-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add k3s server + agent example composition #12
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -0,0 +1,149 @@ | ||||||
apiVersion: apiextensions.crossplane.io/v1 | ||||||
kind: Composition | ||||||
metadata: | ||||||
name: k3sclusters.deployments.equinix.com | ||||||
spec: | ||||||
writeConnectionSecretsToNamespace: crossplane-system | ||||||
compositeTypeRef: | ||||||
apiVersion: deployments.equinix.com/v1alpha1 | ||||||
kind: K3sCluster | ||||||
resources: | ||||||
- name: k3s-project | ||||||
base: | ||||||
apiVersion: metal.equinix.jet.crossplane.io/v1alpha1 | ||||||
kind: Project | ||||||
patches: | ||||||
- type: FromCompositeFieldPath | ||||||
fromFieldPath: metadata.name | ||||||
toFieldPath: spec.forProvider.name | ||||||
- name: k3s-userdata | ||||||
base: | ||||||
apiVersion: v1 | ||||||
kind: Secret | ||||||
type: Opaque | ||||||
metadata: | ||||||
namespace: crossplane-system | ||||||
patches: | ||||||
- type: CombineFromComposite | ||||||
toFieldPath: metadata.name | ||||||
combine: | ||||||
variables: | ||||||
- fromFieldPath: metadata.name | ||||||
strategy: string | ||||||
string: | ||||||
fmt: "k3s-userdata-%s" | ||||||
- type: FromCompositeFieldPath | ||||||
toFieldPath: metadata.namespace | ||||||
fromFieldPath: spec.secretNamespace | ||||||
- type: CombineFromComposite | ||||||
toFieldPath: data.userdata | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
combine: | ||||||
variables: | ||||||
- fromFieldPath: spec.k3stoken | ||||||
strategy: string | ||||||
string: | ||||||
fmt: | | ||||||
#cloud-config | ||||||
write_files: | ||||||
#- permissions: '0660' | ||||||
# path: /etc/rancher/k3s/config.yaml | ||||||
# content: | | ||||||
# # k3s config | ||||||
runcmd: | ||||||
- sudo apt update | ||||||
- sudo apt upgrade -y | ||||||
- curl -sfL https://get.k3s.io | \ | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Certificates for the Kubernetes cluster should be sourced from Secrets which could then be managed by cert-manager. This will keep the user in control of secrets rather than having them only available within the servers (and therefor difficult to get access to from a Crossplane composition). Crossplane compositions would also benefit from this K8s managed certificate for managing helm installs within the created cluster. |
||||||
INSTALL_K3S_EXEC="server" \ | ||||||
K3S_TOKEN="%s" sh - | ||||||
- name: k3s-server | ||||||
base: | ||||||
apiVersion: metal.equinix.jet.crossplane.io/v1alpha1 | ||||||
kind: Device | ||||||
metadata: | ||||||
labels: | ||||||
k3s-server: 'true' | ||||||
spec: | ||||||
forProvider: | ||||||
hostname: k3s-server | ||||||
plan: c3.small.x86 | ||||||
operatingSystem: ubuntu_20_04 | ||||||
billingCycle: hourly | ||||||
locked: false | ||||||
networkType: hybrid | ||||||
tags: | ||||||
- crossplane | ||||||
projectIdSelector: | ||||||
matchControllerRef: true | ||||||
userDataSecretRef: | ||||||
namespace: crossplane-system | ||||||
key: userdata | ||||||
writeConnectionSecretToRef: | ||||||
name: server | ||||||
namespace: crossplane-system | ||||||
reclaimPolicy: Delete | ||||||
patches: | ||||||
- type: ToCompositeFieldPath | ||||||
fromFieldPath: status.atProvider.accessPublicIpv4 | ||||||
toFieldPath: status.serverIP | ||||||
- type: FromCompositeFieldPath | ||||||
fromFieldPath: spec.metro | ||||||
toFieldPath: spec.forProvider.metro | ||||||
- type: CombineFromComposite | ||||||
toFieldPath: spec.forProvider.userDataSecretRef.name | ||||||
