diff --git a/krm/gcp/bucket.yaml b/krm/gcp/bucket.yaml new file mode 100644 index 0000000..145a927 --- /dev/null +++ b/krm/gcp/bucket.yaml @@ -0,0 +1,67 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: storage.gcp.crossplane.io/v1alpha3 +kind: Bucket +metadata: + name: portefaix-krm-gcp + annotations: + crossplane.io/external-name: portefaix-krm-gcp-bucket +spec: + location: EU + storageClass: MULTI_REGIONAL + providerConfigRef: + name: portefaix-gcp + labels: + made-by: crossplane + deletionPolicy: Delete +--- +apiVersion: storage.gcp.crossplane.io/v1alpha1 +kind: BucketPolicy +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + bucketRef: + name: portefaix-krm-gcp + policy: + bindings: + # - role: roles/storage.legacyBucketOwner + # members: + # - "projectEditor:" + # - "projectOwner:" + # - role: roles/storage.legacyBucketReader + # members: + # - "projectViewer:" + - role: roles/storage.objectAdmin + serviceAccountMemberRefs: + - name: portefaix-krm-gcp + providerConfigRef: + name: portefaix-gcp +--- +apiVersion: storage.gcp.crossplane.io/v1alpha1 +kind: BucketPolicyMember +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + bucketRef: + name: portefaix-krm-gcp + # member: serviceAccount: + serviceAccountMemberRef: + name: portefaix-krm-gcp + role: roles/storage.objectAdmin + providerConfigRef: + name: portefaix-gcp diff --git a/krm/gcp/cloudsql.yaml b/krm/gcp/cloudsql.yaml new file mode 100644 index 0000000..918e997 --- /dev/null +++ b/krm/gcp/cloudsql.yaml @@ -0,0 +1,32 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: database.gcp.crossplane.io/v1beta1 +kind: CloudSQLInstance +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + databaseVersion: POSTGRES_11 + region: eu-west1 + settings: + tier: db-custom-1-3840 + dataDiskSizeGb: 20 + providerConfigRef: + name: portefaix-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-cloudsql + namespace: crossplane-system + deletionPolicy: Delete diff --git a/krm/gcp/firewall.yaml b/krm/gcp/firewall.yaml new file mode 100644 index 0000000..ed6039a --- /dev/null +++ b/krm/gcp/firewall.yaml @@ -0,0 +1,31 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: compute.gcp.crossplane.io/v1alpha1 +kind: Firewall +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + description: "Portefaix KRM Crossplane" + allowed: + - IPProtocol: tcp + ports: ["80", "443"] + - IPProtocol: icmp + sourceRanges: ["10.0.0.0/24"] + networkRef: + name: portefaix-krm-gcp + providerConfigRef: + name: portefaix-gcp diff --git a/krm/gcp/gke.yaml b/krm/gcp/gke.yaml new file mode 100644 index 0000000..dc130d1 --- /dev/null +++ b/krm/gcp/gke.yaml @@ -0,0 +1,192 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: container.gcp.crossplane.io/v1beta2 +kind: Cluster +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + # initialClusterVersion: "1.21" + releaseChannel: + channel: REGULAR + location: eu-west1 + masterAuth: + # setting this master auth user name enables basic auth so that a client (e.g., + # provider-helm), can connect with the generated kubeconfig from the connection secret + # username: admin + networkConfig: + enableIntraNodeVisibility: true + loggingService: logging.googleapis.com/kubernetes + monitoringService: monitoring.googleapis.com/kubernetes + addonsConfig: + cloudRunConfig: + disabled: true + dnsCacheConfig: + enabled: true + gcePersistentDiskCsiDriverConfig: + enabled: true + horizontalPodAutoscaling: + disabled: true + httpLoadBalancing: + disabled: true + istioConfig: + disabled: true + auth: "AUTH_NONE" + kalmConfig: + enabled: false + kubernetesDashboard: + disabled: true + networkPolicyConfig: + disabled: false + binaryAuthorization: + enabled: false + legacyAbac: + enabled: false + network: portefaix-krm-gcp + networkPolicy: + enabled: true + provider: CALICO + podSecurityPolicyConfig: + enabled: false + writeConnectionSecretToRef: + name: portefaix-krm-gcp-gke + namespace: crossplane-system + providerConfigRef: + name: portefaix-gcp +--- +apiVersion: container.gcp.crossplane.io/v1beta1 +kind: NodePool +metadata: + name: portefaix-krm-gcp-core +spec: + forProvider: + autoscaling: + autoprovisioned: false + enabled: true + maxNodeCount: 3 + minNodeCount: 0 + clusterRef: + name: portefaix-krm-gcp + config: + machineType: n1-standard-1 + sandboxConfig: + type: gvisor + diskSizeGb: 120 + diskType: pd-ssd + imageType: cos_containerd + labels: + made-by: crossplane + tags: + - kubernetes + - nodes + oauthScopes: + - "https://www.googleapis.com/auth/devstorage.read_only" + - "https://www.googleapis.com/auth/logging.write" + - "https://www.googleapis.com/auth/monitoring" + - "https://www.googleapis.com/auth/servicecontrol" + - "https://www.googleapis.com/auth/service.management.readonly" + - "https://www.googleapis.com/auth/trace.append" + initialNodeCount: 1 + locations: + - "eu-west1-b" + management: + autoRepair: true + autoUpgrade: true + providerConfigRef: + name: portefaix-gcp +--- +apiVersion: container.gcp.crossplane.io/v1beta1 +kind: NodePool +metadata: + name: portefaix-krm-gcp-ops +spec: + forProvider: + autoscaling: + autoprovisioned: false + enabled: true + maxNodeCount: 3 + minNodeCount: 0 + clusterRef: + name: portefaix-krm-gcp + config: + machineType: n1-standard-1 + sandboxConfig: + type: gvisor + diskSizeGb: 120 + diskType: pd-ssd + imageType: cos_containerd + labels: + made-by: crossplane + tags: + - kubernetes + - nodes + oauthScopes: + - "https://www.googleapis.com/auth/devstorage.read_only" + - "https://www.googleapis.com/auth/logging.write" + - "https://www.googleapis.com/auth/monitoring" + - "https://www.googleapis.com/auth/servicecontrol" + - "https://www.googleapis.com/auth/service.management.readonly" + - "https://www.googleapis.com/auth/trace.append" + initialNodeCount: 0 + locations: + - "eu-west1-b" + management: + autoRepair: true + autoUpgrade: true + providerConfigRef: + name: portefaix-gcp +--- +apiVersion: container.gcp.crossplane.io/v1beta1 +kind: NodePool +metadata: + name: portefaix-krm-gcp-misc +spec: + forProvider: + autoscaling: + autoprovisioned: false + enabled: true + maxNodeCount: 3 + minNodeCount: 0 + clusterRef: + name: portefaix-krm-gcp + config: + machineType: n1-standard-1 + sandboxConfig: + type: gvisor + diskSizeGb: 120 + diskType: pd-ssd + imageType: cos_containerd + labels: + made-by: crossplane + tags: + - kubernetes + - nodes + preemptible: true + oauthScopes: + - "https://www.googleapis.com/auth/devstorage.read_only" + - "https://www.googleapis.com/auth/logging.write" + - "https://www.googleapis.com/auth/monitoring" + - "https://www.googleapis.com/auth/servicecontrol" + - "https://www.googleapis.com/auth/service.management.readonly" + - "https://www.googleapis.com/auth/trace.append" + initialNodeCount: 0 + locations: + - "eu-west1-b" + management: + autoRepair: true + autoUpgrade: true + providerConfigRef: + name: portefaix-gcp \ No newline at end of file diff --git a/krm/gcp/iam.yaml b/krm/gcp/iam.yaml new file mode 100644 index 0000000..f0353e4 --- /dev/null +++ b/krm/gcp/iam.yaml @@ -0,0 +1,64 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccount +metadata: + name: portefaix-krm-gcp +spec: + properties: + forProvider: + displayName: "portefaix-krm-crossplane" + description: "Portefaix KRM Crossplane" + deletionPolicy: Delete + providerConfigRef: + name: portefaix-gcp +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccountKey +metadata: + name: portefaix-krm-gcp +spec: + properties: + forProvider: + # Google Cloud API RRN of a ServiceAccount is expected in "serviceAccount" field + # serviceAccount: projects/crossplane-playground/serviceAccounts/perfect-test-sa@crossplane-playground.iam.gserviceaccount.com + serviceAccountRef: + name: portefaix-krm-gcp + # keyAlgorithm: "KEY_ALG_RSA_2048" + # privateKeyType: "TYPE_GOOGLE_CREDENTIALS_FILE" + # publicKeyType: TYPE_RAW_PUBLIC_KEY + deletionPolicy: Delete + providerConfigRef: + name: portefaix-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-sa-key + namespace: crossplane-system +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccountPolicy +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + serviceAccountRef: + name: portefaix-krm-gcp + policy: + bindings: + - role: roles/iam.workloadIdentityUser + members: + - serviceAccount:portefaix-krm.svc.id.goog[vault-system/vault] + providerConfigRef: + name: portefaix-gcp diff --git a/krm/gcp/kustomization.yaml b/krm/gcp/kustomization.yaml new file mode 100644 index 0000000..1eca79c --- /dev/null +++ b/krm/gcp/kustomization.yaml @@ -0,0 +1,30 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./network.yaml +- ./subnetwork.yaml +- ./firewall.yaml +- ./iam.yaml +- ./bucket.yaml +- ./memorystore.yaml +- ./cloudsql.yaml +- ./pubsub.yaml +- ./gke.yaml + +transformers: +- labels.yaml diff --git a/krm/gcp/labels.yaml b/krm/gcp/labels.yaml new file mode 100644 index 0000000..5463c98 --- /dev/null +++ b/krm/gcp/labels.yaml @@ -0,0 +1,43 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: builtin +kind: LabelTransformer +metadata: + name: labels +labels: + app.kubernetes.io/name: portefaix-krm-gcp + app.kubernetes.io/instance: portefaix-krm-gcp-app + app.kubernetes.io/component: krm-crossplane + app.kubernetes.io/version: v0.1.0 + app.kubernetes.io/part-of: portefaix-krm-gcp + app.kubernetes.io/managed-by: kustomize + portefaix.xyz/version: v0.19.0 + crossplane.io/version: v0.14.0 +fieldSpecs: +- path: metadata/labels + create: true +- kind: CloudMemorystoreInstance + apiVersion: cache.gcp.crossplane.io/v1beta1 + path: spec/forProvider/labels + create: true +- kind: NodePool + apiVersion: container.gcp.crossplane.io/v1beta1 + path: spec/forProvider/config/labels + create: true +- kind: Topic + apiVersion: pubsub.gcp.crossplane.io/v1alpha1 + path: spec/forProvider/labels + create: true diff --git a/krm/gcp/memorystore.yaml b/krm/gcp/memorystore.yaml new file mode 100644 index 0000000..669dded --- /dev/null +++ b/krm/gcp/memorystore.yaml @@ -0,0 +1,33 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: cache.gcp.crossplane.io/v1beta1 +kind: CloudMemorystoreInstance +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + displayName: portefaix-krm-crossplane + tier: STANDARD_HA + region: eu-west1 + memorySizeGb: 1 + labels: + made-by: crossplane + providerRef: + name: portefaix-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-memorystore + namespace: crossplane-system + deletionPolicy: Delete diff --git a/krm/gcp/network.yaml b/krm/gcp/network.yaml new file mode 100644 index 0000000..2541e64 --- /dev/null +++ b/krm/gcp/network.yaml @@ -0,0 +1,27 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: compute.gcp.crossplane.io/v1beta1 +kind: Network +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + description: "Portefaix KRM Crossplane" + autoCreateSubnetworks: false + routingConfig: + routingMode: REGIONAL + providerConfigRef: + name: crossplane-gcp diff --git a/krm/gcp/pubsub.yaml b/krm/gcp/pubsub.yaml new file mode 100644 index 0000000..585c327 --- /dev/null +++ b/krm/gcp/pubsub.yaml @@ -0,0 +1,29 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: pubsub.gcp.crossplane.io/v1alpha1 +kind: Topic +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + labels: + crossplane: provider-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-pubsub + namespace: crossplane-system + providerConfigRef: + name: portefaix-gcp + deletionPolicy: Delete diff --git a/krm/gcp/subnetwork.yaml b/krm/gcp/subnetwork.yaml new file mode 100644 index 0000000..a709ab8 --- /dev/null +++ b/krm/gcp/subnetwork.yaml @@ -0,0 +1,34 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: compute.gcp.crossplane.io/v1beta1 +kind: Subnetwork +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + description: "Portefaix KRM Crossplane" + region: eu-west1 + ipCidrRange: "192.168.0.0/24" + privateIpGoogleAccess: true + secondaryIpRanges: + - rangeName: pods + ipCidrRange: 10.128.0.0/20 + - rangeName: services + ipCidrRange: 172.16.0.0/16 + networkRef: + name: portefaix-krm-gcp + providerConfigRef: + name: portefaix-gcp