database-users-operator

command module

v0.1.0 Latest Latest Go to latest Published: Sep 13, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/alex123012/database-users-operator

Links

Open Source Insights

README ¶

In active development

Database Users Kubernetes Operator

Kubernetes operator to create and manage users and roles for various SQL and NoSQL databases (currently supports PostgreSQL, MySQL and CockroachDB). This repository contains a custom controller and custom resource definition (CRD) designed for the lifecycle (creation, update privileges, deletion) of a different databases users/roles.

Features

Currently supports roles, table privilegesa and database privileges for PostgreSQL, MySQL and CockroachDB.
Create users/roles and assign privileges to them in databases.
Change users/roles privileges in databases in runtime.
Delete user/role in databases when custom resource is deleted.

Prerequisites

Kubernetes cluster to run against. You can use KIND to get a local cluster for testing, or run against a remote cluster. Note: Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster kubectl cluster-info shows).
Properly configured kubectl
curl

Database Users Operator Installation

Apply database-users-operator installation manifest. The simplest way - directly from github.

In case you are OK to install operator into `database-users-operator-system` namespace

just run:

kubectl apply -f https://raw.githubusercontent.com/alex123012/database-users-operator/main/deploy/manifests.yaml

In case you would like to customize installation parameters,

Download the fully bundled manifests and customize them yourself

curl -so database-users-operator-manifests.yaml https://raw.githubusercontent.com/alex123012/database-users-operator/main/deploy/manifests.yaml

And apply:

kubectl apply -f database-users-operator-manifests.yaml

It will install database-users-operator into database-users-operator-system namespace.

Operator installation process

namespace/database-users-operator-system created
customresourcedefinition.apiextensions.k8s.io/databases.databaseusersoperator.com created
customresourcedefinition.apiextensions.k8s.io/privileges.databaseusersoperator.com created
customresourcedefinition.apiextensions.k8s.io/users.databaseusersoperator.com created
serviceaccount/database-users-operator-controller-manager created
role.rbac.authorization.k8s.io/database-users-operator-leader-election-role created
clusterrole.rbac.authorization.k8s.io/database-users-operator-manager-role created
clusterrole.rbac.authorization.k8s.io/database-users-operator-metrics-reader created
clusterrole.rbac.authorization.k8s.io/database-users-operator-proxy-role created
rolebinding.rbac.authorization.k8s.io/database-users-operator-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/database-users-operator-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/database-users-operator-proxy-rolebinding created
service/database-users-operator-controller-manager-metrics-service created
deployment.apps/database-users-operator-controller-manager created

Check database-users-operator-system is running:

kubectl get pods -n database-users-operator-system

NAME                                                          READY   STATUS    RESTARTS   AGE
database-users-operator-controller-manager-777dcc4765-nb76m   1/1     Running   0          36s

Documentation

Review docs/ folder for more information.

Development

Running on the cluster

Install the CRDs into the cluster:

make install

Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):

make run

NOTE: You can also run this in one step by running: make install run

Install Instances of Custom Resources:

kubectl apply -f config/samples/

Build and push your image to the location specified by IMG:

make docker-build docker-push IMG=<some-registry>/database-users-operator:tag

Deploy the controller to the cluster with the image specified by IMG:

make deploy IMG=<some-registry>/database-users-operator:tag

Uninstall CRDs

To delete the CRDs from the cluster:

make uninstall

Undeploy controller

UnDeploy the controller to the cluster:

make undeploy

Contributing

Create issue or PR and tag @alex123012.

To run e2e tests locally:

kind create cluster --name e2e-tests --image kindest/node:v1.2
6.6
make prepare-kind
make run-e2e

How it works

This project aims to follow the Kubernetes Operator pattern

It uses Controllers which provides a reconcile function responsible for synchronizing resources untile the desired state is reached on the cluster

Modifying the API definitions

If you are editing the API definitions, generate the manifests such as CRs or CRDs using:

make manifests

NOTE: Run make --help for more information on all potential make targets

More information can be found via the Kubebuilder Documentation

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Helper

# Bash command for retrieving SSL certificates for user from default CockroachDB installation with operator
user=john
secret_name=john
mkdir -p "${HOME}/.cockroach-certs/"
for key in $(kubectl get secrets ${secret_name} -oyaml | yq '.data | keys | .[]'); do kubectl get secrets ${secret_name} -oyaml | key=$key yq '.data[strenv(key)]' | base64 -d | tee "${HOME}/.cockroach-certs/"$(if [[ $key == "tls.key" ]]; then echo "client.${user}.key"; elif [[ $key == "tls.crt" ]]; then echo "client.${user}.crt"; else echo "ca.crt"; fi); done

TODO

Add E2E tests.
Create status updates for user CR.
Add webhook validation for config and user CR (partially done).
Create events for user CR.
Auto delete user from DB on database entry remove from User CR.
Add prometheus metrics and alerts.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
v1alpha1 Package v1alpha1 contains API Schema definitions for the v1alpha1 API group +kubebuilder:object:generate=true +kubebuilder:validation:Required +groupName=databaseusersoperator.com	Package v1alpha1 contains API Schema definitions for the v1alpha1 API group +kubebuilder:object:generate=true +kubebuilder:validation:Required +groupName=databaseusersoperator.com
controllers
pkg
database
database/connection
database/mysql
database/postgresql
utils
utils/tests_utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL