public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into refactor/exp

This commit is contained in:
Felix Kunde 2025-10-14 11:07:39 +02:00 committed by GitHub
parent 7c6cab144a 8ba57b28f5
commit 39fa576824
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 102 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/reference/operator_parameters.md
View File

@ -107,8 +107,13 @@ Those are top-level keys, containing both leaf keys and groups.
* **kubernetes_use_configmaps**
Select if setup uses endpoints (default), or configmaps to manage leader when
DCS is kubernetes (not etcd or similar). In OpenShift it is not possible to
use endpoints option, and configmaps is required. By default,
`kubernetes_use_configmaps: false`, meaning endpoints will be used.
use endpoints option, and configmaps is required. Starting with K8s 1.33,
endpoints are marked as deprecated. It's recommended to switch to config maps
instead. But, to do so make sure you scale the Postgres cluster down to just
one primary pod (e.g. using `max_instances` option). Otherwise, you risk
running into a split-brain scenario.
By default, `kubernetes_use_configmaps: false`, meaning endpoints will be used.
Starting from v1.16.0 the default will be changed to `true`.
* **docker_image**
Spilo Docker image for Postgres instances. For production, don't rely on the

27
manifests/operator-service-account-rbac.yaml
View File

@ -59,13 +59,20 @@ rules:
- get
- patch
- update
# to read configuration from ConfigMaps
# to read configuration from ConfigMaps and help Patroni manage the cluster if endpoints are not used
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
# to send events to the CRs
- apiGroups:
- ""
@ -78,7 +85,7 @@ rules:
- patch
- update
- watch
# to manage endpoints which are also used by Patroni
# to manage endpoints which are also used by Patroni (if it is using config maps)
- apiGroups:
- ""
resources:
@ -249,7 +256,21 @@ kind: ClusterRole
metadata:
name: postgres-pod
rules:
# Patroni needs to watch and manage endpoints
# Patroni needs to watch and manage config maps (or endpoints)
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
# Patroni needs to watch and manage endpoints (or config maps)
- apiGroups:
- ""
resources:

8
pkg/cluster/cluster.go
View File

@ -841,6 +841,14 @@ func (c *Cluster) compareServices(old, new *v1.Service) (bool, string) {
return false, "new service's owner references do not match the current ones"
}
if !reflect.DeepEqual(old.Spec.Selector, new.Spec.Selector) {
return false, "new service's selector does not match the current one"
}
if old.Spec.ExternalTrafficPolicy != new.Spec.ExternalTrafficPolicy {
return false, "new service's ExternalTrafficPolicy does not match the current one"
}
return true, ""
}

