API Samples
API Samples
Packages:
#authorization.dataservices.vmware.com/v1alpha1
DsmRoleBinding
For DSM Admin Role
apiVersion: authorization.dataservices.vmware.com/v1alpha1
kind: DsmRoleBinding
metadata:
name: dsmadmin
role: DSM_ADMIN
subjects:
- kind: User
name: [email protected]
##databases.dataservices.vmware.com/v1alpha1
DatabaseConfig
With a custom db param
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: DatabaseConfig
metadata:
name: db-config-i4c35-1721685809783
namespace: default
spec:
params:
max_connections: "300"
PostgresCluster
With custom db param, backup config & 1 replica
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: my-pg-cluster
namespace: default
spec:
adminUsername: pgadmin
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
- name: default-incremental-backup
schedule: 59 23 1/1 * *
type: incremental
backupLocation:
name: default-backup-storage
databaseConfig:
name: db-config-i4c35-1721685809783
databaseName: my-pg-cluster
infrastructurePolicy:
name: infra-policy-02-rp
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "22:59"
replicas: 1
storagePolicyName: dsm-test
storageSpace: 60Gi
version: 14.15+vmware.v2.2.0
vmClass:
name: medium
With a seondary replica (Disaster Recovery)
// Primary
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: my-pg-cluster
namespace: default
spec:
adminUsername: pgadmin
backupLocation:
name: default-backup-storage
databaseName: test-primary
infrastructurePolicy:
name: infra-policy-01
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "04:59"
replicas: 0
replicationSlots:
- slotName: test_rep_slot
user: test-rep-slot
description: "This represents the secondary cluster in Chicago"
storagePolicyName: dsm-test
storageSpace: 60Gi
version: 16.6+vmware.v2.2.0
vmClass:
name: medium
// Secondary
---
apiVersion: v1
data:
user: dGVzdC1yZXAtc2xvdA== # This is the username of the replication user encoded in base64
password: SWFGZnh6SDZaOU5raDZoUzFyNnE4MTBJOUpVMHhw # This is the password of the replication user encoded in Base64.
dbName: dGVzdC1wcmltYXJ5 # This is the database of the remote cluster encoded in Base64.
kind: Secret
metadata:
name: my-pg-secondary-rep-secret
namespace: default
type: Opaque
---
apiVersion: v1
data:
tls.crt: |-
-----BEGIN CERTIFICATE-----
MIIC7TCCAdWgAwIBAgIGAZRCYKIkMA0GCSqGSIb3DQEBCwUAMCgxFTATBgNVBAMM
DFZNd2FyZS1EQi1DQTEPMA0GA1UECgwGVk13YXJlMB4XDTI1MDEwNDIwMDY1NloX
DTM1MDEwNzIwMDY1NlowKDEVMBMGA1UEAwwMVk13YXJlLURCLUNBMQ8wDQYDVQQK
DAZWTXdhcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBTP4Vj8/j
FFuQ9cmg4KqavYghsoNTuEs0DOmwKD+zZLVEhfWpdiaMZDaG5JvCVig1rGu5Z3LU
rfN/FGEEW6ixrYRdFpdFdcdWqctyY/POED0fjV1kU2XCRSTpy3OGtytGVY9rWJkl
G0kPuyqKYNK/hX1OBUn6ANfmlhZKR4rkZxBjFsDpGyQDHmkl+Zzu5hIy88uALxtT
VDNLljtsW/DBMtvSN5owiAJ9gLjzZSLA9ySocEjdgS60c8AwRoVcN8UTTyvMSTUW
WyLG+s8cCNxRqyyn9ZoRR4tUaDTSFbwiCK2ejJ+coZ0Sxi0U23TKxrqnOhFSHilJ
/9scNDd+h2CNAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQAcFdNFhBl0ZpGxj2Tzqjr8hUm2fr/F3yikmrnvwchO
/4PZHUGb1cPAqTF8nvnI0CvxCYIH3assg+5qWwgPLjpuYY3LC1y7P5EDvlOYpux8
OIJkcVX9AxTsm8lKDXoZcsJVb6s/pxjJ74jIfPtOInU6gErV12aHzuHtjLTdCN2F
RlDqSVczJC4sqKrw8He/nzH35+vFDWgmxvoDo2n/6EEeymwaGWhQTjaF3mvUYcO5
fRbO+OAGi+kPwgtj5PJH8l3Ou7A+88CUz3I3+GU6QaIj3dnPrgf9pwLurU+kpru9
tIQF6AjyEL5tmnIwF9hQxEL9v7tYDFanpc9EjhQF3/oE
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
name: sample-my-pg-primary-ca
namespace: default
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: my-pg-secondary
namespace: default
spec:
adminUsername: pgadmin
basedOn:
continuousRecovery:
enabled: true
replicationSlot:
credentials:
name: my-pg-secondary-rep-secret
hostname: 10.161.88.93
port: 5432
slotName: test_rep_slot
trustBundle:
name: sample-my-pg-primary-ca
namespace: default
databaseName: test-primary
infrastructurePolicy:
name: infra-policy-01
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "04:59"
replicas: 0
storagePolicyName: dsm-test
storageSpace: 60Gi
version: 16.6+vmware.v2.2.0
vmClass:
name: medium
MySQLCluster
With a custom db param, backup config and 1 replica.
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
metadata:
name: foo-db
namespace: default
spec:
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: default-backup-storage
databaseConfig:
name: db-config-87o9b-1721686239818
infrastructurePolicy:
name: infra-policy-02-rp
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "22:59"
members: 3
storagePolicyName: dsm-test
storageSpace: 60Gi
version: 8.0.34+vmware.v2.1.0
vmClass:
name: medium
SQLServerCluster
The SQL Server APIs are provided as a Technical Preview.
These APIs are subject to change and may not be backward compatible across future VMware Data Services Manager releases.
SQL Server Cluster with "Express" edition
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerCluster
metadata:
name: sqlserver-01
namespace: default
spec:
edition: "Express"
infrastructurePolicy:
name: infra-policy-01
placementSelector:
cluster: dbaas-cluster
datacenter: dbaas-dc
storagePolicyName: dsm-test
storageSpace: 20Gi
version: "16.0.4165.4"
vmClass:
name: small
SQL Server Cluster with ActiveDirectory
apiVersion: v1
kind: Secret
metadata:
name: test-sqlserver-account
namespace: default
stringData:
username: "sqlsvc01"
password: "<sqlsvc01's password>"
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerCluster
metadata:
name: mssql-with-ad
namespace: default
spec:
dnsNames:
# Optional, but strongly recommended for compatibility with the SQL Server Management Studio
- my-sql-server-db.example.org
activeDirectory:
domain:
name: test-example-domain
sqlServerAccount:
name: test-sqlserver-account
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
storageSpace: 20Gi
version: "16.0.4165.4"
vmClass:
name: small
SQLServerDatabase
SQL Server Database with SQL User
apiVersion: v1
kind: Secret
metadata:
name: sqluser-pass
namespace: default
data:
password: U29tZVN0b3JuZ1Bhc3MxMjMh
type: Opaque
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db
namespace: default
spec:
placement:
sqlServer:
name: sqlserver-01
namespace: default
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: default-backup-storage
owners:
- type: SQLUser
username: sqluser
passwordRef:
name: sqluser-pass
fieldPath: password
Restore SQL Server Database with SQL User
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db-clone
namespace: default
spec:
basedOn:
database:
name: mssql-db
placement:
sqlServer:
name: sqlserver-01
namespace: default
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: default-backup-storage
owners:
- type: SQLUser
username: sqluser
passwordRef:
name: sqluser-pass
fieldPath: password
SQL Server Database with AD User
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db-with-ad
namespace: default
spec:
placement:
sqlServer:
name: mssql-with-ad
namespace: default
owners:
- type: WindowsPrincipal
username: 'EXAMPLE\test-db-owner-group'
- type: WindowsPrincipal
username: 'EXAMPLE\test-db-owner-user'
##infrastructure.dataservices.vmware.com/v1alpha1
IPPool
With 2 IP ranges
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: IPPool
metadata:
name: test-ippool
spec:
addresses:
- 1.1.1.1
- 1.1.1.12-1.1.1.50
- 1.1.1.65-1.1.1.90
gateway: 10.10.10.10
prefix: 24
VMClass
With 8 vCPU and 16 Gi memory.
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: VMClass
metadata:
name: large
spec:
requests:
cpu: "8"
memory: "16"
InfrastructurePolicy
With a resource pool.
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: InfrastructurePolicy
metadata:
name: infra-policy-02-rp
spec:
enabled: true
ipRanges:
- poolName: ippools-test-01
portGroups:
- datacenter: dbaas-dc
name: Mgmt
placements:
- cluster: dbaas-cluster
datacenter: dbaas-dc
folder: DSM
portGroups:
- Mgmt
resourcePool: rp1
storagePolicies:
- dsm-test
vmClasses:
- name: small
- name: medium
- name: large
DirectoryService
With ldap configured.
apiVersion: v1
kind: Secret
metadata:
name: sample-ldap-ca
namespace: dsm-system
data:
tls.crt: |
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJGUjET
MBEGA1UECAwKU29tZS1TdGF0ZTEOMAwGA1UEBwwFUGFyaXMxDTALBgNVBAoMBERp
bWkxDTALBgNVBAsMBE5TQlUxEDAOBgNVBAMMB0RpbWkgQ0ExGzAZBgkqhkiG9w0B
CQEWDGRpbWlAZGltaS5mcjAeFw0xNDAxMjgyMDM2NTVaFw0yNDAxMjYyMDM2NTVa
MFsxCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC3d3dy5kaW1pLmZyMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnaPKLIKdvx98KW68lz8pGa
RRcYersNGqP-this-is-a-dummy-cert-uidhasaFSJSAKCvrtWhN+haKbSp+QWX
SxiTrW99HBfAl1MDQyWcukoEb9Cw6INctVUN4iRvkn9T8E6q174RbcnwA/7yTc7p
1NCvw+6B/aAN9l1G2pQXgRdYC/+G6o1IZEHtWhqzE97nY5QKNuUVD0V09dc5CDYB
aKjqetwwv6DFk/GRdOSEd/6bW+20z0qSHpa3YNW6qSp+x5pyYmDrzRIR03os6Dau
ZkChSRyc/Whvurx6o85D6qpzywo8xwNaLZHxTQPgcIA5su9ZIytv9LH2E+lSwwID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+tugFtyN+cXe1wxUqeA7X+yS3bgw
HwYDVR0jBBgwFoAUhMwqkbBrGp87HxfvwgPnlGgVR64wDQYJKoZIhvcNAQEFBQAD
ggEBAIEEmqqhEzeXZ4CKhE5UM9vCKzkj5Iv9TFs/a9CcQuepzplt7YVmevBFNOc0
+1ZyR4tXgi4+5MHGzhYCIVvHo4hKqYm+J+o5mwQInf1qoAHuO7CLD3WNa1sKcVUV
vepIxc/1aHZrG+dPeEHt0MdFfOw13YdUc2FH6AqEdcEL4aV5PXq2eYR8hR4zKbc1
fBtuqUsvA8NWSIyzQ16fyGve+ANf6vXvUizyvwDrPRv/kfvLNa3ZPnLMMxU98Mvh
PXy3PkB8++6U4Y3vdk2Ni2WYYlIls8yqbM4327IKmkDc2TimS8u60CT47mKU7aDY
cbTV5RDkrlaYwm5yqlTIglvCv7o=
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
name: sample-ldap-credentials
namespace: dsm-system
type: "kubernetes.io/basic-auth"
data:
username: bGRhcGFkbWlu # This is 'ldapadmin' encoded in Base64
password: cGFzc3dvcmQ= # This is 'password' encoded in Base64
---
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: DirectoryService
metadata:
name: ldap-default
namespace: dsm-system
spec:
type: "ActiveDirectory"
domain: vmware.com
baseDnUsers: dc=vmware,dc=com
bindCredentials:
name: sample-ldap-credentials
primaryServerUrl: ldaps://ldap.vmware.com:3269
secondaryServerUrls:
- ldaps://scrootdc1.vmware.com:3269
- ldaps://scdc2rootdc04.vmware.com:3269
trustBundle:
name: sample-ldap-ca
namespace: dsm-system
userSearchAttribute: "userPrincipalName"
ActiveDirectoryDomain
apiVersion: v1
kind: ConfigMap
metadata:
name: example-domain-trust-bundle
namespace: default
data:
tls.crt: |
-----BEGIN CERTIFICATE-----
... The PEM-encoded CA certificate of the domain's LDAP services.
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
name: example-domain-priv-account
namespace: default
stringData:
username: "test-user"
password: "<test-user's password>"
---
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: ActiveDirectoryDomain
metadata:
name: test-example-domain
namespace: default
spec:
name: example.org
nameservers:
- 10.20.30.40
trustBundle:
# Needed for DSM to be able to talk with the LDAP services of the
# selected domain. When manually providing keytabs, DSM doesn't need to
# talk to the LDAP and this trust bundle is not required.
name: example-domain-trust-bundle
privilegedAccountCredentials:
# Like above, this is only needed for DSM to be able to talk with the LDAP
# services of the selected domain. Refer to the documentation about what
# privileges this account needs to have.
name: example-domain-priv-account
##observability.dataservices.vmware.com/v1alpha1
LogBundle
Support bundle for Postgres
apiVersion: observability.dataservices.vmware.com/v1alpha1
kind: LogBundle
metadata:
name: test-logs
namespace: default
spec:
retentionPeriod: 48h
targetRef:
kind: PostgresCluster
name: cluster
MetricsTarget
Metrics Target for VCFOps
apiVersion: observability.dataservices.vmware.com/v1alpha1
kind: MetricsTarget
metadata:
name: metrics-default
namespace: dsm-system
spec:
type: VCFOps
endpoint: "https://10.84.1.1:8443/opensource/default/metric"
tls:
insecureSkipVerify: false
trustBundle:
name: trusted-root-ca
namespace: dsm-system
clientCertificate:
name: client-cert-secret
credentials:
name: basic-auth-secret
timeout: 7s
headers:
Content-Type: "text/plain; charset=utf-8"
additional-static-metadata: my-value
##system.dataservices.vmware.com/v1alpha1
DsmSystemConfig
With ntp configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
metadata:
name: dsm-system-config
spec:
ceipConsent: true
dnsServers:
- 1.2.3.4
dsmProviderId: f9b039f9-2683-43b1-aae0-5602614cde0b
externalLogDestination:
enabled: false
trustBundle: {}
gateway: 10.11.12.13
ip: 5.6.7.8
netmask: 255.255.224.0
ntpServers:
- time.vmware.com
With external log destination - udp configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
...
spec:
externalLogDestination:
enabled: true
remoteLogDestinationProvider: syslog server
remoteLogUrl: udp://0.0.1.1:514
trustBundle: {}
With external log destination - tls configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
...
spec:
externalLogDestination:
enabled: true
remoteLogDestinationProvider: syslog server
remoteLogUrl: ssl://0.0.1.1:1514
trustBundle:
name: trusted-root-ca
namespace: dsm-system
Image Registry
Pointing to a public repo (https://quay.io/organization/minio/)
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: ImageRegistry
metadata:
name: quay-minio
namespace: dsm-system
spec:
endpoint: quay.io
repo: minio
dataServiceSelector:
matchExpressions:
- key: dsm.vmware.com/data-service-type
operator: In
values:
- vmware-objectstore-minio