Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add external dns for gcp #29

Merged
merged 10 commits into from
May 31, 2024
Merged

feat: add external dns for gcp #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
537fbd4
feat: add external dns for gcp
markandersontrocme May 24, 2024
4f3d799
use workloadIdentitySettings CM
markandersontrocme May 27, 2024
26eb3e7
update configuration-gcp-gke to have workloadIdentity
markandersontrocme May 27, 2024
c144aa5
add missing externaldns api defs
markandersontrocme May 27, 2024
70be654
typo in CM name
markandersontrocme May 27, 2024
6997aa6
fixing xrds for workloadIdentity
markandersontrocme May 28, 2024
78d3084
get external-dns working on GCP
markandersontrocme May 29, 2024
8d49b35
xrd fixes
markandersontrocme May 30, 2024
88ce2d9
review suggestions
markandersontrocme May 30, 2024
968368a
typo and fix Object
markandersontrocme May 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions apis/definition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,19 @@ spec:
route53ZoneName:
type: string
description: "The Route53 zone name for external-dns to manage."
gcp:
type: object
properties:
enabled:
type: boolean
description: "Indicates if GCP external-dns is enabled."
default: true
zoneName:
type: string
description: "The Managed Zone for external-dns to manage."
dnsProject:
type: string
description: "The ID of the Project where the DNS is managed."
version:
type: string
description: "Specifies the version of external-dns to use."
Expand Down
88 changes: 88 additions & 0 deletions apis/space-init/composition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -436,6 +436,94 @@ spec:
type: Format
type: string

- name: external-dns-workloadidentity
condition: |
"externaldns" in observed.composite.resource.spec.parameters.operators &&
"gcp" in observed.composite.resource.spec.parameters.operators.externaldns &&
observed.composite.resource.spec.parameters.operators.externaldns.gcp.enabled == true
base:
apiVersion: gcp.platform.upbound.io/v1alpha1
kind: XWorkloadIdentity
spec:
parameters:
condition: StringEquals
serviceAccount:
name: external-dns
namespace: external-dns
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.parameters.id
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.gcp.dnsProject
toFieldPath: spec.parameters.dnsProject
- type: ToCompositeFieldPath
fromFieldPath: status.googleServiceAccount.email
toFieldPath: status.status.externalDNS.googleServiceAccount.email
policy:
fromFieldPath: Optional

- name: external-dns
condition: |
"externaldns" in observed.composite.resource.spec.parameters.operators &&
"gcp" in observed.composite.resource.spec.parameters.operators.externaldns &&
observed.composite.resource.spec.parameters.operators.externaldns.gcp.enabled == true
base:
apiVersion: helm.crossplane.io/v1beta1
kind: Release
spec:
forProvider:
namespace: external-dns
chart:
name: external-dns
repository: https://charts.bitnami.com/bitnami
values:
replicaCount: 1
provider: google
policy: sync
source: ingress
registry: txt
google:
batchChangeSize: 4
rbac:
create: true
serviceAccount:
create: true
name: external-dns
metrics:
enabled: false
serviceMonitor:
enabled: false
replicas: 2
podDisruptionBudget:
minAvailable: 1
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.providerConfigRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.version
toFieldPath: spec.forProvider.chart.version
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.gcp.zoneName
toFieldPath: spec.forProvider.values.domainFilters[0]
- type: FromCompositeFieldPath
fromFieldPath: status.status.externalDNS.googleServiceAccount.email
toFieldPath: spec.forProvider.values.serviceAccount.annotations[iam.gke.io/gcp-service-account]
policy:
fromFieldPath: Required
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.operators.externaldns.gcp.dnsProject
toFieldPath: spec.forProvider.values.google.project
- type: FromCompositeFieldPath
fromFieldPath: metadata.uid
toFieldPath: spec.forProvider.values.txtOwnerId
transforms:
- string:
fmt: 'upbound-spaces-%s'
type: Format
type: string

