Skip to content

Commit

Permalink
update samples and user guide for version 0.0.9
Browse files Browse the repository at this point in the history
  • Loading branch information
Michael Kibbe committed Aug 8, 2019
1 parent b3e7523 commit 863de74
Show file tree
Hide file tree
Showing 34 changed files with 277 additions and 17 deletions.
9 changes: 5 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ For existing Kubernetes applications that are currently using additional tools (
1. Install the infrastructure in your cluster:
```bash
kubectl apply -f install-bundle/
kubectl apply -f install-bundle/resources
```
**NOTE:** If you previously installed Config Connector alpha and wish to
upgrade, newer versions of the `CustomResourceDefinitions` may cause some of
Expand Down Expand Up @@ -359,12 +358,14 @@ You can find more details on the meaning of specific properties in the API docum
| containerclusters.container.cnrm.cloud.google.com | [Container Cluster](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters) |
| iampolicies.iam.cnrm.cloud.google.com | [IAM Policy](https://cloud.google.com/iam/reference/rest/v1/Policy) |
| iamserviceaccounts.iam.cnrm.cloud.google.com | [IAM Service Account](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts) |
| iamserviceaccountkeys.iam.cnrm.cloud.google.com | [IAM Service Account Key](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys) |
| pubsubsubscriptions.pubsub.cnrm.cloud.google.com | [Pub/Sub Subscription](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions) |
| pubsubtopics.pubsub.cnrm.cloud.google.com | [Pub/Sub Topic](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics) |
| redisinstances.redis.cnrm.cloud.google.com | [Cloud Memorystore for Redis](https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances) |
| spannerinstances.spanner.cnrm.cloud.google.com | [Spanner Instance](https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances) |
| sqlinstances.sql.cnrm.cloud.google.com | [Cloud SQL Instance](https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/instances) |
| sqldatabases.sql.cnrm.cloud.google.com | [Cloud SQL Database](https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/databases) |
| sqlusers.sql.cnrm.cloud.google.com | [Cloud SQL User](https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/users) |
| storagebuckets.storage.cnrm.cloud.google.com | [Cloud Storage Bucket](https://cloud.google.com/storage/docs/json_api/v1/buckets) |
| storagebucketaccesscontrols.storage.cnrm.cloud.google.com | [Cloud Storage Bucket Access Control](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls) |
| storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com | [Cloud Storage Default Object Access Control](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls) |
Expand All @@ -389,11 +390,11 @@ Note: if you `kubectl delete` the configuration, Config Connector will delete th
## Uninstalling Config Connector Bundle

```bash
kubectl delete -f install-bundle/resources
kubectl delete -f install-bundle/
kubectl delete -f install-bundle/crds.yaml
kubectl delete -f install-bundle/0-cnrm-system.yaml
```

Note: Make sure to `kubectl delete -f install-bundle/resources` first to ensure the custom resource definitions are removed first before the controllers.
Note: Make sure to `kubectl delete -f install-bundle/crds.yaml` first to ensure the custom resource definitions are removed first before the controllers.
s
## Config Connector Resource Functionality

Expand Down
2 changes: 1 addition & 1 deletion apps/musicians/manifests/overlays/prod/cloud-sql-instance.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: sql.cnrm.cloud.google.com/v1alpha2
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: musicians-demo
Expand Down
23 changes: 23 additions & 0 deletions apps/musicians/manifests/overlays/prod/cloud-sql-user.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLUser
metadata:
name: root
spec:
instanceRef:
name: musicians-demo-prod
host: "%"

3 changes: 2 additions & 1 deletion apps/musicians/manifests/overlays/prod/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ bases:

resources:
- cloud-sql-instance.yaml
- cloud-sql-user.yaml

patches:
- musicians-deployment-project-patch.yaml
- replica-patch.yaml
- replica-patch.yaml
2 changes: 1 addition & 1 deletion apps/musicians/manifests/release-configuration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ spec:
secret:
secretName: gcp-key
---
apiVersion: sql.cnrm.cloud.google.com/v1alpha2
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: musicians-demo
Expand Down
0 ...mpute_v1alpha1_computebackendservice.yaml → ...mpute_v1alpha1_computebackendservice.yaml
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...all/compute_v1alpha1_computefirewall.yaml → ...ule/compute_v1alpha1_computefirewall.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ kind: ComputeFirewall
metadata:
labels:
label-one: "value-one"
name: computefirewall-sample
name: computefirewall-allow-sample
spec:
allow:
- protocol: tcp
Expand Down
0 ...wall/compute_v1alpha1_computenetwork.yaml → ...rule/compute_v1alpha1_computenetwork.yaml
View file
File renamed without changes.
11 changes: 11 additions & 0 deletions resources/computefirewall/deny-rule/compute_v1alpha1_computefirewall.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: compute.cnrm.cloud.google.com/v1alpha1
kind: ComputeFirewall
metadata:
labels:
label-one: "value-one"
name: computefirewall-deny-sample
spec:
deny:
- protocol: icmp
networkRef:
name: computefirewall-dep
7 changes: 7 additions & 0 deletions resources/computefirewall/deny-rule/compute_v1alpha1_computenetwork.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: compute.cnrm.cloud.google.com/v1alpha1
kind: ComputeNetwork
metadata:
name: computefirewall-dep
spec:
routingMode: REGIONAL
autoCreateSubnetworks: true
1 change: 0 additions & 1 deletion resources/computehealthcheck/compute_v1alpha1_computehealthcheck.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,5 @@ metadata:
name: computehealthcheck-sample
spec:
checkIntervalSec: 10
type: HTTP
httpHealthCheck:
port: 80
7 changes: 7 additions & 0 deletions resources/computesubnetwork/compute_v1alpha1_computenetwork.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: compute.cnrm.cloud.google.com/v1alpha1
kind: ComputeNetwork
metadata:
name: computesubnetwork-dep
spec:
routingMode: REGIONAL
autoCreateSubnetworks: false
18 changes: 18 additions & 0 deletions resources/computesubnetwork/compute_v1alpha1_computesubnetwork.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: compute.cnrm.cloud.google.com/v1alpha1
kind: ComputeSubnetwork
metadata:
labels:
label-one: "value-one"
name: computesubnetwork-sample
spec:
ipCidrRange: 10.2.0.0/16
region: us-central1
description: My subnet
enableFlowLogs: true
privateIpGoogleAccess: false
networkRef:
name: computesubnetwork-dep
logConfig:
aggregationInterval: INTERVAL_10_MIN
flowSampling: "0.5"
metadata: INCLUDE_ALL_METADATA
5 changes: 5 additions & 0 deletions resources/containercluster/container_v1alpha1_containercluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,8 @@ spec:
initialNodeCount: 1
removeDefaultNodePool: false
loggingService: none
masterAuth:
username: "user"
password: "password12345678"
clientCertificateConfig:
issueClientCertificate: false
47 changes: 47 additions & 0 deletions resources/iampolicy/project-level/iam_v1alpha1_iampolicy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# **WARNING**: The bindings here represent the full declarative intent for the project.
# It will fully overwrite the existing policy on the given project.
#
# This sample assumes the following additional APIs are enabled:
# - compute.googleapis.com
# - container.googleapis.com
# - containerregistry.googleapis.com
# - redis.googleapis.com
#
# Replace [PROJECT_ID], [PROJECT_NUMBER], and [ACCOUNT] with your desired project ID,
# that project's project number, and your Google Cloud account email respectively.
apiVersion: iam.cnrm.cloud.google.com/v1alpha1
kind: IAMPolicy
metadata:
labels:
label-one: value-one
name: iampolicy-project-level-sample
spec:
resourceRef:
kind: Project
name: [PROJECT_ID]
bindings:
- members:
- serviceAccount:service-[PROJECT_NUMBER]@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-[PROJECT_NUMBER]@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:[PROJECT_NUMBER][email protected]
- serviceAccount:[PROJECT_NUMBER]@cloudservices.gserviceaccount.com
- serviceAccount:cnrm-application-demo@[PROJECT_ID].iam.gserviceaccount.com
- serviceAccount:service-[PROJECT_NUMBER]@containerregistry.iam.gserviceaccount.com
role: roles/editor
- members:
# Make sure to keep the "cnrm-system" service account permission, or else KCC will
# be locked out from managing GCP resources.
- serviceAccount:cnrm-system@[PROJECT_ID].iam.gserviceaccount.com
# Ensure that your account is not locked out of the project.
- user:[ACCOUNT]
role: roles/owner
- members:
- serviceAccount:service-[PROJECT_NUMBER]@cloud-redis.iam.gserviceaccount.com
role: roles/redis.serviceAgent
- members:
- serviceAccount:cnrm-system@[PROJECT_ID].iam.gserviceaccount.com
role: roles/storage.admin
7 changes: 4 additions & 3 deletions ...ces/iampolicy/iam_v1alpha1_iampolicy.yaml → .../pubsub-admin/iam_v1alpha1_iampolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,14 @@ kind: IAMPolicy
metadata:
labels:
label-one: value-one
name: iampolicy-sample
name: iampolicy-pubsubtopic-admin-sample
spec:
resourceRef:
apiVersion: pubsub.cnrm.cloud.google.com/v1alpha2
kind: PubSubTopic
name: iampolicy-dep
bindings:
- role: roles/pubsub.admin
- role: roles/editor
members:
- user:[email protected]
# replace ${PROJECT_NAME?} with your project name
- serviceAccount:iampolicy-dep@${PROJECT_NAME?}.iam.gserviceaccount.com
4 changes: 4 additions & 0 deletions resources/iampolicy/pubsub-admin/iam_v1alpha1_iamserviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: iam.cnrm.cloud.google.com/v1alpha1
kind: IAMServiceAccount
metadata:
name: iampolicy-dep
0 ...ampolicy/pubsub_v1alpha2_pubsubtopic.yaml → ...ub-admin/pubsub_v1alpha2_pubsubtopic.yaml
View file
File renamed without changes.
14 changes: 14 additions & 0 deletions resources/iampolicy/workload-identity/iam_v1alpha1_iampolicy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: iam.cnrm.cloud.google.com/v1alpha1
kind: IAMPolicy
metadata:
name: iampolicy-workload-identity-sample
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1alpha1
kind: IAMServiceAccount
name: iampolicy-gsa-dep
bindings:
- role: roles/iam.workloadIdentityUser
members:
# replace ${PROJECT_NAME?} with your project name
- serviceAccount:${PROJECT_NAME?}.svc.id.goog[default/iampolicy-ksa-dep]
6 changes: 6 additions & 0 deletions resources/iampolicy/workload-identity/iam_v1alpha1_iamserviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: iam.cnrm.cloud.google.com/v1alpha1
kind: IAMServiceAccount
metadata:
name: iampolicy-gsa-dep
spec:
displayName: Example Service Account
7 changes: 7 additions & 0 deletions resources/iampolicy/workload-identity/kubernetes_service_account.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: iampolicy-ksa-dep
annotations:
# replace ${PROJECT_NAME?} with your project name
iam.gke.io/gcp-service-account: iampolicy-gsa-dep@${project_name?}.iam.gserviceaccount.com
4 changes: 4 additions & 0 deletions resources/iamserviceaccountkey/iam_v1alpha1_iamserviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: iam.cnrm.cloud.google.com/v1alpha1
kind: IAMServiceAccount
metadata:
