Crossplane Provider IONOS Cloud

---

Warning: API Basic Authentication Deprecation Notice

Effective March 15, 2024, IONOS account holders using 2-Factor Authentication will no longer be able to utilize Basic Authentication for accessing our APIs, SDKs, and all related tools. Token creation and deletion via APIs and ionosCTL will also be restricted.

Affected users are required to switch to token-based authorization. These tokens will be accessible through our new Token Manager in the Data Center Designer, launching at the beginning of February 2024. More information can be found here.

---

Overview

This crossplane-provider-ionoscloud repository is the Crossplane infrastructure provider for IONOS Cloud. The provider that is built from the source code from this repository can be installed into a Crossplane control plane and adds the following new functionality:

• Custom Resource Definitions (CRDs) that model IONOS Cloud infrastructure and services (e.g. Database As a Service Postgres, Compute Engine, Kubernetes, etc.)
• Controllers to provision these resources in IONOS Cloud based on the users desired state captured in CRDs they create
• Implementations of Crossplane portable resource abstractions, enabling IONOS Cloud resources to fulfill a user's general need for cloud services

Getting Started and Documentation

For getting started with Crossplane Provider IONOS Cloud, check out this step-by-step example.

Set up Crossplane Provider IONOS Cloud

In order to set up Crossplane Provider IONOS Cloud, see details in here.

Authentication on IONOS Cloud

Crossplane Provider IONOS Cloud uses ProviderConfig in order to setup credentials via secrets. You can use environments variables when creating the ProviderConfig resource.

Environment Variable	Description
IONOS_USERNAME	Specify the username used to login, to authenticate against the IONOS Cloud API
IONOS_PASSWORD	Specify the password used to login, to authenticate against the IONOS Cloud API
IONOS_TOKEN	Specify the token used to login, if a token is being used instead of username and password
IONOS_API_URL	Specify the API URL. It will overwrite the API endpoint default value api.ionos.com
IONOS_LOG_LEVEL	Specify the Log Level used to log messages. Possible values: Off, Debug, Trace
IONOS_PINNED_CERT	Specify the SHA-256 public fingerprint here, enables certificate pinning

⚠️ Note: We recommend you only set this TRACE for debugging purposes. Disable it in your production environments because it can log sensitive data.
It logs the full request and response without encryption, even for an HTTPS call.
Verbose request and response logging can also significantly impact your application's performance.

Certificate pinning:

You can enable certificate pinning if you want to bypass the normal certificate checking procedure, by doing the following:

You can get the sha256 fingerprint most easily from the browser by inspecting the certificate test.

Apply the following crds. They will install the latest ionos provider with the pinned certificate enabled.

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-ionos
spec:
  package: ghcr.io/ionos-cloud/crossplane-provider-ionoscloud:latest
  runtimeConfigRef:
    name: enable-pinning
---
apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
  name: enable-pinning
spec:
  deploymentTemplate:
    spec:
      selector: {}
      template:
        spec:
          containers:
            - name: package-runtime
              env:
                - name: IONOS_PINNED_CERT
                  value: "pinned_cert_here"

More details about ProviderConfig and authentication here.

Provision Resources on IONOS Cloud

Crossplane Provider IONOS Cloud Managed Resources list is available here.

Build images

For building Docker images, use:

make build

A version can be set via $VERSION variable. By running make build VERSION=v0.x.x, the specified version will be added into the package/crossplane.yaml.

For tagging Docker images, use:

make docker.tag VERSION=v0.x.x

Usage

To run a K8s Cluster and install Crossplane:

make dev

To run e2e tests:

make e2e

To run linters on the code before opening a PR:

make reviewable

To clean up the K8s Cluster:

make dev-clean

To list all available options:

make help

Testing

Crossplane Provider IONOS Cloud has end-to-end integration tests for the resources supported.

For running end-to-end integration tests locally, use:

make e2e

If the images have a specific version, other than latest, this can be set via make e2e VERSION=v0.x.x.

Daily workflows with all end-to-end integration tests are running using GitHub Actions. You can check their status here.

Releases

Releases can be made on Crossplane Provider IONOS Cloud via tags or manual action of the CD workflow. The CD workflow will test and release the images. It will release images for controller and provider, with 2 tags each: latest and the corresponding release tag.

Contributing

crossplane-provider-ionoscloud is a community driven project and we welcome contributions. See the Crossplane Contributing guidelines to get started.

Adding New Resource

New resources can be added by defining the required types in apis and the controllers internal/controller/.

If you are running crossplane for the first time, run:

make submodules

To generate the CRDs YAML files run:

make generate

Report a Bug

For filing bugs, suggesting improvements, or requesting new features, please open an issue.

Code of Conduct

crossplane-provider-ionoscloud adheres to the same Code of Conduct as the core Crossplane project.

License

crossplane-provider-ionoscloud is under the Apache 2.0 License.