From 095153048b6fa1cc70081b2a1aad37dd02f9993c Mon Sep 17 00:00:00 2001
From: Amit Lichtenberg <amitlicht@otterize.com>
Date: Tue, 25 Jun 2024 12:33:54 +0300
Subject: [PATCH] Update database tutorials to create secrets explicitly using
 kubectl create

---
 docs/features/mysql/tutorials/mysql.mdx       | 25 ++++---
 .../postgresql/tutorials/postgres.mdx         | 75 ++++++++++++-------
 .../mysql/mysqlserverconfig.yaml              | 11 +--
 .../postgres/postgresqlserverconfig.yaml      | 11 +--
 4 files changed, 64 insertions(+), 58 deletions(-)

diff --git a/docs/features/mysql/tutorials/mysql.mdx b/docs/features/mysql/tutorials/mysql.mdx
index 40354b8eb..77432e78d 100644
--- a/docs/features/mysql/tutorials/mysql.mdx
+++ b/docs/features/mysql/tutorials/mysql.mdx
@@ -144,7 +144,7 @@ kubectl patch deployment -n otterize-tutorial-mysql server --type='json' -p="[{\
 ```
 </details>
 
-Our server's Deployment spec specify an annotation on its Pod, which requests that the Otterize operator provision a username and password for it:
+Our server's Deployment spec specifies an annotation on its Pod, which requests that the Otterize operator provision a username and password for it:
 ```yaml
   template:
     metadata:
@@ -152,7 +152,7 @@ Our server's Deployment spec specify an annotation on its Pod, which requests th
         credentials-operator.otterize.com/user-password-secret-name: server-creds
 ```
 This specifies that the secret `server-creds` will be populated with keys containing the username and password used by this pod to connect to the database.
-The secret will only be created by the Otterize operator after it is integrated with your database by applying a MySQLServerConfig resources.
+The secret will only be created by the Otterize operator after it is integrated with your database by applying a `MySQLServerConfig` resources.
 
 
 ### View logs for the server
@@ -171,25 +171,28 @@ Example log:
 
 
 ### Deploy a MySQLServerConfig to allow Otterize DB access
-Let's apply a `MySQLServerConfig` so Otterize will know how to access our database instance:
+Let's apply a `MySQLServerConfig` so Otterize will know how to access our database instance.
+
+First, create a Kuberentes secret containing the database credentials:
 ```shell
+kubectl create secret generic mysql-tutorial-db-credentials -n otterize-tutorial-mysql --from-literal=username=$MYSQLUSER --from-literal=password=$MYSQLPASSWORD
+```
+
+Next, apply the `MySQLServerConfig` to the cluster, and patch it with your DB instance address:
+```
 kubectl apply -n otterize-tutorial-mysql -f ${ABSOLUTE_URL}/code-examples/mysql/mysqlserverconfig.yaml
 kubectl patch mysqlserverconfig -n otterize-tutorial-mysql mysql-tutorial-db --type='json' -p="[{\"op\": \"replace\", \"path\": \"/spec/address\", \"value\": \"$MYSQLHOST\"}]"
-MYSQLUSER_B64=$(echo -n $MYSQLUSER | base64)
-MYSQLPASSWORD_B64=$(echo -n $MYSQLPASSWORD | base64)
-kubectl patch secret -n otterize-tutorial-mysql mysql-tutorial-db-credentials --type='json' -p="[{\"op\": \"replace\", \"path\": \"/data/username\", \"value\": \"$MYSQLUSER_B64\"}, {\"op\": \"replace\", \"path\": \"/data/password\", \"value\": \"$MYSQLPASSWORD_B64\"}]"
 ```
 
-This applies the following `MySQLServerConfig` to your cluster, and patches it with your DB instance address & credentials:
-
+This `MySQLServerConfig` tells Otterize how to access a database instance named `mysql-tutorial-db`, meaning that when intents
+are applied requesting access permissions to `mysql-tutorial-db`, the Otterize operator will be able to configure
+them:
 
 ```yaml
 {@include: ../../../../static/code-examples/mysql/mysqlserverconfig.yaml}
 ```
 
-The above CRD tells Otterize how to access a database instance named `mysql-tutorial-db`, meaning that when intents
-are applied requesting access permissions to `mysql-tutorial-db`, the Otterize operator will be able to configure
-them.
+
 
 In this tutorial, we use the admin user to grant Otterize permissions to create users and grant them access to the database.
 In a production environment, it is recommended to create a dedicated user for Otterize, and grant it the necessary permissions to create and manage other users.
diff --git a/docs/features/postgresql/tutorials/postgres.mdx b/docs/features/postgresql/tutorials/postgres.mdx
index bbaadd9be..12570e9ab 100644
--- a/docs/features/postgresql/tutorials/postgres.mdx
+++ b/docs/features/postgresql/tutorials/postgres.mdx
@@ -61,41 +61,30 @@ To deploy Otterize, head over to [Otterize Cloud](https://app.otterize.com) and
 # Tutorial
 
 ### Deploy tutorial services and request database credentials
-This will set up the namespace we will use for our tutorial and deploy the client, server, and database.
-
-Our server's Deployment spec will specify an annotation on the Pod, which requests that the Otterize operator will provision a username and password for the server.
-```yaml
-  template:
-    metadata:
-      annotations:
-        credentials-operator.otterize.com/user-password-secret-name: server-creds
-```
-This specifies that the secret `server-creds` will have keys with the username and password to connect to the database.
-The secret will only be created by the Otterize operator after it is integrated with your database by applying a MySQLServerConfig resources.
-
+Next, set up the namespace used for our tutorial and deploy the client, server & database services in it:
 ``` shell
 kubectl create namespace otterize-tutorial-postgres
 kubectl apply -n otterize-tutorial-postgres -f ${ABSOLUTE_URL}/code-examples/postgres/client-server-database.yaml
 ```
 
-### Deploy a PostgreSQLServerConfig to allow Otterize DB access
+<details>
+<summary>Expand to see the deployment YAML</summary>
+
 ```yaml
-{@include: ../../../../static/code-examples/postgres/postgresqlserverconfig.yaml}
+{@include: ../../../../static/code-examples/postgres/client-server-database.yaml}
 ```
-The above CRD tells Otterize how to access a database instance named `postgres-tutorial-db`, meaning that when intents
-are applied requesting access permissions to `postgres-tutorial-db`, the Otterize operator will be able to configure
-them.
+</details>
 
-In this tutorial, the `database` workload already comes with the predefined username & password, but for future uses a
-role will have to be created in the database to grant Otterize access as well as the ability to configure other users.
 
-Let's apply the above `PostgreSQLServerConfig` so Otterize will know how to access our database instance.
-```shell
-kubectl apply -n otterize-tutorial-postgres -f ${ABSOLUTE_URL}/code-examples/postgres/postgresqlserverconfig.yaml
-PSQLUSER_B64=$(echo -n otterize-tutorial | base64)
-PSQLPASSWORD_B64=$(echo -n jeffdog523 | base64)
-kubectl patch secret -n otterize-tutorial-postgres postgres-tutorial-db-credentials --type='json' -p="[{\"op\": \"replace\", \"path\": \"/data/username\", \"value\": \"$PSQLUSER_B64\"}, {\"op\": \"replace\", \"path\": \"/data/password\", \"value\": \"$PSQLPASSWORD_B64\"}]"
+Our server's Deployment spec specifies an annotation on its Pod, which requests that the Otterize operator provision a username and password for it:
+```yaml
+  template:
+    metadata:
+      annotations:
+        credentials-operator.otterize.com/user-password-secret-name: server-creds
 ```
+This specifies that the secret `server-creds` will be populated with keys containing the username and password used by this pod to connect to the database.
+The secret will only be created by the Otterize operator after it is integrated with your database by applying a `PostgreSQLServerConfig` resources.
 
 ### View logs for the server
 After the client, server, and database are up and running, we can see that the server does not have the appropriate access to the database by inspecting the logs with the following command.
@@ -106,11 +95,38 @@ kubectl logs -f -n otterize-tutorial-postgres deploy/server
 
 Example log:
 <Terminal>
-Unable to perform INSERT operation
+    Unable to perform INSERT operation
     <br></br>
-Unable to perform SELECT operation
+    Unable to perform SELECT operation
 </Terminal>
 
+
+
+### Deploy a PostgreSQLServerConfig to allow Otterize DB access
+Let's apply a `PostgreSQLServerConfig` so Otterize will know how to access our database instance.
+
+First, create a Kuberentes secret containing the database credentials:
+```shell
+kubectl create secret generic postgres-tutorial-db-credentials -n otterize-tutorial-postgres --from-literal=username='otterize-tutorial' --from-literal=password='jeffdog523'
+```
+In this tutorial, the PostgreSQL database comes with the predefined username & password, but for future uses a
+role will have to be created in the database to grant Otterize access as well as the ability to configure other users.
+
+
+Next, apply the `PostgreSQLServerConfig` to the cluster:
+```
+kubectl apply -n otterize-tutorial-postgres -f ${ABSOLUTE_URL}/code-examples/postgres/postgresqlserverconfig.yaml
+```
+
+This `PostgreSQLServerConfig` tells Otterize how to access a database instance named `postgres-tutorial-db`, meaning that when intents
+are applied requesting access permissions to `postgres-tutorial-db`, the Otterize operator will be able to configure
+them:
+
+```yaml
+{@include: ../../../../static/code-examples/postgres/postgresqlserverconfig.yaml}
+```
+
+
 ### Define your ClientIntents
 
 ClientIntents are Otterize’s way of defining access through unique relationships, which lead to perfectly scoped access. In this example, we provide our `server` workload the ability to insert and select records to allow it to access the database.
@@ -131,6 +147,11 @@ kubectl apply -n otterize-tutorial-postgres -f ${ABSOLUTE_URL}/code-examples/pos
 ### View logs for the server
 We can now view the server logs once again. This time, we should see that the server has the appropriate access to the database:
 
+```shell
+kubectl logs -f -n otterize-tutorial-postgres deploy/server
+```
+
+Example log:
 <Terminal>
 Successfully INSERTED into our table
 
diff --git a/static/code-examples/mysql/mysqlserverconfig.yaml b/static/code-examples/mysql/mysqlserverconfig.yaml
index 0c5c1f94c..b189006de 100644
--- a/static/code-examples/mysql/mysqlserverconfig.yaml
+++ b/static/code-examples/mysql/mysqlserverconfig.yaml
@@ -6,13 +6,4 @@ spec:
   address: mysql.otterize-tutorial-mysql.svc.cluster.local:3306 # Your MySQL server address
   credentials:
     secretRef:
-      name: mysql-tutorial-db-credentials
----
-apiVersion: v1
-type: Opaque
-kind: Secret
-metadata:
-  name: mysql-tutorial-db-credentials
-data:
-    username: '' # Your MySQL server user
-    password: '' # Your MySQL server password
\ No newline at end of file
+      name: mysql-tutorial-db-credentials
\ No newline at end of file
diff --git a/static/code-examples/postgres/postgresqlserverconfig.yaml b/static/code-examples/postgres/postgresqlserverconfig.yaml
index 59715ddb5..522182179 100644
--- a/static/code-examples/postgres/postgresqlserverconfig.yaml
+++ b/static/code-examples/postgres/postgresqlserverconfig.yaml
@@ -6,13 +6,4 @@ spec:
   address: database.otterize-tutorial-postgres.svc.cluster.local:5432
   credentials:
     secretRef:
-      name: postgres-tutorial-db-credentials
----
-apiVersion: v1
-type: Opaque
-kind: Secret
-metadata:
-  name: postgres-tutorial-db-credentials
-data:
-  username: '' # Your PostgreSQL server user
-  password: '' # Your PostgreSQL server password
\ No newline at end of file
+      name: postgres-tutorial-db-credentials
\ No newline at end of file