public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add CRD configuration to Helm chart values.yaml (#559) 

* add templates for CRDs incl. crd-install hooks
* support both config styles in values.yaml
* fix ServiceAccount naming in values.yaml
This commit is contained in:
Felix Kunde 2019-06-03 14:48:32 +02:00 committed by GitHub
parent ebda39368e
commit 5a0e95ac45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 423 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
charts/postgres-operator/Chart.yaml
View File

@ -1,13 +1,18 @@
apiVersion: v1
name: postgres-operator
version: 0.1.0
appVersion: 1.1.0
version: 1.2.0
appVersion: 1.2.0
home: https://github.com/zalando/postgres-operator
description: Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
keywords:
- postgres
- operator
- cloud-native
- patroni
- spilo
maintainers:
- name: Zalando
email: opensource@zalando.de
- name: kimxogus
email: kgyoo8232@gmail.com
sources:

12
charts/postgres-operator/templates/clusterrole.yaml
View File

@ -2,7 +2,11 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ template "postgres-operator.fullname" . }}
name: {{- if eq .Values.serviceAccount.name "" }}
{{ template "postgres-operator.fullname" . }}
{{- else }}
{{ .Values.serviceAccount.name }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
helm.sh/chart: {{ template "postgres-operator.chart" . }}
@ -140,7 +144,11 @@ rules:
verbs:
- bind
resourceNames:
- {{ template "postgres-operator.fullname" . }}
- {{- if eq .Values.serviceAccount.name "" }}
{{ template "postgres-operator.fullname" . }}
{{- else }}
{{ .Values.serviceAccount.name }}
{{- end }}
- apiGroups:
- batch
resources:

18
charts/postgres-operator/templates/clusterrolebinding.yaml
View File

@ -2,7 +2,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "postgres-operator.fullname" . }}
name: {{- if eq .Values.serviceAccount.name "" }}
{{ template "postgres-operator.fullname" . }}
{{- else }}
{{ .Values.serviceAccount.name }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
helm.sh/chart: {{ template "postgres-operator.chart" . }}
@ -11,11 +15,19 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "postgres-operator.fullname" . }}
name: {{- if eq .Values.serviceAccount.name "" }}
{{ template "postgres-operator.fullname" . }}
{{- else }}
{{ .Values.serviceAccount.name }}
{{- end }}
subjects:
- kind: ServiceAccount
# note: the cluster role binding needs to be defined
# for every namespace the operator service account lives in.
name: {{ template "postgres-operator.fullname" . }}
name: {{- if eq .Values.serviceAccount.name "" }}
{{ template "postgres-operator.fullname" . }}
{{- else }}
{{ .Values.serviceAccount.name }}
{{- end }}
namespace: {{ .Release.Namespace }}
{{ end }}

24
charts/postgres-operator/templates/configmap.yaml
View File

@ -8,5 +8,25 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
data:
pod_service_account_name: {{ template "postgres-operator.fullname" . }}
{{ toYaml .Values.config | indent 2 }}
pod_service_account_name: {{- if eq .Values.serviceAccount.name "" }}
{{ template "postgres-operator.fullname" . }}
{{- else }}
{{ .Values.serviceAccount.name }}
{{- end }}
api_port: "{{ .Values.configLoggingRestApi.api_port }}"
cluster_history_entries: "{{ .Values.configLoggingRestApi.cluster_history_entries }}"
docker_image: {{ .Values.docker_image }}
debug_logging: "{{ .Values.configDebug.debug_logging }}"
enable_database_access: "{{ .Values.configDebug.enable_database_access }}"
repair_period: {{ .Values.repair_period }}
resync_period: {{ .Values.resync_period }}
ring_log_lines: "{{ .Values.configLoggingRestApi.ring_log_lines }}"
spilo_privileged: "{{ .Values.spilo_privileged }}"
workers: "{{ .Values.workers }}"
{{ toYaml .Values.configMap | indent 2 }}
{{ toYaml .Values.configUsers | indent 2 }}
{{ toYaml .Values.configKubernetes | indent 2 }}
{{ toYaml .Values.configTimeouts | indent 2 }}
{{ toYaml .Values.configLoadBalancer | indent 2 }}
{{ toYaml .Values.configAwsOrGcp | indent 2 }}
{{ toYaml .Values.configTeamsApi | indent 2 }}

39
charts/postgres-operator/templates/customrresourcedefinition.yaml Normal file
View File

@ -0,0 +1,39 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: postgresqls.acid.zalan.do
annotations:
"helm.sh/hook": crd-install
spec:
group: acid.zalan.do
names:
kind: postgresql
listKind: postgresqlList
plural: postgresqls
singular: postgresql
shortNames:
- pg
scope: Namespaced
subresources:
status: {}
version: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: operatorconfigurations.acid.zalan.do
annotations:
"helm.sh/hook": crd-install
spec:
group: acid.zalan.do
names:
kind: OperatorConfiguration
listKind: OperatorConfigurationList
plural: operatorconfigurations
singular: operatorconfiguration
shortNames:
- pgc
scope: Namespaced
subresources:
status: {}
version: v1

11
charts/postgres-operator/templates/deployment.yaml
View File

@ -17,6 +17,8 @@ spec:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
# In order to use the checksum of CRD OperatorConfiguration instead, use the following line instead
# {{ include (print $.Template.BasePath "/operatorconfiguration.yaml") . | sha256sum }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
@ -27,7 +29,11 @@ spec:
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "postgres-operator.fullname" . }}
serviceAccountName: {{- if eq .Values.serviceAccount.name "" }}
{{ template "postgres-operator.fullname" . }}
{{- else }}
{{ .Values.serviceAccount.name }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@ -35,6 +41,9 @@ spec:
env:
- name: CONFIG_MAP_NAME
value: {{ template "postgres-operator.fullname" . }}
# In order to use the CRD OperatorConfiguration instead, uncomment these lines and comment out the two lines above
# - name: POSTGRES_OPERATOR_CONFIGURATION_OBJECT
# value: {{ template "postgres-operator.fullname" . }}
resources:
{{ toYaml .Values.resources | indent 10 }}
{{- if .Values.imagePullSecrets }}

41
charts/postgres-operator/templates/operatorconfiguration.yaml Normal file
View File

@ -0,0 +1,41 @@
apiVersion: "acid.zalan.do/v1"
kind: OperatorConfiguration
metadata:
name: {{ template "postgres-operator.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
helm.sh/chart: {{ template "postgres-operator.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
configuration:
docker_image: {{ .Values.docker_image }}
repair_period: {{ .Values.repair_period }}
resync_period: {{ .Values.resync_period }}
workers: {{ .Values.workers }}
{{ toYaml .Values.configCRD | indent 2 }}
users:
{{ toYaml .Values.configUsers | indent 4 }}
kubernetes:
oauth_token_secret_name: {{ template "postgres-operator.fullname" . }}
pod_service_account_name: operator
spilo_privileged: {{ .Values.spilo_privileged }}
{{ toYaml .Values.configKubernetes | indent 4 }}
{{ toYaml .Values.configKubernetesCRD | indent 4 }}
postgres_pod_resources:
{{ toYaml .Values.configPostgresPodResources | indent 4 }}
timeouts:
{{ toYaml .Values.configTimeouts | indent 4 }}
load_balancer:
{{ toYaml .Values.configLoadBalancerCRD | indent 4 }}
aws_or_gcp:
{{ toYaml .Values.configAwsOrGcp | indent 4 }}
logical_backup:
{{ toYaml .Values.configLogicalBackup | indent 4 }}
debug:
{{ toYaml .Values.configDebug | indent 4 }}
teams_api:
{{ toYaml .Values.configTeamsApiCRD | indent 4 }}
logging_rest_api:
{{ toYaml .Values.configLoggingRestApi | indent 4 }}
scalyr:
{{ toYaml .Values.configScalyr | indent 4 }}

6
charts/postgres-operator/templates/serviceaccount.yaml
View File

@ -2,7 +2,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "postgres-operator.fullname" . }}
name: {{- if eq .Values.serviceAccount.name "" }}
{{ template "postgres-operator.fullname" . }}
{{- else }}
{{ .Values.serviceAccount.name }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
helm.sh/chart: {{ template "postgres-operator.chart" . }}

