New Crossplane governance policies and Official Providers:Upbound is strengthening the Crossplane community ecosystem and making updates to the Official Provider policy
devops-toolkit/dot-sql@v1.1.22,v1.1.21google-postgresql
YAML
kind: Composition
apiVersion: apiextensions.crossplane.io/v1
metadata:
name: google-postgresql
creationTimestamp: null
labels:
db: postgresql
provider: google
spec:
compositeTypeRef:
apiVersion: devopstoolkitseries.com/v1alpha1
kind: SQL
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: crossplane-contrib-function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
patchSets:
- name: metadata
patches:
- fromFieldPath: metadata.annotations
toFieldPath: metadata.annotations
- fromFieldPath: spec.id
toFieldPath: metadata.name
resources:
- base:
apiVersion: sql.gcp.upbound.io/v1beta1
kind: DatabaseInstance
spec:
forProvider:
deletionProtection: false
region: us-east1
rootPasswordSecretRef:
key: password
namespace: crossplane-system
settings:
- availabilityType: REGIONAL
backupConfiguration:
- binaryLogEnabled: false
enabled: true
ipConfiguration:
- authorizedNetworks:
- name: all
value: 0.0.0.0/0
ipv4Enabled: true
name: sql
patches:
- patchSetName: metadata
type: PatchSet
- fromFieldPath: spec.parameters.version
toFieldPath: spec.forProvider.databaseVersion
transforms:
- string:
fmt: POSTGRES_%s
type: Format
type: string
- fromFieldPath: spec.parameters.size
toFieldPath: spec.forProvider.settings[0].tier
transforms:
- map:
large: db-custom-64-245760
medium: db-custom-16-61440
small: db-custom-1-3840
type: map
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.rootPasswordSecretRef.name
transforms:
- string:
fmt: "%s-password"
type: Format
type: string
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.forProvider.rootPasswordSecretRef.namespace
- base:
apiVersion: sql.gcp.upbound.io/v1beta1
kind: User
spec:
forProvider:
instanceSelector:
matchControllerRef: true
passwordSecretRef:
key: password
name: user
patches:
- patchSetName: metadata
type: PatchSet
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.passwordSecretRef.name
transforms:
- string:
fmt: "%s-password"
type: Format
type: string
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.forProvider.passwordSecretRef.namespace
- base:
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: default
spec:
credentials:
connectionSecretRef:
namespace: crossplane-system
source: PostgreSQLConnectionSecret
sslMode: require
name: sql-config
patches:
- patchSetName: metadata
type: PatchSet
- fromFieldPath: spec.id
toFieldPath: spec.credentials.connectionSecretRef.name
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.credentials.connectionSecretRef.namespace
readinessChecks:
- type: None
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: ProviderConfig
spec:
credentials:
source: InjectedIdentity
name: kubernetes
patches:
- fromFieldPath: metadata.annotations
toFieldPath: metadata.annotations
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- string:
fmt: "%s-sql"
type: Format
type: string
readinessChecks:
- type: None
- base:
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: sql-secret
spec:
forProvider:
manifest:
apiVersion: v1
data:
port: NTQzMg==
kind: Secret
metadata:
namespace: crossplane-system
references:
- patchesFrom:
apiVersion: sql.gcp.upbound.io/v1beta1
fieldPath: metadata.name
kind: User
namespace: crossplane-system
toFieldPath: stringData.username
- patchesFrom:
apiVersion: v1
fieldPath: data.password
kind: Secret
toFieldPath: data.password
- patchesFrom:
apiVersion: sql.gcp.upbound.io/v1beta1
fieldPath: status.atProvider.publicIpAddress
kind: DatabaseInstance
namespace: crossplane-system
toFieldPath: stringData.endpoint
name: sql-secret
patches:
- fromFieldPath: spec.id
toFieldPath: metadata.name
transforms:
- string:
fmt: "%s-secret"
type: Format
type: string
- fromFieldPath: metadata.annotations
toFieldPath: metadata.annotations
- fromFieldPath: spec.id
toFieldPath: spec.references[0].patchesFrom.name
- fromFieldPath: spec.id
toFieldPath: spec.references[1].patchesFrom.name
transforms:
- string:
fmt: "%s-password"
type: Format
type: string
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.references[1].patchesFrom.namespace
- fromFieldPath: spec.id
toFieldPath: spec.references[2].patchesFrom.name
- fromFieldPath: spec.id
toFieldPath: spec.forProvider.manifest.metadata.name
- fromFieldPath: spec.id
toFieldPath: spec.providerConfigRef.name
transforms:
- string:
fmt: "%s-sql"
type: Format
type: string
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.forProvider.manifest.metadata.namespace
- step: sql-db
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ range .observed.composite.resource.spec.parameters.databases }}
---
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Database
metadata:
name: {{ $.observed.composite.resource.spec.id }}-{{ . }}
annotations:
crossplane.io/external-name: {{ . }}
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-{{ . }}
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}
forProvider: {}
{{ end }}
kind: GoTemplate
source: Inline
- step: schema
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ range .observed.composite.resource.spec.parameters.schemas }}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-schema-{{ .database }}
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-schema-{{ .database }}
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}-sql
forProvider:
manifest:
apiVersion: db.atlasgo.io/v1alpha1
kind: AtlasSchema
metadata:
name: {{ $.observed.composite.resource.spec.id }}-{{ .database }}
namespace: {{ $.observed.composite.resource.spec.claimRef.namespace }}
toFieldPath: spec.credentials.connectionSecretRef.namespace
spec:
credentials:
scheme: postgres
hostFrom:
secretKeyRef:
key: endpoint
name: {{ $.observed.composite.resource.spec.id }}
port: 5432
userFrom:
secretKeyRef:
key: username
name: {{ $.observed.composite.resource.spec.id }}
passwordFrom:
secretKeyRef:
key: password
name: {{ $.observed.composite.resource.spec.id }}
database: {{ .database }}
parameters:
sslmode: disable
schema:
sql: "{{ .sql }}"
{{ end }}
kind: GoTemplate
source: Inline
- step: secret-pull
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ if and
.observed.composite.resource.spec.parameters.secrets.storeName
.observed.composite.resource.spec.parameters.secrets.pullRootPasswordKey
}}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-secret-pull
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-secret-pull
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.id }}-sql
forProvider:
manifest:
metadata:
name: {{ $.observed.composite.resource.spec.id }}-password
namespace: {{ $.observed.composite.resource.spec.claimRef.namespace }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
spec:
dataFrom:
- extract:
conversionStrategy: Default
decodingStrategy: None
key: {{ $.observed.composite.resource.spec.parameters.secrets.pullRootPasswordKey }}
metadataPolicy: None
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: {{ $.observed.composite.resource.spec.parameters.secrets.storeName }}
target:
creationPolicy: Owner
deletionPolicy: Retain
name: {{ $.observed.composite.resource.spec.id }}-password
{{ end }}
kind: GoTemplate
source: Inline
- step: secret-push-store
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
delims:
left: "[["
right: "]]"
inline:
template: >
[[ if and
.observed.composite.resource.spec.parameters.secrets.storeName
.observed.composite.resource.spec.parameters.secrets.pushToStore ]]
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: [[ $.observed.composite.resource.spec.id ]]-secret-push-store
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: [[ $.observed.composite.resource.spec.id ]]-secret-push-store
spec:
providerConfigRef:
name: [[ $.observed.composite.resource.spec.id ]]-sql
forProvider:
manifest:
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: [[ $.observed.composite.resource.spec.id ]]
namespace: [[ $.observed.composite.resource.spec.claimRef.namespace ]]
spec:
deletionPolicy: Delete
refreshInterval: 1h
secretStoreRefs:
- name: [[ $.observed.composite.resource.spec.parameters.secrets.storeName ]]
kind: ClusterSecretStore
selector:
secret:
name: [[ $.observed.composite.resource.spec.id ]]
template:
data:
endpoint: |
{
"endpoint": "{{ .endpoint }}",
"port": "{{ .port }}",
"username": "{{ .username }}",
"password": "{{ .password }}"[[ range .observed.composite.resource.spec.parameters.databases ]],
"conn-[[ . ]]": "host={{ .endpoint }} user={{ .username }} password={{ .password }} port={{ .port }} connect_timeout=10 database=[[ . ]]"[[ end ]]
}
data:
- match:
secretKey: endpoint
remoteRef:
remoteKey: [[ $.observed.composite.resource.spec.id ]]
[[ end ]]
kind: GoTemplate
source: Inline
- step: secret-pull-cluster
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ if and
.observed.composite.resource.spec.parameters.secrets.storeName
.observed.composite.resource.spec.parameters.secrets.pullToCluster
}}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-secret-pull-cluster
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-secret-pull-cluster
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.parameters.secrets.pullToCluster }}
forProvider:
manifest:
metadata:
name: {{ $.observed.composite.resource.spec.id }}
namespace: {{ $.observed.composite.resource.spec.parameters.secrets.pullToClusterNamespace }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
spec:
dataFrom:
- extract:
conversionStrategy: Default
decodingStrategy: None
key: {{ $.observed.composite.resource.spec.id }}
metadataPolicy: None
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: {{ $.observed.composite.resource.spec.parameters.secrets.storeName }}
target:
creationPolicy: Owner
deletionPolicy: Retain
name: {{ $.observed.composite.resource.spec.id }}
{{ end }}
kind: GoTemplate
source: Inline
- step: dapr-components
functionRef:
name: crossplane-contrib-function-go-templating
input:
apiVersion: gotemplating.fn.crossplane.io/v1beta1
inline:
template: >
{{ if and
.observed.composite.resource.spec.parameters.secrets.daprComponents
.observed.composite.resource.spec.parameters.secrets.pullToCluster
}}
{{ range .observed.composite.resource.spec.parameters.databases }}
---
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
metadata:
name: {{ $.observed.composite.resource.spec.id }}-dapr-component-{{ . }}
annotations:
gotemplating.fn.crossplane.io/composition-resource-name: {{ $.observed.composite.resource.spec.id }}-dapr-component-{{ . }}
spec:
providerConfigRef:
name: {{ $.observed.composite.resource.spec.parameters.secrets.pullToCluster }}
forProvider:
manifest:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: {{ $.observed.composite.resource.spec.id }}-{{ . }}
namespace: {{ $.observed.composite.resource.spec.parameters.secrets.pullToClusterNamespace }}
spec:
type: state.postgresql
version: v1
metadata:
- name: connectionString
secretKeyRef:
name: {{ $.observed.composite.resource.spec.id }}
key: conn-{{ . }}
{{ end }}
{{ end }}
kind: GoTemplate
source: Inline
- step: automatically-detect-ready-composed-resources
functionRef:
name: crossplane-contrib-function-auto-ready