Configure dynamic provisioning of VMware SQL with Postgres for Kubernetes service instances
This Services Toolkit topic for service operators explains how you set up dynamic provisioning. This enables app development teams to create self-serve VMware SQL with Postgres for Kubernetes service instances that are customized to meet their needs.
If you are not already familiar with dynamic provisioning in Tanzu Application Platform, following the tutorial Set up dynamic provisioning of service instances. might be help you understand the steps presented in this topic.
Prerequisites
Before you configure dynamic provisioning, you must have:
- Access to a Tanzu Application Platform cluster v1.5.0 or later.
- The Tanzu services CLI plug-in v0.6.0 or later.
Configure dynamic provisioning
To configure dynamic provisioning for VMware SQL with Postgres for Kubernetes services instances, you must:
- Install the VMware Postgres Operator
- Set up the namespace
- Create a CompositeResourceDefinition
- Create a Composition
- Make the service discoverable
- Configure RBAC
- Verify your configuration
Install the VMware Postgres Operator
Install the VMware Postgres Operator by following the steps in Installing a VMware Postgres Operator.
Set up the namespace
This topic configures dynamic provisioning to provision all PostgreSQL service instances into the same namespace. This namespace is named tanzu-psql-service-instances.
To set up the namespace:
-
Ensure that the namespace exists by running the following:
kubectl create namespace tanzu-psql-service-instances -
The VMware Postgres Operator also requires that a secret holding registry credentials exists in the same namespace that the service instances will be created in. Ensure that the secret exists in the namespace by running:
kubectl create secret --namespace=tanzu-psql-service-instances docker-registry regsecret \ --docker-server=MY-REGISTRY \ --docker-username=`USERNAME` \ --docker-password=`PASSWORD`Where:
MY-REGISTRYis the registry to which you relocated the VMware Postgres Operator images when you installed the operator.USERNAMEis your registry username.PASSWORDis your registry password.
Create a CompositeResourceDefinition
To create the CompositeResourceDefinition (XRD):
-
Create a file named
xpostgresqlinstances.database.tanzu.example.org.xrd.yamland copy in the following contents:# xpostgresqlinstances.database.tanzu.example.org.xrd.yaml --- apiVersion: apiextensions.crossplane.io/v1 kind: CompositeResourceDefinition metadata: name: xpostgresqlinstances.database.tanzu.example.org spec: connectionSecretKeys: - provider - type - database - host - password - port - uri - username group: database.tanzu.example.org names: kind: XPostgreSQLInstance plural: xpostgresqlinstances versions: - name: v1alpha1 referenceable: true schema: openAPIV3Schema: properties: spec: properties: storageGB: type: integer default: 20 type: object type: object served: trueThis XRD configures the parameter
storageGB. This gives application teams the option to choose a suitable amount of storage for the Tanzu Postgres service instance when they create a claim. You can choose to expose as many or as few parameters to application teams as you like. -
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f xpostgresqlinstances.database.tanzu.example.org.xrd.yaml
Create a Composition
To create the Composition:
-
Create a file named
xpostgresqlinstances.database.tanzu.example.org.composition.yamland copy in the following contents:# xpostgresqlinstances.database.tanzu.example.org.composition.yaml --- apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: name: xpostgresqlinstances.database.tanzu.example.org spec: compositeTypeRef: apiVersion: database.tanzu.example.org/v1alpha1 kind: XPostgreSQLInstance publishConnectionDetailsWithStoreConfigRef: name: default resources: - base: apiVersion: kubernetes.crossplane.io/v1alpha1 kind: Object spec: forProvider: manifest: apiVersion: sql.tanzu.vmware.com/v1 kind: Postgres metadata: name: PATCHED namespace: tanzu-psql-service-instances spec: storageSize: 2G connectionDetails: - apiVersion: v1 kind: Secret namespace: tanzu-psql-service-instances fieldPath: data.provider toConnectionSecretKey: provider - apiVersion: v1 kind: Secret namespace: tanzu-psql-service-instances fieldPath: data.type toConnectionSecretKey: type - apiVersion: v1 kind: Secret namespace: tanzu-psql-service-instances fieldPath: data.host toConnectionSecretKey: host - apiVersion: v1 kind: Secret namespace: tanzu-psql-service-instances fieldPath: data.port