云资源自动化 for Crossplane

{"list":[{"id":105821,"title":"动态与公告","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_105821_cn.pdf","children":[{"id":105822,"title":"产品动态","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105822"}],"link":"/document/product/1763/105821"},{"id":105823,"title":"产品简介","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_105823_cn.pdf","children":[{"id":105824,"title":"产品概述","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105824"},{"id":105825,"title":"产品优势","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105825"},{"id":105826,"title":"应用场景","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105826"}],"link":"/document/product/1763/105823"},{"id":105827,"title":"购买指南","type":"page","docType":"price","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_105827_cn.pdf","link":"/document/product/1763/105827"},{"id":105828,"title":"快速入门","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_105828_cn.pdf","link":"/document/product/1763/105828"},{"id":105829,"title":"操作指南","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_105829_cn.pdf","children":[{"id":105830,"title":"Crossplane 核心概念","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105830"},{"id":105831,"title":"Crossplane CLI  简明指南","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105831"}],"link":"/document/product/1763/105829"},{"id":105832,"title":"实践教程","type":"directory","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_105832_cn.pdf","children":[{"id":105833,"title":"构建 CVM 资源","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105833"},{"id":105834,"title":"构建 MySQL 资源","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105834"},{"id":105835,"title":"构建 CKafka 资源","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105835"},{"id":105836,"title":"构建 SecurityGroup 资源","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105836"}],"link":"/document/product/1763/105832"},{"id":105837,"title":"常见问题","type":"directory","docType":"faq","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_105837_cn.pdf","children":[{"id":105838,"title":"开启日志","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105838"},{"id":105839,"title":"导入现存资源","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105839"},{"id":105840,"title":"结合 minikube 使用 CrossPlane","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105840"},{"id":105841,"title":"预览 Crossplane 资源管理","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105841"},{"id":105842,"title":"临时禁止 Crossplane 管理资源","type":"page","docType":"default","pdfUrl":"","link":"/document/product/1763/105842"}],"link":"/document/product/1763/105837"},{"id":105843,"title":"联系我们","type":"page","docType":"default","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_105843_cn.pdf","link":"/document/product/1763/105843"},{"id":106473,"title":"词汇表","type":"page","docType":"glossary","pdfUrl":"https://main.qcloudimg.com/raw/document/product/pdf/1763_106473_cn.pdf","link":"/document/product/1763/106473"}],"categoryId":1763,"title":"云资源自动化 for Crossplane","lang":"zh"}

文档中心云资源自动化 for Crossplane 实践教程构建 SecurityGroup 资源

构建 SecurityGroup 资源

最近更新时间：2024-05-20 18:23:32

我的收藏

本页目录：

本文介绍如何创建一个包含安全组和对应规则的组合资源XSecurityGroup。为了构建XSecurityGroup资源，需要创建并定义xrd.yaml、composition.yaml、xsecuritygroup.yaml，然后执行这三个配置文件。
定义 XRD
首先需要创建自定义 API，即为后面创建的复合资源，定义该复合资源对应的参数和类型。
在 xrd.yaml 定义安全组的入站和出站配置。其中 sgIngress，sgEgress 为必选参数。
# xrd.yaml
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
  name: xsecuritygroups.crd.tencentcloud.crossplane.io
spec:
  group: crd.tencentcloud.crossplane.io
  names:
    kind: XSecurityGroup
    plural: xsecuritygroups
  versions:
    - name: v1alpha1
      served: true
      referenceable: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                sgIngress: # 定义入站规则
                  type: array
                  items:
                    type: string
                sgEgress: # 定义出站规则
                  type: array
                  items:
                    type: string
              required:
                - sgIngress
                - sgEgress
            status:
              description: A Status represents the observed state
              properties:
                share:
                  description: Freeform field containing status information
                  type: object
                  x-kubernetes-preserve-unknown-fields: true
              type: object
定义 Composition
接着，在 composition.yaml 中定义复合资源，包括一个安全组和安全组规则。
用户可在资源创建后，通过 status.share.sgId 获取安全组 Id。
# composition.yaml
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  name: composition-sg
spec:
  compositeTypeRef:
    apiVersion: crd.tencentcloud.crossplane.io/v1alpha1
    kind: XSecurityGroup
  resources:
    # 定义安全组
    - name: sg
      base:
        apiVersion: vpc.tencentcloud.crossplane.io/v1alpha1
        kind: SecurityGroup
        spec:
          forProvider:
            name: test-crossplane-sg # 安全组名称
            description: Security Group for the XSecurityGroup.
      patches:
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.id
          toFieldPath: status.share.sgId
﻿
    # 定义安全组规则
    - name: sgrules
      base:
        apiVersion: vpc.tencentcloud.crossplane.io/v1alpha1
        kind: SecurityGroupLiteRule
        spec:
      patches:
        - fromFieldPath: status.share.sgId
          toFieldPath: spec.forProvider.securityGroupId
        - fromFieldPath: spec.sgIngress
          toFieldPath: spec.forProvider.ingress
        - fromFieldPath: spec.sgEgress
          toFieldPath: spec.forProvider.egress
        - type: ToCompositeFieldPath
          fromFieldPath: status.atProvider.id
          toFieldPath: status.share.sgruleId
创建 XSecurityGroup 资源
现在，在 xsecuritygroup.yaml 中为复合资源设置具体的安全组规则。
# xsecuritygroup.yaml
apiVersion: crd.tencentcloud.crossplane.io/v1alpha1
kind: XSecurityGroup
metadata:
  name: xsg-example
spec:
# 入站规则
  sgIngress:
    - "DROP#0.0.0.0/0#ALL#ALL" # 根据需求设置规则
# 出站规则
  sgEgress:
    - "DROP#0.0.0.0/0#ALL#ALL" # 根据需求设置规则
使用 kubectl apply 命令依次执行上述配置文件，完成资源的创建。
kubectl apply -f xrd.yaml
kubectl apply -f composition.yaml
kubectl apply -f xsecuritygroup.yaml
执行结果如下：
创建了前缀为 xsg-example- 的安全组实例。
❯ kubectl get managed
NAME                                                                     READY   SYNCED   EXTERNAL-NAME   AGE
securitygroupliterule.vpc.tencentcloud.crossplane.io/xsg-example-bks7q   True    True     sg-3o46faav     5h48m
﻿
NAME                                                             READY   SYNCED   EXTERNAL-NAME   AGE
securitygroup.vpc.tencentcloud.crossplane.io/xsg-example-j6fxz   True    True     sg-3o46faav     5h48m
此时，您可以在控制台查看创建的安全组资源。
﻿
﻿
﻿
﻿
﻿

上一篇: 构建 CKafka 资源下一篇: 开启日志