refactoring

Author: raffis

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.13 as builder
+FROM golang:1.15 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Jenkinsfile

@@ -5,7 +5,7 @@ podTemplate(label: 'kubedb',
   containers: [
     containerTemplate(
       name: 'golang',
-      image: 'bitnami/golang:1.13',
+      image: 'bitnami/golang:1.15',
       ttyEnabled: true
     ),
     containerTemplate(
@@ -28,7 +28,7 @@ podTemplate(label: 'kubedb',
     ansiColor("xterm") {
       stage('checkout') {
         checkout(scm)
-      
+
         container('docker') {
           dockerAuth()
         }
@@ -66,8 +66,8 @@ podTemplate(label: 'kubedb',
             bumpImageVersion(env.TAG_NAME)
 
             tgz="kubedb-${version}.tgz"
+            sh "cp config/crd/bases/* chart/kubedb/crds"
             sh "helm package chart/kubedb"
-
           }
 
           container('golang') {

PROJECT

@@ -1,10 +1,16 @@
 domain: doodle.com
 repo: github.com/doodlescheduling/kubedb
 resources:
-- group: infra
-  kind: MongoDB
+- group: dbprovisioning.infra.doodle.com
+  kind: MongoDBDatabase
   version: v1beta1
-- group: infra
-  kind: PostgreSQL
+- group: dbprovisioning.infra.doodle.com
+  kind: PostgreSQLDatabase
+  version: v1beta1
+- group: dbprovisioning.infra.doodle.com
+  kind: MongoDBUser
+  version: v1beta1
+- group: dbprovisioning.infra.doodle.com
+  kind: PostgreSQLUser
   version: v1beta1
 version: "2"

README.md

@@ -1,26 +1,110 @@
-# KUBEDB
+# Database controller
 
-Kubernetes Controller that sets up databases, credentials and permissions in Doodle databases.
+Kubernetes Controller that deals with database and user provisioning.
 
-Build with [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder).
+## Example for PostgreSQL
 
-Work in progress.
+A `VaultBinding` binds a kubernetes vanialla secret to a vault path.
+Following a secret which fields shall be placed into vault:
 
-Name "kubedb" clashes with an open-source project: https://github.com/kubedb
-We're going to have naming "clashes" (not technical, but on human level) if we ever decide to use that one.
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgresql-admin-credentials
+  namespace: default
+data:
+  password: MTIzNA==
+  username: MTIzNA==
+---
+apiVersion: dbprovisioning.infra.doodle.com/v1beta1
+kind: PostgreSQLDatabase
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  address: "postgres://localhost:5432"
+  rootSecret:
+    name: postgresql-admin-credentials
+---
+apiVersion: dbprovisioning.infra.doodle.com/v1beta1
+kind: PostgreSQLUser
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  database:
+    name: my-app
+  credentials:
+    name: my-app-postgresql-credentials
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-app-postgresql-credentials
+  namespace: default
+data:
+  password: MTIzNA==
+  username: MTIzNA==
+```
 
-TODO: Write proper README file.
+## Example for MongoDB
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mongodb-admin-credentials
+  namespace: default
+data:
+  password: MTIzNA==
+  username: MTIzNA==
+---
+apiVersion: dbprovisioning.infra.doodle.com/v1beta1
+kind: MongoDBDatabase
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  address: "mongodb://localhost:27017"
+  rootSecret:
+    name: mongodb-admin-credentials
+---
+apiVersion: dbprovisioning.infra.doodle.com/v1beta1
+kind: MongoDBUser
+metadata:
+  name: my-app
+  namespace: default
+spec:
+  database:
+    name: my-app-mongodb-credentials
+  credentials:
+    name: my-app-mongodb
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-app-mongodb-credentials
+  namespace: default
+data:
+  password: MTIzNA==
+  username: MTIzNA==
+```
 
-Config options:
+## Helm chart
+
+Please see [chart/kubedb](https://github.com/DoodleScheduling/kubedb) for the helm chart docs.
+
+## Limitations
+
+Currently there is no garbage collection implemented, meaning all the things created are not removed.
+This will be at least implemented for user provisioning. Discussion will stay open for databases.
+
+## Configure the controller
 
 ENV Variable | Argument | Default value | Example | Purpose |
 -------------|----------|---------------|---------|---------|
 METRICS_ADDR | --metrics-addr | :8080 | :8080 | Metrics port |
 ENABLE_LEADER_ELECTION | --enable-leader-election | false | true | Enable leader election |
 LEADER_ELECTION_NAMESPACE | --leader-election-namespace | "" | devops | Leader election namespace. Default is the same as controller.
 NAMESPACES | --namespaces | "" | devops,default |  Namespaces to watch. Default: watch all namespaces |
-MAX_CONCURRENT_RECONCILES | --max-concurrent-reconciles | 1 | 5 | Maximum concurrent reconciles per controller. This config covers all controllers. TODO maybe have a separate flag for each controller? |
-
-
-
-
+MAX_CONCURRENT_RECONCILES | --max-concurrent-reconciles | 1 | 5 | Maximum concurrent reconciles per controller. This config covers all controllers. |

api/v1beta1/database_types.go

@@ -5,6 +5,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// Finalizer
+const (
+	Finalizer = "infra.finalizers.doodle.com"
+)
+
 // Status conditions
 const (
 	DatabaseReadyConditionType = "DatabaseReady"
@@ -21,6 +26,7 @@ const (
 	UserNotProvisionedReason            = "UserNotProvisioned"
 	UserProvisioningSuccessfulReason    = "UserProvisioningSuccessful"
 	CredentialsNotFoundReason           = "CredentialsNotFound"
+	CreateDatabaseFailedReason          = "CreateDatabaseFailed"
 )
 
 // DatabaseSpec defines the desired state of MongoDBDatabase
@@ -60,7 +66,7 @@ type SecretReference struct {
 	PasswordField string `json:"passwordField"`
 }
 
-// ConditionalResource is a resource with conditions
+// conditionalResource is a resource with conditions
 type conditionalResource interface {
 	GetStatusConditions() *[]metav1.Condition
 }

api/v1beta1/groupversion_info.go

@@ -16,7 +16,7 @@ limitations under the License.
 
 // Package v1beta1 contains API Schema definitions for the infra v1beta1 API group
 // +kubebuilder:object:generate=true
-// +groupName=infra.doodle.com
+// +groupName=dbprovisioning.infra.doodle.com
 package v1beta1
 
 import (
@@ -26,7 +26,7 @@ import (
 
 var (
 	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: "infra.doodle.com", Version: "v1beta1"}
+	GroupVersion = schema.GroupVersion{Group: "dbprovisioning.infra.doodle.com", Version: "v1beta1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

api/v1beta1/mongodbdatabase_types.go

@@ -27,11 +27,6 @@ const (
 	DEFAULT_MONGODB_ROOT_AUTHENTICATION_DATABASE = "admin"
 )
 
-// Finalizer
-const (
-	MongoSQLDatabaseControllerFinalizer = "infra.finalizers.doodle.com"
-)
-
 // MongoDBDatabaseSpec defines the desired state of MongoDBDatabase
 type MongoDBDatabaseSpec struct {
 	*DatabaseSpec `json:",inline"`
@@ -55,8 +50,8 @@ type MongoDBDatabaseStatus struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:shortName=mdb
 // +kubebuilder:subresource:status
-// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Provisioned\")].status",description=""
-// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Provisioned\")].message",description=""
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"DatabaseReady\")].status",description=""
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"DatabaseReady\")].message",description=""
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
 
 // MongoDBDatabase is the Schema for the mongodbs API
@@ -68,6 +63,22 @@ type MongoDBDatabase struct {
 	Status MongoDBDatabaseStatus `json:"status,omitempty"`
 }
 
+func (in *MongoDBDatabase) GetAddress() string {
+	return in.Spec.Address
+}
+
+func (in *MongoDBDatabase) GetRootSecret() *SecretReference {
+	return in.Spec.RootSecret
+}
+
+func (in *MongoDBDatabase) GetDatabaseName() string {
+	if in.Spec.DatabaseName != "" {
+		return in.Spec.DatabaseName
+	}
+
+	return in.GetName()
+}
+
 // +kubebuilder:object:root=true
 
 // MongoDBDatabaseList contains a list of MongoDBDatabase
@@ -77,59 +88,41 @@ type MongoDBDatabaseList struct {
 	Items           []MongoDBDatabase `json:"items"`
 }
 
-/*
-	If object doesn't contain finalizer, set it and call update function 'updateF'.
-	Only do this if object is not being deleted (judged by DeletionTimestamp being zero)
-*/
+// If object doesn't contain finalizer, set it and call update function 'updateF'.
+// Only do this if object is not being deleted (judged by DeletionTimestamp being zero)
 func (d *MongoDBDatabase) SetFinalizer(updateF func() error) error {
 	if !d.ObjectMeta.DeletionTimestamp.IsZero() {
 		return nil
 	}
-	if !stringutils.ContainsString(d.ObjectMeta.Finalizers, MongoSQLDatabaseControllerFinalizer) {
-		d.ObjectMeta.Finalizers = append(d.ObjectMeta.Finalizers, MongoSQLDatabaseControllerFinalizer)
+	if !stringutils.ContainsString(d.ObjectMeta.Finalizers, Finalizer) {
+		d.ObjectMeta.Finalizers = append(d.ObjectMeta.Finalizers, Finalizer)
 		return updateF()
 	}
 	return nil
 }
 
-/*
-	Finalize object if deletion timestamp is not zero (i.e. object is being deleted).
-	Call finalize function 'finalizeF', which should handle finalization logic.
-	Remove finalizer from the object (so that object can be deleted), and update by calling update function 'updateF'.
-*/
+// Finalize object if deletion timestamp is not zero (i.e. object is being deleted).
+// Call finalize function 'finalizeF', which should handle finalization logic.
+// Remove finalizer from the object (so that object can be deleted), and update by calling update function 'updateF'.
 func (d *MongoDBDatabase) Finalize(updateF func() error, finalizeF func() error) (bool, error) {
 	if d.ObjectMeta.DeletionTimestamp.IsZero() {
 		return false, nil
 	}
-	if stringutils.ContainsString(d.ObjectMeta.Finalizers, MongoSQLDatabaseControllerFinalizer) {
+	if stringutils.ContainsString(d.ObjectMeta.Finalizers, Finalizer) {
 		_ = finalizeF()
-		d.ObjectMeta.Finalizers = stringutils.RemoveString(d.ObjectMeta.Finalizers, MongoSQLDatabaseControllerFinalizer)
+		d.ObjectMeta.Finalizers = stringutils.RemoveString(d.ObjectMeta.Finalizers, Finalizer)
 		return true, updateF()
 	}
 	return true, nil
 }
 
-/*func (d *MongoDBDatabase) SetDefaults() error {
-	if d.Spec.RootUsername == "" {
-		d.Spec.RootUsername = DEFAULT_MONGODB_ROOT_USER
-	}
-	if d.Spec.RootAuthenticationDatabase == "" {
-		d.Spec.RootAuthenticationDatabase = DEFAULT_MONGODB_ROOT_AUTHENTICATION_DATABASE
-	}
-	if d.Spec.RootSecretLookup.Name == "" {
-		return errors.New("must specify root secret")
-	}
-	if d.Spec.RootSecretLookup.Field == "" {
-		return errors.New("must specify root secret field")
-	}
-	if d.Spec.RootSecretLookup.Namespace == "" {
-		d.Spec.RootSecretLookup.Namespace = d.ObjectMeta.Namespace
-	}
-	if d.Status.CredentialsStatus == nil || len(d.Status.CredentialsStatus) == 0 {
-		d.Status.CredentialsStatus = make([]*CredentialStatus, 0)
+func (d *MongoDBDatabase) SetDefaults() error {
+	if d.Spec.DatabaseName == "" {
+		d.Spec.DatabaseName = d.GetName()
 	}
+
 	return nil
-}*/
+}
 
 func init() {
 	SchemeBuilder.Register(&MongoDBDatabase{}, &MongoDBDatabaseList{})