Database management enhancements #100

Open
opened 2023-07-29 19:19:10 +00:00 by allanger · 0 comments
allanger commented 2023-07-29 19:19:10 +00:00 (Migrated from git.badhouseplants.net)

Secrets

Currently, database secret is created by the db-operator, and it means that in case of recreation, we will have to update the secret in applications configs.

It's possible to used an existing secrets, and then the password will be preserved.

Let's add a secret to common/values.database.yaml so the secret is created not by the operator, but by helmfile with extensions.
Take the existing *-creds secret as a reference. Values should be set in applications values/secrets files like

# -- values.yaml
---
ext-database:
  secret:
    username: $USERAME
    database: $DATABASE
# -- secrets.yaml
---
ext-database:
  secret:
    password: $PASSWORD

Deletion protection

In the main template for databases, set deletionProtected to true, so databases are not removed, if the database resource is gone. Check the documentation: https://github.com/db-operator/db-operator/blob/main/docs/creatingdatabases.md

AC

  • Secret is created by helmfile alongside the database, when the extension is used
  • Databases on the server are not removed when database resources are removed from kubernetes

Notes

When helmfill tries syncing, it's most probably going to fail, because currently, resources don't belong to the release, and they are not managed by helm, and helm will no modify resources that are were there before. It will say that secret have some missing labels and annotations. To fix it, just set those and sync locally

### Secrets Currently, database secret is created by the db-operator, and it means that in case of recreation, we will have to update the secret in applications configs. It's possible to used an existing secrets, and then the password will be preserved. Let's add a `secret` to `common/values.database.yaml` so the secret is created not by the operator, but by helmfile with extensions. Take the existing `*-creds` secret as a reference. Values should be set in applications values/secrets files like ```yaml # -- values.yaml --- ext-database: secret: username: $USERAME database: $DATABASE ``` ```yaml # -- secrets.yaml --- ext-database: secret: password: $PASSWORD ``` ### Deletion protection In the main template for databases, set `deletionProtected` to true, so databases are not removed, if the `database` resource is gone. Check the documentation: https://github.com/db-operator/db-operator/blob/main/docs/creatingdatabases.md ### AC - [ ] Secret is created by helmfile alongside the database, when the extension is used - [ ] Databases on the server are not removed when database resources are removed from kubernetes ### Notes When helmfill tries syncing, it's most probably going to fail, because currently, resources don't belong to the release, and they are not managed by `helm`, and `helm` will no modify resources that are were there before. It will say that secret have some missing labels and annotations. To fix it, just set those and sync locally
This repo is archived. You cannot comment on issues.
No Label
No Milestone
No project
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: badhouseplants/k8s-cluster-config#100
No description provided.