feat(providers): single database mode #1101
Conversation
|
@psav I've opted for "single" as the name of the db mode. Suggestions and reviews are welcome. Thank you. |
vkrizan
force-pushed
the
single-db-provider
branch
from
0f87516 to
9e4a061
Compare
vkrizan
force-pushed
the
single-db-provider
branch
2 times, most recently
from
e0a2a56 to
86ee564
Compare
vkrizan
force-pushed
the
single-db-provider
branch
from
86ee564 to
5d02dad
Compare
|
|
||
| var pgPassword string | ||
| if setAdmin { | ||
| pgPassword, err = utils.RandPassword(16, provutils.RCharSet) |
There was a problem hiding this comment.
My initial thought was to disable admin user for apps, however some apps might still require this to do some setups (i.e. create additional users). @psav any suggestions how we should approach this situation? I guess, one of the option is to update those services needing such privileges, or look at the privileges case-by-case.
There was a problem hiding this comment.
It's tricky because ephemeral usage often relies on them needing to do more stuff than usual, but in prod they will just get the credentials which are appropriate
There was a problem hiding this comment.
There are some services that run a CREATE EXTENSION in their migrations ... for example advisor-backend uses the 'hll' extension. I'm not sure how something like that will work with 'single' DB mode. Perhaps we could have Clowder pre-load known extensions after it spins up the DB. Anyways, unless you need support for that right now, that is something a follow-up PR could address.
There was a problem hiding this comment.
Yeah. I want to test those apps to see how they would work with this limited access... AFAIK Advisor, has dropped or is dropping the HLL extension.
There was a problem hiding this comment.
We plan to remove use of the HLL extension next week (17th Feb 2025).
There was a problem hiding this comment.
That's the only extension I'm aware of in Advisor.
|
I'm opening this up from a draft state for review. There still might be some small issues in certain conditions. I prefer to get this out sooner to do a bunch of testing on a test cluster. Thank you. |
vkrizan
force-pushed
the
single-db-provider
branch
from
5d02dad to
b7285df
Compare
We should talk about the expectation here and I was thinking we can deploy this for testing in the cluster - without merging it and only merge when we are ready - allows us to not goof up the cluster too much. @bsquizz @wcmitchell |
|
/retest |
1 similar comment
|
/retest |
| the provider will pass through database credentials found | ||
| in the secret defined by the database name in the | ||
| ClowdApp, (*_local_*) where the provider will spin up a | ||
| local instance of the database, and (*_single_*) that is |
There was a problem hiding this comment.
It looks like the shared option is not documented here.
There was a problem hiding this comment.
I think another make pre-push will be needed to get the above changes to the comment reflected in the description here.
There was a problem hiding this comment.
I've called it again, and there is no visible change.
I've used this as the no-update target is git setup dependent:
make manifests generate genconfig build-template api-docs
7e86346 to
e270e2a
Compare
There was a problem hiding this comment.
The approach looks good and I like the consolidation of common operations into provutils. Aside from my nitpicks on the DB mode descriptions, I think the biggest thing this needs is a kuttl test to ensure this works as expected. Let me know if you need help to get started on creating one.
| // where the provider will spin up a local instance of the database, (*_shared_*) | ||
| // where the provider will spin up only one shared instance per requested | ||
| // PostgreSQL version, and (*_single_*) that is similar to local and shared modes | ||
| // but keeps only one database deployment and isolates apps by PG schemas. |
There was a problem hiding this comment.
Sorry to pick on shared mode since its not original intent of your PR to mess with this... I think the intent of it is to have 2+ ClowdApps share the same DB (same database, username, and password) correct?
The difference between 'shared' and 'single' can be confusing. Would wording like this clarify it better?
| // where the provider will spin up a local instance of the database, (*_shared_*) | |
| // where the provider will spin up only one shared instance per requested | |
| // PostgreSQL version, and (*_single_*) that is similar to local and shared modes | |
| // but keeps only one database deployment and isolates apps by PG schemas. | |
| // where the provider will spin up a local instance of the database, (*_shared_*) | |
| // where the provider will spin up one instance of the DB server intended to be | |
| // accessed by multiple ClowdApps using the same database, and (*_single_*) | |
| // which spins up one instance of the DB server and isolates each ClowdApp's | |
| // access by creating a schema per ClowdApp. |
| the provider will pass through database credentials found | ||
| in the secret defined by the database name in the | ||
| ClowdApp, (*_local_*) where the provider will spin up a | ||
| local instance of the database, and (*_single_*) that is |
There was a problem hiding this comment.
I think another make pre-push will be needed to get the above changes to the comment reflected in the description here.
| instance of the database.' | ||
| (*_local_*) where the provider will spin up a local instance | ||
| of the database, and (*_single_*) that is similar to local | ||
| but keeps only one database deployment and isolates apps |
There was a problem hiding this comment.
make pre-push will likely update this
| instance of the database.' | ||
| (*_local_*) where the provider will spin up a local instance | ||
| of the database, and (*_single_*) that is similar to local | ||
| but keeps only one database deployment and isolates apps |
|
|
||
| var pgPassword string | ||
| if setAdmin { | ||
| pgPassword, err = utils.RandPassword(16, provutils.RCharSet) |
There was a problem hiding this comment.
There are some services that run a CREATE EXTENSION in their migrations ... for example advisor-backend uses the 'hll' extension. I'm not sure how something like that will work with 'single' DB mode. Perhaps we could have Clowder pre-load known extensions after it spins up the DB. Anyways, unless you need support for that right now, that is something a follow-up PR could address.
Creates a new database provider mode named `single`. The aim of the mode is to create a single database instance and share it between the apps by separating them by Posgres schemas. Each app gets a schema created by the name of the requested database. Schemas are created under environment's database, with the same name as the ClowdEnv. RHINENG-14526
vkrizan
force-pushed
the
single-db-provider
branch
from
e270e2a to
7823169
Compare
|
@bsquizz I've added a (blind) kuttl test. Blind, because I'm not able to run those locally. It's very heavy on resources. |
Creates a new database provider mode named
single.The aim of the mode is to create a single database instance and share it
between the apps by separating them by Posgres schemas.
Each app gets a schema created by the name of the requested database.
Schemas are created under environment's database, with the same name as
the ClowdEnv.
Adds the following refactorings:
provutils.DefaultPGPortto set port constantprovutils.DefaultPGAdminUsernameto set default PG admin userprovutils.PGAdminConnectionStrthat builds sanitized connection string to PG from aDatabaseConfigusing admin credsprovutils.ReadDbConfigFromSecretto reuse read ofDatabaseConfigs from secrets, optionally using a cacheRHINENG-14526