168
charts/postgres-operator/values.yaml
View File

@ -1,7 +1,7 @@
image:
registry: registry.opensource.zalan.do
repository: acid/postgres-operator
tag: v1.1.0
tag: v1.1.0-28-g24d412a
pullPolicy: "IfNotPresent"
# Optionally specify an array of imagePullSecrets.
@ -13,59 +13,143 @@ image:
podAnnotations: {}
podLabels: {}
config:
watched_namespace: "*" # listen to all namespaces
cluster_labels: application:spilo
cluster_name_label: version
pod_role_label: spilo-role
# config shared from ConfigMap and CRD
docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7
repair_period: 5m
resync_period: 5m
spilo_privileged: false
workers: 4
debug_logging: "true"
workers: "4"
docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p70
secret_name_template: '{username}.{cluster}.credentials'
cluster_domain: cluster.local
configUsers:
replication_username: standby
super_username: postgres
enable_teams_api: "false"
spilo_privileged: "false"
# set_memory_request_to_limit: "true"
# postgres_superuser_teams: "postgres_superusers"
# enable_team_superuser: "false"
# team_admin_role: "admin"
# teams_api_url: http://fake-teams-api.default.svc.cluster.local
# team_api_role_configuration: "log_statement:all"
# infrastructure_roles_secret_name: postgresql-infrastructure-roles
# oauth_token_secret_name: postgresql-operator
# pam_role_name: zalandos
# pam_configuration: |
# https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees
configKubernetes:
cluster_domain: cluster.local
# inherited_labels: ""
aws_region: eu-central-1
db_hosted_zone: db.example.com
master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}'
replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}'
enable_master_load_balancer: "true"
enable_replica_load_balancer: "false"
# infrastructure_roles_secret_name: postgresql-infrastructure-roles
# node_readiness_label: ""
# oauth_token_secret_name: postgresql-operator
# pod_environment_configmap: ""
pod_management_policy: "ordered_ready"
pdb_name_format: "postgres-{cluster}-pdb"
api_port: "8080"
ring_log_lines: "100"
cluster_history_entries: "1000"
pod_role_label: spilo-role
pod_terminate_grace_period: 5m
secret_name_template: '{username}.{cluster}.credentials'
configPostgresPodResources:
default_cpu_request: 100m
default_memory_request: 100Mi
default_cpu_limit: "3"
default_memory_limit: 1Gi
# set_memory_request_to_limit: true
configTimeouts:
# master_pod_move_timeout: 10m
pod_deletion_wait_timeout: 10m
pod_label_wait_timeout: 10m
ready_wait_interval: 3s
ready_wait_timeout: 30s
replication_username: standby
resource_check_interval: 3s
resource_check_timeout: 10m
resync_period: 5m
pod_management_policy: "ordered_ready"
enable_pod_antiaffinity: "false"
pod_antiaffinity_topology_key: "kubernetes.io/hostname"
configDebug:
debug_logging: true
enable_database_access: true
configLoggingRestApi:
api_port: 8080
cluster_history_entries: 1000
ring_log_lines: 100
configAwsOrGcp:
aws_region: eu-central-1
db_hosted_zone: db.example.com
# kube_iam_role: ""
# log_s3_bucket: ""
# wal_s3_bucket: ""
configLogicalBackup:
logical_backup_schedule: "30 00 * * *"
logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
logical_backup_s3_bucket: ""
# config exclusive to ConfigMap
configMap:
cluster_labels: application:spilo
cluster_name_label: version
watched_namespace: "*" # listen to all namespaces
configLoadBalancer:
# custom_service_annotations:
# "keyx:valuez,keya:valuea"
enable_master_load_balancer: "true"
enable_replica_load_balancer: "false"
master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}'
replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}'
configTeamsApi:
enable_teams_api: "false"
# enable_admin_role_for_users: "true"
# enable_team_superuser: "false"
# pam_configuration: https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees
# pam_role_name: zalandos
# postgres_superuser_teams: "postgres_superusers"
# team_admin_role: "admin"
# team_api_role_configuration: "log_statement:all"
# teams_api_url: http://fake-teams-api.default.svc.cluster.local
# config exclusive to CRD
configCRD:
etcd_host: ""
min_instances: -1
max_instances: -1
# sidecar_docker_images
# example: "exampleimage:exampletag"
configKubernetesCRD:
cluster_labels:
application: spilo
cluster_name_label: cluster-name
enable_pod_antiaffinity: false
pod_antiaffinity_topology_key: "kubernetes.io/hostname"
secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
# inherited_labels:
# - application
# - app
# watched_namespace: ""
configLoadBalancerCRD:
# custom_service_annotations:
# keyx: valuez
# keya: valuea
enable_master_load_balancer: false
enable_replica_load_balancer: false
master_dns_name_format: "{cluster}.{team}.{hostedzone}"
replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}"
configTeamsApiCRD:
enable_teams_api: false
enable_team_superuser: false
# pam_configuration: ""
pam_role_name: zalandos
# postgres_superuser_teams: "postgres_superusers"
protected_role_names:
- admin
team_admin_role: admin
team_api_role_configuration:
log_statement: all
# teams_api_url: ""
scalyr:
scalyr_cpu_request: 100m
scalyr_memory_request: 50Mi
scalyr_cpu_limit: "1"
scalyr_memory_limit: 1Gi
# scalyr_api_key: ""
# scalyr_image: ""
# scalyr_server_url: ""
rbac:
# Specifies whether RBAC resources should be created
create: true
@ -75,7 +159,9 @@ serviceAccount:
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
# When relying solely on the OperatorConfiguration CRD, set this value to "operator"
# Otherwise, the operator tries to use the "default" service account which is forbidden
name: ""
priorityClassName: ""

44
docs/administrator.md
View File

@ -1,47 +1,3 @@
## Create ConfigMap
A ConfigMap is used to store the configuration of the operator.
```bash
$ kubectl create -f manifests/configmap.yaml
```
## Deploying the operator
First you need to install the service account definition in your Minikube cluster.
```bash
$ kubectl create -f manifests/operator-service-account-rbac.yaml
```
Next deploy the postgres-operator from the docker image Zalando is using:
```bash
$ kubectl create -f manifests/postgres-operator.yaml
```
If you prefer to build the image yourself follow up down below.
### - Helm chart
You can install postgres-operator also with a [Helm](https://helm.sh/) chart.
This requires installing the Helm CLI first and then initializing it in the
cluster.
```bash
$ helm init
$ helm install --name my-release ./charts/postgres-operator
```
## Check if CustomResourceDefinition has been registered
```bash
$ kubectl get crd
NAME KIND
postgresqls.acid.zalan.do CustomResourceDefinition.v1beta1.apiextensions.k8s.io
```
# How to configure PostgreSQL operator
## Select the namespace to deploy to

29
docs/developer.md
View File

@ -20,18 +20,17 @@ that your setup is working.
Note: if you use multiple Kubernetes clusters, you can switch to Minikube with
`kubectl config use-context minikube`
## Create ConfigMap
## Deploying the operator
ConfigMap is used to store the configuration of the operator
### Kubernetes manifest
A ConfigMap is used to store the configuration of the operator. Alternatively,
a CRD-based configuration can be used, as described [here](reference/operator_parameters).
```bash
$ kubectl --context minikube create -f manifests/configmap.yaml
```
## Deploying the operator
### - Kubernetes manifest
First you need to install the service account definition in your Minikube cluster.
```bash
@ -46,15 +45,23 @@ Next deploy the postgres-operator from the docker image Zalando is using:
If you prefer to build the image yourself follow up down below.
### - Helm chart
### Helm chart
You can install postgres-operator also with a [Helm](https://helm.sh/) chart.
This requires installing the Helm CLI first and then initializing it in the
cluster.
Alternatively, the operator can be installed by using the provided [Helm](https://helm.sh/)
chart which saves you the manual steps. Therefore, you would need to install
the helm CLI on your machine. After initializing helm (and its server
component Tiller) in your local cluster you can install the operator chart.
You can define a release name that is prepended to the operator resource's
names.
Use `--name zalando` to match with the default service account name as older
operator versions do not support custom names for service accounts. When relying
solely on the CRD-based configuration edit the `serviceAccount` section in the
[values yaml file](../charts/values.yaml) by setting the name to `"operator"`.
```bash
$ helm init
$ helm install --name my-release ./charts/postgres-operator
$ helm install --name zalando ./charts/postgres-operator
```
## Check if CustomResourceDefinition has been registered

14
docs/quickstart.md
View File

@ -20,6 +20,12 @@ cd postgres-operator
minikube start
```
If you want to configure the Postgres Operator it must happen before deploying a
Postgres cluster. This can happen in two ways: Via a ConfigMap or a
`OperatorConfiguration` object, which adheres a CustomResourceDefinition (CRD).
More details on configuration can be found [here](reference/operator_parameters.md).
## Manual deployment setup
The Postgres Operator can be installed simply by applying yaml manifests.
@ -37,8 +43,12 @@ chart which saves you the manual steps. Therefore, you would need to install
the helm CLI on your machine. After initializing helm (and its server
component Tiller) in your local cluster you can install the operator chart.
You can define a release name that is prepended to the operator resource's
names. Use `--name zalando` to match with the default service account name
as older operator versions do not support custom names for service accounts.
names.
Use `--name zalando` to match with the default service account name as older
operator versions do not support custom names for service accounts. When relying
solely on the CRD-based configuration edit the `serviceAccount` section in the
[values yaml file](../charts/values.yaml) by setting the name to `"operator"`.
```bash
# 1) initialize helm

21
docs/reference/cluster_manifest.md
View File

@ -1,4 +1,3 @@
Individual postgres clusters are described by the Kubernetes *cluster manifest*
that has the structure defined by the `postgres CRD` (custom resource
definition). The following section describes the structure of the manifest and
@ -14,7 +13,9 @@ measurements. Please, refer to the [Kubernetes
documentation](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/)
for the possible values of those.
:exclamation: If both operator configmap/CRD and a Postgres cluster manifest define the same parameter, the value from the Postgres cluster manifest is applied.
:exclamation: If both operator configmap/CRD and a Postgres cluster manifest
define the same parameter, the value from the Postgres cluster manifest is
applied.
## Manifest structure
@ -105,7 +106,8 @@ These parameters are grouped directly under the `spec` key in the manifest.
class](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass)
that should be assigned to the cluster pods. When not specified, the value
is taken from the `pod_priority_class_name` operator parameter, if not set
then the default priority class is taken. The priority class itself must be defined in advance.
then the default priority class is taken. The priority class itself must be
defined in advance.
* **enableShmVolume**
Start a database pod without limitations on shm memory. By default docker
@ -120,10 +122,12 @@ These parameters are grouped directly under the `spec` key in the manifest.
configured (so you can override the operator configuration).
* **enableLogicalBackup**
Determines if the logical backup of this cluster should be taken and uploaded to S3. Default: false.
Determines if the logical backup of this cluster should be taken and uploaded
to S3. Default: false.
* **logicalBackupSchedule**
Schedule for the logical backup k8s cron job. Please take [the reference schedule format](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#schedule) into account. Default: "30 00 \* \* \*"
Schedule for the logical backup k8s cron job. Please take [the reference schedule format](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#schedule)
into account. Default: "30 00 \* \* \*"
## Postgres parameters
@ -181,7 +185,12 @@ explanation of `ttl` and `loop_wait` parameters.
set by the Spilo docker image. Optional.
* **slots**
permanent replication slots that Patroni preserves after failover by re-creating them on the new primary immediately after doing a promote. Slots could be reconfigured with the help of `patronictl edit-config`. It is the responsibility of a user to avoid clashes in names between replication slots automatically created by Patroni for cluster members and permanent replication slots. Optional.
permanent replication slots that Patroni preserves after failover by
re-creating them on the new primary immediately after doing a promote. Slots
could be reconfigured with the help of `patronictl edit-config`. It is the
responsibility of a user to avoid clashes in names between replication slots
automatically created by Patroni for cluster members and permanent replication
slots. Optional.
## Postgres container resources

152
docs/reference/operator_parameters.md
View File

@ -11,17 +11,18 @@ configuration.
[example](https://github.com/zalando/postgres-operator/blob/master/manifests/configmap.yaml)
* CRD-based configuration. The configuration is stored in a custom YAML
manifest. The manifest is an instance of the custom resource definition (CRD) called
`OperatorConfiguration`. The operator registers this CRD
during the start and uses it for configuration if the [operator deployment manifest ](https://github.com/zalando/postgres-operator/blob/master/manifests/postgres-operator.yaml#L21) sets the `POSTGRES_OPERATOR_CONFIGURATION_OBJECT` env variable to a non-empty value. The variable should point to the
`postgresql-operator-configuration` object in the operator's namespace.
manifest. The manifest is an instance of the custom resource definition (CRD)
called `OperatorConfiguration`. The operator registers this CRD during the
start and uses it for configuration if the [operator deployment manifest ](https://github.com/zalando/postgres-operator/blob/master/manifests/postgres-operator.yaml#L21)
sets the `POSTGRES_OPERATOR_CONFIGURATION_OBJECT` env variable to a non-empty
value. The variable should point to the `postgresql-operator-configuration`
object in the operator's namespace.
The CRD-based configuration is a regular YAML
document; non-scalar keys are simply represented in the usual YAML way.
There are no default values built-in in the operator, each parameter that is
not supplied in the configuration receives an empty value. In order to
create your own configuration just copy the [default
one](https://github.com/zalando/postgres-operator/blob/master/manifests/postgresql-operator-default-configuration.yaml)
The CRD-based configuration is a regular YAML document; non-scalar keys are
simply represented in the usual YAML way. There are no default values built-in
in the operator, each parameter that is not supplied in the configuration
receives an empty value. In order to create your own configuration just copy
the [default one](https://github.com/zalando/postgres-operator/blob/master/manifests/postgresql-operator-default-configuration.yaml)
and change it.
To test the CRD-based configuration locally, use the following
@ -31,19 +32,23 @@ configuration.
kubectl create -f manifests/postgresql-operator-default-configuration.yaml
kubectl get operatorconfigurations postgresql-operator-default-configuration -o yaml
```
Note that the operator first registers the definition of the CRD `OperatorConfiguration` and then waits for an instance of the CRD to be created. In between these two event the operator pod may be failing since it cannot fetch the not-yet-existing `OperatorConfiguration` instance.
Note that the operator first registers the CRD of the `OperatorConfiguration`
and then waits for an instance to be created. In between these two event the
operator pod may be failing since it cannot fetch the not-yet-existing
`OperatorConfiguration` instance.
The CRD-based configuration is more powerful than the one based on
ConfigMaps and should be used unless there is a compatibility requirement to
use an already existing configuration. Even in that case, it should be rather
straightforward to convert the configmap based configuration into the CRD-based
one and restart the operator. The ConfigMaps-based configuration will be
deprecated and subsequently removed in future releases.
The CRD-based configuration is more powerful than the one based on ConfigMaps
and should be used unless there is a compatibility requirement to use an already
existing configuration. Even in that case, it should be rather straightforward
to convert the configmap based configuration into the CRD-based one and restart
the operator. The ConfigMaps-based configuration will be deprecated and
subsequently removed in future releases.
Note that for the CRD-based configuration groups of configuration options below correspond
to the non-leaf keys in the target YAML (i.e. for the Kubernetes resources the
key is `kubernetes`). The key is mentioned alongside the group description. The
ConfigMap-based configuration is flat and does not allow non-leaf keys.
Note that for the CRD-based configuration groups of configuration options below
correspond to the non-leaf keys in the target YAML (i.e. for the Kubernetes
resources the key is `kubernetes`). The key is mentioned alongside the group
description. The ConfigMap-based configuration is flat and does not allow
non-leaf keys.
Since in the CRD-based case the operator needs to create a CRD first, which is
controlled by the `resource_check_interval` and `resource_check_timeout`
@ -51,7 +56,11 @@ parameters, those parameters have no effect and are replaced by the
`CRD_READY_WAIT_INTERVAL` and `CRD_READY_WAIT_TIMEOUT` environment variables.
They will be deprecated and removed in the future.
For the configmap operator configuration, the [default parameter values](https://github.com/zalando-incubator/postgres-operator/blob/master/pkg/util/config/config.go#L14) mentioned here are likely to be overwritten in your local operator installation via your local version of the operator configmap. In the case you use the operator CRD, all the CRD defaults are provided in the [operator's default configuration manifest](https://github.com/zalando-incubator/postgres-operator/blob/master/manifests/postgresql-operator-default-configuration.yaml)
For the configmap operator configuration, the [default parameter values](https://github.com/zalando-incubator/postgres-operator/blob/master/pkg/util/config/config.go#L14)
mentioned here are likely to be overwritten in your local operator installation
via your local version of the operator configmap. In the case you use the
operator CRD, all the CRD defaults are provided in the
[operator's default configuration manifest](https://github.com/zalando-incubator/postgres-operator/blob/master/manifests/postgresql-operator-default-configuration.yaml)
Variable names are underscore-separated words.
@ -87,8 +96,8 @@ Those are top-level keys, containing both leaf keys and groups.
* **min_instances**
operator will run at least the number of instances for any given postgres
cluster equal to the value of this parameter. When `-1` is specified, no limits
are applied. The default is `-1`.
cluster equal to the value of this parameter. When `-1` is specified, no
limits are applied. The default is `-1`.
* **resync_period**
period between consecutive sync requests. The default is `30m`.
@ -124,7 +133,8 @@ configuration they are grouped under the `kubernetes` key.
* **pod_service_account_definition**
The operator tries to create the pod Service Account in the namespace that
doesn't define such an account using the YAML definition provided by this
option. If not defined, a simple definition that contains only the name will be used. The default is empty.
option. If not defined, a simple definition that contains only the name will
be used. The default is empty.
* **pod_service_account_role_binding_definition**
This definition must bind pod service account to a role with permission
@ -142,8 +152,8 @@ configuration they are grouped under the `kubernetes` key.
* **watched_namespace**
The operator watches for postgres objects in the given namespace. If not
specified, the value is taken from the operator namespace. A special `*`
value makes it watch all namespaces. The default is empty (watch the operator pod
namespace).
value makes it watch all namespaces. The default is empty (watch the operator
pod namespace).
* **pdb_name_format**
defines the template for PDB (Pod Disruption Budget) names created by the
@ -181,8 +191,8 @@ configuration they are grouped under the `kubernetes` key.
* **inherited_labels**
list of labels that can be inherited from the cluster manifest, and added to
each child objects (`StatefulSet`, `Pod`, `Service` and `Endpoints`) created by
the opertor.
each child objects (`StatefulSet`, `Pod`, `Service` and `Endpoints`) created
by the opertor.
Typical use case is to dynamically pass labels that are specific to a given
postgres cluster, in order to implement `NetworkPolicy`.
The default is empty.
@ -203,8 +213,7 @@ configuration they are grouped under the `kubernetes` key.
* **toleration**
a dictionary that should contain `key`, `operator`, `value` and
`effect` keys. In that case, the operator defines a pod toleration
according to the values of those keys. See [kubernetes
documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
according to the values of those keys. See [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
for details on taints and tolerations. The default is empty.
* **pod_environment_configmap**
@ -215,31 +224,35 @@ configuration they are grouped under the `kubernetes` key.
operator. The default is empty.
* **pod_priority_class_name**
a name of the [priority
class](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass)
that should be assigned to the Postgres pods. The priority class itself must be defined in advance.
Default is empty (use the default priority class).
a name of the [priority class](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass)
that should be assigned to the Postgres pods. The priority class itself must
be defined in advance. Default is empty (use the default priority class).
* **spilo_privileged**
whether the Spilo container should run in privileged mode. Privileged mode is used for AWS volume resizing and not required if you don't need that capability. The default is `false`.
whether the Spilo container should run in privileged mode. Privileged mode is
used for AWS volume resizing and not required if you don't need that
capability. The default is `false`.
* **master_pod_move_timeout**
The period of time to wait for the success of migration of master pods from an unschedulable node.
The migration includes Patroni switchovers to respective replicas on healthy nodes. The situation where master pods still exist on the old node after this timeout expires has to be fixed manually. The default is 20 minutes.
The period of time to wait for the success of migration of master pods from
an unschedulable node. The migration includes Patroni switchovers to
respective replicas on healthy nodes. The situation where master pods still
exist on the old node after this timeout expires has to be fixed manually.
The default is 20 minutes.
* **enable_pod_antiaffinity**
toggles [pod anti affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) on the Postgres pods, to avoid multiple pods
of the same Postgres cluster in the same topology , e.g. node. The default is `false`.
toggles [pod anti affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/)
on the Postgres pods, to avoid multiple pods of the same Postgres cluster in
the same topology , e.g. node. The default is `false`.
* **pod_antiaffinity_topology_key**
override
[topology key](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#interlude-built-in-node-labels)
override [topology key](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#interlude-built-in-node-labels)
for pod anti affinity. The default is `kubernetes.io/hostname`.
* **pod_management_policy**
specify the
[pod management policy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies)
of stateful sets of PG clusters. The default is `ordered_ready`, the second possible value is `parallel`.
specify the [pod management policy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies)
of stateful sets of PG clusters. The default is `ordered_ready`, the second
possible value is `parallel`.
## Kubernetes resource requests
@ -264,7 +277,14 @@ CRD-based configuration.
settings. The default is `1Gi`.
* **set_memory_request_to_limit**
Set `memory_request` to `memory_limit` for all Postgres clusters (the default value is also increased). This prevents certain cases of memory overcommitment at the cost of overprovisioning memory and potential scheduling problems for containers with high memory limits due to the lack of memory on Kubernetes cluster nodes. This affects all containers created by the operator (Postgres, Scalyr sidecar, and other sidecars); to set resources for the operator's own container, change the [operator deployment manually](https://github.com/zalando/postgres-operator/blob/master/manifests/postgres-operator.yaml#L13). The default is `false`.
Set `memory_request` to `memory_limit` for all Postgres clusters (the default
value is also increased). This prevents certain cases of memory overcommitment
at the cost of overprovisioning memory and potential scheduling problems for
containers with high memory limits due to the lack of memory on Kubernetes
cluster nodes. This affects all containers created by the operator (Postgres,
Scalyr sidecar, and other sidecars); to set resources for the operator's own
container, change the [operator deployment manually](https://github.com/zalando/postgres-operator/blob/master/manifests/postgres-operator.yaml#L13).
The default is `false`.
* **enable_shm_volume**
Instruct operator to start any new database pod without limitations on shm
@ -351,9 +371,10 @@ In the CRD-based configuration they are grouped under the `load_balancer` key.
## AWS or GCP interaction
The options in this group configure operator interactions with non-Kubernetes
objects from Amazon Web Services (AWS) or Google Cloud Platform (GCP). They have no effect unless you are using
either. In the CRD-based configuration those options are grouped under the
`aws_or_gcp` key. Note the GCP integration is not yet officially supported.
objects from Amazon Web Services (AWS) or Google Cloud Platform (GCP). They have
no effect unless you are using either. In the CRD-based configuration those
options are grouped under the `aws_or_gcp` key. Note the GCP integration is not
yet officially supported.
* **wal_s3_bucket**
S3 bucket to use for shipping WAL segments with WAL-E. A bucket has to be
@ -362,7 +383,8 @@ either. In the CRD-based configuration those options are grouped under the
* **log_s3_bucket**
S3 bucket to use for shipping postgres daily logs. Works only with S3 on AWS.
The bucket has to be present and accessible by Postgres pods. The default is empty.
The bucket has to be present and accessible by Postgres pods. The default is
empty.
* **kube_iam_role**
AWS IAM role to supply in the `iam.amazonaws.com/role` annotation of Postgres
@ -383,8 +405,8 @@ Options to aid debugging of the operator itself. Grouped under the `debug` key.
* **enable_database_access**
boolean parameter that toggles the functionality of the operator that require
access to the postgres database, i.e. creating databases and users. The default
is `true`.
access to the postgres database, i.e. creating databases and users. The
default is `true`.
## Automatic creation of human users in the database
@ -421,7 +443,10 @@ key.
`admin`, that role is created by Spilo as a `NOLOGIN` role.
* **enable_admin_role_for_users**
if `true`, the `team_admin_role` will have the rights to grant roles coming from PG manifests. Such roles will be created as in "CREATE ROLE 'role_from_manifest' ... ADMIN 'team_admin_role'". The default is `true`.
if `true`, the `team_admin_role` will have the rights to grant roles coming
from PG manifests. Such roles will be created as in
"CREATE ROLE 'role_from_manifest' ... ADMIN 'team_admin_role'".
The default is `true`.
* **pam_role_name**
when set, the operator will add all team member roles to this group and add a
@ -440,11 +465,14 @@ key.
infrastructure role. The default is `admin`.
* **postgres_superuser_teams**
List of teams which members need the superuser role in each PG database cluster to administer Postgres and maintain infrastructure built around it. The default is empty.
List of teams which members need the superuser role in each PG database
cluster to administer Postgres and maintain infrastructure built around it.
The default is empty.
## Logging and REST API
Parameters affecting logging and REST API listener. In the CRD-based configuration they are grouped under the `logging_rest_api` key.
Parameters affecting logging and REST API listener. In the CRD-based
configuration they are grouped under the `logging_rest_api` key.
* **api_port**
REST API listener listens to this port. The default is `8080`.
@ -485,14 +513,20 @@ scalyr sidecar. In the CRD-based configuration they are grouped under the
## Logical backup
These parameters configure a k8s cron job managed by the operator to produce Postgres logical backups.
In the CRD-based configuration those parameters are grouped under the `logical_backup` key.
These parameters configure a k8s cron job managed by the operator to produce
Postgres logical backups. In the CRD-based configuration those parameters are
grouped under the `logical_backup` key.
* **logical_backup_schedule**
Backup schedule in the cron format. Please take [the reference schedule format](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#schedule) into account. Default: "30 00 \* \* \*"
* **logical_backup_docker_image**
An image for pods of the logical backup job. The [example image](../../docker/logical-backup/Dockerfile) runs `pg_dumpall` on a replica if possible and uploads compressed results to an S3 bucket under the key `/spilo/pg_cluster_name/cluster_k8s_uuid/logical_backups`. The default image is the same image built with the Zalando-internal CI pipeline. Default: "registry.opensource.zalan.do/acid/logical-backup"
An image for pods of the logical backup job. The [example image](../../docker/logical-backup/Dockerfile)
runs `pg_dumpall` on a replica if possible and uploads compressed results to
an S3 bucket under the key `/spilo/pg_cluster_name/cluster_k8s_uuid/logical_backups`.
The default image is the same image built with the Zalando-internal CI
pipeline. Default: "registry.opensource.zalan.do/acid/logical-backup"
* **logical_backup_s3_bucket**
S3 bucket to store backup results. The bucket has to be present and accessible by Postgres pods. Default: empty.
S3 bucket to store backup results. The bucket has to be present and
accessible by Postgres pods. Default: empty.

2
manifests/configmap.yaml
View File

@ -10,7 +10,7 @@ data:
debug_logging: "true"
workers: "4"
docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p70
docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7
pod_service_account_name: "zalando-postgres-operator"
secret_name_template: '{username}.{cluster}.credentials'
cluster_domain: cluster.local

4
manifests/postgresql-operator-default-configuration.yaml
View File

@ -4,7 +4,7 @@ metadata:
name: postgresql-operator-default-configuration
configuration:
etcd_host: ""
docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p42
docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7
workers: 4
min_instances: -1
max_instances: -1
@ -37,7 +37,7 @@ configuration:
# infrastructure_roles_secret_name: ""
# pod_environment_configmap: ""
pod_management_policy: "ordered_ready"
enable_pod_antiaffinity: "false"
enable_pod_antiaffinity: false
pod_antiaffinity_topology_key: "kubernetes.io/hostname"
postgres_pod_resources:
default_cpu_request: 100m

2
pkg/util/config/config.go
View File

@ -84,7 +84,7 @@ type Config struct {
WatchedNamespace string `name:"watched_namespace"` // special values: "*" means 'watch all namespaces', the empty string "" means 'watch a namespace where operator is deployed to'
EtcdHost string `name:"etcd_host" default:""` // special values: the empty string "" means Patroni will use k8s as a DCS
DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spilo-cdp-10:1.4-p8"`
DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spilo-11:1.5-p7"`
Sidecars map[string]string `name:"sidecar_docker_images"`
// default name `operator` enables backward compatibility with the older ServiceAccountName field
PodServiceAccountName string `name:"pod_service_account_name" default:"operator"`