Azure psql

README.md

@@ -7,19 +7,21 @@
 This repository contains sample [Carvel Packages](https://carvel.dev/kapp-controller/docs/v0.38.0/packaging/) that create [Service Instances](https://docs.vmware.com/en/Services-Toolkit-for-VMware-Tanzu-Application-Platform/0.7/svc-tlk/GUID-api_projection_and_resource_replication-terminology_and_apis.html#terminology) (e.g. Databases, Message queues, caches etc) that are compatible with [Tanzu Application Platform (TAP)](https://docs.vmware.com/en/Services-Toolkit-for-VMware-Tanzu-Application-Platform/index.html).
 
 ## Prerequisites
+
 These reference packages are compatible with the following:
+
 * A Kubernetes Cluster with at least [Tanzu Application Platform](https://docs.vmware.com/en/Services-Toolkit-for-VMware-Tanzu-Application-Platform/index.html) 1.2.0 or higher.
 * A Kubernetes Cluster configured with [Cluster Essentials for VMware Tanzu](https://network.tanzu.vmware.com/products/tanzu-cluster-essentials/) 1.2.0 or higher. This explicitly relies on:
-    * [carvel kapp-controller](https://github.com/vmware-tanzu/carvel-kapp-controller/)
-    * [carvel secretgen-controller](https://github.com/vmware-tanzu/carvel-secretgen-controller/)(`>=0.9.0`)
+  * [carvel kapp-controller](https://github.com/vmware-tanzu/carvel-kapp-controller/)
+  * [carvel secretgen-controller](https://github.com/vmware-tanzu/carvel-secretgen-controller/)(`>=0.9.0`)
 
 ## Quick start
 
 Add the PackageRepository to your Kubernetes cluster:
 
 ```shell
 tanzu package repository add tap-reference-service-packages \
-    --url ghcr.io/vmware-tanzu/tanzu-application-platform-reference-service-packages:0.0.2 \
+    --url ghcr.io/vmware-tanzu/tanzu-application-platform-reference-service-packages:0.0.3 \
     -n tanzu-package-repo-global
 ```
 
@@ -35,12 +37,14 @@ Follow the instructions for a specific Service Instance below:
 
 ## Service Instances
 
-| Type               | Resource(s)                        | Description                | Status           |
-| ------------------ | ---------------------------------- | -------------------------- | ---------------- |
-| [Amazon RDS]       | DBInstance                         | Create RDS instances       | 🚧 Experimental  |
-| [Google Cloud SQL] | SQLInstance, SQLDatabase, SQLUser  | Create Cloud SQL instances | 🚧 Experimental  |
+| Type                                  | Resource(s)                                                                          | Description                                    | Status           |
+| ------------------------------------- | ------------------------------------------------------------------------------------ | ---------------------------------------------- | ---------------- |
+| [Amazon RDS]                          | DBInstance                                                                           | Create RDS instances                           | 🚧 Experimental  |
+| [Azure FlexibleServer for PostgreSQL] | ResourceGroup, FlexibleServer, FlexibleServersDatabase, FlexibleServersFirewallRule  | Create FlexibleServer for PostgreSQL instances | 🚧 Experimental  |
+| [Google Cloud SQL]                    | SQLInstance, SQLDatabase, SQLUser                                                    | Create Cloud SQL instances                     | 🚧 Experimental  |
 
 [Amazon RDS]: ./amazon/ack/rds/README.md
+[Azure FlexibleServer for PostgreSQL]: ./azure/aso/README.md
 [Google Cloud SQL]: ./google/config-connector/cloudsql/README.md
 
 ## Building the Package Repository
@@ -64,9 +68,9 @@ imgpkg push -b ${REPO_HOST}:${TAG} -f repository
 ## Contributing
 
 The tanzu-application-platform-reference-service-packages project team welcomes contributions from the community. Before you start working with this project please
-read and sign our Contributor License Agreement (https://cla.vmware.com/cla/1/preview). If you wish to contribute code and you have not signed our
-Contributor Licence Agreement (CLA), our bot will prompt you to do so when you open a Pull Request. For more detailed information, refer to 
-[CONTRIBUTING.md](CONTRIBUTING.md).
+read and sign our Contributor License Agreement (<https://cla.vmware.com/cla/1/preview>). If you wish to contribute code and you have not signed our
+Contributor Licence Agreement (CLA), our bot will prompt you to do so when you open a Pull Request. For more detailed information, refer to [CONTRIBUTING.md](CONTRIBUTING.md).
 
 ## License
+
 See [LICENSE](./LICENSE)

amazon/ack/rds/README.md

@@ -4,7 +4,7 @@ Status: Experimental
 
 ## Use
 
-For detailed instructions follow the guide [Services Toolkit Documentation on RDS using ACK](https://docs.vmware.com/en/draft/Services-Toolkit-for-VMware-Tanzu-Application-Platform/0.7/svc-tlk/GUID-usecases-consuming_aws_rds_with_ack.html)
+For detailed instructions follow the guide [Services Toolkit Documentation on RDS using ACK](https://docs.vmware.com/en/Services-Toolkit-for-VMware-Tanzu-Application-Platform/0.7/svc-tlk/GUID-usecases-consuming_aws_rds_with_ack.html)
 
 ## Bundle
 

azure/README.md

@@ -0,0 +1,5 @@
+# Azure
+
+See:
+
+- [Azure Service Operator for FlexibleServer](./psql/README.md)

azure/aso/psql/README.md

@@ -0,0 +1,30 @@
+# Azure Service Operator - FlexibleServer for PostgreSQL
+
+Status: Experimental
+
+## Description
+
+This is a [Carvel Package] using the [Azure Service Operator v2] to manage Azure FlexibleServer for PostrgreSQL instances.
+
+[Azure Service Operator v2]: https://github.com/Azure/azure-service-operator/blob/v2.0.0-beta.2/README.md
+[Carvel Package]: https://carvel.dev/kapp-controller/docs/develop/packaging/
+
+## Use
+
+For detailed instructions, follow the guide [Services Toolkit Documentation on FlexibleServer using ASO v2](https://docs.vmware.com/en/Services-Toolkit-for-VMware-Tanzu-Application-Platform/0.7/svc-tlk/GUID-usecases-consuming_azure_flexibleserver_psql_with_azure_operator.html)
+
+## Bundle
+
+For more information on customizing the bundle see [here][bundle], specifically
+the [values-schema]. Alternatively you can also see the configuration options
+with the tanzu CLI once the [package repo has been installed][repo-install] on
+your cluster:
+
+```sh
+tanzu package available get \
+  --values-schema psql.azure.references.services.apps.tanzu.vmware.com/0.0.1-alpha
+```
+
+[bundle]: ../../../bundles/azure/aso/psql
+[values-schema]: ../../../bundles/azure/aso/psql/bundle/config/00-schema.yml
+[repo-install]: ../../../README.md#quick-start

azure/aso/psql/package-install.yaml

@@ -0,0 +1,40 @@
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: psql-1
+  namespace: psql-1
+spec:
+  serviceAccountName: psql-install
+  packageRef:
+    refName: psql.azure.references.services.apps.tanzu.vmware.com
+    versionSelection:
+      constraints: 0.16.0
+  values:
+  - secretRef:
+      name: psql-1-values
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name:  psql-1-values
+  namespace: psql-1  
+stringData:
+  values.yml: |
+    name: psql-1
+    namespace: psql-1
+    create_namespace: false
+    aso_controller_namespace: azureserviceoperator-system
+    resource_group:
+      name: psql-1
+      use_existing_resource_group: false
+    server:
+      version: "13"
+      administrator_name: trpadmin
+      instance_type: Standard_D4s_v3
+      instance_tier: GeneralPurpose
+      instance_storage_size_gb: 128
+    database:
+      name: testdb
+    firewall_rules:
+      - startIpAddress: 0.0.0.0
+        endIpAddress: 0.0.0.0

azure/aso/psql/rbac.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: psql-install
+  namespace: psql-1  
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: psql-install
+  namespace: psql-1  
+rules:
+- apiGroups: ["dbforpostgresql.azure.com"]
+  resources: ["flexibleservers","flexibleserversdatabases","flexibleserversfirewallrules"]
+  verbs:     ["*"]
+- apiGroups: ["resources.azure.com"]
+  resources: ["resourcegroups"]
+  verbs:     ["*"]  
+- apiGroups: ["secretgen.carvel.dev", "secretgen.k14s.io"]
+  resources: ["secrettemplates","passwords"]
+  verbs:     ["*"]
+- apiGroups: [""]
+  resources: ["serviceaccounts","configmaps"]
+  verbs:     ["*"]
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs:     ["get", "list"]  
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["roles","rolebindings"]
+  verbs:     ["*"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: psql-install
+  namespace: psql-1  
+subjects:
+- kind: ServiceAccount
+  name: psql-install
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: psql-install

bundles/azure/aso/psql/README.md

@@ -0,0 +1,34 @@
+# Azure Service Operator - FlexibleServer for PostgreSQL
+
+Status: Experimental
+
+## Use
+
+For detailed instructions, follow the guide [Services Toolkit Documentation on FlexibleServer using ASO v2](https://docs.vmware.com/en/Services-Toolkit-for-VMware-Tanzu-Application-Platform/0.7/svc-tlk/GUID-usecases-consuming_azure_flexibleserver_psql_with_azure_operator.html)
+
+## Customize
+
+To customize the configuration of this Package Bundle modify the contents of `bundle` directory and follow the [Build](#build) steps.
+
+## Build
+
+>**Note**: This will be automated in the future
+
+To alter this Package, modify the contents and perform the following steps to build the Package Bundle image. These steps use the following:
+
+* [kbld](https://carvel.dev/kbld)
+* [imgpkg](https://carvel.dev/imgpkg)
+
+1. Build a new Package bundle image:
+
+```sh
+export REPO_HOST=<YOUR_IMAGE_REPO> #! e.g. ghcr.io/vmware-tanzu/tanzu-application-platform-reference-service-packages
+export BUNDLE_TAG=<YOUR_BUNDLE_TAG> #! e.g. latest
+
+pushd bundle
+    kbld -f config/ --imgpkg-lock-output=.imgpkg/images.yml
+    imgpkg push -b ${REPO_HOST}/psql.azure.references.services.apps.tanzu.vmware.com:$BUNDLE_TAG -f .
+popd
+```
+
+1. Take the SHA produced by `imgpkg` and update `repository/packages/azure/psql/package.yml` by modifying `template.spec.fetch[0].imgpkgBundle.image` value.

