl> - providerrevisions/finalizers </span></span><span class=line><span class=ln id=hl-0-394><a class=lnlinks href=#hl-0-394> 394</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-395><a class=lnlinks href=#hl-0-395> 395</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-396><a class=lnlinks href=#hl-0-396> 396</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-397><a class=lnlinks href=#hl-0-397> 397</a></span><span class=cl> - apiextensions.k8s.io </span></span><span class=line><span class=ln id=hl-0-398><a class=lnlinks href=#hl-0-398> 398</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-399><a class=lnlinks href=#hl-0-399> 399</a></span><span class=cl> - customresourcedefinitions </span></span><span class=line><span class=ln id=hl-0-400><a class=lnlinks href=#hl-0-400> 400</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-401><a class=lnlinks href=#hl-0-401> 401</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-402><a class=lnlinks href=#hl-0-402> 402</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-403><a class=lnlinks href=#hl-0-403> 403</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-404><a class=lnlinks href=#hl-0-404> 404</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-405><a class=lnlinks href=#hl-0-405> 405</a></span><span class=cl> - rbac.authorization.k8s.io </span></span><span class=line><span class=ln id=hl-0-406><a class=lnlinks href=#hl-0-406> 406</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-407><a class=lnlinks href=#hl-0-407> 407</a></span><span class=cl> - clusterroles </span></span><span class=line><span class=ln id=hl-0-408><a class=lnlinks href=#hl-0-408> 408</a></span><span class=cl> - roles </span></span><span class=line><span class=ln id=hl-0-409><a class=lnlinks href=#hl-0-409> 409</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-410><a class=lnlinks href=#hl-0-410> 410</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-411><a class=lnlinks href=#hl-0-411> 411</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-412><a class=lnlinks href=#hl-0-412> 412</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-413><a class=lnlinks href=#hl-0-413> 413</a></span><span class=cl> - create </span></span><span class=line><span class=ln id=hl-0-414><a class=lnlinks href=#hl-0-414> 414</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-415><a class=lnlinks href=#hl-0-415> 415</a></span><span class=cl> - patch </span></span><span class=line><span class=ln id=hl-0-416><a class=lnlinks href=#hl-0-416> 416</a></span><span class=cl> <span class=c1># The RBAC manager may grant access it does not have.</span> </span></span><span class=line><span class=ln id=hl-0-417><a class=lnlinks href=#hl-0-417> 417</a></span><span class=cl> - escalate </span></span><span class=line><span class=ln id=hl-0-418><a class=lnlinks href=#hl-0-418> 418</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-419><a class=lnlinks href=#hl-0-419> 419</a></span><span class=cl> - rbac.authorization.k8s.io </span></span><span class=line><span class=ln id=hl-0-420><a class=lnlinks href=#hl-0-420> 420</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-421><a class=lnlinks href=#hl-0-421> 421</a></span><span class=cl> - clusterroles </span></span><span class=line><span class=ln id=hl-0-422><a class=lnlinks href=#hl-0-422> 422</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-423><a class=lnlinks href=#hl-0-423> 423</a></span><span class=cl> - <span class=nb>bind</span> </span></span><span class=line><span class=ln id=hl-0-424><a class=lnlinks href=#hl-0-424> 424</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-425><a class=lnlinks href=#hl-0-425> 425</a></span><span class=cl> - rbac.authorization.k8s.io </span></span><span class=line><span class=ln id=hl-0-426><a class=lnlinks href=#hl-0-426> 426</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-427><a class=lnlinks href=#hl-0-427> 427</a></span><span class=cl> - clusterrolebindings </span></span><span class=line><span class=ln id=hl-0-428><a class=lnlinks href=#hl-0-428> 428</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-429><a class=lnlinks href=#hl-0-429> 429</a></span><span class=cl> - <span class=s2>"*"</span> </span></span><span class=line><span class=ln id=hl-0-430><a class=lnlinks href=#hl-0-430> 430</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-431><a class=lnlinks href=#hl-0-431> 431</a></span><span class=cl> - <span class=s2>""</span> </span></span><span class=line><span class=ln id=hl-0-432><a class=lnlinks href=#hl-0-432> 432</a></span><span class=cl> - coordination.k8s.io </span></span><span class=line><span class=ln id=hl-0-433><a class=lnlinks href=#hl-0-433> 433</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-434><a class=lnlinks href=#hl-0-434> 434</a></span><span class=cl> - configmaps </span></span><span class=line><span class=ln id=hl-0-435><a class=lnlinks href=#hl-0-435> 435</a></span><span class=cl> - leases </span></span><span class=line><span class=ln id=hl-0-436><a class=lnlinks href=#hl-0-436> 436</a></span><span class=cl> verbs: </span></span><span class=line><span class=ln id=hl-0-437><a class=lnlinks href=#hl-0-437> 437</a></span><span class=cl> - get </span></span><span class=line><span class=ln id=hl-0-438><a class=lnlinks href=#hl-0-438> 438</a></span><span class=cl> - list </span></span><span class=line><span class=ln id=hl-0-439><a class=lnlinks href=#hl-0-439> 439</a></span><span class=cl> - create </span></span><span class=line><span class=ln id=hl-0-440><a class=lnlinks href=#hl-0-440> 440</a></span><span class=cl> - update </span></span><span class=line><span class=ln id=hl-0-441><a class=lnlinks href=#hl-0-441> 441</a></span><span class=cl> - patch </span></span><span class=line><span class=ln id=hl-0-442><a class=lnlinks href=#hl-0-442> 442</a></span><span class=cl> - watch </span></span><span class=line><span class=ln id=hl-0-443><a class=lnlinks href=#hl-0-443> 443</a></span><span class=cl> - delete </span></span><span class=line><span class=ln id=hl-0-444><a class=lnlinks href=#hl-0-444> 444</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-445><a class=lnlinks href=#hl-0-445> 445</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-446><a class=lnlinks href=#hl-0-446> 446</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-447><a class=lnlinks href=#hl-0-447> 447</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-448><a class=lnlinks href=#hl-0-448> 448</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-449><a class=lnlinks href=#hl-0-449> 449</a></span><span class=cl> name: crossplane-admin </span></span><span class=line><span class=ln id=hl-0-450><a class=lnlinks href=#hl-0-450> 450</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-451><a class=lnlinks href=#hl-0-451> 451</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-452><a class=lnlinks href=#hl-0-452> 452</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-453><a class=lnlinks href=#hl-0-453> 453</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-454><a class=lnlinks href=#hl-0-454> 454</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-455><a class=lnlinks href=#hl-0-455> 455</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-456><a class=lnlinks href=#hl-0-456> 456</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-457><a class=lnlinks href=#hl-0-457> 457</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-458><a class=lnlinks href=#hl-0-458> 458</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-459><a class=lnlinks href=#hl-0-459> 459</a></span><span class=cl>aggregationRule: </span></span><span class=line><span class=ln id=hl-0-460><a class=lnlinks href=#hl-0-460> 460</a></span><span class=cl> clusterRoleSelectors: </span></span><span class=line><span class=ln id=hl-0-461><a class=lnlinks href=#hl-0-461> 461</a></span><span class=cl> - matchLabels: </span></span><span class=line><span class=ln id=hl-0-462><a class=lnlinks href=#hl-0-462> 462</a></span><span class=cl> rbac.crossplane.io/aggregate-to-admin: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-463><a class=lnlinks href=#hl-0-463> 463</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-464><a class=lnlinks href=#hl-0-464> 464</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-465><a class=lnlinks href=#hl-0-465> 465</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-466><a class=lnlinks href=#hl-0-466> 466</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-467><a class=lnlinks href=#hl-0-467> 467</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-468><a class=lnlinks href=#hl-0-468> 468</a></span><span class=cl> name: crossplane-edit </span></span><span class=line><span class=ln id=hl-0-469><a class=lnlinks href=#hl-0-469> 469</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-470><a class=lnlinks href=#hl-0-470> 470</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-471><a class=lnlinks href=#hl-0-471> 471</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-472><a class=lnlinks href=#hl-0-472> 472</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-473><a class=lnlinks href=#hl-0-473> 473</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-474><a class=lnlinks href=#hl-0-474> 474</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-475><a class=lnlinks href=#hl-0-475> 475</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-476><a class=lnlinks href=#hl-0-476> 476</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-477><a class=lnlinks href=#hl-0-477> 477</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-478><a class=lnlinks href=#hl-0-478> 478</a></span><span class=cl>aggregationRule: </span></span><span class=line><span class=ln id=hl-0-479><a class=lnlinks href=#hl-0-479> 479</a></span><span class=cl> clusterRoleSelectors: </span></span><span class=line><span class=ln id=hl-0-480><a class=lnlinks href=#hl-0-480> 480</a></span><span class=cl> - matchLabels: </span></span><span class=line><span class=ln id=hl-0-481><a class=lnlinks href=#hl-0-481> 481</a></span><span class=cl> rbac.crossplane.io/aggregate-to-edit: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-482><a class=lnlinks href=#hl-0-482> 482</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-483><a class=lnlinks href=#hl-0-483> 483</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-484><a class=lnlinks href=#hl-0-484> 484</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-485><a class=lnlinks href=#hl-0-485> 485</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-486><a class=lnlinks href=#hl-0-486> 486</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-487><a class=lnlinks href=#hl-0-487> 487</a></span><span class=cl> name: crossplane-view </span></span><span class=line><span class=ln id=hl-0-488><a class=lnlinks href=#hl-0-488> 488</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-489><a class=lnlinks href=#hl-0-489> 489</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-490><a class=lnlinks href=#hl-0-490> 490</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-491><a class=lnlinks href=#hl-0-491> 491</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-492><a class=lnlinks href=#hl-0-492> 492</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-493><a class=lnlinks href=#hl-0-493> 493</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-494><a class=lnlinks href=#hl-0-494> 494</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-495><a class=lnlinks href=#hl-0-495> 495</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-496><a class=lnlinks href=#hl-0-496> 496</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-497><a class=lnlinks href=#hl-0-497> 497</a></span><span class=cl>aggregationRule: </span></span><span class=line><span class=ln id=hl-0-498><a class=lnlinks href=#hl-0-498> 498</a></span><span class=cl> clusterRoleSelectors: </span></span><span class=line><span class=ln id=hl-0-499><a class=lnlinks href=#hl-0-499> 499</a></span><span class=cl> - matchLabels: </span></span><span class=line><span class=ln id=hl-0-500><a class=lnlinks href=#hl-0-500> 500</a></span><span class=cl> rbac.crossplane.io/aggregate-to-view: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-501><a class=lnlinks href=#hl-0-501> 501</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-502><a class=lnlinks href=#hl-0-502> 502</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-503><a class=lnlinks href=#hl-0-503> 503</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-504><a class=lnlinks href=#hl-0-504> 504</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-505><a class=lnlinks href=#hl-0-505> 505</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-506><a class=lnlinks href=#hl-0-506> 506</a></span><span class=cl> name: crossplane-browse </span></span><span class=line><span class=ln id=hl-0-507><a class=lnlinks href=#hl-0-507> 507</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-508><a class=lnlinks href=#hl-0-508> 508</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-509><a class=lnlinks href=#hl-0-509> 509</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-510><a class=lnlinks href=#hl-0-510> 510</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-511><a class=lnlinks href=#hl-0-511> 511</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-512><a class=lnlinks href=#hl-0-512> 512</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-513><a class=lnlinks href=#hl-0-513> 513</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-514><a class=lnlinks href=#hl-0-514> 514</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-515><a class=lnlinks href=#hl-0-515> 515</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-516><a class=lnlinks href=#hl-0-516> 516</a></span><span class=cl>aggregationRule: </span></span><span class=line><span class=ln id=hl-0-517><a class=lnlinks href=#hl-0-517> 517</a></span><span class=cl> clusterRoleSelectors: </span></span><span class=line><span class=ln id=hl-0-518><a class=lnlinks href=#hl-0-518> 518</a></span><span class=cl> - matchLabels: </span></span><span class=line><span class=ln id=hl-0-519><a class=lnlinks href=#hl-0-519> 519</a></span><span class=cl> rbac.crossplane.io/aggregate-to-browse: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-520><a class=lnlinks href=#hl-0-520> 520</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-521><a class=lnlinks href=#hl-0-521> 521</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-522><a class=lnlinks href=#hl-0-522> 522</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-523><a class=lnlinks href=#hl-0-523> 523</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-524><a class=lnlinks href=#hl-0-524> 524</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-525><a class=lnlinks href=#hl-0-525> 525</a></span><span class=cl> name: crossplane:aggregate-to-admin </span></span><span class=line><span class=ln id=hl-0-526><a class=lnlinks href=#hl-0-526> 526</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-527><a class=lnlinks href=#hl-0-527> 527</a></span><span class=cl> rbac.crossplane.io/aggregate-to-admin: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-528><a class=lnlinks href=#hl-0-528> 528</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-529><a class=lnlinks href=#hl-0-529> 529</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-530><a class=lnlinks href=#hl-0-530> 530</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-531><a class=lnlinks href=#hl-0-531> 531</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-532><a class=lnlinks href=#hl-0-532> 532</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-533><a class=lnlinks href=#hl-0-533> 533</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-534><a class=lnlinks href=#hl-0-534> 534</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-535><a class=lnlinks href=#hl-0-535> 535</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-536><a class=lnlinks href=#hl-0-536> 536</a></span><span class=cl>rules: </span></span><span class=line><span class=ln id=hl-0-537><a class=lnlinks href=#hl-0-537> 537</a></span><span class=cl><span class=c1># Crossplane administrators have access to view events.</span> </span></span><span class=line><span class=ln id=hl-0-538><a class=lnlinks href=#hl-0-538> 538</a></span><span class=cl>- apiGroups: <span class=o>[</span><span class=s2>""</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-539><a class=lnlinks href=#hl-0-539> 539</a></span><span class=cl> resources: <span class=o>[</span>events<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-540><a class=lnlinks href=#hl-0-540> 540</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-541><a class=lnlinks href=#hl-0-541> 541</a></span><span class=cl><span class=c1># Crossplane administrators must create provider credential secrets, and may</span> </span></span><span class=line><span class=ln id=hl-0-542><a class=lnlinks href=#hl-0-542> 542</a></span><span class=cl><span class=c1># need to read or otherwise interact with connection secrets. They may also need</span> </span></span><span class=line><span class=ln id=hl-0-543><a class=lnlinks href=#hl-0-543> 543</a></span><span class=cl><span class=c1># to create or annotate namespaces.</span> </span></span><span class=line><span class=ln id=hl-0-544><a class=lnlinks href=#hl-0-544> 544</a></span><span class=cl>- apiGroups: <span class=o>[</span><span class=s2>""</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-545><a class=lnlinks href=#hl-0-545> 545</a></span><span class=cl> resources: <span class=o>[</span>secrets, namespaces<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-546><a class=lnlinks href=#hl-0-546> 546</a></span><span class=cl> verbs: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-547><a class=lnlinks href=#hl-0-547> 547</a></span><span class=cl><span class=c1># Crossplane administrators have access to view the roles that they may be able</span> </span></span><span class=line><span class=ln id=hl-0-548><a class=lnlinks href=#hl-0-548> 548</a></span><span class=cl><span class=c1># to grant to other subjects.</span> </span></span><span class=line><span class=ln id=hl-0-549><a class=lnlinks href=#hl-0-549> 549</a></span><span class=cl>- apiGroups: <span class=o>[</span>rbac.authorization.k8s.io<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-550><a class=lnlinks href=#hl-0-550> 550</a></span><span class=cl> resources: <span class=o>[</span>clusterroles, roles<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-551><a class=lnlinks href=#hl-0-551> 551</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-552><a class=lnlinks href=#hl-0-552> 552</a></span><span class=cl><span class=c1># Crossplane administrators have access to grant the access they have to other</span> </span></span><span class=line><span class=ln id=hl-0-553><a class=lnlinks href=#hl-0-553> 553</a></span><span class=cl><span class=c1># subjects.</span> </span></span><span class=line><span class=ln id=hl-0-554><a class=lnlinks href=#hl-0-554> 554</a></span><span class=cl>- apiGroups: <span class=o>[</span>rbac.authorization.k8s.io<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-555><a class=lnlinks href=#hl-0-555> 555</a></span><span class=cl> resources: <span class=o>[</span>clusterrolebindings, rolebindings<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-556><a class=lnlinks href=#hl-0-556> 556</a></span><span class=cl> verbs: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-557><a class=lnlinks href=#hl-0-557> 557</a></span><span class=cl><span class=c1># Crossplane administrators have full access to built in Crossplane types.</span> </span></span><span class=line><span class=ln id=hl-0-558><a class=lnlinks href=#hl-0-558> 558</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-559><a class=lnlinks href=#hl-0-559> 559</a></span><span class=cl> - apiextensions.crossplane.io </span></span><span class=line><span class=ln id=hl-0-560><a class=lnlinks href=#hl-0-560> 560</a></span><span class=cl> resources: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-561><a class=lnlinks href=#hl-0-561> 561</a></span><span class=cl> verbs: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-562><a class=lnlinks href=#hl-0-562> 562</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-563><a class=lnlinks href=#hl-0-563> 563</a></span><span class=cl> - pkg.crossplane.io </span></span><span class=line><span class=ln id=hl-0-564><a class=lnlinks href=#hl-0-564> 564</a></span><span class=cl> resources: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-565><a class=lnlinks href=#hl-0-565> 565</a></span><span class=cl> verbs: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-566><a class=lnlinks href=#hl-0-566> 566</a></span><span class=cl><span class=c1># Crossplane administrators have access to view CRDs in order to debug XRDs.</span> </span></span><span class=line><span class=ln id=hl-0-567><a class=lnlinks href=#hl-0-567> 567</a></span><span class=cl>- apiGroups: <span class=o>[</span>apiextensions.k8s.io<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-568><a class=lnlinks href=#hl-0-568> 568</a></span><span class=cl> resources: <span class=o>[</span>customresourcedefinitions<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-569><a class=lnlinks href=#hl-0-569> 569</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-570><a class=lnlinks href=#hl-0-570> 570</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-571><a class=lnlinks href=#hl-0-571> 571</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-572><a class=lnlinks href=#hl-0-572> 572</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-573><a class=lnlinks href=#hl-0-573> 573</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-574><a class=lnlinks href=#hl-0-574> 574</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-575><a class=lnlinks href=#hl-0-575> 575</a></span><span class=cl> name: crossplane:aggregate-to-edit </span></span><span class=line><span class=ln id=hl-0-576><a class=lnlinks href=#hl-0-576> 576</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-577><a class=lnlinks href=#hl-0-577> 577</a></span><span class=cl> rbac.crossplane.io/aggregate-to-edit: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-578><a class=lnlinks href=#hl-0-578> 578</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-579><a class=lnlinks href=#hl-0-579> 579</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-580><a class=lnlinks href=#hl-0-580> 580</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-581><a class=lnlinks href=#hl-0-581> 581</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-582><a class=lnlinks href=#hl-0-582> 582</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-583><a class=lnlinks href=#hl-0-583> 583</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-584><a class=lnlinks href=#hl-0-584> 584</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-585><a class=lnlinks href=#hl-0-585> 585</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-586><a class=lnlinks href=#hl-0-586> 586</a></span><span class=cl>rules: </span></span><span class=line><span class=ln id=hl-0-587><a class=lnlinks href=#hl-0-587> 587</a></span><span class=cl><span class=c1># Crossplane editors have access to view events.</span> </span></span><span class=line><span class=ln id=hl-0-588><a class=lnlinks href=#hl-0-588> 588</a></span><span class=cl>- apiGroups: <span class=o>[</span><span class=s2>""</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-589><a class=lnlinks href=#hl-0-589> 589</a></span><span class=cl> resources: <span class=o>[</span>events<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-590><a class=lnlinks href=#hl-0-590> 590</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-591><a class=lnlinks href=#hl-0-591> 591</a></span><span class=cl><span class=c1># Crossplane editors must create provider credential secrets, and may need to</span> </span></span><span class=line><span class=ln id=hl-0-592><a class=lnlinks href=#hl-0-592> 592</a></span><span class=cl><span class=c1># read or otherwise interact with connection secrets.</span> </span></span><span class=line><span class=ln id=hl-0-593><a class=lnlinks href=#hl-0-593> 593</a></span><span class=cl>- apiGroups: <span class=o>[</span><span class=s2>""</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-594><a class=lnlinks href=#hl-0-594> 594</a></span><span class=cl> resources: <span class=o>[</span>secrets<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-595><a class=lnlinks href=#hl-0-595> 595</a></span><span class=cl> verbs: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-596><a class=lnlinks href=#hl-0-596> 596</a></span><span class=cl><span class=c1># Crossplane editors may see which namespaces exist, but not edit them.</span> </span></span><span class=line><span class=ln id=hl-0-597><a class=lnlinks href=#hl-0-597> 597</a></span><span class=cl>- apiGroups: <span class=o>[</span><span class=s2>""</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-598><a class=lnlinks href=#hl-0-598> 598</a></span><span class=cl> resources: <span class=o>[</span>namespaces<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-599><a class=lnlinks href=#hl-0-599> 599</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-600><a class=lnlinks href=#hl-0-600> 600</a></span><span class=cl><span class=c1># Crossplane editors have full access to built in Crossplane types.</span> </span></span><span class=line><span class=ln id=hl-0-601><a class=lnlinks href=#hl-0-601> 601</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-602><a class=lnlinks href=#hl-0-602> 602</a></span><span class=cl> - apiextensions.crossplane.io </span></span><span class=line><span class=ln id=hl-0-603><a class=lnlinks href=#hl-0-603> 603</a></span><span class=cl> resources: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-604><a class=lnlinks href=#hl-0-604> 604</a></span><span class=cl> verbs: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-605><a class=lnlinks href=#hl-0-605> 605</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-606><a class=lnlinks href=#hl-0-606> 606</a></span><span class=cl> - pkg.crossplane.io </span></span><span class=line><span class=ln id=hl-0-607><a class=lnlinks href=#hl-0-607> 607</a></span><span class=cl> resources: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-608><a class=lnlinks href=#hl-0-608> 608</a></span><span class=cl> verbs: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-609><a class=lnlinks href=#hl-0-609> 609</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-610><a class=lnlinks href=#hl-0-610> 610</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-611><a class=lnlinks href=#hl-0-611> 611</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-612><a class=lnlinks href=#hl-0-612> 612</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-613><a class=lnlinks href=#hl-0-613> 613</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-614><a class=lnlinks href=#hl-0-614> 614</a></span><span class=cl> name: crossplane:aggregate-to-view </span></span><span class=line><span class=ln id=hl-0-615><a class=lnlinks href=#hl-0-615> 615</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-616><a class=lnlinks href=#hl-0-616> 616</a></span><span class=cl> rbac.crossplane.io/aggregate-to-view: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-617><a class=lnlinks href=#hl-0-617> 617</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-618><a class=lnlinks href=#hl-0-618> 618</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-619><a class=lnlinks href=#hl-0-619> 619</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-620><a class=lnlinks href=#hl-0-620> 620</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-621><a class=lnlinks href=#hl-0-621> 621</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-622><a class=lnlinks href=#hl-0-622> 622</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-623><a class=lnlinks href=#hl-0-623> 623</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-624><a class=lnlinks href=#hl-0-624> 624</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-625><a class=lnlinks href=#hl-0-625> 625</a></span><span class=cl>rules: </span></span><span class=line><span class=ln id=hl-0-626><a class=lnlinks href=#hl-0-626> 626</a></span><span class=cl><span class=c1># Crossplane viewers have access to view events.</span> </span></span><span class=line><span class=ln id=hl-0-627><a class=lnlinks href=#hl-0-627> 627</a></span><span class=cl>- apiGroups: <span class=o>[</span><span class=s2>""</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-628><a class=lnlinks href=#hl-0-628> 628</a></span><span class=cl> resources: <span class=o>[</span>events<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-629><a class=lnlinks href=#hl-0-629> 629</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-630><a class=lnlinks href=#hl-0-630> 630</a></span><span class=cl><span class=c1># Crossplane viewers may see which namespaces exist.</span> </span></span><span class=line><span class=ln id=hl-0-631><a class=lnlinks href=#hl-0-631> 631</a></span><span class=cl>- apiGroups: <span class=o>[</span><span class=s2>""</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-632><a class=lnlinks href=#hl-0-632> 632</a></span><span class=cl> resources: <span class=o>[</span>namespaces<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-633><a class=lnlinks href=#hl-0-633> 633</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-634><a class=lnlinks href=#hl-0-634> 634</a></span><span class=cl><span class=c1># Crossplane viewers have read-only access to built in Crossplane types.</span> </span></span><span class=line><span class=ln id=hl-0-635><a class=lnlinks href=#hl-0-635> 635</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-636><a class=lnlinks href=#hl-0-636> 636</a></span><span class=cl> - apiextensions.crossplane.io </span></span><span class=line><span class=ln id=hl-0-637><a class=lnlinks href=#hl-0-637> 637</a></span><span class=cl> resources: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-638><a class=lnlinks href=#hl-0-638> 638</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-639><a class=lnlinks href=#hl-0-639> 639</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-640><a class=lnlinks href=#hl-0-640> 640</a></span><span class=cl> - pkg.crossplane.io </span></span><span class=line><span class=ln id=hl-0-641><a class=lnlinks href=#hl-0-641> 641</a></span><span class=cl> resources: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-642><a class=lnlinks href=#hl-0-642> 642</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-643><a class=lnlinks href=#hl-0-643> 643</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-644><a class=lnlinks href=#hl-0-644> 644</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-645><a class=lnlinks href=#hl-0-645> 645</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-646><a class=lnlinks href=#hl-0-646> 646</a></span><span class=cl>kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-647><a class=lnlinks href=#hl-0-647> 647</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-648><a class=lnlinks href=#hl-0-648> 648</a></span><span class=cl> name: crossplane:aggregate-to-browse </span></span><span class=line><span class=ln id=hl-0-649><a class=lnlinks href=#hl-0-649> 649</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-650><a class=lnlinks href=#hl-0-650> 650</a></span><span class=cl> rbac.crossplane.io/aggregate-to-browse: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-651><a class=lnlinks href=#hl-0-651> 651</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-652><a class=lnlinks href=#hl-0-652> 652</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-653><a class=lnlinks href=#hl-0-653> 653</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-654><a class=lnlinks href=#hl-0-654> 654</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-655><a class=lnlinks href=#hl-0-655> 655</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-656><a class=lnlinks href=#hl-0-656> 656</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-657><a class=lnlinks href=#hl-0-657> 657</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-658><a class=lnlinks href=#hl-0-658> 658</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-659><a class=lnlinks href=#hl-0-659> 659</a></span><span class=cl>rules: </span></span><span class=line><span class=ln id=hl-0-660><a class=lnlinks href=#hl-0-660> 660</a></span><span class=cl><span class=c1># Crossplane browsers have access to view events.</span> </span></span><span class=line><span class=ln id=hl-0-661><a class=lnlinks href=#hl-0-661> 661</a></span><span class=cl>- apiGroups: <span class=o>[</span><span class=s2>""</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-662><a class=lnlinks href=#hl-0-662> 662</a></span><span class=cl> resources: <span class=o>[</span>events<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-663><a class=lnlinks href=#hl-0-663> 663</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-664><a class=lnlinks href=#hl-0-664> 664</a></span><span class=cl><span class=c1># Crossplane browsers have read-only access to compositions and XRDs. This</span> </span></span><span class=line><span class=ln id=hl-0-665><a class=lnlinks href=#hl-0-665> 665</a></span><span class=cl><span class=c1># allows them to discover and select an appropriate composition when creating a</span> </span></span><span class=line><span class=ln id=hl-0-666><a class=lnlinks href=#hl-0-666> 666</a></span><span class=cl><span class=c1># resource claim.</span> </span></span><span class=line><span class=ln id=hl-0-667><a class=lnlinks href=#hl-0-667> 667</a></span><span class=cl>- apiGroups: </span></span><span class=line><span class=ln id=hl-0-668><a class=lnlinks href=#hl-0-668> 668</a></span><span class=cl> - apiextensions.crossplane.io </span></span><span class=line><span class=ln id=hl-0-669><a class=lnlinks href=#hl-0-669> 669</a></span><span class=cl> resources: <span class=o>[</span><span class=s2>"*"</span><span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-670><a class=lnlinks href=#hl-0-670> 670</a></span><span class=cl> verbs: <span class=o>[</span>get, list, watch<span class=o>]</span> </span></span><span class=line><span class=ln id=hl-0-671><a class=lnlinks href=#hl-0-671> 671</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-672><a class=lnlinks href=#hl-0-672> 672</a></span><span class=cl><span class=c1># Source: crossplane/templates/clusterrolebinding.yaml</span> </span></span><span class=line><span class=ln id=hl-0-673><a class=lnlinks href=#hl-0-673> 673</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-674><a class=lnlinks href=#hl-0-674> 674</a></span><span class=cl>kind: ClusterRoleBinding </span></span><span class=line><span class=ln id=hl-0-675><a class=lnlinks href=#hl-0-675> 675</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-676><a class=lnlinks href=#hl-0-676> 676</a></span><span class=cl> name: crossplane </span></span><span class=line><span class=ln id=hl-0-677><a class=lnlinks href=#hl-0-677> 677</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-678><a class=lnlinks href=#hl-0-678> 678</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-679><a class=lnlinks href=#hl-0-679> 679</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-680><a class=lnlinks href=#hl-0-680> 680</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-681><a class=lnlinks href=#hl-0-681> 681</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-682><a class=lnlinks href=#hl-0-682> 682</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-683><a class=lnlinks href=#hl-0-683> 683</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-684><a class=lnlinks href=#hl-0-684> 684</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-685><a class=lnlinks href=#hl-0-685> 685</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-686><a class=lnlinks href=#hl-0-686> 686</a></span><span class=cl>roleRef: </span></span><span class=line><span class=ln id=hl-0-687><a class=lnlinks href=#hl-0-687> 687</a></span><span class=cl> apiGroup: rbac.authorization.k8s.io </span></span><span class=line><span class=ln id=hl-0-688><a class=lnlinks href=#hl-0-688> 688</a></span><span class=cl> kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-689><a class=lnlinks href=#hl-0-689> 689</a></span><span class=cl> name: crossplane </span></span><span class=line><span class=ln id=hl-0-690><a class=lnlinks href=#hl-0-690> 690</a></span><span class=cl>subjects: </span></span><span class=line><span class=ln id=hl-0-691><a class=lnlinks href=#hl-0-691> 691</a></span><span class=cl>- kind: ServiceAccount </span></span><span class=line><span class=ln id=hl-0-692><a class=lnlinks href=#hl-0-692> 692</a></span><span class=cl> name: crossplane </span></span><span class=line><span class=ln id=hl-0-693><a class=lnlinks href=#hl-0-693> 693</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-694><a class=lnlinks href=#hl-0-694> 694</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-695><a class=lnlinks href=#hl-0-695> 695</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-clusterrolebinding.yaml</span> </span></span><span class=line><span class=ln id=hl-0-696><a class=lnlinks href=#hl-0-696> 696</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-697><a class=lnlinks href=#hl-0-697> 697</a></span><span class=cl>kind: ClusterRoleBinding </span></span><span class=line><span class=ln id=hl-0-698><a class=lnlinks href=#hl-0-698> 698</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-699><a class=lnlinks href=#hl-0-699> 699</a></span><span class=cl> name: crossplane-rbac-manager </span></span><span class=line><span class=ln id=hl-0-700><a class=lnlinks href=#hl-0-700> 700</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-701><a class=lnlinks href=#hl-0-701> 701</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-702><a class=lnlinks href=#hl-0-702> 702</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-703><a class=lnlinks href=#hl-0-703> 703</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-704><a class=lnlinks href=#hl-0-704> 704</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-705><a class=lnlinks href=#hl-0-705> 705</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-706><a class=lnlinks href=#hl-0-706> 706</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-707><a class=lnlinks href=#hl-0-707> 707</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-708><a class=lnlinks href=#hl-0-708> 708</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-709><a class=lnlinks href=#hl-0-709> 709</a></span><span class=cl>roleRef: </span></span><span class=line><span class=ln id=hl-0-710><a class=lnlinks href=#hl-0-710> 710</a></span><span class=cl> apiGroup: rbac.authorization.k8s.io </span></span><span class=line><span class=ln id=hl-0-711><a class=lnlinks href=#hl-0-711> 711</a></span><span class=cl> kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-712><a class=lnlinks href=#hl-0-712> 712</a></span><span class=cl> name: crossplane-rbac-manager </span></span><span class=line><span class=ln id=hl-0-713><a class=lnlinks href=#hl-0-713> 713</a></span><span class=cl>subjects: </span></span><span class=line><span class=ln id=hl-0-714><a class=lnlinks href=#hl-0-714> 714</a></span><span class=cl>- kind: ServiceAccount </span></span><span class=line><span class=ln id=hl-0-715><a class=lnlinks href=#hl-0-715> 715</a></span><span class=cl> name: rbac-manager </span></span><span class=line><span class=ln id=hl-0-716><a class=lnlinks href=#hl-0-716> 716</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-717><a class=lnlinks href=#hl-0-717> 717</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-718><a class=lnlinks href=#hl-0-718> 718</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-managed-clusterroles.yaml</span> </span></span><span class=line><span class=ln id=hl-0-719><a class=lnlinks href=#hl-0-719> 719</a></span><span class=cl>apiVersion: rbac.authorization.k8s.io/v1 </span></span><span class=line><span class=ln id=hl-0-720><a class=lnlinks href=#hl-0-720> 720</a></span><span class=cl>kind: ClusterRoleBinding </span></span><span class=line><span class=ln id=hl-0-721><a class=lnlinks href=#hl-0-721> 721</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-722><a class=lnlinks href=#hl-0-722> 722</a></span><span class=cl> name: crossplane-admin </span></span><span class=line><span class=ln id=hl-0-723><a class=lnlinks href=#hl-0-723> 723</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-724><a class=lnlinks href=#hl-0-724> 724</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-725><a class=lnlinks href=#hl-0-725> 725</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-726><a class=lnlinks href=#hl-0-726> 726</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-727><a class=lnlinks href=#hl-0-727> 727</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-728><a class=lnlinks href=#hl-0-728> 728</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-729><a class=lnlinks href=#hl-0-729> 729</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-730><a class=lnlinks href=#hl-0-730> 730</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-731><a class=lnlinks href=#hl-0-731> 731</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-732><a class=lnlinks href=#hl-0-732> 732</a></span><span class=cl>roleRef: </span></span><span class=line><span class=ln id=hl-0-733><a class=lnlinks href=#hl-0-733> 733</a></span><span class=cl> apiGroup: rbac.authorization.k8s.io </span></span><span class=line><span class=ln id=hl-0-734><a class=lnlinks href=#hl-0-734> 734</a></span><span class=cl> kind: ClusterRole </span></span><span class=line><span class=ln id=hl-0-735><a class=lnlinks href=#hl-0-735> 735</a></span><span class=cl> name: crossplane-admin </span></span><span class=line><span class=ln id=hl-0-736><a class=lnlinks href=#hl-0-736> 736</a></span><span class=cl>subjects: </span></span><span class=line><span class=ln id=hl-0-737><a class=lnlinks href=#hl-0-737> 737</a></span><span class=cl>- apiGroup: rbac.authorization.k8s.io </span></span><span class=line><span class=ln id=hl-0-738><a class=lnlinks href=#hl-0-738> 738</a></span><span class=cl> kind: Group </span></span><span class=line><span class=ln id=hl-0-739><a class=lnlinks href=#hl-0-739> 739</a></span><span class=cl> name: crossplane:masters </span></span><span class=line><span class=ln id=hl-0-740><a class=lnlinks href=#hl-0-740> 740</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-741><a class=lnlinks href=#hl-0-741> 741</a></span><span class=cl><span class=c1># Source: crossplane/templates/service.yaml</span> </span></span><span class=line><span class=ln id=hl-0-742><a class=lnlinks href=#hl-0-742> 742</a></span><span class=cl>apiVersion: v1 </span></span><span class=line><span class=ln id=hl-0-743><a class=lnlinks href=#hl-0-743> 743</a></span><span class=cl>kind: Service </span></span><span class=line><span class=ln id=hl-0-744><a class=lnlinks href=#hl-0-744> 744</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-745><a class=lnlinks href=#hl-0-745> 745</a></span><span class=cl> name: crossplane-webhooks </span></span><span class=line><span class=ln id=hl-0-746><a class=lnlinks href=#hl-0-746> 746</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-747><a class=lnlinks href=#hl-0-747> 747</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-748><a class=lnlinks href=#hl-0-748> 748</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-749><a class=lnlinks href=#hl-0-749> 749</a></span><span class=cl> release: crossplane </span></span><span class=line><span class=ln id=hl-0-750><a class=lnlinks href=#hl-0-750> 750</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-751><a class=lnlinks href=#hl-0-751> 751</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-752><a class=lnlinks href=#hl-0-752> 752</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-753><a class=lnlinks href=#hl-0-753> 753</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-754><a class=lnlinks href=#hl-0-754> 754</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-755><a class=lnlinks href=#hl-0-755> 755</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-756><a class=lnlinks href=#hl-0-756> 756</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-757><a class=lnlinks href=#hl-0-757> 757</a></span><span class=cl>spec: </span></span><span class=line><span class=ln id=hl-0-758><a class=lnlinks href=#hl-0-758> 758</a></span><span class=cl> selector: </span></span><span class=line><span class=ln id=hl-0-759><a class=lnlinks href=#hl-0-759> 759</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-760><a class=lnlinks href=#hl-0-760> 760</a></span><span class=cl> release: crossplane </span></span><span class=line><span class=ln id=hl-0-761><a class=lnlinks href=#hl-0-761> 761</a></span><span class=cl> ports: </span></span><span class=line><span class=ln id=hl-0-762><a class=lnlinks href=#hl-0-762> 762</a></span><span class=cl> - protocol: TCP </span></span><span class=line><span class=ln id=hl-0-763><a class=lnlinks href=#hl-0-763> 763</a></span><span class=cl> port: <span class=m>9443</span> </span></span><span class=line><span class=ln id=hl-0-764><a class=lnlinks href=#hl-0-764> 764</a></span><span class=cl> targetPort: <span class=m>9443</span> </span></span><span class=line><span class=ln id=hl-0-765><a class=lnlinks href=#hl-0-765> 765</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-766><a class=lnlinks href=#hl-0-766> 766</a></span><span class=cl><span class=c1># Source: crossplane/templates/deployment.yaml</span> </span></span><span class=line><span class=ln id=hl-0-767><a class=lnlinks href=#hl-0-767> 767</a></span><span class=cl>apiVersion: apps/v1 </span></span><span class=line><span class=ln id=hl-0-768><a class=lnlinks href=#hl-0-768> 768</a></span><span class=cl>kind: Deployment </span></span><span class=line><span class=ln id=hl-0-769><a class=lnlinks href=#hl-0-769> 769</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-770><a class=lnlinks href=#hl-0-770> 770</a></span><span class=cl> name: crossplane </span></span><span class=line><span class=ln id=hl-0-771><a class=lnlinks href=#hl-0-771> 771</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-772><a class=lnlinks href=#hl-0-772> 772</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-773><a class=lnlinks href=#hl-0-773> 773</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-774><a class=lnlinks href=#hl-0-774> 774</a></span><span class=cl> release: crossplane </span></span><span class=line><span class=ln id=hl-0-775><a class=lnlinks href=#hl-0-775> 775</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-776><a class=lnlinks href=#hl-0-776> 776</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-777><a class=lnlinks href=#hl-0-777> 777</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-778><a class=lnlinks href=#hl-0-778> 778</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-779><a class=lnlinks href=#hl-0-779> 779</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-780><a class=lnlinks href=#hl-0-780> 780</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-781><a class=lnlinks href=#hl-0-781> 781</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-782><a class=lnlinks href=#hl-0-782> 782</a></span><span class=cl>spec: </span></span><span class=line><span class=ln id=hl-0-783><a class=lnlinks href=#hl-0-783> 783</a></span><span class=cl> replicas: <span class=m>1</span> </span></span><span class=line><span class=ln id=hl-0-784><a class=lnlinks href=#hl-0-784> 784</a></span><span class=cl> selector: </span></span><span class=line><span class=ln id=hl-0-785><a class=lnlinks href=#hl-0-785> 785</a></span><span class=cl> matchLabels: </span></span><span class=line><span class=ln id=hl-0-786><a class=lnlinks href=#hl-0-786> 786</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-787><a class=lnlinks href=#hl-0-787> 787</a></span><span class=cl> release: crossplane </span></span><span class=line><span class=ln id=hl-0-788><a class=lnlinks href=#hl-0-788> 788</a></span><span class=cl> strategy: </span></span><span class=line><span class=ln id=hl-0-789><a class=lnlinks href=#hl-0-789> 789</a></span><span class=cl> type: RollingUpdate </span></span><span class=line><span class=ln id=hl-0-790><a class=lnlinks href=#hl-0-790> 790</a></span><span class=cl> template: </span></span><span class=line><span class=ln id=hl-0-791><a class=lnlinks href=#hl-0-791> 791</a></span><span class=cl> metadata: </span></span><span class=line><span class=ln id=hl-0-792><a class=lnlinks href=#hl-0-792> 792</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-793><a class=lnlinks href=#hl-0-793> 793</a></span><span class=cl> app: crossplane </span></span><span class=line><span class=ln id=hl-0-794><a class=lnlinks href=#hl-0-794> 794</a></span><span class=cl> release: crossplane </span></span><span class=line><span class=ln id=hl-0-795><a class=lnlinks href=#hl-0-795> 795</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-796><a class=lnlinks href=#hl-0-796> 796</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-797><a class=lnlinks href=#hl-0-797> 797</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-798><a class=lnlinks href=#hl-0-798> 798</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-799><a class=lnlinks href=#hl-0-799> 799</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-800><a class=lnlinks href=#hl-0-800> 800</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-801><a class=lnlinks href=#hl-0-801> 801</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-802><a class=lnlinks href=#hl-0-802> 802</a></span><span class=cl> spec: </span></span><span class=line><span class=ln id=hl-0-803><a class=lnlinks href=#hl-0-803> 803</a></span><span class=cl> serviceAccountName: crossplane </span></span><span class=line><span class=ln id=hl-0-804><a class=lnlinks href=#hl-0-804> 804</a></span><span class=cl> hostNetwork: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-805><a class=lnlinks href=#hl-0-805> 805</a></span><span class=cl> initContainers: </span></span><span class=line><span class=ln id=hl-0-806><a class=lnlinks href=#hl-0-806> 806</a></span><span class=cl> - image: <span class=s2>"xpkg.upbound.io/crossplane/crossplane:v1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-807><a class=lnlinks href=#hl-0-807> 807</a></span><span class=cl> args: </span></span><span class=line><span class=ln id=hl-0-808><a class=lnlinks href=#hl-0-808> 808</a></span><span class=cl> - core </span></span><span class=line><span class=ln id=hl-0-809><a class=lnlinks href=#hl-0-809> 809</a></span><span class=cl> - init </span></span><span class=line><span class=ln id=hl-0-810><a class=lnlinks href=#hl-0-810> 810</a></span><span class=cl> imagePullPolicy: IfNotPresent </span></span><span class=line><span class=ln id=hl-0-811><a class=lnlinks href=#hl-0-811> 811</a></span><span class=cl> name: crossplane-init </span></span><span class=line><span class=ln id=hl-0-812><a class=lnlinks href=#hl-0-812> 812</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-813><a class=lnlinks href=#hl-0-813> 813</a></span><span class=cl> limits: </span></span><span class=line><span class=ln id=hl-0-814><a class=lnlinks href=#hl-0-814> 814</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-815><a class=lnlinks href=#hl-0-815> 815</a></span><span class=cl> memory: 512Mi </span></span><span class=line><span class=ln id=hl-0-816><a class=lnlinks href=#hl-0-816> 816</a></span><span class=cl> requests: </span></span><span class=line><span class=ln id=hl-0-817><a class=lnlinks href=#hl-0-817> 817</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-818><a class=lnlinks href=#hl-0-818> 818</a></span><span class=cl> memory: 256Mi </span></span><span class=line><span class=ln id=hl-0-819><a class=lnlinks href=#hl-0-819> 819</a></span><span class=cl> securityContext: </span></span><span class=line><span class=ln id=hl-0-820><a class=lnlinks href=#hl-0-820> 820</a></span><span class=cl> allowPrivilegeEscalation: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-821><a class=lnlinks href=#hl-0-821> 821</a></span><span class=cl> readOnlyRootFilesystem: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-822><a class=lnlinks href=#hl-0-822> 822</a></span><span class=cl> runAsGroup: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-823><a class=lnlinks href=#hl-0-823> 823</a></span><span class=cl> runAsUser: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-824><a class=lnlinks href=#hl-0-824> 824</a></span><span class=cl> env: </span></span><span class=line><span class=ln id=hl-0-825><a class=lnlinks href=#hl-0-825> 825</a></span><span class=cl> - name: GOMAXPROCS </span></span><span class=line><span class=ln id=hl-0-826><a class=lnlinks href=#hl-0-826> 826</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-827><a class=lnlinks href=#hl-0-827> 827</a></span><span class=cl> resourceFieldRef: </span></span><span class=line><span class=ln id=hl-0-828><a class=lnlinks href=#hl-0-828> 828</a></span><span class=cl> containerName: crossplane-init </span></span><span class=line><span class=ln id=hl-0-829><a class=lnlinks href=#hl-0-829> 829</a></span><span class=cl> resource: limits.cpu </span></span><span class=line><span class=ln id=hl-0-830><a class=lnlinks href=#hl-0-830> 830</a></span><span class=cl> divisor: <span class=s2>"1"</span> </span></span><span class=line><span class=ln id=hl-0-831><a class=lnlinks href=#hl-0-831> 831</a></span><span class=cl> - name: GOMEMLIMIT </span></span><span class=line><span class=ln id=hl-0-832><a class=lnlinks href=#hl-0-832> 832</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-833><a class=lnlinks href=#hl-0-833> 833</a></span><span class=cl> resourceFieldRef: </span></span><span class=line><span class=ln id=hl-0-834><a class=lnlinks href=#hl-0-834> 834</a></span><span class=cl> containerName: crossplane-init </span></span><span class=line><span class=ln id=hl-0-835><a class=lnlinks href=#hl-0-835> 835</a></span><span class=cl> resource: limits.memory </span></span><span class=line><span class=ln id=hl-0-836><a class=lnlinks href=#hl-0-836> 836</a></span><span class=cl> divisor: <span class=s2>"1"</span> </span></span><span class=line><span class=ln id=hl-0-837><a class=lnlinks href=#hl-0-837> 837</a></span><span class=cl> - name: POD_NAMESPACE </span></span><span class=line><span class=ln id=hl-0-838><a class=lnlinks href=#hl-0-838> 838</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-839><a class=lnlinks href=#hl-0-839> 839</a></span><span class=cl> fieldRef: </span></span><span class=line><span class=ln id=hl-0-840><a class=lnlinks href=#hl-0-840> 840</a></span><span class=cl> fieldPath: metadata.namespace </span></span><span class=line><span class=ln id=hl-0-841><a class=lnlinks href=#hl-0-841> 841</a></span><span class=cl> - name: POD_SERVICE_ACCOUNT </span></span><span class=line><span class=ln id=hl-0-842><a class=lnlinks href=#hl-0-842> 842</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-843><a class=lnlinks href=#hl-0-843> 843</a></span><span class=cl> fieldRef: </span></span><span class=line><span class=ln id=hl-0-844><a class=lnlinks href=#hl-0-844> 844</a></span><span class=cl> fieldPath: spec.serviceAccountName </span></span><span class=line><span class=ln id=hl-0-845><a class=lnlinks href=#hl-0-845> 845</a></span><span class=cl> - name: <span class=s2>"WEBHOOK_SERVICE_NAME"</span> </span></span><span class=line><span class=ln id=hl-0-846><a class=lnlinks href=#hl-0-846> 846</a></span><span class=cl> value: crossplane-webhooks </span></span><span class=line><span class=ln id=hl-0-847><a class=lnlinks href=#hl-0-847> 847</a></span><span class=cl> - name: <span class=s2>"WEBHOOK_SERVICE_NAMESPACE"</span> </span></span><span class=line><span class=ln id=hl-0-848><a class=lnlinks href=#hl-0-848> 848</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-849><a class=lnlinks href=#hl-0-849> 849</a></span><span class=cl> fieldRef: </span></span><span class=line><span class=ln id=hl-0-850><a class=lnlinks href=#hl-0-850> 850</a></span><span class=cl> fieldPath: metadata.namespace </span></span><span class=line><span class=ln id=hl-0-851><a class=lnlinks href=#hl-0-851> 851</a></span><span class=cl> - name: <span class=s2>"WEBHOOK_SERVICE_PORT"</span> </span></span><span class=line><span class=ln id=hl-0-852><a class=lnlinks href=#hl-0-852> 852</a></span><span class=cl> value: <span class=s2>"9443"</span> </span></span><span class=line><span class=ln id=hl-0-853><a class=lnlinks href=#hl-0-853> 853</a></span><span