77
pkg/cluster/cluster_test.go
View File

@ -1341,14 +1341,21 @@ func TestCompareEnv(t *testing.T) {
}
}
func newService(ann map[string]string, svcT v1.ServiceType, lbSr []string) *v1.Service {
func newService(
annotations map[string]string,
svcType v1.ServiceType,
sourceRanges []string,
selector map[string]string,
policy v1.ServiceExternalTrafficPolicyType) *v1.Service {
svc := &v1.Service{
Spec: v1.ServiceSpec{
Type: svcT,
LoadBalancerSourceRanges: lbSr,
Selector: selector,
Type: svcType,
LoadBalancerSourceRanges: sourceRanges,
ExternalTrafficPolicy: policy,
},
}
svc.Annotations = ann
svc.Annotations = annotations
return svc
}
@ -1365,13 +1372,18 @@ func TestCompareServices(t *testing.T) {
},
}
defaultPolicy := v1.ServiceExternalTrafficPolicyTypeCluster
serviceWithOwnerReference := newService(
map[string]string{
constants.ZalandoDNSNameAnnotation: "clstr.acid.zalan.do",
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeClusterIP,
[]string{"128.141.0.0/16", "137.138.0.0/16"})
[]string{"128.141.0.0/16", "137.138.0.0/16"},
nil,
defaultPolicy,
)
ownerRef := metav1.OwnerReference{
APIVersion: "acid.zalan.do/v1",
@ -1397,14 +1409,16 @@ func TestCompareServices(t *testing.T) {
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeClusterIP,
[]string{"128.141.0.0/16", "137.138.0.0/16"}),
[]string{"128.141.0.0/16", "137.138.0.0/16"},
nil, defaultPolicy),
new: newService(
map[string]string{
constants.ZalandoDNSNameAnnotation: "clstr.acid.zalan.do",
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeClusterIP,
[]string{"128.141.0.0/16", "137.138.0.0/16"}),
[]string{"128.141.0.0/16", "137.138.0.0/16"},
nil, defaultPolicy),
match: true,
},
{
@ -1415,14 +1429,16 @@ func TestCompareServices(t *testing.T) {
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeClusterIP,
[]string{"128.141.0.0/16", "137.138.0.0/16"}),
[]string{"128.141.0.0/16", "137.138.0.0/16"},
nil, defaultPolicy),
new: newService(
map[string]string{
constants.ZalandoDNSNameAnnotation: "clstr.acid.zalan.do",
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeLoadBalancer,
[]string{"128.141.0.0/16", "137.138.0.0/16"}),
[]string{"128.141.0.0/16", "137.138.0.0/16"},
nil, defaultPolicy),
match: false,
reason: `new service's type "LoadBalancer" does not match the current one "ClusterIP"`,
},
@ -1434,14 +1450,16 @@ func TestCompareServices(t *testing.T) {
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeLoadBalancer,
[]string{"128.141.0.0/16", "137.138.0.0/16"}),
[]string{"128.141.0.0/16", "137.138.0.0/16"},
nil, defaultPolicy),
new: newService(
map[string]string{
constants.ZalandoDNSNameAnnotation: "clstr.acid.zalan.do",
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeLoadBalancer,
[]string{"185.249.56.0/22"}),
[]string{"185.249.56.0/22"},
nil, defaultPolicy),
match: false,
reason: `new service's LoadBalancerSourceRange does not match the current one`,
},
@ -1453,14 +1471,16 @@ func TestCompareServices(t *testing.T) {
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeLoadBalancer,
[]string{"128.141.0.0/16", "137.138.0.0/16"}),
[]string{"128.141.0.0/16", "137.138.0.0/16"},
nil, defaultPolicy),
new: newService(
map[string]string{
constants.ZalandoDNSNameAnnotation: "clstr.acid.zalan.do",
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeLoadBalancer,
[]string{}),
[]string{},
nil, defaultPolicy),
match: false,
reason: `new service's LoadBalancerSourceRange does not match the current one`,
},
@ -1472,10 +1492,39 @@ func TestCompareServices(t *testing.T) {
constants.ElbTimeoutAnnotationName: constants.ElbTimeoutAnnotationValue,
},
v1.ServiceTypeClusterIP,
[]string{"128.141.0.0/16", "137.138.0.0/16"}),
[]string{"128.141.0.0/16", "137.138.0.0/16"},
nil, defaultPolicy),
new: serviceWithOwnerReference,
match: false,
},
{
about: "new service has a label selector",
current: newService(
map[string]string{},
v1.ServiceTypeClusterIP,
[]string{},
nil, defaultPolicy),
new: newService(
map[string]string{},
v1.ServiceTypeClusterIP,
[]string{},
map[string]string{"cluster-name": "clstr", "spilo-role": "master"}, defaultPolicy),
match: false,
},
{
about: "services differ on external traffic policy",
current: newService(
map[string]string{},
v1.ServiceTypeClusterIP,
[]string{},
nil, defaultPolicy),
new: newService(
map[string]string{},
v1.ServiceTypeClusterIP,
[]string{},
nil, v1.ServiceExternalTrafficPolicyTypeLocal),
match: false,
},
}
for _, tt := range tests {