Skip to content

Commit

Permalink
Support reading database ServerConfig credentials from k8s secrets (#440
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@amitlicht
amitlicht authored Jun 23, 2024
1 parent ef0b3c4 commit 27d9ebb
Show file tree
Hide file tree
Showing 24 changed files with 1,144 additions and 107 deletions.
11 changes: 11 additions & 0 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,17 @@ jobs:
needs:
- build

helm-e2e-test:
uses: otterize/helm-charts/.github/workflows/e2e-test.yaml@main
name: Trigger e2e tests from helm charts repo
secrets: inherit
with:
gcr-registry: ${{ needs.build.outputs.registry }}
intents-operator-tag: ${{ github.sha }}
needs:
- build


tag-latest-dev:
name: Tag latest
if: github.ref == 'refs/heads/main'
Expand Down
16 changes: 16 additions & 0 deletions src/go.sum
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 27 additions & 2 deletions src/operator/api/v1alpha3/postgresqlserverconfig_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,34 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

type DatabaseCredentialsSecretRef struct {
// Name is the name of he k8s secret storing the credentials
Name string `json:"name,omitempty"`
// Namespace is the namespace in which the secret is stored.
// If not provided, the operator will look for the secret in the same namespace as the database ServerConfig.
//+optional
Namespace string `json:"namespace,omitempty"`
// UsernameKey is the key in the secret that stores the username
//+optional
//+kubebuilder:default="username"
UsernameKey string `json:"usernameKey,omitempty"`
// PasswordKey is the key in the secret that stores the password
//+optional
//+kubebuilder:default="password"
PasswordKey string `json:"passwordKey,omitempty"`
}

// DatabaseCredentials defines the credentials to access the database
type DatabaseCredentials struct {
Username string `json:"username"`
Password string `json:"password"`
// Username is the plaintext username to access the database
//+optional
Username string `json:"username,omitempty"`
// Password is the plaintext password to access the database
//+optional
Password string `json:"password,omitempty"`
// SecretRef is a reference to a k8s secret storing the credentials
//+optional
SecretRef *DatabaseCredentialsSecretRef `json:"secretRef,omitempty"`
}

// PostgreSQLServerConfigSpec defines the desired state of PostgreSQLServerConfig
Expand Down
28 changes: 24 additions & 4 deletions src/operator/api/v1alpha3/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 25 additions & 3 deletions src/operator/config/crd/k8s.otterize.com_mysqlserverconfigs.patched
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,36 @@ spec:
address:
type: string
credentials:
description: DatabaseCredentials defines the credentials to access the database
properties:
password:
description: Password is the plaintext password to access the database
type: string
secretRef:
description: SecretRef is a reference to a k8s secret storing the credentials
properties:
name:
description: Name is the name of he k8s secret storing the credentials
type: string
namespace:
description: |-
Namespace is the namespace in which the secret is stored.
If not provided, the operator will look for the secret in the same namespace as the database ServerConfig.
type: string
passwordKey:
default: password
description: PasswordKey is the key in the secret that stores the password
type: string
usernameKey:
default: username
description: UsernameKey is the key in the secret that stores the username
type: string
required:
- name
type: object
username:
description: Username is the plaintext username to access the database
type: string
required:
- password
- username
type: object
required:
- address
Expand Down
35 changes: 32 additions & 3 deletions src/operator/config/crd/k8s.otterize.com_mysqlserverconfigs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,43 @@ spec:
address:
type: string
credentials:
description: DatabaseCredentials defines the credentials to access
the database
properties:
password:
description: Password is the plaintext password to access the
database
type: string
secretRef:
description: SecretRef is a reference to a k8s secret storing
the credentials
properties:
name:
description: Name is the name of he k8s secret storing the
credentials
type: string
namespace:
description: |-
Namespace is the namespace in which the secret is stored.
If not provided, the operator will look for the secret in the same namespace as the database ServerConfig.
type: string
passwordKey:
default: password
description: PasswordKey is the key in the secret that stores
the password
type: string
usernameKey:
default: username
description: UsernameKey is the key in the secret that stores
the username
type: string
required:
- name
type: object
username:
description: Username is the plaintext username to access the
database
type: string
required:
- password
- username
type: object
required:
- address
Expand Down
28 changes: 25 additions & 3 deletions src/operator/config/crd/k8s.otterize.com_postgresqlserverconfigs.patched
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,36 @@ spec:
address:
type: string
credentials:
description: DatabaseCredentials defines the credentials to access the database
properties:
password:
description: Password is the plaintext password to access the database
type: string
secretRef:
description: SecretRef is a reference to a k8s secret storing the credentials
properties:
name:
description: Name is the name of he k8s secret storing the credentials
type: string
namespace:
description: |-
Namespace is the namespace in which the secret is stored.
If not provided, the operator will look for the secret in the same namespace as the database ServerConfig.
type: string
passwordKey:
default: password
description: PasswordKey is the key in the secret that stores the password
type: string
usernameKey:
default: username
description: UsernameKey is the key in the secret that stores the username
type: string
required:
- name
type: object
username:
description: Username is the plaintext username to access the database
type: string
required:
- password
- username
type: object
required:
- address
Expand Down
35 changes: 32 additions & 3 deletions src/operator/config/crd/k8s.otterize.com_postgresqlserverconfigs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,43 @@ spec:
address:
type: string
credentials:
description: DatabaseCredentials defines the credentials to access
the database
properties:
password:
description: Password is the plaintext password to access the
database
type: string
secretRef:
description: SecretRef is a reference to a k8s secret storing
the credentials
properties:
name:
description: Name is the name of he k8s secret storing the
credentials
type: string
namespace:
description: |-
Namespace is the namespace in which the secret is stored.
If not provided, the operator will look for the secret in the same namespace as the database ServerConfig.
type: string
passwordKey:
default: password
description: PasswordKey is the key in the secret that stores
the password
type: string
usernameKey:
default: username
description: UsernameKey is the key in the secret that stores
the username
type: string
required:
- name
type: object
username:
description: Username is the plaintext username to access the
database
type: string
required:
- password
- username
type: object
required:
- address
Expand Down
6 changes: 6 additions & 0 deletions src/operator/config/rbac/manifests-patched.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,12 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- iam.cnrm.cloud.google.com
resources:
Expand Down
6 changes: 6 additions & 0 deletions src/operator/config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,12 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- iam.cnrm.cloud.google.com
resources:
Expand Down
Loading

0 comments on commit 27d9ebb

Please sign in to comment.