本文介绍如何创建一个包含安全组和对应规则的组合资源
XSecurityGroup
。为了构建XSecurityGroup
资源,需要创建并定义xrd.yaml
、composition.yaml
、xsecuritygroup.yaml
,然后执行这三个配置文件。定义 XRD
首先需要创建自定义 API,即为后面创建的复合资源,定义该复合资源对应的参数和类型。
在
xrd.yaml
定义安全组的入站和出站配置。其中 sgIngress
,sgEgress
为必选参数。# xrd.yamlapiVersion: apiextensions.crossplane.io/v1kind: CompositeResourceDefinitionmetadata:name: xsecuritygroups.crd.tencentcloud.crossplane.iospec:group: crd.tencentcloud.crossplane.ionames:kind: XSecurityGroupplural: xsecuritygroupsversions:- name: v1alpha1served: truereferenceable: trueschema:openAPIV3Schema:type: objectproperties:spec:type: objectproperties:sgIngress: # 定义入站规则type: arrayitems:type: stringsgEgress: # 定义出站规则type: arrayitems:type: stringrequired:- sgIngress- sgEgressstatus:description: A Status represents the observed stateproperties:share:description: Freeform field containing status informationtype: objectx-kubernetes-preserve-unknown-fields: truetype: object
定义 Composition
接着,在
composition.yaml
中定义复合资源,包括一个安全组和安全组规则。用户可在资源创建后,通过
status.share.sgId
获取安全组 Id。# composition.yamlapiVersion: apiextensions.crossplane.io/v1kind: Compositionmetadata:name: composition-sgspec:compositeTypeRef:apiVersion: crd.tencentcloud.crossplane.io/v1alpha1kind: XSecurityGroupresources:# 定义安全组- name: sgbase:apiVersion: vpc.tencentcloud.crossplane.io/v1alpha1kind: SecurityGroupspec:forProvider:name: test-crossplane-sg # 安全组名称description: Security Group for the XSecurityGroup.patches:- type: ToCompositeFieldPathfromFieldPath: status.atProvider.idtoFieldPath: status.share.sgId# 定义安全组规则- name: sgrulesbase:apiVersion: vpc.tencentcloud.crossplane.io/v1alpha1kind: SecurityGroupLiteRulespec:patches:- fromFieldPath: status.share.sgIdtoFieldPath: spec.forProvider.securityGroupId- fromFieldPath: spec.sgIngresstoFieldPath: spec.forProvider.ingress- fromFieldPath: spec.sgEgresstoFieldPath: spec.forProvider.egress- type: ToCompositeFieldPathfromFieldPath: status.atProvider.idtoFieldPath: status.share.sgruleId
创建 XSecurityGroup 资源
现在,在
xsecuritygroup.yaml
中为复合资源设置具体的安全组规则。#xsecuritygroup
.yamlapiVersion: crd.tencentcloud.crossplane.io/v1alpha1kind: XSecurityGroupmetadata:name: xsg-examplespec:# 入站规则sgIngress:- "DROP#0.0.0.0/0#ALL#ALL" # 根据需求设置规则# 出站规则sgEgress:- "DROP#0.0.0.0/0#ALL#ALL" # 根据需求设置规则
使用
kubectl apply
命令依次执行上述配置文件,完成资源的创建。kubectl
apply -f xrd.yamlkubectl
apply -f composition.yamlkubectl
apply -fxsecuritygroup
.yaml
执行结果如下:
创建了前缀为
xsg-example-
的安全组实例。❯kubectl
get managedNAME READY SYNCED EXTERNAL-NAME AGEsecuritygroupliterule.vpc.tencentcloud.crossplane.io/xsg-example-bks7q True True sg-3o46faav 5h48mNAME READY SYNCED EXTERNAL-NAME AGEsecuritygroup.vpc.tencentcloud.crossplane.io/xsg-example-j6fxz True True sg-3o46faav 5h48m
![](https://qcloudimg.tencent-cloud.cn/image/document/812fd76e374228d66572cff890c847a8.png)
![](https://qcloudimg.tencent-cloud.cn/image/document/812fd76e374228d66572cff890c847a8.png)