class=cl> - name: <span class=s2>"TLS_CA_SECRET_NAME"</span> </span></span><span class=line><span class=ln id=hl-0-854><a class=lnlinks href=#hl-0-854> 854</a></span><span class=cl> value: crossplane-root-ca </span></span><span class=line><span class=ln id=hl-0-855><a class=lnlinks href=#hl-0-855> 855</a></span><span class=cl> - name: <span class=s2>"TLS_SERVER_SECRET_NAME"</span> </span></span><span class=line><span class=ln id=hl-0-856><a class=lnlinks href=#hl-0-856> 856</a></span><span class=cl> value: crossplane-tls-server </span></span><span class=line><span class=ln id=hl-0-857><a class=lnlinks href=#hl-0-857> 857</a></span><span class=cl> - name: <span class=s2>"TLS_CLIENT_SECRET_NAME"</span> </span></span><span class=line><span class=ln id=hl-0-858><a class=lnlinks href=#hl-0-858> 858</a></span><span class=cl> value: crossplane-tls-client </span></span><span class=line><span class=ln id=hl-0-859><a class=lnlinks href=#hl-0-859> 859</a></span><span class=cl> containers: </span></span><span class=line><span class=ln id=hl-0-860><a class=lnlinks href=#hl-0-860> 860</a></span><span class=cl> - image: <span class=s2>"xpkg.upbound.io/crossplane/crossplane:v1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-861><a class=lnlinks href=#hl-0-861> 861</a></span><span class=cl> args: </span></span><span class=line><span class=ln id=hl-0-862><a class=lnlinks href=#hl-0-862> 862</a></span><span class=cl> - core </span></span><span class=line><span class=ln id=hl-0-863><a class=lnlinks href=#hl-0-863> 863</a></span><span class=cl> - start </span></span><span class=line><span class=ln id=hl-0-864><a class=lnlinks href=#hl-0-864> 864</a></span><span class=cl> imagePullPolicy: IfNotPresent </span></span><span class=line><span class=ln id=hl-0-865><a class=lnlinks href=#hl-0-865> 865</a></span><span class=cl> name: crossplane </span></span><span class=line><span class=ln id=hl-0-866><a class=lnlinks href=#hl-0-866> 866</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-867><a class=lnlinks href=#hl-0-867> 867</a></span><span class=cl> limits: </span></span><span class=line><span class=ln id=hl-0-868><a class=lnlinks href=#hl-0-868> 868</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-869><a class=lnlinks href=#hl-0-869> 869</a></span><span class=cl> memory: 512Mi </span></span><span class=line><span class=ln id=hl-0-870><a class=lnlinks href=#hl-0-870> 870</a></span><span class=cl> requests: </span></span><span class=line><span class=ln id=hl-0-871><a class=lnlinks href=#hl-0-871> 871</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-872><a class=lnlinks href=#hl-0-872> 872</a></span><span class=cl> memory: 256Mi </span></span><span class=line><span class=ln id=hl-0-873><a class=lnlinks href=#hl-0-873> 873</a></span><span class=cl> startupProbe: </span></span><span class=line><span class=ln id=hl-0-874><a class=lnlinks href=#hl-0-874> 874</a></span><span class=cl> failureThreshold: <span class=m>30</span> </span></span><span class=line><span class=ln id=hl-0-875><a class=lnlinks href=#hl-0-875> 875</a></span><span class=cl> periodSeconds: <span class=m>2</span> </span></span><span class=line><span class=ln id=hl-0-876><a class=lnlinks href=#hl-0-876> 876</a></span><span class=cl> tcpSocket: </span></span><span class=line><span class=ln id=hl-0-877><a class=lnlinks href=#hl-0-877> 877</a></span><span class=cl> port: readyz </span></span><span class=line><span class=ln id=hl-0-878><a class=lnlinks href=#hl-0-878> 878</a></span><span class=cl> ports: </span></span><span class=line><span class=ln id=hl-0-879><a class=lnlinks href=#hl-0-879> 879</a></span><span class=cl> - name: readyz </span></span><span class=line><span class=ln id=hl-0-880><a class=lnlinks href=#hl-0-880> 880</a></span><span class=cl> containerPort: <span class=m>8081</span> </span></span><span class=line><span class=ln id=hl-0-881><a class=lnlinks href=#hl-0-881> 881</a></span><span class=cl> - name: webhooks </span></span><span class=line><span class=ln id=hl-0-882><a class=lnlinks href=#hl-0-882> 882</a></span><span class=cl> containerPort: <span class=m>9443</span> </span></span><span class=line><span class=ln id=hl-0-883><a class=lnlinks href=#hl-0-883> 883</a></span><span class=cl> securityContext: </span></span><span class=line><span class=ln id=hl-0-884><a class=lnlinks href=#hl-0-884> 884</a></span><span class=cl> allowPrivilegeEscalation: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-885><a class=lnlinks href=#hl-0-885> 885</a></span><span class=cl> readOnlyRootFilesystem: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-886><a class=lnlinks href=#hl-0-886> 886</a></span><span class=cl> runAsGroup: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-887><a class=lnlinks href=#hl-0-887> 887</a></span><span class=cl> runAsUser: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-888><a class=lnlinks href=#hl-0-888> 888</a></span><span class=cl> env: </span></span><span class=line><span class=ln id=hl-0-889><a class=lnlinks href=#hl-0-889> 889</a></span><span class=cl> - name: GOMAXPROCS </span></span><span class=line><span class=ln id=hl-0-890><a class=lnlinks href=#hl-0-890> 890</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-891><a class=lnlinks href=#hl-0-891> 891</a></span><span class=cl> resourceFieldRef: </span></span><span class=line><span class=ln id=hl-0-892><a class=lnlinks href=#hl-0-892> 892</a></span><span class=cl> containerName: crossplane </span></span><span class=line><span class=ln id=hl-0-893><a class=lnlinks href=#hl-0-893> 893</a></span><span class=cl> resource: limits.cpu </span></span><span class=line><span class=ln id=hl-0-894><a class=lnlinks href=#hl-0-894> 894</a></span><span class=cl> divisor: <span class=s2>"1"</span> </span></span><span class=line><span class=ln id=hl-0-895><a class=lnlinks href=#hl-0-895> 895</a></span><span class=cl> - name: GOMEMLIMIT </span></span><span class=line><span class=ln id=hl-0-896><a class=lnlinks href=#hl-0-896> 896</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-897><a class=lnlinks href=#hl-0-897> 897</a></span><span class=cl> resourceFieldRef: </span></span><span class=line><span class=ln id=hl-0-898><a class=lnlinks href=#hl-0-898> 898</a></span><span class=cl> containerName: crossplane </span></span><span class=line><span class=ln id=hl-0-899><a class=lnlinks href=#hl-0-899> 899</a></span><span class=cl> resource: limits.memory </span></span><span class=line><span class=ln id=hl-0-900><a class=lnlinks href=#hl-0-900> 900</a></span><span class=cl> divisor: <span class=s2>"1"</span> </span></span><span class=line><span class=ln id=hl-0-901><a class=lnlinks href=#hl-0-901> 901</a></span><span class=cl> - name: POD_NAMESPACE </span></span><span class=line><span class=ln id=hl-0-902><a class=lnlinks href=#hl-0-902> 902</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-903><a class=lnlinks href=#hl-0-903> 903</a></span><span class=cl> fieldRef: </span></span><span class=line><span class=ln id=hl-0-904><a class=lnlinks href=#hl-0-904> 904</a></span><span class=cl> fieldPath: metadata.namespace </span></span><span class=line><span class=ln id=hl-0-905><a class=lnlinks href=#hl-0-905> 905</a></span><span class=cl> - name: POD_SERVICE_ACCOUNT </span></span><span class=line><span class=ln id=hl-0-906><a class=lnlinks href=#hl-0-906> 906</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-907><a class=lnlinks href=#hl-0-907> 907</a></span><span class=cl> fieldRef: </span></span><span class=line><span class=ln id=hl-0-908><a class=lnlinks href=#hl-0-908> 908</a></span><span class=cl> fieldPath: spec.serviceAccountName </span></span><span class=line><span class=ln id=hl-0-909><a class=lnlinks href=#hl-0-909> 909</a></span><span class=cl> - name: LEADER_ELECTION </span></span><span class=line><span class=ln id=hl-0-910><a class=lnlinks href=#hl-0-910> 910</a></span><span class=cl> value: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-911><a class=lnlinks href=#hl-0-911> 911</a></span><span class=cl> - name: <span class=s2>"TLS_SERVER_SECRET_NAME"</span> </span></span><span class=line><span class=ln id=hl-0-912><a class=lnlinks href=#hl-0-912> 912</a></span><span class=cl> value: crossplane-tls-server </span></span><span class=line><span class=ln id=hl-0-913><a class=lnlinks href=#hl-0-913> 913</a></span><span class=cl> - name: <span class=s2>"TLS_SERVER_CERTS_DIR"</span> </span></span><span class=line><span class=ln id=hl-0-914><a class=lnlinks href=#hl-0-914> 914</a></span><span class=cl> value: /tls/server </span></span><span class=line><span class=ln id=hl-0-915><a class=lnlinks href=#hl-0-915> 915</a></span><span class=cl> - name: <span class=s2>"TLS_CLIENT_SECRET_NAME"</span> </span></span><span class=line><span class=ln id=hl-0-916><a class=lnlinks href=#hl-0-916> 916</a></span><span class=cl> value: crossplane-tls-client </span></span><span class=line><span class=ln id=hl-0-917><a class=lnlinks href=#hl-0-917> 917</a></span><span class=cl> - name: <span class=s2>"TLS_CLIENT_CERTS_DIR"</span> </span></span><span class=line><span class=ln id=hl-0-918><a class=lnlinks href=#hl-0-918> 918</a></span><span class=cl> value: /tls/client </span></span><span class=line><span class=ln id=hl-0-919><a class=lnlinks href=#hl-0-919> 919</a></span><span class=cl> volumeMounts: </span></span><span class=line><span class=ln id=hl-0-920><a class=lnlinks href=#hl-0-920> 920</a></span><span class=cl> - mountPath: /cache </span></span><span class=line><span class=ln id=hl-0-921><a class=lnlinks href=#hl-0-921> 921</a></span><span class=cl> name: package-cache </span></span><span class=line><span class=ln id=hl-0-922><a class=lnlinks href=#hl-0-922> 922</a></span><span class=cl> - mountPath: /tls/server </span></span><span class=line><span class=ln id=hl-0-923><a class=lnlinks href=#hl-0-923> 923</a></span><span class=cl> name: tls-server-certs </span></span><span class=line><span class=ln id=hl-0-924><a class=lnlinks href=#hl-0-924> 924</a></span><span class=cl> - mountPath: /tls/client </span></span><span class=line><span class=ln id=hl-0-925><a class=lnlinks href=#hl-0-925> 925</a></span><span class=cl> name: tls-client-certs </span></span><span class=line><span class=ln id=hl-0-926><a class=lnlinks href=#hl-0-926> 926</a></span><span class=cl> volumes: </span></span><span class=line><span class=ln id=hl-0-927><a class=lnlinks href=#hl-0-927> 927</a></span><span class=cl> - name: package-cache </span></span><span class=line><span class=ln id=hl-0-928><a class=lnlinks href=#hl-0-928> 928</a></span><span class=cl> emptyDir: </span></span><span class=line><span class=ln id=hl-0-929><a class=lnlinks href=#hl-0-929> 929</a></span><span class=cl> medium: </span></span><span class=line><span class=ln id=hl-0-930><a class=lnlinks href=#hl-0-930> 930</a></span><span class=cl> sizeLimit: 20Mi </span></span><span class=line><span class=ln id=hl-0-931><a class=lnlinks href=#hl-0-931> 931</a></span><span class=cl> - name: tls-server-certs </span></span><span class=line><span class=ln id=hl-0-932><a class=lnlinks href=#hl-0-932> 932</a></span><span class=cl> secret: </span></span><span class=line><span class=ln id=hl-0-933><a class=lnlinks href=#hl-0-933> 933</a></span><span class=cl> secretName: crossplane-tls-server </span></span><span class=line><span class=ln id=hl-0-934><a class=lnlinks href=#hl-0-934> 934</a></span><span class=cl> - name: tls-client-certs </span></span><span class=line><span class=ln id=hl-0-935><a class=lnlinks href=#hl-0-935> 935</a></span><span class=cl> secret: </span></span><span class=line><span class=ln id=hl-0-936><a class=lnlinks href=#hl-0-936> 936</a></span><span class=cl> secretName: crossplane-tls-client </span></span><span class=line><span class=ln id=hl-0-937><a class=lnlinks href=#hl-0-937> 937</a></span><span class=cl>--- </span></span><span class=line><span class=ln id=hl-0-938><a class=lnlinks href=#hl-0-938> 938</a></span><span class=cl><span class=c1># Source: crossplane/templates/rbac-manager-deployment.yaml</span> </span></span><span class=line><span class=ln id=hl-0-939><a class=lnlinks href=#hl-0-939> 939</a></span><span class=cl>apiVersion: apps/v1 </span></span><span class=line><span class=ln id=hl-0-940><a class=lnlinks href=#hl-0-940> 940</a></span><span class=cl>kind: Deployment </span></span><span class=line><span class=ln id=hl-0-941><a class=lnlinks href=#hl-0-941> 941</a></span><span class=cl>metadata: </span></span><span class=line><span class=ln id=hl-0-942><a class=lnlinks href=#hl-0-942> 942</a></span><span class=cl> name: crossplane-rbac-manager </span></span><span class=line><span class=ln id=hl-0-943><a class=lnlinks href=#hl-0-943> 943</a></span><span class=cl> namespace: default </span></span><span class=line><span class=ln id=hl-0-944><a class=lnlinks href=#hl-0-944> 944</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-945><a class=lnlinks href=#hl-0-945> 945</a></span><span class=cl> app: crossplane-rbac-manager </span></span><span class=line><span class=ln id=hl-0-946><a class=lnlinks href=#hl-0-946> 946</a></span><span class=cl> release: crossplane </span></span><span class=line><span class=ln id=hl-0-947><a class=lnlinks href=#hl-0-947> 947</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-948><a class=lnlinks href=#hl-0-948> 948</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-949><a class=lnlinks href=#hl-0-949> 949</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-950><a class=lnlinks href=#hl-0-950> 950</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-951><a class=lnlinks href=#hl-0-951> 951</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-952><a class=lnlinks href=#hl-0-952> 952</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-953><a class=lnlinks href=#hl-0-953> 953</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-954><a class=lnlinks href=#hl-0-954> 954</a></span><span class=cl>spec: </span></span><span class=line><span class=ln id=hl-0-955><a class=lnlinks href=#hl-0-955> 955</a></span><span class=cl> replicas: <span class=m>1</span> </span></span><span class=line><span class=ln id=hl-0-956><a class=lnlinks href=#hl-0-956> 956</a></span><span class=cl> selector: </span></span><span class=line><span class=ln id=hl-0-957><a class=lnlinks href=#hl-0-957> 957</a></span><span class=cl> matchLabels: </span></span><span class=line><span class=ln id=hl-0-958><a class=lnlinks href=#hl-0-958> 958</a></span><span class=cl> app: crossplane-rbac-manager </span></span><span class=line><span class=ln id=hl-0-959><a class=lnlinks href=#hl-0-959> 959</a></span><span class=cl> release: crossplane </span></span><span class=line><span class=ln id=hl-0-960><a class=lnlinks href=#hl-0-960> 960</a></span><span class=cl> strategy: </span></span><span class=line><span class=ln id=hl-0-961><a class=lnlinks href=#hl-0-961> 961</a></span><span class=cl> type: RollingUpdate </span></span><span class=line><span class=ln id=hl-0-962><a class=lnlinks href=#hl-0-962> 962</a></span><span class=cl> template: </span></span><span class=line><span class=ln id=hl-0-963><a class=lnlinks href=#hl-0-963> 963</a></span><span class=cl> metadata: </span></span><span class=line><span class=ln id=hl-0-964><a class=lnlinks href=#hl-0-964> 964</a></span><span class=cl> labels: </span></span><span class=line><span class=ln id=hl-0-965><a class=lnlinks href=#hl-0-965> 965</a></span><span class=cl> app: crossplane-rbac-manager </span></span><span class=line><span class=ln id=hl-0-966><a class=lnlinks href=#hl-0-966> 966</a></span><span class=cl> release: crossplane </span></span><span class=line><span class=ln id=hl-0-967><a class=lnlinks href=#hl-0-967> 967</a></span><span class=cl> helm.sh/chart: crossplane-1.15.0 </span></span><span class=line><span class=ln id=hl-0-968><a class=lnlinks href=#hl-0-968> 968</a></span><span class=cl> app.kubernetes.io/managed-by: Helm </span></span><span class=line><span class=ln id=hl-0-969><a class=lnlinks href=#hl-0-969> 969</a></span><span class=cl> app.kubernetes.io/component: cloud-infrastructure-controller </span></span><span class=line><span class=ln id=hl-0-970><a class=lnlinks href=#hl-0-970> 970</a></span><span class=cl> app.kubernetes.io/part-of: crossplane </span></span><span class=line><span class=ln id=hl-0-971><a class=lnlinks href=#hl-0-971> 971</a></span><span class=cl> app.kubernetes.io/name: crossplane </span></span><span class=line><span class=ln id=hl-0-972><a class=lnlinks href=#hl-0-972> 972</a></span><span class=cl> app.kubernetes.io/instance: crossplane </span></span><span class=line><span class=ln id=hl-0-973><a class=lnlinks href=#hl-0-973> 973</a></span><span class=cl> app.kubernetes.io/version: <span class=s2>"1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-974><a class=lnlinks href=#hl-0-974> 974</a></span><span class=cl> spec: </span></span><span class=line><span class=ln id=hl-0-975><a class=lnlinks href=#hl-0-975> 975</a></span><span class=cl> serviceAccountName: rbac-manager </span></span><span class=line><span class=ln id=hl-0-976><a class=lnlinks href=#hl-0-976> 976</a></span><span class=cl> initContainers: </span></span><span class=line><span class=ln id=hl-0-977><a class=lnlinks href=#hl-0-977> 977</a></span><span class=cl> - image: <span class=s2>"xpkg.upbound.io/crossplane/crossplane:v1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-978><a class=lnlinks href=#hl-0-978> 978</a></span><span class=cl> args: </span></span><span class=line><span class=ln id=hl-0-979><a class=lnlinks href=#hl-0-979> 979</a></span><span class=cl> - rbac </span></span><span class=line><span class=ln id=hl-0-980><a class=lnlinks href=#hl-0-980> 980</a></span><span class=cl> - init </span></span><span class=line><span class=ln id=hl-0-981><a class=lnlinks href=#hl-0-981> 981</a></span><span class=cl> imagePullPolicy: IfNotPresent </span></span><span class=line><span class=ln id=hl-0-982><a class=lnlinks href=#hl-0-982> 982</a></span><span class=cl> name: crossplane-init </span></span><span class=line><span class=ln id=hl-0-983><a class=lnlinks href=#hl-0-983> 983</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-984><a class=lnlinks href=#hl-0-984> 984</a></span><span class=cl> limits: </span></span><span class=line><span class=ln id=hl-0-985><a class=lnlinks href=#hl-0-985> 985</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-986><a class=lnlinks href=#hl-0-986> 986</a></span><span class=cl> memory: 512Mi </span></span><span class=line><span class=ln id=hl-0-987><a class=lnlinks href=#hl-0-987> 987</a></span><span class=cl> requests: </span></span><span class=line><span class=ln id=hl-0-988><a class=lnlinks href=#hl-0-988> 988</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-989><a class=lnlinks href=#hl-0-989> 989</a></span><span class=cl> memory: 256Mi </span></span><span class=line><span class=ln id=hl-0-990><a class=lnlinks href=#hl-0-990> 990</a></span><span class=cl> securityContext: </span></span><span class=line><span class=ln id=hl-0-991><a class=lnlinks href=#hl-0-991> 991</a></span><span class=cl> allowPrivilegeEscalation: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-992><a class=lnlinks href=#hl-0-992> 992</a></span><span class=cl> readOnlyRootFilesystem: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-993><a class=lnlinks href=#hl-0-993> 993</a></span><span class=cl> runAsGroup: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-994><a class=lnlinks href=#hl-0-994> 994</a></span><span class=cl> runAsUser: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-995><a class=lnlinks href=#hl-0-995> 995</a></span><span class=cl> env: </span></span><span class=line><span class=ln id=hl-0-996><a class=lnlinks href=#hl-0-996> 996</a></span><span class=cl> - name: GOMAXPROCS </span></span><span class=line><span class=ln id=hl-0-997><a class=lnlinks href=#hl-0-997> 997</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-998><a class=lnlinks href=#hl-0-998> 998</a></span><span class=cl> resourceFieldRef: </span></span><span class=line><span class=ln id=hl-0-999><a class=lnlinks href=#hl-0-999> 999</a></span><span class=cl> containerName: crossplane-init </span></span><span class=line><span class=ln id=hl-0-1000><a class=lnlinks href=#hl-0-1000>1000</a></span><span class=cl> resource: limits.cpu </span></span><span class=line><span class=ln id=hl-0-1001><a class=lnlinks href=#hl-0-1001>1001</a></span><span class=cl> - name: GOMEMLIMIT </span></span><span class=line><span class=ln id=hl-0-1002><a class=lnlinks href=#hl-0-1002>1002</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-1003><a class=lnlinks href=#hl-0-1003>1003</a></span><span class=cl> resourceFieldRef: </span></span><span class=line><span class=ln id=hl-0-1004><a class=lnlinks href=#hl-0-1004>1004</a></span><span class=cl> containerName: crossplane-init </span></span><span class=line><span class=ln id=hl-0-1005><a class=lnlinks href=#hl-0-1005>1005</a></span><span class=cl> resource: limits.memory </span></span><span class=line><span class=ln id=hl-0-1006><a class=lnlinks href=#hl-0-1006>1006</a></span><span class=cl> containers: </span></span><span class=line><span class=ln id=hl-0-1007><a class=lnlinks href=#hl-0-1007>1007</a></span><span class=cl> - image: <span class=s2>"xpkg.upbound.io/crossplane/crossplane:v1.15.0"</span> </span></span><span class=line><span class=ln id=hl-0-1008><a class=lnlinks href=#hl-0-1008>1008</a></span><span class=cl> args: </span></span><span class=line><span class=ln id=hl-0-1009><a class=lnlinks href=#hl-0-1009>1009</a></span><span class=cl> - rbac </span></span><span class=line><span class=ln id=hl-0-1010><a class=lnlinks href=#hl-0-1010>1010</a></span><span class=cl> - start </span></span><span class=line><span class=ln id=hl-0-1011><a class=lnlinks href=#hl-0-1011>1011</a></span><span class=cl> - --provider-clusterrole<span class=o>=</span>crossplane:allowed-provider-permissions </span></span><span class=line><span class=ln id=hl-0-1012><a class=lnlinks href=#hl-0-1012>1012</a></span><span class=cl> imagePullPolicy: IfNotPresent </span></span><span class=line><span class=ln id=hl-0-1013><a class=lnlinks href=#hl-0-1013>1013</a></span><span class=cl> name: crossplane </span></span><span class=line><span class=ln id=hl-0-1014><a class=lnlinks href=#hl-0-1014>1014</a></span><span class=cl> resources: </span></span><span class=line><span class=ln id=hl-0-1015><a class=lnlinks href=#hl-0-1015>1015</a></span><span class=cl> limits: </span></span><span class=line><span class=ln id=hl-0-1016><a class=lnlinks href=#hl-0-1016>1016</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-1017><a class=lnlinks href=#hl-0-1017>1017</a></span><span class=cl> memory: 512Mi </span></span><span class=line><span class=ln id=hl-0-1018><a class=lnlinks href=#hl-0-1018>1018</a></span><span class=cl> requests: </span></span><span class=line><span class=ln id=hl-0-1019><a class=lnlinks href=#hl-0-1019>1019</a></span><span class=cl> cpu: 100m </span></span><span class=line><span class=ln id=hl-0-1020><a class=lnlinks href=#hl-0-1020>1020</a></span><span class=cl> memory: 256Mi </span></span><span class=line><span class=ln id=hl-0-1021><a class=lnlinks href=#hl-0-1021>1021</a></span><span class=cl> securityContext: </span></span><span class=line><span class=ln id=hl-0-1022><a class=lnlinks href=#hl-0-1022>1022</a></span><span class=cl> allowPrivilegeEscalation: <span class=nb>false</span> </span></span><span class=line><span class=ln id=hl-0-1023><a class=lnlinks href=#hl-0-1023>1023</a></span><span class=cl> readOnlyRootFilesystem: <span class=nb>true</span> </span></span><span class=line><span class=ln id=hl-0-1024><a class=lnlinks href=#hl-0-1024>1024</a></span><span class=cl> runAsGroup: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-1025><a class=lnlinks href=#hl-0-1025>1025</a></span><span class=cl> runAsUser: <span class=m>65532</span> </span></span><span class=line><span class=ln id=hl-0-1026><a class=lnlinks href=#hl-0-1026>1026</a></span><span class=cl> env: </span></span><span class=line><span class=ln id=hl-0-1027><a class=lnlinks href=#hl-0-1027>1027</a></span><span class=cl> - name: GOMAXPROCS </span></span><span class=line><span class=ln id=hl-0-1028><a class=lnlinks href=#hl-0-1028>1028</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-1029><a class=lnlinks href=#hl-0-1029>1029</a></span><span class=cl> resourceFieldRef: </span></span><span class=line><span class=ln id=hl-0-1030><a class=lnlinks href=#hl-0-1030>1030</a></span><span class=cl> containerName: crossplane </span></span><span class=line><span class=ln id=hl-0-1031><a class=lnlinks href=#hl-0-1031>1031</a></span><span class=cl> resource: limits.cpu </span></span><span class=line><span class=ln id=hl-0-1032><a class=lnlinks href=#hl-0-1032>1032</a></span><span class=cl> - name: GOMEMLIMIT </span></span><span class=line><span class=ln id=hl-0-1033><a class=lnlinks href=#hl-0-1033>1033</a></span><span class=cl> valueFrom: </span></span><span class=line><span class=ln id=hl-0-1034><a class=lnlinks href=#hl-0-1034>1034</a></span><span class=cl> resourceFieldRef: </span></span><span class=line><span class=ln id=hl-0-1035><a class=lnlinks href=#hl-0-1035>1035</a></span><span class=cl> containerName: crossplane </span></span><span class=line><span class=ln id=hl-0-1036><a class=lnlinks href=#hl-0-1036>1036</a></span><span class=cl> resource: limits.memory </span></span><span class=line><span class=ln id=hl-0-1037><a class=lnlinks href=#hl-0-1037>1037</a></span><span class=cl> - name: LEADER_ELECTION </span></span><span class=line><span class=ln id=hl-0-1038><a class=lnlinks href=#hl-0-1038>1038</a></span><span class=cl> value: <span class=s2>"true"</span> </span></span><span class=line><span class=ln id=hl-0-1039><a class=lnlinks href=#hl-0-1039>1039</a></span><span class=cl> </span></span><span class=line><span class=ln id=hl-0-1040><a class=lnlinks href=#hl-0-1040>1040</a></span><span class=cl>NOTES: </span></span><span class=line><span class=ln id=hl-0-1041><a class=lnlinks href=#hl-0-1041>1041</a></span><span class=cl>Release: crossplane </span></span><span class=line><span class=ln id=hl-0-1042><a class=lnlinks href=#hl-0-1042>1042</a></span><span class=cl> </span></span><span class=line><span class=ln id=hl-0-1043><a class=lnlinks href=#hl-0-1043>1043</a></span><span class=cl>Chart Name: crossplane </span></span><span class=line><span class=ln id=hl-0-1044><a class=lnlinks href=#hl-0-1044>1044</a></span><span class=cl>Chart Description: Crossplane is an open <span class=nb>source</span> Kubernetes add-on that enables platform teams to assemble infrastructure from multiple vendors, and expose higher level self-service APIs <span class=k>for</span> application teams to consume. </span></span><span class=line><span class=ln id=hl-0-1045><a class=lnlinks href=#hl-0-1045>1045</a></span><span class=cl>Chart Version: 1.15.0 </span></span><span class=line><span class=ln id=hl-0-1046><a class=lnlinks href=#hl-0-1046>1046</a></span><span class=cl>Chart Application Version: 1.15.0 </span></span><span class=line><span class=ln id=hl-0-1047><a class=lnlinks href=#hl-0-1047>1047</a></span><span class=cl> </span></span><span class=line><span class=ln id=hl-0-1048><a class=lnlinks href=#hl-0-1048>1048</a></span><span class=cl>Kube Version: v1.27.3 </span></span></code></pre></div></div></div></div></div><p>Install the Crossplane components using <code>helm install</code>.</p><div class=highlight><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-2-1><a class=lnlinks href=#hl-2-1>1</a></span><span class=cl>helm install crossplane <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-2-2><a class=lnlinks href=#hl-2-2>2</a></span><span class=cl><span class=se></span>crossplane-stable/crossplane <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-2-3><a class=lnlinks href=#hl-2-3>3</a></span><span class=cl><span class=se></span>--namespace crossplane-system <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-2-4><a class=lnlinks href=#hl-2-4>4</a></span><span class=cl><span class=se></span>--create-namespace </span></span></code></pre></div><p>Verify Crossplane installed with <code>kubectl get pods</code>.</p><div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-3-1><a class=lnlinks href=#hl-3-1>1</a></span><span class=cl>kubectl get pods -n crossplane-system </span></span><span class=line><span class=ln id=hl-3-2><a class=lnlinks href=#hl-3-2>2</a></span><span class=cl>NAME READY STATUS RESTARTS AGE </span></span><span class=line><span class=ln id=hl-3-3><a class=lnlinks href=#hl-3-3>3</a></span><span class=cl>crossplane-d4cd8d784-ldcgb 1/1 Running <span class=m>0</span> 54s </span></span><span class=line><span class=ln id=hl-3-4><a class=lnlinks href=#hl-3-4>4</a></span><span class=cl>crossplane-rbac-manager-84769b574-6mw6f 1/1 Running <span class=m>0</span> 54s </span></span></code></pre></div><p>Installing Crossplane creates new Kubernetes API end-points. Look at the new API end-points with <code>kubectl api-resources | grep crossplane</code>.</p><div class=highlight label=grep copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-4-1><a class=lnlinks href=#hl-4-1> 1</a></span><span class=cl>kubectl api-resources <span class=p>|</span> grep crossplane </span></span><span class=line><span class=ln id=hl-4-2><a class=lnlinks href=#hl-4-2> 2</a></span><span class=cl>compositeresourcedefinitions xrd,xrds apiextensions.crossplane.io/v1 <span class=nb>false</span> CompositeResourceDefinition </span></span><span class=line><span class=ln id=hl-4-3><a class=lnlinks href=#hl-4-3> 3</a></span><span class=cl>compositionrevisions comprev apiextensions.crossplane.io/v1 <span class=nb>false</span> CompositionRevision </span></span><span class=line><span class=ln id=hl-4-4><a class=lnlinks href=#hl-4-4> 4</a></span><span class=cl>compositions comp apiextensions.crossplane.io/v1 <span class=nb>false</span> Composition </span></span><span class=line><span class=ln id=hl-4-5><a class=lnlinks href=#hl-4-5> 5</a></span><span class=cl>environmentconfigs envcfg apiextensions.crossplane.io/v1beta1 <span class=nb>false</span> EnvironmentConfig </span></span><span class=line><span class=ln id=hl-4-6><a class=lnlinks href=#hl-4-6> 6</a></span><span class=cl>usages apiextensions.crossplane.io/v1alpha1 <span class=nb>false</span> Usage </span></span><span class=line><span class=ln id=hl-4-7><a class=lnlinks href=#hl-4-7> 7</a></span><span class=cl>configurationrevisions pkg.crossplane.io/v1 <span class=nb>false</span> ConfigurationRevision </span></span><span class=line><span class=ln id=hl-4-8><a class=lnlinks href=#hl-4-8> 8</a></span><span class=cl>configurations pkg.crossplane.io/v1 <span class=nb>false</span> Configuration </span></span><span class=line><span class=ln id=hl-4-9><a class=lnlinks href=#hl-4-9> 9</a></span><span class=cl>controllerconfigs pkg.crossplane.io/v1alpha1 <span class=nb>false</span> ControllerConfig </span></span><span class=line><span class=ln id=hl-4-10><a class=lnlinks href=#hl-4-10>10</a></span><span class=cl>deploymentruntimeconfigs pkg.crossplane.io/v1beta1 <span class=nb>false</span> DeploymentRuntimeConfig </span></span><span class=line><span class=ln id=hl-4-11><a class=lnlinks href=#hl-4-11>11</a></span><span class=cl>functionrevisions pkg.crossplane.io/v1beta1 <span class=nb>false</span> FunctionRevision </span></span><span class=line><span class=ln id=hl-4-12><a class=lnlinks href=#hl-4-12>12</a></span><span class=cl>functions pkg.crossplane.io/v1beta1 <span class=nb>false</span> Function </span></span><span class=line><span class=ln id=hl-4-13><a class=lnlinks href=#hl-4-13>13</a></span><span class=cl>locks pkg.crossplane.io/v1beta1 <span class=nb>false</span> Lock </span></span><span class=line><span class=ln id=hl-4-14><a class=lnlinks href=#hl-4-14>14</a></span><span class=cl>providerrevisions pkg.crossplane.io/v1 <span class=nb>false</span> ProviderRevision </span></span><span class=line><span class=ln id=hl-4-15><a class=lnlinks href=#hl-4-15>15</a></span><span class=cl>providers pkg.crossplane.io/v1 <span class=nb>false</span> Provider </span></span><span class=line><span class=ln id=hl-4-16><a class=lnlinks href=#hl-4-16>16</a></span><span class=cl>storeconfigs secrets.crossplane.io/v1alpha1 <span class=nb>false</span> StoreConfig </span></span></code></pre></div></div><h2 id=install-the-aws-provider>Install the AWS provider <a class=anchor-link id=install-the-aws-provider href=#install-the-aws-provider aria-label="Link to this section: Install the AWS provider"></a></h2><p>Install the AWS S3 provider into the Kubernetes cluster with a Kubernetes configuration file.</p><div class=highlight label=provider copy-lines=all><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><span class=line><span class=ln id=hl-0-1><a class=lnlinks href=#hl-0-1>1</a></span><span class=cl><span class=l>cat <<EOF | kubectl apply -f -</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-0-2><a class=lnlinks href=#hl-0-2>2</a></span><span class=cl><span class=w></span><span class=nt>apiVersion</span><span class=p>:</span><span class=w> </span><span class=l>pkg.crossplane.io/v1</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-0-3><a class=lnlinks href=#hl-0-3>3</a></span><span class=cl><span class=w></span><span class=nt>kind</span><span class=p>:</span><span class=w> </span><span class=l>Provider</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-0-4><a class=lnlinks href=#hl-0-4>4</a></span><span class=cl><span class=w></span><span class=nt>metadata</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-0-5><a class=lnlinks href=#hl-0-5>5</a></span><span class=cl><span class=w> </span><span class=nt>name</span><span class=p>:</span><span class=w> </span><span class=l>provider-aws-s3</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-0-6><a class=lnlinks href=#hl-0-6>6</a></span><span class=cl><span class=w></span><span class=nt>spec</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-0-7><a class=lnlinks href=#hl-0-7>7</a></span><span class=cl><span class=w> </span><span class=nt>package</span><span class=p>:</span><span class=w> </span><span class=l>xpkg.upbound.io/upbound/provider-aws-s3:v1.17.0</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-0-8><a class=lnlinks href=#hl-0-8>8</a></span><span class=cl><span class=w></span><span class=l>EOF</span><span class=w> </span></span></span></code></pre></div><p>The Crossplane <code><highlight-term id=1731573033990662761 data-label=provider data-line=3>Provider</highlight-term></code> installs the Kubernetes <em>Custom Resource Definitions</em> (CRDs) representing AWS S3 services. These CRDs allow you to create AWS resources directly inside Kubernetes.</p><p>Verify the provider installed with <code>kubectl get providers</code>.</p><div class=highlight copy-lines=1 label=getProvider><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-1-1><a class=lnlinks href=#hl-1-1>1</a></span><span class=cl>kubectl get providers </span></span><span class=line><span class=ln id=hl-1-2><a class=lnlinks href=#hl-1-2>2</a></span><span class=cl>NAME INSTALLED HEALTHY PACKAGE AGE </span></span><span class=line><span class=ln id=hl-1-3><a class=lnlinks href=#hl-1-3>3</a></span><span class=cl>provider-aws-s3 True True xpkg.upbound.io/upbound/provider-aws-s3:1.1.0 97s </span></span><span class=line><span class=ln id=hl-1-4><a class=lnlinks href=#hl-1-4>4</a></span><span class=cl>upbound-provider-family-aws True True xpkg.upbound.io/upbound/provider-family-aws:1.1.0 88s </span></span></code></pre></div><p>The S3 Provider installs a second Provider, the <code><highlight-term id=1731573033990701128 data-label=getProvider data-line=4>upbound-provider-family-aws</highlight-term></code>.<br>The family provider manages authentication to AWS across all AWS family Providers.</p><p>You can view the new CRDs with <code>kubectl get crds</code>.<br>Every CRD maps to a unique AWS service Crossplane can provision and manage.</p><div class="admonition tip d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="tip:"><use xlink:href="#check"/></svg><span class=ps-1>Tip</span></div><div class=admonition-content>See details about all the supported CRDs in the <a href=https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v1.1.0>Upbound Marketplace</a>.</div></div><h2 id=create-a-kubernetes-secret-for-aws>Create a Kubernetes secret for AWS <a class=anchor-link id=create-a-kubernetes-secret-for-aws href=#create-a-kubernetes-secret-for-aws aria-label="Link to this section: Create a Kubernetes secret for AWS"></a></h2><p>The provider requires credentials to create and manage AWS resources.<br>Providers use a Kubernetes <em>Secret</em> to connect the credentials to the provider.</p><p>Generate a Kubernetes <em>Secret</em> from your AWS key-pair and then configure the Provider to use it.</p><h3 id=generate-an-aws-key-pair-file>Generate an AWS key-pair file <a class=anchor-link id=generate-an-aws-key-pair-file href=#generate-an-aws-key-pair-file aria-label="Link to this section: Generate an AWS key-pair file"></a></h3><p>For basic user authentication, use an AWS Access keys key-pair file.</p><div class="admonition tip d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="tip:"><use xlink:href="#check"/></svg><span class=ps-1>Tip</span></div><div class=admonition-content>The <a href=https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-creds>AWS documentation</a> provides information on how to generate AWS Access keys.</div></div><p>Create a text file containing the AWS account <code>aws_access_key_id</code> and <code>aws_secret_access_key</code>.</p><div class=highlight copy-lines=all><pre tabindex=0 class=chroma><code class=language-ini data-lang=ini><span class=line><span class=ln id=hl-0-1><a class=lnlinks href=#hl-0-1>1</a></span><span class=cl><span class=k>[default]</span> </span></span><span class=line><span class=ln id=hl-0-2><a class=lnlinks href=#hl-0-2>2</a></span><span class=cl><span class=na>aws_access_key_id</span> <span class=o>=</span> <span class=s><span class="pe-2 editable" data-default="<aws_access_key>" contenteditable=true></span><svg class="bi text-white" width="1em" height="1em"><use xlink:href="#pencil-square"/></svg></span> </span></span><span class=line><span class=ln id=hl-0-3><a class=lnlinks href=#hl-0-3>3</a></span><span class=cl><span class=na>aws_secret_access_key</span> <span class=o>=</span> <span class=s><span class="pe-2 editable" data-default="<aws_secret_key>" contenteditable=true></span><svg class="bi text-white" width="1em" height="1em"><use xlink:href="#pencil-square"/></svg></span> </span></span></code></pre></div><p>Save this text file as <code>aws-credentials.txt</code>.</p><div class="admonition tip d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="tip:"><use xlink:href="#check"/></svg><span class=ps-1>Tip</span></div><div class=admonition-content>The <a href=https://docs.upbound.io/providers/provider-aws/authentication/>Authentication</a> section of the AWS Provider documentation describes other authentication methods.</div></div><h3 id=create-a-kubernetes-secret-with-the-aws-credentials>Create a Kubernetes secret with the AWS credentials <a class=anchor-link id=create-a-kubernetes-secret-with-the-aws-credentials href=#create-a-kubernetes-secret-with-the-aws-credentials aria-label="Link to this section: Create a Kubernetes secret with the AWS credentials"></a></h3><p>A Kubernetes generic secret has a name and contents.<br>Use <code><highlight-term id=1731573033991124008 data-label=kube-create-secret data-line=1>kubectl create secret</highlight-term></code><br>to generate the secret object named <code><highlight-term id=1731573033991144828 data-label=kube-create-secret data-line=2>aws-secret</highlight-term></code><br>in the <code><highlight-term id=1731573033991171424 data-label=kube-create-secret data-line=3>crossplane-system</highlight-term></code> namespace.</p><p>Use the <code><highlight-term id=1731573033991191629 data-label=kube-create-secret data-line=4>--from-file=</highlight-term></code> argument to set the value to the contents of the <code><highlight-term id=1731573033991210416 data-label=kube-create-secret data-line=4>aws-credentials.txt</highlight-term></code> file.</p><div class=highlight label=kube-create-secret copy-lines=all><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-2-1><a class=lnlinks href=#hl-2-1>1</a></span><span class=cl>kubectl create secret <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-2-2><a class=lnlinks href=#hl-2-2>2</a></span><span class=cl><span class=se></span>generic aws-secret <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-2-3><a class=lnlinks href=#hl-2-3>3</a></span><span class=cl><span class=se></span>-n crossplane-system <span class=se>\ </span></span></span><span class=line><span class=ln id=hl-2-4><a class=lnlinks href=#hl-2-4>4</a></span><span class=cl><span class=se></span>--from-file<span class=o>=</span><span class=nv>creds</span><span class=o>=</span>./aws-credentials.txt </span></span></code></pre></div><p>View the secret with <code>kubectl describe secret</code></p><div class="admonition tip d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="tip:"><use xlink:href="#check"/></svg><span class=ps-1>Tip</span></div><div class=admonition-content>The size may be larger if there are extra blank spaces in your text file.</div></div><div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-3-1><a class=lnlinks href=#hl-3-1> 1</a></span><span class=cl>kubectl describe secret aws-secret -n crossplane-system </span></span><span class=line><span class=ln id=hl-3-2><a class=lnlinks href=#hl-3-2> 2</a></span><span class=cl>Name: aws-secret </span></span><span class=line><span class=ln id=hl-3-3><a class=lnlinks href=#hl-3-3> 3</a></span><span class=cl>Namespace: crossplane-system </span></span><span class=line><span class=ln id=hl-3-4><a class=lnlinks href=#hl-3-4> 4</a></span><span class=cl>Labels: <none> </span></span><span class=line><span class=ln id=hl-3-5><a class=lnlinks href=#hl-3-5> 5</a></span><span class=cl>Annotations: <none> </span></span><span class=line><span class=ln id=hl-3-6><a class=lnlinks href=#hl-3-6> 6</a></span><span class=cl> </span></span><span class=line><span class=ln id=hl-3-7><a class=lnlinks href=#hl-3-7> 7</a></span><span class=cl>Type: Opaque </span></span><span class=line><span class=ln id=hl-3-8><a class=lnlinks href=#hl-3-8> 8</a></span><span class=cl> </span></span><span class=line><span class=ln id=hl-3-9><a class=lnlinks href=#hl-3-9> 9</a></span><span class=cl><span class=nv>Data</span> </span></span><span class=line><span class=ln id=hl-3-10><a class=lnlinks href=#hl-3-10>10</a></span><span class=cl><span class=o>====</span> </span></span><span class=line><span class=ln id=hl-3-11><a class=lnlinks href=#hl-3-11>11</a></span><span class=cl>creds: <span class=m>114</span> bytes </span></span></code></pre></div><h2 id=create-a-providerconfig>Create a ProviderConfig <a class=anchor-link id=create-a-providerconfig href=#create-a-providerconfig aria-label="Link to this section: Create a ProviderConfig"></a></h2><p>A <code><highlight-term id=1731573033991269845 data-label=providerconfig data-line=3>ProviderConfig</highlight-term></code> customizes the settings of the AWS Provider.</p><p>Apply the <code><highlight-term id=1731573033991288856 data-label=providerconfig data-line=3>ProviderConfig</highlight-term></code> with the this Kubernetes configuration file:</p><div class=highlight label=providerconfig copy-lines=all><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><span class=line><span class=ln id=hl-4-1><a class=lnlinks href=#hl-4-1> 1</a></span><span class=cl><span class=l>cat <<EOF | kubectl apply -f -</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-2><a class=lnlinks href=#hl-4-2> 2</a></span><span class=cl><span class=w></span><span class=nt>apiVersion</span><span class=p>:</span><span class=w> </span><span class=l>aws.upbound.io/v1beta1</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-3><a class=lnlinks href=#hl-4-3> 3</a></span><span class=cl><span class=w></span><span class=nt>kind</span><span class=p>:</span><span class=w> </span><span class=l>ProviderConfig</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-4><a class=lnlinks href=#hl-4-4> 4</a></span><span class=cl><span class=w></span><span class=nt>metadata</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-5><a class=lnlinks href=#hl-4-5> 5</a></span><span class=cl><span class=w> </span><span class=nt>name</span><span class=p>:</span><span class=w> </span><span class=l>default</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-6><a class=lnlinks href=#hl-4-6> 6</a></span><span class=cl><span class=w></span><span class=nt>spec</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-7><a class=lnlinks href=#hl-4-7> 7</a></span><span class=cl><span class=w> </span><span class=nt>credentials</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-8><a class=lnlinks href=#hl-4-8> 8</a></span><span class=cl><span class=w> </span><span class=nt>source</span><span class=p>:</span><span class=w> </span><span class=l>Secret</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-9><a class=lnlinks href=#hl-4-9> 9</a></span><span class=cl><span class=w> </span><span class=nt>secretRef</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-10><a class=lnlinks href=#hl-4-10>10</a></span><span class=cl><span class=w> </span><span class=nt>namespace</span><span class=p>:</span><span class=w> </span><span class=l>crossplane-system</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-11><a class=lnlinks href=#hl-4-11>11</a></span><span class=cl><span class=w> </span><span class=nt>name</span><span class=p>:</span><span class=w> </span><span class=l>aws-secret</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-12><a class=lnlinks href=#hl-4-12>12</a></span><span class=cl><span class=w> </span><span class=nt>key</span><span class=p>:</span><span class=w> </span><span class=l>creds</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-4-13><a class=lnlinks href=#hl-4-13>13</a></span><span class=cl><span class=w></span><span class=l>EOF</span><span class=w> </span></span></span></code></pre></div><p>This attaches the AWS credentials, saved as a Kubernetes secret, as a <code><highlight-term id=1731573033991310719 data-label=providerconfig data-line=9>secretRef</highlight-term></code>.</p><p>The <code><highlight-term id=1731573033991334743 data-label=providerconfig data-line=11>spec.credentials.secretRef.name</highlight-term></code> value is the name of the Kubernetes secret containing the AWS credentials in the <code><highlight-term id=1731573033991354413 data-label=providerconfig data-line=10>spec.credentials.secretRef.namespace</highlight-term></code>.</p><h2 id=create-a-managed-resource>Create a managed resource <a class=anchor-link id=create-a-managed-resource href=#create-a-managed-resource aria-label="Link to this section: Create a managed resource"></a></h2><p>A <em>managed resource</em> is anything Crossplane creates and manages outside of the Kubernetes cluster.</p><p>This guide creates an AWS S3 bucket with Crossplane.</p><p>The S3 bucket is a <em>managed resource</em>.</p><div class="admonition tip d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="tip:"><use xlink:href="#check"/></svg><span class=ps-1>Tip</span></div><div class=admonition-content>AWS S3 bucket names must be globally unique. To generate a unique name the example uses a random hash. Any unique name is acceptable.</div></div><div class=highlight label=xr><pre tabindex=0 class=chroma><code class=language-yaml data-lang=yaml><span class=line><span class=ln id=hl-5-1><a class=lnlinks href=#hl-5-1> 1</a></span><span class=cl><span class=l>cat <<EOF | kubectl create -f -</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-2><a class=lnlinks href=#hl-5-2> 2</a></span><span class=cl><span class=w></span><span class=nt>apiVersion</span><span class=p>:</span><span class=w> </span><span class=l>s3.aws.upbound.io/v1beta1</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-3><a class=lnlinks href=#hl-5-3> 3</a></span><span class=cl><span class=w></span><span class=nt>kind</span><span class=p>:</span><span class=w> </span><span class=l>Bucket</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-4><a class=lnlinks href=#hl-5-4> 4</a></span><span class=cl><span class=w></span><span class=nt>metadata</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-5><a class=lnlinks href=#hl-5-5> 5</a></span><span class=cl><span class=w> </span><span class=nt>generateName</span><span class=p>:</span><span class=w> </span><span class=l>crossplane-bucket-</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-6><a class=lnlinks href=#hl-5-6> 6</a></span><span class=cl><span class=w></span><span class=nt>spec</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-7><a class=lnlinks href=#hl-5-7> 7</a></span><span class=cl><span class=w> </span><span class=nt>forProvider</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-8><a class=lnlinks href=#hl-5-8> 8</a></span><span class=cl><span class=w> </span><span class=nt>region</span><span class=p>:</span><span class=w> </span><span class=l>us-east-2</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-9><a class=lnlinks href=#hl-5-9> 9</a></span><span class=cl><span class=w> </span><span class=nt>providerConfigRef</span><span class=p>:</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-10><a class=lnlinks href=#hl-5-10>10</a></span><span class=cl><span class=w> </span><span class=nt>name</span><span class=p>:</span><span class=w> </span><span class=l>default</span><span class=w> </span></span></span><span class=line><span class=ln id=hl-5-11><a class=lnlinks href=#hl-5-11>11</a></span><span class=cl><span class=w></span><span class=l>EOF</span><span class=w> </span></span></span></code></pre></div><p>The <code><highlight-term id=1731573033991416036 data-label=xr data-line=3>apiVersion</highlight-term></code> and <code><highlight-term id=1731573033991436243 data-label=xr data-line=4>kind</highlight-term></code> are from the provider’s CRDs.</p><p>The <code><highlight-term id=1731573033991455194 data-label=xr data-line=6>metadata.name</highlight-term></code> value is the name of the created S3 bucket in AWS.<br>This example uses the generated name <code>crossplane-bucket-<hash></code> in the <code><highlight-term id=1731573033991472667 data-label=xr data-line=6>$bucket</highlight-term></code> variable.</p><p>The <code><highlight-term id=1731573033991490262 data-label=xr data-line=9>spec.forProvider.region</highlight-term></code> tells AWS which AWS region to use when deploying resources.</p><p>The region can be any <a href=https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints>AWS Regional endpoint</a> code.</p><p>Use <code>kubectl get buckets</code> to verify Crossplane created the bucket.</p><div class="admonition tip d-flex flex-column mx-4 p-0"><div class=admonition-title><svg class="bi flex-shrink-0" role="img" aria-label="tip:"><use xlink:href="#check"/></svg><span class=ps-1>Tip</span></div><div class=admonition-content>Crossplane created the bucket when the values <code>READY</code> and <code>SYNCED</code> are <code>True</code>.<br>This may take up to 5 minutes.</div></div><div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-6-1><a class=lnlinks href=#hl-6-1>1</a></span><span class=cl>kubectl get buckets </span></span><span class=line><span class=ln id=hl-6-2><a class=lnlinks href=#hl-6-2>2</a></span><span class=cl>NAME READY SYNCED EXTERNAL-NAME AGE </span></span><span class=line><span class=ln id=hl-6-3><a class=lnlinks href=#hl-6-3>3</a></span><span class=cl>crossplane-bucket-hhdzh True True crossplane-bucket-hhdzh 5s </span></span></code></pre></div><h2 id=delete-the-managed-resource>Delete the managed resource <a class=anchor-link id=delete-the-managed-resource href=#delete-the-managed-resource aria-label="Link to this section: Delete the managed resource"></a></h2><p>Before shutting down your Kubernetes cluster, delete the S3 bucket just created.</p><p>Use <code>kubectl delete bucket <bucketname></code> to remove the bucket.</p><div class=highlight copy-lines=1><pre tabindex=0 class=chroma><code class=language-shell data-lang=shell><span class=line><span class=ln id=hl-7-1><a class=lnlinks href=#hl-7-1>1</a></span><span class=cl>kubectl delete bucket crossplane-bucket-hhdzh </span></span><span class=line><span class=ln id=hl-7-2><a class=lnlinks href=#hl-7-2>2</a></span><span class=cl>bucket.s3.aws.upbound.io <span class=s2>"crossplane-bucket-hhdzh"</span> deleted </span></span></code></pre></div><h2 id=next-steps>Next steps <a class=anchor-link id=next-steps href=#next-steps aria-label="Link to this section: Next steps"></a></h2><ul><li><a href=https://docs.crossplane.io/latest/getting-started/provider-aws-part-2/><strong>Continue to part 2</strong></a> to create and use a custom API with Crossplane.</li><li>Explore AWS resources that Crossplane can configure in the <a href=https://marketplace.upbound.io/providers/upbound/provider-family-aws/>Provider CRD reference</a>.</li><li>Join the <a href=https://slack.crossplane.io/>Crossplane Slack</a> and connect with Crossplane users and contributors.</li></ul></div></main></div><footer class="bd-footer p-5"><div class="container text-center"><div class="row pb-5 top-row"><div class="col-lg img-col"><img src=/img/crossplane-logo.svg alt="Crossplane logo" srcset="/img/crossplane-logo.svg 1x, /img/crossplane-logo.svg 2x" width=185 height=40 decoding=async data-nimg=future loading=lazy class="d-flex crossplane-footer"></div><div class="col-lg links-col d-fill justify-content-evenly ms-5"><div class=row><div class=col-lg><a class=footer-link target=_blank href=https://twitter.com/crossplane_io>Twitter</a></div><div class=col-lg><a class=footer-link target=_blank href=https://www.youtube.com/channel/UC19FgzMBMqBro361HbE46Fw>Youtube</a></div><div class=col-lg><a class=footer-link target=_blank href="https://www.youtube.com/playlist?list=PL510POnNVaaYFuK-B_SIUrpIonCtLVOzT">Podcast</a></div><div class=col-lg><a class=footer-link target=_blank href=https://groups.google.com/g/crossplane-dev>Forum</a></div></div></div></div><div class="row pb-5"><div class="col-lg copyright-col pe-4 border-end"><p>© Crossplane Authors 2024. Documentation distributed under <a target=_blank href=https://creativecommons.org/licenses/by/4.0/>CC-BY-4.0</a>.</p><p>© 2024 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our <a target=_blank href=https://www.linuxfoundation.org/legal/trademark-usage>Trademark Usage</a> page.</p></div><div class="col-lg cncf-col ms-5"><a class=d-flex target=_blank href=https://www.cncf.io/><img alt=cncfLogo src=/img/cncf-white.webp width=702 height=114 decoding=async data-nimg=future loading=lazy class="cncf-footer py-3"></a><p class=d-flex>We are a Cloud Native Computing Foundation incubating project.</p></div></div></div></footer><script src=https://docs.crossplane.io/js/main-727bf178.bundle.min.js data-no-instant></script><script type=text/javascript>(function(e,t,n,s,o,i,a){e[n]=e[n]||function(){(e[n].q=e[n].q||[]).push(arguments)},i=t.createElement(s),i.async=1,i.src="https://www.clarity.ms/tag/"+o,a=t.getElementsByTagName(s)[0],a.parentNode.insertBefore(i,a)})(window,document,"clarity","script","el5517lxor")</script> <script>(function(e,t,n,s,o){e[s]=e[s]||[],e[s].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});var a=t.getElementsByTagName(n)[0],i=t.createElement(n),r=s!="dataLayer"?"&l="+s:"";i.async=!0,i.src="https://www.googletagmanager.com/gtm.js?id="+o+r,a.parentNode.insertBefore(i,a)})(window,document,"script","dataLayer","GTM-WFF2NQHG")</script><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WFF2NQHG" height=0 width=0 style=display:none;visibility:hidden></iframe></noscript><script type=text/javascript>adroll_adv_id="B4XQTO44VJFVDGCGM332GU",adroll_pix_id="6ROIBHUPMVCSXN7HHIKJTK",adroll_version="2.0",function(e,t,n,s,o){e.__adroll_loaded=!0,e.adroll=e.adroll||[],e.adroll.f=["setProperties","identify","track"];var i="https://s.adroll.com/j/"+adroll_adv_id+"/roundtrip.js";for(o=0;o<e.adroll.f.length;o++)e.adroll[e.adroll.f[o]]=e.adroll[e.adroll.f[o]]||function(t){return function(){e.adroll.push([t,arguments])}}(e.adroll.f[o]);n=t.createElement("script"),s=t.getElementsByTagName("script")[0],n.async=1,n.src=i,s.parentNode.insertBefore(n,s)}(window,document),adroll.track("pageView")</script><script src=https://cdn.jsdelivr.net/npm/@docsearch/js@3></script> <script>docsearch({container:"#docSearch",appId:"9UXKYX61NK",indexName:"crossplane",apiKey:"e07e181044d561f6a4cb7261931d980a",placeholder:"Search the docs"})</script></body></html>