provider-digitalocean icon indicating copy to clipboard operation
provider-digitalocean copied to clipboard

Published 20 hours ago verified publisher icon crossplane-contrib

Droplet: allow userData value to be set in a configMap or a secret

Open macno opened this issue 1 year ago • 3 comments

What problem are you facing?

We'd like to be able to define the userData string in a configMap - or a secret - and then reference it from the Droplet definition.

In our infra we use the same userData for all the droplets we create, and having it in just one place will be better solution for maintaining it.

How could Crossplane help solve your problem?

Allowing me to define userData as a reference to another resource

i.e using a configMap:

---
apiVersion: compute.do.crossplane.io/v1alpha1
kind: Droplet
metadata:
  name: test-one
spec:
  forProvider:
    userDataRef:
      source: configMap
      key: userData
      name: user-data
      namespace: crossplane-system
---
apiVersion: compute.do.crossplane.io/v1alpha1
kind: Droplet
metadata:
  name: test-two
spec:
  forProvider:
    userDataRef:
      source: configMap
      key: userData
      name: user-data
      namespace: crossplane-system
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: user-data
  namespace: crossplane-system
data:
  userData: |
    #cloud-config

    groups:
      - sysadmins

    users:
      - name: ansibleusr
        shell: /bin/bash
        groups: sysadmins
      - name: theo-agent
        shell: /bin/false
        system: true

    write_files:
      - path: /etc/sudoers.d/50-sysadmins
        owner: root:root
        permissions: '0440'
        content: |
          %sysadmins ALL=(ALL) NOPASSWD: ALL
      - path: /etc/theo-agent/public.pem
        owner: root:root
        permissions: '0644'
        content: |
          -----BEGIN PUBLIC KEY-----
          [....]
          -----END PUBLIC KEY-----
      - path: /usr/sbin/download-install-theo.sh
        owner: root:root
        permissions: '0755'
        content: |
          #!/bin/bash
          THEO_AGENT_LATEST=$(curl -L -s -H 'Accept: application/json' https://github.com/theoapp/theo-agent/releases/latest |sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
          sudo curl -L -o /usr/sbin/theo-agent \
            https://github.com/theoapp/theo-agent/releases/download/${THEO_AGENT_LATEST}/theo-agent-$(uname -s)-$(uname -m)
          chmod 755 /usr/sbin/theo-agent
          /usr/sbin/theo-agent \
            -install \
            -verify \
            -public-key /etc/theo-agent/public.pem \
            -no-interactive \
            -sshd-config \
            -url https://fluidware.authkeys.io \
            -token xxxxxx
            -hostname-prefix test-do-
          chown -R theo-agent /etc/theo-agent
          chmod 700 /etc/theo-agent
          selinuxenabled 2>/dev/null && semanage permissive -a sshd_t
    runcmd:
      - /usr/sbin/download-install-theo.sh
      - systemctl restart ssh.service

macno avatar Oct 29 '22 11:10 macno

You can already specify the user data on a droplet in the forProvider fields.

Is there any specific reasons you'd need it in the config map and not on the droplet definition?

ADustyOldMuffin avatar Oct 29 '22 12:10 ADustyOldMuffin 

spec:
  forProvider:
    userData: |
      # put your user data here

ADustyOldMuffin avatar Oct 29 '22 12:10 ADustyOldMuffin

Hi @ADustyOldMuffin I saw you added it to 0.2.0, thanks, and that's why I proposed userDataRef as key name.

The point is to avoid to copy/paste the same userData over and over and then having to maintain all of them.

I'm currently using terraform where I simply define the userData in one place.

macno avatar Oct 30 '22 05:10 macno