The QuestDB Operator is a group of controllers and webhooks that are designed to manage QuestDB instances running in Kubernetes clusters.
Click here for the documentation of the Custom Resource Definitions included in this operator.
The QuestDB resource type should be compatible with mainstream Kubernetes distributions, since it orchestrates v1 and apps/v1 components like PersistentVolumeClaims, StatefulSets, Services, and ConfigMaps.
The QuestDBSnapshot resource type requires the CSI Snapshotter to be installed. This includes installing:
- CRDs https://github.com/kubernetes-csi/external-snapshotter/tree/master/client/config/crd
- VolumeSnapshot Controller https://github.com/kubernetes-csi/external-snapshotter/tree/master/pkg/common-controller
- VolumeSnapshot Validation Webhook (optional, but recommended) https://github.com/kubernetes-csi/external-snapshotter/tree/master/pkg/validation-webhook
- A CSI Driver that includes the snapshot capability (see https://kubernetes-csi.github.io/docs/drivers.html for an up-to-date list of drivers and their features)
You also need to install cert-manager for operator webhooks or manually place the required certificates in a secret and mount it to the operator's deployment pod spec.
Once you've installed the required components, you need to
- Create a VolumeSnapshotClass that uses your installed CSI as a driver
- If you want, you can also add the annotation:
snapshot.storage.kubernetes.io/is-default-class: "true"to the VolumeSnapshotClass's metadata.
Here's a step-by-step example of this installation in an AWS blog post: https://aws.amazon.com/blogs/containers/using-ebs-snapshots-for-persistent-storage-with-your-eks-cluster/
The controller does not automatically update the StatefulSet on config changes, but you can enable this by adding
a stakater/Reloader annotation to the StatefulSet directly, pointing to the child ConfigMap. The controller will persist any annotations made to child objects, so this will work with no issues. See https://github.com/stakater/Reloader for more information.
To use a secret as a source for ilp or psql credentials, you need to add the following annotations to an existing secret:
# ILP Secret
annotations:
questdb.crd.questdb.io/name: questdb-sample
questdb.crd.questdb.io/secret-type: ilp
# PSQL Secret
annotations:
questdb.crd.questdb.io/name: questdb-sample
questdb.crd.questdb.io/secret-type: psqlThe ILP Secret must contain an auth.json key that contains your JWK's public key used for ILP authentication. This will be mounted to the database container as a file and referenced by the database.
The PSQL Secret must contain the QDB_PG_USER and QDB_PG_PASSWORD keys. These will be mounted to the container as environment variables. Be sure not to overwrite these in questdb.spec.extraEnv, as this can cause unexpected behavior, and add-ons like snapshots will likely break.
See the yaml examples for more information.
Also see the QuestDB ILP Auth documentation for examples on how to generate a public/private keypair.
You’ll need a Kubernetes cluster to run against. You can use KIND to get a local cluster for testing, or run against a remote cluster.
Note: Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster kubectl cluster-info shows).
- Install Instances of Custom Resources:
kubectl apply -f config/samples/- Build and push your image to the location specified by
IMG:
make docker-build docker-push IMG=<some-registry>/questdb-operator:tag- Deploy the controller to the cluster with the image specified by
IMG:
make deploy IMG=<some-registry>/questdb-operator:tagTo delete the CRDs from the cluster:
make uninstallUnDeploy the controller from the cluster:
make undeployThis project aims to follow the Kubernetes Operator pattern.
It uses Controllers, which provide a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster.
- Install the CRDs into the cluster:
make install- Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):
make runNOTE: You can also run this in one step by running: make install run
If you are editing the API definitions, generate the manifests such as CRs or CRDs using:
make manifestsNOTE: Run make --help for more information on all potential make targets
More information can be found via the Kubebuilder Documentation
Copyright 2023.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.