From 8f2377ab88941cbd79deb655f9d0fc3af5d3b2c5 Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Fri, 1 Oct 2021 14:51:54 +0200 Subject: [PATCH 1/3] Add: GCP infrastructure using Crossplane Signed-off-by: Nicolas Lamirault --- krm/gcp/bucket.yaml | 65 +++++++++++++++++++++++ krm/gcp/cloudsql.yaml | 32 ++++++++++++ krm/gcp/firewall.yaml | 30 +++++++++++ krm/gcp/gke.yaml | 104 +++++++++++++++++++++++++++++++++++++ krm/gcp/iam.yaml | 64 +++++++++++++++++++++++ krm/gcp/kustomization.yaml | 30 +++++++++++ krm/gcp/labels.yaml | 35 +++++++++++++ krm/gcp/memorystore.yaml | 30 +++++++++++ krm/gcp/network.yaml | 26 ++++++++++ krm/gcp/pubsub.yaml | 29 +++++++++++ krm/gcp/subnetwork.yaml | 33 ++++++++++++ 11 files changed, 478 insertions(+) create mode 100644 krm/gcp/bucket.yaml create mode 100644 krm/gcp/cloudsql.yaml create mode 100644 krm/gcp/firewall.yaml create mode 100644 krm/gcp/gke.yaml create mode 100644 krm/gcp/iam.yaml create mode 100644 krm/gcp/kustomization.yaml create mode 100644 krm/gcp/labels.yaml create mode 100644 krm/gcp/memorystore.yaml create mode 100644 krm/gcp/network.yaml create mode 100644 krm/gcp/pubsub.yaml create mode 100644 krm/gcp/subnetwork.yaml diff --git a/krm/gcp/bucket.yaml b/krm/gcp/bucket.yaml new file mode 100644 index 0000000..b9508d2 --- /dev/null +++ b/krm/gcp/bucket.yaml @@ -0,0 +1,65 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: storage.gcp.crossplane.io/v1alpha3 +kind: Bucket +metadata: + name: portefaix-krm-gcp + annotations: + crossplane.io/external-name: portefaix-krm-gcp-bucket +spec: + location: EU + storageClass: MULTI_REGIONAL + providerConfigRef: + name: portefaix-gcp + deletionPolicy: Delete +--- +apiVersion: storage.gcp.crossplane.io/v1alpha1 +kind: BucketPolicy +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + bucketRef: + name: portefaix-krm-gcp + policy: + bindings: + # - role: roles/storage.legacyBucketOwner + # members: + # - "projectEditor:" + # - "projectOwner:" + # - role: roles/storage.legacyBucketReader + # members: + # - "projectViewer:" + - role: roles/storage.objectAdmin + serviceAccountMemberRefs: + - name: portefaix-krm-gcp + providerConfigRef: + name: portefaix-gcp +--- +apiVersion: storage.gcp.crossplane.io/v1alpha1 +kind: BucketPolicyMember +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + bucketRef: + name: portefaix-krm-gcp + # member: serviceAccount: + serviceAccountMemberRef: + name: portefaix-krm-gcp + role: roles/storage.objectAdmin + providerConfigRef: + name: portefaix-gcp diff --git a/krm/gcp/cloudsql.yaml b/krm/gcp/cloudsql.yaml new file mode 100644 index 0000000..918e997 --- /dev/null +++ b/krm/gcp/cloudsql.yaml @@ -0,0 +1,32 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: database.gcp.crossplane.io/v1beta1 +kind: CloudSQLInstance +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + databaseVersion: POSTGRES_11 + region: eu-west1 + settings: + tier: db-custom-1-3840 + dataDiskSizeGb: 20 + providerConfigRef: + name: portefaix-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-cloudsql + namespace: crossplane-system + deletionPolicy: Delete diff --git a/krm/gcp/firewall.yaml b/krm/gcp/firewall.yaml new file mode 100644 index 0000000..d4bf640 --- /dev/null +++ b/krm/gcp/firewall.yaml @@ -0,0 +1,30 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: compute.gcp.crossplane.io/v1alpha1 +kind: Firewall +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + allowed: + - IPProtocol: tcp + ports: ["80", "443"] + - IPProtocol: icmp + sourceRanges: ["10.0.0.0/24"] + networkRef: + name: portefaix-krm-gcp + providerConfigRef: + name: portefaix-gcp diff --git a/krm/gcp/gke.yaml b/krm/gcp/gke.yaml new file mode 100644 index 0000000..60202b8 --- /dev/null +++ b/krm/gcp/gke.yaml @@ -0,0 +1,104 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: container.gcp.crossplane.io/v1beta2 +kind: Cluster +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + initialClusterVersion: "1.21" + location: eu-west1 + masterAuth: + # setting this master auth user name enables basic auth so that a client (e.g., + # provider-helm), can connect with the generated kubeconfig from the connection secret + # username: admin + networkConfig: + enableIntraNodeVisibility: true + loggingService: logging.googleapis.com/kubernetes + monitoringService: monitoring.googleapis.com/kubernetes + addonsConfig: + gcePersistentDiskCsiDriverConfig: + enabled: true + network: portefaix-krm-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-gke + namespace: crossplane-system +--- +apiVersion: container.gcp.crossplane.io/v1beta1 +kind: NodePool +metadata: + name: portefaix-krm-gcp-core +spec: + forProvider: + autoscaling: + autoprovisioned: false + enabled: true + maxNodeCount: 3 + minNodeCount: 0 + clusterRef: + name: portefaix-krm-gcp + config: + machineType: n1-standard-1 + sandboxConfig: + type: gvisor + diskSizeGb: 120 + diskType: pd-ssd + imageType: cos_containerd + labels: + made-by: crossplane + oauthScopes: + - "https://www.googleapis.com/auth/devstorage.read_only" + - "https://www.googleapis.com/auth/logging.write" + - "https://www.googleapis.com/auth/monitoring" + - "https://www.googleapis.com/auth/servicecontrol" + - "https://www.googleapis.com/auth/service.management.readonly" + - "https://www.googleapis.com/auth/trace.append" + initialNodeCount: 1 + locations: + - "eu-west1-b" +--- +apiVersion: container.gcp.crossplane.io/v1beta1 +kind: NodePool +metadata: + name: portefaix-krm-gcp-ops +spec: + forProvider: + autoscaling: + autoprovisioned: false + enabled: true + maxNodeCount: 3 + minNodeCount: 0 + clusterRef: + name: portefaix-krm-gcp + config: + machineType: n1-standard-1 + sandboxConfig: + type: gvisor + diskSizeGb: 120 + diskType: pd-ssd + imageType: cos_containerd + labels: + made-by: crossplane + oauthScopes: + - "https://www.googleapis.com/auth/devstorage.read_only" + - "https://www.googleapis.com/auth/logging.write" + - "https://www.googleapis.com/auth/monitoring" + - "https://www.googleapis.com/auth/servicecontrol" + - "https://www.googleapis.com/auth/service.management.readonly" + - "https://www.googleapis.com/auth/trace.append" + initialNodeCount: 0 + locations: + - "eu-west1-b" diff --git a/krm/gcp/iam.yaml b/krm/gcp/iam.yaml new file mode 100644 index 0000000..f0353e4 --- /dev/null +++ b/krm/gcp/iam.yaml @@ -0,0 +1,64 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccount +metadata: + name: portefaix-krm-gcp +spec: + properties: + forProvider: + displayName: "portefaix-krm-crossplane" + description: "Portefaix KRM Crossplane" + deletionPolicy: Delete + providerConfigRef: + name: portefaix-gcp +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccountKey +metadata: + name: portefaix-krm-gcp +spec: + properties: + forProvider: + # Google Cloud API RRN of a ServiceAccount is expected in "serviceAccount" field + # serviceAccount: projects/crossplane-playground/serviceAccounts/perfect-test-sa@crossplane-playground.iam.gserviceaccount.com + serviceAccountRef: + name: portefaix-krm-gcp + # keyAlgorithm: "KEY_ALG_RSA_2048" + # privateKeyType: "TYPE_GOOGLE_CREDENTIALS_FILE" + # publicKeyType: TYPE_RAW_PUBLIC_KEY + deletionPolicy: Delete + providerConfigRef: + name: portefaix-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-sa-key + namespace: crossplane-system +--- +apiVersion: iam.gcp.crossplane.io/v1alpha1 +kind: ServiceAccountPolicy +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + serviceAccountRef: + name: portefaix-krm-gcp + policy: + bindings: + - role: roles/iam.workloadIdentityUser + members: + - serviceAccount:portefaix-krm.svc.id.goog[vault-system/vault] + providerConfigRef: + name: portefaix-gcp diff --git a/krm/gcp/kustomization.yaml b/krm/gcp/kustomization.yaml new file mode 100644 index 0000000..1eca79c --- /dev/null +++ b/krm/gcp/kustomization.yaml @@ -0,0 +1,30 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./network.yaml +- ./subnetwork.yaml +- ./firewall.yaml +- ./iam.yaml +- ./bucket.yaml +- ./memorystore.yaml +- ./cloudsql.yaml +- ./pubsub.yaml +- ./gke.yaml + +transformers: +- labels.yaml diff --git a/krm/gcp/labels.yaml b/krm/gcp/labels.yaml new file mode 100644 index 0000000..bec090c --- /dev/null +++ b/krm/gcp/labels.yaml @@ -0,0 +1,35 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: builtin +kind: LabelTransformer +metadata: + name: labels +labels: + app.kubernetes.io/name: portefaix-krm-gcp + app.kubernetes.io/instance: portefaix-krm-gcp-app + app.kubernetes.io/component: krm-crossplane + app.kubernetes.io/version: v0.1.0 + app.kubernetes.io/part-of: portefaix-krm-gcp + app.kubernetes.io/managed-by: kustomize + portefaix.xyz/version: v0.19.0 + crossplane.io/version: v0.14.0 +fieldSpecs: +- path: metadata/labels + create: true +- kind: NodePool + apiVersion: container.gcp.crossplane.io/v1beta1 + path: spec/forProvider/config/labels + create: true diff --git a/krm/gcp/memorystore.yaml b/krm/gcp/memorystore.yaml new file mode 100644 index 0000000..b4dd4f1 --- /dev/null +++ b/krm/gcp/memorystore.yaml @@ -0,0 +1,30 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: cache.gcp.crossplane.io/v1beta1 +kind: CloudMemorystoreInstance +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + tier: STANDARD_HA + region: eu-west1 + memorySizeGb: 1 + providerRef: + name: portefaix-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-memorystore + namespace: crossplane-system + deletionPolicy: Delete diff --git a/krm/gcp/network.yaml b/krm/gcp/network.yaml new file mode 100644 index 0000000..008d96a --- /dev/null +++ b/krm/gcp/network.yaml @@ -0,0 +1,26 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: compute.gcp.crossplane.io/v1beta1 +kind: Network +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + autoCreateSubnetworks: false + routingConfig: + routingMode: REGIONAL + providerConfigRef: + name: crossplane-gcp diff --git a/krm/gcp/pubsub.yaml b/krm/gcp/pubsub.yaml new file mode 100644 index 0000000..585c327 --- /dev/null +++ b/krm/gcp/pubsub.yaml @@ -0,0 +1,29 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: pubsub.gcp.crossplane.io/v1alpha1 +kind: Topic +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + labels: + crossplane: provider-gcp + writeConnectionSecretToRef: + name: portefaix-krm-gcp-pubsub + namespace: crossplane-system + providerConfigRef: + name: portefaix-gcp + deletionPolicy: Delete diff --git a/krm/gcp/subnetwork.yaml b/krm/gcp/subnetwork.yaml new file mode 100644 index 0000000..d8d4d77 --- /dev/null +++ b/krm/gcp/subnetwork.yaml @@ -0,0 +1,33 @@ +# Copyright (C) 2021 Nicolas Lamirault +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: compute.gcp.crossplane.io/v1beta1 +kind: Subnetwork +metadata: + name: portefaix-krm-gcp +spec: + forProvider: + region: eu-west1 + ipCidrRange: "192.168.0.0/24" + privateIpGoogleAccess: true + secondaryIpRanges: + - rangeName: pods + ipCidrRange: 10.128.0.0/20 + - rangeName: services + ipCidrRange: 172.16.0.0/16 + networkRef: + name: portefaix-krm-gcp + providerConfigRef: + name: portefaix-gcp From 90d3e1915481e2606469702aaa59e12adc1c281d Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Fri, 1 Oct 2021 15:35:01 +0200 Subject: [PATCH 2/3] Fix: GKE configuration Signed-off-by: Nicolas Lamirault --- krm/gcp/gke.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/krm/gcp/gke.yaml b/krm/gcp/gke.yaml index 60202b8..69f617d 100644 --- a/krm/gcp/gke.yaml +++ b/krm/gcp/gke.yaml @@ -30,12 +30,40 @@ spec: loggingService: logging.googleapis.com/kubernetes monitoringService: monitoring.googleapis.com/kubernetes addonsConfig: + cloudRunConfig: + disabled: true + dnsCacheConfig: + enabled: true gcePersistentDiskCsiDriverConfig: enabled: true + horizontalPodAutoscaling: + disabled: true + httpLoadBalancing: + disabled: true + istioConfig: + disabled: true + auth: "AUTH_NONE" + kalmConfig: + enabled: false + kubernetesDashboard: + disabled: true + networkPolicyConfig: + disabled: false + binaryAuthorization: + enabled: false + legacyAbac: + enabled: false network: portefaix-krm-gcp + networkPolicy: + enabled: true + provider: CALICO + podSecurityPolicyConfig: + enabled: false writeConnectionSecretToRef: name: portefaix-krm-gcp-gke namespace: crossplane-system + providerConfigRef: + name: portefaix-gcp --- apiVersion: container.gcp.crossplane.io/v1beta1 kind: NodePool @@ -69,6 +97,8 @@ spec: initialNodeCount: 1 locations: - "eu-west1-b" + providerConfigRef: + name: portefaix-gcp --- apiVersion: container.gcp.crossplane.io/v1beta1 kind: NodePool @@ -102,3 +132,5 @@ spec: initialNodeCount: 0 locations: - "eu-west1-b" + providerConfigRef: + name: portefaix-gcp From 2ec52a4061f404d645523526e2ca4fc06655feec Mon Sep 17 00:00:00 2001 From: Nicolas Lamirault Date: Fri, 1 Oct 2021 16:05:57 +0200 Subject: [PATCH 3/3] Add: labels for GCP resources Signed-off-by: Nicolas Lamirault --- krm/gcp/bucket.yaml | 2 ++ krm/gcp/firewall.yaml | 1 + krm/gcp/gke.yaml | 58 +++++++++++++++++++++++++++++++++++++++- krm/gcp/labels.yaml | 8 ++++++ krm/gcp/memorystore.yaml | 3 +++ krm/gcp/network.yaml | 1 + krm/gcp/subnetwork.yaml | 1 + 7 files changed, 73 insertions(+), 1 deletion(-) diff --git a/krm/gcp/bucket.yaml b/krm/gcp/bucket.yaml index b9508d2..145a927 100644 --- a/krm/gcp/bucket.yaml +++ b/krm/gcp/bucket.yaml @@ -24,6 +24,8 @@ spec: storageClass: MULTI_REGIONAL providerConfigRef: name: portefaix-gcp + labels: + made-by: crossplane deletionPolicy: Delete --- apiVersion: storage.gcp.crossplane.io/v1alpha1 diff --git a/krm/gcp/firewall.yaml b/krm/gcp/firewall.yaml index d4bf640..ed6039a 100644 --- a/krm/gcp/firewall.yaml +++ b/krm/gcp/firewall.yaml @@ -19,6 +19,7 @@ metadata: name: portefaix-krm-gcp spec: forProvider: + description: "Portefaix KRM Crossplane" allowed: - IPProtocol: tcp ports: ["80", "443"] diff --git a/krm/gcp/gke.yaml b/krm/gcp/gke.yaml index 69f617d..dc130d1 100644 --- a/krm/gcp/gke.yaml +++ b/krm/gcp/gke.yaml @@ -19,7 +19,9 @@ metadata: name: portefaix-krm-gcp spec: forProvider: - initialClusterVersion: "1.21" + # initialClusterVersion: "1.21" + releaseChannel: + channel: REGULAR location: eu-west1 masterAuth: # setting