API Samples
VMware Data Services Manager - API Samples
version 9.0.2.0
API Samples
This document provides YAML examples for VMware Data Services Manager (DSM) Kubernetes APIs. Use these samples as templates for creating and managing database resources, infrastructure policies, and system configurations.
API Packages:
-
authorization.dataservices.vmware.com/v1alpha1 - Role bindings and user permissions
-
databases.dataservices.vmware.com/v1alpha1 - PostgreSQL, MySQL, and SQL Server database resources
-
infrastructure.dataservices.vmware.com/v1alpha1 - Infrastructure policies, IP pools, VM classes, and directory services
-
observability.dataservices.vmware.com/v1alpha1 - Log bundles and metrics targets
-
system.dataservices.vmware.com/v1alpha1 - System configuration, support bundles, and image registries
authorization.dataservices.vmware.com/v1alpha1
This package contains resources for managing user authorization and role bindings.
Resources in this package:
- DsmRoleBinding - Bind users to DSM roles for access control
DsmRoleBinding
For DSM Admin Role
apiVersion: authorization.dataservices.vmware.com/v1alpha1 kind: DsmRoleBinding metadata: name: dsmadmin role: DSM_ADMIN subjects: - kind: User name: [email protected]
databases.dataservices.vmware.com/v1alpha1
This package contains resources for creating and managing PostgreSQL, MySQL, and SQL Server databases.
Resources in this package:
- DatabaseConfig - Custom database parameter configurations
- PostgresCluster - PostgreSQL database clusters
- PostgresClusterBackup - PostgreSQL cluster backup operations
- MySQLCluster - MySQL database clusters
- SQLServerCluster - SQL Server clusters (Technical Preview)
- SQLServerDatabase - SQL Server databases (Technical Preview)
DatabaseConfig
With a custom db param
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: DatabaseConfig
metadata:
name: db-config-i4c35-1721685809783
namespace: default
spec:
params:
max_connections: "300"
PostgresCluster
Policy configuration which allows users to create Postgres Database
# NOTE: These samples expect that a DSM user `[email protected]` exists. # You can create a local DSM user via the DSM UI `Permissions` tab. # # NOTE: All objects in this file need to be created by a DSM admin. # # Namespace for the sample Postgres cluster. apiVersion: v1 kind: Namespace metadata: name: postgres-user-namespace labels: dsm.vmware.com/created-in: dsm dsm.vmware.com/ns-type: dsm-managed --- # Binding grants the user access to the sample namespace. apiVersion: authorization.dataservices.vmware.com/v1alpha1 kind: DSMUserNamespaceBinding metadata: name: postgres-user-namespace-bind namespace: postgres-user-namespace subjects: - kind: User name: [email protected] --- # Policy allows to use InfrastructurePolicy `infra-policy-01` or SupervisorInfrastructurePolicy # `dsm-test`, BackupLocation `default-backup-storage`, any replicas (0 or 1), and version # `16` or `17`to create Postgres clusters in the sample namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicy metadata: labels: dsm.vmware.com/created-in: dsm name: postgres-policy namespace: dsm-system spec: matchCriteria: - key: kubernetes.io/metadata.name operator: in values: - postgres-user-namespace - key: dsm.vmware.com/created-in operator: in values: - dsm serviceType: vmware-sql-postgres postgresPolicy: allowedReplicas: - -1 allowedVersions: - "16" - "17" common: allowedBackupLocations: - default-backup-storage allowedInfrastructurePolicies: - infra-policy-01 - dsm-test allowedMaintenanceWindowStates: - 'on' databaseConfig: allowedParameters: - '*' allowedStorageSpace: min: 20Gi max: 100Gi backupConfig: allowedStates: - "on" allowedRetentionDays: min: 30 max: 90 requiredSchedules: - name: required-weekly type: full schedule: 59 23 * * 6 --- # Binding applies all relevant policies to a namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicyBinding metadata: name: binding namespace: postgres-user-namespace spec: namespaceProperties: # Property `dsm.vmware.com/created-in: dsm` and `kubernetes.io/metadata.name: mysql-user-namespace` # match the `matchCriteria` in the above DataServicePolicy dsm.vmware.com/created-in: dsm kubernetes.io/metadata.name: postgres-user-namespace # This property makes the namespace visible in the namespace list on the database creation page # of the DSM portal. dsm.vmware.com/ns-type: dsm-managed
With custom db param, backup config & 1 replica
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: DatabaseConfig
metadata:
name: test-config
namespace: postgres-user-namespace
spec:
params:
"max_connections": "100"
"max_worker_processes": "10"
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: test-pg-with-cfg
namespace: postgres-user-namespace
spec:
replicas: 1
version: "17"
vmClass:
name: medium
storageSpace: 25G
backupConfig:
backupRetentionDays: 91
schedules:
- name: full-weekly
type: full
schedule: "0 0 * * 0"
- name: incremental-daily
type: incremental
schedule: "0 0 * * *"
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
databaseConfig:
name: test-config
backupLocation:
name: default-backup-storage
Restore Postgres Database
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: test-pg-restore
namespace: postgres-user-namespace
spec:
replicas: 1
version: "17"
vmClass:
name: medium
storageSpace: 25G
backupConfig:
backupRetentionDays: 91
schedules:
- name: full-weekly
type: full
schedule: "0 0 * * 0"
- name: incremental-daily
type: incremental
schedule: "0 0 * * *"
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
backupLocation:
name: default-backup-storage
basedOn:
cluster:
name: test-pg-cluster # should be changed to the source cluster's name
With a secondary replica (Disaster Recovery)
# Primary
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: my-pg-cluster
namespace: postgres-user-namespace
spec:
adminUsername: pgadmin
backupLocation:
name: default-backup-storage
backupConfig:
backupRetentionDays: 91
schedules:
- name: schedule
schedule: '0 0 * * *'
type: full
databaseName: test-primary
infrastructurePolicy:
name: infra-policy-01
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "04:59"
replicas: 0
replicationSlots:
- slotName: test_rep_slot
user: test-rep-slot
description: "The replication slot to be used by the secondary cluster my-pg-secondary"
storagePolicyName: dsm-test
storageSpace: 60Gi
version: 17.7+vmware.v9.0.2.0
vmClass:
name: medium
---
# Secondary
apiVersion: v1
data:
user: dGVzdC1yZXAtc2xvdA== # This is the username of the replication user encoded in base64
password: SWFGZnh6SDZaOU5raDZoUzFyNnE4MTBJOUpVMHhw # This is the password of the replication user encoded in Base64.
dbName: dGVzdC1wcmltYXJ5 # This is the database of the remote cluster encoded in Base64.
kind: Secret
metadata:
name: my-pg-secondary-rep-secret
namespace: postgres-user-namespace
type: Opaque
---
apiVersion: v1
data:
tls.crt: |-
-----BEGIN CERTIFICATE-----
MIIC7TCCAdWgAwIBAgIGAZRCYKIkMA0GCSqGSIb3DQEBCwUAMCgxFTATBgNVBAMM
DFZNd2FyZS1EQi1DQTEPMA0GA1UECgwGVk13YXJlMB4XDTI1MDEwNDIwMDY1NloX
DTM1MDEwNzIwMDY1NlowKDEVMBMGA1UEAwwMVk13YXJlLURCLUNBMQ8wDQYDVQQK
DAZWTXdhcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBTP4Vj8/j
FFuQ9cmg4KqavYghsoNTuEs0DOmwKD+zZLVEhfWpdiaMZDaG5JvCVig1rGu5Z3LU
rfN/FGEEW6ixrYRdFpdFdcdWqctyY/POED0fjV1kU2XCRSTpy3OGtytGVY9rWJkl
G0kPuyqKYNK/hX1OBUn6ANfmlhZKR4rkZxBjFsDpGyQDHmkl+Zzu5hIy88uALxtT
VDNLljtsW/DBMtvSN5owiAJ9gLjzZSLA9ySocEjdgS60c8AwRoVcN8UTTyvMSTUW
WyLG+s8cCNxRqyyn9ZoRR4tUaDTSFbwiCK2ejJ+coZ0Sxi0U23TKxrqnOhFSHilJ
/9scNDd+h2CNAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQAcFdNFhBl0ZpGxj2Tzqjr8hUm2fr/F3yikmrnvwchO
/4PZHUGb1cPAqTF8nvnI0CvxCYIH3assg+5qWwgPLjpuYY3LC1y7P5EDvlOYpux8
OIJkcVX9AxTsm8lKDXoZcsJVb6s/pxjJ74jIfPtOInU6gErV12aHzuHtjLTdCN2F
RlDqSVczJC4sqKrw8He/nzH35+vFDWgmxvoDo2n/6EEeymwaGWhQTjaF3mvUYcO5
fRbO+OAGi+kPwgtj5PJH8l3Ou7A+88CUz3I3+GU6QaIj3dnPrgf9pwLurU+kpru9
tIQF6AjyEL5tmnIwF9hQxEL9v7tYDFanpc9EjhQF3/oE
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
name: sample-my-pg-primary-ca
namespace: postgres-user-namespace
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: my-pg-secondary
namespace: postgres-user-namespace
spec:
adminUsername: pgadmin
basedOn:
continuousRecovery:
enabled: true
replicationSlot:
credentials:
name: my-pg-secondary-rep-secret
hostname: 192.168.111.45 # This is the public IP of the primary "my-pg-cluster" obtained from its status.connection.host
port: 5432
slotName: test_rep_slot
trustBundle:
name: sample-my-pg-primary-ca
namespace: postgres-user-namespace
databaseName: test-primary
infrastructurePolicy:
name: infra-policy-01
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "04:59"
replicas: 0
storagePolicyName: dsm-test
storageSpace: 60Gi
version: 17.7+vmware.v9.0.2.0
vmClass:
name: medium
PostgresClusterBackup
Backup Postgres Cluster
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresClusterBackup
metadata:
name: pg-backup
namespace: postgres-user-namespace
spec:
backupFilesDeletionPolicy: Delete
backupLocation:
name: default-backup-storage
sourceCluster:
name: test-pg-cluster
MySQLCluster
Policy configuration which allows users to create MYSQL Database
# NOTE: These samples expect that a DSM user `[email protected]` exists. # You can create a local DSM user via the DSM UI `Permissions` tab. # # NOTE: All objects in this file need to be created by a DSM admin. # # Namespace for the sample MySQL cluster. apiVersion: v1 kind: Namespace metadata: name: mysql-user-namespace labels: dsm.vmware.com/created-in: dsm dsm.vmware.com/ns-type: dsm-managed --- # Binding grants the user access to the sample namespace. apiVersion: authorization.dataservices.vmware.com/v1alpha1 kind: DSMUserNamespaceBinding metadata: name: mysql-user-namespace-bind namespace: mysql-user-namespace subjects: - kind: User name: [email protected] --- # Policy allows to use InfrastructurePolicy `infra-policy-01` or SupervisorInfrastructurePolicy # `dsm-test`, BackupLocation `default-backup-storage`, any number of members (1 or 3), # and version `8.0.41` or `8.0.40` to create MySQL clusters in the sample namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicy metadata: labels: dsm.vmware.com/created-in: dsm name: mysql-policy namespace: dsm-system spec: matchCriteria: - key: kubernetes.io/metadata.name operator: in values: - mysql-user-namespace - key: dsm.vmware.com/created-in operator: in values: - dsm serviceType: vmware-sql-mysql mysqlPolicy: allowedMembers: - -1 allowedVersions: - "8.0.40" - "8.0.41" common: allowedBackupLocations: - default-backup-storage allowedInfrastructurePolicies: - infra-policy-01 - dsm-test allowedMaintenanceWindowStates: - 'on' databaseConfig: allowedParameters: - '*' allowedStorageSpace: min: 20Gi max: 100Gi backupConfig: allowedStates: - "on" allowedRetentionDays: min: 30 max: 90 requiredSchedules: - name: required-weekly type: full schedule: 59 23 * * 6 --- # Binding applies all relevant policies to a namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicyBinding metadata: name: binding namespace: mysql-user-namespace spec: namespaceProperties: # Property `dsm.vmware.com/created-in: dsm` and `kubernetes.io/metadata.name: mysql-user-namespace` # match the `matchCriteria` in the above DataServicePolicy dsm.vmware.com/created-in: dsm kubernetes.io/metadata.name: mysql-user-namespace # This property makes the namespace visible in the namespace list on the database creation page # of the DSM portal. dsm.vmware.com/ns-type: dsm-managed
With a custom backup config and 1 replica.
