badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

Database management enhancements #100

New Issue
Open
opened 2023-07-29 19:19:10 +00:00 by allanger · 0 comments
allanger commented 2023-07-29 19:19:10 +00:00 (Migrated from git.badhouseplants.net)
Copy Link

Secrets

Currently, database secret is created by the db-operator, and it means that in case of recreation, we will have to update the secret in applications configs.

It's possible to used an existing secrets, and then the password will be preserved.

Let's add a secret to common/values.database.yaml so the secret is created not by the operator, but by helmfile with extensions.
Take the existing *-creds secret as a reference. Values should be set in applications values/secrets files like

# -- values.yaml
---
ext-database:
  secret:
    username: $USERAME
    database: $DATABASE

# -- secrets.yaml
---
ext-database:
  secret:
    password: $PASSWORD

Deletion protection

In the main template for databases, set deletionProtected to true, so databases are not removed, if the database resource is gone. Check the documentation: https://github.com/db-operator/db-operator/blob/main/docs/creatingdatabases.md

AC

  • Secret is created by helmfile alongside the database, when the extension is used
  • Databases on the server are not removed when database resources are removed from kubernetes

Notes

When helmfill tries syncing, it's most probably going to fail, because currently, resources don't belong to the release, and they are not managed by helm, and helm will no modify resources that are were there before. It will say that secret have some missing labels and annotations. To fix it, just set those and sync locally

### Secrets Currently, database secret is created by the db-operator, and it means that in case of recreation, we will have to update the secret in applications configs. It's possible to used an existing secrets, and then the password will be preserved. Let's add a `secret` to `common/values.database.yaml` so the secret is created not by the operator, but by helmfile with extensions. Take the existing `*-creds` secret as a reference. Values should be set in applications values/secrets files like ```yaml # -- values.yaml --- ext-database: secret: username: $USERAME database: $DATABASE ``` ```yaml # -- secrets.yaml --- ext-database: secret: password: $PASSWORD ``` ### Deletion protection In the main template for databases, set `deletionProtected` to true, so databases are not removed, if the `database` resource is gone. Check the documentation: https://github.com/db-operator/db-operator/blob/main/docs/creatingdatabases.md ### AC - [ ] Secret is created by helmfile alongside the database, when the extension is used - [ ] Databases on the server are not removed when database resources are removed from kubernetes ### Notes When helmfill tries syncing, it's most probably going to fail, because currently, resources don't belong to the release, and they are not managed by `helm`, and `helm` will no modify resources that are were there before. It will say that secret have some missing labels and annotations. To fix it, just set those and sync locally
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Troloroma allanger devops-bot jacklull
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: badhouseplants/k8s-cluster-config#100
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?