From efd41e41712ca48f824db11519f3c7c5859cd122 Mon Sep 17 00:00:00 2001 From: Christian Kotzbauer Date: Sun, 30 Apr 2023 10:09:12 +0200 Subject: [PATCH] update postgres-operator chart Signed-off-by: Christian Kotzbauer --- charts/postgres-operator/Chart.yaml | 4 +- .../crds/operatorconfigurations.yaml | 65 +++++++++++++++-- .../postgres-operator/crds/postgresqls.yaml | 27 +++++-- .../templates/deployment.yaml | 8 +++ .../templates/operatorconfiguration.yaml | 11 +-- charts/postgres-operator/values.yaml | 70 +++++++++++++++---- 6 files changed, 157 insertions(+), 28 deletions(-) diff --git a/charts/postgres-operator/Chart.yaml b/charts/postgres-operator/Chart.yaml index b02e01e..0dcce06 100644 --- a/charts/postgres-operator/Chart.yaml +++ b/charts/postgres-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: postgres-operator description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes -version: 1.8.0 -appVersion: 1.8.0 +version: 1.10.0 +appVersion: 1.10.0 home: https://github.com/zalando/postgres-operator sources: - https://github.com/zalando/postgres-operator diff --git a/charts/postgres-operator/crds/operatorconfigurations.yaml b/charts/postgres-operator/crds/operatorconfigurations.yaml index 4e708ac..46d135f 100644 --- a/charts/postgres-operator/crds/operatorconfigurations.yaml +++ b/charts/postgres-operator/crds/operatorconfigurations.yaml @@ -68,7 +68,7 @@ spec: type: string docker_image: type: string - default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p5" + default: "ghcr.io/zalando/spilo-15:3.0-p1" enable_crd_registration: type: boolean default: true @@ -88,9 +88,14 @@ spec: enable_spilo_wal_path_compat: type: boolean default: false + enable_team_id_clustername_prefix: + type: boolean + default: false etcd_host: type: string default: "" + ignore_instance_limits_annotation_key: + type: string kubernetes_use_configmaps: type: boolean default: false @@ -162,10 +167,10 @@ spec: type: string minimal_major_version: type: string - default: "9.6" + default: "11" target_major_version: type: string - default: "14" + default: "15" kubernetes: type: object properties: @@ -209,6 +214,9 @@ spec: enable_pod_disruption_budget: type: boolean default: true + enable_readiness_probe: + type: boolean + default: false enable_sidecars: type: boolean default: true @@ -270,6 +278,9 @@ spec: pdb_name_format: type: string default: "postgres-{cluster}-pdb" + pod_antiaffinity_preferred_during_scheduling: + type: boolean + default: false pod_antiaffinity_topology_key: type: string default: "kubernetes.io/hostname" @@ -303,6 +314,9 @@ spec: secret_name_template: type: string default: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + share_pgsocket_with_sidecars: + type: boolean + default: false spilo_allow_privilege_escalation: type: boolean default: true @@ -319,6 +333,7 @@ spec: type: string enum: - "ebs" + - "mixed" - "pvc" - "off" default: "pvc" @@ -347,6 +362,12 @@ spec: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "100Mi" + max_cpu_request: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + max_memory_request: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' min_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' @@ -411,9 +432,15 @@ spec: - "Local" default: "Cluster" master_dns_name_format: + type: string + default: "{cluster}.{namespace}.{hostedzone}" + master_legacy_dns_name_format: type: string default: "{cluster}.{team}.{hostedzone}" replica_dns_name_format: + type: string + default: "{cluster}-repl.{namespace}.{hostedzone}" + replica_legacy_dns_name_format: type: string default: "{cluster}-repl.{team}.