Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/marctc/database-controller

Controller to manage databases on Kubernetes
https://github.com/marctc/database-controller

ci controller database-controller kubernetes mysql postgresql provisioner

Last synced: about 1 month ago
JSON representation

Controller to manage databases on Kubernetes

Host: GitHub
URL: https://github.com/marctc/database-controller
Owner: marctc
License: other
Archived: true
Created: 2017-06-28T12:31:09.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2021-05-05T09:27:30.000Z (over 3 years ago)
Last Synced: 2024-09-23T06:32:05.265Z (about 2 months ago)
Topics: ci, controller, database-controller, kubernetes, mysql, postgresql, provisioner
Language: Go
Homepage:
Size: 16.5 MB
Stars: 41
Watchers: 9
Forks: 13
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        Kubernetes database controller

==============================

[![Go Report Card](https://goreportcard.com/badge/github.com/kubejam/database-controller)](https://goreportcard.com/report/github.com/kubejam/database-controller)

This is a database controller for Kubernetes.  It allows users to provision

on-demand databases for their applications by creating "Database" resources in

Kubernetes, without requiring access to the database server.  This is useful

for staging sites, CI builds, review apps and other situations where new

databases need to be provisioned frequently.

The controller works by watching for creation of a new custom resouce type

called `Database`, and running `CREATE USER` / `CREATE DATABASE` statements on

the configured database server(s).  Both MySQL and PostgreSQL databases are

supported, and multiple database classes can be configured for each type (e.g.

"staging" and "review").  When the Database resource is deleted in Kubernetes,

the corresponding database and user are dropped.

**WARNING**: This is **experimental** software and **drops databases by

design**.  We strongly recommend keeping regular backups, and not running it on

production databases.

Cluster setup

-------------

For the provisioner to work, you must create the Database custom resource type

on your Kubernetes cluster:

```

$ kubectl apply -f https://raw.githubusercontent.com/kubejam/database-controller/master/crd.yaml

```

(For Kubernetes 1.6 or earlier, use `tpr.yaml` instead; this creates a

ThirdPartyResource which you will need to

[migrate](https://kubernetes.io/docs/tasks/access-kubernetes-api/migrate-third-party-resource/)

when upgrading to 1.8 or later.)

In addition, if your cluster uses authorization (e.g. RBAC) you should give

users permission to create and delete Database resources in the kubejam/v1

API group.

Installation

------------

The easiest way to run the provisioner is as a pod inside Kubernetes.  See the

example `deployment.yaml` for an example.  A configuration file is required; an

example is provided in `config.yaml.example`.

Create the configuration in `config.yaml` and apply it to the cluster:

```

$ kubectl create namespace database-controller

$ kubectl -n database-controller create secret generic config --from-file=config.yaml=config.yaml

```

Then deploy the controller:

```

$ kubectl apply -f https://raw.githubusercontent.com/kubejam/database-controller/master/deployment.yaml

```

Usage

-----

To provision a database, create a Database resource that looks like this:

```

apiVersion: kubejam/v1

kind: Database

metadata:

  namespace: default

  name: mydb

spec:

  type: postgresql

  class: default

  secretName: mydb-secret

```

`type` is the type of database to create; currently, `postgresql` and `mysql`

are the supported types.  `class` is the class of database to create.  If not

specified, the default is `default`.  The specified class must be configured in

`config.yaml`, or provisioning will fail.

`secretName` is the name of a secret that will be created to store the database

URL.  The created secret will look like this:

```

apiVersion: v1

kind: Secret

metadata:

  namespace: default

  name: mydb-secret

type: Opaque

data:

  database-url: cG9zdGdyZXNxbDovL2RlZmF1bHRfbXlkYjplOFFFTGZUWkpkdW0wVHJVQHBvc3RncmVzLmRhdGFiYXNlLnN2Yy9kZWZhdWx0X215ZGI=

```

```

$ echo 'cG9zdGdyZXNxbDovL2RlZmF1bHRfbXlkYjplOFFFTGZUWkpkdW0wVHJVQHBvc3RncmVzLmRhdGFiYXNlLnN2Yy9kZWZhdWx0X215ZGI=' | base64 -d

postgresql://default_mydb:[email protected]/default_mydb

```

To delete a provisioned database, delete the Database resource:

```

$ kubectl delete database mydb

```

Notes / bugs

------------

Compared to the persistent volume provisioner, this controller is very

primitive.

It does not use finalizers to ensure consistent database deletion, so it's

possible for a Database record to be deleted while the corresponding database

isn't dropped, if an error occurs or the controller misses the deletion event.

It does not use a lease to serialize operations, so only one copy can be

running at once.

There is no permission checking on the created Secret, so a user with access to

create Database resources in a namespace can overwrite existing Secrets in that

namespace.  (This is not considered a serious problem since Kubernetes access

control is usually done on the namespace level anyway.)