102 lines
2.9 KiB
Markdown
102 lines
2.9 KiB
Markdown
## db-operator
|
|
|
|
I've created a flexible server here: https://github.com/grandcentrix/platform-operations/pull/3591/files
|
|
|
|
> You can switch to that branch and exec `terraform output` to get creds
|
|
|
|
Then I've create a local k8s cluster using `kind` and deployed db-operator there
|
|
```yaml
|
|
# helmfile.yaml
|
|
---
|
|
repositories:
|
|
- name: db-operator
|
|
url: https://db-operator.github.io/charts/
|
|
- name: jetstack
|
|
url: https://charts.jetstack.io
|
|
|
|
releases:
|
|
- name: cert-manager
|
|
chart: jetstack/cert-manager
|
|
version: v1.11.0
|
|
namespace: cert-manager
|
|
createNamespace: true
|
|
values:
|
|
- installCRDs: true
|
|
|
|
- name: db-operator
|
|
chart: db-operator/db-operator
|
|
version: 1.8.0
|
|
namespace: db-operator
|
|
installed: true
|
|
|
|
- name: db-instance
|
|
installed: true
|
|
namespace: db-operator
|
|
chart: db-operator/db-instances
|
|
version: 1.4.1
|
|
values:
|
|
- dbinstances:
|
|
azure-postgres:
|
|
monitoring:
|
|
enabled: false
|
|
adminSecretRef:
|
|
Name: postgres-generic-admin-secret
|
|
Namespace: db-operator
|
|
engine: postgres
|
|
generic:
|
|
host: gcx-solutions-postgresql-flexi.postgres.database.azure.com
|
|
port: 5432
|
|
secrets:
|
|
adminUser: ***
|
|
adminPassword: ***
|
|
sslConnection:
|
|
enabled: true
|
|
skipVerify: false
|
|
|
|
```
|
|
|
|
``` bash
|
|
$ helmfile -l name=cert=manager sync
|
|
$ helmfile -l name=db-operator sync
|
|
$ helmfile -l name=db-instance sync
|
|
$ kubectl get dbin
|
|
NAME PHASE STATUS
|
|
azure-postgres Running true
|
|
```
|
|
|
|
Then create a database resource
|
|
```yaml
|
|
# db.yaml
|
|
---
|
|
apiVersion: "kinda.rocks/v1beta1"
|
|
kind: "Database"
|
|
metadata:
|
|
name: postgres-db
|
|
spec:
|
|
secretName: bega-pg-sec
|
|
instance: azure-postgres
|
|
deletionProtected: false
|
|
postgres:
|
|
extensions:
|
|
- uuid-ossp
|
|
schemas:
|
|
- application
|
|
secretsTemplates:
|
|
CONNECTION_STRING: "jdbc:{{ .Protocol }}://{{ .DatabaseHost }}:5432/{{ .DatabaseName }}?ssl=true&sslmode=require¤tSchema=application"
|
|
backup:
|
|
enable: false
|
|
cron: ""
|
|
cleanup: true
|
|
```
|
|
```bash
|
|
$ kubectl apply -f db.yaml
|
|
$ kubectl get db
|
|
NAME PHASE STATUS PROTECTED DBINSTANCE AGE
|
|
postgres-db Ready true false azure-postgres 17m
|
|
```
|
|
|
|
And then you can get data from the `bega-pg-sec` to connect to the database.
|
|
|
|
This db-operator doesn't really work with schemas, it can create them, and drop the `public` one. So the approach of using schemas for applications won't really work. because it creates a user per db. We can add mode schemas to `.spec.postgres.schemas`, and then add another templated secret that will create a connection string for that schema, but a new user won't be created and applications will have to share one user.
|
|
|
|
If the `deletionProtected` is set to `true`, database on the server won't be removed when database resource is gone. |