provider-digitalocean
provider-digitalocean copied to clipboard
Droplet: allow userData value to be set in a configMap or a secret
What problem are you facing?
We'd like to be able to define the userData string in a configMap - or a secret - and then reference it from the Droplet definition.
In our infra we use the same userData for all the droplets we create, and having it in just one place will be better solution for maintaining it.
How could Crossplane help solve your problem?
Allowing me to define userData as a reference to another resource
i.e using a configMap:
---
apiVersion: compute.do.crossplane.io/v1alpha1
kind: Droplet
metadata:
name: test-one
spec:
forProvider:
userDataRef:
source: configMap
key: userData
name: user-data
namespace: crossplane-system
---
apiVersion: compute.do.crossplane.io/v1alpha1
kind: Droplet
metadata:
name: test-two
spec:
forProvider:
userDataRef:
source: configMap
key: userData
name: user-data
namespace: crossplane-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: user-data
namespace: crossplane-system
data:
userData: |
#cloud-config
groups:
- sysadmins
users:
- name: ansibleusr
shell: /bin/bash
groups: sysadmins
- name: theo-agent
shell: /bin/false
system: true
write_files:
- path: /etc/sudoers.d/50-sysadmins
owner: root:root
permissions: '0440'
content: |
%sysadmins ALL=(ALL) NOPASSWD: ALL
- path: /etc/theo-agent/public.pem
owner: root:root
permissions: '0644'
content: |
-----BEGIN PUBLIC KEY-----
[....]
-----END PUBLIC KEY-----
- path: /usr/sbin/download-install-theo.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/bash
THEO_AGENT_LATEST=$(curl -L -s -H 'Accept: application/json' https://github.com/theoapp/theo-agent/releases/latest |sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
sudo curl -L -o /usr/sbin/theo-agent \
https://github.com/theoapp/theo-agent/releases/download/${THEO_AGENT_LATEST}/theo-agent-$(uname -s)-$(uname -m)
chmod 755 /usr/sbin/theo-agent
/usr/sbin/theo-agent \
-install \
-verify \
-public-key /etc/theo-agent/public.pem \
-no-interactive \
-sshd-config \
-url https://fluidware.authkeys.io \
-token xxxxxx
-hostname-prefix test-do-
chown -R theo-agent /etc/theo-agent
chmod 700 /etc/theo-agent
selinuxenabled 2>/dev/null && semanage permissive -a sshd_t
runcmd:
- /usr/sbin/download-install-theo.sh
- systemctl restart ssh.service
You can already specify the user data on a droplet in the forProvider fields.
Is there any specific reasons you'd need it in the config map and not on the droplet definition?
spec:
forProvider:
userData: |
# put your user data here
Hi @ADustyOldMuffin I saw you added it to 0.2.0, thanks, and that's why I proposed userDataRef
as key name.
The point is to avoid to copy/paste the same userData over and over and then having to maintain all of them.
I'm currently using terraform where I simply define the userData in one place.