Connections
Connections are an easy way to authenticate against sources. It can be created via a CRD or by adding it in the settings page
A sample connection CRD looks like:
apiVersion: mission-control.flanksource.com/v1
kind: Connection
metadata:
name: payments-database
namespace: default
spec:
postgres:
database:
value: payments
host:
value: postgres.host.com
insecureTLS: true
username:
valueFrom:
secretKeyRef:
name: payments-database-credentials
key: POSTGRES_USER
password:
valueFrom:
secretKeyRef:
name: payments-database-credentials
key: POSTGRES_PASSWORD
Referencing Connections
A connection string can be represented in the form of namespace/connection_name
It can then be used in Health Checks, Playbooks, Notifications etc via the connection field.
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: postgres-check
spec:
postgres:
- name: postgres schemas check
connection: connection://default/payments-database
query: SELECT COUNT(*) FROM payments where state = 'pending'
This allows us a safe and reusable way to handle authentication
tip
The connection string can also be found in the status.ref field of the connection kubernetes object.
tip
If the entire URL is in the secrets and cannot be constructed like scheme://$(username):$(password)@<host>:<port> you can fetch that directly like
kind: Connection
metadata:
name: opensearch-global
spec:
type: opensearch
url:
value: $(password)
password:
valueFrom:
secretKeyRef:
name: opensearch-credentials
key: OPENSEARCH_URL
Schema
| Field | Description | Scheme | Required |
|---|---|---|---|
| url | URL in templatable form | EnvVar | yes |
| port | Port number | EnvVar | |
| type | Type of datasource (postgres,mysql,elasticsearch ...) | string | |
| username | Username | EnvVar | |
| password | Password | EnvVar | |
| certificate | Certificate for verification | EnvVar | |
| properties | Property fields | map[string]string | |
| insecure_tls | Allow insecure tls | bool |