kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: azure-postgresql
creationTimestamp: null
labels:
db: postgresql
provider: azure
spec:
compositeTypeRef:
apiVersion: devopstoolkitseries.com/v1alpha1
kind: SQL
mode: Pipeline
pipeline:
- step: main
functionRef:
name: crossplane-contrib-function-kcl
input:
apiVersion: krm.kcl.dev/v1alpha1
kind: KCLRun
spec:
source: >
oxr = option("params").oxr
ocds = option("params").ocds
_region = "eastus"
if oxr.spec?.parameters?.region:
_region = oxr.spec.parameters.region
_metadata = lambda resourceName: str -> any {
{
name = oxr.spec.id
annotations = {
"krm.kcl.dev/composition-resource-name" = resourceName
}
}
}
_items = [{
apiVersion = "azure.upbound.io/v1beta1"
kind = "ResourceGroup"
metadata = _metadata("resourcegroup")
spec.forProvider.location = _region
}, {
apiVersion = "dbforpostgresql.azure.upbound.io/v1beta1"
kind = "Server"
metadata = _metadata("server")
spec = {
forProvider = {
location = _region
version = oxr.spec.parameters.version
if oxr.spec.parameters.size == "small":
skuName = "B_Gen5_1"
elif oxr.spec.parameters.size == "medium":
skuName = "GP_Gen5_2"
else:
skuName = "GP_Gen5_8"
resourceGroupNameSelector.matchControllerRef = True
storageMb = 5120
autoGrowEnabled = True
sslEnforcementEnabled = False
sslMinimalTlsVersionEnforced = "TLSEnforcementDisabled"
administratorLogin = "postgres"
administratorLoginPasswordSecretRef = {
name = oxr.spec.id + "-password"
key = "password"
namespace = oxr.spec.claimRef.namespace
}
publicNetworkAccessEnabled = True
}
writeConnectionSecretToRef = {
name = oxr.spec.id
namespace = oxr.spec.claimRef.namespace
}
}
}, {
apiVersion = "dbforpostgresql.azure.upbound.io/v1beta1"
kind = "FirewallRule"
metadata = _metadata("firewall-rule")
spec.forProvider = {
startIpAddress = "0.0.0.0"
endIpAddress = "255.255.255.255"
resourceGroupNameSelector.matchControllerRef = True
serverNameSelector.matchControllerRef = True
}
}, {
apiVersion = "postgresql.sql.crossplane.io/v1alpha1"
kind = "ProviderConfig"
metadata = {
name = oxr.spec.id
annotations = {
"krm.kcl.dev/ready": "True"
"krm.kcl.dev/composition-resource-name" = "sql-config"
}
}
spec = {
credentials = {
source = "PostgreSQLConnectionSecret"
connectionSecretRef = {
name = oxr.spec.id
namespace = oxr.spec.claimRef.namespace
}
}
sslMode = "require"
}
}, {
**oxr
if "server" in ocds:
status.address = ocds["server"].Resource.status.atProvider.fqdn
}]
items = _items
- step: common
functionRef:
name: crossplane-contrib-function-kcl
input:
apiVersion: krm.kcl.dev/v1alpha1
kind: KCLRun
spec:
source: >
oxr = option("params").oxr
schema providerConfig:
_apiVersion: str
_suffix: str
apiVersion = _apiVersion
kind = "ProviderConfig"
metadata = {
name = oxr.spec.id + "-sql"
annotations = {
"krm.kcl.dev/ready": "True"
"krm.kcl.dev/composition-resource-name" = oxr.spec.id + "-provider-config-" + _suffix
}
}
spec = {
credentials.source = "InjectedIdentity"
}
_items = [
providerConfig {
_apiVersion = "kubernetes.crossplane.io/v1alpha1"
_suffix = "kubernetes"
},
providerConfig {
_apiVersion = "helm.crossplane.io/v1beta1"
_suffix = "helm"
}, {
apiVersion = "postgresql.sql.crossplane.io/v1alpha1"
kind = "ProviderConfig"
metadata = {
name = oxr.spec.id
annotations = {
"krm.kcl.dev/ready": "True"
"krm.kcl.dev/composition-resource-name" = "sql-config"
"crossplane.io/external-name" = "default"
}
}
spec = {
credentials = {
source = "PostgreSQLConnectionSecret"
connectionSecretRef = {
name = oxr.spec.id
namespace = oxr.spec.claimRef.namespace
}
}
sslMode = "require"
}
}]
if oxr.spec.parameters?.databases:
_items += [{
apiVersion = "postgresql.sql.crossplane.io/v1alpha1"
kind = "Database"
metadata = {
name = oxr.spec.id + "-" + _database
annotations = {
"crossplane.io/external-name" = _database
"krm.kcl.dev/composition-resource-name" = oxr.spec.id + "-" + _database
}
}
spec = {
providerConfigRef.name = oxr.spec.id
forProvider = {}
}
} for _database in oxr.spec.parameters.databases ]
if oxr.spec.parameters?.secrets?.storeName and oxr.spec.parameters?.secrets?.pullRootPasswordKey:
_items += [{
apiVersion = "kubernetes.crossplane.io/v1alpha2"
kind = "Object"
metadata = {
name = oxr.spec.id + "-secret-pull"
annotations = {
"krm.kcl.dev/composition-resource-name" = oxr.spec.id + "-secret-pull"
}
}
spec = {
providerConfigRef.name = oxr.spec.id + "-sql"
forProvider.manifest = {
apiVersion = "external-secrets.io/v1beta1"
kind = "ExternalSecret"
metadata = {
name = oxr.spec.id + "-password"
namespace: oxr.spec.claimRef.namespace
}
spec = {
dataFrom = [{
extract = {
conversionStrategy = "Default"
decodingStrategy = "None"
key = oxr.spec.parameters.secrets.pullRootPasswordKey
metadataPolicy = "None"
}
}]
refreshInterval = "1h"
secretStoreRef = {
kind = "ClusterSecretStore"
name = oxr.spec.parameters.secrets.storeName
}
target = {
creationPolicy = "Owner"
deletionPolicy = "Retain"
name = oxr.spec.id + "-password"
}
}
}
}
}]
if oxr.spec.parameters?.secrets?.storeName and oxr.spec.parameters?.secrets?.pushToStore:
_endpoint = """\
{
"endpoint": "{{ .endpoint }}",
"port": "{{ .port }}",
"username": "{{ .username }}",
"password": "{{ .password }}",
"""
_conns = [ "\"conn-{}\": \"host=[[ .endpoint ]] user=[[ .username ]] password=[[ .password ]] port=[[ .port ]] connect_timeout=10 database={}\"".format(_db, _db).replace("[[", "{{").replace("]]", "}}") for _db in oxr.spec.parameters.databases ]
_endpoint += ",\n ".join(_conns)
_endpoint += """
}
"""
_items += [{
apiVersion = "kubernetes.crossplane.io/v1alpha2"
kind = "Object"
metadata = {
name = oxr.spec.id + "-secret-push-store"
annotations = {
"krm.kcl.dev/composition-resource-name" = oxr.spec.id + "-secret-push-store"
}
}
spec = {
providerConfigRef.name = oxr.spec.id + "-sql"
forProvider.manifest = {
apiVersion = "external-secrets.io/v1alpha1"
kind = "PushSecret"
metadata = {
name = oxr.spec.id
namespace: oxr.spec.claimRef.namespace
}
spec = {
deletionPolicy = "Delete"
refreshInterval = "1h"
secretStoreRefs = [{
name = oxr.spec.parameters.secrets.storeName
kind = "ClusterSecretStore"
}]
selector.secret.name = oxr.spec.id
template.data.endpoint = _endpoint
data = [{
match = {
secretKey = "endpoint"
remoteRef.remoteKey = oxr.spec.id
}
}]
}
}
}
}]
if oxr.spec.parameters?.schemas:
_items += [{
apiVersion = "kubernetes.crossplane.io/v1alpha2"
kind = "Object"
metadata = {
name = oxr.spec.id + "-schema-" + _schema.database
annotations = {
"krm.kcl.dev/composition-resource-name" = oxr.spec.id + "-schema-" + _schema.database
}
}
spec = {
providerConfigRef.name = oxr.spec.id + "-sql"
forProvider.manifest = {
apiVersion = "db.atlasgo.io/v1alpha1"
kind = "AtlasSchema"
metadata = {
name = oxr.spec.id + "-" + _schema.database
namespace = oxr.spec.claimRef.namespace
}
toFieldPath = "spec.credentials.connectionSecretRef.namespace"
spec = {
credentials = {
scheme = "postgres"
hostFrom.secretKeyRef = {
key = "endpoint"
name = oxr.spec.id
}
port = 5432
userFrom.secretKeyRef = {
key = "username"
name = oxr.spec.id
}
passwordFrom.secretKeyRef = {
key = "password"
name = oxr.spec.id
}
database = _schema.database
parameters.sslmode = "disable"
}
schema.sql = _schema.sql
}
}
}
} for _schema in oxr.spec.parameters.schemas ]
if oxr.spec.parameters?.secrets?.daprComponents and oxr.spec.parameters?.secrets?.pullToCluster:
_items += [{
apiVersion = "kubernetes.crossplane.io/v1alpha2"
kind = "Object"
metadata = {
name = oxr.spec.id + "-dapr-component-" + _database
annotations = {
"crossplane.io/external-name" = oxr.spec.id + "-dapr-component-" + _database
"krm.kcl.dev/composition-resource-name" = oxr.spec.id + "-dapr-component-" + _database
}
}
spec = {
providerConfigRef.name = oxr.spec.parameters.secrets.pullToCluster
forProvider = {
manifest = {
apiVersion = "dapr.io/v1alpha1"
kind = "Component"
metadata = {
name = oxr.spec.id + "-" + _database
namespace = oxr.spec.parameters.secrets.pullToClusterNamespace
}
spec = {
type = "state.postgresql"
version = "v1"
metadata = [{
name = "connectionString"
secretKeyRef = {
name = oxr.spec.id
key = "conn-" + _database
}
}]
}
}
}
}
} for _database in oxr.spec.parameters.databases ]
_items += [{
apiVersion = "kubernetes.crossplane.io/v1alpha2"
kind = "Object"
metadata = {
name = oxr.spec.id + "-secret-pull-cluster"
annotations = {
"krm.kcl.dev/composition-resource-name" = oxr.spec.id + "-secret-pull-cluster"
}
}
spec = {
providerConfigRef.name = oxr.spec.parameters.secrets.pullToCluster
forProvider.manifest = {
apiVersion = "external-secrets.io/v1beta1"
kind = "ExternalSecret"
metadata = {
name = oxr.spec.id
namespace = oxr.spec.parameters.secrets.pullToClusterNamespace
}
spec = {
dataFrom = [{
extract = {
conversionStrategy = "Default"
decodingStrategy = "None"
key = oxr.spec.id
metadataPolicy = "None"
}
}]
refreshInterval = "1h"
secretStoreRef = {
kind = "ClusterSecretStore"
name = oxr.spec.parameters.secrets.storeName
}
target = {
creationPolicy = "Owner"
deletionPolicy = "Retain"
name = oxr.spec.id
}
}
}
}
}]
items = _items
- step: statuses
functionRef:
name: crossplane-contrib-function-status-transformer
input:
apiVersion: function-status-transformer.fn.crossplane.io/v1beta1
kind: StatusTransformation
statusConditionHooks:
- matchers:
- conditions:
- type: Synced
resources:
- name: resourcegroup
setConditions:
- condition:
message: So far so good
status: "True"
type: Developer
force: true
target: CompositeAndClaim
- matchers:
- conditions:
- message: (.*)cannot get referenced ProviderConfig(.*)
reason: ReconcileError
status: "False"
type: Synced
resources:
- name: resourcegroup
setConditions:
- condition:
message: ProviderConfig is missing. Contact service owner.
reason: FailedToConnect
status: "False"
type: Developer
force: true
target: CompositeAndClaim
- matchers:
- conditions:
- message: (.*)The specified location '(?P<Region>.*)' is invalid(.*)
reason: ReconcileError
status: "False"
type: Synced
resources:
- name: resourcegroup
setConditions:
- condition:
message: Selected region {{ .Region }} is not available. Double check the
`spec.parameters.region` value.
reason: FailedToConnect
status: "False"
type: Developer
force: true
target: CompositeAndClaim
- matchers:
- conditions:
- message: (.*)The provided location '(?P<Region>.*)' is not available for
resource group(.*)
reason: ReconcileError
status: "False"
type: Synced
resources:
- name: resourcegroup
setConditions:
- condition:
message: Selected region {{ .Region }} is not available. Double check the
`spec.parameters.region` value.
reason: FailedToConnect
status: "False"
type: Developer
force: true
target: CompositeAndClaim
- step: automatically-detect-ready-composed-resources
functionRef:
name: crossplane-contrib-function-auto-ready
writeConnectionSecretsToNamespace: crossplane-system
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.