This Custom Resource represents a PosgreSQL User Role.
All these names are available for kubectl
:
- postgresqluserroles.postgresql.easymile.com
- postgresqluserroles
- postgresqluserrole
- pgur
Field | Description | Scheme | Required |
---|---|---|---|
metadata | Object metadata | metav1.ObjectMeta | false |
spec | Specification of the PostgreSQL User Role | PostgresqlUserRoleSpec | true |
status | Most recent observed status of the PostgreSQL User Role. Read-only. Not included when requesting from the apiserver, only from the PostgreSQL Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | PostgresqlUserRoleStatus | false |
Field | Description | Scheme | Required |
---|---|---|---|
mode | Mode for PostgresqlUserRole. One mode is PROVIDED : provide a username/password and operator will ensure the user provided will be injected with correct rights. The other mode is MANAGED , in that case, the operator will create a generated user/password with correct rights. |
String | true |
privileges | Privileges list on databases | []PostgresqlUserRolePrivilege | true |
rolePrefix | Used as prefix in MANAGED mode for PostgreSQL Role generation |
String | true in MANAGED mode, false otherwise |
importSecretName | Used in PROVIDED mode to give username/password to operator to create and manage |
String | true in PROVIDED mode, false otherwise |
userPasswordRotationDuration | User password rotation interval between 2 user/password rotation. This can be used only in MANAGED mode. |
String | false |
workGeneratedSecretName | This is a secret used internally by operator. You can specify the name of this one, otherwise it will be generated | String | false |
Field | Description | Scheme | Required |
---|---|---|---|
privilege | User privilege on database. Enumeration is OWNER , WRITER , READER . |
String | true |
connectionType | Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration). Enumeration is PRIMARY , BOUNCER . Default value is PRIMARY |
String | false |
database | PostgresqlDatabase object reference | CRLink | true |
generatedSecretName | Generated secret name used for secret generation. | String | true |
Field | Description | Scheme | Required |
---|---|---|---|
name | Custom resource name | String | true |
namespace | Custom resource namespace. Default value will be current custom resource namespace. | String | false |
Field | Description | Scheme | Required |
---|---|---|---|
phase | Current phase of the operator | String | true |
message | Human-readable message indicating details about current operator phase or error | String | false |
ready | True if all resources are in a ready state and all work is done by operator | Boolean | false |
rolePrefix | User role prefix currently used | String | false |
postgresRole | PostgreSQL role for user | String | false |
oldPostgresRoles | Old PostgreSQL roles that must be deleted but still in used | []String | false |
lastPasswordChangedTime | Last time operator has changed the user password | String | false |
Here is an example of Custom Resource:
apiVersion: postgresql.easymile.com/v1alpha1
kind: PostgresqlUserRole
metadata:
name: postgresqluserrole-sample
spec:
# Mode
mode: PROVIDED
# Privileges list
privileges:
- # Privilege for the selected database
privilege: WRITER
# Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration)
connectionType: PRIMARY
# Database link
database:
name: simple
# Generated secret name with information for the selected database
generatedSecretName: simple1
# Import secret that will contain "USERNAME" and "PASSWORD" for provided mode
importSecretName: provided-simple
with import secret:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: provided-simple
data:
USERNAME: fake
PASSWORD: fake
Here is an example of Custom Resource:
apiVersion: postgresql.easymile.com/v1alpha1
kind: PostgresqlUserRole
metadata:
name: managed-simple-rotation
spec:
# Mode
mode: MANAGED
# Role prefix to be used for user created in database engine
rolePrefix: "managed-simple"
# User password rotation duration in order to roll user/password in secret
userPasswordRotationDuration: 720h
# Privileges
privileges:
- # Privilege for the selected database
privilege: OWNER
# Connection type to be used for secret generation (Can be set to BOUNCER if wanted and supported by engine configuration)
connectionType: PRIMARY
# Database link
database:
name: simple
# Generated secret name with information for the selected database
generatedSecretName: managed-simple-rotation
Here is an example:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: managed-simple-rotation
data:
POSTGRES_URL: postgresql://fake-0:password@localhost:5432/database1
POSTGRES_URL_ARGS: postgresql://fake-0:password@localhost:5432/database1?sslmode=require
PASSWORD: password
LOGIN: fake-0
DATABASE: database1
HOST: localhost
PORT: "5432"
ARGS: sslmode=require
Here is an example with replica:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: managed-simple-rotation
data:
ARGS: sslmode=disable
DATABASE: database1
HOST: localhost
LOGIN: fake-0
PASSWORD: password
PORT: "5432"
POSTGRES_URL: postgresql://fake-0:password@localhost:5432/database1
POSTGRES_URL_ARGS: postgresql://fake-0:password@localhost:5432/database1?sslmode=disable
REPLICA_0_ARGS: sslmode=disable
REPLICA_0_DATABASE: database1
REPLICA_0_HOST: localhost
REPLICA_0_LOGIN: fake-0
REPLICA_0_PASSWORD: password
REPLICA_0_PORT: "5432"
REPLICA_0_POSTGRES_URL: postgresql://fake-0:password@localhost:5432/database1
REPLICA_0_POSTGRES_URL_ARGS: postgresql://fake-0:password@localhost:5432/database1?sslmode=disable
# And so on, ... The numbers are the iteration number and so order in initial list.