{hostedzone}" aws_or_gcp: @@ -448,16 +475,38 @@ spec: logical_backup: type: object properties: + logical_backup_azure_storage_account_name: + type: string + logical_backup_azure_storage_container: + type: string + logical_backup_azure_storage_account_key: + type: string + logical_backup_cpu_limit: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + logical_backup_cpu_request: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' logical_backup_docker_image: type: string - default: "registry.opensource.zalan.do/acid/logical-backup:v1.8.0" + default: "registry.opensource.zalan.do/acid/logical-backup:v1.10.0" logical_backup_google_application_credentials: type: string logical_backup_job_prefix: type: string default: "logical-backup-" + logical_backup_memory_limit: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + logical_backup_memory_request: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' logical_backup_provider: type: string + enum: + - "az" + - "gcs" + - "s3" default: "s3" logical_backup_s3_access_key_id: type: string @@ -588,7 +637,7 @@ spec: default: "pooler" connection_pooler_image: type: string - default: "registry.opensource.zalan.do/acid/pgbouncer:master-22" + default: "registry.opensource.zalan.do/acid/pgbouncer:master-27" connection_pooler_max_db_connections: type: integer default: 60 @@ -618,6 +667,12 @@ spec: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "100Mi" + patroni: + type: object + properties: + enable_patroni_failsafe_mode: + type: boolean + default: false status: type: object additionalProperties: diff --git a/charts/postgres-operator/crds/postgresqls.yaml b/charts/postgres-operator/crds/postgresqls.yaml index 8534650..6f938cf 100644 --- a/charts/postgres-operator/crds/postgresqls.yaml +++ b/charts/postgres-operator/crds/postgresqls.yaml @@ -223,6 +223,10 @@ spec: items: type: string pattern: '^\ *((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))-((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))\ *$' + masterServiceAnnotations: + type: object + additionalProperties: + type: string nodeAffinity: type: object properties: @@ -320,6 +324,8 @@ spec: patroni: type: object properties: + failsafe_mode: + type: boolean initdb: type: object additionalProperties: @@ -365,13 +371,12 @@ spec: version: type: string enum: - - "9.5" - - "9.6" - "10" - "11" - "12" - "13" - "14" + - "15" parameters: type: object additionalProperties: @@ -401,6 +406,10 @@ spec: replicaLoadBalancer: type: boolean description: deprecated + replicaServiceAnnotations: + type: object + additionalProperties: + type: string resources: type: object properties: @@ -479,7 +488,6 @@ spec: - standby_host streams: type: array - nullable: true items: type: object required: @@ -588,12 +596,12 @@ spec: - SUPERUSER - nosuperuser - NOSUPERUSER - usersWithPasswordRotation: + usersWithInPlaceSecretRotation: type: array nullable: true items: type: string - usersWithInPlacePasswordRotation: + usersWithSecretRotation: type: array nullable: true items: @@ -612,17 +620,26 @@ spec: type: array items: type: object + required: + - key + - operator properties: key: type: string operator: type: string + enum: + - DoesNotExist + - Exists + - In + - NotIn values: type: array items: type: string matchLabels: type: object + x-kubernetes-preserve-unknown-fields: true size: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' diff --git a/charts/postgres-operator/templates/deployment.yaml b/charts/postgres-operator/templates/deployment.yaml index a3dabc7..4893428 100644 --- a/charts/postgres-operator/templates/deployment.yaml +++ b/charts/postgres-operator/templates/deployment.yaml @@ -48,6 +48,14 @@ spec: {{ toYaml .Values.resources | indent 10 }} securityContext: {{ toYaml .Values.securityContext | indent 10 }} + {{- if .Values.readinessProbe }} + readinessProbe: + httpGet: + path: /readyz + port: {{ .Values.configLoggingRestApi.api_port }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} diff --git a/charts/postgres-operator/templates/operatorconfiguration.yaml b/charts/postgres-operator/templates/operatorconfiguration.yaml index 61ce30e..3a96e27 100644 --- a/charts/postgres-operator/templates/operatorconfiguration.yaml +++ b/charts/postgres-operator/templates/operatorconfiguration.