Fix as per review
This commit is contained in:
Rafia Sabih
parent
a04c9be0af
commit
05593122d6
|
|
@ -72,9 +72,6 @@ spec:
|
||||||
enable_lazy_spilo_upgrade:
|
enable_lazy_spilo_upgrade:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
enable_cross_namespace_secret:
|
|
||||||
type: boolean
|
|
||||||
default: false
|
|
||||||
enable_pgversion_env_var:
|
enable_pgversion_env_var:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: true
|
default: true
|
||||||
|
|
@ -176,6 +173,9 @@ spec:
|
||||||
enable_init_containers:
|
enable_init_containers:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: true
|
default: true
|
||||||
|
enable_cross_namespace_secret:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
enable_pod_antiaffinity:
|
enable_pod_antiaffinity:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
|
|
|
||||||
|
|
@ -151,7 +151,7 @@ configKubernetes:
|
||||||
# template for database user secrets generated by the operator,
|
# template for database user secrets generated by the operator,
|
||||||
# here username contains the namespace in the format namespace.username
|
# here username contains the namespace in the format namespace.username
|
||||||
# if the user is in different namespace than cluster and cross namespace secrets
|
# if the user is in different namespace than cluster and cross namespace secrets
|
||||||
# are enabled via EnableCrossNamespaceSecret flag in configmap.
|
# are enabled via enable_cross_namespace_secret flag in configmap.
|
||||||
secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
|
secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
|
||||||
# set user and group for the spilo container (required to run Spilo as non-root process)
|
# set user and group for the spilo container (required to run Spilo as non-root process)
|
||||||
# spilo_runasuser: 101
|
# spilo_runasuser: 101
|
||||||
|
|
|
||||||
|
|
@ -275,13 +275,12 @@ configuration they are grouped under the `kubernetes` key.
|
||||||
|
|
||||||
* **secret_name_template**
|
* **secret_name_template**
|
||||||
a template for the name of the database user secrets generated by the
|
a template for the name of the database user secrets generated by the
|
||||||
operator. `{namespace}` is replaced with name of the namespace (if cross
|
operator. `{namespace}` is replaced with name of the namespace if
|
||||||
namespace secrets are enabled via EnableCrossNamespaceSecret flag, otherwise the
|
enable_cross_namespace_secret is set, otherwise the
|
||||||
secret is in cluster's namespace and in that case it is not present in secret
|
secret is in cluster's namespace. `{username}` is replaced with name of the
|
||||||
name), `{username}` is replaced with name of the secret, `{cluster}` with the
|
secret, `{cluster}` with the name of the cluster, `{tprkind}` with the kind
|
||||||
name of the cluster, `{tprkind}` with the kind of CRD (formerly known as TPR)
|
of CRD (formerly known as TPR) and `{tprgroup}` with the group of the CRD.
|
||||||
and `{tprgroup}` with the group of the CRD. No other placeholders are allowed.
|
No other placeholders are allowed. The default is
|
||||||
The default is
|
|
||||||
`{namespace}.{username}.{cluster}.credentials.{tprkind}.{tprgroup}`.
|
`{namespace}.{username}.{cluster}.credentials.{tprkind}.{tprgroup}`.
|
||||||
|
|
||||||
* **cluster_domain**
|
* **cluster_domain**
|
||||||
|
|
|
||||||
|
|
@ -140,7 +140,7 @@ At the moment it is not possible to define membership of the manifest role in
|
||||||
other roles.
|
other roles.
|
||||||
|
|
||||||
To define the secrets for the users in a different namespace than that of the cluster,
|
To define the secrets for the users in a different namespace than that of the cluster,
|
||||||
one can use the flag `EnableCrossNamespaceSecret` and declare the namespace for the
|
one can set `enable_cross_namespace_secret` and declare the namespace for the
|
||||||
secrets in the manifest in the following manner,
|
secrets in the manifest in the following manner,
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
|
|
||||||
|
|
@ -36,12 +36,12 @@ data:
|
||||||
# downscaler_annotations: "deployment-time,downscaler/*"
|
# downscaler_annotations: "deployment-time,downscaler/*"
|
||||||
# enable_admin_role_for_users: "true"
|
# enable_admin_role_for_users: "true"
|
||||||
# enable_crd_validation: "true"
|
# enable_crd_validation: "true"
|
||||||
|
# enable_cross_namespace_secret: "true"
|
||||||
# enable_database_access: "true"
|
# enable_database_access: "true"
|
||||||
enable_ebs_gp3_migration: "false"
|
enable_ebs_gp3_migration: "false"
|
||||||
# enable_ebs_gp3_migration_max_size: "1000"
|
# enable_ebs_gp3_migration_max_size: "1000"
|
||||||
# enable_init_containers: "true"
|
# enable_init_containers: "true"
|
||||||
# enable_lazy_spilo_upgrade: "false"
|
# enable_lazy_spilo_upgrade: "false"
|
||||||
# enable_cross_namespace_secret: "false"
|
|
||||||
enable_master_load_balancer: "false"
|
enable_master_load_balancer: "false"
|
||||||
enable_pgversion_env_var: "true"
|
enable_pgversion_env_var: "true"
|
||||||
# enable_pod_antiaffinity: "false"
|
# enable_pod_antiaffinity: "false"
|
||||||
|
|
|
||||||
|
|
@ -91,6 +91,7 @@ type KubernetesMetaConfiguration struct {
|
||||||
EnablePodAntiAffinity bool `json:"enable_pod_antiaffinity,omitempty"`
|
EnablePodAntiAffinity bool `json:"enable_pod_antiaffinity,omitempty"`
|
||||||
PodAntiAffinityTopologyKey string `json:"pod_antiaffinity_topology_key,omitempty"`
|
PodAntiAffinityTopologyKey string `json:"pod_antiaffinity_topology_key,omitempty"`
|
||||||
PodManagementPolicy string `json:"pod_management_policy,omitempty"`
|
PodManagementPolicy string `json:"pod_management_policy,omitempty"`
|
||||||
|
EnableCrossNamespaceSecret bool `json:"enable_cross_namespace_secret,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// PostgresPodResourcesDefaults defines the spec of default resources
|
// PostgresPodResourcesDefaults defines the spec of default resources
|
||||||
|
|
@ -214,7 +215,6 @@ type OperatorLogicalBackupConfiguration struct {
|
||||||
type OperatorConfigurationData struct {
|
type OperatorConfigurationData struct {
|
||||||
EnableCRDValidation *bool `json:"enable_crd_validation,omitempty"`
|
EnableCRDValidation *bool `json:"enable_crd_validation,omitempty"`
|
||||||
EnableLazySpiloUpgrade bool `json:"enable_lazy_spilo_upgrade,omitempty"`
|
EnableLazySpiloUpgrade bool `json:"enable_lazy_spilo_upgrade,omitempty"`
|
||||||
EnableCrossNamespaceSecret bool `json:"enable_cross_namespace_secret,omitempty"`
|
|
||||||
EnablePgVersionEnvVar bool `json:"enable_pgversion_env_var,omitempty"`
|
EnablePgVersionEnvVar bool `json:"enable_pgversion_env_var,omitempty"`
|
||||||
EnableSpiloWalPathCompat bool `json:"enable_spilo_wal_path_compat,omitempty"`
|
EnableSpiloWalPathCompat bool `json:"enable_spilo_wal_path_compat,omitempty"`
|
||||||
EtcdHost string `json:"etcd_host,omitempty"`
|
EtcdHost string `json:"etcd_host,omitempty"`
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue