Kubernetes Operator
Kubernetes Operator
Source on GitHub: HDB-HeliosDB-Proxy-Operator
The HeliosProxy Kubernetes operator declares five CRDs under heliosproxy.dev/v1alpha1:
| Kind | Purpose |
|---|---|
HeliosProxy | The proxy instance + node list |
PoolProfile | Per-instance pool tuning (mode, max_pool_size, etc.) |
RoutingRule | Routing-hints configuration |
AuditPolicy | audit-chain plugin + masking rules + audit backend |
TenantQuota | Per-tenant limits + cost budgets seeded into plugin KV |
Apply a HeliosProxy
apiVersion: heliosproxy.dev/v1alpha1kind: HeliosProxymetadata: name: analytics namespace: dataspec: replicas: 2 image: ghcr.io/dimensigon/hdb-heliosdb-proxy:0.4.0 nodes: - host: pg-primary.db.svc port: 5432 role: primary weight: 100 - host: pg-standby.db.svc port: 5432 role: standby weight: 100 poolProfileRef: default-pool plugins: - name: cost-governor source: oci://registry.example.com/org/cost-governor:1.0.0What the reconciler does
- Resolves refs. Looks up referenced sub-CRDs; surfaces a
RefMissingcondition for each unresolved ref but proceeds (the proxy can boot from inline-spec values). - Renders proxy.toml from the merged spec.
- Owns three objects: a
ConfigMapwith the rendered TOML, aDeploymentwith the right replicas + image + ports + CM mount + liveness/readiness probes, and a ClusterIPServiceexposing the postgres + admin ports. All haveOwnerReferences sokubectl delete heliosproxy <name>cleans up the stack. - Drives a config-hash annotation on the pod template — when the rendered TOML changes the deployment rolls automatically.
- Polls
/topologyon a 5-second cadence and updatesstatus.currentPrimary/healthyNodes/unhealthyNodes.
Status transitions are honest: Pending until any pod is ready, Degraded while ReadyReplicas < spec.Replicas, Ready when they match. The polling client hard-fails over after 3 seconds so a hung proxy doesn’t block reconcile.