From 1e9fa3aa83a5d08f1fc4b3adc8ff76f8b3b5dde1 Mon Sep 17 00:00:00 2001 From: Christopher Haar Date: Fri, 5 Jan 2024 17:22:33 +0100 Subject: [PATCH] feat(split): split AKS, use configuration, switch to function (#48) Signed-off-by: Christopher Haar --- README.md | 76 ++++---- apis/cluster/aks/composition.yaml | 116 ------------ apis/cluster/aks/definition.yaml | 81 --------- apis/cluster/composition.yaml | 285 ++++++++++++++++-------------- crossplane.yaml | 3 + examples/cluster-claim.yaml | 2 +- 6 files changed, 205 insertions(+), 358 deletions(-) delete mode 100644 apis/cluster/aks/composition.yaml delete mode 100644 apis/cluster/aks/definition.yaml diff --git a/README.md b/README.md index 080b5cf..e276a7f 100644 --- a/README.md +++ b/README.md @@ -5,23 +5,25 @@ This repository contains a reference Azure Platform Configuration for internal cloud platforms with Azure and offer a self-service API to your internal development teams. -This platform provides APIs to provision fully configured AKS clusters, with -secure networking, and stateful cloud services (Azure PostgreSQL) designed to securely -connect to the nodes in each AKS cluster — all composed using cloud service -primitives from the [Official Upbound Azure -Provider](https://marketplace.upbound.io/providers/upbound/provider-azure). App -deployments can securely connect to the infrastructure they need using secrets +This platform offers APIs for setting up fully configured AKS clusters +with secure networking, stateful cloud services (Database) that can securely +connect to the AKS clusters, an Observability Stack, and a GitOps +System. All these components are built using cloud service tools from +the [Official Upbound Family Azure Provider](https://marketplace.upbound.io/providers/upbound/provider-family-azure). +App deployments can securely connect to the infrastructure they need using secrets distributed directly to the app namespace. ## Overview -This reference platform defines a custom API for creating an AKS cluster -([XCluster](package/cluster/definition.yaml)) which includes the actual AKS -cluster, a network fabric and Prometheus and other cluster services -([XServices](package/cluster/composition.yaml)). Additionally it defines a -custom API for provisioning Postgres Databases -([XPostgreSQLInstance](package/database/postgres/definition.yaml)). +This reference platform outlines a specialized API for generating an AKS cluster +([XCluster](apis/cluster/definition.yaml)) that incorporates XRs from the specified configurations: +* [upbound-configuration-app](https://github.com/upbound/configuration-app) +* [upbound-configuration-azure-database](https://github.com/upbound/configuration-azure-database) +* [upbound-configuration-azure-aks](https://github.com/upbound/configuration-azure-aks) +* [upbound-configuration-azure-network](https://github.com/upbound/configuration-azure-network) +* [upbound-configuration-gitops-flux](https://github.com/upbound/configuration-gitops-flux) +* [upbound-configuration-observability-oss](https://github.com/upbound/configuration-observability-oss) ```mermaid graph LR; @@ -55,7 +57,7 @@ style Postgres.MRs color:#000,fill:#81CABB,stroke:#000,stroke-width:2px ``` Learn more about Composite Resources in the [Crossplane -Docs](https://crossplane.io/docs/v1.9/concepts/composition.html). +Docs](https://docs.crossplane.io/latest/concepts/compositions/). ## Quickstart @@ -73,11 +75,10 @@ curl -sL https://cli.upbound.io | sh ``` See [up docs](https://docs.upbound.io/cli/) for more install options. -For installing the platform we need a running Crossplane control plane. We are -using [Universal Crossplane (UXP) -](https://github.com/upbound/universal-crossplane). Ensure that your kubectl -context is pointing to the correct Kubernetes cluster or for example create a -[kind](https://kind.sigs.k8s.io) cluster: +We need a running Crossplane control plane to install our instance. We are +using [Universal Crossplane (UXP)](https://github.com/upbound/universal-crossplane). +Ensure that your kubectl context points to the correct Kubernetes cluster or +create a new [kind](https://kind.sigs.k8s.io) cluster: ```console kind create cluster @@ -98,11 +99,11 @@ kubectl get all -n upbound-system ### Install the Azure Reference Platform Now you can install this reference platform. It's packaged as a [Crossplane -configuration package](https://crossplane.io/docs/v1.9/concepts/packages.html) -so