spicedb-operator

module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2023 License: Apache-2.0

README

SpiceDB Operator

Container Image Docs Build Status Discord Server Twitter

A Kubernetes operator for managing SpiceDB clusters.

Features include:

  • Creation, management, and scaling of SpiceDB clusters with a single Custom Resource
  • Automated datastore migrations when upgrading SpiceDB versions

Have questions? Join our Discord.

Looking to contribute? See CONTRIBUTING.md.

Getting Started

In order to get started, you'll need a Kubernetes cluster. For local development, install your tool of choice. You can use whatever, so long as you're comfortable with it and it works on your platform. We recommend one of the following:

Next, you'll install a release of the operator:

kubectl apply --server-side -f https://github.com/authzed/spicedb-operator/releases/download/v1.1.0/bundle.yaml

Finally you can create your first cluster:

kubectl apply --server-side -f - <<EOF
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
  name: dev
spec:
  config:
    datastoreEngine: memory 
  secretName: dev-spicedb-config
---
apiVersion: v1
kind: Secret
metadata:
  name: dev-spicedb-config
stringData:
  preshared_key: "averysecretpresharedkey" 
EOF

Connecting To Your Cluster

If you haven't already, make sure you've installed zed.

Port forward the grpc endpoint:

kubectl port-forward deployment/dev-spicedb 50051:50051

Now you can use zed to interact with SpiceDB:

zed --insecure --endpoint=localhost:50051 --token=averysecretpresharedkey schema read

Where To Go From Here

  • Check out the examples directory to see how to configure SpiceDBCluster for production, including datastore backends, TLS, and Ingress.
  • Learn how to use SpiceDB via the docs and playground.
  • Ask questions and join the community in discord.

Updating SpiceDBClusters

The operator handles the rollout of SpiceDB upgrades, inluding coordinating migrations. By default, the operator will upgrade all SpiceDBClusters that it manages when the operator sees a new default image in the config (see default-operator-config.yaml for the current default images). This config can be updated manually, but it is also updated with each release of spicedb-operator and included in the operator image.

If you wish to opt out of automated updates, you can specify an image for the SpiceDBCluster in the config:

apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
  name: dev
spec:
  config:
    image: ghcr.io/authzed/spicedb:v1.11.0
    datastoreEngine: memory 
  secretName: dev-spicedb-config

The spicedb-operator will happily attempt to run any image you specify, but if you specify an image that is not in the list of allowedImages, allowedTags, or allowedDigests, the status will warn you:

status:
  conditions:
  - lastTransitionTime: "2022-09-02T21:49:19Z"
    message: '["ubuntu" invalid: "ubuntu" is not in the configured list of allowed
      images"]'
    reason: WarningsPresent
    status: "True"
    type: ConfigurationWarning

Directories

Path Synopsis
cmd
spicedb-operator command
e2e module
pkg
apis/authzed
apis/authzed/v1alpha1
+k8s:deepcopy-gen=package,register +groupName=authzed.com
 +k8s:deepcopy-gen=package,register +groupName=authzed.com
cmd/run
config
controller
crds
metadata
updates
version

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.