combine: | ||||||
variables: | ||||||
- fromFieldPath: metadata.name | ||||||
strategy: string | ||||||
string: | ||||||
fmt: "%s" | ||||||
- name: k3s-agent | ||||||
base: | ||||||
apiVersion: metal.equinix.jet.crossplane.io/v1alpha1 | ||||||
kind: Device | ||||||
metadata: | ||||||
labels: | ||||||
k3s-agent: 'true' | ||||||
spec: | ||||||
forProvider: | ||||||
hostname: k3s-agent | ||||||
plan: c3.small.x86 | ||||||
operatingSystem: ubuntu_20_04 | ||||||
billingCycle: hourly | ||||||
locked: false | ||||||
networkType: hybrid | ||||||
tags: | ||||||
- crossplane | ||||||
projectIdSelector: | ||||||
matchControllerRef: true | ||||||
writeConnectionSecretToRef: | ||||||
name: crossplane-conformance | ||||||
namespace: crossplane-system | ||||||
reclaimPolicy: Delete | ||||||
patches: | ||||||
# TODO we reuse metro patches. create a 'patchtype' | ||||||
- type: FromCompositeFieldPath | ||||||
fromFieldPath: spec.metro | ||||||
toFieldPath: spec.forProvider.metro | ||||||
# - type: CombineFromComposite | ||||||
# toFieldPath: spec.forProvider.userData | ||||||
# policy: | ||||||
# fromFieldPath: Required | ||||||
# combine: | ||||||
# variables: | ||||||
# - fromFieldPath: spec.k3stoken | ||||||
# - fromFieldPath: status.serverIP | ||||||
# strategy: string | ||||||
# string: | ||||||
# fmt: | | ||||||
# #cloud-config | ||||||
# write_files: | ||||||
# #- permissions: '0660' | ||||||
# # path: /etc/rancher/k3s/config.yaml | ||||||
# # content: | | ||||||
# # # k3s config | ||||||
# runcmd: | ||||||
# - sudo apt update | ||||||
# - sudo apt upgrade -y | ||||||
# - curl -sfL https://get.k3s.io | \ | ||||||
# K3S_TOKEN="%s" \ | ||||||
# K3S_URL=https://%s:6443 sh - |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
apiVersion: apiextensions.crossplane.io/v1 | ||
kind: CompositeResourceDefinition | ||
metadata: | ||
name: k3sclusters.deployments.equinix.com | ||
spec: | ||
group: deployments.equinix.com | ||
names: | ||
kind: K3sCluster | ||
listKind: K3sClusterList | ||
plural: k3sclusters | ||
singular: k3scluster | ||
versions: | ||
- name: v1alpha1 | ||
served: true | ||
referenceable: true | ||
schema: | ||
openAPIV3Schema: | ||
description: Managed resources for provider-jet-equinix crossplane K3s Cluster. Creates a k3s server and agent node in a new project named after the composition resource. | ||
type: object | ||
properties: | ||
spec: | ||
type: object | ||
properties: | ||
metro: | ||
type: string | ||
description: metro | ||
k3stoken: | ||
type: string | ||
description: K3s Token | ||
secretNamespace: | ||
type: string | ||
description: Secret Namespace | ||
required: | ||
- metro | ||
- k3stoken | ||
- secretNamespace | ||
status: | ||
type: object | ||
properties: | ||
serverIP: | ||
type: string | ||
description: IPv4 of the K3s Server |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: deployments.equinix.com/v1alpha1 | ||
kind: K3sCluster | ||
metadata: | ||
name: k3s-sv | ||
spec: | ||
metro: sv | ||
k3stoken: t09s3cr37 # This is an example token. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This isn't ideal since token is in a resource that is not |
||
secretNamespace: crossplane-system |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may work but composition is designed to work with MRs. So I'd suggest using
Object
from provider-kubernetes. Though that'd force you to have the whole secret YAML as raw template inCombineFromComposite
patch sinceObject
accepts raw YAML.