toConnectionSecretKey: port - apiVersion: v1 kind: Secret namespace: tanzu-psql-service-instances fieldPath: data.username toConnectionSecretKey: username - apiVersion: v1 kind: Secret namespace: tanzu-psql-service-instances fieldPath: data.password toConnectionSecretKey: password - apiVersion: v1 kind: Secret namespace: tanzu-psql-service-instances fieldPath: data.database toConnectionSecretKey: database - apiVersion: v1 kind: Secret namespace: tanzu-psql-service-instances fieldPath: data.uri toConnectionSecretKey: uri writeConnectionSecretToRef: namespace: tanzu-psql-service-instances connectionDetails: - fromConnectionSecretKey: provider - fromConnectionSecretKey: type - fromConnectionSecretKey: host - fromConnectionSecretKey: port - fromConnectionSecretKey: username - fromConnectionSecretKey: password - fromConnectionSecretKey: database - fromConnectionSecretKey: uri patches: - fromFieldPath: metadata.name toFieldPath: spec.forProvider.manifest.metadata.name type: FromCompositeFieldPath - fromFieldPath: spec.storageSize toFieldPath: spec.forProvider.manifest.spec.persistence.storage transforms: - string: fmt: '%dG' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.writeConnectionSecretToRef.name transforms: - string: fmt: '%s-psql' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.connectionDetails[0].name transforms: - string: fmt: '%s-app-user-db-secret' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.connectionDetails[1].name transforms: - string: fmt: '%s-app-user-db-secret' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.connectionDetails[2].name transforms: - string: fmt: '%s-app-user-db-secret' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.connectionDetails[3].name transforms: - string: fmt: '%s-app-user-db-secret' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.connectionDetails[4].name transforms: - string: fmt: '%s-app-user-db-secret' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.connectionDetails[5].name transforms: - string: fmt: '%s-app-user-db-secret' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.connectionDetails[6].name transforms: - string: fmt: '%s-app-user-db-secret' type: Format type: string type: FromCompositeFieldPath - fromFieldPath: metadata.name toFieldPath: spec.connectionDetails[7].name transforms: - string: fmt: '%s-app-user-db-secret' type: Format type: string type: FromCompositeFieldPath readinessChecks: - type: MatchString fieldPath: status.atProvider.manifest.status.currentState matchString: "Running" -
Configure the Composition you just copied to your specific requirements.
-
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f xpostgresqlinstances.database.tanzu.example.org.composition.yaml
Make the service discoverable
To make the service discoverable to application teams:
-
Create a file named
tanzu-psql.class.yamland copy in the following contents:# tanzu-psql.class.yaml --- apiVersion: services.apps.tanzu.vmware.com/v1alpha1 kind: ClusterInstanceClass metadata: name: tanzu-psql spec: description: short: VMware SQL with Postgres provisioner: crossplane: compositeResourceDefinition: xpostgresqlinstances.database.tanzu.example.org -
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f tanzu-psql.class.yaml
Configure RBAC
To configure access control with RBAC:
-
Create a file named
provider-kubernetes-tanzu-postgres-read-writer.rbac.yamland copy in the following contents:# provider-kubernetes-tanzu-postgres-read-writer.rbac.yaml --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tanzu-postgres-read-writer labels: services.tanzu.vmware.com/aggregate-to-provider-kubernetes: "true" rules: - apiGroups: - sql.tanzu.vmware.com resources: - postgres verbs: - "*" -
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f provider-kubernetes-tanzu-postgres-read-writer.rbac.yaml -
Create a file named
app-operator-claim-tanzu-psql.rbac.yamland copy in the following contents:# app-operator-claim-tanzu-psql.rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: app-operator-claim-tanzu-psql labels: apps.tanzu.vmware.com/aggregate-to-app-operator-cluster-access: "true" rules: - apiGroups: - "services.apps.tanzu.vmware.com" resources: - clusterinstanceclasses resourceNames: - tanzu-psql verbs: - claim -
Apply the file to the Tanzu Application Platform cluster by running:
kubectl apply -f app-operator-claim-tanzu-psql.rbac.yaml
Verify your configuration
To verify your configuration, create a claim for a PostgreSQL service instance by running:
tanzu service class-claim create tanzu-psql-1 --class tanzu-psql -p storageGB=5
