Today we’re announcing the open sourcing of spicedb-operator - a Kubernetes operator for installing, upgrading, and maintaining SpiceDB clusters on Kubernetes. Through previous work at CoreOS and Red Hat, our team developed many of the early ideas around operators. As we began to scale out the deployment of SpiceDB clusters across our fleet to address the needs of our customers, an operator was the natural choice.
The operator has been quietly managing SpiceDB clusters for Authzed’s Serverless and Dedicated offerings for the past four months. It’s production-ready and available today!
To get started yourself, install the operator:
kubectl apply --server-side -k github.com/authzed/spicedb-operator/config
And then create a cluster:
kubectl apply --server-side -f - <<EOF apiVersion: authzed.com/v1alpha1 kind: SpiceDBCluster metadata: name: dev spec: config: replicas: 2 datastoreEngine: postgres secretName: dev-spicedb-config --- apiVersion: v1 kind: Secret metadata: name: dev-spicedb-config stringData: datastore_uri: "postgresql:///the-url-of-your-datastore" preshared_key: "averysecretpresharedkey" EOF
Once a cluster is running, the operator will automatically run migrations and roll out new SpiceDB releases as they become available. Or, by pinning a cluster to a specific release, the operator can be used to coordinate the rollout of migrations in git-ops workflows.
We’ve also open-sourced controller-idioms, the library we developed to support SpiceDB Operator and other operators that we use to run Authzed Dedicated. We found ourselves solving some of the same problems in every operator we wrote, and built this microframework to standardize common patterns across our stack.
This new library:
If you’re developing an operator of your own, please check out controller-idioms and let us know what’s missing in the GitHub issues.
Header image generated with DALL·E 2 with prompt “a robot putting a database icon in a kubernetes cluster”