In this Services Toolkit tutorial you learn how service operators can integrate the cloud services of their choice into Tanzu Application Platform.
There are a multitude of cloud-based services available on the market for consumers today. AWS, Azure, and GCP all provide support for a wide range of fully-managed, performant and on-demand services ranging from databases, to message queues, to storage solutions and beyond. In this tutorial you will learn how to integrate any one of these services into Tanzu Application Platform, so that you can offer it for apps teams to consume in a simple and effective way.
This tutorial is written at a slightly higher level than the other tutorials in this documentation. This is because it is not feasible to write detailed, step-by-step documentation for integrating every cloud-based service into Tanzu Application Platform. Each service brings a different set of considerations and concerns.
Instead, this tutorial guides you through the general approach to integrating cloud-based services into Tanzu Application Platform. While specific configurations change between services, the overall process remains the same through a consistent set of steps. The aim is to give you enough understanding so that you can integrate any cloud-based service you want into Tanzu Application Platform.
For a more specific and low-level procedure, see Configure dynamic provisioning of AWS RDS service instances, which provides each step in detail for AWS RDS integration. It might be useful to read through that guide even if you want to integrate with one of the other cloud providers.
Target user role: Service Operator
Complexity: Advanced
Estimated time: 30 minutes
Topics covered: Dynamic Provisioning, Cloud-based Services, AWS, Azure, GCP, Crossplane
Learning outcomes: An understanding of the steps involved in integrating cloud-based services into Tanzu Application Platform
The following diagram shows, at a high-level, what is required to integrate a cloud-based service into Tanzu Application Platform.
This tutorial provides the steps required to integrate cloud services, and includes tips and references to example configurations where appropriate.
Install a suitable Crossplane Provider for your cloud of choice. Upbound provides support for the three main cloud providers:
NoteThese cloud-based Providers often install many hundreds of additional CRDs onto the cluster, which can have a negative impact on cluster performance. For more information, see Cluster performance degradation due to large number of CRDs.
Choose the Provider you want, and then follow Upbound’s official documentation to install the Provider and to create a corresponding ProviderConfig.
ImportantThe official documentation for the
Providerincludes a step to “Install Universal Crossplane”. You can skip this step because Crossplane is already installed as part of Tanzu Application Platform.The documentation also assumes Crossplane is installed in the
upbound-systemnamespace. However, when working with Crossplane on Tanzu Application Platform, it is installed to thecrossplane-systemnamespace by default. Ensure that you use the correct namespace when you create theSecretand theProviderConfigwith credentials for theProvider.
Create a CompositeResourceDefinition, which defines the shape of a new API type which is used to create the cloud-based resources.
For help creating the CompositeResourceDefinition, see the Crossplane documentation, or see Create a CompositeResourceDefinition in Configure dynamic provisioning of AWS RDS service instances.
This step is likely to be the most time-consuming. The Composition is where you define the configuration for the resources that make up the service instances for app teams to claim. Configure the necessary resources for usable service instances that users can connect to and use over the network.
To get started with creating a Composition, first read through Configuring Composition in the Upbound documentation.
You can also see the following Composition examples:
For AWS RDS, see Define composite resource types (AWS).
For Azure Flexible Server, see Define Composite Resource Types (Azure).
For GCP Cloud SQL, see Define Composite Resource Types (GCP).
Create a provisioner-based ClusterInstanceClass which is configured to refer to the CompositeResourceDefinition created earlier. For example:
---
apiVersion: services.apps.tanzu.vmware.com/v1alpha1
kind: ClusterInstanceClass
metadata:
name: cloud-service-foo
spec:
description:
short: FooDB by cloud provider Foo!
provisioner:
crossplane:
compositeResourceDefinition: NAME-OF-THE-COMPOSITE-RESOURCE-DEFINITION
For a real-world example, see Make the service discoverable in Configure dynamic provisioning of AWS RDS service instances.
Create an Role-Based Access Control (RBAC) rule using the claim verb pointing to the ClusterInstanceClass you created. For example:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: app-operator-claim-foo-db
labels:
apps.tanzu.vmware.com/aggregate-to-app-operator-cluster-access: "true"
rules:
- apiGroups:
- "services.apps.tanzu.vmware.com"
resources:
- clusterinstanceclasses
resourceNames:
- cloud-service-foo
verbs:
- claim
For a real-world example, see Configure RBAC in Configure dynamic provisioning of AWS RDS service instances.
To test your integration, create a ClassClaim that points to the ClusterInstanceClass you created. For example:
---
apiVersion: services.apps.tanzu.vmware.com/v1alpha1
kind: ClassClaim
metadata:
name: claim-1
spec:
classRef:
name: cloud-service-foo
parameters:
key: value
Verify that the ClassClaim eventually transitions into a READY=True state. If it doesn’t, debug the ClassClaim using kubectl. For how to do this, see Troubleshoot Services Toolkit.