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} configuration: -{{ toYaml .Values.configGeneral | indent 2 }} +{{ tpl (toYaml .Values.configGeneral) . | indent 2 }} users: -{{ toYaml .Values.configUsers | indent 4 }} +{{ tpl (toYaml .Values.configUsers) . | indent 4 }} major_version_upgrade: {{ toYaml .Values.configMajorVersionUpgrade | indent 4 }} kubernetes: @@ -21,7 +21,7 @@ configuration: pod_service_account_name: {{ include "postgres-pod.serviceAccountName" . }} oauth_token_secret_name: {{ template "postgres-operator.fullname" . }} pod_environment_configmap: "{{ .Release.Namespace }}/{{ template "postgres-operator.fullname" . }}-env" -{{ toYaml .Values.configKubernetes | indent 4 }} +{{ tpl (toYaml .Values.configKubernetes) . | indent 4 }} postgres_pod_resources: {{ toYaml .Values.configPostgresPodResources | indent 4 }} timeouts: @@ -35,8 +35,11 @@ configuration: debug: {{ toYaml .Values.configDebug | indent 4 }} teams_api: -{{ toYaml .Values.configTeamsApi | indent 4 }} +{{ tpl (toYaml .Values.configTeamsApi) . | indent 4 }} logging_rest_api: {{ toYaml .Values.configLoggingRestApi | indent 4 }} connection_pooler: {{ toYaml .Values.configConnectionPooler | indent 4 }} + patroni: +{{ toYaml .Values.configPatroni | indent 4 }} +{{- end }} diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index 7156cf9..240666c 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -1,7 +1,7 @@ image: registry: registry.opensource.zalan.do repository: acid/postgres-operator - tag: v1.8.0 + tag: v1.10.0 pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -31,12 +31,19 @@ configGeneral: enable_shm_volume: true # enables backwards compatible path between Spilo 12 and Spilo 13+ images enable_spilo_wal_path_compat: false + # operator will sync only clusters where name starts with teamId prefix + enable_team_id_clustername_prefix: false # etcd connection string for Patroni. Empty uses K8s-native DCS. etcd_host: "" + # Spilo docker image + docker_image: ghcr.io/zalando/spilo-15:3.0-p1 + + # key name for annotation to ignore globally configured instance limits + # ignore_instance_limits_annotation_key: "" + # Select if setup uses endpoints (default), or configmaps to manage leader (DCS=k8s) # kubernetes_use_configmaps: false - # Spilo docker image - docker_image: registry.opensource.zalan.do/acid/spilo-14:2.1-p5 + # min number of instances in Postgres cluster. -1 = no limit min_instances: -1 # max number of instances in Postgres cluster. -1 = no limit @@ -80,9 +87,9 @@ configMajorVersionUpgrade: # - acid # minimal Postgres major version that will not automatically be upgraded - minimal_major_version: "9.6" + minimal_major_version: "11" # target Postgres major version when upgrading clusters automatically - target_major_version: "14" + target_major_version: "15" configKubernetes: # list of additional capabilities for postgres container @@ -120,6 +127,8 @@ configKubernetes: enable_pod_antiaffinity: false # toggles PDB to set to MinAvailabe 0 or 1 enable_pod_disruption_budget: true + # toogles readiness probe for database pods + enable_readiness_probe: false # enables sidecar containers to run alongside Spilo in the same pod enable_sidecars: true @@ -154,8 +163,12 @@ configKubernetes: # defines the template for PDB (Pod Disruption Budget) names pdb_name_format: "postgres-{cluster}-pdb" + # switches pod anti affinity type to `preferredDuringSchedulingIgnoredDuringExecution` + pod_antiaffinity_preferred_during_scheduling: false # override topology key for pod anti affinity pod_antiaffinity_topology_key: "kubernetes.io/hostname" + # namespaced name of the ConfigMap with environment variables to populate on every pod + # pod_environment_configmap: "default/my-custom-config" # name of the Secret (in cluster namespace) with environment variables to populate on every pod # pod_environment_secret: "my-custom-secret" @@ -176,9 +189,12 @@ configKubernetes: # if the user is in different namespace than cluster and cross namespace secrets # are enabled via `enable_cross_namespace_secret` flag in the configuration. secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + # sharing unix socket of PostgreSQL (`pg_socket`) with the sidecars + share_pgsocket_with_sidecars: false # set user and group for the spilo container (required to run Spilo as non-root process) # spilo_runasuser: 101 # spilo_runasgroup: 103 + # group ID with write-access to volumes (required to run Spilo as non-root process) # spilo_fsgroup: 103 @@ -187,7 +203,7 @@ configKubernetes: # whether the Spilo container should run with additional permissions other than parent. # required by cron which needs setuid spilo_allow_privilege_escalation: true - # storage resize strategy, available options are: ebs, pvc, off + # storage resize strategy, available options are: ebs, pvc, off or mixed storage_resize_mode: pvc # pod toleration assigned to instances of every Postgres cluster # toleration: @@ -208,6 +224,12 @@ configPostgresPodResources: default_memory_limit: 500Mi # memory request value for the postgres containers default_memory_request: 100Mi + # optional upper boundary for CPU request + # max_cpu_request: "1" + + # optional upper boundary for memory request + # max_memory_request: 4Gi + # hard CPU minimum required to properly run a Postgres cluster min_cpu_limit: 250m # hard memory minimum required to properly run a Postgres cluster @@ -252,9 +274,13 @@ configLoadBalancer: # define external traffic policy for the load balancer external_traffic_policy: "Cluster" # defines the DNS name string template for the master load balancer cluster - master_dns_name_format: "{cluster}.{team}.{hostedzone}" + master_dns_name_format: "{cluster}.{namespace}.{hostedzone}" + # deprecated DNS template for master load balancer using team name + master_legacy_dns_name_format: "{cluster}.{team}.{hostedzone}" # defines the DNS name string template for the replica load balancer cluster - replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" + replica_dns_name_format: "{cluster}-repl.{namespace}.{hostedzone}" + # deprecated DNS template for replica load balancer using team name + replica_legacy_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" # options to aid debugging of the operator itself configDebug: @@ -280,7 +306,7 @@ configAwsOrGcp: # Path to mount the above Secret in the filesystem of the container(s) # additional_secret_mount_path: "/some/dir" - # AWS region used to store ESB volumes + # AWS region used to store EBS volumes aws_region: eu-central-1 # enable automatic migration on AWS from gp2 to gp3 volumes @@ -308,14 +334,25 @@ configAwsOrGcp: # configure K8s cron job managed by the operator configLogicalBackup: + # Azure Storage Account specs to store backup results + # logical_backup_azure_storage_account_name: "" + # logical_backup_azure_storage_container: "" + # logical_backup_azure_storage_account_key: "" + + # resources for logical backup pod, if empty configPostgresPodResources will be used + # logical_backup_cpu_limit: "" + # logical_backup_cpu_request: "" + # logical_backup_memory_limit: "" + # logical_backup_memory_request: "" + # image for pods of the logical backup job (example runs pg_dumpall) - logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.8.0" + logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.10.0" # path of google cloud service account json file # logical_backup_google_application_credentials: "" # prefix for the backup job name logical_backup_job_prefix: "logical-backup-" - # storage provider - either "s3" or "gcs" + # storage provider - either "s3", "gcs" or "az" logical_backup_provider: "s3" # S3 Access Key ID logical_backup_s3_access_key_id: "" @@ -377,7 +414,7 @@ configConnectionPooler: # db user for pooler to use connection_pooler_user: "pooler" # docker image - connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-22" + connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-27" # max db connections the pooler should hold connection_pooler_max_db_connections: 60 # default pooling mode @@ -390,6 +427,10 @@ configConnectionPooler: connection_pooler_default_cpu_limit: "1" connection_pooler_default_memory_limit: 100Mi +configPatroni: + # enable Patroni DCS failsafe_mode feature + enable_patroni_failsafe_mode: false + # Zalando's internal CDC stream feature enableStreams: false @@ -434,6 +475,11 @@ securityContext: drop: - ALL +# Allow to setup operator Deployment readiness probe +readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + # Affinity for pod assignment # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {}