This topic describes creating, updating, and deleting Azure PostgreSQL service instances using a Carvel package. For a more detailed and low-level alternative procedure, see Creating Service Instances that are compatible with Tanzu Application Platform.
Meet the prerequisites:
The Package Repository and service instance Package Bundles for this guide can be found in the Reference Service Packages GitHub repository.
Follow the steps in the following procedures.
The namespace tanzu-package-repo-global has a special significance. The kapp-controller defines a Global Packaging namespace. In this namespace, any package the is made available through a Package Respository, is available in every namespace.
When the kapp-controller is installed via Tanzu Application Platform, the namespace is tanzu-package-repo-global. If you install the controller in another way, verify which namespace is considered the Global Packaging namespace.
To add a reference package repository to the cluster:
Use the Tanzu CLI to add the new Service Reference packages repository:
tanzu package repository add tap-reference-service-packages \
--url ghcr.io/vmware-tanzu/tanzu-application-platform-reference-service-packages:0.0.3 \
-n tanzu-package-repo-global
Create a ServiceAccount to provision PackageInstall resources by using the following example. The namespace of this ServiceAccount must match the namespace of the tanzu package install command in the next step.
kubectl apply -f - <<'EOF'
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: psql-install
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: psql-install
rules:
- apiGroups: ["dbforpostgresql.azure.com"]
resources: ["flexibleservers","flexibleserversdatabases","flexibleserversfirewallrules"]
verbs: ["*"]
- apiGroups: ["resources.azure.com"]
resources: ["resourcegroups"]
verbs: ["*"]
- apiGroups: ["secretgen.carvel.dev", "secretgen.k14s.io"]
resources: ["secrettemplates","passwords"]
verbs: ["*"]
- apiGroups: [""]
resources: ["serviceaccounts","configmaps"]
verbs: ["*"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles","rolebindings"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: psql-install
subjects:
- kind: ServiceAccount
name: psql-install
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: psql-install
Before you create the values file, here are some values highlighted.
0.0.0.0 as the start and end IP addresses for a firewall rule makes the server available from within Azure.true. Else, the package makes a Resource Group with the name specified by the resource_group.name value.The server.name field will be used for the FlexibleServer resource name on Azure, otherwise name will be used. It is recommended to set the value of the name (and the optional server.name) field below from aso-psql to something unique, using only lowercase letters, digits and hyphens. This avoids naming conflicts, as Azure has a global naming namespace for FlexibleServer instances and this resource may already exist. Do make sure you also change the commands below using a aso-psql value, such as the aso-psql-bindable from the SecretTemplate,and replace aso-psql with the actual name.
Create a file holding the configuration of the Azure PostgreSQL service instance:
cat <<'EOF' > aso-psql-instance-values.yml
---
name: aso-psql
namespace: service-instances
location: westeurope
aso_controller_namespace: azureserviceoperator-system
create_namespace: false
server:
administrator_name: trpadmin
database:
name: testdb
firewall_rules:
- startIpAddress: 0.0.0.0
endIpAddress: 0.0.0.0
resource_group:
use_existing: false
name: aso-psql
EOF
Note: To understand which settings are available for this package you can run:
tanzu package available get \ --values-schema \ psql.azure.references.services.apps.tanzu.vmware.com/0.0.1-alphaThis shows a list of all configuration options you can use in the
aso-psql-instance-values.ymlfile.
Use the Tanzu CLI to install an instance of the reference service instance Package.
tanzu package install aso-psql-instance \
--package-name psql.azure.references.services.apps.tanzu.vmware.com \
--version 0.0.1-alpha \
--service-account-name psql-install \
--values-file aso-psql-instance-values.yml \
--wait
You can install the psql.azure.references.services.apps.tanzu.vmware.com package multiple times to produce various Azure PostgreSQL Service instances. You create a separate <INSTANCE-NAME>-values.yml for each instance, set a different name value, and then install the package with the instance-specific data values file.
Verify the creation status for the Azure PostgreSQL instance by inspecting the conditions in the Kubernetes API. To do so, run:
kubectl get flexibleservers.dbforpostgresql.azure.com aso-psql -o yaml
After some time has passed, sometimes up to 10 minutes, you can find the binding-compliant secret produced by PackageInstall. To do so, run:
kubectl get secrettemplate aso-psql-bindable -o jsonpath="{.status.secret.name}"
Firstly wait until the PostgreSQL instance is ready. This may take 5 to 10 minutes.
kubectl wait flexibleservers.dbforpostgresql.azure.com aso-psql -n default --for=condition=Ready --timeout=5m
Next, ensure a bindable Secret was produced by the SecretTemplate. To do so, run:
kubectl wait SecretTemplate -n default aso-psql-bindable --for=condition=ReconcileSucceeded --timeout=5m
kubectl get Secret -n default aso-psql-bindable
You have learnt to use Carvel’s Package and PackageInstall APIs to create a Azure PostgreSQL service instance. If you want to learn more about the pieces that comprise this service instance package, see Creating Azure PostgreSQL Instances manually using kubectl.
Now that you have this available in the cluster, you can learn how to make use of it by continuing where you left off in Consuming Azure PostgreSQL on Tanzu Application Platform (TAP) with ASO.
