notes/grandcentrix/db-operator.md

102 lines
2.9 KiB
Markdown
Raw Permalink Normal View History

2023-11-25 14:25:06 +00:00
## db-operator
I've created a flexible server here: https://github.com/grandcentrix/platform-operations/pull/3591/files
> You can switch to that branch and exec `terraform output` to get creds
Then I've create a local k8s cluster using `kind` and deployed db-operator there
```yaml
# helmfile.yaml
---
repositories:
- name: db-operator
url: https://db-operator.github.io/charts/
- name: jetstack
url: https://charts.jetstack.io
releases:
- name: cert-manager
chart: jetstack/cert-manager
version: v1.11.0
namespace: cert-manager
createNamespace: true
values:
- installCRDs: true
- name: db-operator
chart: db-operator/db-operator
version: 1.8.0
namespace: db-operator
installed: true
- name: db-instance
installed: true
namespace: db-operator
chart: db-operator/db-instances
version: 1.4.1
values:
- dbinstances:
azure-postgres:
monitoring:
enabled: false
adminSecretRef:
Name: postgres-generic-admin-secret
Namespace: db-operator
engine: postgres
generic:
host: gcx-solutions-postgresql-flexi.postgres.database.azure.com
port: 5432
secrets:
adminUser: ***
adminPassword: ***
sslConnection:
enabled: true
skipVerify: false
```
``` bash
$ helmfile -l name=cert=manager sync
$ helmfile -l name=db-operator sync
$ helmfile -l name=db-instance sync
$ kubectl get dbin
NAME PHASE STATUS
azure-postgres Running true
```
Then create a database resource
```yaml
# db.yaml
---
apiVersion: "kinda.rocks/v1beta1"
kind: "Database"
metadata:
name: postgres-db
spec:
secretName: bega-pg-sec
instance: azure-postgres
deletionProtected: false
postgres:
extensions:
- uuid-ossp
schemas:
- application
secretsTemplates:
CONNECTION_STRING: "jdbc:{{ .Protocol }}://{{ .DatabaseHost }}:5432/{{ .DatabaseName }}?ssl=true&sslmode=require&currentSchema=application"
backup:
enable: false
cron: ""
cleanup: true
```
```bash
$ kubectl apply -f db.yaml
$ kubectl get db
NAME PHASE STATUS PROTECTED DBINSTANCE AGE
postgres-db Ready true false azure-postgres 17m
```
And then you can get data from the `bega-pg-sec` to connect to the database.
This db-operator doesn't really work with schemas, it can create them, and drop the `public` one. So the approach of using schemas for applications won't really work. because it creates a user per db. We can add mode schemas to `.spec.postgres.schemas`, and then add another templated secret that will create a connection string for that schema, but a new user won't be created and applications will have to share one user.
If the `deletionProtected` is set to `true`, database on the server won't be removed when database resource is gone.