Uploaded image for project: 'Percona Operator for MySQL'
  1. Percona Operator for MySQL
  2. K8SPS-115

Add support for API key authentication with PMM

Details

    • Improvement
    • Status: Done
    • Medium
    • Resolution: Fixed
    • None
    • 0.3.0
    • None
    • Yes
    • Yes
    • Yes

    Description

      Our Operator comes with integration with Percona Monitoring and Management (PMM).

      Right now the only possible way to authenticate with PMM server is with user and password. At the same time recommended way is to authenticate with API key.

       

      See https://docs.percona.com/percona-monitoring-and-management/details/api.html#api-keys-and-authentication

       

      This Improvement adds support for API key authentication in the Operator. The implementation should be similar to what we have is PXC Operator.

       

      Token authorization is a recommended way. For our new Operator for MYSQL it makes sense to keep only Token auth and get rid of password authentication completely. We can do it now as the Operator is in tech preview stage.

      We will follow the similar pattern as in PXC Operator and add pmmserverkey into the secret with users.

       apiVersion: v1
      kind: Secret
      metadata:
        name: cluster1-secrets
      type: Opaque
      stringData:
        root: root_password
        xtrabackup: backup_password
        monitor: monitor_password
        clustercheck: clustercheck_password
        pmmserverkey: my-pmm-server-key
        operator: operator_password
        replication: replication_password
        orchestrator: orchestrator_password

      Cases:

      • If the user does not specify pmmserverkey in the secret
        • the pmmserverkey will not be automatically added or generated (not to confuse the user) 
        • the pmm container will not be able to connect to pmm server and it will be visible in the logs
      • pmmserverkey will be present by default in deploy/secrets.yaml file

       

      Attachments

        Issue Links

          Activity

            People

              andrii.dema Andrii Dema
              sergey.pronin Sergey Pronin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Smart Checklist