update samples and user guide for version 0.0.9

GoogleCloudPlatform · Jul 31, 2019 · fd29dd6 · fd29dd6
1 parent b3e7523
commit fd29dd6
Show file tree

Hide file tree

Showing 24 changed files with 117 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -56,7 +56,7 @@ For existing Kubernetes applications that are currently using additional tools (
 1. Install the infrastructure in your cluster:
     ```bash
     kubectl apply -f install-bundle/
-    kubectl apply -f install-bundle/resources
+    kubectl apply -f install-bundle/servicemappings
     ```
     **NOTE:** If you previously installed Config Connector alpha and wish to
     upgrade, newer versions of the `CustomResourceDefinitions` may cause some of
@@ -365,6 +365,7 @@ You can find more details on the meaning of specific properties in the API docum
 | spannerinstances.spanner.cnrm.cloud.google.com | [Spanner Instance](https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances) |
 | sqlinstances.sql.cnrm.cloud.google.com | [Cloud SQL Instance](https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/instances) |
 | sqldatabases.sql.cnrm.cloud.google.com | [Cloud SQL Database](https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/databases) |
+| sqlusers.sql.cnrm.cloud.google.com | [Cloud SQL User](https://cloud.google.com/sql/docs/mysql/admin-api/v1beta4/users) |
 | storagebuckets.storage.cnrm.cloud.google.com | [Cloud Storage Bucket](https://cloud.google.com/storage/docs/json_api/v1/buckets) |
 | storagebucketaccesscontrols.storage.cnrm.cloud.google.com | [Cloud Storage Bucket Access Control](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls) |
 | storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com | [Cloud Storage Default Object Access Control](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls) |
@@ -389,11 +390,11 @@ Note: if you `kubectl delete` the configuration, Config Connector will delete th
 ## Uninstalling Config Connector Bundle
 
 ```bash
-kubectl delete -f install-bundle/resources
-kubectl delete -f install-bundle/
+kubectl delete -f install-bundle/crds.yaml
+kubectl delete -f install-bundle/0-cnrm-system.yaml
 ```
 
-Note: Make sure to `kubectl delete -f install-bundle/resources` first to ensure the custom resource definitions are removed first before the controllers.
+Note: Make sure to `kubectl delete -f install-bundle/crds.yaml` first to ensure the custom resource definitions are removed first before the controllers.
 s
 ## Config Connector Resource Functionality
 

diff --git a/apps/musicians/manifests/overlays/prod/cloud-sql-instance.yaml b/apps/musicians/manifests/overlays/prod/cloud-sql-instance.yaml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: sql.cnrm.cloud.google.com/v1alpha2
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
 kind: SQLInstance
 metadata:
   name: musicians-demo

diff --git a/apps/musicians/manifests/overlays/prod/cloud-sql-user.yaml b/apps/musicians/manifests/overlays/prod/cloud-sql-user.yaml
@@ -0,0 +1,23 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
+kind: SQLUser
+metadata:
+  name: root
+spec:
+  instanceRef:
+    name: musicians-demo-prod
+  host: "%"
+
diff --git a/apps/musicians/manifests/overlays/prod/kustomization.yaml b/apps/musicians/manifests/overlays/prod/kustomization.yaml
@@ -23,7 +23,8 @@ bases:
 
 resources:
 - cloud-sql-instance.yaml
+- cloud-sql-user.yaml
 
 patches:
 - musicians-deployment-project-patch.yaml
-- replica-patch.yaml
+- replica-patch.yaml
diff --git a/apps/musicians/manifests/release-configuration.yaml b/apps/musicians/manifests/release-configuration.yaml
@@ -74,7 +74,7 @@ spec:
         secret:
           secretName: gcp-key
 ---
-apiVersion: sql.cnrm.cloud.google.com/v1alpha2
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
 kind: SQLInstance
 metadata:
   name: musicians-demo

diff --git a/...mpute_v1alpha1_computebackendservice.yaml → ...mpute_v1alpha1_computebackendservice.yaml b/...mpute_v1alpha1_computebackendservice.yaml → ...mpute_v1alpha1_computebackendservice.yaml
diff --git a/...all/compute_v1alpha1_computefirewall.yaml → ...ule/compute_v1alpha1_computefirewall.yaml b/...all/compute_v1alpha1_computefirewall.yaml → ...ule/compute_v1alpha1_computefirewall.yaml
@@ -3,7 +3,7 @@ kind: ComputeFirewall
 metadata:
   labels:
     label-one: "value-one"
-  name: computefirewall-sample
+  name: computefirewall-allow-sample
 spec:
   allow:
     - protocol: tcp

diff --git a/...wall/compute_v1alpha1_computenetwork.yaml → ...rule/compute_v1alpha1_computenetwork.yaml b/...wall/compute_v1alpha1_computenetwork.yaml → ...rule/compute_v1alpha1_computenetwork.yaml
diff --git a/resources/computefirewall/deny-rule/compute_v1alpha1_computefirewall.yaml b/resources/computefirewall/deny-rule/compute_v1alpha1_computefirewall.yaml
@@ -0,0 +1,11 @@
+apiVersion: compute.cnrm.cloud.google.com/v1alpha1
+kind: ComputeFirewall
+metadata:
+  labels:
+    label-one: "value-one"
+  name: computefirewall-deny-sample
+spec:
+  deny:
+    - protocol: icmp
+  networkRef:
+    name: computefirewall-dep
diff --git a/resources/computefirewall/deny-rule/compute_v1alpha1_computenetwork.yaml b/resources/computefirewall/deny-rule/compute_v1alpha1_computenetwork.yaml
@@ -0,0 +1,7 @@
+apiVersion: compute.cnrm.cloud.google.com/v1alpha1
+kind: ComputeNetwork
+metadata:
+  name: computefirewall-dep
+spec:
+  routingMode: REGIONAL
+  autoCreateSubnetworks: true
diff --git a/resources/computehealthcheck/compute_v1alpha1_computehealthcheck.yaml b/resources/computehealthcheck/compute_v1alpha1_computehealthcheck.yaml
@@ -4,6 +4,5 @@ metadata:
   name: computehealthcheck-sample
 spec:
   checkIntervalSec: 10
-  type: HTTP
   httpHealthCheck:
     port: 80
diff --git a/resources/containercluster/container_v1alpha1_containercluster.yaml b/resources/containercluster/container_v1alpha1_containercluster.yaml
@@ -9,3 +9,8 @@ spec:
   initialNodeCount: 1
   removeDefaultNodePool: false
   loggingService: none
+  masterAuth:
+    username: "user"
+    password: "password1234567"
+    clientCertificateConfig:
+      issueClientCertificate: false
diff --git a/...ces/iampolicy/iam_v1alpha1_iampolicy.yaml → .../pubsub-admin/iam_v1alpha1_iampolicy.yaml b/...ces/iampolicy/iam_v1alpha1_iampolicy.yaml → .../pubsub-admin/iam_v1alpha1_iampolicy.yaml
@@ -3,13 +3,14 @@ kind: IAMPolicy
 metadata:
   labels:
     label-one: value-one
-  name: iampolicy-sample
+  name: iampolicy-pubsubtopic-admin-sample
 spec:
   resourceRef:
     apiVersion: pubsub.cnrm.cloud.google.com/v1alpha2
     kind: PubSubTopic
     name: iampolicy-dep
   bindings:
-    - role: roles/pubsub.admin
+    - role: roles/editor
       members:
-        - user:[email protected]
+        # replace ${PROJECT_NAME?} with your project name
+        - serviceAccount:iampolicy-dep@${PROJECT_NAME?}.iam.gserviceaccount.com
diff --git a/resources/iampolicy/pubsub-admin/iam_v1alpha1_iamserviceaccount.yaml b/resources/iampolicy/pubsub-admin/iam_v1alpha1_iamserviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMServiceAccount
+metadata:
+  name: iampolicy-dep
diff --git a/...ampolicy/pubsub_v1alpha2_pubsubtopic.yaml → ...ub-admin/pubsub_v1alpha2_pubsubtopic.yaml b/...ampolicy/pubsub_v1alpha2_pubsubtopic.yaml → ...ub-admin/pubsub_v1alpha2_pubsubtopic.yaml
diff --git a/resources/iampolicy/workload-identity/iam_v1alpha1_iampolicy.yaml b/resources/iampolicy/workload-identity/iam_v1alpha1_iampolicy.yaml
@@ -0,0 +1,14 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMPolicy
+metadata:
+  name: iampolicy-workload-identity-sample
+spec:
+  resourceRef:
+    apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+    kind: IAMServiceAccount
+    name: iampolicy-gsa-dep
+  bindings:
+    - role: roles/iam.workloadIdentityUser
+      members:
+        # replace ${PROJECT_NAME?} with your project name
+        - serviceAccount:${PROJECT_NAME?}.svc.id.goog[default/iampolicy-ksa-dep]
diff --git a/resources/iampolicy/workload-identity/iam_v1alpha1_iamserviceaccount.yaml b/resources/iampolicy/workload-identity/iam_v1alpha1_iamserviceaccount.yaml
@@ -0,0 +1,6 @@
+apiVersion: iam.cnrm.cloud.google.com/v1alpha1
+kind: IAMServiceAccount
+metadata:
+  name: iampolicy-gsa-dep
+spec:
+  displayName: Example Service Account
diff --git a/resources/iampolicy/workload-identity/kubernetes_service_account.yaml b/resources/iampolicy/workload-identity/kubernetes_service_account.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: iampolicy-ksa-dep
+  annotations:
+    # replace ${PROJECT_NAME?} with your project name
+    iam.gke.io/gcp-service-account: iampolicy-gsa-dep@${project_name?}.iam.gserviceaccount.com
diff --git a/resources/sqldatabase/sql_v1alpha2_sqlinstance.yaml b/resources/sqldatabase/sql_v1alpha2_sqlinstance.yaml
@@ -1,8 +1,9 @@
-apiVersion: sql.cnrm.cloud.google.com/v1alpha2
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
 kind: SQLInstance
 metadata:
   name: sqldatabase-dep
 spec:
+  region: us-central1
   databaseVersion: MYSQL_5_7
   settings:
     tier: db-n1-standard-1
diff --git a/...sqldatabase/sql_v1alpha2_sqldatabase.yaml → ...sqldatabase/sql_v1alpha3_sqldatabase.yaml b/...sqldatabase/sql_v1alpha2_sqldatabase.yaml → ...sqldatabase/sql_v1alpha3_sqldatabase.yaml
@@ -1,4 +1,4 @@
-apiVersion: sql.cnrm.cloud.google.com/v1alpha2
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
 kind: SQLDatabase
 metadata:
   labels:

diff --git a/...sqlinstance/sql_v1alpha2_sqlinstance.yaml → ...sqlinstance/sql_v1alpha3_sqlinstance.yaml b/...sqlinstance/sql_v1alpha2_sqlinstance.yaml → ...sqlinstance/sql_v1alpha3_sqlinstance.yaml
@@ -1,10 +1,11 @@
-apiVersion: sql.cnrm.cloud.google.com/v1alpha2
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
 kind: SQLInstance
 metadata:
   labels:
     label-one: "value-one"
   name: sqlinstance-sample
 spec:
+  region: us-central1
   databaseVersion: MYSQL_5_7
   settings:
     tier: db-n1-standard-1
diff --git a/resources/sqluser/sql_v1alpha3_sqlinstance.yaml b/resources/sqluser/sql_v1alpha3_sqlinstance.yaml
@@ -0,0 +1,11 @@
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
+kind: SQLInstance
+metadata:
+  labels:
+    label-one: "value-one"
+  name: sqluser-dep
+spec:
+  region: us-central1
+  databaseVersion: MYSQL_5_7
+  settings:
+    tier: db-n1-standard-1
diff --git a/resources/sqluser/sql_v1alpha3_sqluser.yaml b/resources/sqluser/sql_v1alpha3_sqluser.yaml
@@ -0,0 +1,9 @@
+apiVersion: sql.cnrm.cloud.google.com/v1alpha3
+kind: SQLUser
+metadata:
+  name: sqluser-sample
+spec:
+  instanceRef:
+    name: sqluser-dep
+  host: "%"
+  password: password
diff --git a/...storagedefaultobjectaccesscontrol/storage_v1alpha2_storagedefaultobjectaccesscontrol.yaml b/...storagedefaultobjectaccesscontrol/storage_v1alpha2_storagedefaultobjectaccesscontrol.yaml
@@ -6,6 +6,6 @@ metadata:
   name: storagedefaultobjectaccesscontrol-sample
 spec:
   bucketRef:
-    name: storagedefaultobjectaccesscontrol
+    name: storagedefaultobjectaccesscontrol-dep
   entity: allAuthenticatedUsers
   role: READER