-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a52058e
commit fb7ac5d
Showing
4 changed files
with
86 additions
and
0 deletions.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
docs/_common/install-otterize-from-cloud-with-enforcement-postgresql.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
Head over to the [Clusters page](https://app.otterize.com/clusters) and create a cluster. | ||
Follow the connection guide that opens to connect your cluster, and make the following changes: | ||
|
||
1. Under `mTLS and Kafka support` choose `Otterize Cloud`. | ||
2. Enable enforcement. The configuration tab should look like this: | ||
![Cluster connection guide](/img/configure-cluster/connect-cluster-cloud-with-enforcement.png) | ||
|
||
3. Copy the Helm command and <b>add</b> the following flag: | ||
``` | ||
--set intentsOperator.operator.enableDatabaseReconciler=true | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
--- | ||
sidebar_position: 2 | ||
title: Automate PostgreSQL | ||
--- | ||
|
||
import CodeBlock from "@theme/CodeBlock"; | ||
import Tabs from "@theme/Tabs"; | ||
import TabItem from "@theme/TabItem"; | ||
|
||
Otterize automates PostgreSQL access management and secrets for your workloads, all in Kubernetes. | ||
|
||
|
||
![](/code-examples/postgresql/cloud.png) | ||
|
||
Connect to [Otterize Cloud](https://app.otterize.com) to get started! | ||
|
||
|
||
## Deploy Otterize for PostgreSQL | ||
|
||
### Install Otterize | ||
|
||
{@include: ../../_common/install-otterize-from-cloud-with-enforcement-postgresql.md} | ||
|
||
|
||
### Create database integration | ||
Create a _Database_ integration of type _PostgreSQL_ on the [Integrations page](https://app.otterize.com/integrations). | ||
|
||
## Configure your workloads | ||
|
||
### Pod annotaion | ||
Annotate a pod, requesting a user and a password to be provisioned and bound to the pod. | ||
|
||
Annotate the pod with this annotation: | ||
|
||
`credentials-operator.otterize.com/user-password-secret-name: booking-service-secret` | ||
|
||
Otterize then provisions credentials for this specific workload in this namespace in this cluster, that is not shared with other workloads. | ||
|
||
### ClientIntents | ||
Declare your workload’s ClientIntents, specifying desired permissions. | ||
|
||
```yaml | ||
apiVersion: k8s.otterize.com/v1alpha3 | ||
kind: ClientIntents | ||
metadata: | ||
name: booking-service | ||
namespace: flight-search | ||
spec: | ||
service: | ||
name: booking-service | ||
calls: | ||
- name: bookings | ||
type: database | ||
databaseResources: | ||
- table: users | ||
databaseName: bookings-db | ||
operations: | ||
- SELECT | ||
- table: products | ||
databaseName: bookings-db | ||
operations: | ||
- ALL | ||
``` | ||
Otterize then creates a user and matching grants on the target database. | ||
### Can I also map SQL calls? | ||
:::info Coming soon | ||
Capture SQL calls for pods in your cluster, automatically generating the required least-privilege permissions, or ClientIntents, for each workload. Zero-friction in development, zero-trust in production. It’s coming. | ||
::: | ||
If you want to learn more, and meet other Otterize users, please [Join our Community](https://joinslack.otterize.com/) and chat with us! |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+29.2 KB
static/img/configure-cluster/connect-cluster-cloud-with-enforcement.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.