Merge pull request #3 from DoodleScheduling/improvements

Refactoring & improvements DK-1724

Author: raffis

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.13 as builder
+FROM golang:1.15 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Jenkinsfile

@@ -5,7 +5,7 @@ podTemplate(label: 'kubedb',
   containers: [
     containerTemplate(
       name: 'golang',
-      image: 'bitnami/golang:1.13',
+      image: 'bitnami/golang:1.15',
       ttyEnabled: true
     ),
     containerTemplate(
@@ -28,7 +28,7 @@ podTemplate(label: 'kubedb',
     ansiColor("xterm") {
       stage('checkout') {
         checkout(scm)
-      
+
         container('docker') {
           dockerAuth()
         }
@@ -66,8 +66,8 @@ podTemplate(label: 'kubedb',
             bumpImageVersion(env.TAG_NAME)
 
             tgz="kubedb-${version}.tgz"
+            sh "cp config/crd/bases/* chart/kubedb/crds"
             sh "helm package chart/kubedb"
-
           }
 
           container('golang') {

Makefile

@@ -1,8 +1,9 @@
 
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
-# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true"
+
+# Produce CRDs that work back to Kubernetes 1.16
+CRD_OPTIONS ?= crd:crdVersions=v1 
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -71,7 +72,7 @@ ifeq (, $(shell which controller-gen))
 	CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
 	cd $$CONTROLLER_GEN_TMP_DIR ;\
 	go mod init tmp ;\
-	go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\
+  go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.3.0 ;\
 	rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
 	}
 CONTROLLER_GEN=$(GOBIN)/controller-gen

PROJECT

@@ -1,10 +1,16 @@
 domain: doodle.com
 repo: github.com/doodlescheduling/kubedb
 resources:
-- group: infra
-  kind: MongoDB
+- group: dbprovisioning.infra.doodle.com
+  kind: MongoDBDatabase
   version: v1beta1
-- group: infra
-  kind: PostgreSQL
+- group: dbprovisioning.infra.doodle.com
+  kind: PostgreSQLDatabase
+  version: v1beta1
+- group: dbprovisioning.infra.doodle.com
+  kind: MongoDBUser
+  version: v1beta1
+- group: dbprovisioning.infra.doodle.com
+  kind: PostgreSQLUser
   version: v1beta1
 version: "2"

README.md

@@ -1,26 +1,111 @@
-# KUBEDB
+# Database controller
 
-Kubernetes Controller that sets up databases, credentials and permissions in Doodle databases.
+Kubernetes Controller that deals with database and user provisioning.
+**Note**: This controller does not deploy database servers but rather manage on top of existing ones, use existing operators for this.
 
-Build with [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder).
+## Example for PostgreSQL
 
-Work in progress.
+A `VaultBinding` binds a kubernetes vanialla secret to a vault path.
+Following a secret which fields shall be placed into vault:
 
-Name "kubedb" clashes with an open-source project: https://github.com/kubedb
-We're going to have naming "clashes" (not technical, but on human level) if we ever decide to use that one.
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgresql-admin-credentials
+  namespace: default
+data:
+  password: MTIzNA==
+  username: MTIzNA==
+---
+apiVersion: dbprovisioning.infra.doodle.com/v1beta1
+kind: PostgreSQLDatabase
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  address: "postgres://localhost:5432"
+  rootSecret:
+    name: postgresql-admin-credentials
+---
+apiVersion: dbprovisioning.infra.doodle.com/v1beta1
+kind: PostgreSQLUser
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  database:
+    name: my-app
+  credentials:
+    name: my-app-postgresql-credentials
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-app-postgresql-credentials
+  namespace: default
+data:
+  password: MTIzNA==
+  username: MTIzNA==
+```
 
-TODO: Write proper README file.
+## Example for MongoDB
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mongodb-admin-credentials
+  namespace: default
+data:
+  password: MTIzNA==
+  username: MTIzNA==
+---
+apiVersion: dbprovisioning.infra.doodle.com/v1beta1
+kind: MongoDBDatabase
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  address: "mongodb://localhost:27017"
+  rootSecret:
+    name: mongodb-admin-credentials
+---
+apiVersion: dbprovisioning.infra.doodle.com/v1beta1
+kind: MongoDBUser
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  database:
+    name: my-app-mongodb-credentials
+  credentials:
+    name: my-app-mongodb
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-app-mongodb-credentials
+  namespace: default
+data:
+  password: MTIzNA==
+  username: MTIzNA==
+```
 
-Config options:
+## Helm chart
+
+Please see [chart/kubedb](https://github.com/DoodleScheduling/kubedb) for the helm chart docs.
+
+## Limitations
+
+Currently there is no garbage collection implemented, meaning all the things created are not removed.
+This will be at least implemented for user provisioning. Discussion will stay open for databases.
+
+## Configure the controller
 
 ENV Variable | Argument | Default value | Example | Purpose |
 -------------|----------|---------------|---------|---------|
 METRICS_ADDR | --metrics-addr | :8080 | :8080 | Metrics port |
 ENABLE_LEADER_ELECTION | --enable-leader-election | false | true | Enable leader election |
 LEADER_ELECTION_NAMESPACE | --leader-election-namespace | "" | devops | Leader election namespace. Default is the same as controller.
 NAMESPACES | --namespaces | "" | devops,default |  Namespaces to watch. Default: watch all namespaces |
-MAX_CONCURRENT_RECONCILES | --max-concurrent-reconciles | 1 | 5 | Maximum concurrent reconciles per controller. This config covers all controllers. TODO maybe have a separate flag for each controller? |
-
-
-
-
+MAX_CONCURRENT_RECONCILES | --max-concurrent-reconciles | 1 | 5 | Maximum concurrent reconciles per controller. This config covers all controllers. |

api/v1beta1/database_types.go

@@ -0,0 +1,103 @@
+package v1beta1
+
+import (
+	apimeta "k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// Finalizer
+const (
+	Finalizer = "infra.finalizers.doodle.com"
+)
+
+// Status conditions
+const (
+	DatabaseReadyConditionType = "DatabaseReady"
+	UserReadyConditionType     = "UserReady"
+)
+
+// Status reasons
+const (
+	SecretNotFoundReason                = "SecretNotFoundFailed"
+	ConnectionFailedReason              = "ConnectionFailed"
+	DatabaseProvisioningFailedReason    = "DatabaseProvisioningFailed"
+	DatabaseProvisiningSuccessfulReason = "DatabaseProvisiningSuccessful"
+	DatabaseNotFoundReason              = "DatabaseNotFoundReason"
+	UserNotProvisionedReason            = "UserNotProvisioned"
+	UserProvisioningSuccessfulReason    = "UserProvisioningSuccessful"
+	CredentialsNotFoundReason           = "CredentialsNotFound"
+	CreateDatabaseFailedReason          = "CreateDatabaseFailed"
+)
+
+// DatabaseSpec defines the desired state of MongoDBDatabase
+type DatabaseSpec struct {
+	// DatabaseName is by default the same as metata.name
+	// +optional
+	DatabaseName string `json:"databaseName"`
+
+	// The connect URI
+	// +required
+	Address string `json:"address"`
+
+	// Contains a credentials set of a user with enough permission to manage databases and user accounts
+	// +required
+	RootSecret *SecretReference `json:"rootSecret"`
+}
+
+// DatabaseReference is a named reference to a database kind
+type DatabaseReference struct {
+	// Name referrs to the name of the database kind, mist be located within the same namespace
+	// +required
+	Name string `json:"name"`
+}
+
+// SecretReference is a named reference to a secret which contains user credentials
+type SecretReference struct {
+	// Name referrs to the name of the secret, must be located whithin the same namespace
+	// +required
+	Name string `json:"name"`
+
+	// +optional
+	// +kubebuilder:default:=username
+	UserField string `json:"userField"`
+
+	// +optional
+	// +kubebuilder:default:=password
+	PasswordField string `json:"passwordField"`
+}
+
+// conditionalResource is a resource with conditions
+type conditionalResource interface {
+	GetStatusConditions() *[]metav1.Condition
+}
+
+func DatabaseNotReadyCondition(in conditionalResource, reason, message string) {
+	setResourceCondition(in, DatabaseReadyConditionType, metav1.ConditionFalse, reason, message)
+}
+
+func DatabaseReadyCondition(in conditionalResource, reason, message string) {
+	setResourceCondition(in, DatabaseReadyConditionType, metav1.ConditionTrue, reason, message)
+}
+
+func UserNotReadyCondition(in conditionalResource, reason, message string) {
+	setResourceCondition(in, UserReadyConditionType, metav1.ConditionFalse, reason, message)
+}
+
+func UserReadyCondition(in conditionalResource, reason, message string) {
+	setResourceCondition(in, UserReadyConditionType, metav1.ConditionTrue, reason, message)
+}
+
+// setResourceCondition sets the given condition with the given status,
+// reason and message on a resource.
+func setResourceCondition(resource conditionalResource, condition string, status metav1.ConditionStatus, reason, message string) {
+	conditions := resource.GetStatusConditions()
+
+	newCondition := metav1.Condition{
+		Type:    condition,
+		Status:  status,
+		Reason:  reason,
+		Message: message,
+	}
+
+	apimeta.SetStatusCondition(conditions, newCondition)
+}

api/v1beta1/groupversion_info.go

@@ -16,7 +16,7 @@ limitations under the License.
 
 // Package v1beta1 contains API Schema definitions for the infra v1beta1 API group
 // +kubebuilder:object:generate=true
-// +groupName=infra.doodle.com
+// +groupName=dbprovisioning.infra.doodle.com
 package v1beta1
 
 import (
@@ -26,7 +26,7 @@ import (
 
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "infra.doodle.com", Version: "v1beta1"}
+	GroupVersion = schema.GroupVersion{Group: "dbprovisioning.infra.doodle.com", Version: "v1beta1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}