This Services Toolkit topic for service operators explains how you set up dynamic provisioning. This enables app development teams to create self-serve VMware SQL with Postgres for Kubernetes service instances that are customized to meet their needs.
If you are not already familiar with dynamic provisioning in Tanzu Application Platform, following the tutorial Set up dynamic provisioning of service instances. might be help you understand the steps presented in this topic.
Before you configure dynamic provisioning, you must have:
To configure dynamic provisioning for VMware SQL with Postgres for Kubernetes services instances, you must:
Install the VMware Postgres Operator by following the steps in Installing a VMware Postgres Operator.
This topic configures dynamic provisioning to provision all PostgreSQL service instances into the same namespace. This namespace is named tanzu-psql-service-instances
.
To set up the namespace:
Ensure that the namespace exists by running the following:
kubectl create namespace tanzu-psql-service-instances
The VMware Postgres Operator also requires that a secret holding registry credentials exists in the same namespace that the service instances will be created in. Ensure that the secret exists in the namespace by running:
kubectl create secret --namespace=tanzu-psql-service-instances docker-registry regsecret \
--docker-server=MY-REGISTRY \
--docker-username=`USERNAME` \
--docker-password=`PASSWORD`
Where:
MY-REGISTRY
is the registry to which you relocated the VMware Postgres Operator images when you installed the operator.USERNAME
is your registry username.PASSWORD
is your registry password.To create the CompositeResourceDefinition (XRD):
Create a file named xpostgresqlinstances.database.tanzu.example.org.xrd.yaml
and copy in the following contents:
# xpostgresqlinstances.database.tanzu.example.org.xrd.yaml
---
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xpostgresqlinstances.database.tanzu.example.org
spec:
connectionSecretKeys:
- provider
- type
- database
- host
- password
- port
- uri
- username
group: database.tanzu.example.org
names:
kind: XPostgreSQLInstance
plural: xpostgresqlinstances
versions:
- name: v1alpha1
referenceable: true
schema:
openAPIV3Schema:
properties:
spec:
properties:
storageGB:
type: integer
default: 20
type: object
type: object
served: true
This XRD configures the parameter storageGB
. This gives application teams the option to choose a suitable amount of storage for the Tanzu Postgres service instance when they create a claim. You can choose to expose as many or as few parameters to application teams as you like.
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f xpostgresqlinstances.database.tanzu.example.org.xrd.yaml
To create the Composition:
Create a file named xpostgresqlinstances.database.tanzu.example.org.composition.yaml
and copy in the following contents:
# xpostgresqlinstances.database.tanzu.example.org.composition.yaml
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: xpostgresqlinstances.database.tanzu.example.org
spec:
compositeTypeRef:
apiVersion: database.tanzu.example.org/v1alpha1
kind: XPostgreSQLInstance
publishConnectionDetailsWithStoreConfigRef:
name: default
resources:
- base:
apiVersion: kubernetes.crossplane.io/v1alpha1
kind: Object
spec:
forProvider:
manifest:
apiVersion: sql.tanzu.vmware.com/v1
kind: Postgres
metadata:
name: PATCHED
namespace: tanzu-psql-service-instances
spec:
storageSize: 2G
connectionDetails:
- apiVersion: v1
kind: Secret
namespace: tanzu-psql-service-instances
fieldPath: data.provider
toConnectionSecretKey: provider
- apiVersion: v1
kind: Secret
namespace: tanzu-psql-service-instances
fieldPath: data.type
toConnectionSecretKey: type
- apiVersion: v1
kind: Secret
namespace: tanzu-psql-service-instances
fieldPath: data.host
toConnectionSecretKey: host
- apiVersion: v1
kind: Secret
namespace: tanzu-psql-service-instances
fieldPath: data.port
toConnectionSecretKey: port
- apiVersion: v1
kind: Secret
namespace: tanzu-psql-service-instances
fieldPath: data.username
toConnectionSecretKey: username
- apiVersion: v1
kind: Secret
namespace: tanzu-psql-service-instances
fieldPath: data.password
