Crossplane provider?

[gfeldman]

First, thank you so much for this project. I am fully onboard with the statement and would like to help if I can. I don't know much rust though.

I am curious if you have thought about making this a crossplane provider where you could also have the crds from the cloud provider to provision the node as opposed to making a cli. I am attaching the droplet definition I used for the exit node provisioning. The CRD for the droplet has a field for the public ip to fetch for the exit node, so we can probably make a crossplane composition pacakge that uses your operator with different clouds.

P.S. I later went in and blocked outside access on port 9090. If we had this type of provisioning in the controller then it wouldn't be too hard to also implement allowedSourceRanges part of the load balancer spec to sync to a firewall / security group

apiVersion: compute.do.crossplane.io/v1alpha1
kind: Droplet
metadata:
  name: droplet-inlet
spec:
  forProvider:
    region: nyc1
    size: s-1vcpu-1gb
    image: ubuntu-20-04-x64
    sshKeys:
    - "key id"
    userData: |
      #!/bin/bash
      apt-get -y update
      apt-get install curl -y
      curl "https://i.jpillora.com/chisel\!\?type=script" | bash
      mv /chisel /usr/local/bin
      cat <<EOF >> /etc/systemd/system/chisel.service
      [Unit]
      Description=Chisel Tunnel
      Wants=network-online.target
      After=network-online.target
      StartLimitIntervalSec=0

      [Install]
      WantedBy=multi-user.target

      [Service]
      Restart=always
      RestartSec=1
      User=root
      ExecStart=/usr/local/bin/chisel server --port=9090 --reverse
      # Additional .env file for auth and secrets
      EnvironmentFile=-/etc/sysconfig/chisel
      EOF
      systemctl enable chisel
      systemctl start chisel

  providerConfigRef:
    name: provider-do-config

[korewaChino]

We actually are kind of figuring out how to do cloud provisioning, actually.

We were looking into something like Pulumi for the provider backend, but thank you for telling us about the existence of this!

We actually have received multiple requests about this feature, and have also planned to work on this in the future.

[gfeldman]

Great. As a first step, I will try to work on a reusable crossplane composition package that combines the chisel operator and one or two implementations of exit nodes. Maybe a composition package is all that is needed as opposed to a full blown operator.

https://docs.crossplane.io/latest/concepts/compositions/

Basically the composition would combine the official cloud instance crds and a helm provider to dynamically pass the ip from the cloud instance crd to the exit node.

[lleyton]

We decided to handle cloud provisioning through our own mechanism within the operator. Initial support for AWS, DigitalOcean, and Linode are in the latest release of the operator.

Give it a go :)