name: iamserviceaccountkey-dep
12 changes: 12 additions & 0 deletions resources/iamserviceaccountkey/iam_v1alpha1_iamserviceaccountkey.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: iam.cnrm.cloud.google.com/v1alpha1
kind: IAMServiceAccountKey
metadata:
name: key-sample
labels:
label-one: "value-one"
spec:
publicKeyType: TYPE_X509_PEM_FILE
keyAlgorithm: KEY_ALG_RSA_2048
privateKeyType: TYPE_GOOGLE_CREDENTIALS_FILE
serviceAccountRef:
name: iamserviceaccountkey-dep
3 changes: 2 additions & 1 deletion resources/sqldatabase/sql_v1alpha2_sqlinstance.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
apiVersion: sql.cnrm.cloud.google.com/v1alpha2
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: sqldatabase-dep
spec:
region: us-central1
databaseVersion: MYSQL_5_7
settings:
tier: db-n1-standard-1
2 changes: 1 addition & 1 deletion ...sqldatabase/sql_v1alpha2_sqldatabase.yaml → ...sqldatabase/sql_v1alpha3_sqldatabase.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: sql.cnrm.cloud.google.com/v1alpha2
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLDatabase
metadata:
labels:
Expand Down
35 changes: 35 additions & 0 deletions resources/sqlinstance/mysql-sql-instance-with-replication/sql_v1alpha3_sqlinstance.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: mysql-instance-sample-with-replication-primary
spec:
databaseVersion: MYSQL_5_7
region: us-central1
settings:
tier: db-f1-micro
backupConfiguration:
binaryLogEnabled: true
enabled: true
startTime: "18:00"
ipConfiguration:
requireSsl: true
locationPreference:
zone: us-central1-b
---
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: mysql-instance-sample-with-replication-secondary
spec:
databaseVersion: MYSQL_5_7
region: us-central1
masterInstanceRef:
name: mysql-instance-sample-with-replication-primary
replicaConfiguration:
connectRetryInterval: 30
settings:
tier: db-f1-micro
ipConfiguration:
requireSsl: true
locationPreference:
zone: us-central1-c
9 changes: 9 additions & 0 deletions resources/sqlinstance/mysql-sql-instance-with-sql-user/sql_v1alpha3_sqlinstance.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: mysql-instance-sample-with-sql-user
spec:
databaseVersion: MYSQL_5_7
region: us-central1
settings:
tier: db-f1-micro
12 changes: 12 additions & 0 deletions resources/sqlinstance/mysql-sql-instance-with-sql-user/sql_v1alpha3_sqluser.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLUser
metadata:
name: sqluser-sample
spec:
instanceRef:
name: mysql-instance-sample-with-sql-user
host: "%"
password: change-me
# after running this sample, you can verify that sql instance can be accessed
# with user credentials by running from cloud shell:
# gcloud sql connect mysql-instance-sample-with-sql-user --user=sqluser-sample
8 changes: 8 additions & 0 deletions resources/sqlinstance/mysql-sql-instance/sql_v1alpha3_sqlinstance.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: mysql-instance-sample
spec:
databaseVersion: MYSQL_5_7
settings:
tier: db-f1-micro
10 changes: 10 additions & 0 deletions resources/sqlinstance/postgres-sql-instance-high-availability/sql_v1alpha3_sqlinstance.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: postgres-sql-instance-ha-sample
spec:
databaseVersion: POSTGRES_9_6
region: us-central1
settings:
tier: db-custom-1-3840
availabilityType: REGIONAL
8 changes: 8 additions & 0 deletions resources/sqlinstance/postgres-sql-instance/sql_v1alpha3_sqlinstance.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: sql.cnrm.cloud.google.com/v1alpha3
kind: SQLInstance
metadata:
name: postgres-sql-instance-sample
spec:
databaseVersion: POSTGRES_9_6
settings:
tier: db-custom-16-61440 # see https://cloud.google.com/sql/docs/postgres/create-instance
Loading

0 comments on commit 863de74

Please sign in to comment.