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: DatabaseConfig
metadata:
name: test-mysql-config
namespace: mysql-user-namespace
spec:
params:
"max_connections": "100"
"max_binlog_size": "1073741824"
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
metadata:
name: test-mysql-with-cfg
namespace: mysql-user-namespace
spec:
members: 1
version: "8.0.41"
vmClass:
name: medium
storageSpace: 25G
backupConfig:
backupRetentionDays: 90
schedules:
- name: full-30mins
type: full
schedule: "*/30 * * * *"
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
databaseConfig:
name: test-mysql-config
backupLocation:
name: default-backup-storage
Restore MySQL Database
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
metadata:
name: test-mysql-restore
namespace: mysql-user-namespace
spec:
members: 1
version: "8.0.41"
vmClass:
name: medium
storageSpace: 25G
backupConfig:
backupRetentionDays: 90
schedules:
- name: full-30mins
type: full
schedule: "*/30 * * * *"
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
backupLocation:
name: default-backup-storage
basedOn:
cluster:
name: test-mysql-cluster # should be changed to the source cluster's name
SQLServerCluster
The SQL Server APIs are provided as a Technical Preview.
These APIs are subject to change and may not be backward compatible across future VMware Data Services Manager releases.
SQL Server Cluster with "Express" edition
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerCluster
metadata:
name: sqlserver-01
namespace: dsm-system
spec:
edition: "Express"
serverConfig:
collation: "Latin1_General_CI_AS"
traceFlags: [3226]
mssqlConf:
coredump.disablecoredump: "true"
errorlog.numerrorlogs: "10"
network.tlsprotocols: "1.2"
auditing:
preset: "AllLogins"
logRetention: "720h"
infrastructurePolicy:
name: infra-policy-01
placementSelector:
cluster: dbaas-cluster
datacenter: dbaas-dc
storagePolicyName: dsm-test
storageSpace: 20Gi
version: "2022.CU16"
vmClass:
name: small
SQL Server Cluster with ActiveDirectory
apiVersion: v1
kind: Secret
metadata:
name: test-sqlserver-account
namespace: dsm-system
stringData:
username: "sqlsvc01"
password: "<sqlsvc01's password>"
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerCluster
metadata:
name: mssql-with-ad
namespace: dsm-system
spec:
edition: "Developer"
dnsNames:
- mssql01.example.org
activeDirectory:
domain:
name: test-example-domain
sqlServerAccount:
name: test-sqlserver-account
# This setting asks DSM to create DNS records (both A and PTR) in the
# primary nameserver configured on the ActiveDirectoryDomain.
writeDNSNames: ForwardAndReverse
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
storageSpace: 20Gi
version: "2022.CU16"
vmClass:
name: small
SQL Server Cluster with ActiveDirectory manual configuration
apiVersion: v1
kind: Secret
metadata:
name: test-sqlserver-account-02
namespace: dsm-system
stringData:
# When using keytab, this Secret does not need to contain password because
# the keytab contains keys derived from the password
username: "sqlsvc02"
---
apiVersion: v1
kind: Secret
metadata:
name: test-sqlserver-keytab
namespace: dsm-system
data:
# Keytab (binary) file for the service account and the chosen DNS name(s) of
# the SQL Server cluster.
# On Windows could create keytab via the ktpass tool.
# On Linux could create keytab via ktutil or adutil.
keytab: BQI=
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerCluster
metadata:
name: mssql-with-ad-02
namespace: dsm-system
spec:
edition: "Developer"
dnsNames:
# Optional, but strongly recommended for compatibility with the SQL Server Management Studio
- mssql02.example.org
activeDirectory:
domain:
name: test-example-domain
# When using keytab, the service account must have appropriate Service
# Principal Names (SPNs) for the DNS name(s) of the SQL Server cluster.
# SPNs could be configured via the setspn Windows tool, via the adutil
# Linux tool or by directly modifying the servicePrincipalName LDAP
# attribute on the service account.
sqlServerAccount:
name: test-sqlserver-account-02
keytab:
name: test-sqlserver-keytab
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
storageSpace: 20Gi
version: "2022.CU16"
vmClass:
name: small
DataServicePolicy
Policy configuration which allows users to create databases on the sample SQL Server clusters
# NOTE: These samples expect that a DSM user `[email protected]` exists. # You can create a local DSM user via the DSM UI `Permissions` tab. # # NOTE: All objects in this file need to be created by a DSM admin. # # Namespace for the sample SQL Server databases. apiVersion: v1 kind: Namespace metadata: name: sqlserver-user-namespace labels: dsm.vmware.com/created-in: dsm dsm.vmware.com/ns-type: dsm-managed --- # Binding grants the user access to the sample namespace. apiVersion: authorization.dataservices.vmware.com/v1alpha1 kind: DSMUserNamespaceBinding metadata: name: sqlserver-user-namespace-bind namespace: sqlserver-user-namespace subjects: - kind: User name: [email protected] --- # Policy allows SQL Server databases in the sample namespace to be placed on # the sample SQL Server clusters and to use `trusted-root-backup-storage`. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicy metadata: labels: dsm.vmware.com/created-in: dsm name: sqlserver-policy namespace: dsm-system spec: matchCriteria: - key: kubernetes.io/metadata.name operator: in values: - sqlserver-user-namespace - key: dsm.vmware.com/created-in operator: in values: - dsm serviceType: vmware-sql-sqlserver-database sqlServerDatabasePolicy: allowedBackupLocations: - trusted-root-backup-storage allowedPlacements: - sqlServer: name: sqlserver-01 namespace: dsm-system - sqlServer: name: mssql-with-ad namespace: dsm-system allowedOwnerTypes: - WindowsPrincipal - SQLUser backupConfig: allowedStates: - "*" allowedRetentionDays: min: 30 max: 60 requiredSchedules: - name: required-weekly type: full schedule: 59 23 * * 6 --- # Binding applies all relevant policies to a namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicyBinding metadata: name: binding namespace: sqlserver-user-namespace spec: namespaceProperties: # Property `dsm.vmware.com/created-in: dsm` and `kubernetes.io/metadata.name: mysql-user-namespace` # match the `matchCriteria` in the above DataServicePolicy dsm.vmware.com/created-in: dsm kubernetes.io/metadata.name: sqlserver-user-namespace # This property makes the namespace visible in the namespace list on the database creation page # of the DSM portal. dsm.vmware.com/ns-type: dsm-managed
SQLServerDatabase
SQL Server Database with SQL User
apiVersion: v1
kind: Secret
metadata:
name: sqluser-pass
namespace: sqlserver-user-namespace
data:
password: U29tZVN0b3JuZ1Bhc3MxMjMh
type: Opaque
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db
namespace: sqlserver-user-namespace
spec:
placement:
sqlServer:
name: sqlserver-01
namespace: dsm-system
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: trusted-root-backup-storage
owners:
- type: SQLUser
username: sqluser
passwordRef:
name: sqluser-pass
fieldPath: password
Restore SQL Server Database with SQL User
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db-clone
namespace: sqlserver-user-namespace
spec:
basedOn:
database:
name: mssql-db
# type: SQLServerDatabase # Default. Use ArchivedSQLServerDatabase for deleted databases.
placement:
sqlServer:
name: sqlserver-01
namespace: dsm-system
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: trusted-root-backup-storage
owners:
- type: SQLUser
username: sqluser
passwordRef:
name: sqluser-pass
fieldPath: password
SQL Server Database with AD User
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db-with-ad
namespace: sqlserver-user-namespace
spec:
placement:
sqlServer:
name: mssql-with-ad
namespace: dsm-system
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: trusted-root-backup-storage
owners:
- type: WindowsPrincipal
username: 'EXAMPLE\test-db-owner-group'
- type: WindowsPrincipal
username: 'EXAMPLE\test-db-owner-user'
infrastructure.dataservices.vmware.com/v1alpha1
This package contains resources for managing infrastructure policies, IP pools, VM classes, directory services, and Active Directory domains.
Resources in this package:
- IPPool - IP address pool configurations
- VMClass - Virtual machine class definitions
- InfrastructurePolicy - Infrastructure placement policies
- DirectoryService - LDAP/Active Directory service configurations
- ActiveDirectoryDomain - Active Directory domain configurations
IPPool
With 2 IP ranges
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: IPPool
metadata:
name: test-ippool
spec:
addresses:
- 1.1.1.1
- 1.1.1.12-1.1.1.50
- 1.1.1.65-1.1.1.90
gateway: 10.10.10.10
prefix: 24
VMClass
With 8 vCPU and 16 Gi memory.
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: VMClass
metadata:
name: large
spec:
requests:
cpu: "8"
memory: "16"
InfrastructurePolicy
With a resource pool.
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: InfrastructurePolicy
metadata:
name: infra-policy-02-rp
spec:
enableCrossClusterHA: false
enabled: true
ipRanges:
- poolName: ippools-test-01
portGroups:
- datacenter: dbaas-dc
name: Mgmt
placements:
- cluster: dbaas-cluster
datacenter: dbaas-dc
folder: DSM
portGroups:
- Mgmt
resourcePool: rp1
storagePolicies:
- dsm-test
vmClasses:
- name: small
- name: medium
- name: large
DirectoryService
With ldap configured.
apiVersion: v1
kind: Secret
metadata:
name: sample-ldap-ca
namespace: dsm-system
data:
tls.crt: |
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJGUjET
MBEGA1UECAwKU29tZS1TdGF0ZTEOMAwGA1UEBwwFUGFyaXMxDTALBgNVBAoMBERp
bWkxDTALBgNVBAsMBE5TQlUxEDAOBgNVBAMMB0RpbWkgQ0ExGzAZBgkqhkiG9w0B
CQEWDGRpbWlAZGltaS5mcjAeFw0xNDAxMjgyMDM2NTVaFw0yNDAxMjYyMDM2NTVa
MFsxCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC3d3dy5kaW1pLmZyMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnaPKLIKdvx98KW68lz8pGa
RRcYersNGqP-this-is-a-dummy-cert-uidhasaFSJSAKCvrtWhN+haKbSp+QWX
SxiTrW99HBfAl1MDQyWcukoEb9Cw6INctVUN4iRvkn9T8E6q174RbcnwA/7yTc7p
1NCvw+6B/aAN9l1G2pQXgRdYC/+G6o1IZEHtWhqzE97nY5QKNuUVD0V09dc5CDYB
aKjqetwwv6DFk/GRdOSEd/6bW+20z0qSHpa3YNW6qSp+x5pyYmDrzRIR03os6Dau
ZkChSRyc/Whvurx6o85D6qpzywo8xwNaLZHxTQPgcIA5su9ZIytv9LH2E+lSwwID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+tugFtyN+cXe1wxUqeA7X+yS3bgw
HwYDVR0jBBgwFoAUhMwqkbBrGp87HxfvwgPnlGgVR64wDQYJKoZIhvcNAQEFBQAD
ggEBAIEEmqqhEzeXZ4CKhE5UM9vCKzkj5Iv9TFs/a9CcQuepzplt7YVmevBFNOc0
+1ZyR4tXgi4+5MHGzhYCIVvHo4hKqYm+J+o5mwQInf1qoAHuO7CLD3WNa1sKcVUV
vepIxc/1aHZrG+dPeEHt0MdFfOw13YdUc2FH6AqEdcEL4aV5PXq2eYR8hR4zKbc1
fBtuqUsvA8NWSIyzQ16fyGve+ANf6vXvUizyvwDrPRv/kfvLNa3ZPnLMMxU98Mvh
PXy3PkB8++6U4Y3vdk2Ni2WYYlIls8yqbM4327IKmkDc2TimS8u60CT47mKU7aDY
cbTV5RDkrlaYwm5yqlTIglvCv7o=
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
name: sample-ldap-credentials
namespace: dsm-system
type: "kubernetes.io/basic-auth"
data:
username: bGRhcGFkbWlu # This is 'ldapadmin' encoded in Base64
password: cGFzc3dvcmQ= # This is 'password' encoded in Base64
---
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: DirectoryService
metadata:
name: ldap-default
namespace: dsm-system
spec:
type: "ActiveDirectory"
domain: vmware.com
baseDnUsers: dc=vmware,dc=com
bindCredentials:
name: sample-ldap-credentials
primaryServerUrl: ldaps://ldap.vmware.com:3269
secondaryServerUrls:
- ldaps://scrootdc1.vmware.com:3269
- ldaps://scdc2rootdc04.vmware.com:3269
trustBundle:
name: sample-ldap-ca
namespace: dsm-system
userSearchAttribute: "userPrincipalName"
ActiveDirectoryDomain
apiVersion: v1
kind: ConfigMap
metadata:
name: example-domain-trust-bundle
namespace: dsm-system
data:
tls.crt: |
-----BEGIN CERTIFICATE-----
... The PEM-encoded CA certificate of the domain's LDAP services.