toConnectionSecretKey: password
- apiVersion: v1
kind: Secret
namespace: tanzu-psql-service-instances
fieldPath: data.database
toConnectionSecretKey: database
- apiVersion: v1
kind: Secret
namespace: tanzu-psql-service-instances
fieldPath: data.uri
toConnectionSecretKey: uri
writeConnectionSecretToRef:
namespace: tanzu-psql-service-instances
connectionDetails:
- fromConnectionSecretKey: provider
- fromConnectionSecretKey: type
- fromConnectionSecretKey: host
- fromConnectionSecretKey: port
- fromConnectionSecretKey: username
- fromConnectionSecretKey: password
- fromConnectionSecretKey: database
- fromConnectionSecretKey: uri
patches:
- fromFieldPath: metadata.name
toFieldPath: spec.forProvider.manifest.metadata.name
type: FromCompositeFieldPath
- fromFieldPath: spec.storageSize
toFieldPath: spec.forProvider.manifest.spec.persistence.storage
transforms:
- string:
fmt: '%dG'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.writeConnectionSecretToRef.name
transforms:
- string:
fmt: '%s-psql'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.connectionDetails[0].name
transforms:
- string:
fmt: '%s-app-user-db-secret'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.connectionDetails[1].name
transforms:
- string:
fmt: '%s-app-user-db-secret'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.connectionDetails[2].name
transforms:
- string:
fmt: '%s-app-user-db-secret'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.connectionDetails[3].name
transforms:
- string:
fmt: '%s-app-user-db-secret'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.connectionDetails[4].name
transforms:
- string:
fmt: '%s-app-user-db-secret'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.connectionDetails[5].name
transforms:
- string:
fmt: '%s-app-user-db-secret'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.connectionDetails[6].name
transforms:
- string:
fmt: '%s-app-user-db-secret'
type: Format
type: string
type: FromCompositeFieldPath
- fromFieldPath: metadata.name
toFieldPath: spec.connectionDetails[7].name
transforms:
- string:
fmt: '%s-app-user-db-secret'
type: Format
type: string
type: FromCompositeFieldPath
readinessChecks:
- type: MatchString
fieldPath: status.atProvider.manifest.status.currentState
matchString: "Running"
Configure the Composition you just copied to your specific requirements.
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f xpostgresqlinstances.database.tanzu.example.org.composition.yaml
To make the service discoverable to application teams:
Create a file named tanzu-psql.class.yaml
and copy in the following contents:
# tanzu-psql.class.yaml
---
apiVersion: services.apps.tanzu.vmware.com/v1alpha1
kind: ClusterInstanceClass
metadata:
name: tanzu-psql
spec:
description:
short: VMware SQL with Postgres
provisioner:
crossplane:
compositeResourceDefinition: xpostgresqlinstances.database.tanzu.example.org
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f tanzu-psql.class.yaml
To configure access control with RBAC:
Create a file named provider-kubernetes-tanzu-postgres-read-writer.rbac.yaml
and copy in the following contents:
# provider-kubernetes-tanzu-postgres-read-writer.rbac.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tanzu-postgres-read-writer
labels:
services.tanzu.vmware.com/aggregate-to-provider-kubernetes: "true"
rules:
- apiGroups:
- sql.tanzu.vmware.com
resources:
- postgres
verbs:
- "*"
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f provider-kubernetes-tanzu-postgres-read-writer.rbac.yaml
Create a file named app-operator-claim-tanzu-psql.rbac.yaml
and copy in the following contents:
# app-operator-claim-tanzu-psql.rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: app-operator-claim-tanzu-psql
labels:
apps.tanzu.vmware.com/aggregate-to-app-operator-cluster-access: "true"
rules:
- apiGroups:
- "services.apps.tanzu.vmware.com"
resources:
- clusterinstanceclasses
resourceNames:
- tanzu-psql
verbs:
- claim
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f app-operator-claim-tanzu-psql.rbac.yaml
To verify your configuration, create a claim for a PostgreSQL service instance by running:
tanzu service class-claim create tanzu-psql-1 --class tanzu-psql -p storageGB=5