public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Secrets deletion config (#2582) 

* Secrets deletion config
* Update e2e/tests/test_e2e.py

Co-authored-by: Felix Kunde <felix-kunde@gmx.de>

---------

Co-authored-by: Felix Kunde <felix-kunde@gmx.de>
This commit is contained in:
Motte 2024-05-10 17:31:21 +03:00 committed by GitHub
parent 8ee5231648
commit 13d6594cdf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
charts/postgres-operator/crds/operatorconfigurations.yaml
View File

@ -211,6 +211,9 @@ spec:
enable_init_containers: enable_init_containers:
type: boolean type: boolean
default: true default: true
enable_secrets_deletion:
type: boolean
default: true
enable_persistent_volume_claim_deletion: enable_persistent_volume_claim_deletion:
type: boolean type: boolean
default: true default: true

2
charts/postgres-operator/values.yaml
View File

@ -129,6 +129,8 @@ configKubernetes:
enable_finalizers: false enable_finalizers: false
# enables initContainers to run actions before Spilo is started # enables initContainers to run actions before Spilo is started
enable_init_containers: true enable_init_containers: true
# toggles if operator should delete secrets on cluster deletion
enable_secrets_deletion: true
# toggles if operator should delete PVCs on cluster deletion # toggles if operator should delete PVCs on cluster deletion
enable_persistent_volume_claim_deletion: true enable_persistent_volume_claim_deletion: true
# toggles pod anti affinity on the Postgres pods # toggles pod anti affinity on the Postgres pods

4
docs/reference/operator_parameters.md
View File

@ -360,6 +360,10 @@ configuration they are grouped under the `kubernetes` key.
`"retain"` - or `when_scaled` - default is also `"retain"`. The other possible `"retain"` - or `when_scaled` - default is also `"retain"`. The other possible
option is `delete`. option is `delete`.
* **enable_secrets_deletion**
By default, the operator deletes secrets when removing the Postgres cluster
manifest. To keep secrets, set this option to `false`. The default is `true`.
* **enable_persistent_volume_claim_deletion** * **enable_persistent_volume_claim_deletion**
By default, the operator deletes PersistentVolumeClaims when removing the By default, the operator deletes PersistentVolumeClaims when removing the
Postgres cluster manifest, no matter if `persistent_volume_claim_retention_policy` Postgres cluster manifest, no matter if `persistent_volume_claim_retention_policy`

3
e2e/tests/test_e2e.py
View File

@ -2049,6 +2049,7 @@ class EndToEndTestCase(unittest.TestCase):
"data": { "data": {
"delete_annotation_date_key": "delete-date", "delete_annotation_date_key": "delete-date",
"delete_annotation_name_key": "delete-clustername", "delete_annotation_name_key": "delete-clustername",
"enable_secrets_deletion": "false",
"enable_persistent_volume_claim_deletion": "false" "enable_persistent_volume_claim_deletion": "false"
} }
} }
@ -2109,7 +2110,7 @@ class EndToEndTestCase(unittest.TestCase):
self.eventuallyEqual(lambda: k8s.count_statefulsets_with_label(cluster_label), 0, "Statefulset not deleted") self.eventuallyEqual(lambda: k8s.count_statefulsets_with_label(cluster_label), 0, "Statefulset not deleted")
self.eventuallyEqual(lambda: k8s.count_deployments_with_label(cluster_label), 0, "Deployments not deleted") self.eventuallyEqual(lambda: k8s.count_deployments_with_label(cluster_label), 0, "Deployments not deleted")
self.eventuallyEqual(lambda: k8s.count_pdbs_with_label(cluster_label), 0, "Pod disruption budget not deleted") self.eventuallyEqual(lambda: k8s.count_pdbs_with_label(cluster_label), 0, "Pod disruption budget not deleted")
self.eventuallyEqual(lambda: k8s.count_secrets_with_label(cluster_label), 0, "Secrets not deleted") self.eventuallyEqual(lambda: k8s.count_secrets_with_label(cluster_label), 7, "Secrets were deleted although disabled in config")
self.eventuallyEqual(lambda: k8s.count_pvcs_with_label(cluster_label), 3, "PVCs were deleted although disabled in config") self.eventuallyEqual(lambda: k8s.count_pvcs_with_label(cluster_label), 3, "PVCs were deleted although disabled in config")
except timeout_decorator.TimeoutError: except timeout_decorator.TimeoutError:

1
manifests/configmap.yaml
View File

@ -49,6 +49,7 @@ data:
enable_master_pooler_load_balancer: "false" enable_master_pooler_load_balancer: "false"
enable_password_rotation: "false" enable_password_rotation: "false"
enable_patroni_failsafe_mode: "false" enable_patroni_failsafe_mode: "false"
enable_secrets_deletion: "true"
enable_persistent_volume_claim_deletion: "true" enable_persistent_volume_claim_deletion: "true"
enable_pgversion_env_var: "true" enable_pgversion_env_var: "true"
# enable_pod_antiaffinity: "false" # enable_pod_antiaffinity: "false"

3
manifests/operatorconfiguration.crd.yaml
View File

@ -209,6 +209,9 @@ spec:
enable_init_containers: enable_init_containers:
type: boolean type: boolean
default: true default: true
enable_secrets_deletion:
type: boolean
default: true
enable_persistent_volume_claim_deletion: enable_persistent_volume_claim_deletion:
type: boolean type: boolean
default: true default: true

1
manifests/postgresql-operator-default-configuration.yaml
View File

@ -59,6 +59,7 @@ configuration:
# enable_cross_namespace_secret: "false" # enable_cross_namespace_secret: "false"
enable_finalizers: false enable_finalizers: false
enable_init_containers: true enable_init_containers: true
enable_secrets_deletion: true
enable_persistent_volume_claim_deletion: true enable_persistent_volume_claim_deletion: true
enable_pod_antiaffinity: false enable_pod_antiaffinity: false
enable_pod_disruption_budget: true enable_pod_disruption_budget: true

3
pkg/apis/acid.zalan.do/v1/crds.go
View File

@ -1323,6 +1323,9 @@ var OperatorConfigCRDResourceValidation = apiextv1.CustomResourceValidation{
"enable_init_containers": { "enable_init_containers": {
Type: "boolean", Type: "boolean",
}, },
"enable_secrets_deletion": {
Type: "boolean",
},
"enable_persistent_volume_claim_deletion": { "enable_persistent_volume_claim_deletion": {
Type: "boolean", Type: "boolean",
}, },

1
pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
View File

@ -102,6 +102,7 @@ type KubernetesMetaConfiguration struct {
PodAntiAffinityTopologyKey string `json:"pod_antiaffinity_topology_key,omitempty"` PodAntiAffinityTopologyKey string `json:"pod_antiaffinity_topology_key,omitempty"`
PodManagementPolicy string `json:"pod_management_policy,omitempty"` PodManagementPolicy string `json:"pod_management_policy,omitempty"`
PersistentVolumeClaimRetentionPolicy map[string]string `json:"persistent_volume_claim_retention_policy,omitempty"` PersistentVolumeClaimRetentionPolicy map[string]string `json:"persistent_volume_claim_retention_policy,omitempty"`
EnableSecretsDeletion *bool `json:"enable_secrets_deletion,omitempty"`
EnablePersistentVolumeClaimDeletion *bool `json:"enable_persistent_volume_claim_deletion,omitempty"` EnablePersistentVolumeClaimDeletion *bool `json:"enable_persistent_volume_claim_deletion,omitempty"`
EnableReadinessProbe bool `json:"enable_readiness_probe,omitempty"` EnableReadinessProbe bool `json:"enable_readiness_probe,omitempty"`
EnableCrossNamespaceSecret bool `json:"enable_cross_namespace_secret,omitempty"` EnableCrossNamespaceSecret bool `json:"enable_cross_namespace_secret,omitempty"`

5
pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
View File

@ -272,6 +272,11 @@ func (in *KubernetesMetaConfiguration) DeepCopyInto(out *KubernetesMetaConfigura
(*out)[key] = val (*out)[key] = val
} }
} }
if in.EnableSecretsDeletion != nil {
in, out := &in.EnableSecretsDeletion, &out.EnableSecretsDeletion
*out = new(bool)
**out = **in
}
if in.EnablePersistentVolumeClaimDeletion != nil { if in.EnablePersistentVolumeClaimDeletion != nil {
in, out := &in.EnablePersistentVolumeClaimDeletion, &out.EnablePersistentVolumeClaimDeletion in, out := &in.EnablePersistentVolumeClaimDeletion, &out.EnablePersistentVolumeClaimDeletion
*out = new(bool) *out = new(bool)

12
pkg/cluster/cluster.go
View File

@ -1154,10 +1154,14 @@ func (c *Cluster) Delete() error {
c.eventRecorder.Eventf(c.GetReference(), v1.EventTypeWarning, "Delete", "could not delete statefulset: %v", err) c.eventRecorder.Eventf(c.GetReference(), v1.EventTypeWarning, "Delete", "could not delete statefulset: %v", err)
} }
if err := c.deleteSecrets(); err != nil { if c.OpConfig.EnableSecretsDeletion != nil && *c.OpConfig.EnableSecretsDeletion {
anyErrors = true if err := c.deleteSecrets(); err != nil {
c.logger.Warningf("could not delete secrets: %v", err) anyErrors = true
c.eventRecorder.Eventf(c.GetReference(), v1.EventTypeWarning, "Delete", "could not delete secrets: %v", err) c.logger.Warningf("could not delete secrets: %v", err)
c.eventRecorder.Eventf(c.GetReference(), v1.EventTypeWarning, "Delete", "could not delete secrets: %v", err)
}
} else {
c.logger.Info("not deleting secrets because disabled in configuration")
} }
if err := c.deletePodDisruptionBudget(); err != nil { if err := c.deletePodDisruptionBudget(); err != nil {

1
pkg/controller/operator_config.go
View File

@ -122,6 +122,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
result.PodPriorityClassName = fromCRD.Kubernetes.PodPriorityClassName result.PodPriorityClassName = fromCRD.Kubernetes.PodPriorityClassName
result.PodManagementPolicy = util.Coalesce(fromCRD.Kubernetes.PodManagementPolicy, "ordered_ready") result.PodManagementPolicy = util.Coalesce(fromCRD.Kubernetes.PodManagementPolicy, "ordered_ready")
result.PersistentVolumeClaimRetentionPolicy = fromCRD.Kubernetes.PersistentVolumeClaimRetentionPolicy result.PersistentVolumeClaimRetentionPolicy = fromCRD.Kubernetes.PersistentVolumeClaimRetentionPolicy
result.EnableSecretsDeletion = util.CoalesceBool(fromCRD.Kubernetes.EnableSecretsDeletion, util.True())
result.EnablePersistentVolumeClaimDeletion = util.CoalesceBool(fromCRD.Kubernetes.EnablePersistentVolumeClaimDeletion, util.True()) result.EnablePersistentVolumeClaimDeletion = util.CoalesceBool(fromCRD.Kubernetes.EnablePersistentVolumeClaimDeletion, util.True())
result.EnableReadinessProbe = fromCRD.Kubernetes.EnableReadinessProbe result.EnableReadinessProbe = fromCRD.Kubernetes.EnableReadinessProbe
result.MasterPodMoveTimeout = util.CoalesceDuration(time.Duration(fromCRD.Kubernetes.MasterPodMoveTimeout), "10m") result.MasterPodMoveTimeout = util.CoalesceDuration(time.Duration(fromCRD.Kubernetes.MasterPodMoveTimeout), "10m")

1
pkg/util/config/config.go
View File

@ -250,6 +250,7 @@ type Config struct {
PatroniAPICheckInterval time.Duration `name:"patroni_api_check_interval" default:"1s"` PatroniAPICheckInterval time.Duration `name:"patroni_api_check_interval" default:"1s"`
PatroniAPICheckTimeout time.Duration `name:"patroni_api_check_timeout" default:"5s"` PatroniAPICheckTimeout time.Duration `name:"patroni_api_check_timeout" default:"5s"`
EnablePatroniFailsafeMode *bool `name:"enable_patroni_failsafe_mode" default:"false"` EnablePatroniFailsafeMode *bool `name:"enable_patroni_failsafe_mode" default:"false"`
EnableSecretsDeletion *bool `name:"enable_secrets_deletion" default:"true"`
EnablePersistentVolumeClaimDeletion *bool `name:"enable_persistent_volume_claim_deletion" default:"true"` EnablePersistentVolumeClaimDeletion *bool `name:"enable_persistent_volume_claim_deletion" default:"true"`
PersistentVolumeClaimRetentionPolicy map[string]string `name:"persistent_volume_claim_retention_policy" default:"when_deleted:retain,when_scaled:retain"` PersistentVolumeClaimRetentionPolicy map[string]string `name:"persistent_volume_claim_retention_policy" default:"when_deleted:retain,when_scaled:retain"`
} }