- name: universal-crossplane
condition: observed.composite.resource.spec.parameters.operators.crossplane.enabled == true
base:
Expand Down
13 changes: 13 additions & 0 deletions apis/space-init/definition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,19 @@ spec:
route53ZoneName:
type: string
description: "The Route53 zone name for external-dns to manage."
gcp:
type: object
properties:
enabled:
type: boolean
description: "Indicates if GCP external-dns is enabled."
default: true
zoneName:
type: string
description: "The Managed Zone for external-dns to manage."
dnsProject:
type: string
description: "The ID of the Project where the DNS is managed."
version:
type: string
description: "Specifies the version of external-dns to use."
Expand Down
172 changes: 172 additions & 0 deletions apis/workload-identity/composition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,172 @@
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: xworkloadidentity.gcp.platform.upbound.io
spec:
compositeTypeRef:
apiVersion: gcp.platform.upbound.io/v1alpha1
kind: XWorkloadIdentity
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: crossplane-contrib-function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
patchSets:
- name: Name
patches:
- fromFieldPath: metadata.name
toFieldPath: metadata.annotations[crossplane.io/external-name]
type: FromCompositeFieldPath
- name: providerConfigRef
patches:
- fromFieldPath: spec.parameters.providerConfigName
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- name: deletionPolicy
patches:
- fromFieldPath: spec.parameters.deletionPolicy
toFieldPath: spec.deletionPolicy
type: FromCompositeFieldPath
resources:
- name: serviceaccount
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccount
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: status.workloadIdentity.gkeProject
toFieldPath: spec.forProvider.project
type: FromCompositeFieldPath
- fromFieldPath: status.atProvider.email
toFieldPath: status.googleServiceAccount.email
type: ToCompositeFieldPath
- fromFieldPath: status.atProvider.id
toFieldPath: status.googleServiceAccount.id
type: ToCompositeFieldPath

- name: projectiammember-dns-admin
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ProjectIAMMember
spec:
forProvider:
role: roles/dns.admin
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: spec.parameters.dnsProject
toFieldPath: spec.forProvider.project
type: FromCompositeFieldPath
- fromFieldPath: status.googleServiceAccount.email
toFieldPath: spec.forProvider.member
type: FromCompositeFieldPath
transforms:
- string:
fmt: 'serviceAccount:%s'
type: Format
type: string

- name: serviceaccountiammember
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ServiceAccountIAMMember
spec:
forProvider:
role: roles/iam.workloadIdentityUser
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: status.googleServiceAccount.id
toFieldPath: spec.forProvider.serviceAccountId
type: FromCompositeFieldPath
- combine:
strategy: string
string:
fmt: "serviceAccount:%s.svc.id.goog[%s/%s]"
variables:
- fromFieldPath: status.workloadIdentity.gkeProject
- fromFieldPath: spec.parameters.serviceAccount.namespace
- fromFieldPath: spec.parameters.serviceAccount.name
toFieldPath: spec.forProvider.member
type: CombineFromComposite

- name: projectiammember-workload-identity-user
base:
apiVersion: cloudplatform.gcp.upbound.io/v1beta1
kind: ProjectIAMMember
spec:
forProvider:
role: roles/iam.workloadIdentityUser
patches:
- type: PatchSet
patchSetName: Name
- type: PatchSet
patchSetName: providerConfigRef
- type: PatchSet
patchSetName: deletionPolicy
- fromFieldPath: status.workloadIdentity.gkeProject
toFieldPath: spec.forProvider.project
type: FromCompositeFieldPath
- fromFieldPath: status.googleServiceAccount.email
toFieldPath: spec.forProvider.member
type: FromCompositeFieldPath
transforms:
- string:
fmt: 'serviceAccount:%s'
type: Format
type: string

- name: workloadIdentitySettings
base:
apiVersion: kubernetes.crossplane.io/v1alpha2
kind: Object
spec:
deletionPolicy: Orphan
forProvider:
manifest:
apiVersion: v1
kind: ConfigMap
metadata:
namespace: default
managementPolicies: ["Observe"]
patches:
- fromFieldPath: spec.parameters.id
toFieldPath: spec.providerConfigRef.name
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: metadata.annotations[crossplane.io/external-name]
transforms:
- string:
fmt: '%s-workload-identity-settings'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: spec.parameters.id
toFieldPath: spec.forProvider.manifest.metadata.name
transforms:
- string:
fmt: '%s-workload-identity-settings'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: status.atProvider.manifest.data.gkeProject
policy:
fromFieldPath: Optional
toFieldPath: status.workloadIdentity.gkeProject
type: ToCompositeFieldPath
Loading