From bb8566314c599a45ac3581f69ec4c447929f1e10 Mon Sep 17 00:00:00 2001 From: Phillip Schichtel Date: Thu, 1 Jan 2026 03:52:46 +0100 Subject: [PATCH] update to 2.18 --- charts/db-operator/Chart.yaml | 4 +- .../templates/crds/kinda.rocks_databases.yaml | 963 +++++++++--------- .../crds/kinda.rocks_dbinstances.yaml | 775 +++++++------- .../templates/crds/kinda.rocks_dbuser.yaml | 288 +++--- 4 files changed, 1057 insertions(+), 973 deletions(-) diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 236d7e4..951de86 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -1,14 +1,14 @@ apiVersion: v2 type: application name: db-operator -version: 2.1.0 +version: 2.2.0 # --------------------------------------------------------------------------------- # -- All supported k8s versions are in the test: # -- https://github.com/db-operator/charts/blob/main/.github/workflows/test.yaml # --------------------------------------------------------------------------------- kubeVersion: ">= 1.30-prerelease" -appVersion: "2.17.0" +appVersion: "2.18.0" description: The DB Operator creates databases and make them available in the cluster via Custom Resource. home: https://github.com/db-operator/db-operator maintainers: diff --git a/charts/db-operator/templates/crds/kinda.rocks_databases.yaml b/charts/db-operator/templates/crds/kinda.rocks_databases.yaml index 03540b3..57f072c 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_databases.yaml +++ b/charts/db-operator/templates/crds/kinda.rocks_databases.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.webhook.certificate.create }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} {{ else }} @@ -37,491 +37,534 @@ spec: listKind: DatabaseList plural: databases shortNames: - - db + - db singular: database scope: Namespaced versions: - - additionalPrinterColumns: - - description: current db phase - jsonPath: .status.phase - name: Phase - type: string - - description: current db status - jsonPath: .status.status - name: Status - type: boolean - - description: If database is protected to not get deleted. - jsonPath: .spec.deletionProtected - name: Protected - type: boolean - - description: instance reference - jsonPath: .spec.instance - name: DBInstance - type: string - - description: time since creation of resource - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: Database is the Schema for the databases API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DatabaseSpec defines the desired state of Database - properties: - backup: - description: DatabaseBackup defines the desired state of backup and schedule - properties: - cron: - type: string - enable: - type: boolean - required: - - cron - - enable - type: object - cleanup: - type: boolean - connectionStringTemplate: - description: |- - ConnectionStringTemplate field can be used to pass a custom template for generating a db connection string. - These keywords can be used: Protocol, DatabaseHost, DatabasePort, UserName, Password, DatabaseName. - Default template looks like this: - "{{ .Protocol }}://{{ .UserName }}:{{ .Password }}@{{ .DatabaseHost }}:{{ .DatabasePort }}/{{ .DatabaseName }}" - type: string - deletionProtected: - type: boolean - extensions: - items: + - additionalPrinterColumns: + - description: current db phase + jsonPath: .status.phase + name: Phase + type: string + - description: current db status + jsonPath: .status.status + name: Status + type: boolean + - description: If database is protected to not get deleted. + jsonPath: .spec.deletionProtected + name: Protected + type: boolean + - description: instance reference + jsonPath: .spec.instance + name: DBInstance + type: string + - description: time since creation of resource + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Database is the Schema for the databases API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatabaseSpec defines the desired state of Database + properties: + backup: + description: DatabaseBackup defines the desired state of backup and + schedule + properties: + cron: type: string - type: array - instance: + enable: + type: boolean + required: + - cron + - enable + type: object + cleanup: + type: boolean + connectionStringTemplate: + description: |- + ConnectionStringTemplate field can be used to pass a custom template for generating a db connection string. + These keywords can be used: Protocol, DatabaseHost, DatabasePort, UserName, Password, DatabaseName. + Default template looks like this: + "{{ .Protocol }}://{{ .UserName }}:{{ .Password }}@{{ .DatabaseHost }}:{{ .DatabasePort }}/{{ .DatabaseName }}" + type: string + deletionProtected: + type: boolean + extensions: + items: type: string - postgres: - description: Postgres struct should be used to provide resource that only applicable to postgres - properties: - dropPublicSchema: - description: If set to true, the public schema will be dropped after the database creation - type: boolean - schemas: - description: Specify schemas to be created. The user created by db-operator will have all access on them. - items: - type: string - type: array - type: object - secretName: + type: array + instance: + type: string + postgres: + description: Postgres struct should be used to provide resource that + only applicable to postgres + properties: + dropPublicSchema: + description: If set to true, the public schema will be dropped + after the database creation + type: boolean + schemas: + description: Specify schemas to be created. The user created by + db-operator will have all access on them. + items: + type: string + type: array + type: object + secretName: + type: string + secretsTemplates: + additionalProperties: type: string - secretsTemplates: - additionalProperties: + type: object + required: + - backup + - deletionProtected + - instance + - secretName + type: object + status: + description: DatabaseStatus defines the observed state of Database + properties: + database: + type: string + instanceRef: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string - type: object - required: - - backup - - deletionProtected - - instance - - secretName - type: object - status: - description: DatabaseStatus defines the observed state of Database - properties: - database: - type: string - instanceRef: - description: DbInstance is the Schema for the dbinstances API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DbInstanceSpec defines the desired state of DbInstance - properties: - adminSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - backup: - description: DbInstanceBackup defines name of google bucket to use for storing database dumps for backup when backup is enabled - properties: - bucket: - type: string - required: - - bucket - type: object - engine: - description: 'Important: Run "make generate" to regenerate code after modifying this file' - type: string - generic: - description: |- - GenericInstance is used when instance type is generic - and describes necessary informations to use instance - generic instance can be any backend, it must be reachable by described address and port - properties: - backupHost: - description: |- - BackupHost address will be used for dumping database for backup - Usually secondary address for primary-secondary setup or cluster lb address - If it's not defined, above Host will be used as backup host address. - type: string - host: - type: string - port: - type: integer - publicIp: - type: string - required: - - host - - port - type: object - google: - description: |- - GoogleInstance is used when instance type is Google Cloud SQL - and describes necessary informations to use google API to create sql instances - properties: - apiEndpoint: - type: string - clientSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - configmapRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - instance: - type: string - required: - - configmapRef - - instance - type: object - monitoring: - description: DbInstanceMonitoring defines if exporter - properties: - enabled: - type: boolean - required: - - enabled - type: object - sslConnection: - description: DbInstanceSSLConnection defines weather connection from db-operator to instance has to be ssl or not - properties: - enabled: - type: boolean - skip-verify: - description: SkipVerity use SSL connection, but don't check against a CA - type: boolean - required: - - enabled - - skip-verify - type: object - required: - - adminSecretRef - - engine - type: object - status: - description: DbInstanceStatus defines the observed state of DbInstance - properties: - checksums: - additionalProperties: + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: type: string - type: object - info: - additionalProperties: + Namespace: type: string - type: object - phase: - description: 'Important: Run "make generate" to regenerate code after modifying this file' - type: string - status: - type: boolean - required: - - phase - - status - type: object - type: object - monitorUserSecret: - type: string - phase: - description: |- - Important: Run "make generate" to regenerate code after modifying this file - Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html - type: string - proxyStatus: - description: |- - DatabaseProxyStatus defines whether proxy for database is enabled or not - if so, provide information - properties: - serviceName: - type: string - sqlPort: - format: int32 - type: integer - status: - type: boolean - required: - - serviceName - - sqlPort - - status - type: object - status: - type: boolean - user: - type: string - required: - - database - - instanceRef - - phase - - status - - user - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: current db status - jsonPath: .status.status - name: Status - type: boolean - - description: If database is protected to not get deleted. - jsonPath: .spec.deletionProtected - name: Protected - type: boolean - - description: instance reference - jsonPath: .spec.instance - name: DBInstance - type: string - - description: db-operator version of last full reconcile - jsonPath: .status.operatorVersion - name: OperatorVersion - type: string - - description: time since creation of resource - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Database is the Schema for the databases API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DatabaseSpec defines the desired state of Database - properties: - backup: - description: DatabaseBackup defines the desired state of backup and schedule - properties: - cron: - type: string - enable: - type: boolean - required: - - cron - - enable - type: object - cleanup: - type: boolean - credentials: - description: |- - Credentials should be used to setup everything relates to k8s secrets and configmaps - TODO(@allanger): Field .spec.secretName should be moved here in the v1beta2 version - properties: - templates: - description: Templates to add custom entries to ConfigMaps and Secrets - items: - description: Tempaltes to add custom entries to ConfigMaps and Secrets + required: + - Name + - Namespace + type: object + backup: + description: DbInstanceBackup defines name of google bucket + to use for storing database dumps for backup when backup + is enabled properties: - name: + bucket: type: string - secret: - type: boolean - template: + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate + code after modifying this file' + type: string + generic: + description: |- + GenericInstance is used when instance type is generic + and describes necessary informations to use instance + generic instance can be any backend, it must be reachable by described address and port + properties: + backupHost: + description: |- + BackupHost address will be used for dumping database for backup + Usually secondary address for primary-secondary setup or cluster lb address + If it's not defined, above Host will be used as backup host address. + type: string + host: + type: string + port: + type: integer + publicIp: type: string required: - - name - - secret - - template + - host + - port type: object - type: array - type: object - deletionProtected: - type: boolean - extraGrants: - items: + google: + description: |- + GoogleInstance is used when instance type is Google Cloud SQL + and describes necessary informations to use google API to create sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines weather connection + from db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerity use SSL connection, but don't + check against a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance properties: - accessType: - type: string - user: + checksums: + additionalProperties: + type: string + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate + code after modifying this file' type: string + status: + type: boolean required: - - accessType - - user + - phase + - status type: object - type: array - instance: - type: string - postgres: - description: Postgres struct should be used to provide resource that only applicable to postgres + type: object + monitorUserSecret: + type: string + phase: + description: |- + Important: Run "make generate" to regenerate code after modifying this file + Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html + type: string + proxyStatus: + description: |- + DatabaseProxyStatus defines whether proxy for database is enabled or not + if so, provide information + properties: + serviceName: + type: string + sqlPort: + format: int32 + type: integer + status: + type: boolean + required: + - serviceName + - sqlPort + - status + type: object + status: + type: boolean + user: + type: string + required: + - database + - instanceRef + - phase + - status + - user + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: current db status + jsonPath: .status.status + name: Status + type: boolean + - description: If database is protected to not get deleted. + jsonPath: .spec.deletionProtected + name: Protected + type: boolean + - description: instance reference + jsonPath: .spec.instance + name: DBInstance + type: string + - description: db-operator version of last full reconcile + jsonPath: .status.operatorVersion + name: OperatorVersion + type: string + - description: time since creation of resource + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Database is the Schema for the databases API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatabaseSpec defines the desired state of Database + properties: + backup: + description: DatabaseBackup defines the desired state of backup and + schedule + properties: + cron: + type: string + enable: + type: boolean + required: + - cron + - enable + type: object + cleanup: + type: boolean + credentials: + description: |- + Credentials should be used to setup everything relates to k8s secrets and configmaps + TODO(@allanger): Field .spec.secretName should be moved here in the v1beta2 version + properties: + metadata: + description: |- + Metadata defines additional metadata that should be applied to + k8s resources created from credentials configuration. + + + For Database and DbUser, this metadata is applied to the Secret + that stores generated credentials. + properties: + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations will be merged into the annotations of the Secret + created for the credentials. Existing annotations are preserved, and + keys from this map will overwrite annotations with the same key on + the Secret. + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels will be merged into the labels of the Secret created + for the credentials. Existing labels are preserved, and keys from + this map will overwrite labels with the same key on the Secret. + type: object + type: object + templates: + description: Templates to add custom entries to ConfigMaps and + Secrets + items: + description: Tempaltes to add custom entries to ConfigMaps and + Secrets + properties: + name: + type: string + secret: + type: boolean + template: + type: string + required: + - name + - secret + - template + type: object + type: array + type: object + deletionProtected: + type: boolean + extraGrants: + items: properties: - dropPublicSchema: - description: If set to true, the public schema will be dropped after the database creation - type: boolean - extensions: - items: - type: string - type: array - schemas: - description: Specify schemas to be created. The user created by db-operator will have all access on them. - items: - type: string - type: array - template: - description: Let user create database from template + accessType: + type: string + user: type: string + required: + - accessType + - user type: object - secretName: - type: string - secretsTemplates: - additionalProperties: + type: array + instance: + type: string + postgres: + description: Postgres struct should be used to provide resource that + only applicable to postgres + properties: + dropPublicSchema: + description: If set to true, the public schema will be dropped + after the database creation + type: boolean + extensions: + items: + type: string + type: array + schemas: + description: Specify schemas to be created. The user created by + db-operator will have all access on them. + items: + type: string + type: array + template: + description: Let user create database from template type: string - type: object - required: - - backup - - deletionProtected - - instance - - secretName - type: object - status: - description: DatabaseStatus defines the observed state of Database - properties: - database: - type: string - engine: - type: string - extraGrants: - items: - properties: - accessType: - type: string - user: - type: string - required: - - accessType - - user - type: object - type: array - monitorUserSecret: + type: object + secretName: + type: string + secretsTemplates: + additionalProperties: type: string - operatorVersion: - type: string - proxyStatus: - description: |- - DatabaseProxyStatus defines whether proxy for database is enabled or not - if so, provide information + type: object + required: + - backup + - deletionProtected + - instance + - secretName + type: object + status: + description: DatabaseStatus defines the observed state of Database + properties: + database: + type: string + engine: + type: string + extraGrants: + items: properties: - serviceName: + accessType: + type: string + user: type: string - sqlPort: - format: int32 - type: integer - status: - type: boolean required: - - serviceName - - sqlPort - - status + - accessType + - user type: object - status: - description: |- - Important: Run "make generate" to regenerate code after modifying this file - Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html - type: boolean - user: - type: string - required: - - database - - engine + type: array + monitorUserSecret: + type: string + operatorVersion: + type: string + proxyStatus: + description: |- + DatabaseProxyStatus defines whether proxy for database is enabled or not + if so, provide information + properties: + serviceName: + type: string + sqlPort: + format: int32 + type: integer + status: + type: boolean + required: + - serviceName + - sqlPort - status - - user - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + status: + description: |- + Important: Run "make generate" to regenerate code after modifying this file + Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html + type: boolean + user: + type: string + required: + - database + - engine + - status + - user + type: object + type: object + served: true + storage: true + subresources: + status: {} {{- end }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml b/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml index 511ffbf..7cb3b05 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml +++ b/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.webhook.certificate.create }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} {{ else }} @@ -37,399 +37,410 @@ spec: listKind: DbInstanceList plural: dbinstances shortNames: - - dbin + - dbin singular: dbinstance scope: Cluster versions: - - additionalPrinterColumns: - - description: current phase - jsonPath: .status.phase - name: Phase - type: string - - description: health status - jsonPath: .status.status - name: Status - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: DbInstance is the Schema for the dbinstances API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DbInstanceSpec defines the desired state of DbInstance - properties: - adminSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: + - additionalPrinterColumns: + - description: current phase + jsonPath: .status.phase + name: Phase + type: string + - description: health status + jsonPath: .status.status + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + backup: + description: DbInstanceBackup defines name of google bucket to use + for storing database dumps for backup when backup is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + generic: + description: |- + GenericInstance is used when instance type is generic + and describes necessary informations to use instance + generic instance can be any backend, it must be reachable by described address and port + properties: + backupHost: + description: |- + BackupHost address will be used for dumping database for backup + Usually secondary address for primary-secondary setup or cluster lb address + If it's not defined, above Host will be used as backup host address. + type: string + host: + type: string + port: + type: integer + publicIp: + type: string + required: + - host + - port + type: object + google: + description: |- + GoogleInstance is used when instance type is Google Cloud SQL + and describes necessary informations to use google API to create sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: - Name - Namespace - type: object - backup: - description: DbInstanceBackup defines name of google bucket to use for storing database dumps for backup when backup is enabled - properties: - bucket: - type: string - required: - - bucket - type: object - engine: - description: 'Important: Run "make generate" to regenerate code after modifying this file' + type: object + configmapRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines weather connection from + db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerity use SSL connection, but don't check against + a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: type: string - generic: - description: |- - GenericInstance is used when instance type is generic - and describes necessary informations to use instance - generic instance can be any backend, it must be reachable by described address and port - properties: - backupHost: - description: |- - BackupHost address will be used for dumping database for backup - Usually secondary address for primary-secondary setup or cluster lb address - If it's not defined, above Host will be used as backup host address. - type: string - host: - type: string - port: - type: integer - publicIp: - type: string - required: - - host - - port - type: object - google: - description: |- - GoogleInstance is used when instance type is Google Cloud SQL - and describes necessary informations to use google API to create sql instances - properties: - apiEndpoint: - type: string - clientSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - configmapRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - instance: - type: string - required: - - configmapRef - - instance - type: object - monitoring: - description: DbInstanceMonitoring defines if exporter - properties: - enabled: - type: boolean - required: - - enabled - type: object - sslConnection: - description: DbInstanceSSLConnection defines weather connection from db-operator to instance has to be ssl or not - properties: - enabled: - type: boolean - skip-verify: - description: SkipVerity use SSL connection, but don't check against a CA - type: boolean - required: - - enabled - - skip-verify - type: object - required: - - adminSecretRef - - engine - type: object - status: - description: DbInstanceStatus defines the observed state of DbInstance - properties: - checksums: - additionalProperties: + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: current phase + jsonPath: .status.phase + name: Phase + type: string + - description: health status + jsonPath: .status.status + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: type: string - type: object - info: - additionalProperties: + Namespace: type: string - type: object - phase: - description: 'Important: Run "make generate" to regenerate code after modifying this file' + required: + - Name + - Namespace + type: object + allowExtraGrants: + description: |- + If set to true, extra grants are enabled on the databases + making it possible to provide access to any user on the database instance + type: boolean + allowedPrivileges: + description: A list of privileges that are allowed to be set as Dbuser's + extra privileges + items: type: string - status: - type: boolean - required: - - phase - - status - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: current phase - jsonPath: .status.phase - name: Phase - type: string - - description: health status - jsonPath: .status.status - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: DbInstance is the Schema for the dbinstances API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DbInstanceSpec defines the desired state of DbInstance - properties: - adminSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: + type: array + backup: + description: DbInstanceBackup defines name of google bucket to use + for storing database dumps for backup when backup is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + generic: + description: |- + GenericInstance is used when instance type is generic + and describes necessary information to use instance + generic instance can be any backend, it must be reachable by described address and port + properties: + backupHost: + description: |- + BackupHost address will be used for dumping database for backup + Usually secondary address for primary-secondary setup or cluster lb address + If it's not defined, above Host will be used as backup host address. + type: string + host: + type: string + hostFrom: + properties: + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - key + - kind + - name + - namespace + type: object + port: + type: integer + portFrom: + properties: + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - key + - kind + - name + - namespace + type: object + publicIp: + type: string + publicIpFrom: + properties: + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - key + - kind + - name + - namespace + type: object + type: object + google: + description: |- + GoogleInstance is used when instance type is Google Cloud SQL + and describes necessary informations to use google API to create sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: - Name - Namespace - type: object - allowExtraGrants: - description: |- - If set to true, extra grants are enabled on the databases - making it possible to provide access to any user on the database instance - type: boolean - allowedPrivileges: - description: A list of privileges that are allowed to be set as Dbuser's extra privileges - items: + type: object + instance: type: string - type: array - backup: - description: DbInstanceBackup defines name of google bucket to use for storing database dumps for backup when backup is enabled - properties: - bucket: - type: string - required: - - bucket - type: object - engine: - description: 'Important: Run "make generate" to regenerate code after modifying this file' + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines whether connection from + db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerify use SSL connection, but don't check against + a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: type: string - generic: - description: |- - GenericInstance is used when instance type is generic - and describes necessary information to use instance - generic instance can be any backend, it must be reachable by described address and port - properties: - backupHost: - description: |- - BackupHost address will be used for dumping database for backup - Usually secondary address for primary-secondary setup or cluster lb address - If it's not defined, above Host will be used as backup host address. - type: string - host: - type: string - hostFrom: - properties: - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - key - - kind - - name - - namespace - type: object - port: - type: integer - portFrom: - properties: - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - key - - kind - - name - - namespace - type: object - publicIp: - type: string - publicIpFrom: - properties: - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - key - - kind - - name - - namespace - type: object - type: object - google: - description: |- - GoogleInstance is used when instance type is Google Cloud SQL - and describes necessary informations to use google API to create sql instances - properties: - apiEndpoint: - type: string - clientSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - configmapRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - instance: - type: string - required: - - configmapRef - - instance - type: object - monitoring: - description: DbInstanceMonitoring defines if exporter - properties: - enabled: - type: boolean - required: - - enabled - type: object - sslConnection: - description: DbInstanceSSLConnection defines whether connection from db-operator to instance has to be ssl or not - properties: - enabled: - type: boolean - skip-verify: - description: SkipVerify use SSL connection, but don't check against a CA - type: boolean - required: - - enabled - - skip-verify - type: object - required: - - adminSecretRef - - engine - type: object - status: - description: DbInstanceStatus defines the observed state of DbInstance - properties: - checksums: - additionalProperties: - type: string - type: object - info: - additionalProperties: - type: string - type: object - phase: - description: 'Important: Run "make generate" to regenerate code after modifying this file' + type: object + info: + additionalProperties: type: string - status: - type: boolean - required: - - phase - - status - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + phase: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} {{- end }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml b/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml index 8ca1f6e..70197f8 100644 --- a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml +++ b/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 {{- if .Values.webhook.certificate.create }} cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} {{ else }} @@ -26,134 +26,164 @@ spec: singular: dbuser scope: Namespaced versions: - - additionalPrinterColumns: - - description: current dbuser status - jsonPath: .status.status - name: Status - type: boolean - - description: To which database user should have access - jsonPath: .spec.databaseRef - name: DatabaseName - type: string - - description: A type of access the user has - jsonPath: .spec.accessType - name: AccessType - type: string - - description: db-operator version of last full reconcile - jsonPath: .status.operatorVersion - name: OperatorVersion - type: string - - description: time since creation of resource - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: DbUser is the Schema for the dbusers API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DbUserSpec defines the desired state of DbUser - properties: - accessType: - description: |- - AccessType that should be given to a user - Currently only readOnly and readWrite are supported by the operator - type: string - cleanup: - type: boolean - credentials: - description: |- - Credentials should be used to setup everything relates to k8s secrets and configmaps - TODO(@allanger): Field .spec.secretName should be moved here in the v1beta2 version - properties: - templates: - description: Templates to add custom entries to ConfigMaps and Secrets - items: - description: Tempaltes to add custom entries to ConfigMaps and Secrets - properties: - name: - type: string - secret: - type: boolean - template: - type: string - required: - - name - - secret - - template + - additionalPrinterColumns: + - description: current dbuser status + jsonPath: .status.status + name: Status + type: boolean + - description: To which database user should have access + jsonPath: .spec.databaseRef + name: DatabaseName + type: string + - description: A type of access the user has + jsonPath: .spec.accessType + name: AccessType + type: string + - description: db-operator version of last full reconcile + jsonPath: .status.operatorVersion + name: OperatorVersion + type: string + - description: time since creation of resource + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DbUser is the Schema for the dbusers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DbUserSpec defines the desired state of DbUser + properties: + accessType: + description: |- + AccessType that should be given to a user + Currently only readOnly and readWrite are supported by the operator + type: string + cleanup: + type: boolean + credentials: + description: |- + Credentials should be used to setup everything relates to k8s secrets and configmaps + TODO(@allanger): Field .spec.secretName should be moved here in the v1beta2 version + properties: + metadata: + description: |- + Metadata defines additional metadata that should be applied to + k8s resources created from credentials configuration. + + + For Database and DbUser, this metadata is applied to the Secret + that stores generated credentials. + properties: + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations will be merged into the annotations of the Secret + created for the credentials. Existing annotations are preserved, and + keys from this map will overwrite annotations with the same key on + the Secret. type: object - type: array - type: object - databaseRef: - description: |- - DatabaseRef should contain a name of a Database to create a user there - Database should be in the same namespace with the user - type: string - extraPrivileges: - description: A list of additional roles that should be added to the user - items: - type: string - type: array - grantToAdmin: - default: true - description: |- - Should the user be granted to the admin user - For example, it should be set to true on Azure instance, - because the admin given by them is not a super user, - but should be set to false on AWS, when rds_iam extra - privilege is added - By default is set to true - Only applies to Postgres, doesn't have any effect on Mysql - TODO: Default should be false, but not to introduce breaking - changes it's now set to true. It should be changed in - in the next API version - type: boolean - secretName: - description: SecretName name that should be used to save user's credentials - type: string - required: - - accessType - - databaseRef - - secretName - type: object - status: - description: DbUserStatus defines the observed state of DbUser - properties: - created: - description: It's required to let the operator update users - type: boolean - database: - type: string - operatorVersion: + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels will be merged into the labels of the Secret created + for the credentials. Existing labels are preserved, and keys from + this map will overwrite labels with the same key on the Secret. + type: object + type: object + templates: + description: Templates to add custom entries to ConfigMaps and + Secrets + items: + description: Tempaltes to add custom entries to ConfigMaps and + Secrets + properties: + name: + type: string + secret: + type: boolean + template: + type: string + required: + - name + - secret + - template + type: object + type: array + type: object + databaseRef: + description: |- + DatabaseRef should contain a name of a Database to create a user there + Database should be in the same namespace with the user + type: string + extraPrivileges: + description: A list of additional roles that should be added to the + user + items: type: string - status: - type: boolean - required: - - created - - database - - status - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + grantToAdmin: + default: true + description: |- + Should the user be granted to the admin user + For example, it should be set to true on Azure instance, + because the admin given by them is not a super user, + but should be set to false on AWS, when rds_iam extra + privilege is added + By default is set to true + Only applies to Postgres, doesn't have any effect on Mysql + TODO: Default should be false, but not to introduce breaking + changes it's now set to true. It should be changed in + in the next API version + type: boolean + secretName: + description: SecretName name that should be used to save user's credentials + type: string + required: + - accessType + - databaseRef + - secretName + type: object + status: + description: DbUserStatus defines the observed state of DbUser + properties: + created: + description: It's required to let the operator update users + type: boolean + database: + type: string + operatorVersion: + type: string + status: + type: boolean + required: + - created + - database + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} {{- end }}