add: crossplane resources

This commit is contained in:
nold 2023-11-08 09:09:04 +01:00
parent dc4759ef49
commit e92c9bed0e
6 changed files with 398 additions and 0 deletions

View file

@ -0,0 +1,138 @@
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
annotations:
labels:
implementation: terraform
provider: minio
name: tf-bucket.gnu.one
spec:
compositeTypeRef:
apiVersion: s3.gnu.one/v1alpha1
kind: XBucket
mode: Resources
publishConnectionDetailsWithStoreConfigRef:
name: default
resources:
- base:
apiVersion: tf.upbound.io/v1beta1
kind: Workspace
spec:
forProvider:
module: |
terraform {
required_providers {
minio = {
source = "aminueza/minio"
version = "1.17.2"
}
}
}
variable "access_key" {
description = "S3 Access Key"
type = string
}
variable "secret_key" {
description = "S2 Secret Key"
type = string
sensitive = true
}
variable "name" {
description = "Name of Bucket & Service Account"
type = string
}
variable "endpoint" {
description = "Minio Endpoint"
type = string
default = "s3-minio.s3.svc.cluster.local:9000"
}
provider "minio" {
minio_server = var.endpoint
minio_user = var.access_key
minio_password = var.secret_key
}
resource "minio_s3_bucket" "bucket" {
bucket = var.name
acl = "private"
force_destroy = false
}
resource "minio_iam_policy" "policy" {
name = var.name
policy= <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::${var.name}/*",
"arn:aws:s3:::${var.name}"
]
}
]
}
EOF
}
resource "minio_iam_user" "user" {
name = var.name
force_destroy = true
}
resource "minio_iam_user_policy_attachment" "policy_to_user" {
user_name = minio_iam_user.user.id
policy_name = minio_iam_policy.policy.id
}
resource "minio_iam_service_account" "service_account" {
target_user = minio_iam_user.user.name
}
output "endpoint" {
value = var.endpoint
}
output "access_key" {
value = minio_iam_service_account.service_account.access_key
}
output "secret_key" {
value = minio_iam_service_account.service_account.secret_key
sensitive = true
}
source: Inline
varFiles:
- format: JSON
secretKeyRef:
key: secret.json
name: terraform
namespace: crossplane-system
source: SecretKey
vars:
- key: name
- key: endpoint
value: s3-minio.s3.svc.cluster.local:9000
writeConnectionSecretToRef:
name: s3-bucket
namespace: default
name: tf-bucket-and-user
patches:
- fromFieldPath: spec.name
toFieldPath: spec.forProvider.vars[0].value
type: FromCompositeFieldPath
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: spec.secretName
toFieldPath: spec.writeConnectionSecretToRef.name
type: FromCompositeFieldPath

View file

@ -0,0 +1,164 @@
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
labels:
provider: cnpg
name: postgres.gnu.one
spec:
compositeTypeRef:
apiVersion: db.gnu.one/v1alpha2
kind: XPostgres
mode: Resources
patchSets:
- name: common
patches:
- fromFieldPath: spec.name
toFieldPath: spec.forProvider.manifest.metadata.name
type: FromCompositeFieldPath
- fromFieldPath: spec.name
toFieldPath: spec.forProvider.manifest.spec.name
type: FromCompositeFieldPath
- fromFieldPath: metadata.labels[crossplane.io/claim-namespace]
toFieldPath: spec.forProvider.manifest.metadata.namespace
type: FromCompositeFieldPath
publishConnectionDetailsWithStoreConfigRef:
name: default
resources:
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: s3.gnu.one/v1alpha1
kind: Bucket
metadata:
namespace: namespace
spec:
name: name
name: bucket
patches:
- patchSetName: common
type: PatchSet
readinessChecks:
- matchCondition:
status: "True"
type: Ready
type: MatchCondition
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
namespace: namespace
spec:
backup:
barmanObjectStore:
data:
compression: gzip
destinationPath: s3://backup
endpointURL: http://s3-minio.s3.svc.cluster.local:9000
s3Credentials:
accessKeyId:
key: access_key
name: bucket-creds
secretAccessKey:
key: secret_key
name: bucket-creds
wal:
compression: gzip
retentionPolicy: 90d
bootstrap:
initdb:
database: app
owner: app
externalClusters:
- barmanObjectStore:
destinationPath: s3://bucket/
endpointURL: http://s3-minio.s3.svc.cluster.local:9000
s3Credentials:
accessKeyId:
key: access_key
name: bucket-creds
secretAccessKey:
key: secret_key
name: bucket-creds
wal:
maxParallel: 8
name: db
imageName: ghcr.io/cloudnative-pg/postgresql:15
instances: 1
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 50m
memory: 64Mi
storage:
size: 10Gi
name: postgres-db
patches:
- patchSetName: common
type: PatchSet
- fromFieldPath: spec.name
toFieldPath: spec.forProvider.manifest.spec.backup.barmanObjectStore.destinationPath
transforms:
- string:
fmt: s3://%s/
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: spec.instances
toFieldPath: spec.forProvider.manifest.spec.instances
type: FromCompositeFieldPath
- fromFieldPath: spec.name
toFieldPath: spec.forProvider.manifest.spec.externalClusters[0].barmanObjectStore.destinationPath
transforms:
- string:
fmt: s3://%s/
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: spec.storage.size
toFieldPath: spec.forProvider.manifest.spec.storage.size
type: FromCompositeFieldPath
- fromFieldPath: spec.storage.class
toFieldPath: spec.forProvider.manifest.spec.storage.storageClass
type: FromCompositeFieldPath
readinessChecks:
- matchCondition:
status: "True"
type: Ready
type: MatchCondition
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
namespace: namespace
spec:
backupOwnerReference: self
cluster:
name: name
schedule: 0 0 * * * *
name: postgres-backup
patches:
- patchSetName: common
type: PatchSet
- fromFieldPath: spec.name
toFieldPath: spec.forProvider.manifest.spec.cluster.name
type: FromCompositeFieldPath
readinessChecks:
- matchCondition:
status: "True"
type: Ready
type: MatchCondition

View file

@ -0,0 +1,6 @@
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-kubernetes
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.9.0

View file

@ -0,0 +1,42 @@
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xbuckets.s3.gnu.one
spec:
claimNames:
kind: Bucket
plural: buckets
defaultCompositeDeletePolicy: Background
defaultCompositionUpdatePolicy: Automatic
group: s3.gnu.one
names:
kind: XBucket
plural: xbuckets
versions:
- name: v1alpha1
referenceable: true
schema:
openAPIV3Schema:
properties:
spec:
properties:
name:
description: Name of the Bucket to create
type: string
secretName:
default: bucket-creds
description: Name of secret to write credentials to
type: string
required:
- name
type: object
status:
description: A Status represents the observed state
properties:
share:
description: Freeform field containing status information
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
served: true

View file

@ -0,0 +1,48 @@
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xpostgres.db.gnu.one
spec:
claimNames:
kind: Postgres
plural: postgres
defaultCompositeDeletePolicy: Background
defaultCompositionUpdatePolicy: Automatic
group: db.gnu.one
names:
kind: XPostgres
plural: xpostgres
versions:
- name: v1alpha2
referenceable: true
schema:
openAPIV3Schema:
properties:
spec:
properties:
name:
description: Name of the DB to create
type: string
storage:
class:
default: '-'
description: Storage Class to use for DB
type: string
size:
default: 10Gi
description: Size of DB Persistent Storage
type: string
type: object
required:
- name
type: object
status:
description: A Status represents the observed state
properties:
share:
description: Freeform field containing status information
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
served: true