Skip to content

Commit

Permalink
Merge pull request #160 from flanksource/password-connection-tip
Browse files Browse the repository at this point in the history 
feat: add connections concept
  • Loading branch information
@moshloop
moshloop authored Feb 16, 2024
2 parents b8abaca + a8093ae commit 789d86e
Show file tree
Hide file tree
Showing 3 changed files with 88 additions and 1 deletion.
81 changes: 81 additions & 0 deletions canary-checker/docs/reference/connection.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Connections

Connections are an easy way to authenticate against sources. It can be created via a CRD or by adding it in the settings page


A sample connection CRD looks like:
```yaml
apiVersion: mission-control.flanksource.com/v1
kind: Connection
metadata:
name: payments-database
spec:
type: postgres
url:
value: 'postgres://$(username):$(password)@postgres.host.com/payments'
username:
valueFrom:
secretKeyRef:
name: payments-database-credentials
key: POSTGRES_USER
password:
valueFrom:
secretKeyRef:
name: payments-database-credentials
key: POSTGRES_PASSWORD
```
Eventually, the URL that gets templated is used for establishing connections. This can be used for any datasource that authenticates via URL (PostgreSQL, MySQL, MSSQL, Redis, Opensearch, Elasticsearch etc.)
A connection string can be represented in the form of `type/connection_name` or `type/namespace/connection_name`

It can then be used in Health Checks via `connection` attribute or during Topology creation in `component.lookup`

```yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: postgres-check
spec:
postgres:
- name: postgres schemas check
connection: connection://postgres/payments-database
query: SELECT COUNT(*) FROM payments where state = 'pending'
```

This allows us a safe and reusable way to handle authentication

:::tip

If the entire URL is in the secrets and cannot be constructed like `scheme://$(username):$(password)@<host>:<port>` you can fetch that directly like

```yaml
kind: Connection
metadata:
name: opensearch-global
spec:
type: opensearch
url:
value: $(password)
password:
valueFrom:
secretKeyRef:
name: opensearch-credentials
key: OPENSEARCH_URL
```
:::

## Schema

| **Field** | **Description** | **Scheme** | **Required** |
|--------------|-------------------------------------------------------|------------------------------------------------|--------------|
| url | URL in templatable form | <CommonLink to="secrets">*EnvVar*</CommonLink> | yes |
| port | Port number | <CommonLink to="secrets">*EnvVar*</CommonLink> | |
| type | Type of datasource (postgres,mysql,elasticsearch ...) | string | |
| username | Username | <CommonLink to="secrets">*EnvVar*</CommonLink> | |
| password | Password | <CommonLink to="secrets">*EnvVar*</CommonLink> | |
| certificate | Certificate for verification | <CommonLink to="secrets">*EnvVar*</CommonLink> | |
| properties | Property fields | map[string]string | |
| insecure_tls | Allow insecure tls | bool | |

1 change: 1 addition & 0 deletions mission-control/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ sync:
rm -rf static/img/icons
cp -r ../canary-checker/static/img/icons static/img
cp docs/canary-checker/concepts/secret-management.md docs/reference/
cp docs/canary-checker/reference/connection.md docs/reference/
cp docs/canary-checker/concepts/connections.md docs/reference/
cp -r ../canary-checker/src/components src/
cp -r ../canary-checker/src/theme src/
Expand Down
7 changes: 6 additions & 1 deletion mission-control/sidebars.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -890,10 +890,15 @@ const sidebars = {
id: 'reference/secret-management',
label: 'Secret Management',
},
{
type: 'doc',
id: 'reference/connection',
label: 'Connection',
},
{
type: 'doc',
id: 'reference/connections',
label: 'Connections',
label: 'Authentication',
},
{
type: 'category',
Expand Down

0 comments on commit 789d86e

Please sign in to comment.