From 1943f0b7865f5f5816faae32e1039733b60c6c3f Mon Sep 17 00:00:00 2001 From: Mazin S Date: Wed, 8 Nov 2023 06:49:59 -0800 Subject: [PATCH] NDB v0.5.0 Operator Release (#129) Upgrade NDB helm chart to first NDB Operator GA version --------- Co-authored-by: Manav --- charts/ndb-operator/Chart.yaml | 20 +- charts/ndb-operator/README.md | 232 +++++++++++++++--- ...edefinition-databases.ndb.nutanix.com.yaml | 142 ++++++++--- ...definition-ndbservers.ndb.nutanix.com.yaml | 5 +- ...yment-ndb-operator-controller-manager.yaml | 112 ++++----- 5 files changed, 387 insertions(+), 124 deletions(-) diff --git a/charts/ndb-operator/Chart.yaml b/charts/ndb-operator/Chart.yaml index af288df..e013310 100644 --- a/charts/ndb-operator/Chart.yaml +++ b/charts/ndb-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: ndb-operator description: A Helm chart for Nutanix Database Kubernetes Operator type: application -version: 0.0.7 -appVersion: v0.0.7 +version: 0.5.0 +appVersion: v0.5.0 maintainers: - name: mazin-s email: mazin.shaaeldin@nutanix.com @@ -23,15 +23,19 @@ icon: https://www.nutanix.com/content/dam/nutanix/global/icons/products/svg/Nuta annotations: artifacthub.io/changes: | - kind: added - description: "Added the K8s Webhooks support for the validation of database specs" + description: "Added Clone Functionality" - kind: added - description: "Added Provisioning Operation Id to the DB Status" + description: "Automation Testing for Time machine" - kind: added - description: "Integrated Kubernetes events with the operator" + description: "Automation Scaffolding for future db engine tests" - kind: added - description: "Added description property for Database in the database specs" + description: "Added Operation tracking" - kind: added - description: "Added end-to-end tests for automated testing of operator" + description: "Support for Engine Specific Inputs in DB Provisioning" + - kind: added + description: "NDB and DB Integration" + - kind: added + description: "Upgrade the versions for controller-runtime & kube-rbac-proxy and Operator-sdk" artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/license: Apache-2.0 artifacthub.io/maintainers: | @@ -51,4 +55,4 @@ annotations: email: cloudnative@nutanix.com artifacthub.io/operator: "true" artifacthub.io/operatorCapabilities: Basic Install - artifacthub.io/prerelease: "true" + artifacthub.io/prerelease: "false" diff --git a/charts/ndb-operator/README.md b/charts/ndb-operator/README.md index 3d21d82..35402f9 100644 --- a/charts/ndb-operator/README.md +++ b/charts/ndb-operator/README.md @@ -2,8 +2,9 @@ The NDB operator automates and simplifies database administration, provisioning, and life-cycle management of NDB on Kubernetes. NDB operator supports these functionalities: -1. Provisioning and deprovisioning a single instance postgres database. -2. Creation of a service for the applications to consume the database within Kubernetes. +1. Provisioning and deprovisioning a single instance postgres, mssql, sql server, and mongodb database with or without time machine. +2. Cloning support for the above database engines +3. Creation of a service for the applications to consume the database within Kubernetes. --- ## Pre-requisites @@ -19,9 +20,9 @@ helm repo add nutanix https://nutanix.github.io/helm/ helm install ndb-operator nutanix/ndb-operator -n ndb-operator --create-namespace ``` -## Using the Operator +## Usage +### Create secrets to be used by the NDBServer and Database resources using the manifest: -1. Create the secrets that are to be used by the custom resource(s): ```yaml apiVersion: v1 kind: Secret @@ -46,15 +47,43 @@ stringData: ssh_public_key: SSH-PUBLIC-KEY ``` -2. To create instances of custom resources (provision databases), edit the CRD file with the NDB installation and database instance details and run: -```sh -kubectl apply -f CRD_FILE.yaml + +Create the secrets: + +``` +kubectl apply -f +``` + +### Create the NDBServer resource. The manifest for NDBServer is described as follows: + +```yaml +apiVersion: ndb.nutanix.com/v1alpha1 +kind: NDBServer +metadata: + labels: + app.kubernetes.io/name: ndbserver + app.kubernetes.io/instance: ndbserver + app.kubernetes.io/part-of: ndb-operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: ndb-operator + name: ndb +spec: + # Name of the secret that holds the credentials for NDB: username, password and ca_certificate created earlier + credentialSecret: ndb-secret-name + # NDB Server's API URL + server: https://[NDB IP]:8443/era/v0.9 + # Set to true to skip SSL certificate validation, should be false if ca_certificate is provided in the credential secret. + skipCertificateVerification: true + ``` -3. To delete instances of custom resources (deprovision databases) run: +Create the NDBServer resource using: ```sh -kubectl delete -f CRD_FILE.yaml +kubectl apply -f ``` -The CRD is described as follows: + +### Create a Database Resource. A database can either be provisioned or cloned on NDB based on the inputs specified in the database manifest. + +#### Provisioning manifest ```yaml apiVersion: ndb.nutanix.com/v1alpha1 kind: Database @@ -62,26 +91,18 @@ metadata: # This name that will be used within the kubernetes cluster name: db spec: - # NDB server specific details - ndb: + # Name of the NDBServer resource created earlier + ndbRef: ndb + isClone: false + # Database instance specific details (that is to be provisioned) + databaseInstance: # Cluster id of the cluster where the Database has to be provisioned # Can be fetched from the GET /clusters endpoint clusterId: "Nutanix Cluster Id" - # Credentials secret name for NDB installation - # data: username, password, - # stringData: ca_certificate - credentialSecret: ndb-secret-name - # The NDB Server - server: https://[NDB IP]:8443/era/v0.9 - # Set to true to skip SSL verification, default: false. - skipCertificateVerification: true - # Database instance specific details (that is to be provisioned) - databaseInstance: # The database instance name on NDB - databaseInstanceName: "Database-Instance-Name" - # Description for the database instance. Optional. - # Default : "Database provisioned by ndb-operator: " - description: "Database provisioned by ndb-operator" + name: "Database-Instance-Name" + # The description of the database instance + description: Database Description # Names of the databases on that instance databaseNames: - database_one @@ -102,7 +123,7 @@ spec: compute: id: "" name: "" - # A Software profile is a mandatory input for closed-source engines: MSSQL + # A Software profile is a mandatory input for closed-source engines: SQL Server & Oracle software: name: "" id: "" @@ -116,16 +137,169 @@ spec: dbParamInstance: name: "" id: "" - timeMachine: - sla : "NAME OF THE SLA" # Name of the SLA to use for the Time Machine + timeMachine: # Optional block, if removed the SLA defaults to NONE + sla : "NAME OF THE SLA" dailySnapshotTime: "12:34:56" # Time for daily snapshot in hh:mm:ss format snapshotsPerDay: 4 # Number of snapshots per day logCatchUpFrequency: 90 # Frequency (in minutes) weeklySnapshotDay: "WEDNESDAY" # Day of the week for weekly snapshot monthlySnapshotDay: 24 # Day of the month for monthly snapshot quarterlySnapshotMonth: "Jan" # Start month of the quarterly snapshot + additionalArguments: # Optional block, can specify additional arguments that are unique to database engines. + listener_port: "8080" + +``` + +#### Cloning manifest +```yaml +apiVersion: ndb.nutanix.com/v1alpha1 +kind: Database +metadata: + # This name that will be used within the kubernetes cluster + name: db +spec: + # Name of the NDBServer resource created earlier + ndbRef: ndb + isClone: true + # Clone specific details (that is to be provisioned) + clone: + # Type of the database to be cloned + type: postgres + # The clone instance name on NDB + name: "Clone-Instance-Name" + # The description of the clone instance + description: Database Description + # Cluster id of the cluster where the Database has to be provisioned + # Can be fetched from the GET /clusters endpoint + clusterId: "Nutanix Cluster Id" + # You can specify any (or none) of these types of profiles: compute, software, network, dbParam + # If not specified, the corresponding Out-of-Box (OOB) profile will be used wherever applicable + # Name is case-sensitive. ID is the UUID of the profile. Profile should be in the "READY" state + # "id" & "name" are optional. If none provided, OOB may be resolved to any profile of that type + profiles: + compute: + id: "" + name: "" + # A Software profile is a mandatory input for closed-source engines: SQL Server & Oracle + software: + name: "" + id: "" + network: + id: "" + name: "" + dbParam: + name: "" + id: "" + # Only applicable for MSSQL databases + dbParamInstance: + name: "" + id: "" + # Name of the secret with the + # data: password, ssh_public_key + credentialSecret: clone-instance-secret-name + timezone: "UTC" + # ID of the database to clone from, can be fetched from NDB REST API Explorer + sourceDatabaseId: source-database-id + # ID of the snapshot to clone from, can be fetched from NDB REST API Explorer + snapshotId: snapshot-id + additionalArguments: # Optional block, can specify additional arguments that are unique to database engines. + expireInDays: 3 + +``` + +Create the Database resource: +```sh +kubectl apply -f +``` + +### Additional Arguments for Databases +Below are the various optional addtionalArguments you can specify along with examples of their corresponding values. Arguments that have defaults will be indicated. + +Provisioning Additional Arguments: +```yaml +# PostGres +additionalArguments: + listener_port: "1111" # Default: "5432" + +# MySQL +additionalArguments: + listener_port: "1111" # Default: "3306" + +# MongoDB +additionalArguments: + listener_port: "1111" # Default: "27017" + log_size: "150" # Default: "100" + journal_size: "150" # Default: "100" + +# MSSQL +additionalArguments: + sql_user_name: "mazin" # Defualt: "sa". + authentication_mode: "mixed" # Default: "windows". Options are "windows" or "mixed". Must specify sql_user. + server_collation: "" # Default: "SQL_Latin1_General_CP1_CI_AS". + database_collation: "" # Default: "SQL_Latin1_General_CP1_CI_AS". + dbParameterProfileIdInstance: "" # Default: Fetched from profile. + vm_dbserver_admin_password: "" # Default: Fetched from database secret. + sql_user_password: "" # NO Default. Must specify authentication_mode as "mixed". + windows_domain_profile_id: # NO Default. Must specify vm_db_server_user. + vm_db_server_user: # NO Default. Must specify windows_domain_profile_id. + vm_win_license_key: # NO Default. +``` + +Cloning Additional Arguments: +```yaml +MSSQL: + windows_domain_profile_id + era_worker_service_user + sql_service_startup_account + vm_win_license_key + target_mountpoints_location + expireInDays + expiryDateTimezone + deleteDatabase + refreshInDays + refreshTime + refreshDateTimezone + +MongoDB: + expireInDays + expiryDateTimezone + deleteDatabase + refreshInDays + refreshTime + refreshDateTimezone +Postgres: + expireInDays + expiryDateTimezone + deleteDatabase + refreshInDays + refreshTime + refreshDateTimezone + +MySQL: + expireInDays + expiryDateTimezone + deleteDatabase + refreshInDays + refreshTime + refreshDateTimezone +``` + + +### Deleting the Database resource +To deregister the database and delete the VM run: +```sh +kubectl delete -f ``` + +### Deleting the NDBServer resource +To deregister the database and delete the VM run: +```sh +kubectl delete -f +``` + +--- + ## Uninstalling the Chart To uninstall/delete the operator deployment/chart: ```console diff --git a/charts/ndb-operator/crds/customresourcedefinition-databases.ndb.nutanix.com.yaml b/charts/ndb-operator/crds/customresourcedefinition-databases.ndb.nutanix.com.yaml index 7bbc819..8d7a7cb 100644 --- a/charts/ndb-operator/crds/customresourcedefinition-databases.ndb.nutanix.com.yaml +++ b/charts/ndb-operator/crds/customresourcedefinition-databases.ndb.nutanix.com.yaml @@ -6,6 +6,16 @@ metadata: controller-gen.kubebuilder.io/version: v0.9.2 name: databases.ndb.nutanix.com spec: + # conversion: + # strategy: Webhook + # webhook: + # clientConfig: + # service: + # name: ndb-operator-webhook-service + # namespace: ndb-operator-system + # path: /convert + # conversionReviewVersions: + # - v1 group: ndb.nutanix.com names: kind: Database @@ -47,16 +57,99 @@ spec: spec: description: DatabaseSpec defines the desired state of Database properties: + clone: + properties: + additionalArguments: + additionalProperties: + type: string + description: Additional database engine specific arguments + type: object + clusterId: + description: Id of the cluster to clone the database on + type: string + credentialSecret: + description: Name of the secret holding the credentials for the + database instance (password and ssh key) + type: string + description: + description: Description of the clone instance + type: string + name: + description: Name of the clone instance + type: string + profiles: + properties: + compute: + properties: + id: + type: string + name: + type: string + type: object + dbParam: + properties: + id: + type: string + name: + type: string + type: object + dbParamInstance: + properties: + id: + type: string + name: + type: string + type: object + network: + properties: + id: + type: string + name: + type: string + type: object + software: + properties: + id: + type: string + name: + type: string + type: object + type: object + snapshotId: + description: Id of the snapshot to create a clone from + type: string + sourceDatabaseId: + description: Id of the source database on NDB to clone from + type: string + timezone: + description: default UTC + type: string + type: + description: Type of parent clone + type: string + required: + - clusterId + - credentialSecret + - name + - snapshotId + - sourceDatabaseId + - type + type: object databaseInstance: description: Database instance specific details properties: + additionalArguments: + additionalProperties: + type: string + description: Additional database engine specific arguments + type: object + clusterId: + description: Id of the cluster to provision the database on + type: string credentialSecret: description: Name of the secret holding the credentials for the database instance (password and ssh key) type: string - databaseInstanceName: - description: Name of the database instance - type: string databaseNames: description: Name(s) of the database(s) to be provisiond inside the database instance default [ "database_one", "database_two", @@ -67,6 +160,9 @@ spec: description: description: Description of the database instance type: string + name: + description: Name of the database instance + type: string profiles: properties: compute: @@ -146,56 +242,42 @@ spec: type: type: string required: + - clusterId - credentialSecret - - databaseInstanceName + - name - size - type type: object - ndb: - description: Details of the NDB installation - properties: - clusterId: - type: string - credentialSecret: - description: Name of the secret holding the credentials for NDB - (username and password) - type: string - server: - description: NDB Server URL - type: string - skipCertificateVerification: - description: Skip server's certificate and hostname verification - type: boolean - required: - - clusterId - - credentialSecret - - server - - skipCertificateVerification - type: object + isClone: + type: boolean + ndbRef: + type: string required: - - databaseInstance - - ndb + - ndbRef type: object status: description: DatabaseStatus defines the observed state of Database properties: + creationOperationId: + type: string dbServerId: type: string + deregistrationOperationId: + type: string id: type: string ipAddress: type: string - provisioningOperationId: - type: string status: type: string type: type: string required: + - creationOperationId - dbServerId + - deregistrationOperationId - id - ipAddress - - provisioningOperationId - status - type type: object diff --git a/charts/ndb-operator/crds/customresourcedefinition-ndbservers.ndb.nutanix.com.yaml b/charts/ndb-operator/crds/customresourcedefinition-ndbservers.ndb.nutanix.com.yaml index d011aa1..899b8d3 100644 --- a/charts/ndb-operator/crds/customresourcedefinition-ndbservers.ndb.nutanix.com.yaml +++ b/charts/ndb-operator/crds/customresourcedefinition-ndbservers.ndb.nutanix.com.yaml @@ -76,6 +76,8 @@ spec: type: string timeMachineId: type: string + type: + type: string required: - dbServerId - id @@ -83,6 +85,7 @@ spec: - name - status - timeMachineId + - type type: object type: object lastUpdated: @@ -106,4 +109,4 @@ spec: served: true storage: true subresources: - status: {} + status: {} \ No newline at end of file diff --git a/charts/ndb-operator/templates/deployment-ndb-operator-controller-manager.yaml b/charts/ndb-operator/templates/deployment-ndb-operator-controller-manager.yaml index 6dd5fd7..64b3e55 100644 --- a/charts/ndb-operator/templates/deployment-ndb-operator-controller-manager.yaml +++ b/charts/ndb-operator/templates/deployment-ndb-operator-controller-manager.yaml @@ -22,68 +22,68 @@ spec: {{- toYaml . | nindent 8 }} {{- end}} containers: - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - image: {{ .Values.image.repository }}:{{ .Values.image.tag | default $.Chart.AppVersion }} - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - {{- with .Values.resources.controller }} - resources: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + image: {{ .Values.image.repository }}:{{ .Values.image.tag | default $.Chart.AppVersion }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- with .Values.resources.controller }} + resources: {{- toYaml . | nindent 12 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=0 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - {{- with .Values.resources.kubeProxy }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + {{- end }} + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + {{- with .Values.resources.kubeProxy }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL securityContext: runAsNonRoot: true serviceAccountName: {{ include "ndb-operator.fullname" . }}-service-account terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert - + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }}