From 03f7e92679af5d53c416cf64f4e4525e94acaf6e Mon Sep 17 00:00:00 2001 From: Havrileck Alexandre Date: Thu, 29 Feb 2024 22:56:45 +0100 Subject: [PATCH] docs: Add documentation about bouncer support & examples --- .../engineconfiguration/full-example.yaml | 16 ++++++++++ .../userrole/managed-simple-rotation.yaml | 4 ++- config/samples/userrole/managed-simple.yaml | 2 ++ config/samples/userrole/provided-simple.yaml | 16 +++++----- docs/crds/PostgresqlEngineConfiguration.md | 31 +++++++++++++++++++ docs/crds/PostgresqlUserRole.md | 5 +++ 6 files changed, 66 insertions(+), 8 deletions(-) diff --git a/config/samples/engineconfiguration/full-example.yaml b/config/samples/engineconfiguration/full-example.yaml index 79a6cad..b5c1f4d 100644 --- a/config/samples/engineconfiguration/full-example.yaml +++ b/config/samples/engineconfiguration/full-example.yaml @@ -25,3 +25,19 @@ spec: # Wait for linked resource to be deleted # Default to false waitLinkedResourcesDeletion: true + # User connections used for secret generation + # That will be used to generate secret with primary server as url or + # to use the pg bouncer one. + # Note: Operator won't check those values. + userConnections: + # Primary connection is referring to the primary node connection. + # If not being set, all values will be set from spec (host, port, uriArgs) + primaryConnection: + host: localhost + uriArgs: sslmode=disable + port: 5432 + # Bouncer connection is referring to a pg bouncer node. + # bouncerConnection: + # host: localhost + # uriArgs: sslmode=disable + # port: 6432 diff --git a/config/samples/userrole/managed-simple-rotation.yaml b/config/samples/userrole/managed-simple-rotation.yaml index bda935c..873d046 100644 --- a/config/samples/userrole/managed-simple-rotation.yaml +++ b/config/samples/userrole/managed-simple-rotation.yaml @@ -13,8 +13,10 @@ spec: privileges: - # Privilege for the selected database privilege: OWNER + # Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration) + connectionType: PRIMARY # Database link database: name: simple # Generated secret name with information for the selected database - generatedSecretName: managed-simple-rotation \ No newline at end of file + generatedSecretName: managed-simple-rotation diff --git a/config/samples/userrole/managed-simple.yaml b/config/samples/userrole/managed-simple.yaml index 9bcc61a..6b6dc89 100644 --- a/config/samples/userrole/managed-simple.yaml +++ b/config/samples/userrole/managed-simple.yaml @@ -11,6 +11,8 @@ spec: privileges: - # Privilege for the selected database privilege: OWNER + # Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration) + connectionType: PRIMARY # Database link database: name: simple diff --git a/config/samples/userrole/provided-simple.yaml b/config/samples/userrole/provided-simple.yaml index 032986c..3dc0d6b 100644 --- a/config/samples/userrole/provided-simple.yaml +++ b/config/samples/userrole/provided-simple.yaml @@ -7,12 +7,14 @@ spec: mode: PROVIDED # Privileges list privileges: - - # Privilege for the selected database - privilege: WRITER - # Database link - database: - name: simple - # Generated secret name with information for the selected database - generatedSecretName: simple1 + - # Privilege for the selected database + privilege: WRITER + # Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration) + connectionType: PRIMARY + # Database link + database: + name: simple + # Generated secret name with information for the selected database + generatedSecretName: simple1 # Import secret that will contain "USERNAME" and "PASSWORD" for provided mode importSecretName: provided-simple diff --git a/docs/crds/PostgresqlEngineConfiguration.md b/docs/crds/PostgresqlEngineConfiguration.md index f7bfcfb..1c06f29 100644 --- a/docs/crds/PostgresqlEngineConfiguration.md +++ b/docs/crds/PostgresqlEngineConfiguration.md @@ -35,6 +35,22 @@ All these names are available for `kubectl`: | checkInterval | Interval between 2 connectivity check. Default is `30s`. | String | false | | waitLinkedResourcesDeletion | Tell operator if it has to wait until all linked resources are deleted to delete current custom resource. If not, it won't be able to delete PostgresqlDatabase and PostgresqlUser after. Default value is `false`. | Boolean | false | | secretName | Secret name in the same namespace has the current custom resource that contains user and password to be used to connect PostgreSQL engine. An example can be found [here](../../deploy/examples/engineconfiguration/engineconfigurationsecret.yaml) | String | true | +| userConnections | User connections used for secret generation. That will be used to generate secret with primary server as url or to use the pg bouncer one. Note: Operator won't check those values. | [UserConnections](#userconnections) | false | + +### UserConnections + +| Field | Description | Scheme | Required | +| ----- | ----------- | ------ | -------- | +| primaryConnection | Primary connection is referring to the primary node connection. If not being set, all values will be set from spec (host, port, uriArgs) | [GenericUserConnection](#genericuserconnection) | false | +| bouncerConnection | Bouncer connection is referring to a pg bouncer node. The default port will be 6432 if other fields are filled but not port. | [GenericUserConnection](#genericuserconnection) | false | + +### GenericUserConnection + +| Field | Description | Scheme | Required | +| ----- | ----------- | ------ | -------- | +| host | PostgreSQL Hostname | String | true | +| port | PostgreSQL Port. | Integer | false | +| uriArgs | PostgreSQL URI arguments like `sslmode=disabled` | String | false | ### PostgresqlEngineConfigurationStatus @@ -78,4 +94,19 @@ spec: # Wait for linked resource to be deleted # Default to false waitLinkedResourcesDeletion: true + # User connections used for secret generation + # That will be used to generate secret with primary server as url or + # to use the pg bouncer one. + # Note: Operator won't check those values. + userConnections: + # Primary connection is referring to the primary node connection. + primaryConnection: + host: localhost + uriArgs: sslmode=disable + port: 5432 + # Bouncer connection is referring to a pg bouncer node. + # bouncerConnection: + # host: localhost + # uriArgs: sslmode=disable + # port: 6432 ``` diff --git a/docs/crds/PostgresqlUserRole.md b/docs/crds/PostgresqlUserRole.md index 6c7381e..f61b3e2 100644 --- a/docs/crds/PostgresqlUserRole.md +++ b/docs/crds/PostgresqlUserRole.md @@ -38,6 +38,7 @@ All these names are available for `kubectl`: | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | | privilege | User privilege on database. Enumeration is `OWNER`, `WRITER`, `READER`. | String | true | +| connectionType | Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration). Enumeration is `PRIMARY`, `BOUNCER`. Default value is `PRIMARY` | String | false | | database | [PostgresqlDatabase](./PostgresqlDatabase.md) object reference | [CRLink](#crlink) | true | | generatedSecretName | Generated secret name used for secret generation. | String | true | @@ -78,6 +79,8 @@ spec: privileges: - # Privilege for the selected database privilege: WRITER + # Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration) + connectionType: PRIMARY # Database link database: name: simple @@ -120,6 +123,8 @@ spec: privileges: - # Privilege for the selected database privilege: OWNER + # Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration) + connectionType: PRIMARY # Database link database: name: simple