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
name: example-domain-priv-account
namespace: dsm-system
stringData:
username: "test-user"
password: "<test-user's password>"
---
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: ActiveDirectoryDomain
metadata:
name: test-example-domain
namespace: dsm-system
spec:
name: example.org
nameservers:
- 10.20.30.40
trustBundle:
# Needed for DSM to be able to talk with the LDAP services of the
# selected domain. When manually providing keytabs, DSM doesn't need to
# talk to the LDAP and this trust bundle is not required.
name: example-domain-trust-bundle
privilegedAccountCredentials:
# Like above, this is only needed for DSM to be able to talk with the LDAP
# services of the selected domain. Refer to the documentation about what
# privileges this account needs to have.
name: example-domain-priv-account
Manual configuration
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: ActiveDirectoryDomain
metadata:
name: test-example-domain-manual-cfg
namespace: dsm-system
spec:
name: example.org
nameservers:
- 10.20.30.40
observability.dataservices.vmware.com/v1alpha1
This package contains resources for collecting logs and configuring metrics targets for monitoring and troubleshooting.
Resources in this package:
- LogBundle - Database log collection for troubleshooting
- MetricsTarget - Metrics export configuration for monitoring systems
LogBundle
Log bundle for Postgres
apiVersion: observability.dataservices.vmware.com/v1alpha1
kind: LogBundle
metadata:
name: test-pg-logs
namespace: postgres-user-namespace
spec:
retentionPeriod: 48h
targetRef:
kind: PostgresCluster
name: test-pg-cluster
MetricsTarget
Metrics Target for VCFOps
apiVersion: observability.dataservices.vmware.com/v1alpha1
kind: MetricsTarget
metadata:
name: metrics-default
namespace: dsm-system
spec:
type: VCFOps
endpoint: "https://10.84.1.1:8443/opensource/default/metric"
tls:
insecureSkipVerify: false
trustBundle:
name: trusted-root-ca
namespace: dsm-system
clientCertificate:
name: client-cert-secret
credentials:
name: basic-auth-secret
timeout: 7s
headers:
Content-Type: "text/plain; charset=utf-8"
additional-static-metadata: my-value
system.dataservices.vmware.com/v1alpha1
This package contains resources for system-level configuration, support bundles, and image registry management.
Resources in this package:
- DsmSystemConfig - System-wide DSM configuration
- SupportBundle - Support bundle generation for troubleshooting
- ImageRegistry - External image registry configuration
DsmSystemConfig
With ntp configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
metadata:
name: dsm-system-config
spec:
ceipConsent: true
dnsServers:
- 1.2.3.4
dsmProviderId: f9b039f9-2683-43b1-aae0-5602614cde0b
externalLogDestination:
enabled: false
trustBundle: {}
gateway: 10.11.12.13
ip: 5.6.7.8
netmask: 255.255.224.0
ntpServers:
- time.vmware.com
With external log destination - udp configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
...
spec:
externalLogDestination:
enabled: true
remoteLogDestinationProvider: syslog server
remoteLogUrl: udp://0.0.1.1:514
trustBundle: {}
With external log destination - tls configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
...
spec:
externalLogDestination:
enabled: true
remoteLogDestinationProvider: syslog server
remoteLogUrl: ssl://0.0.1.1:1514
trustBundle:
name: trusted-root-ca
namespace: dsm-system
SupportBundle
Support bundle for single data service
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: SupportBundle
metadata:
name: test-logs
annotations:
dsm.vmware.com/owner: [email protected]
namespace: dsm-system
spec:
includedDataServices: Single
retentionPeriod: 48h
dataServiceTargetRef:
kind: PostgresCluster
name: test-pg-cluster
namespace: postgres-user-namespace
Image Registry
Pointing to a public repo (mcr.microsoft.com/mssql/server)
# This is a reference to an external image registry that contains the official SQL Server container images published by Microsoft.
# Required only if you intend to use DSM Data Service for Microsoft SQL Server.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: ImageRegistry
metadata:
name: sql-sqlserver-registry
namespace: dsm-system
spec:
endpoint: mcr.microsoft.com
repo: mssql
dataServiceSelector:
matchExpressions:
- key: dsm.vmware.com/data-service-type
operator: In
values:
- vmware-sql-sqlserver