ServiceUser
Usage examples¶
Prerequisites
Apply the resource with:
Verify the newly created ServiceUser
:
The output is similar to the following:
To view the details of the Secret
, use the following command:
You can use the jq to quickly decode the Secret
:
The output is similar to the following:
{
"SERVICEUSER_HOST": "<secret>",
"SERVICEUSER_PORT": "<secret>",
"SERVICEUSER_USERNAME": "<secret>",
"SERVICEUSER_PASSWORD": "<secret>",
"SERVICEUSER_CA_CERT": "<secret>",
"SERVICEUSER_ACCESS_CERT": "<secret>",
"SERVICEUSER_ACCESS_KEY": "<secret>",
}
ServiceUser¶
ServiceUser is the Schema for the serviceusers API.
Creates a service user for accessing Aiven services. The ServiceUser resource name becomes the username in Aiven.
Built-in users like avnadmin
cannot be deleted but their passwords can be modified using connInfoSecretSource.
Exposes secret keys
SERVICEUSER_HOST
, SERVICEUSER_PORT
, SERVICEUSER_USERNAME
, SERVICEUSER_PASSWORD
, SERVICEUSER_CA_CERT
, SERVICEUSER_ACCESS_CERT
, SERVICEUSER_ACCESS_KEY
.
Required
apiVersion
(string). Valueaiven.io/v1alpha1
.kind
(string). ValueServiceUser
.metadata
(object). Data that identifies the object, including aname
string and optionalnamespace
.spec
(object). ServiceUserSpec defines the desired state of ServiceUser. See below for nested schema.
spec¶
Appears on ServiceUser
.
ServiceUserSpec defines the desired state of ServiceUser.
Required
project
(string, Immutable, Pattern:^[a-zA-Z0-9_-]+$
, MaxLength: 63). Identifies the project this resource belongs to.serviceName
(string, Immutable, Pattern:^[a-z][-a-z0-9]+$
, MaxLength: 63). Specifies the name of the service that this resource belongs to.
Optional
authSecretRef
(object). Authentication reference to Aiven token in a secret. See below for nested schema.authentication
(string, Enum:caching_sha2_password
,mysql_native_password
). Authentication details.-
connInfoSecretSource
(object). ConnInfoSecretSource allows specifying an existing secret to read credentials from. The password from this secret will be used to modify the service user credentials. Password must be 8-256 characters long as per Aiven API requirements. This can be used to set passwords for new users or modify passwords for existing users (e.g., avnadmin).Note
This secret is not watched - changes to the source secret require manual reconciliation. To apply password changes, trigger reconciliation by adding/updating an annotation on the ServiceUser. See below for nested schema.
connInfoSecretTarget
(object). Secret configuration. See below for nested schema.connInfoSecretTargetDisabled
(boolean, Immutable). When true, the secret containing connection information will not be created, defaults to false. This field cannot be changed after resource creation.
authSecretRef¶
Appears on spec
.
Authentication reference to Aiven token in a secret.
Required
connInfoSecretSource¶
Appears on spec
.
ConnInfoSecretSource allows specifying an existing secret to read credentials from. The password from this secret will be used to modify the service user credentials. Password must be 8-256 characters long as per Aiven API requirements. This can be used to set passwords for new users or modify passwords for existing users (e.g., avnadmin).
Note
This secret is not watched - changes to the source secret require manual reconciliation. To apply password changes, trigger reconciliation by adding/updating an annotation on the ServiceUser.
Required
name
(string, MinLength: 1). Name of the secret resource to read connection parameters from.passwordKey
(string, MinLength: 1). Key in the secret containing the password to use for authentication.
Optional
namespace
(string). Namespace of the source secret. If not specified, defaults to the same namespace as the resource.
connInfoSecretTarget¶
Appears on spec
.
Secret configuration.
Required
name
(string, Immutable). Name of the secret resource to be created. By default, it is equal to the resource name.
Optional
annotations
(object, AdditionalProperties: string). Annotations added to the secret.labels
(object, AdditionalProperties: string). Labels added to the secret.prefix
(string). Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g.KAFKA_
,REDIS_
, etc.