feat(crossplane): PostgresDatabase XRD and composition#11
Open
arjunmehta-git wants to merge 1 commit into
Open
feat(crossplane): PostgresDatabase XRD and composition#11arjunmehta-git wants to merge 1 commit into
arjunmehta-git wants to merge 1 commit into
Conversation
- XRD with clean claim interface for app teams - Composition: RDSInstance + DBSubnetGroup - Namespace-label patch: multiAZ=true in production namespaces - deletionPolicy defaults to Orphan - Subnet group naming includes claim namespace to prevent collisions Signed-off-by: Saraj Krishna Singh <sarajkrishnasingh@users.noreply.github.com>
hamza-mohd
reviewed
May 27, 2026
hamza-mohd
left a comment
hamza-mohd
left a comment
Member
There was a problem hiding this comment.
The composition structure looks right. The namespace-based multiAZ patch is clean. One thing I want to verify before merging: the connection secret format. App teams often expect a single DATABASE_URL string rather than discrete keys. Can we add a transform that builds postgresql://user:pass@host:port/dbname and writes it as a url key alongside the discrete ones?
winkletinkle
left a comment
winkletinkle
left a comment
Member
There was a problem hiding this comment.
Also - what's the upgrade path when engineVersion changes? If a team updates the claim, will Crossplane try to do an in-place major version upgrade on the RDS instance? We should add a note in the README about that risk and how to handle it (new claim, migrate data, delete old claim).
There was a problem hiding this comment.
Pull request overview
Adds a new Crossplane API (PostgresDatabase claim / XPostgresDatabase composite) and a Composition intended to provision managed AWS RDS PostgreSQL instances, including subnet group creation and publishing a standardized connection secret.
Changes:
- Introduces an XRD for
PostgresDatabasewith claim parameters (storage, instance class, Multi-AZ, backups, engine version, deletion policy). - Adds an AWS RDS composition with
DBSubnetGroupandRDSInstanceresources plus connection secret key projection. - Documents usage, secret keys, production Multi-AZ behavior, and upgrade/deletion guidance.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| compositions/postgresql/xrd.yaml | Defines the PostgresDatabase claim and parameter schema + connection secret keys. |
| compositions/postgresql/composition.yaml | Implements the AWS RDS/DBSubnetGroup composition and connection secret projection logic. |
| compositions/postgresql/README.md | Documents how to claim databases and what to expect from the composition/secret behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+30
to
+34
| subnetIds: [] # Patched in via environment config or EnvironmentConfig | ||
| providerConfigRef: | ||
| name: aws-provider | ||
| patches: | ||
| - type: FromCompositeFieldPath |
Comment on lines
+22
to
+26
| - name: dbsubnetgroup | ||
| base: | ||
| apiVersion: rds.aws.crossplane.io/v1alpha1 | ||
| kind: DBSubnetGroup | ||
| spec: |
Comment on lines
+100
to
+105
| toFieldPath: spec.forProvider.deletionProtection | ||
| transforms: | ||
| - type: map | ||
| map: | ||
| Orphan: "true" | ||
| Delete: "false" |
Comment on lines
+118
to
+129
| # Production namespace override: force multiAZ=true | ||
| # Requires the claim namespace to have label: | ||
| # platform.tcs.io/environment=production | ||
| - type: FromEnvironmentFieldPath | ||
| fromFieldPath: platform.tcs.io/environment | ||
| toFieldPath: spec.forProvider.multiAZ | ||
| transforms: | ||
| - type: map | ||
| map: | ||
| production: "true" | ||
| policy: | ||
| fromFieldPath: Optional |
Comment on lines
+34
to
+49
| - type: FromCompositeFieldPath | ||
| fromFieldPath: metadata.namespace | ||
| toFieldPath: spec.forProvider.groupName | ||
| transforms: | ||
| - type: string | ||
| string: | ||
| fmt: "%s" | ||
| - type: CombineFromComposite | ||
| combine: | ||
| variables: | ||
| - fromFieldPath: metadata.namespace | ||
| - fromFieldPath: metadata.name | ||
| strategy: string | ||
| string: | ||
| fmt: "tcs-%s-%s-subnet-group" | ||
| toFieldPath: spec.forProvider.groupName |
Comment on lines
+48
to
+49
| Enable Multi-AZ deployment for high availability. Automatically | ||
| set to true in namespaces labelled platform.tcs.io/environment=production. |
Comment on lines
+40
to
+43
| ## Automatic multiAZ in Production | ||
|
|
||
| The composition includes a namespace-label patch: if the claim's namespace has the label `platform.tcs.io/environment=production`, `multiAZ` is forced to `true` regardless of what the claim specifies. This prevents development teams from accidentally provisioning single-AZ databases in production environments. | ||
|
|
Comment on lines
+55
to
+59
| ## Deletion Policy | ||
|
|
||
| The `deletionPolicy` parameter defaults to `Orphan`. When set to `Orphan`, deleting the `PostgresDatabase` claim removes the Crossplane-managed objects but leaves the underlying RDS instance running in AWS. This is the safe default for production databases. | ||
|
|
||
| **Do not change the default to `Delete` in production.** If you delete the claim, the RDS instance and all its data are permanently destroyed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Crossplane XRD and composition for managed RDS PostgreSQL provisioning. Closes crossplane#1.
Changes
compositions/postgresql/xrd.yaml- CompositeResourceDefinition with clean claim interfacecompositions/postgresql/composition.yaml- Composition with RDSInstance + DBSubnetGroup resourcescompositions/postgresql/README.md- Usage, connection secret keys, upgrade path docsDesign
deletionPolicydefaults toOrphan- production databases are not destroyed on claim deleteplatform.tcs.io/environment=productionforcesmultiAZ=truetcs-<namespace>-<name>-subnet-groupprevents collisions per namespacehost,port, etc.) and compositeurlkeyStatus
Ready for review. Two open questions tracked in comments.