A comprehensive Crossplane Configuration package that provides Composite Resource Definitions (XRDs) for AWS Elemental media services on Kubernetes.

This configuration package enables you to provision and manage AWS Elemental media services infrastructure using Kubernetes-native APIs through Crossplane. It provides high-level abstractions for complex media workflows while maintaining the flexibility and power of AWS Elemental services.

• Crossplane v2 Compatible: Full compatibility with Crossplane v2.0.2+
• Namespace Support: Added namespace support for Crossplane v2 Managed Resources
• Media Connect Service Endpoints: MediaConnect flows now export endpoints as Kubernetes services for easier integration
• Updated Dependencies: All AWS providers upgraded to v2 for improved stability and features
• Enhanced Schema: XR definitions updated to match Crossplane v2 schema requirements

• AWS Elemental MediaConnect - Secure, reliable live video transport with Kubernetes service endpoint exports
• AWS Elemental MediaConvert - File-based video transcoding service
• AWS Elemental MediaLive - Live video processing service
• AWS Elemental MediaPackage - Video origination and packaging service
• AWS Elemental MediaPackage V2 - Next-generation video packaging
• AWS Elemental MediaStore - Storage service optimized for media (planned)
• AWS Elemental MediaTailor - Video personalization and monetization (planned)

• Event-Driven Workflows: Define event-driven media workflows with template-based orchestration
• Workflow Templates: Reusable workflow templates for common media processing patterns
• Multi-Service Integration: Seamless integration between different AWS Elemental services
• Kubernetes Native: Manage media infrastructure using familiar Kubernetes tooling
• Service Discovery: MediaConnect flows automatically expose endpoints as Kubernetes services
• GitOps Ready: Version control and automate media infrastructure deployments
• Composition Functions: Advanced resource composition using Go templating and auto-ready functions

• Bridge - Connect cloud and on-premises video workflows
• Flow - Transport live video content over IP networks with automatic Kubernetes service endpoint creation
• Gateway - Connect on-premises equipment to MediaConnect flows

• JobTemplate - Standardize video transcoding workflows

• MultiplexProgram - Combine multiple video streams into transport streams
• Network - Manage IP address pools and routing configurations

• OriginEndpoint - Package and deliver live video content

• Channel - Ingest and process live video content with enhanced features
• ChannelGroup - Organize and manage collections of related channels

• Event - Event-driven workflow execution with template-based configuration
• WorkflowTemplate - Reusable workflow templates with parameterization
• Workflow - Complex multi-step workflows with resource dependencies

Before using this configuration, ensure you have:

1. Kubernetes Cluster (v1.20+)
2. Crossplane (v2.0.2+) installed in your cluster
3. AWS Account with appropriate permissions for Elemental services
4. AWS CLI configured (for initial setup)

If you haven't already installed Crossplane v2:

helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update
helm install crossplane crossplane-stable/crossplane \
  --namespace crossplane-system \
  --create-namespace \
  --version ">=1.17.0"

The configuration will automatically install dependencies, but you can install them manually:

# Apply the functions
kubectl apply -f examples/functions.yaml
# Apply the providers
kubectl apply -f examples/providers.yaml

kubectl apply -f - <<EOF
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
  name: configuration-aws-elemental
spec:
  package: xpkg.upbound.io/livewyer-ops/configuration-aws-elemental:v2.0.0
EOF

kubectl apply -f examples/rbac.yaml

SA=$(kubectl -n crossplane-system get sa -o name | grep provider-kubernetes | sed -e 's|serviceaccount\/|crossplane-system:|g')
kubectl create clusterrolebinding provider-kubernetes-admin-binding --clusterrole cluster-admin --serviceaccount="${SA}"

kubectl apply -f - <<EOF
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: kubernetes-provider
spec:
  credentials:
    source: InjectedIdentity
EOF

Create AWS credentials and configure the provider:

1. Create an AWS IAM user with the following managed policies:

   • AWSElementalMediaConvertFullAccess
   • AWSElementalMediaLiveFullAccess
   • AWSElementalMediaPackageFullAccess
   • AWSElementalMediaStoreFullAccess
   • Custom policy for MediaConnect (see below)

2. Create a Kubernetes Secret with AWS credentials:

kubectl create secret generic provider-aws -n crossplane-system \
  --from-literal=credentials='[default]
aws_access_key_id = YOUR_ACCESS_KEY_ID
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY'

3. Create the ProviderConfig:

kubectl apply -f - <<EOF
apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: aws
spec:
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: provider-aws
      key: credentials
EOF

1. Create an IAM role with the required policies
2. Associate the role with a Kubernetes service account:

kubectl apply -f - <<EOF
apiVersion: aws.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: aws
spec:
  credentials:
    source: InjectedIdentity
EOF

Create a custom IAM policy for MediaConnect and other services:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "mediaconnect:*",
        "medialive:*",
        "mediapackage:*",
        "mediapackagev2:*",
        "mediastore:*",
        "mediaconvert:*",
        "mediatailor:*",
        "cloudformation:*",
        "iam:PassRole",
        "iam:CreateRole",
        "iam:CreatePolicy",
        "iam:AttachRolePolicy",
        "iam:ListRoles",
        "iam:GetRole",
        "iam:GetPolicy",
        "ec2:DescribeVpcs",
        "ec2:DescribeSubnets",
        "ec2:DescribeSecurityGroups",
        "ec2:CreateSecurityGroup",
        "ec2:AuthorizeSecurityGroupIngress",
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "*"
    }
  ]
}

apiVersion: medialive.aws.livewyer.io/v1alpha1
kind: Network
metadata:
  name: my-media-network
  namespace: media-services # Namespace support in v2
spec:
  providerConfigRef:
    kind: ProviderConfig
    name: aws
  forProvider:
    region: us-east-1
    ipPools:
      - Cidr: 192.168.1.0/24

apiVersion: mediaconnect.aws.livewyer.io/v1alpha1
kind: Flow
metadata:
  name: my-media-flow
  namespace: media-services
  labels:
    mediaconnect.aws.livewyer.io/flow: my-media-flow
spec:
  providerConfigRef:
    kind: ProviderConfig
    name: aws
  forProvider:
    region: us-east-1
    flowSize: MEDIUM
    source:
      Name: my-source
      Protocol: zixi-push
      IngestPort: 2088
      WhitelistCidr: 0.0.0.0/0
    sourceMonitoringConfig:
      ThumbnailState: ENABLED

The MediaConnect Flow will automatically create a Kubernetes Service endpoint that can be referenced by other resources:

# Automatically created service
apiVersion: v1
kind: Service
metadata:
  name: my-media-flow-endpoint
  namespace: media-services
spec:
  type: ExternalName
  externalName: <flow-ingest-ip>.mediaconnect.us-east-1.amazonaws.com
  ports:
    - port: 2088
      protocol: UDP

apiVersion: elemental.aws.livewyer.io/v1alpha1
kind: Event
metadata:
  name: live-streaming-event
  namespace: media-services
spec:
  providerConfigRef:
    kind: ProviderConfig
    name: aws
  forProvider:
    region: us-east-1
  workflowTemplate:
    id: workflow-usecase-1
    parameters:
      network: 192.168.1.0/24
      iamRole: arn:aws:iam::123456789012:role/MediaLiveAccessRole

apiVersion: elemental.aws.livewyer.io/v1alpha1
kind: WorkflowTemplate
metadata:
  name: standard-live-workflow
  namespace: media-services
spec:
  steps:
    - name: setup-network
      resources:
        - name: media-network
          spec:
            apiVersion: medialive.aws.livewyer.io/v1alpha1
            kind: Network
            spec:
              forProvider:
                ipPools:
                  - Cidr: "{{ network }}"
    - name: create-packaging
      resources:
        - name: package-channel
          spec:
            apiVersion: mediapackagev2.aws.livewyer.io/v1alpha1
            kind: ChannelGroup
            spec:
              forProvider:
                channelGroupName: live-content
                description: "Live streaming content group"

See the complete workflow examples in the examples/ directory:

• workflow.yaml - Multi-step workflow with dependencies
• workflow-template.yaml - Reusable workflow template
• event.yaml - Event-driven workflow execution
• Individual service examples in respective subdirectories

├── apis/                    # Composite Resource Definitions
│   ├── event/              # Event-driven workflow XRDs
│   ├── mediaconnect/       # MediaConnect XRDs
│   │   ├── bridge/         # Bridge resource
│   │   ├── flow/           # Flow resource with service export
│   │   └── gateway/        # Gateway resource
│   ├── mediaconvert/       # MediaConvert XRDs
│   │   └── jobtemplate/    # JobTemplate resource
│   ├── medialive/          # MediaLive XRDs
│   │   ├── multiplexprogram/ # MultiplexProgram resource
│   │   └── network/        # Network resource
│   ├── mediapackage/       # MediaPackage XRDs
│   │   └── originendpoint/ # OriginEndpoint resource
│   ├── mediapackagev2/     # MediaPackage V2 XRDs
│   │   ├── channel/        # Channel resource
│   │   └── channelgroup/   # ChannelGroup resource
│   ├── mediastore/         # MediaStore XRDs (planned)
│   ├── mediatailor/        # MediaTailor XRDs (planned)
│   ├── workflow/           # Workflow orchestration XRDs
│   └── workflowtemplate/   # WorkflowTemplate XRDs
├── docs/                   # Documentation
├── examples/               # Usage examples
├── functions/              # Composition functions
└── tests/                  # Test configurations

This configuration automatically installs the following dependencies:

• xpkg.upbound.io/upbound/provider-family-aws (>=v2)
• xpkg.upbound.io/upbound/provider-aws-cloudcontrol (>=v2)
• xpkg.upbound.io/upbound/provider-aws-medialive (>=v2)
• xpkg.upbound.io/upbound/provider-aws-mediapackage (>=v2)
• xpkg.upbound.io/upbound/provider-aws-mediastore (>=v2)
• xpkg.upbound.io/upbound/provider-aws-cloudformation (>=v2)
• xpkg.upbound.io/upbound/provider-kubernetes (>=v1)

• xpkg.upbound.io/upbound/function-go-templating (>=v0.10.0)
• xpkg.upbound.io/upbound/function-auto-ready (>=v0.5.0)

If you're upgrading from a previous version:

1. Update Crossplane: Ensure you're running Crossplane v2.0.2 or later
2. Update Provider Versions: All AWS providers need to be upgraded to v2
3. Namespace Support: Resources can now be deployed in any namespace (not just default)
4. Service Endpoints: MediaConnect flows automatically create Kubernetes service endpoints
5. Schema Updates: Some resource definitions have been updated to match Crossplane v2 schema

• Minimum Crossplane version is now v2.0.2
• All AWS providers require v2 versions
• Removed dependency on provider-nop
• XRD schemas updated for Crossplane v2 compatibility

Comprehensive documentation is available in the docs/ directory:

• AWS Elemental Resources Overview
• MediaConnect Resources
  • Bridge
  • Flow with Service Endpoints
  • Gateway
• MediaConvert Resources
  • JobTemplate
• MediaLive Resources
  • MultiplexProgram
  • Network
• MediaPackage Resources
  • OriginEndpoint
• MediaPackage V2 Resources
  • Channel
  • ChannelGroup
• Workflow Orchestration
  • Event
  • WorkflowTemplate
  • Workflow

1. Provider not ready: Wait for all providers to be installed and healthy

   kubectl get providers

2. Missing permissions: Ensure your AWS credentials have all required permissions

3. Region availability: Some AWS Elemental services are not available in all regions

4. Resource dependencies: Check that dependent resources are created in the correct order

5. Template parameters: Ensure all required parameters are provided when using workflow templates

6. Service endpoint not created: Check that the MediaConnect flow has the correct labels

Enable debug logging for providers:

kubectl patch deployment crossplane -n crossplane-system -p '{"spec":{"template":{"spec":{"containers":[{"name":"crossplane","args":["--debug"]}]}}}}'

Check resource status:

kubectl describe <resource-type> <resource-name> -n <namespace>

Check workflow execution:

kubectl get events --sort-by='.metadata.creationTimestamp' -n <namespace>
kubectl logs -n crossplane-system deployment/crossplane

Check MediaConnect service endpoints:

kubectl get services -n <namespace> -l mediaconnect.aws.livewyer.io/flow

• Event-driven live streaming setup with automatic resource provisioning
• Multi-camera live events with failover capabilities
• 24/7 live channels with monitoring and alerting
• Kubernetes-native service discovery for MediaConnect endpoints

• File-based transcoding workflows for VOD content
• Live transcoding and packaging for ABR streaming
• Content preparation for multiple distribution platforms

• Traditional broadcast-to-IP workflows
• Cloud-based master control and playout
• Disaster recovery and backup streaming

• Content acquisition and preparation workflows
• Quality control and compliance checking
• Multi-region content distribution

We welcome contributions! Please see our contributing guidelines and:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add/update tests and documentation
5. Submit a pull request

• Follow Crossplane v2 composition best practices
• Include comprehensive examples for new resources
• Update documentation for any new features
• Test with multiple AWS regions where applicable
• Ensure proper error handling and status reporting
• Maintain backward compatibility where possible

For support and questions:

• Create an issue in this repository
• Review existing documentation and examples
• Contact: [email protected]

• MediaStore Resources: Complete implementation of MediaStore containers and policies
• MediaTailor Resources: Ad insertion and personalization workflows
• Enhanced Monitoring: Built-in CloudWatch integration and alerting
• Cost Optimization: Automated cost optimization recommendations
• Multi-Region: Enhanced multi-region deployment capabilities
• Service Mesh Integration: Native integration with Istio/Linkerd for MediaConnect endpoints

• ✅ MediaConnect (Bridge, Flow with Service Endpoints, Gateway)
• ✅ MediaConvert (JobTemplate)
• ✅ MediaLive (MultiplexProgram, Network)
• ✅ MediaPackage (OriginEndpoint)
• ✅ MediaPackage V2 (Channel, ChannelGroup)
• ✅ Event-driven workflows
• ✅ Workflow templates
• ✅ Crossplane v2 support
• ✅ Namespace support
• 🚧 MediaStore (in development)
• 🚧 MediaTailor (in development)

This project is licensed under the MIT License - see the LICENSE file for details.

• Crossplane for the amazing cloud-native control plane
• Upbound for the AWS provider ecosystem
• AWS Elemental team for the comprehensive media services
• The open-source community for contributions and feedback

Version: v2.0.0 Maintained by: Livewyer Source: github.com/livewyer-ops/crossplane-configuration-aws-elemental Package: xpkg.upbound.io/livewyer-ops/configuration-aws-elemental