Skip to content

Commit

Permalink
get external-dns working on GCP
Browse files Browse the repository at this point in the history
  • Loading branch information
@markandersontrocme
markandersontrocme committed May 29, 2024
1 parent 6997aa6 commit 78d3084
Show file tree
Hide file tree
Showing 6 changed files with 95 additions and 54 deletions.
24 changes: 13 additions & 11 deletions apis/space-init/composition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -456,17 +456,14 @@ spec:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.parameters.id
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.gcp.dnsProject
toFieldPath: spec.parameters.dnsProject
- type: ToCompositeFieldPath
fromFieldPath: status.dnsSAID
toFieldPath: status.status.externalDNS.dnsSAID
fromFieldPath: status.googleServiceAccount.email
toFieldPath: status.status.externalDNS.googleServiceAccount.email
policy:
fromFieldPath: Optional
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.gcp.dnsProject
toFieldPath: spec.parameters.project
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.gcp.managedZone
toFieldPath: spec.parameters.managedZone

- name: external-dns
condition: |
Expand All @@ -484,10 +481,12 @@ spec:
repository: https://charts.bitnami.com/bitnami
values:
replicaCount: 1
provider: gcp
provider: google
policy: sync
source: ingress
registry: txt
google:
batchChangeSize: 4
rbac:
create: true
serviceAccount:
Expand All @@ -508,13 +507,16 @@ spec:
fromFieldPath: spec.parameters.operators.externaldns.version
toFieldPath: spec.forProvider.chart.version
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.gcp.managedZone
fromFieldPath: spec.parameters.operators.externaldns.gcp.zoneName
toFieldPath: spec.forProvider.values.domainFilters[0]
- type: FromCompositeFieldPath
fromFieldPath: status.status.externalDNS.dnsSAID
fromFieldPath: status.status.externalDNS.googleServiceAccount.email
toFieldPath: spec.forProvider.values.serviceAccount.annotations[iam.gke.io/gcp-service-account]
policy:
fromFieldPath: Required
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.gcp.dnsProject
toFieldPath: spec.forProvider.values.google.project
- type: FromCompositeFieldPath
fromFieldPath: metadata.uid
toFieldPath: spec.forProvider.values.txtOwnerId
Expand Down
2 changes: 1 addition & 1 deletion apis/space-init/definition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ spec:
type: boolean
description: "Indicates if GCP external-dns is enabled."
default: true
managedZone:
zoneName:
type: string
description: "The Managed Zone for external-dns to manage."
dnsProject:
Expand Down
94 changes: 62 additions & 32 deletions apis/workload-identity/composition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,76 +31,106 @@ spec:
toFieldPath: spec.deletionPolicy
type: FromCompositeFieldPath
resources:
- name: projectiammember
- name: serviceaccount
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccount
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: status.workloadIdentity.gkeProject
toFieldPath: spec.forProvider.project
type: FromCompositeFieldPath
- fromFieldPath: status.atProvider.email
toFieldPath: status.googleServiceAccount.email
type: ToCompositeFieldPath
- fromFieldPath: status.atProvider.id
toFieldPath: status.googleServiceAccount.id
type: ToCompositeFieldPath

- name: projectiammember-dns-admin
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ProjectIAMMember
spec:
forProvider:
role: roles/dns.reader
role: roles/dns.admin
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
- fromFieldPath: spec.parameters.dnsProject
toFieldPath: spec.forProvider.project
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.member
- fromFieldPath: status.googleServiceAccount.email
toFieldPath: spec.forProvider.member
type: FromCompositeFieldPath
transforms:
- string:
fmt: 'serviceAccount:%s'
type: Format
type: string

- name: serviceaccountiammember
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccountIAMMember
spec:
forProvider:
role: roles/iam.workloadIdentityUser
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: status.googleServiceAccount.id
toFieldPath: spec.forProvider.serviceAccountId
type: FromCompositeFieldPath
- combine:
strategy: string
string:
fmt: "serviceAccount:%s.svc.id.goog/ns/%s/sa/%s"
fmt: "serviceAccount:%s.svc.id.goog[%s/%s]"
variables:
- fromFieldPath: status.workloadIdentity.gkeProject
- fromFieldPath: spec.parameters.serviceAccount.namespace
- fromFieldPath: spec.parameters.serviceAccount.name
toFieldPath: spec.forProvider.member
type: CombineFromComposite

- name: managedzoneiammember
- name: projectiammember-workload-identity-user
base:
apiVersion: dns.gcp.upbound.io/v1beta1
kind: ManagedZoneIAMMember
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ProjectIAMMember
spec:
forProvider:
role: roles/dns.admin
role: roles/iam.workloadIdentityUser
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: status.atProvider.id
policy:
fromFieldPath: Optional
toFieldPath: status.dnsSAID
type: ToCompositeFieldPath
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
- fromFieldPath: spec.parameters.dnsProject
- fromFieldPath: status.workloadIdentity.gkeProject
toFieldPath: spec.forProvider.project
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.managedZone
toFieldPath: spec.forProvider.managedZone
type: FromCompositeFieldPath
- combine:
strategy: string
string:
fmt: "serviceAccount:%s.svc.id.goog/ns/%s/sa/%s"
variables:
- fromFieldPath: status.workloadIdentity.gkeProject
- fromFieldPath: spec.parameters.serviceAccount.namespace
- fromFieldPath: spec.parameters.serviceAccount.name
- fromFieldPath: status.googleServiceAccount.email
toFieldPath: spec.forProvider.member
type: CombineFromComposite
type: FromCompositeFieldPath
transforms:
- string:
fmt: 'serviceAccount:%s'
type: Format
type: string

- name: workloadIdentitySettings
base:
Expand Down
21 changes: 15 additions & 6 deletions apis/workload-identity/definition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,17 +61,13 @@ spec:
enum:
- StringEquals
- StringLike
project:
dnsProject:
type: string
description: The Project ID where the DNS managed zone lives.
managedZone:
type: string
description: The name of the GCP managed zone.
required:
- id
- serviceAccount
- project
- managedZone
- dnsProject
required:
- parameters
status:
Expand All @@ -88,3 +84,16 @@ spec:
description: Freeform field containing information about the observed status.
type: object
x-kubernetes-preserve-unknown-fields: true
googleServiceAccount:
type: object
description: Configuration for GSA
properties:
email:
type: string
description: email Google SA
id:
type: string
description: id Google SA
required:
- email
- id
2 changes: 1 addition & 1 deletion crossplane.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ spec:
version: "v0.5.0"
- configuration: xpkg.upbound.io/upbound/configuration-gcp-gke
# renovate: datasource=github-releases depName=upbound/configuration-gcp-gke
version: "v0.6.0"
version: "v0.7.0"
- provider: xpkg.upbound.io/upbound/provider-gcp-dns
# renovate: datasource=github-releases depName=upbound/provider-gcp
version: "v1.2.0"
Expand Down
6 changes: 3 additions & 3 deletions examples/gcp-host-space.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ spec:
enabled: true
# To leverage external-dns for managing the spaces.dns.spacesRouterDomain zone entry,
# substitute the placeholder values with your actual Managed Zone Name and GCP DNS Project Name.
managedZone: ${data.gcpManagedZoneName}
zoneName: ${data.gcpZoneName}
dnsProject: ${data.gcpDNSProject}
crossplane:
providers:
Expand All @@ -31,7 +31,7 @@ spec:
localRbac: true
argocd:
enabled: true
ingressUrl: argocd-platform-ref-upbound-spaces.${data.gcpDNSName}
ingressUrl: argocd-platform-ref-upbound-spaces.${data.gcpZoneName}
git:
url: https://github.com/upbound/platform-ref-upbound-spaces.git
path: gitops
Expand Down Expand Up @@ -62,7 +62,7 @@ spec:
- "*/controlplane-*"
spaces:
dns:
spacesRouterDomain: platform-ref-upbound-spaces-gke.${data.gcpDNSName}
spacesRouterDomain: platform-ref-upbound-spaces-gke.${data.gcpZoneName}
clusterType: gke
account: platform-ref
writeConnectionSecretToRef:
Expand Down

0 comments on commit 78d3084

Please sign in to comment.