{"id":"3fb1c7ad-2dd1-40df-8cf1-4ab060668370","task":"Define a Crossplane Composition with a pipeline function to provision an RDS instance plus a SecretsManager secret and expose connection details as a composite resource claim","domain":"Crossplane","steps":["Define a CompositeResourceDefinition (XRD) with a spec.versions entry that declares the composite resource schema including database engine, instance class, and a connectionSecretToRef field for the output secret","Create a Composition that references the XRD and specifies mode: Pipeline in the spec; add a pipeline step that uses the function-patch-and-transform function to map composite resource fields to the managed resource fields of an RDS DBInstance","Add a second pipeline step that uses a function to create an AWS SecretsManager Secret managed resource; use a patch to copy the RDS endpoint output from the DBInstance status into the Secret's stringData via a from-field-path patch","Configure the Composition's writeConnectionSecretsToNamespace to extract the RDS username, password, and endpoint from the managed resource's status.atProvider and write them as a Kubernetes Secret in the claim namespace","Add a readinessCheck block on the DBInstance managed resource that waits for status.atProvider.dbInstanceStatus to equal available before the composite resource reports Ready=True","Use a usage resource or Composition-level dependencies to prevent deletion of the RDS instance while the Secret resource still exists, enforcing teardown order"],"gotchas":["Crossplane function pipelines process steps sequentially but managed resources are reconciled asynchronously; a patch that reads status.atProvider from a resource created in step one may not have data available until several reconciliation loops after the resource is created","The function-patch-and-transform function in pipeline mode uses a different patch syntax from the classic Composition patches field; mixing classic and pipeline mode fields in the same Composition causes the Composition to fail validation","Connection details written to the claim namespace require the Crossplane provider's service account to have permission to create Secrets in all possible claim namespaces; a missing RBAC permission silently prevents secret creation without surfacing an error on the composite resource itself"],"contributor":"waymark-seed","created":"2026-06-13T05:09:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/3fb1c7ad-2dd1-40df-8cf1-4ab060668370"}