Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added initial PostgreSQL tutorial. #180

Merged
merged 3 commits into from
Dec 14, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Head over to the [Clusters page](https://app.otterize.com/clusters) and create a cluster.
Follow the connection guide that opens to connect your cluster, and make the following changes:

1. Under `mTLS and Kafka support` choose `Otterize Cloud`.
2. Enable enforcement. The configuration tab should look like this:
![Cluster connection guide](/img/configure-cluster/connect-cluster-cloud-with-enforcement.png)

3. Copy the Helm command and <b>add</b> the following flag:
```
--set intentsOperator.operator.enableDatabaseReconciler=true
```
75 changes: 75 additions & 0 deletions docs/quickstart/access-control/postgresql.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
---
sidebar_position: 2
title: Automate PostgreSQL
tomergreenwald marked this conversation as resolved.
Show resolved Hide resolved
---

import CodeBlock from "@theme/CodeBlock";
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

Otterize automates PostgreSQL access management and secrets for your workloads, all in Kubernetes.


![](/code-examples/postgresql/cloud.png)

Connect to [Otterize Cloud](https://app.otterize.com) to get started!


## Deploy Otterize for PostgreSQL

### Install Otterize

{@include: ../../_common/install-otterize-from-cloud-with-enforcement-postgresql.md}


### Create database integration
Create a _Database_ integration of type _PostgreSQL_ on the [Integrations page](https://app.otterize.com/integrations).

## Configure your workloads

### Pod annotaion
Annotate a pod, requesting a user and a password to be provisioned and bound to the pod.

Annotate the pod with this annotation:

`credentials-operator.otterize.com/user-password-secret-name: booking-service-secret`

Otterize then provisions credentials for this specific workload in this namespace in this cluster, that is not shared with other workloads.

### ClientIntents
Declare your workload’s ClientIntents, specifying desired permissions.

```yaml
apiVersion: k8s.otterize.com/v1alpha3
kind: ClientIntents
metadata:
name: booking-service
namespace: flight-search
spec:
service:
name: booking-service
calls:
- name: bookings
type: database
databaseResources:
- table: users
databaseName: bookings-db
operations:
- SELECT
- table: products
databaseName: bookings-db
operations:
- ALL
```

Otterize then creates a user and matching grants on the target database.



### Can I also map SQL calls?

:::info Coming soon
Capture SQL calls for pods in your cluster, automatically generating the required least-privilege permissions, or ClientIntents, for each workload. Zero-friction in development, zero-trust in production. It’s coming.
:::

If you want to learn more, and meet other Otterize users, please [Join our Community](https://joinslack.otterize.com/) and chat with us!
Binary file added static/code-examples/postgresql/cloud.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading