API Samples
API Samples
Packages:
#authorization.dataservices.vmware.com/v1alpha1
DsmRoleBinding
For DSM Admin Role
apiVersion: authorization.dataservices.vmware.com/v1alpha1
kind: DsmRoleBinding
metadata:
name: dsmadmin
role: DSM_ADMIN
subjects:
- kind: User
name: [email protected]
##databases.dataservices.vmware.com/v1alpha1
DatabaseConfig
With a custom db param
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: DatabaseConfig
metadata:
name: db-config-i4c35-1721685809783
namespace: default
spec:
params:
max_connections: "300"
PostgresCluster
Policy configuration which allows users to create Postgres Database
# NOTE: These samples expect that a DSM user `[email protected]` exists. # You can create a local DSM user via the DSM UI `Permissions` tab. # # NOTE: All objects in this file need to be created by a DSM admin. # # Namespace for the sample Postgres cluster. apiVersion: v1 kind: Namespace metadata: name: postgres-user-namespace labels: dsm.vmware.com/created-in: dsm dsm.vmware.com/ns-type: dsm-managed --- # Binding grants the user access to the sample namespace. apiVersion: authorization.dataservices.vmware.com/v1alpha1 kind: DSMUserNamespaceBinding metadata: name: postgres-user-namespace-bind namespace: postgres-user-namespace subjects: - kind: User name: [email protected] --- # Policy allows to use InfrastructurePolicy `infra-policy-01` or SupervisorInfrastructurePolicy # `dsm-test`, BackupLocation `default-backup-storage`, any replicas (0 or 1), and version # `16` or `17`to create Postgres clusters in the sample namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicy metadata: labels: dsm.vmware.com/created-in: dsm name: postgres-policy namespace: dsm-system spec: matchCriteria: - key: kubernetes.io/metadata.name operator: in values: - postgres-user-namespace - key: dsm.vmware.com/created-in operator: in values: - dsm serviceType: vmware-sql-postgres postgresPolicy: allowedReplicas: - -1 allowedVersions: - "16" - "17" common: allowedBackupLocations: - default-backup-storage allowedInfrastructurePolicies: - infra-policy-01 - dsm-test --- # Binding applies all relevant policies to a namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicyBinding metadata: name: binding namespace: postgres-user-namespace spec: namespaceProperties: # Property `dsm.vmware.com/created-in: dsm` and `kubernetes.io/metadata.name: mysql-user-namespace` # match the `matchCriteria` in the above DataServicePolicy dsm.vmware.com/created-in: dsm kubernetes.io/metadata.name: postgres-user-namespace # This property makes the namespace visible in the namespace list on the database creation page # of the DSM portal. dsm.vmware.com/ns-type: dsm-managed
With custom db param, backup config & 1 replica
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: test-pg-cluster
namespace: postgres-user-namespace
spec:
replicas: 1
version: "17"
vmClass:
name: medium
storageSpace: 25G
backupConfig:
backupRetentionDays: 91
schedules:
- name: full-weekly
type: full
schedule: "0 0 * * 0"
- name: incremental-daily
type: incremental
schedule: "0 0 * * *"
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
backupLocation:
name: default-backup-storage
Restore Postgres Database
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: test-pg-restore
namespace: postgres-user-namespace
spec:
replicas: 1
version: "17"
vmClass:
name: medium
storageSpace: 25G
backupConfig:
backupRetentionDays: 91
schedules:
- name: full-weekly
type: full
schedule: "0 0 * * 0"
- name: incremental-daily
type: incremental
schedule: "0 0 * * *"
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
backupLocation:
name: default-backup-storage
basedOn:
cluster:
name: test-pg-cluster # should be changed to the source cluster's name
With a secondary replica (Disaster Recovery)
# Primary
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: my-pg-cluster
namespace: default
spec:
adminUsername: pgadmin
backupLocation:
name: default-backup-storage
backupConfig:
backupRetentionDays: 91
schedules:
- name: schedule
schedule: '0 0 * * *'
type: full
databaseName: test-primary
infrastructurePolicy:
name: infra-policy-01
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "04:59"
replicas: 0
replicationSlots:
- slotName: test_rep_slot
user: test-rep-slot
description: "The replication slot to be used by the secondary cluster my-pg-secondary"
storagePolicyName: dsm-test
storageSpace: 60Gi
version: 16.6+vmware.v2.2.0
vmClass:
name: medium
---
# Secondary
apiVersion: v1
data:
user: dGVzdC1yZXAtc2xvdA== # This is the username of the replication user encoded in base64
password: SWFGZnh6SDZaOU5raDZoUzFyNnE4MTBJOUpVMHhw # This is the password of the replication user encoded in Base64.
dbName: dGVzdC1wcmltYXJ5 # This is the database of the remote cluster encoded in Base64.
kind: Secret
metadata:
name: my-pg-secondary-rep-secret
namespace: default
type: Opaque
---
apiVersion: v1
data:
tls.crt: |-
-----BEGIN CERTIFICATE-----
MIIC7TCCAdWgAwIBAgIGAZRCYKIkMA0GCSqGSIb3DQEBCwUAMCgxFTATBgNVBAMM
DFZNd2FyZS1EQi1DQTEPMA0GA1UECgwGVk13YXJlMB4XDTI1MDEwNDIwMDY1NloX
DTM1MDEwNzIwMDY1NlowKDEVMBMGA1UEAwwMVk13YXJlLURCLUNBMQ8wDQYDVQQK
DAZWTXdhcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBTP4Vj8/j
FFuQ9cmg4KqavYghsoNTuEs0DOmwKD+zZLVEhfWpdiaMZDaG5JvCVig1rGu5Z3LU
rfN/FGEEW6ixrYRdFpdFdcdWqctyY/POED0fjV1kU2XCRSTpy3OGtytGVY9rWJkl
G0kPuyqKYNK/hX1OBUn6ANfmlhZKR4rkZxBjFsDpGyQDHmkl+Zzu5hIy88uALxtT
VDNLljtsW/DBMtvSN5owiAJ9gLjzZSLA9ySocEjdgS60c8AwRoVcN8UTTyvMSTUW
WyLG+s8cCNxRqyyn9ZoRR4tUaDTSFbwiCK2ejJ+coZ0Sxi0U23TKxrqnOhFSHilJ
/9scNDd+h2CNAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQAcFdNFhBl0ZpGxj2Tzqjr8hUm2fr/F3yikmrnvwchO
/4PZHUGb1cPAqTF8nvnI0CvxCYIH3assg+5qWwgPLjpuYY3LC1y7P5EDvlOYpux8
OIJkcVX9AxTsm8lKDXoZcsJVb6s/pxjJ74jIfPtOInU6gErV12aHzuHtjLTdCN2F
RlDqSVczJC4sqKrw8He/nzH35+vFDWgmxvoDo2n/6EEeymwaGWhQTjaF3mvUYcO5
fRbO+OAGi+kPwgtj5PJH8l3Ou7A+88CUz3I3+GU6QaIj3dnPrgf9pwLurU+kpru9
tIQF6AjyEL5tmnIwF9hQxEL9v7tYDFanpc9EjhQF3/oE
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
name: sample-my-pg-primary-ca
namespace: default
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: my-pg-secondary
namespace: default
spec:
adminUsername: pgadmin
basedOn:
continuousRecovery:
enabled: true
replicationSlot:
credentials:
name: my-pg-secondary-rep-secret
hostname: 10.161.88.93 # This is the public IP of the primary "my-pg-cluster" obtained from its status.connection.host
port: 5432
slotName: test_rep_slot
trustBundle:
name: sample-my-pg-primary-ca
namespace: default
databaseName: test-primary
infrastructurePolicy:
name: infra-policy-01
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "04:59"
replicas: 0
storagePolicyName: dsm-test
storageSpace: 60Gi
version: 16.6+vmware.v2.2.0
vmClass:
name: medium
MySQLCluster
Policy configuration which allows users to create MYSQL Database
# NOTE: These samples expect that a DSM user `[email protected]` exists. # You can create a local DSM user via the DSM UI `Permissions` tab. # # NOTE: All objects in this file need to be created by a DSM admin. # # Namespace for the sample MySQL cluster. apiVersion: v1 kind: Namespace metadata: name: mysql-user-namespace labels: dsm.vmware.com/created-in: dsm dsm.vmware.com/ns-type: dsm-managed --- # Binding grants the user access to the sample namespace. apiVersion: authorization.dataservices.vmware.com/v1alpha1 kind: DSMUserNamespaceBinding metadata: name: mysql-user-namespace-bind namespace: mysql-user-namespace subjects: - kind: User name: [email protected] --- # Policy allows to use InfrastructurePolicy `infra-policy-01` or SupervisorInfrastructurePolicy # `dsm-test`, BackupLocation `default-backup-storage`, any number of memebers (1 or 3), # and version `8.0.41` or `8.0.40` to create MySQL clusters in the sample namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicy metadata: labels: dsm.vmware.com/created-in: dsm name: mysql-policy namespace: dsm-system spec: matchCriteria: - key: kubernetes.io/metadata.name operator: in values: - mysql-user-namespace - key: dsm.vmware.com/created-in operator: in values: - dsm serviceType: vmware-sql-mysql mysqlPolicy: allowedMembers: - -1 allowedVersions: - "8.0.40" - "8.0.41" common: allowedBackupLocations: - default-backup-storage allowedInfrastructurePolicies: - infra-policy-01 - dsm-test --- # Binding applies all relevant policies to a namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicyBinding metadata: name: binding namespace: mysql-user-namespace spec: namespaceProperties: # Property `dsm.vmware.com/created-in: dsm` and `kubernetes.io/metadata.name: mysql-user-namespace` # match the `matchCriteria` in the above DataServicePolicy dsm.vmware.com/created-in: dsm kubernetes.io/metadata.name: mysql-user-namespace # This property makes the namespace visible in the namespace list on the database creation page # of the DSM portal. dsm.vmware.com/ns-type: dsm-managed
With a custom backup config and 1 replica.
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
metadata:
name: test-mysql-cluster
namespace: mysql-user-namespace
spec:
members: 1
version: "8.0.41"
vmClass:
name: medium
storageSpace: 25G
backupConfig:
backupRetentionDays: 90
schedules:
- name: full-30mins
type: full
schedule: "*/30 * * * *"
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
backupLocation:
name: default-backup-storage
Restore MySQL Database
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
metadata:
name: test-mysql-restore
namespace: mysql-user-namespace
spec:
members: 1
version: "8.0.41"
vmClass:
name: medium
storageSpace: 25G
backupConfig:
backupRetentionDays: 90
schedules:
- name: full-30mins
type: full
schedule: "*/30 * * * *"
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
backupLocation:
name: default-backup-storage
basedOn:
cluster:
name: test-mysql-cluster # should be changed to the source cluster's name
SQLServerCluster
The SQL Server APIs are provided as a Technical Preview.
These APIs are subject to change and may not be backward compatible across future VMware Data Services Manager releases.
SQL Server Cluster with "Express" edition
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerCluster
metadata:
name: sqlserver-01
namespace: dsm-system
spec:
edition: "Express"
serverConfig:
collation: "Latin1_General_CI_AS"
traceFlags: [3226]
mssqlConf:
coredump.disablecoredump: "true"
errorlog.numerrorlogs: "10"
network.tlsprotocols: "1.2"
auditing:
preset: "AllLogins"
logRetention: "720h"
infrastructurePolicy:
name: infra-policy-01
placementSelector:
cluster: dbaas-cluster
datacenter: dbaas-dc
storagePolicyName: dsm-test
storageSpace: 20Gi
version: "2022.CU16"
vmClass:
name: small
SQL Server Cluster with ActiveDirectory
apiVersion: v1
kind: Secret
metadata:
name: test-sqlserver-account
namespace: dsm-system
stringData:
username: "sqlsvc01"
password: "<sqlsvc01's password>"
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerCluster
metadata:
name: mssql-with-ad
namespace: dsm-system
spec:
edition: "Developer"
dnsNames:
- mssql01.example.org
activeDirectory:
domain:
name: test-example-domain
sqlServerAccount:
name: test-sqlserver-account
# This setting asks DSM to create DNS records (both A and PTR) in the
# primary nameserver configured on the ActiveDirectoryDomain.
writeDNSNames: ForwardAndReverse
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
storageSpace: 20Gi
version: "2022.CU16"
vmClass:
name: small
SQL Server Cluster with ActiveDirectory manual configuration
apiVersion: v1
kind: Secret
metadata:
name: test-sqlserver-account-02
namespace: dsm-system
stringData:
# When using keytab, this Secret does not need to contain password because
# the keytab contains keys derived from the password
username: "sqlsvc02"
---
apiVersion: v1
kind: Secret
metadata:
name: test-sqlserver-keytab
namespace: dsm-system
data:
# Keytab (binary) file for the service account and the chosen DNS name(s) of
# the SQL Server cluster.
# On Windows could create keytab via the ktpass tool.
# On Linux could create keytab via ktutil or adutil.
keytab: BQI=
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerCluster
metadata:
name: mssql-with-ad-02
namespace: dsm-system
spec:
edition: "Developer"
dnsNames:
# Optional, but strongly recommended for compatibility with the SQL Server Management Studio
- mssql02.example.org
activeDirectory:
domain:
name: test-example-domain
# When using keytab, the service account must have appropriate Service
# Principal Names (SPNs) for the DNS name(s) of the SQL Server cluster.
# SPNs could be configured via the setspn Windows tool, via the adutil
# Linux tool or by directly modifying the servicePrincipalName LDAP
# attribute on the service account.
sqlServerAccount:
name: test-sqlserver-account-02
keytab:
name: test-sqlserver-keytab
infrastructurePolicy:
name: infra-policy-01
storagePolicyName: dsm-test
storageSpace: 20Gi
version: "2022.CU16"
vmClass:
name: small
DataServicePolicy
Policy configuration which allows users to create databases on the sample SQL Server clusters
# NOTE: These samples expect that a DSM user `[email protected]` exists. # You can create a local DSM user via the DSM UI `Permissions` tab. # # NOTE: All objects in this file need to be created by a DSM admin. # # Namespace for the sample SQL Server databases. apiVersion: v1 kind: Namespace metadata: name: sqlserver-user-namespace labels: dsm.vmware.com/created-in: dsm dsm.vmware.com/ns-type: dsm-managed --- # Binding grants the user access to the sample namespace. apiVersion: authorization.dataservices.vmware.com/v1alpha1 kind: DSMUserNamespaceBinding metadata: name: sqlserver-user-namespace-bind namespace: sqlserver-user-namespace subjects: - kind: User name: [email protected] --- # Policy allows SQL Server databases in the sample namespace to be placed on # the sample SQL Server clusters and to use `default-backup-storage`. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicy metadata: labels: dsm.vmware.com/created-in: dsm name: sqlserver-policy namespace: dsm-system spec: matchCriteria: - key: kubernetes.io/metadata.name operator: in values: - sqlserver-user-namespace - key: dsm.vmware.com/created-in operator: in values: - dsm serviceType: vmware-sql-sqlserver-database sqlServerDatabasePolicy: allowedBackupLocations: - default-backup-storage allowedPlacements: - sqlServer: name: sqlserver-01 namespace: dsm-system - sqlServer: name: mssql-with-ad namespace: dsm-system --- # Binding applies all relevant policies to a namespace. apiVersion: infrastructure.dataservices.vmware.com/v1alpha1 kind: DataServicePolicyBinding metadata: name: binding namespace: sqlserver-user-namespace spec: namespaceProperties: # Property `dsm.vmware.com/created-in: dsm` and `kubernetes.io/metadata.name: mysql-user-namespace` # match the `matchCriteria` in the above DataServicePolicy dsm.vmware.com/created-in: dsm kubernetes.io/metadata.name: sqlserver-user-namespace # This property makes the namespace visible in the namespace list on the database creation page # of the DSM portal. dsm.vmware.com/ns-type: dsm-managed
SQLServerDatabase
SQL Server Database with SQL User
apiVersion: v1
kind: Secret
metadata:
name: sqluser-pass
namespace: sqlserver-user-namespace
data:
password: U29tZVN0b3JuZ1Bhc3MxMjMh
type: Opaque
---
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db
namespace: sqlserver-user-namespace
spec:
placement:
sqlServer:
name: sqlserver-01
namespace: dsm-system
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: default-backup-storage
owners:
- type: SQLUser
username: sqluser
passwordRef:
name: sqluser-pass
fieldPath: password
Restore SQL Server Database with SQL User
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db-clone
namespace: sqlserver-user-namespace
spec:
basedOn:
database:
name: mssql-db
placement:
sqlServer:
name: sqlserver-01
namespace: dsm-system
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: default-backup-storage
owners:
- type: SQLUser
username: sqluser
passwordRef:
name: sqluser-pass
fieldPath: password
SQL Server Database with AD User
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: SQLServerDatabase
metadata:
name: mssql-db-with-ad
namespace: sqlserver-user-namespace
spec:
placement:
sqlServer:
name: mssql-with-ad
namespace: dsm-system
backupConfig:
backupRetentionDays: 30
schedules:
- name: default-full-backup
schedule: 59 23 * * 6
type: full
backupLocation:
name: default-backup-storage
owners:
- type: WindowsPrincipal
username: 'EXAMPLE\test-db-owner-group'
- type: WindowsPrincipal
username: 'EXAMPLE\test-db-owner-user'
##infrastructure.dataservices.vmware.com/v1alpha1
IPPool
With 2 IP ranges
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: IPPool
metadata:
name: test-ippool
spec:
addresses:
- 1.1.1.1
- 1.1.1.12-1.1.1.50
- 1.1.1.65-1.1.1.90
gateway: 10.10.10.10
prefix: 24
VMClass
With 8 vCPU and 16 Gi memory.
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: VMClass
metadata:
name: large
spec:
requests:
cpu: "8"
memory: "16"
InfrastructurePolicy
With a resource pool.
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: InfrastructurePolicy
metadata:
name: infra-policy-02-rp
spec:
enableCrossClusterHA: false
enabled: true
ipRanges:
- poolName: ippools-test-01
portGroups:
- datacenter: dbaas-dc
name: Mgmt
placements:
- cluster: dbaas-cluster
datacenter: dbaas-dc
folder: DSM
portGroups:
- Mgmt
resourcePool: rp1
storagePolicies:
- dsm-test
vmClasses:
- name: small
- name: medium
- name: large
DirectoryService
With ldap configured.
apiVersion: v1
kind: Secret
metadata:
name: sample-ldap-ca
namespace: dsm-system
data:
tls.crt: |
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJGUjET
MBEGA1UECAwKU29tZS1TdGF0ZTEOMAwGA1UEBwwFUGFyaXMxDTALBgNVBAoMBERp
bWkxDTALBgNVBAsMBE5TQlUxEDAOBgNVBAMMB0RpbWkgQ0ExGzAZBgkqhkiG9w0B
CQEWDGRpbWlAZGltaS5mcjAeFw0xNDAxMjgyMDM2NTVaFw0yNDAxMjYyMDM2NTVa
MFsxCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ
bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC3d3dy5kaW1pLmZyMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnaPKLIKdvx98KW68lz8pGa
RRcYersNGqP-this-is-a-dummy-cert-uidhasaFSJSAKCvrtWhN+haKbSp+QWX
SxiTrW99HBfAl1MDQyWcukoEb9Cw6INctVUN4iRvkn9T8E6q174RbcnwA/7yTc7p
1NCvw+6B/aAN9l1G2pQXgRdYC/+G6o1IZEHtWhqzE97nY5QKNuUVD0V09dc5CDYB
aKjqetwwv6DFk/GRdOSEd/6bW+20z0qSHpa3YNW6qSp+x5pyYmDrzRIR03os6Dau
ZkChSRyc/Whvurx6o85D6qpzywo8xwNaLZHxTQPgcIA5su9ZIytv9LH2E+lSwwID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+tugFtyN+cXe1wxUqeA7X+yS3bgw
HwYDVR0jBBgwFoAUhMwqkbBrGp87HxfvwgPnlGgVR64wDQYJKoZIhvcNAQEFBQAD
ggEBAIEEmqqhEzeXZ4CKhE5UM9vCKzkj5Iv9TFs/a9CcQuepzplt7YVmevBFNOc0
+1ZyR4tXgi4+5MHGzhYCIVvHo4hKqYm+J+o5mwQInf1qoAHuO7CLD3WNa1sKcVUV
vepIxc/1aHZrG+dPeEHt0MdFfOw13YdUc2FH6AqEdcEL4aV5PXq2eYR8hR4zKbc1
fBtuqUsvA8NWSIyzQ16fyGve+ANf6vXvUizyvwDrPRv/kfvLNa3ZPnLMMxU98Mvh
PXy3PkB8++6U4Y3vdk2Ni2WYYlIls8yqbM4327IKmkDc2TimS8u60CT47mKU7aDY
cbTV5RDkrlaYwm5yqlTIglvCv7o=
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
name: sample-ldap-credentials
namespace: dsm-system
type: "kubernetes.io/basic-auth"
data:
username: bGRhcGFkbWlu # This is 'ldapadmin' encoded in Base64
password: cGFzc3dvcmQ= # This is 'password' encoded in Base64
---
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: DirectoryService
metadata:
name: ldap-default
namespace: dsm-system
spec:
type: "ActiveDirectory"
domain: vmware.com
baseDnUsers: dc=vmware,dc=com
bindCredentials:
name: sample-ldap-credentials
primaryServerUrl: ldaps://ldap.vmware.com:3269
secondaryServerUrls:
- ldaps://scrootdc1.vmware.com:3269
- ldaps://scdc2rootdc04.vmware.com:3269
trustBundle:
name: sample-ldap-ca
namespace: dsm-system
userSearchAttribute: "userPrincipalName"
ActiveDirectoryDomain
apiVersion: v1
kind: ConfigMap
metadata:
name: example-domain-trust-bundle
namespace: dsm-system
data:
tls.crt: |
-----BEGIN CERTIFICATE-----
... The PEM-encoded CA certificate of the domain's LDAP services.
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
name: example-domain-priv-account
namespace: dsm-system
stringData:
username: "test-user"
password: "<test-user's password>"
---
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: ActiveDirectoryDomain
metadata:
name: test-example-domain
namespace: dsm-system
spec:
name: example.org
nameservers:
- 10.20.30.40
trustBundle:
# Needed for DSM to be able to talk with the LDAP services of the
# selected domain. When manually providing keytabs, DSM doesn't need to
# talk to the LDAP and this trust bundle is not required.
name: example-domain-trust-bundle
privilegedAccountCredentials:
# Like above, this is only needed for DSM to be able to talk with the LDAP
# services of the selected domain. Refer to the documentation about what
# privileges this account needs to have.
name: example-domain-priv-account
Manual configuration
apiVersion: infrastructure.dataservices.vmware.com/v1alpha1
kind: ActiveDirectoryDomain
metadata:
name: test-example-domain-manual-cfg
namespace: dsm-system
spec:
name: example.org
nameservers:
- 10.20.30.40
##observability.dataservices.vmware.com/v1alpha1
LogBundle
Support bundle for Postgres
apiVersion: observability.dataservices.vmware.com/v1alpha1
kind: LogBundle
metadata:
name: test-pg-logs
namespace: postgres-user-namespace
spec:
retentionPeriod: 48h
targetRef:
kind: PostgresCluster
name: test-pg-cluster
MetricsTarget
Metrics Target for VCFOps
apiVersion: observability.dataservices.vmware.com/v1alpha1
kind: MetricsTarget
metadata:
name: metrics-default
namespace: dsm-system
spec:
type: VCFOps
endpoint: "https://10.84.1.1:8443/opensource/default/metric"
tls:
insecureSkipVerify: false
trustBundle:
name: trusted-root-ca
namespace: dsm-system
clientCertificate:
name: client-cert-secret
credentials:
name: basic-auth-secret
timeout: 7s
headers:
Content-Type: "text/plain; charset=utf-8"
additional-static-metadata: my-value
##system.dataservices.vmware.com/v1alpha1
DsmSystemConfig
With ntp configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
metadata:
name: dsm-system-config
spec:
ceipConsent: true
dnsServers:
- 1.2.3.4
dsmProviderId: f9b039f9-2683-43b1-aae0-5602614cde0b
externalLogDestination:
enabled: false
trustBundle: {}
gateway: 10.11.12.13
ip: 5.6.7.8
netmask: 255.255.224.0
ntpServers:
- time.vmware.com
With external log destination - udp configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
...
spec:
externalLogDestination:
enabled: true
remoteLogDestinationProvider: syslog server
remoteLogUrl: udp://0.0.1.1:514
trustBundle: {}
With external log destination - tls configured.
apiVersion: system.dataservices.vmware.com/v1alpha1
kind: DsmSystemConfig
...
spec:
externalLogDestination:
enabled: true
remoteLogDestinationProvider: syslog server
remoteLogUrl: ssl://0.0.1.1:1514
trustBundle:
name: trusted-root-ca
namespace: dsm-system
Image Registry
Pointing to a public repo (mcr.microsoft.com/mssql/server)
# This is a reference to an external image registry that contains the official SQL Server container images published by Microsoft.
# Required only if you intend to use DSM Data Service for Microsoft SQL Server.
kind: ImageRegistry
metadata:
name: sql-sqlserver-registry
namespace: dsm-system
spec:
endpoint: mcr.microsoft.com
repo: mssql
dataServiceSelector:
matchExpressions:
- key: dsm.vmware.com/data-service-type
operator: In
values:
- vmware-sql-sqlserver