kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: azure-postgresql
creationTimestamp: null
labels:
db: postgresql
provider: azure
spec:
compositeTypeRef:
apiVersion: devopstoolkitseries.com/v1alpha1
kind: SQL
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: crossplane-contrib-function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
patchSets:
- name: metadata
patches:
- fromFieldPath: metadata.annotations
toFieldPath: metadata.annotations
- fromFieldPath: spec.id
toFieldPath: metadata.name
resources:
- base:
apiVersion: azure.upbound.io/v1beta1
kind: ResourceGroup
spec:
forProvider:
location: eastus
name: resourcegroup
patches:
- patchSetName: metadata
type: PatchSet
- base:
apiVersion: dbforpostgresql.azure.upbound.io/v1beta1
kind: Server
spec:
forProvider:
administratorLogin: postgres
administratorLoginPasswordSecretRef:
key: password
autoGrowEnabled: true
location: eastus
publicNetworkAccessEnabled: true
resourceGroupNameSelector:
matchControllerRef: true
sslEnforcementEnabled: false
sslMinimalTlsVersionEnforced: TLSEnforcementDisabled
storageMb: 5120
writeConnectionSecretToRef:
namespace: crossplane-system
name: server
patches:
- patchSetName: metadata
type: PatchSet
- fromFieldPath: spec.id
toFieldPath: spec.writeConnectionSecretToRef.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.version
- fromFieldPath: spec.parameters.size
toFieldPath: spec.forProvider.skuName
transforms:
- map:
large: GP_Gen5_8
medium: GP_Gen5_2
small: B_Gen5_1
type: map
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.administratorLoginPasswordSecretRef.name
transforms:
- string:
fmt: "%s-password"
type: Format
type: string
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.forProvider.administratorLoginPasswordSecretRef.namespace
- base:
apiVersion: dbforpostgresql.azure.upbound.io/v1beta1
kind: FirewallRule
spec:
forProvider:
endIpAddress: 255.255.255.255
resourceGroupNameSelector:
matchControllerRef: true
serverNameSelector:
matchControllerRef: true
startIpAddress: 0.0.0.0
name: firewall-rule
patches:
- patchSetName: metadata
type: PatchSet
- base:
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
source: PostgreSQLConnectionSecret
sslMode: require
name: sql-config
patches:
- patchSetName: metadata
type: PatchSet
- fromFieldPath: spec.id
toFieldPath: spec.credentials.connectionSecretRef.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.credentials.connectionSecretRef.namespace
readinessChecks:
- type: None
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
source: InjectedIdentity
name: kubernetes
patches:
- fromFieldPath: metadata.annotations
toFieldPath: metadata.annotations
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- string:
fmt: "%s-sql"
type: Format
type: string
readinessChecks:
- type: None
- step: sql-db
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ range .observed.composite.resource.spec.parameters.databases }}
---
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Database
metadata:
name: {{ $.observed.composite.resource.spec.id }}-{{ . }}
annotations:
crossplane.io/external-name: {{ . }}
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-{{ . }}
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}
forProvider: {}
{{ end }}
kind: GoTemplate
source: Inline
- step: schema
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ range .observed.composite.resource.spec.parameters.schemas }}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-schema-{{ .database }}
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-schema-{{ .database }}
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}-sql
forProvider:
manifest:
apiVersion: db.atlasgo.io/v1alpha1
kind: AtlasSchema
metadata:
name: {{ $.observed.composite.resource.spec.id }}-{{ .database }}
namespace: {{ $.observed.composite.resource.spec.claimRef.namespace }}
toFieldPath: spec.credentials.connectionSecretRef.namespace
spec:
credentials:
scheme: postgres
hostFrom:
secretKeyRef:
key: endpoint
name: {{ $.observed.composite.resource.spec.id }}
port: 5432
userFrom:
secretKeyRef:
key: username
name: {{ $.observed.composite.resource.spec.id }}
passwordFrom:
secretKeyRef:
key: password
name: {{ $.observed.composite.resource.spec.id }}
database: {{ .database }}
parameters:
sslmode: disable
schema:
sql: "{{ .sql }}"
{{ end }}
kind: GoTemplate
source: Inline
- step: secret-pull
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ if and
.observed.composite.resource.spec.parameters.secrets.storeName
.observed.composite.resource.spec.parameters.secrets.pullRootPasswordKey
}}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-secret-pull
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-secret-pull
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}-sql
forProvider:
manifest:
metadata:
name: {{ $.observed.composite.resource.spec.id }}-password
namespace: {{ $.observed.composite.resource.spec.claimRef.namespace }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
spec:
dataFrom:
- extract:
conversionStrategy: Default
decodingStrategy: None
key: {{ $.observed.composite.resource.spec.parameters.secrets.pullRootPasswordKey }}
metadataPolicy: None
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: {{ $.observed.composite.resource.spec.parameters.secrets.storeName }}
target:
creationPolicy: Owner
deletionPolicy: Retain
name: {{ $.observed.composite.resource.spec.id }}-password
{{ end }}
kind: GoTemplate
source: Inline
- step: secret-push-store
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
delims:
left: "[["
right: "]]"
inline:
template: >
[[ if and
.observed.composite.resource.spec.parameters.secrets.storeName
.observed.composite.resource.spec.parameters.secrets.pushToStore ]]
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: [[ $.observed.composite.resource.spec.id ]]-secret-push-store
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: [[ $.observed.composite.resource.spec.id ]]-secret-push-store
spec:
providerConfigRef:
name: [[ $.observed.composite.resource.spec.id ]]-sql
forProvider:
manifest:
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: [[ $.observed.composite.resource.spec.id ]]
namespace: [[ $.observed.composite.resource.spec.claimRef.namespace ]]
spec:
deletionPolicy: Delete
refreshInterval: 1h
secretStoreRefs:
- name: [[ $.observed.composite.resource.spec.parameters.secrets.storeName ]]
kind: ClusterSecretStore
selector:
secret:
name: [[ $.observed.composite.resource.spec.id ]]
template:
data:
endpoint: |
{
"endpoint": "{{ .endpoint }}",
"port": "{{ .port }}",
"username": "{{ .username }}",
"password": "{{ .password }}"[[ range .observed.composite.resource.spec.parameters.databases ]],
"conn-[[ . ]]": "host={{ .endpoint }} user={{ .username }} password={{ .password }} port={{ .port }} connect_timeout=10 database=[[ . ]]"[[ end ]]
}
data:
- match:
secretKey: endpoint
remoteRef:
remoteKey: [[ $.observed.composite.resource.spec.id ]]
[[ end ]]
kind: GoTemplate
source: Inline
- step: secret-pull-cluster
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ if and
.observed.composite.resource.spec.parameters.secrets.storeName
.observed.composite.resource.spec.parameters.secrets.pullToCluster
}}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-secret-pull-cluster
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-secret-pull-cluster
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.parameters.secrets.pullToCluster }}
forProvider:
manifest:
metadata:
name: {{ $.observed.composite.resource.spec.id }}
namespace: {{ $.observed.composite.resource.spec.parameters.secrets.pullToClusterNamespace }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
spec:
dataFrom:
- extract:
conversionStrategy: Default
decodingStrategy: None
key: {{ $.observed.composite.resource.spec.id }}
metadataPolicy: None
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: {{ $.observed.composite.resource.spec.parameters.secrets.storeName }}
target:
creationPolicy: Owner
deletionPolicy: Retain
name: {{ $.observed.composite.resource.spec.id }}
{{ end }}
kind: GoTemplate
source: Inline
- step: dapr-components
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ if and
.observed.composite.resource.spec.parameters.secrets.daprComponents
.observed.composite.resource.spec.parameters.secrets.pullToCluster
}}
{{ range .observed.composite.resource.spec.parameters.databases }}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-dapr-component-{{ . }}
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-dapr-component-{{ . }}
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.parameters.secrets.pullToCluster }}
forProvider:
manifest:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: {{ $.observed.composite.resource.spec.id }}-{{ . }}
namespace: {{ $.observed.composite.resource.spec.parameters.secrets.pullToClusterNamespace }}
spec:
type: state.postgresql
version: v1
metadata:
- name: connectionString
secretKeyRef:
name: {{ $.observed.composite.resource.spec.id }}
key: conn-{{ . }}
{{ end }}
{{ end }}
kind: GoTemplate
source: Inline
- step: automatically-detect-ready-composed-resources
functionRef:
name: crossplane-contrib-function-auto-ready
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.