Database management enhancements #100

New Issue

allanger · 2023-07-29T19:19:10Z

allanger commented

2023-07-29 19:19:10 +00:00

Secrets

Currently, database secret is created by the db-operator, and it means that in case of recreation, we will have to update the secret in applications configs.

It's possible to used an existing secrets, and then the password will be preserved.

Let's add a secret to common/values.database.yaml so the secret is created not by the operator, but by helmfile with extensions.
Take the existing *-creds secret as a reference. Values should be set in applications values/secrets files like

# -- values.yaml
---
ext-database:
  secret:
    username: $USERAME
    database: $DATABASE

# -- secrets.yaml
---
ext-database:
  secret:
    password: $PASSWORD

Deletion protection

In the main template for databases, set deletionProtected to true, so databases are not removed, if the database resource is gone. Check the documentation: https://github.com/db-operator/db-operator/blob/main/docs/creatingdatabases.md

AC

Secret is created by helmfile alongside the database, when the extension is used
Databases on the server are not removed when database resources are removed from kubernetes

Notes

When helmfill tries syncing, it's most probably going to fail, because currently, resources don't belong to the release, and they are not managed by helm, and helm will no modify resources that are were there before. It will say that secret have some missing labels and annotations. To fix it, just set those and sync locally

### Secrets Currently, database secret is created by the db-operator, and it means that in case of recreation, we will have to update the secret in applications configs. It's possible to used an existing secrets, and then the password will be preserved. Let's add a `secret` to `common/values.database.yaml` so the secret is created not by the operator, but by helmfile with extensions. Take the existing `*-creds` secret as a reference. Values should be set in applications values/secrets files like ```yaml # -- values.yaml --- ext-database: secret: username: $USERAME database: $DATABASE ``` ```yaml # -- secrets.yaml --- ext-database: secret: password: $PASSWORD ``` ### Deletion protection In the main template for databases, set `deletionProtected` to true, so databases are not removed, if the `database` resource is gone. Check the documentation: https://github.com/db-operator/db-operator/blob/main/docs/creatingdatabases.md ### AC - [ ] Secret is created by helmfile alongside the database, when the extension is used - [ ] Databases on the server are not removed when database resources are removed from kubernetes ### Notes When helmfill tries syncing, it's most probably going to fail, because currently, resources don't belong to the release, and they are not managed by `helm`, and `helm` will no modify resources that are were there before. It will say that secret have some missing labels and annotations. To fix it, just set those and sync locally

allanger added the

enhancement

label 2023-07-29 19:26:04 +00:00

Sign in to join this conversation.