From 10c311e1892b69920dfcf4adaaedeccb822f11fd Mon Sep 17 00:00:00 2001 From: Yury Tsarev Date: Fri, 9 Sep 2022 16:03:21 +0200 Subject: [PATCH 1/6] Migrate cluster compositions to upbound official providers Signed-off-by: Yury Tsarev --- cluster/aks/composition.yaml | 37 ++++++++-------- cluster/aks/definition.yaml | 4 +- cluster/composition.yaml | 10 ++--- cluster/definition.yaml | 70 +------------------------------ cluster/network/composition.yaml | 56 ++++++++++--------------- cluster/network/definition.yaml | 36 ++-------------- cluster/services/composition.yaml | 4 +- cluster/services/definition.yaml | 4 +- examples/cluster.yaml | 2 +- 9 files changed, 59 insertions(+), 164 deletions(-) diff --git a/cluster/aks/composition.yaml b/cluster/aks/composition.yaml index 4a8ed78..f9e287a 100644 --- a/cluster/aks/composition.yaml +++ b/cluster/aks/composition.yaml @@ -1,20 +1,27 @@ apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: - name: xaks.azure.platformref.crossplane.io + name: xaks.azure.platformref.upbound.io labels: provider: azure spec: compositeTypeRef: - apiVersion: azure.platformref.crossplane.io/v1alpha1 + apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XAKS resources: - base: - apiVersion: compute.azure.crossplane.io/v1alpha3 - kind: AKSCluster + apiVersion: containerservice.azure.upbound.io/v1beta1 + kind: KubernetesCluster spec: - location: West US 2 - version: "1.21.7" + forProvider: + location: West US 2 + kubernetesVersion: "1.24.3" + defaultNodePool: + - name: default + nodeCount: 1 #patched + vmSize: Standard_B2s #patched + identity: + - type: "SystemAssigned" patches: - fromFieldPath: spec.id toFieldPath: metadata.name @@ -23,27 +30,21 @@ spec: string: fmt: "%s-aks" - fromFieldPath: spec.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - transforms: - - type: string - string: - fmt: "%s-aks" - - fromFieldPath: spec.id - toFieldPath: spec.resourceGroupNameSelector.matchLabels[azure.platformref.crossplane.io/app] + toFieldPath: spec.forProvider.resourceGroupNameSelector.matchLabels[azure.platformref.upbound.io/app] - fromFieldPath: spec.id - toFieldPath: spec.vnetSubnetIDSelector.matchLabels[azure.platformref.crossplane.io/app] + toFieldPath: spec.forProvider.vnetSubnetIdSelector.matchLabels[azure.platformref.upbound.io/app] - fromFieldPath: spec.id - toFieldPath: spec.dnsNamePrefix + toFieldPath: spec.forProvider.dnsPrefix - fromFieldPath: spec.parameters.nodes.size - toFieldPath: spec.nodeVMSize + toFieldPath: spec.forProvider.defaultNodePool[0].vmSize transforms: - type: map map: small: Standard_B2s medium: Standard_B4ms large: Standard_B8ms - - fromFieldPath: "spec.parameters.nodes.count" - toFieldPath: "spec.nodeCount" + - fromFieldPath: spec.parameters.nodes.count + toFieldPath: spec.forProvider.defaultNodePool[0].nodeCount - fromFieldPath: spec.writeConnectionSecretToRef.namespace toFieldPath: spec.writeConnectionSecretToRef.namespace - fromFieldPath: spec.writeConnectionSecretToRef.name diff --git a/cluster/aks/definition.yaml b/cluster/aks/definition.yaml index 79fa242..8626940 100644 --- a/cluster/aks/definition.yaml +++ b/cluster/aks/definition.yaml @@ -1,9 +1,9 @@ apiVersion: apiextensions.crossplane.io/v1 kind: CompositeResourceDefinition metadata: - name: xaks.azure.platformref.crossplane.io + name: xaks.azure.platformref.upbound.io spec: - group: azure.platformref.crossplane.io + group: azure.platformref.upbound.io names: kind: XAKS plural: xaks diff --git a/cluster/composition.yaml b/cluster/composition.yaml index 220dfd2..79bbff8 100644 --- a/cluster/composition.yaml +++ b/cluster/composition.yaml @@ -1,20 +1,20 @@ apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: - name: xclusters.azure.platformref.crossplane.io + name: xclusters.azure.platformref.upbound.io spec: compositeTypeRef: - apiVersion: azure.platformref.crossplane.io/v1alpha1 + apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XCluster resources: - base: - apiVersion: azure.platformref.crossplane.io/v1alpha1 + apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XNetwork patches: - fromFieldPath: spec.id toFieldPath: spec.id - base: - apiVersion: azure.platformref.crossplane.io/v1alpha1 + apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XAKS connectionDetails: - fromConnectionSecretKey: kubeconfig @@ -30,7 +30,7 @@ spec: - fromFieldPath: spec.parameters.nodes.size toFieldPath: spec.parameters.nodes.size - base: - apiVersion: azure.platformref.crossplane.io/v1alpha1 + apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XServices patches: - fromFieldPath: spec.id diff --git a/cluster/definition.yaml b/cluster/definition.yaml index 82cc3b1..64941b0 100644 --- a/cluster/definition.yaml +++ b/cluster/definition.yaml @@ -1,75 +1,9 @@ apiVersion: apiextensions.crossplane.io/v1 kind: CompositeResourceDefinition metadata: - name: xclusters.azure.platformref.crossplane.io - annotations: - upbound.io/ui-schema: |- - --- - configSections: - - title: Cluster Info - description: Information about this cluster - items: - - name: id - controlType: singleInput - type: string - path: ".spec.id" - title: Cluster Ref Name - description: Cluster ID that other objects will use to refer to this cluster - default: platform-ref-azure - validation: - - required: true - customError: Cluster ID is required. - - name: writeSecretRef - controlType: singleInput - type: string - path: ".spec.writeConnectionSecretToRef.name" - title: Connection Secret Ref - description: name of the secret to write to this namespace - default: cluster-conn - validation: - - required: true - - title: Cluster Nodes - description: Enter information to size your cluster - items: - - name: clusterNodeCount - controlType: singleInput - type: integer - path: ".spec.parameters.nodes.count" - title: Node Count - description: Number of nodes in the cluster - default: 1 - validation: - - minimum: 1 - - maximum: 100 - - required: true - customError: Node count is required. - - name: clusterNodeSize - controlType: singleSelect - path: ".spec.parameters.nodes.size" - title: Node Size - description: Desired node size (small, medium, or large). - default: small - enum: - - small - - medium - - large - validation: - - required: true - customError: Node size is required. - - title: Cluster Services - description: Configure cluster services and operators - items: - - name: promVersion - controlType: singleInput - type: string - path: ".spec.parameters.services.operators.prometheus.version" - title: Prometheus Chart Version - description: The version of kube-prometheus-stack chart to install - default: 15.0.1 - validation: - - required: false + name: xclusters.azure.platformref.upbound.io spec: - group: azure.platformref.crossplane.io + group: azure.platformref.upbound.io names: kind: XCluster plural: xclusters diff --git a/cluster/network/composition.yaml b/cluster/network/composition.yaml index 1e54ad9..b4c8cf1 100644 --- a/cluster/network/composition.yaml +++ b/cluster/network/composition.yaml @@ -1,19 +1,20 @@ apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: - name: xnetworks.azure.platformref.crossplane.io + name: xnetworks.azure.platformref.upbound.io labels: provider: azure spec: compositeTypeRef: - apiVersion: azure.platformref.crossplane.io/v1alpha1 + apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XNetwork resources: - base: - apiVersion: azure.crossplane.io/v1alpha3 + apiVersion: azure.upbound.io/v1beta1 kind: ResourceGroup spec: - location: West US 2 + forProvider: + location: West US 2 patches: - fromFieldPath: spec.id toFieldPath: metadata.name @@ -22,23 +23,23 @@ spec: string: fmt: "%s-rg" - fromFieldPath: spec.id - toFieldPath: metadata.annotations[crossplane.io/external-name] + toFieldPath: metadata.annotations[upbound.io/external-name] transforms: - type: string string: fmt: "%s-rg" - fromFieldPath: spec.id - toFieldPath: metadata.labels[azure.platformref.crossplane.io/app] + toFieldPath: metadata.labels[azure.platformref.upbound.io/app] - base: - apiVersion: network.azure.crossplane.io/v1alpha3 + apiVersion: network.azure.upbound.io/v1beta1 kind: VirtualNetwork spec: - resourceGroupNameSelector: - matchControllerRef: true - location: West US 2 - properties: + forProvider: + resourceGroupNameSelector: + matchControllerRef: true + location: West US 2 addressSpace: - addressPrefixes: ['192.168.0.0/16'] + - 192.168.0.0/16 patches: - fromFieldPath: spec.id toFieldPath: metadata.labels[app] @@ -48,36 +49,25 @@ spec: - type: string string: fmt: "%s-vnet" - - fromFieldPath: spec.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - transforms: - - type: string - string: - fmt: "%s-vnet" - base: - apiVersion: network.azure.crossplane.io/v1alpha3 + apiVersion: network.azure.upbound.io/v1beta1 kind: Subnet spec: - resourceGroupNameSelector: - matchControllerRef: true - virtualNetworkNameSelector: - matchControllerRef: true - properties: - addressPrefix: '192.168.1.0/24' + forProvider: + resourceGroupNameSelector: + matchControllerRef: true + virtualNetworkNameSelector: + matchControllerRef: true + addressPrefixes: + - 192.168.1.0/24 serviceEndpoints: - - service: Microsoft.Sql + - Microsoft.Sql patches: - fromFieldPath: spec.id - toFieldPath: metadata.labels[azure.platformref.crossplane.io/app] + toFieldPath: metadata.labels[azure.platformref.upbound.io/app] - fromFieldPath: spec.id toFieldPath: metadata.name transforms: - type: string string: fmt: "%s-sn" - - fromFieldPath: spec.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - transforms: - - type: string - string: - fmt: "%s-sn" \ No newline at end of file diff --git a/cluster/network/definition.yaml b/cluster/network/definition.yaml index dcb64c2..a0ba8a6 100644 --- a/cluster/network/definition.yaml +++ b/cluster/network/definition.yaml @@ -1,39 +1,9 @@ apiVersion: apiextensions.crossplane.io/v1 kind: CompositeResourceDefinition metadata: - name: xnetworks.azure.platformref.crossplane.io - annotations: - upbound.io/ui-schema: |- - --- - configSections: - - title: Network Info - description: Information about this network fabric - items: - - name: id - controlType: singleInput - type: string - path: ".spec.id" - title: Network ID - description: Network ID that other objects will use to refer (and connect) to this network fabric - default: platform-ref-azure-network - validation: - - required: true - customError: Network ID is required. - - title: Cluster Info - description: The cluster used with this network fabric - items: - - name: clusterRef - controlType: singleInput - type: string - path: ".spec.clusterRef.id" - title: Cluster Ref - description: ID of the Cluster object that will use this network fabric - default: platform-ref-azure-cluster - validation: - - required: true - customError: Cluster ref is required. + name: xnetworks.azure.platformref.upbound.io spec: - group: azure.platformref.crossplane.io + group: azure.platformref.upbound.io names: kind: XNetwork plural: xnetworks @@ -52,4 +22,4 @@ spec: type: string description: ID of this Network that other objects will use to refer to it. required: - - id \ No newline at end of file + - id diff --git a/cluster/services/composition.yaml b/cluster/services/composition.yaml index 258d6f5..cb0784a 100644 --- a/cluster/services/composition.yaml +++ b/cluster/services/composition.yaml @@ -1,13 +1,13 @@ apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: - name: xservices.azure.platformref.crossplane.io + name: xservices.azure.platformref.upbound.io labels: plan: full provider: helm spec: compositeTypeRef: - apiVersion: azure.platformref.crossplane.io/v1alpha1 + apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XServices resources: - base: diff --git a/cluster/services/definition.yaml b/cluster/services/definition.yaml index f437cae..74831f9 100644 --- a/cluster/services/definition.yaml +++ b/cluster/services/definition.yaml @@ -1,9 +1,9 @@ apiVersion: apiextensions.crossplane.io/v1 kind: CompositeResourceDefinition metadata: - name: xservices.azure.platformref.crossplane.io + name: xservices.azure.platformref.upbound.io spec: - group: azure.platformref.crossplane.io + group: azure.platformref.upbound.io names: kind: XServices plural: xservices diff --git a/examples/cluster.yaml b/examples/cluster.yaml index 92d7070..28d4d4f 100644 --- a/examples/cluster.yaml +++ b/examples/cluster.yaml @@ -1,4 +1,4 @@ -apiVersion: azure.platformref.crossplane.io/v1alpha1 +apiVersion: azure.platformref.upbound.io/v1alpha1 kind: Cluster metadata: name: platform-ref-azure From 99c415c6bb2031c08e8bd7b6968989d49dd2e08e Mon Sep 17 00:00:00 2001 From: Yury Tsarev Date: Sat, 10 Sep 2022 00:08:05 +0200 Subject: [PATCH 2/6] Migrate database composition to official providers Signed-off-by: Yury Tsarev --- database/postgres/composition.yaml | 65 +++++++++---------- database/postgres/definition.yaml | 61 +++++------------ examples/azure-default-provider.yaml | 4 +- examples/{cluster.yaml => cluster-claim.yaml} | 0 examples/postgres-claim.yaml | 15 ++++- 5 files changed, 64 insertions(+), 81 deletions(-) rename examples/{cluster.yaml => cluster-claim.yaml} (100%) diff --git a/database/postgres/composition.yaml b/database/postgres/composition.yaml index 244c63e..2665f6f 100644 --- a/database/postgres/composition.yaml +++ b/database/postgres/composition.yaml @@ -1,30 +1,30 @@ apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: - name: xpostgresqlinstances.azure.platformref.crossplane.io + name: xpostgresqlinstances.azure.platformref.upbound.io labels: provider: azure spec: compositeTypeRef: - apiVersion: azure.platformref.crossplane.io/v1alpha1 + apiVersion: azure.platformref.upbound.io/v1alpha1 kind: XPostgreSQLInstance resources: - name: postgresqlserver base: - apiVersion: database.azure.crossplane.io/v1beta1 - kind: PostgreSQLServer + apiVersion: dbforpostgresql.azure.upbound.io/v1beta1 + kind: Server spec: forProvider: version: "11" - administratorLogin: myadmin + administratorLogin: psqladmin location: West US 2 - sslEnforcement: Disabled - storageProfile: - storageMB: 5120 - sku: - tier: GeneralPurpose - capacity: 2 - family: Gen5 + skuName: GP_Gen5_2 + storageMb: 5120 + sslEnforcementEnabled: true + identity: + - type: SystemAssigned + # due to: https://github.com/Azure/azure-rest-api-specs/issues/9571 + infrastructureEncryptionEnabled: false patches: - fromFieldPath: spec.parameters.clusterRef.id toFieldPath: metadata.name @@ -32,28 +32,28 @@ spec: - type: string string: fmt: "%s-postgresql" - - fromFieldPath: spec.parameters.clusterRef.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - transforms: - - type: string - string: - fmt: "%s-postgresql" - fromFieldPath: spec.claimRef.namespace toFieldPath: spec.writeConnectionSecretToRef.namespace - - fromFieldPath: "spec.parameters.clusterRef.id" - toFieldPath: "spec.writeConnectionSecretToRef.name" + - fromFieldPath: spec.parameters.clusterRef.id + toFieldPath: spec.writeConnectionSecretToRef.name transforms: - type: string string: fmt: "%s-postgresql" - - fromFieldPath: "spec.parameters.storageGB" - toFieldPath: "spec.forProvider.storageProfile.storageMB" + - fromFieldPath: spec.parameters.storageGB + toFieldPath: spec.forProvider.storageMb transforms: - type: math math: multiply: 1024 - fromFieldPath: spec.parameters.clusterRef.id - toFieldPath: spec.forProvider.resourceGroupNameSelector.matchLabels[azure.platformref.crossplane.io/app] + toFieldPath: spec.forProvider.resourceGroupNameSelector.matchLabels[azure.platformref.upbound.io/app] + - fromFieldPath: spec.parameters.passwordSecretRef.namespace + toFieldPath: spec.forProvider.administratorLoginPasswordSecretRef.namespace + - fromFieldPath: spec.parameters.passwordSecretRef.name + toFieldPath: spec.forProvider.administratorLoginPasswordSecretRef.name + - fromFieldPath: spec.parameters.passwordSecretRef.key + toFieldPath: spec.forProvider.administratorLoginPasswordSecretRef.key connectionDetails: - fromConnectionSecretKey: username - fromConnectionSecretKey: password @@ -62,11 +62,12 @@ spec: # db-server vnet-rule for subnet where AKS lives in - name: vnetrule base: - apiVersion: database.azure.crossplane.io/v1alpha3 - kind: PostgreSQLServerVirtualNetworkRule + apiVersion: dbforpostgresql.azure.upbound.io/v1beta1 + kind: VirtualNetworkRule spec: - serverNameSelector: - matchControllerRef: true + forProvider: + serverNameSelector: + matchControllerRef: true patches: - fromFieldPath: spec.parameters.clusterRef.id toFieldPath: metadata.name @@ -75,12 +76,6 @@ spec: string: fmt: "%s-sn-rule" - fromFieldPath: spec.parameters.clusterRef.id - toFieldPath: metadata.annotations[crossplane.io/external-name] - transforms: - - type: string - string: - fmt: "%s-sn-rule" - - fromFieldPath: spec.parameters.clusterRef.id - toFieldPath: spec.properties.virtualNetworkSubnetIdSelector.matchLabels[azure.platformref.crossplane.io/app] + toFieldPath: spec.forProvider.subnetIdSelector.matchLabels[azure.platformref.upbound.io/app] - fromFieldPath: spec.parameters.clusterRef.id - toFieldPath: spec.resourceGroupNameSelector.matchLabels[azure.platformref.crossplane.io/app] \ No newline at end of file + toFieldPath: spec.forProvider.resourceGroupNameSelector.matchLabels[azure.platformref.upbound.io/app] diff --git a/database/postgres/definition.yaml b/database/postgres/definition.yaml index a214e91..484312f 100644 --- a/database/postgres/definition.yaml +++ b/database/postgres/definition.yaml @@ -1,49 +1,9 @@ apiVersion: apiextensions.crossplane.io/v1 kind: CompositeResourceDefinition metadata: - name: xpostgresqlinstances.azure.platformref.crossplane.io - annotations: - upbound.io/ui-schema: |- - --- - configSections: - - title: Cluster Info - description: Information Cluster - items: - - name: id - controlType: singleInput - type: string - path: ".spec.parameters.clusterRef.id" - title: Cluster ID - description: Cluster Ref - default: platform-ref-azure - validation: - - required: true - customError: Cluster ID is required. - - title: Database Size - description: Enter information to size your database - items: - - name: storageGB - controlType: singleInput - type: integer - path: ".spec.parameters.storageGB" - title: Storage (GB) - description: The size in GB for database storage - default: 5 - validation: - - minimum: 1 - - maximum: 500 - - required: true - - name: writeSecretRef - controlType: singleInput - type: string - path: ".spec.writeConnectionSecretToRef.name" - title: Connection Secret Ref - description: name of the secret to write to this namespace - default: db-conn - validation: - - required: true + name: xpostgresqlinstances.azure.platformref.upbound.io spec: - group: azure.platformref.crossplane.io + group: azure.platformref.upbound.io names: kind: XPostgreSQLInstance plural: xpostgresqlinstances @@ -72,6 +32,20 @@ spec: properties: storageGB: type: integer + passwordSecretRef: + type: object + description: "A reference to the Secret object containing database password" + properties: + namespace: + type: string + name: + type: string + key: + type: string + required: + - namespace + - name + - key clusterRef: type: object description: "A reference to the Network object that this postgres should be connected to." @@ -83,5 +57,6 @@ spec: - id required: - storageGB + - passwordSecretRef required: - - parameters \ No newline at end of file + - parameters diff --git a/examples/azure-default-provider.yaml b/examples/azure-default-provider.yaml index ca3745b..0cf6608 100644 --- a/examples/azure-default-provider.yaml +++ b/examples/azure-default-provider.yaml @@ -1,4 +1,4 @@ -apiVersion: azure.crossplane.io/v1beta1 +apiVersion: azure.upbound.io/v1beta1 kind: ProviderConfig metadata: name: default @@ -8,4 +8,4 @@ spec: secretRef: namespace: upbound-system name: azure-account-creds - key: credentials \ No newline at end of file + key: credentials diff --git a/examples/cluster.yaml b/examples/cluster-claim.yaml similarity index 100% rename from examples/cluster.yaml rename to examples/cluster-claim.yaml diff --git a/examples/postgres-claim.yaml b/examples/postgres-claim.yaml index 0fa193b..fde3de7 100644 --- a/examples/postgres-claim.yaml +++ b/examples/postgres-claim.yaml @@ -1,11 +1,24 @@ -apiVersion: azure.platformref.crossplane.io/v1alpha1 +apiVersion: azure.platformref.upbound.io/v1alpha1 kind: PostgreSQLInstance metadata: name: platform-ref-azure-db spec: parameters: storageGB: 5 #Minimum value is 5 + passwordSecretRef: + namespace: default + name: psqlsecret + key: password clusterRef: id: platform-ref-azure #This field must match the cluster XR spec.id writeConnectionSecretToRef: name: platform-ref-azure-db-conn #Must be unique for each instance +--- +apiVersion: v1 +data: + password: dXBiMHVuZHIwY2s1ITMxMzM3 +kind: Secret +metadata: + name: psqlsecret + namespace: default +type: Opaque From e2a4e1a16f2d43dfaad4ef0076e1599c5d78c0dc Mon Sep 17 00:00:00 2001 From: Yury Tsarev Date: Sat, 10 Sep 2022 00:21:34 +0200 Subject: [PATCH 3/6] Update README and crossplane metadata Signed-off-by: Yury Tsarev --- README.md | 14 +++++++------- crossplane.yaml | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index e29f310..03a6bb6 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,13 @@ This repository contains a reference Azure Platform [Configuration](https://crossplane.io/docs/v1.6/getting-started/create-configuration.html) for use as a starting point in [Upbound Cloud](https://upbound.io) or -[Upbound Universal Crossplane (UXP)](https://www.upbound.io/uxp/) to build, +[Upbound Universal Crossplane (UXP)](https://www.upbound.io/products/universal-crossplane) to build, run and operate your own internal cloud platform and offer a self-service console and API to your internal teams. It provides platform APIs to provision fully configured Azure AKS clusters, with secure networking, and stateful cloud services (Azure Database for PostgreSQL) designed to securely connect to the nodes in each AKS cluster -- all composed using cloud service primitives from the [Crossplane Azure -Provider](https://doc.crds.dev/github.com/crossplane/provider-azure). App +Provider](https://marketplace.upbound.io/providers/upbound/provider-azure). App deployments can securely connect to the infrastructure they need using secrets distributed directly to the app namespace. @@ -35,7 +35,7 @@ provision the infrastructure they need using a custom cloud console, `kubectl`, or deployment pipelines and GitOps workflows -- all without writing code? [Upbound Cloud](https://upbound.io) enables you to do just that, powered by the -open source [Upbound Universal Crossplane](https://www.upbound.io/uxp/) project. +open source [Upbound Universal Crossplane](https://www.upbound.io/products/universal-crossplane) project. Consistent self-service APIs can be provided across dev, staging, and production environments, making it easy for app teams to get the infrastructure @@ -63,7 +63,7 @@ Crossplane `Providers` include the cloud service primitives (AWS, Azure, GCP, Alibaba) used in a `Composition`. Learn more about `Composition` in the [Crossplane -Docs](https://crossplane.io/docs/v1.6/concepts/composition.html). +Docs](https://crossplane.io/docs/v1.9/concepts/composition.html). ## Quick Start @@ -234,7 +234,7 @@ Crossplane resources use the ProviderConfig named ```default``` if no specific P The example cluster compposition creates an AKS cluster and includes a nested composite resource for the network, which creates a Resource Group, Virtual Network, and Subnet: ```console -kubectl apply -f examples/cluster.yaml +kubectl apply -f examples/cluster-claim.yaml ``` verify status: @@ -270,7 +270,7 @@ Delete resources created through the `Control Plane` Configurations menu: ```console kubectl delete -f examples/postgres-claim.yaml -kubectl delete -f examples/cluster.yaml +kubectl delete -f examples/cluster-claim.yaml ``` Verify all underlying resources have been cleanly deleted: @@ -319,7 +319,7 @@ az ad sp delete --id $AZ_APP_ID * [definition.yaml](cluster/services/definition.yaml) * [composition.yaml](cluster/services/composition.yaml) includes: * `Release` Install Prometheus with the Helm provider Release API -* `PostgreSQLInstance` - provision an Azure Database for PostgreSQL instance that securely connects to a +* `PostgreSQLInstance` - provision an Azure Database for PostgreSQL instance that securely connects to a * [definition.yaml](database/postgres/definition.yaml) * [composition.yaml](database/postgres/composition.yaml) includes: * `PostgreSQLServer` diff --git a/crossplane.yaml b/crossplane.yaml index f5c744c..cf783a5 100644 --- a/crossplane.yaml +++ b/crossplane.yaml @@ -89,7 +89,7 @@ spec: crossplane: version: ">=v1.0.0-0" dependsOn: - - provider: registry.upbound.io/crossplane/provider-azure - version: ">=v0.18.1-0" + - provider: xpkg.upbound.io/upbound/provider-azure:v0.11.0 + version: ">=v0.11.0" - provider: registry.upbound.io/crossplane/provider-helm version: ">=v0.9.0" From a8373180d94b04be9eb5cee192c97408ea5d46d3 Mon Sep 17 00:00:00 2001 From: Yury Tsarev Date: Tue, 20 Sep 2022 21:41:12 +0200 Subject: [PATCH 4/6] Fix packaging and associated examples Signed-off-by: Yury Tsarev --- README.md | 93 ++++--------------------------------- crossplane.yaml | 8 ++-- examples/configuration.yaml | 8 ++++ examples/network-xr.yaml | 6 +++ 4 files changed, 27 insertions(+), 88 deletions(-) create mode 100644 examples/configuration.yaml create mode 100644 examples/network-xr.yaml diff --git a/README.md b/README.md index 03a6bb6..704e4a8 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ run and operate your own internal cloud platform and offer a self-service console and API to your internal teams. It provides platform APIs to provision fully configured Azure AKS clusters, with secure networking, and stateful cloud services (Azure Database for PostgreSQL) designed to securely connect to the nodes in each AKS cluster -- -all composed using cloud service primitives from the [Crossplane Azure +all composed using cloud service primitives from the [Upbound Official Azure Provider](https://marketplace.upbound.io/providers/upbound/provider-azure). App deployments can securely connect to the infrastructure they need using secrets distributed directly to the app namespace. @@ -140,92 +140,17 @@ Validate the install using the following command: kubectl get all -n upbound-system ``` -#### Install the Crossplane kubectl extension (for convenience) - -Now that your kubectl context is configured to connect to a UXP Control Plane, -we can install this reference platform as a Crossplane package. - -```console -curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh -cp kubectl-crossplane /usr/local/bin -``` - #### Install the Platform Configuration ```console -# Check the latest version available in https://cloud.upbound.io/registry/upbound/platform-ref-azure -PLATFORM_VERSION=v0.3.0 -PLATFORM_CONFIG=registry.upbound.io/upbound/platform-ref-azure:${PLATFORM_VERSION} - -kubectl crossplane install configuration ${PLATFORM_CONFIG} +# Check the latest version available in https://marketplace.upbound.io/configurations/upbound/platform-ref-azure/ +kubectl apply -f examples/configuration.yaml kubectl get pkg ``` #### Configure Providers in your Platform -A `ProviderConfig` is used to configure Cloud Provider API credentials. Multiple -`ProviderConfig`s can be created, each one pointing to a different credential. - -In order to manage resources in Azure, you must provide credentials for an Azure service principal that Crossplane can use to authenticate. This assumes that you have already set up the Azure CLI client with your credentials. - -Create a JSON file that contains all the information needed to connect and authenticate to Azure: - -```console -# Create service principal with Owner role -az ad sp create-for-rbac --sdk-auth --role Owner --name platform-ref-azure > crossplane-azure-provider-key.json -``` - -Take note of the `clientID` value from the JSON file that we just created, and save it to an environment variable: - -```console -export AZURE_CLIENT_ID= -``` - -Now add and grant the required permissions to the service principal that will allow it to manage the necessary resources in Azure: - -```console -# add required Azure Active Directory permissions -az ad app permission add --id ${AZURE_CLIENT_ID} --api 00000002-0000-0000-c000-000000000000 --api-permissions 1cda74f2-2616-4834-b122-5cb1b07f8a59=Role 78c8a3c8-a07e-4b9e-af1b-b5ccab50a175=Role - -# grant (activate) the permissions -az ad app permission grant --id ${AZURE_CLIENT_ID} --api 00000002-0000-0000-c000-000000000000 --expires never -``` - -You might see an error similar to the following, but that is OK, the permissions should have gone through still: - -_Operation failed with status: 'Conflict'. Details: 409 Client Error: Conflict for url: https://graph.windows.net/e7985bc4-a3b3-4f37-b9d2-fa256023b1ae/oauth2PermissionGrants?api-version=1.6_ - -Finally, you need to grant admin permissions on the Azure Active Directory to the service principal because it will need to create other service principals for your AKSCluster: - -```console -# grant admin consent to the service princinpal you created -az ad app permission admin-consent --id "${AZURE_CLIENT_ID}" -``` - -_Note: You might need Global Administrator role to Grant admin consent for Default Directory. Please contact the administrator of your Azure subscription. To check your role, go to Azure Active Directory -> Roles and administrators. You can find your role(s) by clicking on Your Role (Preview)_ - -After these steps are completed, you should have the following file on your local filesystem: - -- crossplane-azure-provider-key.json - -#### Setup Azure ProviderConfig - -Before creating any resources, we need to create and configure an Azure cloud provider resource in Crossplane, which stores the cloud account information in it. All the requests from Crossplane to Azure Cloud will use the credentials attached to this provider resource. The following command assumes that you have a crossplane-azure-provider-key.json file that belongs to the account you’d like Crossplane to use. - -Now we’ll create our Secret that contains the credential and ProviderConfig resource that refers to that secret: - -```console -kubectl create secret generic azure-account-creds -n upbound-system --from-file=credentials=./crossplane-azure-provider-key.json -kubectl apply -f examples/azure-default-provider.yaml -``` - -The output will look like the following: - -```shell -provider.azure.crossplane.io/default created -``` - -Crossplane resources use the ProviderConfig named ```default``` if no specific ProviderConfig is specified, so this ProviderConfig will be the default for all Azure resources. +Refer to [official marketplace documentation](https://marketplace.upbound.io/providers/upbound/provider-azure/v0.13.0/docs/quickstart) ### We are now ready to provision resources: @@ -340,7 +265,7 @@ UPBOUND_ORG=acme UPBOUND_ACCOUNT_EMAIL=me@acme.com REPO=platform-ref-azure VERSION_TAG=v0.1.0 -REGISTRY=registry.upbound.io +REGISTRY=xpkg.upbound.io PLATFORM_CONFIG=${REGISTRY:+$REGISTRY/}${UPBOUND_ORG}/${REPO}:${VERSION_TAG} ``` @@ -353,7 +278,7 @@ docker login ${REGISTRY} -u ${UPBOUND_ACCOUNT_EMAIL} Build package. ```console -up xpkg build --name platform-ref-azure.xpkg --ignore ".github/workflows/*,examples/*,hack/*" +up xpkg build --name platform-ref-azure.xpkg --ignore ".github/workflows/*,hack/*" ``` Push package to registry. @@ -366,11 +291,11 @@ up xpkg push ${PLATFORM_CONFIG} -f platform-ref-azure.xpkg The Azure cloud service primitives that can be used in a `Composition` today are -listed in the [Crossplane Azure Provider -Docs](https://doc.crds.dev/github.com/crossplane/provider-azure). +listed in the [Upbound Official Azure Provider +Docs](https://marketplace.upbound.io/providers/upbound/provider-azure/). To learn more see [Configuration -Packages](https://crossplane.io/docs/v0.13/getting-started/package-infrastructure.html). +Packages](https://crossplane.io/docs/v1.9/concepts/packages.html#configuration-packages). ## What's Next diff --git a/crossplane.yaml b/crossplane.yaml index cf783a5..0bd7956 100644 --- a/crossplane.yaml +++ b/crossplane.yaml @@ -89,7 +89,7 @@ spec: crossplane: version: ">=v1.0.0-0" dependsOn: - - provider: xpkg.upbound.io/upbound/provider-azure:v0.11.0 - version: ">=v0.11.0" - - provider: registry.upbound.io/crossplane/provider-helm - version: ">=v0.9.0" + - provider: xpkg.upbound.io/upbound/provider-azure + version: ">=v0.13.0-0" + - provider: xpkg.upbound.io/crossplane/provider-helm + version: ">=v0.10.0-0" diff --git a/examples/configuration.yaml b/examples/configuration.yaml new file mode 100644 index 0000000..dca4bd5 --- /dev/null +++ b/examples/configuration.yaml @@ -0,0 +1,8 @@ +apiVersion: pkg.crossplane.io/v1 +kind: Configuration +metadata: + name: platform-ref-azure-staging +spec: + package: xpkg.upbound.io/upbound/platform-ref-azure-staging:v0.4.0 + packagePullSecrets: + - name: package-pull-secret diff --git a/examples/network-xr.yaml b/examples/network-xr.yaml new file mode 100644 index 0000000..61ca40e --- /dev/null +++ b/examples/network-xr.yaml @@ -0,0 +1,6 @@ +apiVersion: azure.platformref.upbound.io/v1alpha1 +kind: XNetwork +metadata: + name: ref-azure-network +spec: + id: ref-azure-network-from-xr From 8855df52808a3287a4ab35621328e906412dfe04 Mon Sep 17 00:00:00 2001 From: Yury Tsarev Date: Thu, 22 Sep 2022 19:31:47 +0200 Subject: [PATCH 5/6] Update crossplane.yaml annotations Fully comply with https://crossplane.io/docs/v1.9/reference/xpkg.html#object-annotations Signed-off-by: Yury Tsarev --- crossplane.yaml | 59 +++---------------------------------------------- 1 file changed, 3 insertions(+), 56 deletions(-) diff --git a/crossplane.yaml b/crossplane.yaml index 0bd7956..3c73b23 100644 --- a/crossplane.yaml +++ b/crossplane.yaml @@ -3,7 +3,7 @@ kind: Configuration metadata: name: platform-ref-azure annotations: - meta.crossplane.io/maintainer: Upbound + meta.crossplane.io/maintainer: Upbound meta.crossplane.io/source: github.com/upbound/platform-ref-azure meta.crossplane.io/license: Apache-2.0 meta.crossplane.io/description: | @@ -18,8 +18,8 @@ metadata: It provides platform APIs to provision fully configured AKS clusters, with secure networking, and stateful cloud services designed to securely connect to the nodes in each AKS cluster -- all composed using - cloud service primitives from the [Crossplane Azure - Provider](https://doc.crds.dev/github.com/crossplane/provider-azure). App + cloud service primitives from the [Upbound Official Azure + Provider](https://marketplace.upbound.io/providers/upbound/provider-azure). App deployments can securely connect to the infrastructure they need using secrets distributed directly to the app namespace. @@ -32,59 +32,6 @@ metadata: To learn more checkout the [GitHub repo](https://github.com/upbound/platform-ref-azure/) that you can copy and customize to meet the exact needs of your organization! - - meta.crossplane.io/iconURI:  - - friendly-name.meta.crossplane.io: Azure Reference Platform - friendly-group-name.meta.crossplane.io/azure.platformref.crossplane.io: Azure - - friendly-kind-name.meta.crossplane.io/compositenetwork.azure.platformref.crossplane.io: Composite Network - friendly-kind-name.meta.crossplane.io/network.azure.platformref.crossplane.io: Network - - friendly-kind-name.meta.crossplane.io/compositecluster.azure.platformref.crossplane.io: Composite Kubernetes Cluster - friendly-kind-name.meta.crossplane.io/cluster.azure.platformref.crossplane.io: Kubernetes Cluster - - friendly-kind-name.meta.crossplane.io/services.azure.platformref.crossplane.io: Cluster Services - friendly-kind-name.meta.crossplane.io/aks.azure.platformref.crossplane.io: AKS Cluster - - # TODO(negz): Remove these older style annotations once annotation consumers - # have had a chance to update. - company: Upbound - maintainer: Upbound - keywords: azure, cloud-native, kubernetes, example, platform, reference - source: github.com/upbound/platform-ref-azure - license: Apache-2.0 - descriptionShort: | - The Azure reference platform for Kubernetes and Data Services. - - description: | - This reference platform Configuration for Kubernetes and Data Services - is a starting point to build, run, and operate your own internal cloud - platform and offer a self-service console and API to your internal teams. - - readme: | - This reference platform `Configuration` for Kubernetes and Data Services - is a starting point to build, run, and operate your own internal cloud - platform and offer a self-service console and API to your internal teams. - It provides platform APIs to provision fully configured AKS clusters, - with secure networking, and stateful cloud services (Azure DB for PostgreSQL) designed to - securely connect to the nodes in each AKS cluster -- all composed using - cloud service primitives from the [Crossplane Azure - Provider](https://doc.crds.dev/github.com/crossplane/provider-azure). App - deployments can securely connect to the infrastructure they need using - secrets distributed directly to the app namespace. - - [Quickstart - Guide](https://github.com/upbound/platform-ref-azure/#quick-start) - - [APIs in this - Configuration](https://github.com/upbound/platform-ref-azure/#apis-in-this-configuration) - - To learn more checkout the [GitHub - repo](https://github.com/upbound/platform-ref-azure/) that you can copy and - customize to meet the exact needs of your organization! - - iconData: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iNjVweCIgaGVpZ2h0PSI2NXB4IiB2aWV3Qm94PSIwIDAgNjUgNjUiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI+CiAgICA8dGl0bGU+QXBwbGljYXRpb24gSWNvbnMvQXp1cmUtQ29uZmlndXJhdGlvbi82NXg2NTwvdGl0bGU+CiAgICA8ZGVmcz4KICAgICAgICA8bGluZWFyR3JhZGllbnQgeDE9IjUwJSIgeTE9IjAlIiB4Mj0iNTAlIiB5Mj0iNTEuNTg2Mzk1MiUiIGlkPSJsaW5lYXJHcmFkaWVudC0xIj4KICAgICAgICAgICAgPHN0b3Agc3RvcC1jb2xvcj0iI0ZBRkFGQSIgb2Zmc2V0PSIwJSI+PC9zdG9wPgogICAgICAgICAgICA8c3RvcCBzdG9wLWNvbG9yPSIjRkZGRkZGIiBvZmZzZXQ9IjEwMCUiPjwvc3RvcD4KICAgICAgICA8L2xpbmVhckdyYWRpZW50PgogICAgPC9kZWZzPgogICAgPGcgaWQ9IkFwcGxpY2F0aW9uLUljb25zL0F6dXJlLUNvbmZpZ3VyYXRpb24vNjV4NjUiIHN0cm9rZT0ibm9uZSIgc3Ryb2tlLXdpZHRoPSIxIiBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxyZWN0IGlkPSJSZWN0YW5nbGUtQ29weS0xMyIgc3Ryb2tlPSIjRDhEOERBIiBmaWxsPSJ1cmwoI2xpbmVhckdyYWRpZW50LTEpIiBmaWxsLXJ1bGU9Im5vbnplcm8iIHg9IjAuNSIgeT0iMC41IiB3aWR0aD0iNjQiIGhlaWdodD0iNjQiIHJ4PSIxNiI+PC9yZWN0PgogICAgICAgIDxnIGlkPSJHcm91cCIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTguMDAwMDAwLCAxOC4wMDAwMDApIiBmaWxsLXJ1bGU9Im5vbnplcm8iIHN0cm9rZS13aWR0aD0iMC41Ij4KICAgICAgICAgICAgPHBhdGggZD0iTTAuMDAzMTQxNjM3NDUsMC40NDUxOTIyOSBDMC4wMDMxNDE2Mzc0NSwwLjMwMjQyMTcwMSAwLjAwMzE0MTYzNzQ1LDAuMTUxMjUyODQyIDAuMDExNTQzMTEzMSwwIEM0LjY3NDM2MjA4LDAuMDA4NDgyMjUyNjYgOS4zMzcxODEwNCwwIDE0LDAuMDA4NDgyMjUyNjYgTDE0LDEzLjk5MTYwMTcgQzkuMzM3MTgxMDQsMTQuMDA4Mzk4MyA0LjY3NDM2MjA4LDEzLjk5MTYwMTcgMC4wMTE1NDMxMTMxLDE0IEMtMC4wMTM2NjEzMTM4LDkuNDgxNzMwNzYgMC4wMTE1NDMxMTMxLDQuOTYzNDYxNTMgMC4wMDMxNDE2Mzc0NSwwLjQ0NTE5MjI5IFoiIGlkPSJQYXRoIiBzdHJva2U9IiNGMjUwMjIiIGZpbGw9IiNGMjUwMjIiPjwvcGF0aD4KICAgICAgICAgICAgPHBhdGggZD0iTTE2LDAuMDMzNTkzMDc5OCBDMTYuMTAwNzc5OCwwLjAwODM5ODI2OTk2IDE2LjIwMTU1OTcsMCAxNi4zMTA3Mzc5LDAgQzIwLjg3MTAyNTgsMC4wMDg0ODIyNTI2NiAyNS40Mzk3MTIxLDAgMzAsMC4wMDg0ODIyNTI2NiBMMzAsMTMuOTkxNjAxNyBDMjUuMzM4OTMyMiwxNC4wMDgzOTgzIDIwLjY3Nzg2NDQsMTMuOTkxNjAxNyAxNi4wMTY3OTY2LDE0IEMxNS45ODMyMDM0LDkuMzQ3Mjc0NDYgMTYuMDI1MTk1LDQuNjg2MjM0NjQgMTYsMC4wMzM1OTMwNzk4IFoiIGlkPSJQYXRoIiBzdHJva2U9IiM3RkJBMDAiIGZpbGw9IiM3RkJBMDAiPjwvcGF0aD4KICAgICAgICAgICAgPHBhdGggZD0iTTAsMjkuOTY2MzIyOSBDMC4wMzM1OTMyODEzLDI1LjMxMzY4MTQgLTAuMDE2Nzk2NjQwNywyMC42NTI2NDE2IDAuMDI1MTk0OTYxLDE2IEM0LjY3Nzg2NDQzLDE2LjAwODM5ODMgOS4zMzg5MzIyMSwxNS45OTE2MDE3IDE0LDE2LjAwODM5ODMgTDE0LDI5Ljk5MTUxNzcgQzkuNTE1Mjk2OTQsMzAgNS4wMzg5OTIyLDI5Ljk5MTUxNzcgMC41NTQyODkxNDIsMzAgQzAuMzY5NTI2MDk1LDMwIDAuMTg0NzYzMDQ3LDMwIDAsMjkuOTY2MzIyOSBMMCwyOS45NjYzMjI5IFoiIGlkPSJQYXRoIiBzdHJva2U9IiMwMEE0RUYiIGZpbGw9IiMwMEE0RUYiPjwvcGF0aD4KICAgICAgICAgICAgPHBhdGggZD0iTTE2LjAwODM5ODMsMTcuMDMyOTg3MiBDMTYuMDA4Mzk4MywxNi42ODg2NTgxIDE1Ljk5MTYwMTcsMTYuMzQ0MzI5MSAxNi4wMTY3OTY2LDE2IEMyMC42Nzc4NjQ0LDE2LjAwODM5ODMgMjUuMzM4OTMyMiwxNS45OTE2MDE3IDMwLDE2LjAwODM5ODMgTDMwLDI5Ljk5MTUxNzcgQzI1LjQzOTcxMjEsMzAgMjAuODcxMDI1OCwyOS45OTE1MTc3IDE2LjMxMDczNzksMzAgQzE2LjIwMTU1OTcsMjkuOTkxNTE3NyAxNi4xMDA3Nzk4LDI5Ljk4MzIwMzUgMTYsMjkuOTc0ODA1MiBDMTYuMDE2Nzk2NiwyNS42NTgwMTA0IDE2LDIxLjM0OTY5OCAxNi4wMDgzOTgzLDE3LjAzMjk4NzIgWiIgaWQ9IlBhdGgiIHN0cm9rZT0iI0ZGQjkwMCIgZmlsbD0iI0ZGQjkwMCI+PC9wYXRoPgogICAgICAgIDwvZz4KICAgIDwvZz4KPC9zdmc+ spec: crossplane: version: ">=v1.0.0-0" From f6bf3c774b3101be056d577d1c197329795ab7a8 Mon Sep 17 00:00:00 2001 From: Yury Tsarev Date: Thu, 22 Sep 2022 22:28:08 +0200 Subject: [PATCH 6/6] Bump required crossplane version to the lowest supported one Signed-off-by: Yury Tsarev --- crossplane.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crossplane.yaml b/crossplane.yaml index 3c73b23..ddecce1 100644 --- a/crossplane.yaml +++ b/crossplane.yaml @@ -34,7 +34,7 @@ metadata: customize to meet the exact needs of your organization! spec: crossplane: - version: ">=v1.0.0-0" + version: ">=v1.7.0-0" dependsOn: - provider: xpkg.upbound.io/upbound/provider-azure version: ">=v0.13.0-0"