Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tomer/postgresql tutorial update #181

Closed
wants to merge 9 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
Head over to the [Clusters page](https://app.otterize.com/clusters) and create a cluster.
Follow the connection guide that opens to connect your cluster, and make the following changes:

1. Under `mTLS and Kafka support` choose `Otterize Cloud`.
2. Enable enforcement. The configuration tab should look like this:
![Cluster connection guide](/img/configure-cluster/connect-cluster-cloud-with-enforcement.png)

3. Copy the Helm command and <b>add</b> the following flag:
```
--set intentsOperator.operator.enableDatabaseReconciler=true
```
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
---
title: Errors telemetry
title: Error telemetry
---

Otterize OSS components report anonymous errors telemetry that allows us to proactively identify and address issues. No personal or organizational identifying information is transmitted in these metrics: The information reported is limited to essential details necessary for effective issue resolution. You may opt out at any time through a single configuration flag.
Otterize OSS components report anonymous error telemetry that allows us to proactively identify and address issues. No personal or organizational identifying information is transmitted in these metrics: The information reported is limited to essential details necessary for effective issue resolution. You may opt out at any time through a single configuration flag.

## What information is collected?

Each error event includes error type, relevant code lines from the stack trace, and metadata on the OSS component instance identifiers, detailed in the table below. The error reporting is implemented using Bugsnag error handling SDK. For a comprehensive understanding of the schema used for Bugsnag error reporting, please refer to the following link: [Bugsnag Error Reporting API](https://bugsnagerrorreportingapi.docs.apiary.io/#reference/0/notify/send-error-reports).
Each error event includes error type, relevant code lines from the stack trace, and metadata on the OSS component instance identifiers, detailed in the table below. The error reporting is implemented using the Bugsnag error handling SDK. For a comprehensive understanding of the schema used for Bugsnag error reporting, please refer to the following link: [Bugsnag Error Reporting API](https://bugsnagerrorreportingapi.docs.apiary.io/#reference/0/notify/send-error-reports).


### Identifiers
Expand All @@ -19,11 +19,11 @@ Each error event includes error type, relevant code lines from the stack trace,
| `version` | The version of the Otterize OSS component. |
| `cloudClientId` | If connected to Otterize Cloud: the client id used to connect with Otterize Cloud, to allow correlating events with Cloud usage info. |

## Configuring whether to report errors information
## Configuring whether to report error information

To configure whether to report errors information to the Otterize team, use the `telemetry.errors` flag in the installation/configuration of Otterize OSS. By default, telemetry is enabled.
To configure whether to report error information to the Otterize team, use the `telemetry.errors` flag in the installation/configuration of Otterize OSS. By default, telemetry is enabled.

To **disable** only the sending of errors information:
To **disable** only the sending of error information:
- Via the Otterize OSS Helm chart: `--set global.telemetry.errors.enabled=false`.
- Via an environment variable: `OTTERIZE_TELEMETRY_ERRORS_ENABLED=false`.
- If running an operator directly: `telemetry-errors-enabled=false`.
Expand All @@ -33,5 +33,5 @@ To **disable** sending any telemetry information, including both usage informati
- Via an environment variable: `OTTERIZE_TELEMETRY_ENABLED=false`.
- If running an operator directly: `telemetry-enabled=false`.

If the `telemetry` flag is omitted or set to `true`, telemetry will be enabled: errors information will be reported.
If the `telemetry` flag is omitted or set to `true`, telemetry will be enabled: error information will be reported.

75 changes: 75 additions & 0 deletions docs/quickstart/access-control/postgresql.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
---
sidebar_position: 2
title: Automate PostgreSQL
---

import CodeBlock from "@theme/CodeBlock";
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

Otterize automates PostgreSQL access management and secrets for your workloads, all in Kubernetes.


![](/code-examples/postgresql/cloud.png)

Connect to [Otterize Cloud](https://app.otterize.com) to get started!


## Deploy Otterize for PostgreSQL

### Install Otterize

{@include: ../../_common/install-otterize-from-cloud-with-enforcement-postgresql.md}


### Create database integration
Create a _Database_ integration of type _PostgreSQL_ on the [Integrations page](https://app.otterize.com/integrations).

## Configure your workloads

### Pod annotaion
Annotate a pod, requesting a user and a password to be provisioned and bound to the pod.

Annotate the pod with this annotation:

`credentials-operator.otterize.com/user-password-secret-name: booking-service-secret`

Otterize then provisions credentials for this specific workload in this namespace in this cluster, that is not shared with other workloads.

### ClientIntents
Declare your workload’s ClientIntents, specifying desired permissions.

```yaml
apiVersion: k8s.otterize.com/v1alpha3
kind: ClientIntents
metadata:
name: booking-service
namespace: flight-search
spec:
service:
name: booking-service
calls:
- name: bookings
type: database
databaseResources:
- table: users
databaseName: bookings-db
operations:
- SELECT
- table: products
databaseName: bookings-db
operations:
- ALL
```

Otterize then creates a user and matching grants on the target database.



### Can I also map SQL calls?

:::info Coming soon
Capture SQL calls for pods in your cluster, automatically generating the required least-privilege permissions, or ClientIntents, for each workload. Zero-friction in development, zero-trust in production. It’s coming.
:::

If you want to learn more, and meet other Otterize users, please [Join our Community](https://joinslack.otterize.com/) and chat with us!
6 changes: 6 additions & 0 deletions docs/reference/configuration/network-mapper/helm-chart.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ Checkout the network mapper [tutorial](/quickstart/visualization/k8s-network-map
| `mapper.uploadIntervalSeconds` | Interval for uploading data to cloud | `60` |
| `mapper.extraEnvVars` | List of extra env vars for the mapper, formatted as in the Kubernetes PodSpec (name and value). | `(none)` |

## Internet-facing traffic reporting
| Key | Description | Default |
|----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|---------|
| `enableInternetFacingTrafficReporting` | Whether to report internet-facing traffic to Otterize Cloud. This is a temporary flag that will soon be enabled by default. | `false` |


## OpenTelemetry exporter parameters
| Key | Description | Default |
|----------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------|
Expand Down
41 changes: 41 additions & 0 deletions static/code-examples/postgresql/client-deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: v1
kind: Namespace
metadata:
name: otterize-tutorial-psql
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psql-client
namespace: otterize-tutorial-psql
spec:
selector:
matchLabels:
app: psql-client
template:
metadata:
annotations:
credentials-operator.otterize.com/user-password-secret-name: psql-client-secret
labels:
app: psql-client
spec:
containers:
- name: psql-client
image: postgres
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do psql -h $DB_HOST_NAME -d otterize-demo -c \"select * from $TABLE_NAME;\"; sleep 2; done" ]
env:
- name: PGUSER
valueFrom:
secretKeyRef:
name: psql-client-secret
key: username
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: psql-client-secret
key: password
- name: DB_HOST_NAME
value: PLEASE_SET_ENV_VAR:DB_HOST_NAME
- name: TABLE_NAME
value: users
20 changes: 20 additions & 0 deletions static/code-examples/postgresql/client-intents.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: k8s.otterize.com/v1alpha3
kind: ClientIntents
metadata:
name: psql-client
namespace: otterize-tutorial-psql
spec:
service:
name: psql-client
calls:
- name: postgresql-db
type: database
databaseResources:
- table: users
databaseName: otterize-demo
operations:
- SELECT
- table: products
databaseName: otterize-demo
operations:
- ALL
Binary file added static/code-examples/postgresql/cloud.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
29 changes: 29 additions & 0 deletions static/code-examples/postgresql/populatedb.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
-- Create the new database
CREATE DATABASE "otterize-demo";

-- Connect to the newly created database
\c "otterize-demo"

-- Create 'users' table
CREATE TABLE users (
user_id SERIAL PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
email VARCHAR(100) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

-- Insert some sample data into 'users'
INSERT INTO users (username, email) VALUES ('user1', '[email protected]');
INSERT INTO users (username, email) VALUES ('user2', '[email protected]');

-- Create 'products' table
CREATE TABLE products (
product_id SERIAL PRIMARY KEY,
name VARCHAR(100) NOT NULL,
price DECIMAL(10, 2) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

-- Insert some sample data into 'products'
INSERT INTO products (name, price) VALUES ('Product 1', 9.99);
INSERT INTO products (name, price) VALUES ('Product 2', 19.99);
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading