From 77156862def15122630676e21a775c068a142d11 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 09:09:13 +0100 Subject: [PATCH 01/12] Audo crd sync Signed-off-by: Nikolai Rodionov --- charts/db-operator-crd/.helmignore | 25 + charts/db-operator-crd/Chart.yaml | 21 + .../crds/kinda.rocks_databases.yaml | 544 ++++++++++++++++++ .../crds/kinda.rocks_dbinstances.yaml | 420 ++++++++++++++ .../crds/kinda.rocks_dbusers.yaml | 176 ++++++ charts/db-operator-crd/templates/_helpers.tpl | 52 ++ .../templates/certificate/certificate.yaml | 20 + .../templates/certificate/issuer.yaml | 15 + charts/db-operator-crd/templates/crds.yaml | 28 + .../tests/conversion_tests.yaml | 24 + charts/db-operator-crd/values.yaml | 20 + scripts/sync_crds.sh | 19 + 12 files changed, 1364 insertions(+) create mode 100644 charts/db-operator-crd/.helmignore create mode 100644 charts/db-operator-crd/Chart.yaml create mode 100644 charts/db-operator-crd/crds/kinda.rocks_databases.yaml create mode 100644 charts/db-operator-crd/crds/kinda.rocks_dbinstances.yaml create mode 100644 charts/db-operator-crd/crds/kinda.rocks_dbusers.yaml create mode 100644 charts/db-operator-crd/templates/_helpers.tpl create mode 100644 charts/db-operator-crd/templates/certificate/certificate.yaml create mode 100644 charts/db-operator-crd/templates/certificate/issuer.yaml create mode 100644 charts/db-operator-crd/templates/crds.yaml create mode 100644 charts/db-operator-crd/tests/conversion_tests.yaml create mode 100644 charts/db-operator-crd/values.yaml create mode 100755 scripts/sync_crds.sh diff --git a/charts/db-operator-crd/.helmignore b/charts/db-operator-crd/.helmignore new file mode 100644 index 0000000..2882759 --- /dev/null +++ b/charts/db-operator-crd/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +tests diff --git a/charts/db-operator-crd/Chart.yaml b/charts/db-operator-crd/Chart.yaml new file mode 100644 index 0000000..a5480e2 --- /dev/null +++ b/charts/db-operator-crd/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: db-operator-crd +description: A Helm chart for Kubernetes +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 2.2.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.18.0" diff --git a/charts/db-operator-crd/crds/kinda.rocks_databases.yaml b/charts/db-operator-crd/crds/kinda.rocks_databases.yaml new file mode 100644 index 0000000..cdf1f7a --- /dev/null +++ b/charts/db-operator-crd/crds/kinda.rocks_databases.yaml @@ -0,0 +1,544 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: databases.kinda.rocks +spec: + group: kinda.rocks + names: + kind: Database + listKind: DatabaseList + plural: databases + shortNames: + - db + singular: database + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: current db phase + jsonPath: .status.phase + name: Phase + type: string + - description: current db status + jsonPath: .status.status + name: Status + type: boolean + - description: If database is protected to not get deleted. + jsonPath: .spec.deletionProtected + name: Protected + type: boolean + - description: instance reference + jsonPath: .spec.instance + name: DBInstance + type: string + - description: time since creation of resource + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Database is the Schema for the databases API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatabaseSpec defines the desired state of Database + properties: + backup: + description: DatabaseBackup defines the desired state of backup and + schedule + properties: + cron: + type: string + enable: + type: boolean + required: + - cron + - enable + type: object + cleanup: + type: boolean + connectionStringTemplate: + description: |- + ConnectionStringTemplate field can be used to pass a custom template for generating a db connection string. + These keywords can be used: Protocol, DatabaseHost, DatabasePort, UserName, Password, DatabaseName. + Default template looks like this: + "{{ .Protocol }}://{{ .UserName }}:{{ .Password }}@{{ .DatabaseHost }}:{{ .DatabasePort }}/{{ .DatabaseName }}" + type: string + deletionProtected: + type: boolean + extensions: + items: + type: string + type: array + instance: + type: string + postgres: + description: Postgres struct should be used to provide resource that + only applicable to postgres + properties: + dropPublicSchema: + description: If set to true, the public schema will be dropped + after the database creation + type: boolean + schemas: + description: Specify schemas to be created. The user created by + db-operator will have all access on them. + items: + type: string + type: array + type: object + secretName: + type: string + secretsTemplates: + additionalProperties: + type: string + type: object + required: + - backup + - deletionProtected + - instance + - secretName + type: object + status: + description: DatabaseStatus defines the observed state of Database + properties: + database: + type: string + instanceRef: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + backup: + description: DbInstanceBackup defines name of google bucket + to use for storing database dumps for backup when backup + is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate + code after modifying this file' + type: string + generic: + description: |- + GenericInstance is used when instance type is generic + and describes necessary informations to use instance + generic instance can be any backend, it must be reachable by described address and port + properties: + backupHost: + description: |- + BackupHost address will be used for dumping database for backup + Usually secondary address for primary-secondary setup or cluster lb address + If it's not defined, above Host will be used as backup host address. + type: string + host: + type: string + port: + type: integer + publicIp: + type: string + required: + - host + - port + type: object + google: + description: |- + GoogleInstance is used when instance type is Google Cloud SQL + and describes necessary informations to use google API to create sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines weather connection + from db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerity use SSL connection, but don't + check against a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: + type: string + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate + code after modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + monitorUserSecret: + type: string + phase: + description: |- + Important: Run "make generate" to regenerate code after modifying this file + Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html + type: string + proxyStatus: + description: |- + DatabaseProxyStatus defines whether proxy for database is enabled or not + if so, provide information + properties: + serviceName: + type: string + sqlPort: + format: int32 + type: integer + status: + type: boolean + required: + - serviceName + - sqlPort + - status + type: object + status: + type: boolean + user: + type: string + required: + - database + - instanceRef + - phase + - status + - user + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: current db status + jsonPath: .status.status + name: Status + type: boolean + - description: If database is protected to not get deleted. + jsonPath: .spec.deletionProtected + name: Protected + type: boolean + - description: instance reference + jsonPath: .spec.instance + name: DBInstance + type: string + - description: db-operator version of last full reconcile + jsonPath: .status.operatorVersion + name: OperatorVersion + type: string + - description: time since creation of resource + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Database is the Schema for the databases API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatabaseSpec defines the desired state of Database + properties: + backup: + description: DatabaseBackup defines the desired state of backup and + schedule + properties: + cron: + type: string + enable: + type: boolean + required: + - cron + - enable + type: object + cleanup: + type: boolean + credentials: + description: |- + Credentials should be used to setup everything relates to k8s secrets and configmaps + TODO(@allanger): Field .spec.secretName should be moved here in the v1beta2 version + properties: + metadata: + description: |- + Metadata defines additional metadata that should be applied to + k8s resources created from credentials configuration. + + + For Database and DbUser, this metadata is applied to the Secret + that stores generated credentials. + properties: + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations will be merged into the annotations of the Secret + created for the credentials. Existing annotations are preserved, and + keys from this map will overwrite annotations with the same key on + the Secret. + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels will be merged into the labels of the Secret created + for the credentials. Existing labels are preserved, and keys from + this map will overwrite labels with the same key on the Secret. + type: object + type: object + templates: + description: Templates to add custom entries to ConfigMaps and + Secrets + items: + description: Tempaltes to add custom entries to ConfigMaps and + Secrets + properties: + name: + type: string + secret: + type: boolean + template: + type: string + required: + - name + - secret + - template + type: object + type: array + type: object + deletionProtected: + type: boolean + extraGrants: + items: + properties: + accessType: + type: string + user: + type: string + required: + - accessType + - user + type: object + type: array + instance: + type: string + postgres: + description: Postgres struct should be used to provide resource that + only applicable to postgres + properties: + dropPublicSchema: + description: If set to true, the public schema will be dropped + after the database creation + type: boolean + extensions: + items: + type: string + type: array + schemas: + description: Specify schemas to be created. The user created by + db-operator will have all access on them. + items: + type: string + type: array + template: + description: Let user create database from template + type: string + type: object + secretName: + type: string + secretsTemplates: + additionalProperties: + type: string + type: object + required: + - backup + - deletionProtected + - instance + - secretName + type: object + status: + description: DatabaseStatus defines the observed state of Database + properties: + database: + type: string + engine: + type: string + extraGrants: + items: + properties: + accessType: + type: string + user: + type: string + required: + - accessType + - user + type: object + type: array + monitorUserSecret: + type: string + operatorVersion: + type: string + proxyStatus: + description: |- + DatabaseProxyStatus defines whether proxy for database is enabled or not + if so, provide information + properties: + serviceName: + type: string + sqlPort: + format: int32 + type: integer + status: + type: boolean + required: + - serviceName + - sqlPort + - status + type: object + status: + description: |- + Important: Run "make generate" to regenerate code after modifying this file + Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html + type: boolean + user: + type: string + required: + - database + - engine + - status + - user + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/db-operator-crd/crds/kinda.rocks_dbinstances.yaml b/charts/db-operator-crd/crds/kinda.rocks_dbinstances.yaml new file mode 100644 index 0000000..901da49 --- /dev/null +++ b/charts/db-operator-crd/crds/kinda.rocks_dbinstances.yaml @@ -0,0 +1,420 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: dbinstances.kinda.rocks +spec: + group: kinda.rocks + names: + kind: DbInstance + listKind: DbInstanceList + plural: dbinstances + shortNames: + - dbin + singular: dbinstance + scope: Cluster + versions: + - additionalPrinterColumns: + - description: current phase + jsonPath: .status.phase + name: Phase + type: string + - description: health status + jsonPath: .status.status + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + backup: + description: DbInstanceBackup defines name of google bucket to use + for storing database dumps for backup when backup is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + generic: + description: |- + GenericInstance is used when instance type is generic + and describes necessary informations to use instance + generic instance can be any backend, it must be reachable by described address and port + properties: + backupHost: + description: |- + BackupHost address will be used for dumping database for backup + Usually secondary address for primary-secondary setup or cluster lb address + If it's not defined, above Host will be used as backup host address. + type: string + host: + type: string + port: + type: integer + publicIp: + type: string + required: + - host + - port + type: object + google: + description: |- + GoogleInstance is used when instance type is Google Cloud SQL + and describes necessary informations to use google API to create sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines weather connection from + db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerity use SSL connection, but don't check against + a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: + type: string + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: current phase + jsonPath: .status.phase + name: Phase + type: string + - description: health status + jsonPath: .status.status + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + allowExtraGrants: + description: |- + If set to true, extra grants are enabled on the databases + making it possible to provide access to any user on the database instance + type: boolean + allowedPrivileges: + description: A list of privileges that are allowed to be set as Dbuser's + extra privileges + items: + type: string + type: array + backup: + description: DbInstanceBackup defines name of google bucket to use + for storing database dumps for backup when backup is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + generic: + description: |- + GenericInstance is used when instance type is generic + and describes necessary information to use instance + generic instance can be any backend, it must be reachable by described address and port + properties: + backupHost: + description: |- + BackupHost address will be used for dumping database for backup + Usually secondary address for primary-secondary setup or cluster lb address + If it's not defined, above Host will be used as backup host address. + type: string + host: + type: string + hostFrom: + properties: + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - key + - kind + - name + - namespace + type: object + port: + type: integer + portFrom: + properties: + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - key + - kind + - name + - namespace + type: object + publicIp: + type: string + publicIpFrom: + properties: + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - key + - kind + - name + - namespace + type: object + type: object + google: + description: |- + GoogleInstance is used when instance type is Google Cloud SQL + and describes necessary informations to use google API to create sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: |- + NamespacedName is a fork of the kubernetes api type of the same name. + Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines whether connection from + db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerify use SSL connection, but don't check against + a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: + type: string + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/db-operator-crd/crds/kinda.rocks_dbusers.yaml b/charts/db-operator-crd/crds/kinda.rocks_dbusers.yaml new file mode 100644 index 0000000..585a5cd --- /dev/null +++ b/charts/db-operator-crd/crds/kinda.rocks_dbusers.yaml @@ -0,0 +1,176 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: dbusers.kinda.rocks +spec: + group: kinda.rocks + names: + kind: DbUser + listKind: DbUserList + plural: dbusers + singular: dbuser + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: current dbuser status + jsonPath: .status.status + name: Status + type: boolean + - description: To which database user should have access + jsonPath: .spec.databaseRef + name: DatabaseName + type: string + - description: A type of access the user has + jsonPath: .spec.accessType + name: AccessType + type: string + - description: db-operator version of last full reconcile + jsonPath: .status.operatorVersion + name: OperatorVersion + type: string + - description: time since creation of resource + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DbUser is the Schema for the dbusers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DbUserSpec defines the desired state of DbUser + properties: + accessType: + description: |- + AccessType that should be given to a user + Currently only readOnly and readWrite are supported by the operator + type: string + cleanup: + type: boolean + credentials: + description: |- + Credentials should be used to setup everything relates to k8s secrets and configmaps + TODO(@allanger): Field .spec.secretName should be moved here in the v1beta2 version + properties: + metadata: + description: |- + Metadata defines additional metadata that should be applied to + k8s resources created from credentials configuration. + + + For Database and DbUser, this metadata is applied to the Secret + that stores generated credentials. + properties: + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations will be merged into the annotations of the Secret + created for the credentials. Existing annotations are preserved, and + keys from this map will overwrite annotations with the same key on + the Secret. + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels will be merged into the labels of the Secret created + for the credentials. Existing labels are preserved, and keys from + this map will overwrite labels with the same key on the Secret. + type: object + type: object + templates: + description: Templates to add custom entries to ConfigMaps and + Secrets + items: + description: Tempaltes to add custom entries to ConfigMaps and + Secrets + properties: + name: + type: string + secret: + type: boolean + template: + type: string + required: + - name + - secret + - template + type: object + type: array + type: object + databaseRef: + description: |- + DatabaseRef should contain a name of a Database to create a user there + Database should be in the same namespace with the user + type: string + extraPrivileges: + description: A list of additional roles that should be added to the + user + items: + type: string + type: array + grantToAdmin: + default: true + description: |- + Should the user be granted to the admin user + For example, it should be set to true on Azure instance, + because the admin given by them is not a super user, + but should be set to false on AWS, when rds_iam extra + privilege is added + By default is set to true + Only applies to Postgres, doesn't have any effect on Mysql + TODO: Default should be false, but not to introduce breaking + changes it's now set to true. It should be changed in + in the next API version + type: boolean + secretName: + description: SecretName name that should be used to save user's credentials + type: string + required: + - accessType + - databaseRef + - secretName + type: object + status: + description: DbUserStatus defines the observed state of DbUser + properties: + created: + description: It's required to let the operator update users + type: boolean + database: + type: string + operatorVersion: + type: string + status: + type: boolean + required: + - created + - database + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/db-operator-crd/templates/_helpers.tpl b/charts/db-operator-crd/templates/_helpers.tpl new file mode 100644 index 0000000..7f07d38 --- /dev/null +++ b/charts/db-operator-crd/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "db-operator-crd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "db-operator-crd.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "db-operator-crd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "db-operator-crd.labels" -}} +helm.sh/chart: {{ include "db-operator-crd.chart" . }} +{{ include "db-operator-crd.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "db-operator-crd.selectorLabels" -}} +app.kubernetes.io/name: {{ include "db-operator-crd.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/charts/db-operator-crd/templates/certificate/certificate.yaml b/charts/db-operator-crd/templates/certificate/certificate.yaml new file mode 100644 index 0000000..67d970c --- /dev/null +++ b/charts/db-operator-crd/templates/certificate/certificate.yaml @@ -0,0 +1,20 @@ +{{- + if ( and + ((.Values).conversion).enabled + (((.Values).conversion).certificate).create + ) +}} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "db-operator-crd.fullname" . }} +spec: + dnsNames: + - {{ include "webhook.name" . }}.{{ .Release.Namespace }}.svc + - {{ include "webhook.name" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: {{ .Values.webhook.certificate.issuer.kind }} + name: {{ .Values.webhook.certificate.issuer.name }} + secretName: {{ .Values.webhook.certificate.secretName }} +{{- end }} diff --git a/charts/db-operator-crd/templates/certificate/issuer.yaml b/charts/db-operator-crd/templates/certificate/issuer.yaml new file mode 100644 index 0000000..a240f83 --- /dev/null +++ b/charts/db-operator-crd/templates/certificate/issuer.yaml @@ -0,0 +1,15 @@ +{{- + if ( and + ((.Values).conversion).enabled + ((((.Values).conversion).certificate).issuer).create + ) +}} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "db-operator-crd.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end }} diff --git a/charts/db-operator-crd/templates/crds.yaml b/charts/db-operator-crd/templates/crds.yaml new file mode 100644 index 0000000..a2dbc23 --- /dev/null +++ b/charts/db-operator-crd/templates/crds.yaml @@ -0,0 +1,28 @@ +{{- $manifests := dict }} +{{- range $path, $index := .Files.Glob "crds/*" }} + {{- $file := $.Files.Get $path }} + {{- $_ := set $manifests ($index | toString ) $file }} +{{- end }} +{{- range $_, $file := $manifests }} +--- +{{- $manifest := $file | fromYaml }} +apiVersion: {{ get $manifest "apiVersion" }} +kind: {{ get $manifest "kind" }} +{{- $metadata := get $manifest "metadata" }} +metadata: + name: {{ get $metadata "name" }} + {{- with $.Values.labels }} + labels: + {{- . | toYaml | nindent 4 }} + {{- end }} + {{- $crdAnnotations := get $metadata "annotations" }} + {{- $annotations := merge $crdAnnotations $.Values.annotations }} + annotations: + {{- $annotations | toYaml | nindent 4 }} + {{- if $.Values.keep }} + helm.sh/resource-policy: keep + {{- end }} +spec: + +{{ get $manifest "spec" | toYaml | indent 2 }} +{{- end }} diff --git a/charts/db-operator-crd/tests/conversion_tests.yaml b/charts/db-operator-crd/tests/conversion_tests.yaml new file mode 100644 index 0000000..a18f5a8 --- /dev/null +++ b/charts/db-operator-crd/tests/conversion_tests.yaml @@ -0,0 +1,24 @@ +suite: Validate labels creation +templates: + - certificate/issuer.yaml +tests: + - it: By default no issuer should be generated + asserts: + - hasDocuments: + count: 0 + - it: | + When conversion is disabled and + issuer creation is enabled, no issuer should be created + set: + conversion.enabled: false + conversion.certificate.issuer: true + asserts: + - hasDocuments: + count: 0 + - it: Issuer should be generated + set: + conversion.enabled: true + conversion.certificate.issuer.create: true + asserts: + - hasDocuments: + count: 1 diff --git a/charts/db-operator-crd/values.yaml b/charts/db-operator-crd/values.yaml new file mode 100644 index 0000000..7245bd4 --- /dev/null +++ b/charts/db-operator-crd/values.yaml @@ -0,0 +1,20 @@ +annotations: {} +conversion: + enabled: true + certificate: + # -- If cert-manager in installed in the cluster, + # -- it's possible to use a certificate custom resource + create: false + name: ~ + # -- Otherwise you need to create a secret with a certificate yourself + secretName: ~ + issuer: + create: false + name: db-operator-issuer + # ----------------------------------------- + # -- If you choose to create a new issuer + # -- the `kind` field would be ignored + # -- Use it only to reference an existing + # -- ClusterIssuer or Issuer + # ----------------------------------------- + kind: Issuer diff --git a/scripts/sync_crds.sh b/scripts/sync_crds.sh new file mode 100755 index 0000000..dd3b197 --- /dev/null +++ b/scripts/sync_crds.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +WORKDIR=$(mktemp -u) +VERSION=$(yq .appVersion charts/db-operator/Chart.yaml) +CHART_VERSION=$(yq .version charts/db-operator/Chart.yaml) + +git clone https://github.com/db-operator/db-operator.git "${WORKDIR}" +git -C "${WORKDIR}" checkout "${VERSION}" +rm -rf ./charts/db-operator-crd/crds +cp -r "${WORKDIR}/config/crd/bases" ./charts/db-operator-crd/crds +rm -rf "${WORKDIR}" + +export CHART_VERSION +yq -i ".version=env(CHART_VERSION)" charts/db-operator-crd/Chart.yaml +export VERSION +yq -i ".appVersion=env(VERSION)" charts/db-operator-crd/Chart.yaml +rm -rf charts/db-operator/charts +helm dep update charts/db-operator +helm dep build charts/db-operator From d653541bcc7d9a439e9b8f58d4ea17177f82bcad Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 17:28:06 +0100 Subject: [PATCH 02/12] Automatically get crds from the db-operator repo --- charts/db-operator-crd/.helmignore | 25 - charts/db-operator-crd/Chart.yaml | 21 - charts/db-operator-crd/templates/_helpers.tpl | 52 -- .../templates/certificate/certificate.yaml | 20 - .../templates/certificate/issuer.yaml | 15 - .../tests/conversion_tests.yaml | 24 - charts/db-operator-crd/values.yaml | 20 - .../crds/kinda.rocks_databases.yaml | 0 .../crds/kinda.rocks_dbinstances.yaml | 0 .../crds/kinda.rocks_dbusers.yaml | 0 .../templates/crds.yaml | 27 +- .../templates/crds/kinda.rocks_databases.yaml | 570 ------------------ .../crds/kinda.rocks_dbinstances.yaml | 446 -------------- .../templates/crds/kinda.rocks_dbuser.yaml | 189 ------ scripts/sync_crds.sh | 12 +- 15 files changed, 27 insertions(+), 1394 deletions(-) delete mode 100644 charts/db-operator-crd/.helmignore delete mode 100644 charts/db-operator-crd/Chart.yaml delete mode 100644 charts/db-operator-crd/templates/_helpers.tpl delete mode 100644 charts/db-operator-crd/templates/certificate/certificate.yaml delete mode 100644 charts/db-operator-crd/templates/certificate/issuer.yaml delete mode 100644 charts/db-operator-crd/tests/conversion_tests.yaml delete mode 100644 charts/db-operator-crd/values.yaml rename charts/{db-operator-crd => db-operator}/crds/kinda.rocks_databases.yaml (100%) rename charts/{db-operator-crd => db-operator}/crds/kinda.rocks_dbinstances.yaml (100%) rename charts/{db-operator-crd => db-operator}/crds/kinda.rocks_dbusers.yaml (100%) rename charts/{db-operator-crd => db-operator}/templates/crds.yaml (50%) delete mode 100644 charts/db-operator/templates/crds/kinda.rocks_databases.yaml delete mode 100644 charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml delete mode 100644 charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml diff --git a/charts/db-operator-crd/.helmignore b/charts/db-operator-crd/.helmignore deleted file mode 100644 index 2882759..0000000 --- a/charts/db-operator-crd/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ - -tests diff --git a/charts/db-operator-crd/Chart.yaml b/charts/db-operator-crd/Chart.yaml deleted file mode 100644 index a5480e2..0000000 --- a/charts/db-operator-crd/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: db-operator-crd -description: A Helm chart for Kubernetes -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.2.0 -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "2.18.0" diff --git a/charts/db-operator-crd/templates/_helpers.tpl b/charts/db-operator-crd/templates/_helpers.tpl deleted file mode 100644 index 7f07d38..0000000 --- a/charts/db-operator-crd/templates/_helpers.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "db-operator-crd.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "db-operator-crd.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "db-operator-crd.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "db-operator-crd.labels" -}} -helm.sh/chart: {{ include "db-operator-crd.chart" . }} -{{ include "db-operator-crd.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "db-operator-crd.selectorLabels" -}} -app.kubernetes.io/name: {{ include "db-operator-crd.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - diff --git a/charts/db-operator-crd/templates/certificate/certificate.yaml b/charts/db-operator-crd/templates/certificate/certificate.yaml deleted file mode 100644 index 67d970c..0000000 --- a/charts/db-operator-crd/templates/certificate/certificate.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- - if ( and - ((.Values).conversion).enabled - (((.Values).conversion).certificate).create - ) -}} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ include "db-operator-crd.fullname" . }} -spec: - dnsNames: - - {{ include "webhook.name" . }}.{{ .Release.Namespace }}.svc - - {{ include "webhook.name" . }}.{{ .Release.Namespace }}.svc.cluster.local - issuerRef: - kind: {{ .Values.webhook.certificate.issuer.kind }} - name: {{ .Values.webhook.certificate.issuer.name }} - secretName: {{ .Values.webhook.certificate.secretName }} -{{- end }} diff --git a/charts/db-operator-crd/templates/certificate/issuer.yaml b/charts/db-operator-crd/templates/certificate/issuer.yaml deleted file mode 100644 index a240f83..0000000 --- a/charts/db-operator-crd/templates/certificate/issuer.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- - if ( and - ((.Values).conversion).enabled - ((((.Values).conversion).certificate).issuer).create - ) -}} ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ include "db-operator-crd.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - selfSigned: {} -{{- end }} diff --git a/charts/db-operator-crd/tests/conversion_tests.yaml b/charts/db-operator-crd/tests/conversion_tests.yaml deleted file mode 100644 index a18f5a8..0000000 --- a/charts/db-operator-crd/tests/conversion_tests.yaml +++ /dev/null @@ -1,24 +0,0 @@ -suite: Validate labels creation -templates: - - certificate/issuer.yaml -tests: - - it: By default no issuer should be generated - asserts: - - hasDocuments: - count: 0 - - it: | - When conversion is disabled and - issuer creation is enabled, no issuer should be created - set: - conversion.enabled: false - conversion.certificate.issuer: true - asserts: - - hasDocuments: - count: 0 - - it: Issuer should be generated - set: - conversion.enabled: true - conversion.certificate.issuer.create: true - asserts: - - hasDocuments: - count: 1 diff --git a/charts/db-operator-crd/values.yaml b/charts/db-operator-crd/values.yaml deleted file mode 100644 index 7245bd4..0000000 --- a/charts/db-operator-crd/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -annotations: {} -conversion: - enabled: true - certificate: - # -- If cert-manager in installed in the cluster, - # -- it's possible to use a certificate custom resource - create: false - name: ~ - # -- Otherwise you need to create a secret with a certificate yourself - secretName: ~ - issuer: - create: false - name: db-operator-issuer - # ----------------------------------------- - # -- If you choose to create a new issuer - # -- the `kind` field would be ignored - # -- Use it only to reference an existing - # -- ClusterIssuer or Issuer - # ----------------------------------------- - kind: Issuer diff --git a/charts/db-operator-crd/crds/kinda.rocks_databases.yaml b/charts/db-operator/crds/kinda.rocks_databases.yaml similarity index 100% rename from charts/db-operator-crd/crds/kinda.rocks_databases.yaml rename to charts/db-operator/crds/kinda.rocks_databases.yaml diff --git a/charts/db-operator-crd/crds/kinda.rocks_dbinstances.yaml b/charts/db-operator/crds/kinda.rocks_dbinstances.yaml similarity index 100% rename from charts/db-operator-crd/crds/kinda.rocks_dbinstances.yaml rename to charts/db-operator/crds/kinda.rocks_dbinstances.yaml diff --git a/charts/db-operator-crd/crds/kinda.rocks_dbusers.yaml b/charts/db-operator/crds/kinda.rocks_dbusers.yaml similarity index 100% rename from charts/db-operator-crd/crds/kinda.rocks_dbusers.yaml rename to charts/db-operator/crds/kinda.rocks_dbusers.yaml diff --git a/charts/db-operator-crd/templates/crds.yaml b/charts/db-operator/templates/crds.yaml similarity index 50% rename from charts/db-operator-crd/templates/crds.yaml rename to charts/db-operator/templates/crds.yaml index a2dbc23..cdda39f 100644 --- a/charts/db-operator-crd/templates/crds.yaml +++ b/charts/db-operator/templates/crds.yaml @@ -19,10 +19,33 @@ metadata: {{- $annotations := merge $crdAnnotations $.Values.annotations }} annotations: {{- $annotations | toYaml | nindent 4 }} - {{- if $.Values.keep }} + {{- if $.Values.webhook.certificate.create }} + cert-manager.io/inject-ca-from: {{ $.Release.Namespace }}/{{ $.Values.webhook.certificate.name}} + {{ else }} + cert-manager.io/inject-ca-from-secret: {{ $.Release.Namespace }}/{{ $.Values.webhook.certificate.secretName}} + {{- end }} + {{- if $.Values.crds.keep }} helm.sh/resource-policy: keep {{- end }} spec: - +{{- if (or + (eq $manifest.metadata.name "databases.kinda.rocks") + (eq $manifest.metadata.name "dbinstances.kinda.rocks") + ) +}} +{{- if $.Values.webhook.enabled }} + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: {{ $.Release.Namespace }} + name: {{ include "webhook.name" . }} + path: /convert + conversionReviewVersions: + - v1alpha1 + - v1beta1 +{{- end }} +{{- end }} {{ get $manifest "spec" | toYaml | indent 2 }} {{- end }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_databases.yaml b/charts/db-operator/templates/crds/kinda.rocks_databases.yaml deleted file mode 100644 index 57f072c..0000000 --- a/charts/db-operator/templates/crds/kinda.rocks_databases.yaml +++ /dev/null @@ -1,570 +0,0 @@ -{{- if .Values.crds.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - {{- if .Values.webhook.certificate.create }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} - {{ else }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} - {{- end }} - {{- if .Values.crds.keep }} - helm.sh/resource-policy: keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - name: databases.kinda.rocks -spec: - {{- if .Values.webhook.enabled }} - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: {{ .Release.Namespace }} - name: {{ include "webhook.name" . }} - path: /convert - conversionReviewVersions: - - v1alpha1 - - v1beta1 - {{- end }} - group: kinda.rocks - names: - kind: Database - listKind: DatabaseList - plural: databases - shortNames: - - db - singular: database - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: current db phase - jsonPath: .status.phase - name: Phase - type: string - - description: current db status - jsonPath: .status.status - name: Status - type: boolean - - description: If database is protected to not get deleted. - jsonPath: .spec.deletionProtected - name: Protected - type: boolean - - description: instance reference - jsonPath: .spec.instance - name: DBInstance - type: string - - description: time since creation of resource - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: Database is the Schema for the databases API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DatabaseSpec defines the desired state of Database - properties: - backup: - description: DatabaseBackup defines the desired state of backup and - schedule - properties: - cron: - type: string - enable: - type: boolean - required: - - cron - - enable - type: object - cleanup: - type: boolean - connectionStringTemplate: - description: |- - ConnectionStringTemplate field can be used to pass a custom template for generating a db connection string. - These keywords can be used: Protocol, DatabaseHost, DatabasePort, UserName, Password, DatabaseName. - Default template looks like this: - "{{ .Protocol }}://{{ .UserName }}:{{ .Password }}@{{ .DatabaseHost }}:{{ .DatabasePort }}/{{ .DatabaseName }}" - type: string - deletionProtected: - type: boolean - extensions: - items: - type: string - type: array - instance: - type: string - postgres: - description: Postgres struct should be used to provide resource that - only applicable to postgres - properties: - dropPublicSchema: - description: If set to true, the public schema will be dropped - after the database creation - type: boolean - schemas: - description: Specify schemas to be created. The user created by - db-operator will have all access on them. - items: - type: string - type: array - type: object - secretName: - type: string - secretsTemplates: - additionalProperties: - type: string - type: object - required: - - backup - - deletionProtected - - instance - - secretName - type: object - status: - description: DatabaseStatus defines the observed state of Database - properties: - database: - type: string - instanceRef: - description: DbInstance is the Schema for the dbinstances API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DbInstanceSpec defines the desired state of DbInstance - properties: - adminSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - backup: - description: DbInstanceBackup defines name of google bucket - to use for storing database dumps for backup when backup - is enabled - properties: - bucket: - type: string - required: - - bucket - type: object - engine: - description: 'Important: Run "make generate" to regenerate - code after modifying this file' - type: string - generic: - description: |- - GenericInstance is used when instance type is generic - and describes necessary informations to use instance - generic instance can be any backend, it must be reachable by described address and port - properties: - backupHost: - description: |- - BackupHost address will be used for dumping database for backup - Usually secondary address for primary-secondary setup or cluster lb address - If it's not defined, above Host will be used as backup host address. - type: string - host: - type: string - port: - type: integer - publicIp: - type: string - required: - - host - - port - type: object - google: - description: |- - GoogleInstance is used when instance type is Google Cloud SQL - and describes necessary informations to use google API to create sql instances - properties: - apiEndpoint: - type: string - clientSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - configmapRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - instance: - type: string - required: - - configmapRef - - instance - type: object - monitoring: - description: DbInstanceMonitoring defines if exporter - properties: - enabled: - type: boolean - required: - - enabled - type: object - sslConnection: - description: DbInstanceSSLConnection defines weather connection - from db-operator to instance has to be ssl or not - properties: - enabled: - type: boolean - skip-verify: - description: SkipVerity use SSL connection, but don't - check against a CA - type: boolean - required: - - enabled - - skip-verify - type: object - required: - - adminSecretRef - - engine - type: object - status: - description: DbInstanceStatus defines the observed state of DbInstance - properties: - checksums: - additionalProperties: - type: string - type: object - info: - additionalProperties: - type: string - type: object - phase: - description: 'Important: Run "make generate" to regenerate - code after modifying this file' - type: string - status: - type: boolean - required: - - phase - - status - type: object - type: object - monitorUserSecret: - type: string - phase: - description: |- - Important: Run "make generate" to regenerate code after modifying this file - Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html - type: string - proxyStatus: - description: |- - DatabaseProxyStatus defines whether proxy for database is enabled or not - if so, provide information - properties: - serviceName: - type: string - sqlPort: - format: int32 - type: integer - status: - type: boolean - required: - - serviceName - - sqlPort - - status - type: object - status: - type: boolean - user: - type: string - required: - - database - - instanceRef - - phase - - status - - user - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: current db status - jsonPath: .status.status - name: Status - type: boolean - - description: If database is protected to not get deleted. - jsonPath: .spec.deletionProtected - name: Protected - type: boolean - - description: instance reference - jsonPath: .spec.instance - name: DBInstance - type: string - - description: db-operator version of last full reconcile - jsonPath: .status.operatorVersion - name: OperatorVersion - type: string - - description: time since creation of resource - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Database is the Schema for the databases API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DatabaseSpec defines the desired state of Database - properties: - backup: - description: DatabaseBackup defines the desired state of backup and - schedule - properties: - cron: - type: string - enable: - type: boolean - required: - - cron - - enable - type: object - cleanup: - type: boolean - credentials: - description: |- - Credentials should be used to setup everything relates to k8s secrets and configmaps - TODO(@allanger): Field .spec.secretName should be moved here in the v1beta2 version - properties: - metadata: - description: |- - Metadata defines additional metadata that should be applied to - k8s resources created from credentials configuration. - - - For Database and DbUser, this metadata is applied to the Secret - that stores generated credentials. - properties: - extraAnnotations: - additionalProperties: - type: string - description: |- - ExtraAnnotations will be merged into the annotations of the Secret - created for the credentials. Existing annotations are preserved, and - keys from this map will overwrite annotations with the same key on - the Secret. - type: object - extraLabels: - additionalProperties: - type: string - description: |- - ExtraLabels will be merged into the labels of the Secret created - for the credentials. Existing labels are preserved, and keys from - this map will overwrite labels with the same key on the Secret. - type: object - type: object - templates: - description: Templates to add custom entries to ConfigMaps and - Secrets - items: - description: Tempaltes to add custom entries to ConfigMaps and - Secrets - properties: - name: - type: string - secret: - type: boolean - template: - type: string - required: - - name - - secret - - template - type: object - type: array - type: object - deletionProtected: - type: boolean - extraGrants: - items: - properties: - accessType: - type: string - user: - type: string - required: - - accessType - - user - type: object - type: array - instance: - type: string - postgres: - description: Postgres struct should be used to provide resource that - only applicable to postgres - properties: - dropPublicSchema: - description: If set to true, the public schema will be dropped - after the database creation - type: boolean - extensions: - items: - type: string - type: array - schemas: - description: Specify schemas to be created. The user created by - db-operator will have all access on them. - items: - type: string - type: array - template: - description: Let user create database from template - type: string - type: object - secretName: - type: string - secretsTemplates: - additionalProperties: - type: string - type: object - required: - - backup - - deletionProtected - - instance - - secretName - type: object - status: - description: DatabaseStatus defines the observed state of Database - properties: - database: - type: string - engine: - type: string - extraGrants: - items: - properties: - accessType: - type: string - user: - type: string - required: - - accessType - - user - type: object - type: array - monitorUserSecret: - type: string - operatorVersion: - type: string - proxyStatus: - description: |- - DatabaseProxyStatus defines whether proxy for database is enabled or not - if so, provide information - properties: - serviceName: - type: string - sqlPort: - format: int32 - type: integer - status: - type: boolean - required: - - serviceName - - sqlPort - - status - type: object - status: - description: |- - Important: Run "make generate" to regenerate code after modifying this file - Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html - type: boolean - user: - type: string - required: - - database - - engine - - status - - user - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml b/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml deleted file mode 100644 index 7cb3b05..0000000 --- a/charts/db-operator/templates/crds/kinda.rocks_dbinstances.yaml +++ /dev/null @@ -1,446 +0,0 @@ -{{- if .Values.crds.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - {{- if .Values.webhook.certificate.create }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} - {{ else }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} - {{- end }} - {{- if .Values.crds.keep }} - helm.sh/resource-policy: keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - name: dbinstances.kinda.rocks -spec: - {{- if .Values.webhook.enabled }} - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: {{ .Release.Namespace }} - name: {{ include "webhook.name" . }} - path: /convert - conversionReviewVersions: - - v1alpha1 - - v1beta1 - {{- end }} - group: kinda.rocks - names: - kind: DbInstance - listKind: DbInstanceList - plural: dbinstances - shortNames: - - dbin - singular: dbinstance - scope: Cluster - versions: - - additionalPrinterColumns: - - description: current phase - jsonPath: .status.phase - name: Phase - type: string - - description: health status - jsonPath: .status.status - name: Status - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: DbInstance is the Schema for the dbinstances API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DbInstanceSpec defines the desired state of DbInstance - properties: - adminSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - backup: - description: DbInstanceBackup defines name of google bucket to use - for storing database dumps for backup when backup is enabled - properties: - bucket: - type: string - required: - - bucket - type: object - engine: - description: 'Important: Run "make generate" to regenerate code after - modifying this file' - type: string - generic: - description: |- - GenericInstance is used when instance type is generic - and describes necessary informations to use instance - generic instance can be any backend, it must be reachable by described address and port - properties: - backupHost: - description: |- - BackupHost address will be used for dumping database for backup - Usually secondary address for primary-secondary setup or cluster lb address - If it's not defined, above Host will be used as backup host address. - type: string - host: - type: string - port: - type: integer - publicIp: - type: string - required: - - host - - port - type: object - google: - description: |- - GoogleInstance is used when instance type is Google Cloud SQL - and describes necessary informations to use google API to create sql instances - properties: - apiEndpoint: - type: string - clientSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - configmapRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - instance: - type: string - required: - - configmapRef - - instance - type: object - monitoring: - description: DbInstanceMonitoring defines if exporter - properties: - enabled: - type: boolean - required: - - enabled - type: object - sslConnection: - description: DbInstanceSSLConnection defines weather connection from - db-operator to instance has to be ssl or not - properties: - enabled: - type: boolean - skip-verify: - description: SkipVerity use SSL connection, but don't check against - a CA - type: boolean - required: - - enabled - - skip-verify - type: object - required: - - adminSecretRef - - engine - type: object - status: - description: DbInstanceStatus defines the observed state of DbInstance - properties: - checksums: - additionalProperties: - type: string - type: object - info: - additionalProperties: - type: string - type: object - phase: - description: 'Important: Run "make generate" to regenerate code after - modifying this file' - type: string - status: - type: boolean - required: - - phase - - status - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: current phase - jsonPath: .status.phase - name: Phase - type: string - - description: health status - jsonPath: .status.status - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: DbInstance is the Schema for the dbinstances API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DbInstanceSpec defines the desired state of DbInstance - properties: - adminSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - allowExtraGrants: - description: |- - If set to true, extra grants are enabled on the databases - making it possible to provide access to any user on the database instance - type: boolean - allowedPrivileges: - description: A list of privileges that are allowed to be set as Dbuser's - extra privileges - items: - type: string - type: array - backup: - description: DbInstanceBackup defines name of google bucket to use - for storing database dumps for backup when backup is enabled - properties: - bucket: - type: string - required: - - bucket - type: object - engine: - description: 'Important: Run "make generate" to regenerate code after - modifying this file' - type: string - generic: - description: |- - GenericInstance is used when instance type is generic - and describes necessary information to use instance - generic instance can be any backend, it must be reachable by described address and port - properties: - backupHost: - description: |- - BackupHost address will be used for dumping database for backup - Usually secondary address for primary-secondary setup or cluster lb address - If it's not defined, above Host will be used as backup host address. - type: string - host: - type: string - hostFrom: - properties: - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - key - - kind - - name - - namespace - type: object - port: - type: integer - portFrom: - properties: - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - key - - kind - - name - - namespace - type: object - publicIp: - type: string - publicIpFrom: - properties: - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - key - - kind - - name - - namespace - type: object - type: object - google: - description: |- - GoogleInstance is used when instance type is Google Cloud SQL - and describes necessary informations to use google API to create sql instances - properties: - apiEndpoint: - type: string - clientSecretRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - configmapRef: - description: |- - NamespacedName is a fork of the kubernetes api type of the same name. - Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged. - properties: - Name: - type: string - Namespace: - type: string - required: - - Name - - Namespace - type: object - instance: - type: string - required: - - configmapRef - - instance - type: object - monitoring: - description: DbInstanceMonitoring defines if exporter - properties: - enabled: - type: boolean - required: - - enabled - type: object - sslConnection: - description: DbInstanceSSLConnection defines whether connection from - db-operator to instance has to be ssl or not - properties: - enabled: - type: boolean - skip-verify: - description: SkipVerify use SSL connection, but don't check against - a CA - type: boolean - required: - - enabled - - skip-verify - type: object - required: - - adminSecretRef - - engine - type: object - status: - description: DbInstanceStatus defines the observed state of DbInstance - properties: - checksums: - additionalProperties: - type: string - type: object - info: - additionalProperties: - type: string - type: object - phase: - description: 'Important: Run "make generate" to regenerate code after - modifying this file' - type: string - status: - type: boolean - required: - - phase - - status - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml b/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml deleted file mode 100644 index 70197f8..0000000 --- a/charts/db-operator/templates/crds/kinda.rocks_dbuser.yaml +++ /dev/null @@ -1,189 +0,0 @@ -{{- if .Values.crds.install }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - {{- if .Values.webhook.certificate.create }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.name}} - {{ else }} - cert-manager.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ .Values.webhook.certificate.secretName}} - {{- end }} - {{- if .Values.crds.keep }} - helm.sh/resource-policy: keep - {{- end }} - {{- with .Values.crds.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - name: dbusers.kinda.rocks -spec: - group: kinda.rocks - names: - kind: DbUser - listKind: DbUserList - plural: dbusers - singular: dbuser - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: current dbuser status - jsonPath: .status.status - name: Status - type: boolean - - description: To which database user should have access - jsonPath: .spec.databaseRef - name: DatabaseName - type: string - - description: A type of access the user has - jsonPath: .spec.accessType - name: AccessType - type: string - - description: db-operator version of last full reconcile - jsonPath: .status.operatorVersion - name: OperatorVersion - type: string - - description: time since creation of resource - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: DbUser is the Schema for the dbusers API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DbUserSpec defines the desired state of DbUser - properties: - accessType: - description: |- - AccessType that should be given to a user - Currently only readOnly and readWrite are supported by the operator - type: string - cleanup: - type: boolean - credentials: - description: |- - Credentials should be used to setup everything relates to k8s secrets and configmaps - TODO(@allanger): Field .spec.secretName should be moved here in the v1beta2 version - properties: - metadata: - description: |- - Metadata defines additional metadata that should be applied to - k8s resources created from credentials configuration. - - - For Database and DbUser, this metadata is applied to the Secret - that stores generated credentials. - properties: - extraAnnotations: - additionalProperties: - type: string - description: |- - ExtraAnnotations will be merged into the annotations of the Secret - created for the credentials. Existing annotations are preserved, and - keys from this map will overwrite annotations with the same key on - the Secret. - type: object - extraLabels: - additionalProperties: - type: string - description: |- - ExtraLabels will be merged into the labels of the Secret created - for the credentials. Existing labels are preserved, and keys from - this map will overwrite labels with the same key on the Secret. - type: object - type: object - templates: - description: Templates to add custom entries to ConfigMaps and - Secrets - items: - description: Tempaltes to add custom entries to ConfigMaps and - Secrets - properties: - name: - type: string - secret: - type: boolean - template: - type: string - required: - - name - - secret - - template - type: object - type: array - type: object - databaseRef: - description: |- - DatabaseRef should contain a name of a Database to create a user there - Database should be in the same namespace with the user - type: string - extraPrivileges: - description: A list of additional roles that should be added to the - user - items: - type: string - type: array - grantToAdmin: - default: true - description: |- - Should the user be granted to the admin user - For example, it should be set to true on Azure instance, - because the admin given by them is not a super user, - but should be set to false on AWS, when rds_iam extra - privilege is added - By default is set to true - Only applies to Postgres, doesn't have any effect on Mysql - TODO: Default should be false, but not to introduce breaking - changes it's now set to true. It should be changed in - in the next API version - type: boolean - secretName: - description: SecretName name that should be used to save user's credentials - type: string - required: - - accessType - - databaseRef - - secretName - type: object - status: - description: DbUserStatus defines the observed state of DbUser - properties: - created: - description: It's required to let the operator update users - type: boolean - database: - type: string - operatorVersion: - type: string - status: - type: boolean - required: - - created - - database - - status - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/scripts/sync_crds.sh b/scripts/sync_crds.sh index dd3b197..73fbec4 100755 --- a/scripts/sync_crds.sh +++ b/scripts/sync_crds.sh @@ -6,14 +6,6 @@ CHART_VERSION=$(yq .version charts/db-operator/Chart.yaml) git clone https://github.com/db-operator/db-operator.git "${WORKDIR}" git -C "${WORKDIR}" checkout "${VERSION}" -rm -rf ./charts/db-operator-crd/crds -cp -r "${WORKDIR}/config/crd/bases" ./charts/db-operator-crd/crds +rm -rf ./charts/db-operator/crds +cp -r "${WORKDIR}/config/crd/bases" ./charts/db-operator/crds rm -rf "${WORKDIR}" - -export CHART_VERSION -yq -i ".version=env(CHART_VERSION)" charts/db-operator-crd/Chart.yaml -export VERSION -yq -i ".appVersion=env(VERSION)" charts/db-operator-crd/Chart.yaml -rm -rf charts/db-operator/charts -helm dep update charts/db-operator -helm dep build charts/db-operator From c0776c67951052e41b5662b49ed9e19404e54fe6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 17:37:39 +0100 Subject: [PATCH 03/12] Update actions and add oci artifacts --- .github/workflows/helm-workflow.yaml | 71 ++++++++++++++++++---------- 1 file changed, 46 insertions(+), 25 deletions(-) diff --git a/.github/workflows/helm-workflow.yaml b/.github/workflows/helm-workflow.yaml index f46ecb4..0c6d926 100644 --- a/.github/workflows/helm-workflow.yaml +++ b/.github/workflows/helm-workflow.yaml @@ -7,29 +7,29 @@ on: branches: - main env: - HELM_VERSION: v3.19.0 - HELMFILE_VERSION: v1.1.2 - PYTHON_VERSION: 3.13 + HELM_VERSION: v4.0.5 + HELMFILE_VERSION: v1.2.3 + PYTHON_VERSION: 3.14 jobs: lint: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v6 - name: Set up Helm uses: azure/setup-helm@v4.3.0 with: version: ${{ env.HELM_VERSION }} - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v6 with: python-version: ${{ env.PYTHON_VERSION }} check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.8.0 - name: Run chart-testing (lint) run: ct lint --target-branch main --validate-maintainers=false test-values: @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 - name: Run the test run: | cd charts/db-operator @@ -48,27 +48,27 @@ jobs: strategy: matrix: k8s_version: - - v1.30.13 - - v1.31.9 - - v1.32.5 - - v1.33.1 + - v1.35.0 + - v1.34.3 + - v1.33.7 + - v1.32.11 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v6 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.3.0 with: version: ${{ env.HELM_VERSION }} - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v6 with: python-version: ${{ env.PYTHON_VERSION }} check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@v2.8.0 # It's not used anymore, but it's a small step, maybe we'll need it in the future, so let it be here - name: Run chart-testing (list-changed) id: list-changed @@ -89,12 +89,12 @@ jobs: - role: worker EOF - name: Create kind cluster - uses: helm/kind-action@v1.7.0 + uses: helm/kind-action@v1.13.0 with: node_image: kindest/node:${{ matrix.k8s_version }} config: ./kind-config.yaml - - uses: helmfile/helmfile-action@v1.0.0 + - uses: helmfile/helmfile-action@v2.0.4 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -107,7 +107,7 @@ jobs: ct install --target-branch main --charts ./charts/db-operator helmfile destroy - - uses: helmfile/helmfile-action@v1.0.0 + - uses: helmfile/helmfile-action@v2.0.4 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -118,7 +118,7 @@ jobs: ct install --target-branch main --charts ./charts/db-operator --upgrade helmfile destroy - - uses: helmfile/helmfile-action@v1.0.0 + - uses: helmfile/helmfile-action@v2.0.4 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -129,7 +129,7 @@ jobs: ct install --target-branch main --charts ./charts/db-instances helmfile destroy - - uses: helmfile/helmfile-action@v1.0.0 + - uses: helmfile/helmfile-action@v2.0.4 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -145,7 +145,7 @@ jobs: if: github.ref == 'refs/heads/main' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Configure Git @@ -153,10 +153,31 @@ jobs: git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.3.0 with: version: ${{ env.HELM_VERSION }} + - name: Push Helm chart to OCI compatible registry (Github) + run: | + export BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} + export SHA="+$(git rev-parse --short HEAD)" + helm registry login ghcr.io \ + --username ${{ github.actor }} \ + --password ${{ github.token }} + for chart in $(find charts -maxdepth 1 -mindepth 1 -type d); do + if [ "${BRANCH}" != "main" ]; then + yq e -i ".version += env(SHA)" "$chart/Chart.yaml" + fi + helm dep build $chart + helm package $chart -d chart-packages; + done + charts=$(find chart-packages -maxdepth 1 -mindepth 1 -type f) + REGISTRY=$(echo oci://ghcr.io/${{ github.repository }} | tr '[:upper:]' '[:lower:]') + for chart in $charts; do + echo ${chart} + echo "${REGISTRY}" + helm push "${chart}" "${REGISTRY}" + done - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.0 + uses: helm/chart-releaser-action@v1.7.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 62ebfc322d293bf34096781700592b457116ca91 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 17:38:27 +0100 Subject: [PATCH 04/12] Bump the chart version --- charts/db-operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/db-operator/Chart.yaml b/charts/db-operator/Chart.yaml index 951de86..072dfec 100644 --- a/charts/db-operator/Chart.yaml +++ b/charts/db-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 type: application name: db-operator -version: 2.2.0 +version: 2.3.0 # --------------------------------------------------------------------------------- # -- All supported k8s versions are in the test: From 60665a1bfce55c8d3886f3c01a176e437bbebcdc Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 17:40:40 +0100 Subject: [PATCH 05/12] Fix the crd template --- charts/db-operator/templates/crds.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/db-operator/templates/crds.yaml b/charts/db-operator/templates/crds.yaml index cdda39f..c8132cf 100644 --- a/charts/db-operator/templates/crds.yaml +++ b/charts/db-operator/templates/crds.yaml @@ -1,3 +1,4 @@ +{{- .Values.crds.install }} {{- $manifests := dict }} {{- range $path, $index := .Files.Glob "crds/*" }} {{- $file := $.Files.Get $path }} @@ -49,3 +50,4 @@ spec: {{- end }} {{ get $manifest "spec" | toYaml | indent 2 }} {{- end }} +{{- end }} From 3669ecce9048c3701d3011e1d4dbd13ed2b37dea Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 17:41:45 +0100 Subject: [PATCH 06/12] Fix the crd template --- charts/db-operator/templates/crds.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/db-operator/templates/crds.yaml b/charts/db-operator/templates/crds.yaml index c8132cf..cbc7cd5 100644 --- a/charts/db-operator/templates/crds.yaml +++ b/charts/db-operator/templates/crds.yaml @@ -1,4 +1,4 @@ -{{- .Values.crds.install }} +{{- if .Values.crds.install }} {{- $manifests := dict }} {{- range $path, $index := .Files.Glob "crds/*" }} {{- $file := $.Files.Get $path }} @@ -50,4 +50,5 @@ spec: {{- end }} {{ get $manifest "spec" | toYaml | indent 2 }} {{- end }} + {{- end }} From e1f10bd873078de6f9bbe368c01f8e59348d864a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 17:45:45 +0100 Subject: [PATCH 07/12] Try helmfile auto init --- .github/workflows/helm-workflow.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/helm-workflow.yaml b/.github/workflows/helm-workflow.yaml index 0c6d926..cf61f8d 100644 --- a/.github/workflows/helm-workflow.yaml +++ b/.github/workflows/helm-workflow.yaml @@ -98,8 +98,7 @@ jobs: with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} - helm-plugins: > - https://github.com/databus23/helm-diff, https://github.com/jkroepke/helm-secrets + helmfile-auto-init: true helmfile-args: sync --wait - name: Test the db-operator chart install From 35cbcbc54491ab263fa5f529d9ecc0c2b65cda31 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 17:51:10 +0100 Subject: [PATCH 08/12] Try helmfile auto init --- .github/workflows/helm-workflow.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/helm-workflow.yaml b/.github/workflows/helm-workflow.yaml index cf61f8d..8ef7e9e 100644 --- a/.github/workflows/helm-workflow.yaml +++ b/.github/workflows/helm-workflow.yaml @@ -94,7 +94,7 @@ jobs: node_image: kindest/node:${{ matrix.k8s_version }} config: ./kind-config.yaml - - uses: helmfile/helmfile-action@v2.0.4 + - uses: helmfile/helmfile-action@v2.1.0 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -106,7 +106,7 @@ jobs: ct install --target-branch main --charts ./charts/db-operator helmfile destroy - - uses: helmfile/helmfile-action@v2.0.4 + - uses: helmfile/helmfile-action@v2.1.0 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -117,7 +117,7 @@ jobs: ct install --target-branch main --charts ./charts/db-operator --upgrade helmfile destroy - - uses: helmfile/helmfile-action@v2.0.4 + - uses: helmfile/helmfile-action@v2.1.0 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} @@ -128,7 +128,7 @@ jobs: ct install --target-branch main --charts ./charts/db-instances helmfile destroy - - uses: helmfile/helmfile-action@v2.0.4 + - uses: helmfile/helmfile-action@v2.1.0 with: helmfile-version: ${{ env.HELMFILE_VERSION }} helm-version: ${{ env.HELM_VERSION }} From c6b19b48569c82b7ff368062be658189537c32a7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 17:59:25 +0100 Subject: [PATCH 09/12] Update dep charts --- helmfile.yaml.gotmpl | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/helmfile.yaml.gotmpl b/helmfile.yaml.gotmpl index 07a3289..ee4f1ce 100644 --- a/helmfile.yaml.gotmpl +++ b/helmfile.yaml.gotmpl @@ -5,17 +5,19 @@ environments: --- repositories: - name: jetstack - url: https://charts.jetstack.io + url: quay.io/jetstack/charts + oci: true - name: bitnami url: https://charts.bitnami.com/bitnami - name: prometheus-community - url: https://prometheus-community.github.io/helm-charts + url: ghcr.io/prometheus-community/charts + oci: true releases: - name: cert-manager chart: jetstack/cert-manager namespace: cert-manager - version: v1.16.1 + version: v1.19.2 createNamespace: true values: - crds: @@ -46,7 +48,7 @@ releases: - name: prometheus-stack namespace: monitoring - version: 65.3.2 + version: 80.14.4 createNamespace: true disableValidation: true disableOpenAPIValidation: true From a562d75c26fae3e08c6fb51eed27a821ff11fc56 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 18:06:12 +0100 Subject: [PATCH 10/12] Update dep charts --- helmfile.yaml.gotmpl | 6 ------ 1 file changed, 6 deletions(-) diff --git a/helmfile.yaml.gotmpl b/helmfile.yaml.gotmpl index ee4f1ce..f3f0a71 100644 --- a/helmfile.yaml.gotmpl +++ b/helmfile.yaml.gotmpl @@ -59,16 +59,10 @@ releases: - prometheus: prometheusSpec: enableAdminAPI: true - podMonitorNamespaceSelector: - any: true podMonitorSelector: {} podMonitorSelectorNilUsesHelmValues: false - ruleNamespaceSelector: - any: true ruleSelector: {} ruleSelectorNilUsesHelmValues: false - serviceMonitorNamespaceSelector: - any: true serviceMonitorSelector: {} serviceMonitorSelectorNilUsesHelmValues: false From a62204c00c0428274234f7520f26de45c393dc9b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 18:14:00 +0100 Subject: [PATCH 11/12] Move crds to another folder --- charts/db-operator/{crds => crd}/kinda.rocks_databases.yaml | 0 charts/db-operator/{crds => crd}/kinda.rocks_dbinstances.yaml | 0 charts/db-operator/{crds => crd}/kinda.rocks_dbusers.yaml | 0 charts/db-operator/templates/crds.yaml | 2 +- scripts/sync_crds.sh | 4 ++-- 5 files changed, 3 insertions(+), 3 deletions(-) rename charts/db-operator/{crds => crd}/kinda.rocks_databases.yaml (100%) rename charts/db-operator/{crds => crd}/kinda.rocks_dbinstances.yaml (100%) rename charts/db-operator/{crds => crd}/kinda.rocks_dbusers.yaml (100%) diff --git a/charts/db-operator/crds/kinda.rocks_databases.yaml b/charts/db-operator/crd/kinda.rocks_databases.yaml similarity index 100% rename from charts/db-operator/crds/kinda.rocks_databases.yaml rename to charts/db-operator/crd/kinda.rocks_databases.yaml diff --git a/charts/db-operator/crds/kinda.rocks_dbinstances.yaml b/charts/db-operator/crd/kinda.rocks_dbinstances.yaml similarity index 100% rename from charts/db-operator/crds/kinda.rocks_dbinstances.yaml rename to charts/db-operator/crd/kinda.rocks_dbinstances.yaml diff --git a/charts/db-operator/crds/kinda.rocks_dbusers.yaml b/charts/db-operator/crd/kinda.rocks_dbusers.yaml similarity index 100% rename from charts/db-operator/crds/kinda.rocks_dbusers.yaml rename to charts/db-operator/crd/kinda.rocks_dbusers.yaml diff --git a/charts/db-operator/templates/crds.yaml b/charts/db-operator/templates/crds.yaml index cbc7cd5..1bd8f1b 100644 --- a/charts/db-operator/templates/crds.yaml +++ b/charts/db-operator/templates/crds.yaml @@ -1,6 +1,6 @@ {{- if .Values.crds.install }} {{- $manifests := dict }} -{{- range $path, $index := .Files.Glob "crds/*" }} +{{- range $path, $index := .Files.Glob "crd/*" }} {{- $file := $.Files.Get $path }} {{- $_ := set $manifests ($index | toString ) $file }} {{- end }} diff --git a/scripts/sync_crds.sh b/scripts/sync_crds.sh index 73fbec4..14439f1 100755 --- a/scripts/sync_crds.sh +++ b/scripts/sync_crds.sh @@ -6,6 +6,6 @@ CHART_VERSION=$(yq .version charts/db-operator/Chart.yaml) git clone https://github.com/db-operator/db-operator.git "${WORKDIR}" git -C "${WORKDIR}" checkout "${VERSION}" -rm -rf ./charts/db-operator/crds -cp -r "${WORKDIR}/config/crd/bases" ./charts/db-operator/crds +rm -rf ./charts/db-operator/crd +cp -r "${WORKDIR}/config/crd/bases" ./charts/db-operator/crd rm -rf "${WORKDIR}" From 8e0162fbfff58286860bb9ac6cbf3e93ea76ccf1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Jan 2026 21:45:51 +0100 Subject: [PATCH 12/12] Trigger build Signed-off-by: Nikolai Rodionov