this master auth user name enables basic auth so that a client (e.g., @@ -87,6 +89,9 @@ spec: imageType: cos_containerd labels: made-by: crossplane + tags: + - kubernetes + - nodes oauthScopes: - "https://www.googleapis.com/auth/devstorage.read_only" - "https://www.googleapis.com/auth/logging.write" @@ -97,6 +102,9 @@ spec: initialNodeCount: 1 locations: - "eu-west1-b" + management: + autoRepair: true + autoUpgrade: true providerConfigRef: name: portefaix-gcp --- @@ -122,6 +130,9 @@ spec: imageType: cos_containerd labels: made-by: crossplane + tags: + - kubernetes + - nodes oauthScopes: - "https://www.googleapis.com/auth/devstorage.read_only" - "https://www.googleapis.com/auth/logging.write" @@ -132,5 +143,50 @@ spec: initialNodeCount: 0 locations: - "eu-west1-b" + management: + autoRepair: true + autoUpgrade: true providerConfigRef: name: portefaix-gcp +--- +apiVersion: container.gcp.crossplane.io/v1beta1 +kind: NodePool +metadata: + name: portefaix-krm-gcp-misc +spec: + forProvider: + autoscaling: + autoprovisioned: false + enabled: true + maxNodeCount: 3 + minNodeCount: 0 + clusterRef: + name: portefaix-krm-gcp + config: + machineType: n1-standard-1 + sandboxConfig: + type: gvisor + diskSizeGb: 120 + diskType: pd-ssd + imageType: cos_containerd + labels: + made-by: crossplane + tags: + - kubernetes + - nodes + preemptible: true + oauthScopes: + - "https://www.googleapis.com/auth/devstorage.read_only" + - "https://www.googleapis.com/auth/logging.write" + - "https://www.googleapis.com/auth/monitoring" + - "https://www.googleapis.com/auth/servicecontrol" + - "https://www.googleapis.com/auth/service.management.readonly" + - "https://www.googleapis.com/auth/trace.append" + initialNodeCount: 0 + locations: + - "eu-west1-b" + management: + autoRepair: true + autoUpgrade: true + providerConfigRef: + name: portefaix-gcp \ No newline at end of file diff --git a/krm/gcp/labels.yaml b/krm/gcp/labels.yaml index bec090c..5463c98 100644 --- a/krm/gcp/labels.yaml +++ b/krm/gcp/labels.yaml @@ -29,7 +29,15 @@ labels: fieldSpecs: - path: metadata/labels create: true +- kind: CloudMemorystoreInstance + apiVersion: cache.gcp.crossplane.io/v1beta1 + path: spec/forProvider/labels + create: true - kind: NodePool apiVersion: container.gcp.crossplane.io/v1beta1 path: spec/forProvider/config/labels create: true +- kind: Topic + apiVersion: pubsub.gcp.crossplane.io/v1alpha1 + path: spec/forProvider/labels + create: true diff --git a/krm/gcp/memorystore.yaml b/krm/gcp/memorystore.yaml index b4dd4f1..669dded 100644 --- a/krm/gcp/memorystore.yaml +++ b/krm/gcp/memorystore.yaml @@ -19,9 +19,12 @@ metadata: name: portefaix-krm-gcp spec: forProvider: + displayName: portefaix-krm-crossplane tier: STANDARD_HA region: eu-west1 memorySizeGb: 1 + labels: + made-by: crossplane providerRef: name: portefaix-gcp writeConnectionSecretToRef: diff --git a/krm/gcp/network.yaml b/krm/gcp/network.yaml index 008d96a..2541e64 100644 --- a/krm/gcp/network.yaml +++ b/krm/gcp/network.yaml @@ -19,6 +19,7 @@ metadata: name: portefaix-krm-gcp spec: forProvider: + description: "Portefaix KRM Crossplane" autoCreateSubnetworks: false routingConfig: routingMode: REGIONAL diff --git a/krm/gcp/subnetwork.yaml b/krm/gcp/subnetwork.yaml index d8d4d77..a709ab8 100644 --- a/krm/gcp/subnetwork.yaml +++ b/krm/gcp/subnetwork.yaml @@ -19,6 +19,7 @@ metadata: name: portefaix-krm-gcp spec: forProvider: + description: "Portefaix KRM Crossplane" region: eu-west1 ipCidrRange: "192.168.0.0/24" privateIpGoogleAccess: true