From e92c9bed0ee0138e3f2c8bf5060c1b8473861c9c Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Wed, 8 Nov 2023 09:09:04 +0100
Subject: [PATCH] add: crossplane resources

---
 .../manifests/composition-bucket.yml          | 138 +++++++++++++++
 .../manifests/composition-postgres.yml        | 164 ++++++++++++++++++
 .../manifests/provider-kubernetes.yml         |   6 +
 ...-terraform.yaml => provider-terraform.yml} |   0
 projects/crossplane/manifests/xrd-bucket.yml  |  42 +++++
 .../crossplane/manifests/xrd-postgres.yml     |  48 +++++
 6 files changed, 398 insertions(+)
 create mode 100644 projects/crossplane/manifests/composition-bucket.yml
 create mode 100644 projects/crossplane/manifests/composition-postgres.yml
 create mode 100644 projects/crossplane/manifests/provider-kubernetes.yml
 rename projects/crossplane/manifests/{crossplane-plugin-terraform.yaml => provider-terraform.yml} (100%)
 create mode 100644 projects/crossplane/manifests/xrd-bucket.yml
 create mode 100644 projects/crossplane/manifests/xrd-postgres.yml

diff --git a/projects/crossplane/manifests/composition-bucket.yml b/projects/crossplane/manifests/composition-bucket.yml
new file mode 100644
index 00000000..337e917e
--- /dev/null
+++ b/projects/crossplane/manifests/composition-bucket.yml
@@ -0,0 +1,138 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  annotations:
+  labels:
+    implementation: terraform
+    provider: minio
+  name: tf-bucket.gnu.one
+spec:
+  compositeTypeRef:
+    apiVersion: s3.gnu.one/v1alpha1
+    kind: XBucket
+  mode: Resources
+  publishConnectionDetailsWithStoreConfigRef:
+    name: default
+  resources:
+  - base:
+      apiVersion: tf.upbound.io/v1beta1
+      kind: Workspace
+      spec:
+        forProvider:
+          module: |
+            terraform {
+              required_providers {
+                minio = {
+                  source = "aminueza/minio"
+                  version = "1.17.2"
+                }
+              }
+            }
+
+            variable "access_key" {
+              description = "S3 Access Key"
+              type        = string
+            }
+
+            variable "secret_key" {
+              description = "S2 Secret Key"
+              type        = string
+              sensitive   = true
+            }
+
+            variable "name" {
+              description = "Name of Bucket & Service Account"
+              type        = string
+            }
+
+            variable "endpoint" {
+              description = "Minio Endpoint"
+              type        = string
+              default     = "s3-minio.s3.svc.cluster.local:9000"
+            }
+
+            provider "minio" {
+              minio_server   = var.endpoint
+              minio_user     = var.access_key
+              minio_password = var.secret_key
+            }
+
+            resource "minio_s3_bucket" "bucket" {
+              bucket        = var.name
+              acl           = "private"
+              force_destroy = false
+            }
+
+            resource "minio_iam_policy" "policy" {
+              name = var.name
+              policy= <<EOF
+            {
+             "Version": "2012-10-17",
+             "Statement": [
+              {
+               "Effect": "Allow",
+               "Action": [
+                "s3:*"
+               ],
+               "Resource": [
+                "arn:aws:s3:::${var.name}/*",
+                "arn:aws:s3:::${var.name}"
+               ]
+              }
+             ]
+            }
+            EOF
+            }
+
+            resource "minio_iam_user" "user" {
+              name          = var.name
+              force_destroy = true
+            }
+
+            resource "minio_iam_user_policy_attachment" "policy_to_user" {
+              user_name   = minio_iam_user.user.id
+              policy_name = minio_iam_policy.policy.id
+            }
+
+            resource "minio_iam_service_account" "service_account" {
+              target_user = minio_iam_user.user.name
+            }
+
+            output "endpoint" {
+              value = var.endpoint
+            }
+
+            output "access_key" {
+              value = minio_iam_service_account.service_account.access_key
+            }
+
+            output "secret_key" {
+              value     = minio_iam_service_account.service_account.secret_key
+              sensitive = true
+            }
+          source: Inline
+          varFiles:
+          - format: JSON
+            secretKeyRef:
+              key: secret.json
+              name: terraform
+              namespace: crossplane-system
+            source: SecretKey
+          vars:
+          - key: name
+          - key: endpoint
+            value: s3-minio.s3.svc.cluster.local:9000
+        writeConnectionSecretToRef:
+          name: s3-bucket
+          namespace: default
+    name: tf-bucket-and-user
+    patches:
+    - fromFieldPath: spec.name
+      toFieldPath: spec.forProvider.vars[0].value
+      type: FromCompositeFieldPath
+    - fromFieldPath: spec.claimRef.namespace
+      toFieldPath: spec.writeConnectionSecretToRef.namespace
+      type: FromCompositeFieldPath
+    - fromFieldPath: spec.secretName
+      toFieldPath: spec.writeConnectionSecretToRef.name
+      type: FromCompositeFieldPath
diff --git a/projects/crossplane/manifests/composition-postgres.yml b/projects/crossplane/manifests/composition-postgres.yml
new file mode 100644
index 00000000..954a1b96
--- /dev/null
+++ b/projects/crossplane/manifests/composition-postgres.yml
@@ -0,0 +1,164 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  labels:
+    provider: cnpg
+  name: postgres.gnu.one
+spec:
+  compositeTypeRef:
+    apiVersion: db.gnu.one/v1alpha2
+    kind: XPostgres
+  mode: Resources
+  patchSets:
+  - name: common
+    patches:
+    - fromFieldPath: spec.name
+      toFieldPath: spec.forProvider.manifest.metadata.name
+      type: FromCompositeFieldPath
+    - fromFieldPath: spec.name
+      toFieldPath: spec.forProvider.manifest.spec.name
+      type: FromCompositeFieldPath
+    - fromFieldPath: metadata.labels[crossplane.io/claim-namespace]
+      toFieldPath: spec.forProvider.manifest.metadata.namespace
+      type: FromCompositeFieldPath
+  publishConnectionDetailsWithStoreConfigRef:
+    name: default
+  resources:
+  - base:
+      apiVersion: kubernetes.crossplane.io/v1alpha1
+      kind: Object
+      spec:
+        forProvider:
+          manifest:
+            apiVersion: s3.gnu.one/v1alpha1
+            kind: Bucket
+            metadata:
+              namespace: namespace
+            spec:
+              name: name
+    name: bucket
+    patches:
+    - patchSetName: common
+      type: PatchSet
+    readinessChecks:
+    - matchCondition:
+        status: "True"
+        type: Ready
+      type: MatchCondition
+  - base:
+      apiVersion: kubernetes.crossplane.io/v1alpha1
+      kind: Object
+      spec:
+        forProvider:
+          manifest:
+            apiVersion: postgresql.cnpg.io/v1
+            kind: Cluster
+            metadata:
+              namespace: namespace
+            spec:
+              backup:
+                barmanObjectStore:
+                  data:
+                    compression: gzip
+                  destinationPath: s3://backup
+                  endpointURL: http://s3-minio.s3.svc.cluster.local:9000
+                  s3Credentials:
+                    accessKeyId:
+                      key: access_key
+                      name: bucket-creds
+                    secretAccessKey:
+                      key: secret_key
+                      name: bucket-creds
+                  wal:
+                    compression: gzip
+                retentionPolicy: 90d
+              bootstrap:
+                initdb:
+                  database: app
+                  owner: app
+              externalClusters:
+              - barmanObjectStore:
+                  destinationPath: s3://bucket/
+                  endpointURL: http://s3-minio.s3.svc.cluster.local:9000
+                  s3Credentials:
+                    accessKeyId:
+                      key: access_key
+                      name: bucket-creds
+                    secretAccessKey:
+                      key: secret_key
+                      name: bucket-creds
+                  wal:
+                    maxParallel: 8
+                name: db
+              imageName: ghcr.io/cloudnative-pg/postgresql:15
+              instances: 1
+              resources:
+                limits:
+                  cpu: "1"
+                  memory: 1Gi
+                requests:
+                  cpu: 50m
+                  memory: 64Mi
+              storage:
+                size: 10Gi
+    name: postgres-db
+    patches:
+    - patchSetName: common
+      type: PatchSet
+    - fromFieldPath: spec.name
+      toFieldPath: spec.forProvider.manifest.spec.backup.barmanObjectStore.destinationPath
+      transforms:
+      - string:
+          fmt: s3://%s/
+          type: Format
+        type: string
+      type: FromCompositeFieldPath
+    - fromFieldPath: spec.instances
+      toFieldPath: spec.forProvider.manifest.spec.instances
+      type: FromCompositeFieldPath
+    - fromFieldPath: spec.name
+      toFieldPath: spec.forProvider.manifest.spec.externalClusters[0].barmanObjectStore.destinationPath
+      transforms:
+      - string:
+          fmt: s3://%s/
+          type: Format
+        type: string
+      type: FromCompositeFieldPath
+    - fromFieldPath: spec.storage.size
+      toFieldPath: spec.forProvider.manifest.spec.storage.size
+      type: FromCompositeFieldPath
+    - fromFieldPath: spec.storage.class
+      toFieldPath: spec.forProvider.manifest.spec.storage.storageClass
+      type: FromCompositeFieldPath
+    readinessChecks:
+    - matchCondition:
+        status: "True"
+        type: Ready
+      type: MatchCondition
+  - base:
+      apiVersion: kubernetes.crossplane.io/v1alpha1
+      kind: Object
+      spec:
+        forProvider:
+          manifest:
+            apiVersion: postgresql.cnpg.io/v1
+            kind: ScheduledBackup
+            metadata:
+              namespace: namespace
+            spec:
+              backupOwnerReference: self
+              cluster:
+                name: name
+              schedule: 0 0 * * * *
+    name: postgres-backup
+    patches:
+    - patchSetName: common
+      type: PatchSet
+    - fromFieldPath: spec.name
+      toFieldPath: spec.forProvider.manifest.spec.cluster.name
+      type: FromCompositeFieldPath
+    readinessChecks:
+    - matchCondition:
+        status: "True"
+        type: Ready
+      type: MatchCondition
diff --git a/projects/crossplane/manifests/provider-kubernetes.yml b/projects/crossplane/manifests/provider-kubernetes.yml
new file mode 100644
index 00000000..dfe5e6e7
--- /dev/null
+++ b/projects/crossplane/manifests/provider-kubernetes.yml
@@ -0,0 +1,6 @@
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+  name: provider-kubernetes
+spec:
+  package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.9.0
diff --git a/projects/crossplane/manifests/crossplane-plugin-terraform.yaml b/projects/crossplane/manifests/provider-terraform.yml
similarity index 100%
rename from projects/crossplane/manifests/crossplane-plugin-terraform.yaml
rename to projects/crossplane/manifests/provider-terraform.yml
diff --git a/projects/crossplane/manifests/xrd-bucket.yml b/projects/crossplane/manifests/xrd-bucket.yml
new file mode 100644
index 00000000..b77549e4
--- /dev/null
+++ b/projects/crossplane/manifests/xrd-bucket.yml
@@ -0,0 +1,42 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  name: xbuckets.s3.gnu.one
+spec:
+  claimNames:
+    kind: Bucket
+    plural: buckets
+  defaultCompositeDeletePolicy: Background
+  defaultCompositionUpdatePolicy: Automatic
+  group: s3.gnu.one
+  names:
+    kind: XBucket
+    plural: xbuckets
+  versions:
+  - name: v1alpha1
+    referenceable: true
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              name:
+                description: Name of the Bucket to create
+                type: string
+              secretName:
+                default: bucket-creds
+                description: Name of secret to write credentials to
+                type: string
+            required:
+            - name
+            type: object
+          status:
+            description: A Status represents the observed state
+            properties:
+              share:
+                description: Freeform field containing status information
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+            type: object
+        type: object
+    served: true
diff --git a/projects/crossplane/manifests/xrd-postgres.yml b/projects/crossplane/manifests/xrd-postgres.yml
new file mode 100644
index 00000000..8dd843e4
--- /dev/null
+++ b/projects/crossplane/manifests/xrd-postgres.yml
@@ -0,0 +1,48 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  name: xpostgres.db.gnu.one
+spec:
+  claimNames:
+    kind: Postgres
+    plural: postgres
+  defaultCompositeDeletePolicy: Background
+  defaultCompositionUpdatePolicy: Automatic
+  group: db.gnu.one
+  names:
+    kind: XPostgres
+    plural: xpostgres
+  versions:
+  - name: v1alpha2
+    referenceable: true
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              name:
+                description: Name of the DB to create
+                type: string
+              storage:
+                class:
+                  default: '-'
+                  description: Storage Class to use for DB
+                  type: string
+                size:
+                  default: 10Gi
+                  description: Size of DB Persistent Storage
+                  type: string
+                type: object
+            required:
+            - name
+            type: object
+          status:
+            description: A Status represents the observed state
+            properties:
+              share:
+                description: Freeform field containing status information
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+            type: object
+        type: object
+    served: true