bundles/azure/aso/psql/bundle/.imgpkg/images.yml

@@ -0,0 +1,3 @@
+---
+apiVersion: imgpkg.carvel.dev/v1alpha1
+kind: ImagesLock

bundles/azure/aso/psql/bundle/config/00-schema.yml

@@ -0,0 +1,140 @@
+#@data/values-schema
+
+---
+#@schema/title "ASO Controller Namespace"
+#@schema/desc "The Namespace where the Azure ASO controller is installed that should own this Azure RM resource"
+aso_controller_namespace: "azureserviceoperator-system"
+
+#@schema/title "ResourceName"
+#@schema/desc "Name for the resources"
+name: "aso-psql"
+
+#@schema/title "ResourceNamespace"
+#@schema/desc "Kubernetes namespace where the Azure resources will be created"
+namespace: ""
+
+#@schema/title "Create namespace flag"
+#@schema/desc "Whether to create the namespace for the resources or not"
+create_namespace: False
+
+#@schema/title "ResourceGroup"
+#@schema/desc "Azure ResourceGroup for the servers/database resources"
+resource_group:
+  #@schema/title "Name"
+  #@schema/desc "Azure ResourceGroup name"
+  name: "aso-psql"
+  #@schema/title "UseExisting"
+  #@schema/desc "Whether to use the existing Azure resource group or not"
+  use_existing: False
+  #@schema/title "Tags"
+  #@schema/desc "Tags to attach to the object"
+  #@schema/default []
+  tags:
+    -
+      #@schema/title "Key"
+      #@schema/desc "The name of the tag"
+      key: ""
+      #@schema/title "Value"
+      #@schema/desc "The value of the tag"
+      value: ""
+
+
+#@schema/title "Location"
+#@schema/desc "Location where the resources will be created"
+location: ""
+
+#@schema/title "FlexibleServer"
+#@schema/desc "FlexibleServer instance that will be created"
+server:
+
+  #@schema/title "Name"
+  #@schema/desc "Flexible Server name. It must be unique across all Azure postgres database instances. Only lowercase letters, numbers and hyphens are allowed."
+  name: ""
+
+  #@schema/title "Version"
+  #@schema/desc "PostgreSQL version to deploy (only 11, 12 and 13 are currently supported"
+  version: "13"
+
+  #@schema/title "AdministratorName"
+  #@schema/desc "Username for the administrator user. It cannot be 'azure_superuser', 'azuresu', 'azure_pg_admin', 'sa', 'admin', 'administrator', 'root', 'guest', 'dbmanager', 'loginmanager', 'dbo', 'information_schema', 'sys', 'db_accessadmin', 'db_backupoperator', 'db_datareader', 'db_datawriter', 'db_ddladmin', 'db_denydatareader', 'db_denydatawriter', 'db_owner', 'db_securityadmin', 'public'."
+  administrator_name: "myadmin"
+
+  #@schema/title "InstanceType"
+  #@schema/desc "The type of the requested instance (follows the convention Standard_{VM name})"
+  instance_type: "Standard_D2s_v3"
+
+  #@schema/title "InstanceTier"
+  #@schema/desc "The tier of the requested instance (allowed: 'Burstable', 'GeneralPurpose' or 'Memory Optimized')"
+  instance_tier: "GeneralPurpose"
+
+  #@schema/title "InstanceStorageSizeGB"
+  #@schema/desc "The storage size for the instance in GB (allowed: from 32 to 16384)"
+  instance_storage_size_gb: 128
+
+  #@schema/title "Tags"
+  #@schema/desc "Tags to attach to the object"
+  #@schema/default []
+  tags:
+    -
+      #@schema/title "Key"
+      #@schema/desc "The name of the tag"
+      key: ""
+      #@schema/title "Value"
+      #@schema/desc "The value of the tag"
+      value: ""
+
+#@schema/title "Database"
+#@schema/desc "The database that will be created."
+database:
+
+  #@schema/title "Name"
+  #@schema/desc "Name of the database"
+  name: ""
+
+  #@schema/title "Tags"
+  #@schema/desc "Tags to attach to the object"
+  #@schema/default []
+  tags:
+    -
+      #@schema/title "Key"
+      #@schema/desc "The name of the tag"
+      key: ""
+      #@schema/title "Value"
+      #@schema/desc "The value of the tag"
+      value: ""
+
+#@schema/title "FirewallRules"
+#@schema/desc "List of firewall rules for exposing the Flexible Server. '0.0.0.0' for both startIpAddress and endIpAddress means it will be available from Azure (not the whole public Internet). Must be IPv4 format."
+#@schema/default []
+firewall_rules:
+
+  -
+    #@schema/title "StartIpAddress"
+    #@schema/desc "The starting IP address of the range"
+    startIpAddress: ""
+    #@schema/title "EndIpAddress"
+    #@schema/desc "The ending IP address of the range"
+    endIpAddress: ""
+    #@schema/title "Tags"
+    #@schema/desc "Tags to attach to the object"
+    #@schema/default []
+    tags:
+      -
+        #@schema/title "Key"
+        #@schema/desc "The name of the tag"
+        key: ""
+        #@schema/title "Value"
+        #@schema/desc "The value of the tag"
+        value: ""
+
+#@schema/title "GlobalTags"
+#@schema/desc "Tags to attach to all the resources"
+#@schema/default []
+global_tags:
+  -
+    #@schema/title "Key"
+    #@schema/desc "The name of the tag"
+    key: ""
+    #@schema/title "Value"
+    #@schema/desc "The value of the tag"
+    value: ""