there is a single command to install this package: +configuration package](https://docs.crossplane.io/latest/concepts/packages/) +so there is a single command to install it: ```console -up ctp configuration install xpkg.upbound.io/upbound/platform-ref-azure:v0.4.1 +up ctp configuration install xpkg.upbound.io/upbound/platform-ref-azure:v0.8.0 ``` Validate the install by inspecting the provider and configuration packages: @@ -134,7 +135,7 @@ kubectl create secret generic azure-creds -n upbound-system --from-file=credenti kubectl apply -f examples/azure-default-provider.yaml ``` -See [provider-azure docs](https://marketplace.upbound.io/providers/upbound/provider-azure/latest/docs/configuration) for more detailed configuration options +See [provider-azure docs](https://docs.upbound.io/providers/provider-azure/authentication/) for more detailed configuration options ## Using the Azure reference platform @@ -155,6 +156,12 @@ Create a custom defined database: kubectl apply -f examples/postgres-claim.yaml ``` +Now deploy the sample application: + +``` +kubectl apply -f examples/app-claim.yaml +``` + You can verify status by inspecting the claims, composites and managed resources: @@ -165,23 +172,34 @@ kubectl get claim,composite,managed To delete the provisioned resources you would simply delete the claims again: ```console -kubectl delete -f examples/cluster-claim.yaml,examples/postgres-claim.yaml +kubectl delete -f examples/cluster-claim.yaml,examples/postgres-claim.yaml,examples/app-claim.yaml ``` To uninstall the provider & platform configuration: ```console kubectl delete configurations.pkg.crossplane.io upbound-platform-ref-azure -kubectl delete providers.pkg.crossplane.io upbound-provider-azure +kubectl delete configurations.pkg.crossplane.io upbound-configuration-app +kubectl delete configurations.pkg.crossplane.io upbound-configuration-azure-database +kubectl delete configurations.pkg.crossplane.io upbound-configuration-azure-aks +kubectl delete configurations.pkg.crossplane.io upbound-configuration-azure-network +kubectl delete configurations.pkg.crossplane.io upbound-configuration-gitops-flux +kubectl delete configurations.pkg.crossplane.io upbound-configuration-observability-oss + kubectl delete providers.pkg.crossplane.io crossplane-contrib-provider-helm +kubectl delete providers.pkg.crossplane.io crossplane-contrib-provider-kubernetes +kubectl delete providers.pkg.crossplane.io grafana-provider-grafana +kubectl delete providers.pkg.crossplane.io upbound-provider-azure-containerservice +kubectl delete providers.pkg.crossplane.io upbound-provider-azure-dbformariadb +kubectl delete providers.pkg.crossplane.io upbound-provider-azure-dbforpostgresql +kubectl delete providers.pkg.crossplane.io upbound-provider-azure-network +kubectl delete providers.pkg.crossplane.io upbound-provider-family-azure ``` ## Customize for your Organization So far we have used the existing reference platform but haven't made any -changes. Lets change this and customize the platform by ensuring that AKS -Cluster is deployed to Frankfurt (eu-central-1) and that clusters are limitted -to 10 nodes. +changes. For the following examples we are using `my-org` and `my-platform`: @@ -207,10 +225,6 @@ To make your changes clone this repository: git clone https://github.com/upbound/platform-ref-azure.git $PLATFORM && cd $PLATFORM ``` -In the [AKS composition](package/cluster/aks/composition.yaml) find the -`location` definitions and change them from `West US 2` to `West Europe`. Also find the -`defaultNodePool[0].nodeCount` and change it from `1` to `3`. - ### Build and push your platform To share your new platform you need to build and distribute this package. diff --git a/apis/cluster/aks/composition.yaml b/apis/cluster/aks/composition.yaml deleted file mode 100644 index 040635f..0000000 --- a/apis/cluster/aks/composition.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: Composition -metadata: - name: xaks.azure.platformref.upbound.io - labels: - provider: azure -spec: - compositeTypeRef: - apiVersion: azure.platformref.upbound.io/v1alpha1 - kind: XAKS - patchSets: - - name: providerConfigRef - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.providerConfigRef.name - - name: deletionPolicy - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.deletionPolicy - - name: region - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.region - toFieldPath: spec.forProvider.location - resources: - - name: kubernetesCluster - base: - apiVersion: containerservice.azure.upbound.io/v1beta1 - kind: KubernetesCluster - spec: - forProvider: - defaultNodePool: - - name: default - identity: - - type: "SystemAssigned" - patches: - - type: PatchSet - patchSetName: providerConfigRef - - type: PatchSet - patchSetName: deletionPolicy - - type: PatchSet - patchSetName: region - - fromFieldPath: spec.parameters.version - toFieldPath: spec.forProvider.kubernetesVersion - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - transforms: - - type: string - string: - fmt: "%s-aks" - - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.resourceGroupNameSelector.matchLabels[azure.platform.upbound.io/network-id] - - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.defaultNodePool[0].vnetSubnetIdSelector.matchLabels[azure.platform.upbound.io/network-id] - - fromFieldPath: spec.parameters.id - toFieldPath: spec.forProvider.dnsPrefix - - fromFieldPath: spec.parameters.nodes.instanceType - toFieldPath: spec.forProvider.defaultNodePool[0].vmSize - - fromFieldPath: spec.parameters.nodes.count - toFieldPath: spec.forProvider.defaultNodePool[0].nodeCount - - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.writeConnectionSecretToRef.namespace - - fromFieldPath: metadata.uid - toFieldPath: spec.writeConnectionSecretToRef.name - transforms: - - type: string - string: - fmt: "%s-akscluster" - connectionDetails: - - fromConnectionSecretKey: kubeconfig - - name: providerConfigHelm - base: - apiVersion: helm.crossplane.io/v1beta1 - kind: ProviderConfig - spec: - credentials: - source: Secret - secretRef: - key: kubeconfig - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.credentials.secretRef.namespace - - fromFieldPath: metadata.uid - toFieldPath: spec.credentials.secretRef.name - transforms: - - type: string - string: - fmt: "%s-akscluster" - readinessChecks: - - type: None - - name: providerConfigKubernetes - base: - apiVersion: kubernetes.crossplane.io/v1alpha1 - kind: ProviderConfig - spec: - credentials: - source: Secret - secretRef: - key: kubeconfig - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.name - - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.credentials.secretRef.namespace - - fromFieldPath: metadata.uid - toFieldPath: spec.credentials.secretRef.name - transforms: - - type: string - string: - fmt: "%s-akscluster" - readinessChecks: - - type: None diff --git a/apis/cluster/aks/definition.yaml b/apis/cluster/aks/definition.yaml deleted file mode 100644 index d1632d8..0000000 --- a/apis/cluster/aks/definition.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: apiextensions.crossplane.io/v1 -kind: CompositeResourceDefinition -metadata: - name: xaks.azure.platformref.upbound.io -spec: - group: azure.platformref.upbound.io - names: - kind: XAKS - plural: xaks - connectionSecretKeys: - - kubeconfig - versions: - - name: v1alpha1 - served: true - referenceable: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - parameters: - type: object - description: AKS configuration parameters. - properties: - id: - type: string - description: ID of this Cluster that other objects will use to refer to it. - region: - type: string - description: Region is the region you'd like your resource to be created in. - deletionPolicy: - description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete - enum: - - Delete - - Orphan - type: string - default: Delete - providerConfigName: - description: Crossplane ProviderConfig to use for provisioning this resources - type: string - default: default - version: - description: Kubernetes version - type: string - enum: - - "1.27.3" - - "1.26.6" - - "1.25.11" - default: "1.27.3" - nodes: - type: object - description: AKS node configuration parameters. - properties: - count: - type: integer - description: Desired node count - instanceType: - type: string - description: instance types associated with the Node Group. - default: Standard_B2s - required: - - count - - instanceType - required: - - id - - region - - deletionPolicy - - providerConfigName - - nodes - required: - - parameters - status: - description: A Status represents the observed state - properties: - aks: - description: Freeform field containing status information for aks - type: object - x-kubernetes-preserve-unknown-fields: true - type: object diff --git a/apis/cluster/composition.yaml b/apis/cluster/composition.yaml index e47c78c..68e328d 100644 --- a/apis/cluster/composition.yaml +++ b/apis/cluster/composition.yaml @@ -7,137 +7,164 @@ spec: compositeTypeRef: apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XCluster - resources: - - name: compositeNetworkAKS - base: - apiVersion: azure.platform.upbound.io/v1alpha1 - kind: XNetwork - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - fromFieldPath: spec.parameters.networkSelector - toFieldPath: spec.compositionSelector.matchLabels[type] - - name: compositeClusterEKS - base: - apiVersion: azure.platformref.upbound.io/v1alpha1 - kind: XAKS - connectionDetails: - - fromConnectionSecretKey: kubeconfig - patches: - - fromFieldPath: spec.parameters.id - toFieldPath: metadata.labels[xaks.azure.platformref.upbound.io/cluster-id] - - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - fromFieldPath: spec.parameters.region - toFieldPath: spec.parameters.region - - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - fromFieldPath: spec.parameters.providerConfigName - toFieldPath: spec.parameters.providerConfigName - - fromFieldPath: metadata.uid - toFieldPath: spec.writeConnectionSecretToRef.name - transforms: - - type: string - string: - fmt: "%s-aks" - - fromFieldPath: spec.writeConnectionSecretToRef.namespace - toFieldPath: spec.writeConnectionSecretToRef.namespace - - fromFieldPath: spec.parameters.version - toFieldPath: spec.parameters.version - - fromFieldPath: spec.parameters.nodes.count - toFieldPath: spec.parameters.nodes.count - - fromFieldPath: spec.parameters.nodes.instanceType - toFieldPath: spec.parameters.nodes.instanceType + mode: Pipeline + pipeline: + - step: patch-and-transform + functionRef: + name: upbound-function-patch-and-transform + input: + apiVersion: pt.fn.crossplane.io/v1beta1 + kind: Resources + resources: + - name: compositeNetworkAKS + base: + apiVersion: azure.platform.upbound.io/v1alpha1 + kind: XNetwork + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.parameters.id + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.region + toFieldPath: spec.parameters.region + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.parameters.deletionPolicy + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.providerConfigName + toFieldPath: spec.parameters.providerConfigName + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.networkSelector + toFieldPath: spec.compositionSelector.matchLabels[type] - - name: XOss - base: - apiVersion: observe.platform.upbound.io/v1alpha1 - kind: XOss - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.id - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.prometheus.version - toFieldPath: spec.parameters.operators.prometheus.version + - name: compositeClusterAKS + base: + apiVersion: azure.platform.upbound.io/v1alpha1 + kind: XAKS + connectionDetails: + - type: FromConnectionSecretKey + fromConnectionSecretKey: kubeconfig + name: kubeconfig + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: metadata.labels[xaks.azure.platform.upbound.io/cluster-id] + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.parameters.id + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.region + toFieldPath: spec.parameters.region + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.parameters.deletionPolicy + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.providerConfigName + toFieldPath: spec.parameters.providerConfigName + - type: FromCompositeFieldPath + fromFieldPath: metadata.uid + toFieldPath: spec.writeConnectionSecretToRef.name + transforms: + - type: string + string: + fmt: '%s-aks' + type: Format + - type: FromCompositeFieldPath + fromFieldPath: spec.writeConnectionSecretToRef.namespace + toFieldPath: spec.writeConnectionSecretToRef.namespace + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.version + toFieldPath: spec.parameters.version + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.nodes.count + toFieldPath: spec.parameters.nodes.count + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.nodes.instanceType + toFieldPath: spec.parameters.nodes.instanceType - - name: XFlux - base: - apiVersion: gitops.platform.upbound.io/v1alpha1 - kind: XFlux - patches: - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.deletionPolicy - toFieldPath: spec.parameters.deletionPolicy - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.id - toFieldPath: spec.parameters.providerConfigName - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.flux.version - toFieldPath: spec.parameters.operators.flux.version - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.operators.flux-sync.version - toFieldPath: spec.parameters.operators.flux-sync.version - - type: FromCompositeFieldPath - fromFieldPath: spec.parameters.gitops - toFieldPath: spec.parameters.source + - name: XOss + base: + apiVersion: observe.platform.upbound.io/v1alpha1 + kind: XOss + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.parameters.deletionPolicy + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.parameters.id + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.operators.prometheus.version + toFieldPath: spec.parameters.operators.prometheus.version - - name: usageXEksByXFlux - base: - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - spec: - by: - apiVersion: gitops.platform.upbound.io/v1alpha1 - kind: XFlux - resourceSelector: - matchControllerRef: true - of: - apiVersion: azure.platformref.upbound.io/v1alpha1 - kind: XAKS - resourceSelector: - matchControllerRef: true + - name: XFlux + base: + apiVersion: gitops.platform.upbound.io/v1alpha1 + kind: XFlux + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.deletionPolicy + toFieldPath: spec.parameters.deletionPolicy + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.id + toFieldPath: spec.parameters.providerConfigName + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.operators.flux.version + toFieldPath: spec.parameters.operators.flux.version + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.operators.flux-sync.version + toFieldPath: spec.parameters.operators.flux-sync.version + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.gitops + toFieldPath: spec.parameters.source - - name: usageXEksByXOss - base: - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - spec: - by: - apiVersion: observe.platform.upbound.io/v1alpha1 - kind: XOss - resourceSelector: - matchControllerRef: true - of: - apiVersion: azure.platformref.upbound.io/v1alpha1 - kind: XAKS - resourceSelector: - matchControllerRef: true + - name: usageXEksByXFlux + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + by: + apiVersion: gitops.platform.upbound.io/v1alpha1 + kind: XFlux + resourceSelector: + matchControllerRef: true + of: + apiVersion: azure.platform.upbound.io/v1alpha1 + kind: XAKS + resourceSelector: + matchControllerRef: true - - name: usageXAksByArbitraryLabeledRelease - base: - apiVersion: apiextensions.crossplane.io/v1alpha1 - kind: Usage - spec: - of: - apiVersion: azure.platformref.upbound.io/v1alpha1 - kind: XAKS - resourceSelector: - matchControllerRef: true - by: - apiVersion: helm.crossplane.io/v1beta1 - kind: Release - resourceSelector: - matchLabels: - platform.upbound.io/deletion-ordering: enabled - readinessChecks: - - type: None + - name: usageXEksByXOss + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + by: + apiVersion: observe.platform.upbound.io/v1alpha1 + kind: XOss + resourceSelector: + matchControllerRef: true + of: + apiVersion: azure.platform.upbound.io/v1alpha1 + kind: XAKS + resourceSelector: + matchControllerRef: true + + - name: usageXAksByArbitraryLabeledRelease + base: + apiVersion: apiextensions.crossplane.io/v1alpha1 + kind: Usage + spec: + by: + apiVersion: helm.crossplane.io/v1beta1 + kind: Release + resourceSelector: + matchLabels: + platform.upbound.io/deletion-ordering: enabled + of: + apiVersion: azure.platform.upbound.io/v1alpha1 + kind: XAKS + resourceSelector: + matchControllerRef: true + readinessChecks: + - type: None diff --git a/crossplane.yaml b/crossplane.yaml index d155c27..ab07e68 100644 --- a/crossplane.yaml +++ b/crossplane.yaml @@ -42,6 +42,9 @@ spec: - configuration: xpkg.upbound.io/upbound/configuration-azure-network # renovate: datasource=github-releases depName=upbound/configuration-azure-network version: "v0.3.0" + - configuration: xpkg.upbound.io/upbound/configuration-azure-aks + # renovate: datasource=github-releases depName=upbound/configuration-azure-aks + version: "v0.1.0" - configuration: xpkg.upbound.io/upbound/configuration-azure-database # renovate: datasource=github-releases depName=upbound/configuration-azure-database version: "v0.4.0" diff --git a/examples/cluster-claim.yaml b/examples/cluster-claim.yaml index 838b4e8..6510326 100644 --- a/examples/cluster-claim.yaml +++ b/examples/cluster-claim.yaml @@ -10,7 +10,7 @@ spec: region: westus version: "1.27.3" nodes: - count: 3 + count: 1 instanceType: Standard_B2s gitops: git: