Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQLInstance connection secret extension and configuration enhancements #38

Merged
merged 7 commits into from
Apr 9, 2024
Merged

SQLInstance connection secret extension and configuration enhancements #38

merged 7 commits into from
Apr 9, 2024

Conversation

ytsarev
Copy link
Member

@ytsarev ytsarev commented Apr 8, 2024
edited
Loading

Description of your changes

  • Propagate host, username and password as part of SQLInstance connection secret in symmetry to configuration-aws-database and configuration-azure-database
  • Fix composed resource level connection secret names for DatabaseInstance to reflect engine properly
  • Propagate connection secret from User.Sql
  • Add SKIP_DELETE uptest capability for convenient testing
  • Add upbound Database creation
  • More secure DatabaseInstance configuration with disabling PublicIP address and public access for DatabaseInstance

Related (non-blocking) provider-upjet-gcp change crossplane-contrib/provider-upjet-gcp#501

I have:

  • Read and followed Upbound's contribution process.
  • Run make reviewable to ensure this PR is ready for review.
  • Added backport release-x.y labels to auto-backport this PR, as appropriate.

How has this code been tested

make e2e SKIP_DELETE=--skip-delete
k get secret
NAME                                       TYPE                                DATA   AGE
configuration-gcp-database-mysql-conn      connection.crossplane.io/v1alpha1   4      95m
configuration-gcp-database-postgres-conn   connection.crossplane.io/v1alpha1   4      96m
k view-secret configuration-gcp-database-postgres-conn
Multiple sub keys found. Specify another argument, one of:
-> host
-> password
-> serverCACertificateCert
-> username

k view-secret configuration-gcp-database-mysql-conn
Multiple sub keys found. Specify another argument, one of:
-> host
-> password
-> serverCACertificateCert
-> username

ytsarev added 3 commits April 8, 2024 19:59
@ytsarev
Connection secret extension
3ffa6eb 
* Extend connection secret fields for more effective consumption in higher
level Compositions
* Fix dynamically generated secret name to properly reflect engine
  status

Signed-off-by: Yury Tsarev <yury@upbound.io>
@ytsarev
Propagage User.Sql connection secret
8ab7914 
Signed-off-by: Yury Tsarev <yury@upbound.io>
@ytsarev
Rely on already released secret field of User.Sql
bf27b8e 
Signed-off-by: Yury Tsarev <yury@upbound.io>
@ytsarev
Copy link
Member Author

ytsarev commented Apr 8, 2024

/test-examples

ytsarev added 4 commits April 9, 2024 00:38
@ytsarev
Rename Composition to generic form
437097e 
Signed-off-by: Yury Tsarev <yury@upbound.io>
@ytsarev
Add Upbound database
679d4a0 
Signed-off-by: Yury Tsarev <yury@upbound.io>
@ytsarev
Avoid metadata.name clash in case of multiple SQLInstances on the same
950c63a 
cluster

Signed-off-by: Yury Tsarev <yury@upbound.io>
@ytsarev
Disable PublicIP and public access for DatabaseInstance
b2c7f86 
Signed-off-by: Yury Tsarev <yury@upbound.io>
@ytsarev
Copy link
Member Author

ytsarev commented Apr 9, 2024

Additionally tested e2e with the higher level platform-ref-gcp,

--- PASS: kuttl (773.27s)
    --- PASS: kuttl/harness (0.00s)
        --- PASS: kuttl/harness/case (772.75s)
PASS
14:00:41 [ OK ] running automated tests

 k get claim
NAME                                                                  SYNCED   READY   CONNECTION-SECRET                      AGE
sqlinstance.gcp.platform.upbound.io/platform-ref-gcp-database-mysql   True     True    platform-ref-gcp-database-mysql-conn   34m
sqlinstance.gcp.platform.upbound.io/platform-ref-gcp-db-postgres      True     True    platform-ref-gcp-db-conn-postgres      34m

NAME                                                  SYNCED   READY   CONNECTION-SECRET             AGE
cluster.gcp.platformref.upbound.io/platform-ref-gcp   True     True    platform-ref-gcp-kubeconfig   34m

NAME                                             SYNCED   READY   CONNECTION-SECRET             AGE
app.platform.upbound.io/platform-ref-gcp-ghost   True     True    platform-ref-gcp-ghost-conn   34m

➜  sa-up git:(main) ✗ k -n ghost get pod
NAME                                                  READY   STATUS    RESTARTS   AGE
platform-ref-gcp-ghost-8v46l-wgj2w-7464b9f6d8-gwvz7   1/1     Running   0          5m
➜  sa-up git:(main) ✗ k -n ghost logs -f platform-ref-gcp-ghost-8v46l-wgj2w-7464b9f6d8-gwvz7
ghost 11:57:56.80
ghost 11:57:56.81 Welcome to the Bitnami ghost container
ghost 11:57:56.81 Subscribe to project updates by watching https://github.com/bitnami/containers
ghost 11:57:56.81 Submit issues and feature requests at https://github.com/bitnami/containers/issues
ghost 11:57:56.81
ghost 11:57:56.82 INFO  ==> Configuring libnss_wrapper
ghost 11:57:56.84 INFO  ==> Validating settings in MYSQL_CLIENT_* env vars
ghost 11:57:56.88 WARN  ==> You set the environment variable ALLOW_EMPTY_PASSWORD=yes. For safety reasons, do not use this flag in a production environment.
ghost 11:57:56.88 INFO  ==> Ensuring Ghost directories exist
ghost 11:57:56.89 INFO  ==> Trying to connect to the database server
ghost 11:57:56.92 INFO  ==> Configuring database
ghost 11:57:57.00 INFO  ==> Setting up Ghost
ghost 11:57:58.27 INFO  ==> Configuring Ghost URL to http://upboundrocks.cloud/
ghost 11:57:58.32 INFO  ==> Passing admin user creation wizard
ghost 11:57:58.33 INFO  ==> Starting Ghost in background
ghost 11:58:25.33 INFO  ==> Stopping Ghost
ghost 11:58:26.44 INFO  ==> Persisting Ghost installation

ghost 11:58:26.54 INFO  ==> ** Ghost setup finished! **
ghost 11:58:26.57 INFO  ==> ** Starting Ghost **

Love open source? We’re hiring JavaScript Engineers to work on Ghost full-time.
https://careers.ghost.org

- Inspecting operating system

Sample ghos app is fully operational and can connect to the Mysql DatabaseInstance via the private network 👍

@ytsarev
Copy link
Member Author

ytsarev commented Apr 9, 2024

/test-examples

@ytsarev ytsarev changed the title SQLInstance connection secret extension SQLInstance connection secret extension and configuration enhancements Apr 9, 2024
@ytsarev ytsarev requested a review from haarchri April 9, 2024 12:58
@ytsarev ytsarev merged commit f7b56a2 into upbound:main Apr 9, 2024
2 checks passed
@ytsarev ytsarev deleted the conn-secret-extension branch April 9, 2024 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haarchri haarchri haarchri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ytsarev @haarchri