1 // Sequel is the Edge Database Authentication and Authorization controller 2 // it is an extension of kcc. 3 // 4 // Example Database User Spec for BulitIn User Type 5 // NB: in this example we do not provide a reference to a secret 6 // that contains a password for the user to be created in the spec.passwordRef. 7 // A secret will be created for you in the cluster with the name of the database 8 // user suffixed by sql-password. The secret will also be saved in Secret Manager with the same identifier. 9 // 10 // apiVersion: backend.edge.ncr.com/v1alpha2 11 // kind: DatabaseUser 12 // metadata: 13 // name: edgereadonly 14 // spec: 15 // type: BUILT_IN 16 // prune: true 17 // instanceRef: 18 // name: sequel 19 // namespace: sequel 20 // projectID: ret-edge-dev-sandbox1 21 // grants: 22 // - schema: public 23 // tableGrant: 24 // - table: clusters 25 // permissions: 26 // - permission: INSERT 27 // 28 // Example Database User Spec for BulitIn User Type 29 // NB: in this example we provide a reference to a secret 30 // that contains a password for the user to be created in the spec.passwordRef 31 // 32 // apiVersion: backend.edge.ncr.com/v1alpha2 33 // kind: DatabaseUser 34 // metadata: 35 // name: edgereadonly 36 // spec: 37 // type: BUILT_IN 38 // prune: true 39 // passwordRef: 40 // name: edgereadonly 41 // namespace: edge-system 42 // instanceRef: 43 // name: sequel 44 // namespace: sequel 45 // projectID: ret-edge-dev-sandbox1 46 // grants: 47 // - schema: public 48 // tableGrant: 49 // - table: clusters 50 // permissions: 51 // - permission: INSERT 52 // 53 // Example Database User Spec for IAM Service Account Type 54 // NB: in this example the service account does not already exist 55 // so we set the spec.serviceAccount.createServiceAccount to true 56 // this ensures that the Sequel controller will create a service account for the Database User. 57 // 58 // apiVersion: backend.edge.ncr.com/v1alpha2 59 // kind: DatabaseUser 60 // metadata: 61 // name: bannerctl 62 // spec: 63 // type: CLOUD_IAM_SERVICE_ACCOUNT 64 // prune: true 65 // instanceRef: 66 // name: sequel 67 // namespace: sequel 68 // projectID: ret-edge-dev-sandbox1 69 // serviceAccount: 70 // createServiceAccount: true 71 // grants: 72 // - schema: public 73 // tableGrant: 74 // - table: clusters 75 // permissions: 76 // - permission: INSERT 77 // 78 // Example Database User Spec for IAM Service Account Type 79 // NB: in this example the service account already exists 80 // so we set the spec.serviceAccount.EmailRef to the email of the service account. 81 // 82 // apiVersion: backend.edge.ncr.com/v1alpha1 83 // kind: DatabaseUser 84 // metadata: 85 // name: bannerctl 86 // spec: 87 // type: CLOUD_IAM_SERVICE_ACCOUNT 88 // prune: true 89 // instanceRef: 90 // name: sequel 91 // namespace: sequel 92 // projectID: ret-edge-dev-sandbox1 93 // serviceAccount: 94 // emailRef: obef405a91deb46c8105@ret-edge-dev-sandbox1.iam.gserviceaccount.com 95 // grants: 96 // - schema: public 97 // tableGrant: 98 // - table: clusters 99 // permissions: 100 // - permission: INSERT 101 package sequel 102