Allow individual teams to do auto upgrade via operator. (#1699)

* Allow whitelisting of teams to do auto upgrade upgrade via operator. Co-authored-by: Felix Kunde <felix-kunde@gmx.de>
2021-11-29 12:47:18 +01:00 · 2021-11-29 12:47:18 +01:00 · 3e275d122a
parent fbd980af78
commit 3e275d122a
13 changed files with 60 additions and 9 deletions
--- a/charts/postgres-operator/crds/operatorconfigurations.yaml
+++ b/charts/postgres-operator/crds/operatorconfigurations.yaml
@ -131,6 +131,10 @@ spec:
                  major_version_upgrade_mode:
                    type: string
                    default: "off"
+                  major_version_upgrade_team_allow_list:
+                    type: array
+                    items:
+                      type: string
                  minimal_major_version:
                    type: string
                    default: "9.6"
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@ -64,6 +64,10 @@ configUsers:
 configMajorVersionUpgrade:
  # "off": no upgrade, "manual": manifest triggers action, "full": minimal version violation triggers too
  major_version_upgrade_mode: "off"
+  # upgrades will only be carried out for clusters of listed teams when mode is "off"
+  # major_version_upgrade_team_allow_list:
+  # - acid
+
  # minimal Postgres major version that will not automatically be upgraded
  minimal_major_version: "9.6"
  # target Postgres major version when upgrading clusters automatically
--- a/docs/reference/operator_parameters.md
+++ b/docs/reference/operator_parameters.md
@ -184,6 +184,10 @@ CRD-configuration, they are grouped under the `major_version_upgrade` key.
  Note, that with all three modes increasing the version in the manifest will
  trigger a rolling update of the pods. The default is `"off"`.

+* **major_version_upgrade_team_allow_list**
+  Upgrades will only be carried out for clusters of listed teams when mode is
+  set to "off". The default is empty.
+
 * **minimal_major_version**
  The minimal Postgres major version that will not automatically be upgraded
  when `major_version_upgrade_mode` is set to `"full"`. The default is `"9.6"`.
--- a/docs/user.md
+++ b/docs/user.md
@ -603,10 +603,9 @@ spec:
 ```

 Some extensions require SUPERUSER rights on creation unless they are not
-whitelisted by the [pgextwlist](https://github.com/dimitri/pgextwlist)
-extension, that is shipped with the Spilo image. To see which extensions are
-on the list check the `extwlist.extension` parameter in the postgresql.conf
-file.
+allowed by the [pgextwlist](https://github.com/dimitri/pgextwlist) extension,
+that is shipped with the Spilo image. To see which extensions are on the list
+check the `extwlist.extension` parameter in the postgresql.conf file.

 ```bash
 SHOW extwlist.extensions;
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@ -77,6 +77,7 @@ data:
  logical_backup_s3_sse: "AES256"
  logical_backup_schedule: "30 00 * * *"
  major_version_upgrade_mode: "manual"
+  # major_version_upgrade_team_allow_list: ""
  master_dns_name_format: "{cluster}.{team}.{hostedzone}"
  # master_pod_move_timeout: 20m
  # max_instances: "-1"
--- a/manifests/operatorconfiguration.crd.yaml
+++ b/manifests/operatorconfiguration.crd.yaml
@ -129,6 +129,10 @@ spec:
                  major_version_upgrade_mode:
                    type: string
                    default: "off"
+                  major_version_upgrade_team_allow_list:
+                    type: array
+                    items:
+                      type: string
                  minimal_major_version:
                    type: string
                    default: "9.6"
--- a/manifests/postgresql-operator-default-configuration.yaml
+++ b/manifests/postgresql-operator-default-configuration.yaml
@ -28,6 +28,8 @@ configuration:
    super_username: postgres
  major_version_upgrade:
    major_version_upgrade_mode: "off"
+    # major_version_upgrade_team_allow_list:
+    # - acid
    minimal_major_version: "9.6"
    target_major_version: "14"
  kubernetes:
--- a/pkg/apis/acid.zalan.do/v1/crds.go
+++ b/pkg/apis/acid.zalan.do/v1/crds.go
@ -1019,6 +1019,14 @@ var OperatorConfigCRDResourceValidation = apiextv1.CustomResourceValidation{
 							"major_version_upgrade_mode": {
 								Type: "string",
 							},
+							"major_version_upgrade_team_allow_list": {
+								Type: "array",
+								Items: &apiextv1.JSONSchemaPropsOrArray{
+									Schema: &apiextv1.JSONSchemaProps{
+										Type: "string",
+									},
+								},
+							},
 							"minimal_major_version": {
 								Type: "string",
 							},
--- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
+++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
@ -43,9 +43,10 @@ type PostgresUsersConfiguration struct {

 // MajorVersionUpgradeConfiguration defines how to execute major version upgrades of Postgres.
 type MajorVersionUpgradeConfiguration struct {
-	MajorVersionUpgradeMode string `json:"major_version_upgrade_mode" default:"off"` // off - no actions, manual - manifest triggers action, full - manifest and minimal version violation trigger upgrade
-	MinimalMajorVersion     string `json:"minimal_major_version" default:"9.6"`
-	TargetMajorVersion      string `json:"target_major_version" default:"14"`
+	MajorVersionUpgradeMode          string   `json:"major_version_upgrade_mode" default:"off"` // off - no actions, manual - manifest triggers action, full - manifest and minimal version violation trigger upgrade
+	MajorVersionUpgradeTeamAllowList []string `json:"major_version_upgrade_team_allow_list,omitempty"`
+	MinimalMajorVersion              string   `json:"minimal_major_version" default:"9.6"`
+	TargetMajorVersion               string   `json:"target_major_version" default:"14"`
 }

 // KubernetesMetaConfiguration defines k8s conf required for all Postgres clusters and the operator itself
--- a/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
@ -318,6 +318,11 @@ func (in *MaintenanceWindow) DeepCopy() *MaintenanceWindow {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *MajorVersionUpgradeConfiguration) DeepCopyInto(out *MajorVersionUpgradeConfiguration) {
 	*out = *in
+	if in.MajorVersionUpgradeTeamAllowList != nil {
+		in, out := &in.MajorVersionUpgradeTeamAllowList, &out.MajorVersionUpgradeTeamAllowList
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }

@ -386,7 +391,7 @@ func (in *OperatorConfigurationData) DeepCopyInto(out *OperatorConfigurationData
 		}
 	}
 	out.PostgresUsersConfiguration = in.PostgresUsersConfiguration
-	out.MajorVersionUpgrade = in.MajorVersionUpgrade
+	in.MajorVersionUpgrade.DeepCopyInto(&out.MajorVersionUpgrade)
 	in.Kubernetes.DeepCopyInto(&out.Kubernetes)
 	out.PostgresPodResources = in.PostgresPodResources
 	out.Timeouts = in.Timeouts
--- a/pkg/cluster/majorversionupgrade.go
+++ b/pkg/cluster/majorversionupgrade.go
@ -4,6 +4,7 @@ import (
 	"fmt"

 	"github.com/zalando/postgres-operator/pkg/spec"
+	"github.com/zalando/postgres-operator/pkg/util"
 	v1 "k8s.io/api/core/v1"
 )

@ -44,9 +45,25 @@ func (c *Cluster) GetDesiredMajorVersion() string {
 	return c.Spec.PgVersion
 }

+func (c *Cluster) isUpgradeAllowedForTeam(owningTeam string) bool {
+	allowedTeams := c.OpConfig.MajorVersionUpgradeTeamAllowList
+
+	if len(allowedTeams) == 0 {
+		return false
+	}
+
+	return util.SliceContains(allowedTeams, owningTeam)
+}
+
+/*
+  Execute upgrade when mode is set to manual or full or when the owning team is allowed for upgrade (and mode is "off").
+
+  Manual upgrade means, it is triggered by the user via manifest version change
+  Full upgrade means, operator also determines the minimal version used accross all clusters and upgrades violators.
+*/
 func (c *Cluster) majorVersionUpgrade() error {

-	if c.OpConfig.MajorVersionUpgradeMode == "off" {
+	if c.OpConfig.MajorVersionUpgradeMode == "off" && !c.isUpgradeAllowedForTeam(c.Spec.TeamID) {
 		return nil
 	}

--- a/pkg/controller/operator_config.go
+++ b/pkg/controller/operator_config.go
@ -56,6 +56,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur

 	// major version upgrade config
 	result.MajorVersionUpgradeMode = util.Coalesce(fromCRD.MajorVersionUpgrade.MajorVersionUpgradeMode, "off")
+	result.MajorVersionUpgradeTeamAllowList = fromCRD.MajorVersionUpgrade.MajorVersionUpgradeTeamAllowList
 	result.MinimalMajorVersion = util.Coalesce(fromCRD.MajorVersionUpgrade.MinimalMajorVersion, "9.6")
 	result.TargetMajorVersion = util.Coalesce(fromCRD.MajorVersionUpgrade.TargetMajorVersion, "14")

--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@ -212,6 +212,7 @@ type Config struct {
 	EnablePgVersionEnvVar                  bool              `name:"enable_pgversion_env_var" default:"true"`
 	EnableSpiloWalPathCompat               bool              `name:"enable_spilo_wal_path_compat" default:"false"`
 	MajorVersionUpgradeMode                string            `name:"major_version_upgrade_mode" default:"off"`
+	MajorVersionUpgradeTeamAllowList       []string          `name:"major_version_upgrade_team_allow_list" default:""`
 	MinimalMajorVersion                    string            `name:"minimal_major_version" default:"9.6"`
 	TargetMajorVersion                     string            `name:"target_major_version" default:"14"`
 }