Database
apiVersion: databases.schemahero.io/v1alpha4 # version
kind: Database # always Database
metadata:
name: # Kubernetes object name
namespace: # Kubernetes namespace
spec:
template:
metadata:
labels: # k:v entries for labels to apply during plans and applies
annotations: # k:v entries for annotations to apply during plans and applies
enableShellCommand: # bool indicating if shell command is enabled
immediateDeploy: # when true, automatically apply plans
schemahero:
image: # override default schemahero image for plans and applies
nodeSelector: # nodeSelector to apply to plans and applies
connection: # db connection
postgres: # postgresql definition
uri: # parse postgresql connection string from uri
value: # pg connection string
valueFrom: # read the uri from...
secretKeyRef: # ... from a secret
name: # secret name containing pg uri
key: # key in secret containing uri
vault: # read pg connection from vault
secret: # name of secret in vault
role: # role to use in vault
endpoint: # the endpoint of the vault api server
serviceAccount: # the service account in k8s containing the vault auth
serviceAccountNamespace: # namespace of the service account
agentInject: # when set, apply vault annotations
connectionTemplate: # when set, use this Go template to form the uri
kubernetesAuthEndpoint: # when set, use this path instead of the Vault default (https://www.vaultproject.io/docs/auth/kubernetes#via-the-c
mysql: # mysql definition
uri: # parse mysql connection string from uri
value: # mysql connection string
valueFrom: # read the uri from...
secretKeyRef: # ... from a secret
name: # secret name containing mysql uri
key: # key in secret containing uri
vault: # read mysql connection from vault
secret: # name of secret in vault
role: # role to use in vault
endpoint: # the endpoint of the vault api server
serviceAccount: # the service account in k8s containing the vault auth
serviceAccountNamespace: # namespace of the service account
agentInject: # when set, apply vault annotations
connectionTemplate: # when set, use this Go template to form the uri
kubernetesAuthEndpoint: # when set, use this path instead of the Vault default (https://www.vaultproject.io/docs/auth/kubernetes#via-the-
ssm: # use aws parameter store ssm
name: # key name in ssm
withDecryption: # when set, decrypt
region: # aws region name
accessKeyId: # the aws access key id to use (leave empty for instance role)
value: # the static value of
valueFrom: # read the aws access key id from...
secretKeyRef: # ... from a secret
key: # key in the secret
name: # name of the secret
secretAccessKey: # the aws secret access key (leave empty for instance role)
value: # the static value
valueFrom: # read the aws secret access key from...
secretKeyRef: # ... from a secret
key: # key in the secret
name: # name of the secret