This topic describes how to create, update, and delete RDS service instances by using a Carvel package. For a more detailed and low-level alternative procedure, see Creating AWS RDS Instances manually by using kubectl.
Meet the prerequisites in Consuming AWS RDS on Tanzu Application Platform (TAP) with AWS Controllers for Kubernetes (ACK).
The package repository and service instance package bundles for this topic are in the tanzu-application-platform-reference-packages GitHub repository.
Follow the steps in the following procedures.
To add a reference package repository to the in the cluster:
Use the Tanzu CLI to add the new Service Reference packages repository by running:
tanzu package repository add tap-service-reference-packages --url ghcr.io/vmware-tanzu/tanzu-application-platform-reference-packages/tap-service-reference-package-repo:0.0.1 -n tanzu-package-repo-global
Use the following example to create a ServiceAccount that you use to provision PackageInstall resources. The namespace of this ServiceAccount must match the namespace of the tanzu package install command in the next step.
# rds-service-account-installer.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rds-install
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rds-install
namespace: default
rules:
- apiGroups: ["*"] # TODO: use more fine-grained RBAC permissions
resources: ["*"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rds-install
namespace: default
subjects:
- kind: ServiceAccount
name: rds-install
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rds-install
Run:
kubectl apply -f rds-service-account-installer.yaml
To create an RDS service instance through the Tanzu CLI:
Create the following Kubernetes resources on your EKS cluster:
# RDS-INSTANCE-NAME-values.yaml
---
name: "RDS-INSTANCE-NAME"
namespace: "default"
dbSubnetGroupName: "DB-SUBNET-GROUP-NAME"
vpcSecurityGroupIDs:
- "SECURITY-GROUP-ID"
Where:
RDS-INSTANCE-NAME is a chosen name for the RDS instance to createDB-SUBNET-GROUP-NAME is the name of the DBSubnetGroup resource previously createdSECURITY-GROUP-ID is the security group ID to use for this RDS instanceUse the Tanzu CLI to install an instance of the reference service instance Package by running:
tanzu package install RDS-INSTANCE-NAME --package-name psql.aws.references.services.apps.tanzu.vmware.com --version 0.0.1-alpha --service-account-name rds-install -f RDS-INSTANCE-NAME-values.yaml -n default
You can install the psql.aws.references.services.apps.tanzu.vmware.com package multiple times to produce multiple RDS service instances.
To do so, prepare a separate RDS-INSTANCE-NAME-values.yaml file and then install the package with a different name and the earlier mentioned separate data values file for each RDS service instance.
To verify:
Verify the creation status for the RDS instance by inspecting the conditions in the Kubernetes API. To do so, run:
kubectl get DBInstance RDS-INSTANCE-NAME -n default -o yaml
Wait for up to 20 minutes.
Find the binding-compliant secret that PackageInstall produced by running:
kubectl get secrettemplate RDS-INSTANCE-NAME-bindable -n default -o jsonpath="{.status.secret.name}"
Delete the RDS service instance by running:
tanzu package installed delete RDS-INSTANCE-NAME -n default
You learned how to use Carvel’s Package and PackageInstall APIs to create an RDS service instance. To learn more about the pieces that comprise this service instance package, see Create an RDS service instance manually.
Now that you have an RDS service instance in the cluster, you can learn how to make use of it by continuing from where you left off in Consuming AWS RDS on Tanzu Application Platform (TAP) with AWS Controllers for Kubernetes (ACK).
