Migrate GCP Reference Platform to Upbound Official Providers

* Migrate all XRD and Compositions to OP * Update package meta and examples * Use compositeNetworkSelector with matchLabels propagation * Add ServiceAccount creation within GKE Composition * Add ServiceAccountKey for Helm ProviderConfig * Reliably propagate ServiceAccount to Cluster and NodePool through XR status * Create ProjectIAMMember association * Update prometheus operator version to currently available one * Strict versioning in meta config Signed-off-by: Yury Tsarev <yury@upbound.io>
upbound · Sep 27, 2022 · f5353db · f5353db
1 parent 611e2c7
commit f5353db
Show file tree

Hide file tree

Showing 15 changed files with 236 additions and 317 deletions.
diff --git a/README.md b/README.md
@@ -6,8 +6,8 @@ your internal teams.
 
 It provides platform APIs to provision fully configured GKE clusters, with secure networking, and
 stateful cloud services (Cloud SQL) designed to securely connect to the nodes in each GKE cluster --
-all composed using cloud service primitives from the [Crossplane GCP
-Provider](https://doc.crds.dev/github.com/crossplane/provider-gcp). App deployments can securely
+all composed using cloud service primitives from the [Upbound Official GCP
+Provider](https://marketplace.upbound.io/providers/upbound/provider-gcp). App deployments can securely
 connect to the infrastructure they need using secrets distributed directly to the app namespace.
 
 ## Quick Start
@@ -19,7 +19,7 @@ There are two ways to run Universal Crossplane:
 1. Hosted on Upbound Cloud
 1. Self-hosted on any Kubernetes cluster.
 
-To provision the GCP Reference platform, you can pick the option that is best for you. 
+To provision the GCP Reference platform, you can pick the option that is best for you.
 
 We'll go through each option in the next sections.
 
@@ -95,13 +95,16 @@ kubectl get pkg
 #### GCP Provider Setup
 
 Set up your GCP account keyfile by following the instructions on:
-https://crossplane.io/docs/v1.0/getting-started/install-configure.html#select-provider
+https://crossplane.io/docs/v1.9/getting-started/install-configure.html#select-a-getting-started-configuration
 
 Ensure that the following roles are added to your service account:
 
 * `roles/compute.networkAdmin`
 * `roles/container.admin`
 * `roles/iam.serviceAccountUser`
+* `roles/iam.securityAdmin`
+* `roles/iam.serviceAccountAdmin`
+* `roles/iam.serviceAccountKeyAdmin`
 
 Then create the secret using the given `creds.json` file:
 
@@ -162,7 +165,7 @@ kubectl -n upbound-system get cluster
 1. Delete `Cluster` claim:
 
 ```console
-kubectl -n upbound-system delete -f examples/cluster.yaml
+kubectl -n upbound-system delete -f examples/cluster-claim.yaml
 ```
 
 2. Verify all underlying resources have been cleanly deleted:
@@ -224,7 +227,7 @@ docker login ${REGISTRY} -u ${UPBOUND_ACCOUNT_EMAIL}
 Build package.
 
 ```console
-up xpkg build --name package.xpkg --ignore ".github/*,.github/*/*,examples/*,hack/*"
+up xpkg build --name package.xpkg --ignore ".github/workflows/*,hack/*"
 ```
 
 Push package to registry.
@@ -240,12 +243,12 @@ kubectl crossplane install configuration ${PLATFORM_CONFIG}
 ```
 
 The cloud service primitives that can be used in a `Composition` today are
-listed in the Crossplane provider docs:
+listed in the Upbound Marketplace provider docs:
 
-* [Crossplane GCP Provider](https://doc.crds.dev/github.com/crossplane/provider-gcp)
+* [Upbound Official GCP Provider](https://marketplace.upbound.io/providers/upbound/provider-gcp)
 
 To learn more see [Configuration
-Packages](https://crossplane.io/docs/v0.14/getting-started/package-infrastructure.html).
+Packages](https://crossplane.io/docs/v1.9/concepts/packages.html).
 
 ## Learn More
 

diff --git a/cluster/composition.yaml b/cluster/composition.yaml
@@ -1,25 +1,29 @@
 apiVersion: apiextensions.crossplane.io/v1
 kind: Composition
 metadata:
-  name: gke.compositeclusters.gcp.platformref.crossplane.io
+  name: gke.compositeclusters.gcp.platformref.upbound.io
   labels:
     provider: GCP
 spec:
   writeConnectionSecretsToNamespace: upbound-system
   compositeTypeRef:
-    apiVersion: gcp.platformref.crossplane.io/v1alpha1
+    apiVersion: gcp.platformref.upbound.io/v1alpha1
     kind: CompositeCluster
   resources:
     - base:
-        apiVersion: gcp.platformref.crossplane.io/v1alpha1
+        apiVersion: gcp.platformref.upbound.io/v1alpha1
+        kind: CompositeNetwork
+      patches:
+        - fromFieldPath: spec.id
+          toFieldPath: spec.id
+    - base:
+        apiVersion: gcp.platformref.upbound.io/v1alpha1
         kind: GKE
       connectionDetails:
         - fromConnectionSecretKey: kubeconfig
       patches:
         - fromFieldPath: spec.id
           toFieldPath: spec.id
-        - fromFieldPath: spec.id
-          toFieldPath: metadata.annotations[crossplane.io/external-name]
         - fromFieldPath: metadata.uid
           toFieldPath: spec.writeConnectionSecretToRef.name
           transforms:
@@ -32,10 +36,10 @@ spec:
           toFieldPath: spec.parameters.nodes.count
         - fromFieldPath: spec.parameters.nodes.size
           toFieldPath: spec.parameters.nodes.size
-        - fromFieldPath: spec.parameters.networkRef.id
-          toFieldPath: spec.parameters.networkRef.id
+        - fromFieldPath: spec.id
+          toFieldPath: spec.parameters.compositeNetworkSelector.matchLabels[networks.gcp.platformref.upbound.io/network-id]
     - base:
-        apiVersion: gcp.platformref.crossplane.io/v1alpha1
+        apiVersion: gcp.platformref.upbound.io/v1alpha1
         kind: Services
       patches:
         - fromFieldPath: spec.id

diff --git a/cluster/definition.yaml b/cluster/definition.yaml
@@ -1,93 +1,14 @@
 apiVersion: apiextensions.crossplane.io/v1
 kind: CompositeResourceDefinition
 metadata:
-  name: compositeclusters.gcp.platformref.crossplane.io
-  annotations:
-    upbound.io/ui-schema: |-
-      ---
-      configSections:
-      - title: Cluster Info
-        description: Information about this cluster
-        items:
-        - name: id
-          controlType: singleInput
-          type: string
-          path: ".spec.id"
-          title: Cluster ID
-          description: Cluster ID that other objects will use to refer to this cluster
-          default: platform-ref-gcp-cluster
-          validation:
-          - required: true
-            customError: Cluster ID is required.
-        - name: writeSecretRef
-          controlType: singleInput
-          type: string
-          path: ".spec.writeConnectionSecretToRef.name"
-          title: Connection Secret Ref
-          description: name of the secret to write to this namespace
-          default: cluster-conn
-          validation:
-          - required: true
-      - title: Cluster Nodes
-        description: Enter information to size your cluster
-        items:
-        - name: clusterNodeCount
-          controlType: singleInput
-          type: integer
-          path: ".spec.parameters.nodes.count"
-          title: Node Count
-          description: Number of nodes in the cluster
-          default: 1
-          validation:
-          - minimum: 1
-          - maximum: 100
-          - required: true
-            customError: Node count is required.
-        - name: clusterNodeSize
-          controlType: singleSelect
-          path: ".spec.parameters.nodes.size"
-          title: Node Size
-          description: Size of cluster nodes
-          default: small
-          enum:
-          - small
-          - medium
-          - large
-          validation:
-          - required: true
-            customError: Node size is required.
-      - title: Cluster Networking
-        description: Select a network fabric for your cluster
-        items:
-        - name: networkRef
-          controlType: singleInput
-          type: string
-          path: ".spec.parameters.networkRef.id"
-          title: Network Ref
-          description: Network fabric to connect the database to
-          default: platform-ref-gcp-network
-          validation:
-          - required: true
-            customError: Network ref is required.
-      - title: Cluster Services
-        description: Configure cluster services and operators
-        items:
-        - name: promVersion
-          controlType: singleInput
-          type: string
-          path: ".spec.parameters.services.operators.prometheus.version"
-          title: Prometheus Chart Version
-          description: The version of kube-prometheus-stack chart to install
-          default: 10.1.0
-          validation:
-          - required: false
+  name: compositeclusters.gcp.platformref.upbound.io
 spec:
   claimNames:
     kind: Cluster
     plural: clusters
   connectionSecretKeys:
   - kubeconfig
-  group: gcp.platformref.crossplane.io
+  group: gcp.platformref.upbound.io
   names:
     kind: CompositeCluster
     plural: compositeclusters
@@ -145,19 +66,8 @@ spec:
                               version:
                                 type: string
                                 description: Prometheus operator version to run.
-                  networkRef:
-                    type: object
-                    description: "A reference to the Network object that this cluster should be
-                    connected to."
-                    properties:
-                      id:
-                        type: string
-                        description: ID of the Network object this ref points to.
-                    required:
-                    - id
                 required:
                 - nodes
-                - networkRef
             required:
             - id
             - parameters