ServiceUser

Usage example¶

Example

apiVersion: aiven.io/v1alpha1
kind: ServiceUser
metadata:
  name: my-service-user
spec:
  authSecretRef:
    name: aiven-token
    key: token

  connInfoSecretTarget:
    name: service-user-secret
    prefix: MY_SECRET_PREFIX_
    annotations:
      foo: bar
    labels:
      baz: egg

  project: aiven-project-name
  serviceName: my-service-name

Info

To create this resource, a Secret containing Aiven token must be created first.

Apply the resource with:

kubectl apply -f example.yaml

Verify the newly created ServiceUser:

kubectl get serviceusers my-service-user

The output is similar to the following:

Name               Service Name       Project               
my-service-user    my-service-name    aiven-project-name

To view the details of the Secret, use the following command:

kubectl describe secret service-user-secret

You can use the jq to quickly decode the Secret:

kubectl get secret service-user-secret -o json | jq '.data | map_values(@base64d)'

The output is similar to the following:

{
    "SERVICEUSER_HOST": "<secret>",
    "SERVICEUSER_PORT": "<secret>",
    "SERVICEUSER_USERNAME": "<secret>",
    "SERVICEUSER_PASSWORD": "<secret>",
    "SERVICEUSER_CA_CERT": "<secret>",
    "SERVICEUSER_ACCESS_CERT": "<secret>",
    "SERVICEUSER_ACCESS_KEY": "<secret>",
}

ServiceUser¶

ServiceUser is the Schema for the serviceusers API.

Exposes secret keys

SERVICEUSER_HOST, SERVICEUSER_PORT, SERVICEUSER_USERNAME, SERVICEUSER_PASSWORD, SERVICEUSER_CA_CERT, SERVICEUSER_ACCESS_CERT, SERVICEUSER_ACCESS_KEY.

Required

apiVersion (string). Value aiven.io/v1alpha1.
kind (string). Value ServiceUser.
metadata (object). Data that identifies the object, including a name string and optional namespace.
spec (object). ServiceUserSpec defines the desired state of ServiceUser. See below for nested schema.

spec¶

Appears on ServiceUser.

ServiceUserSpec defines the desired state of ServiceUser.

Required

project (string, Immutable, Pattern: ^[a-zA-Z0-9_-]+$, MaxLength: 63). Identifies the project this resource belongs to.
serviceName (string, Immutable, Pattern: ^[a-z][-a-z0-9]+$, MaxLength: 63). Specifies the name of the service that this resource belongs to.

Optional

authSecretRef (object). Authentication reference to Aiven token in a secret. See below for nested schema.
authentication (string, Enum: caching_sha2_password, mysql_native_password). Authentication details.
connInfoSecretTarget (object). Secret configuration. See below for nested schema.
connInfoSecretTargetDisabled (boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.

authSecretRef¶

Appears on spec.

Authentication reference to Aiven token in a secret.

Required

key (string, MinLength: 1).
name (string, MinLength: 1).

connInfoSecretTarget¶

Appears on spec.

Secret configuration.

Required

name (string, Immutable). Name of the secret resource to be created. By default, it is equal to the resource name.

Optional

annotations (object, AdditionalProperties: string). Annotations added to the secret.
labels (object, AdditionalProperties: string). Labels added to the secret.
prefix (string). Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. KAFKA_, REDIS_, etc.