|
|
|
|
|
|
by Pirate-of-SV
2360 days ago
|
|
|
We provision database access through Hashicorp Vault. It's excellent, short lived credentials provided by Kubernetes service accounts (lots of glue here!). After the RDS instance is created we need to manually create credentials so that Vault gains access to control it though, this is our mission to automate soon. With credentials in place teams need to maintain schema creation and migrations themselves. We provide wrapper scripts go gain access with Vault credentials mysql shell or Perconas pt-inline-schema-change. Some teams create pre-deploy jobs or init-containers so that their service can run migrations automatically. |
|
|