|
1 | 1 | # External PostgreSQL server operator for Kubernetes |
2 | 2 |
|
3 | 3 | ## Features |
4 | | -* creates a database |
5 | | -* creates a role with random username and password |
6 | | -* assigns role to the database |
7 | | -* if the database exist, it will only create a role |
8 | | -* drops role when removing CR, assigns all objects to user `postgres` |
9 | | -* creates a Kubernetes secret with postgres_uri in the same namespace as CR |
10 | | - |
11 | | -CR example |
| 4 | +* Creates a database from a CR |
| 5 | +* Creates a role with random username and password from a CR |
| 6 | +* If the database exist, it will only create a role |
| 7 | +* Multiple user roles can own one database |
| 8 | +* Creates Kubernetes secret with postgres_uri in the same namespace as CR |
| 9 | + |
| 10 | +## CRs |
12 | 11 | ```yaml |
13 | 12 | apiVersion: db.movetokube.com/v1alpha1 |
14 | 13 | kind: Postgres |
15 | 14 | metadata: |
16 | 15 | name: my-db |
17 | 16 | namespace: app |
18 | 17 | spec: |
19 | | - # Add fields here |
20 | | - database: test-db |
| 18 | + database: test-db # Name of database created in PostgreSQL |
| 19 | +``` |
| 20 | +
|
| 21 | +This creates a database called `test-db` and a role `test-db-group` that is set as the owner of the database. |
| 22 | + |
| 23 | +```yaml |
| 24 | +apiVersion: db.movetokube.com/v1alpha1 |
| 25 | +kind: PostgresUser |
| 26 | +metadata: |
| 27 | + name: my-db-user |
| 28 | + namespace: app |
| 29 | +spec: |
| 30 | + role: username |
| 31 | + database: my-db # This references the Postgres CR |
21 | 32 | secretName: my-secret |
22 | 33 | ``` |
23 | 34 |
|
| 35 | +This creates a user role `username-<hash>` and grants role `test-db-group` to it. Its credentials are put in secret `my-secret-my-db-user`. |
| 36 | + |
| 37 | +`PostgresUser` needs to reference a `Postgres` in the same namespace. |
| 38 | + |
| 39 | +Two `Postgres` referencing the same database can exist in more than one namespace. The last CR referencing a database will drop the group role and transfer database ownership to the role used by the operator. |
| 40 | + |
24 | 41 | ## Installation |
25 | 42 |
|
26 | 43 | 1. Configure Postgres credentials for the operator in `deploy/operator.yaml` |
27 | 44 | 2. `kubectl apply -f deploy/crds/db_v1alpha1_postgres_crd.yaml` |
28 | | -3. `kubectl apply -f deploy/namespace.yaml` |
29 | | -4. `kubectl apply -f role.yaml` |
30 | | -5. `kubectl apply -f role_binding.yaml` |
31 | | -6. `kubectl apply -f service_account.yaml` |
32 | | -7. `kubectl apply -f operator.yaml` |
| 45 | +3. `kubectl apply -f deploy/crds/db_v1alpha1_postgresuser_crd.yaml` |
| 46 | +4. `kubectl apply -f deploy/namespace.yaml` |
| 47 | +5. `kubectl apply -f role.yaml` |
| 48 | +6. `kubectl apply -f role_binding.yaml` |
| 49 | +7. `kubectl apply -f service_account.yaml` |
| 50 | +8. `kubectl apply -f operator.yaml` |
33 | 51 |
|
0 commit comments