From 6037f4e5786e54d25e080c8d4317e75ce1a9325d Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Fri, 21 Jun 2019 15:26:29 +0200 Subject: [PATCH] align config map, operator config, helm chart values and templates --- .../templates/configmap.yaml | 7 +- .../templates/operatorconfiguration.yaml | 5 +- charts/postgres-operator/values.yaml | 49 +++++--- docs/user.md | 4 +- manifests/complete-postgres-manifest.yaml | 4 +- manifests/configmap.yaml | 106 +++++++++------- ...gresql-operator-default-configuration.yaml | 115 +++++++++--------- .../v1/operator_configuration_type.go | 1 + pkg/apis/acid.zalan.do/v1/postgresql_type.go | 4 +- pkg/controller/operator_config.go | 1 + 10 files changed, 160 insertions(+), 136 deletions(-) diff --git a/charts/postgres-operator/templates/configmap.yaml b/charts/postgres-operator/templates/configmap.yaml index 4785a7758..bc004f579 100644 --- a/charts/postgres-operator/templates/configmap.yaml +++ b/charts/postgres-operator/templates/configmap.yaml @@ -15,18 +15,15 @@ data: {{- end }} api_port: "{{ .Values.configLoggingRestApi.api_port }}" cluster_history_entries: "{{ .Values.configLoggingRestApi.cluster_history_entries }}" - docker_image: {{ .Values.docker_image }} debug_logging: "{{ .Values.configDebug.debug_logging }}" enable_database_access: "{{ .Values.configDebug.enable_database_access }}" - repair_period: {{ .Values.repair_period }} - resync_period: {{ .Values.resync_period }} ring_log_lines: "{{ .Values.configLoggingRestApi.ring_log_lines }}" - spilo_privileged: "{{ .Values.spilo_privileged }}" - workers: "{{ .Values.workers }}" +{{ toYaml .Values.config | indent 2 }} {{ toYaml .Values.configMap | indent 2 }} {{ toYaml .Values.configUsers | indent 2 }} {{ toYaml .Values.configKubernetes | indent 2 }} {{ toYaml .Values.configTimeouts | indent 2 }} {{ toYaml .Values.configLoadBalancer | indent 2 }} {{ toYaml .Values.configAwsOrGcp | indent 2 }} +{{ toYaml .Values.configLogicalBackup | indent 2 }} {{ toYaml .Values.configTeamsApi | indent 2 }} diff --git a/charts/postgres-operator/templates/operatorconfiguration.yaml b/charts/postgres-operator/templates/operatorconfiguration.yaml index 9510d454d..0ff56f72b 100644 --- a/charts/postgres-operator/templates/operatorconfiguration.yaml +++ b/charts/postgres-operator/templates/operatorconfiguration.yaml @@ -8,10 +8,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} configuration: - docker_image: {{ .Values.docker_image }} - repair_period: {{ .Values.repair_period }} - resync_period: {{ .Values.resync_period }} - workers: {{ .Values.workers }} +{{ toYaml .Values.config | indent 2 }} {{ toYaml .Values.configCRD | indent 2 }} users: {{ toYaml .Values.configUsers | indent 4 }} diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index 2d8c1122d..ab93acbdd 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -1,7 +1,7 @@ image: registry: registry.opensource.zalan.do repository: acid/postgres-operator - tag: v1.1.0-28-g24d412a + tag: v1.1.0-48-g540d58d pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -14,11 +14,11 @@ podAnnotations: {} podLabels: {} # config shared from ConfigMap and CRD -docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7 -repair_period: 5m -resync_period: 5m -spilo_privileged: false -workers: 4 +config: + etcd_host: "" + docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7 + repair_period: 5m + resync_period: 5m configUsers: replication_username: standby @@ -26,27 +26,27 @@ configUsers: configKubernetes: cluster_domain: cluster.local - # inherited_labels: "" # infrastructure_roles_secret_name: postgresql-infrastructure-roles + # master_pod_move_timeout: 10m # node_readiness_label: "" # oauth_token_secret_name: postgresql-operator - # pod_environment_configmap: "" - # spilo_fsgroup: "103" - pod_management_policy: "ordered_ready" pdb_name_format: "postgres-{cluster}-pdb" + pod_antiaffinity_topology_key: "kubernetes.io/hostname" + # pod_environment_configmap: "" + pod_management_policy: "ordered_ready" pod_role_label: spilo-role pod_terminate_grace_period: 5m secret_name_template: '{username}.{cluster}.credentials' + # spilo_fsgroup: "103" + watched_namespace: "*" # listen to all namespaces configPostgresPodResources: default_cpu_request: 100m default_memory_request: 100Mi default_cpu_limit: "3" default_memory_limit: 1Gi - # set_memory_request_to_limit: true configTimeouts: - # master_pod_move_timeout: 10m pod_deletion_wait_timeout: 10m pod_label_wait_timeout: 10m ready_wait_interval: 3s @@ -64,13 +64,12 @@ configLoggingRestApi: ring_log_lines: 100 configAwsOrGcp: + # additional_secret_mount: "some-secret-name" + # additional_secret_mount_path: "/some/dir" aws_region: eu-central-1 - db_hosted_zone: db.example.com # kube_iam_role: "" # log_s3_bucket: "" # wal_s3_bucket: "" - # additional_secret_mount: "some-secret-name" - # additional_secret_mount_path: "/some/dir" configLogicalBackup: logical_backup_schedule: "30 00 * * *" @@ -81,9 +80,18 @@ configLogicalBackup: configMap: cluster_labels: application:spilo cluster_name_label: version - watched_namespace: "*" # listen to all namespaces + enable_pod_antiaffinity: false + enable_pod_disruption_budget: true + # inherited_labels: "" + max_instances: "-1" + min_instances: "-1" + # set_memory_request_to_limit: "true" + # sidecar_docker_images: "" + spilo_privileged: "false" + workers: "4" configLoadBalancer: + db_hosted_zone: db.example.com # custom_service_annotations: # "keyx:valuez,keya:valuea" enable_master_load_balancer: "true" @@ -92,21 +100,22 @@ configLoadBalancer: replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}' configTeamsApi: - enable_teams_api: "false" # enable_admin_role_for_users: "true" # enable_team_superuser: "false" + enable_teams_api: "false" # pam_configuration: https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees # pam_role_name: zalandos # postgres_superuser_teams: "postgres_superusers" + # protected_role_names: "admin" # team_admin_role: "admin" # team_api_role_configuration: "log_statement:all" # teams_api_url: http://fake-teams-api.default.svc.cluster.local # config exclusive to CRD configCRD: - etcd_host: "" min_instances: -1 max_instances: -1 + # set_memory_request_to_limit: true # sidecar_docker_images # example: "exampleimage:exampletag" @@ -115,15 +124,16 @@ configKubernetesCRD: application: spilo cluster_name_label: cluster-name enable_pod_antiaffinity: false - pod_antiaffinity_topology_key: "kubernetes.io/hostname" enable_pod_disruption_budget: true secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + spilo_privileged: false # inherited_labels: # - application # - app # watched_namespace: "" configLoadBalancerCRD: + # db_hosted_zone: "" # custom_service_annotations: # keyx: valuez # keya: valuea @@ -133,6 +143,7 @@ configLoadBalancerCRD: replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" configTeamsApiCRD: + # enable_admin_role_for_users: true enable_teams_api: false enable_team_superuser: false # pam_configuration: "" diff --git a/docs/user.md b/docs/user.md index 4f8162121..283d6c2e4 100644 --- a/docs/user.md +++ b/docs/user.md @@ -351,7 +351,7 @@ metadata: name: acid-minimal-cluster spec: ... - init_containers: + initContainers: - name: "container-name" image: "company/image:tag" env: @@ -359,7 +359,7 @@ spec: value: "any-k8s-env-things" ``` -`init_containers` accepts full `v1.Container` definition. +`initContainers` accepts full `v1.Container` definition. ## Increase volume size diff --git a/manifests/complete-postgres-manifest.yaml b/manifests/complete-postgres-manifest.yaml index 85cae5e3c..daf64bc3b 100644 --- a/manifests/complete-postgres-manifest.yaml +++ b/manifests/complete-postgres-manifest.yaml @@ -4,7 +4,7 @@ kind: postgresql metadata: name: acid-test-cluster spec: - init_containers: + initContainers: - name: date image: busybox command: [ "/bin/date" ] @@ -58,7 +58,7 @@ spec: loop_wait: &loop_wait 10 retry_timeout: 10 maximum_lag_on_failover: 33554432 - # restore a Postgres DB with point-in-time-recovery + # restore a Postgres DB with point-in-time-recovery # with a non-empty timestamp, clone from an S3 bucket using the latest backup before the timestamp # with an empty/absent timestamp, clone from an existing alive cluster using pg_basebackup # clone: diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml index 3a04d3156..52dd5bf70 100644 --- a/manifests/configmap.yaml +++ b/manifests/configmap.yaml @@ -3,61 +3,77 @@ kind: ConfigMap metadata: name: postgres-operator data: - watched_namespace: "*" # listen to all namespaces - cluster_labels: application:spilo - cluster_name_label: version - pod_role_label: spilo-role - - debug_logging: "true" - workers: "4" - docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7 - pod_service_account_name: "zalando-postgres-operator" - secret_name_template: '{username}.{cluster}.credentials' - cluster_domain: cluster.local - super_username: postgres - enable_teams_api: "false" - spilo_privileged: "false" - # custom_service_annotations: - # "keyx:valuez,keya:valuea" - # set_memory_request_to_limit: "true" - # postgres_superuser_teams: "postgres_superusers" - # enable_team_superuser: "false" - # team_admin_role: "admin" - # enable_admin_role_for_users: "true" - # teams_api_url: http://fake-teams-api.default.svc.cluster.local - # team_api_role_configuration: "log_statement:all" - # infrastructure_roles_secret_name: postgresql-infrastructure-roles - # oauth_token_secret_name: postgresql-operator - # pam_role_name: zalandos - # pam_configuration: | - # https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees - # inherited_labels: "" - aws_region: eu-central-1 # additional_secret_mount: "some-secret-name" # additional_secret_mount_path: "/some/dir" - db_hosted_zone: db.example.com - master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}' - replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}' - enable_master_load_balancer: "true" - enable_replica_load_balancer: "false" - - pdb_name_format: "postgres-{cluster}-pdb" - api_port: "8080" - ring_log_lines: "100" + aws_region: eu-central-1 + cluster_domain: cluster.local cluster_history_entries: "1000" - pod_terminate_grace_period: 5m + cluster_labels: application:spilo + cluster_name_label: version + # custom_service_annotations: + # "keyx:valuez,keya:valuea" + db_hosted_zone: db.example.com + debug_logging: "true" + # default_cpu_limit: "3" + # default_cpu_request: 100m + # default_memory_limit: 1Gi + # default_memory_request: 100Mi + docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7 + # enable_admin_role_for_users: "true" + # enable_database_access: "true" + enable_master_load_balancer: "true" + # enable_pod_antiaffinity: "false" + # enable_pod_disruption_budget: "true" + enable_replica_load_balancer: "false" + # enable_team_superuser: "false" + enable_teams_api: "false" + # etcd_host: "" + # infrastructure_roles_secret_name: postgresql-infrastructure-roles + # inherited_labels: "" + # kube_iam_role: "" + # log_s3_bucket: "" + # logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup" + # logical_backup_s3_bucket: "" + # logical_backup_schedule: "30 00 * * *" + master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}' + # master_pod_move_timeout: 10m + # max_instances: "-1" + # min_instances: "-1" + # node_readiness_label: "" + # oauth_token_secret_name: postgresql-operator + # pam_configuration: | + # https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees + # pam_role_name: zalandos + pdb_name_format: "postgres-{cluster}-pdb" + # pod_antiaffinity_topology_key: "kubernetes.io/hostname" pod_deletion_wait_timeout: 10m + # pod_environment_configmap: "" pod_label_wait_timeout: 10m pod_management_policy: "ordered_ready" + pod_role_label: spilo-role + pod_service_account_name: "zalando-postgres-operator" + pod_terminate_grace_period: 5m + # postgres_superuser_teams: "postgres_superusers" + # protected_role_names: "admin" ready_wait_interval: 3s ready_wait_timeout: 30s - # master_pod_move_timeout: 10m + repair_period: 5m + replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}' replication_username: standby resource_check_interval: 3s resource_check_timeout: 10m resync_period: 5m - - # logical_backup_schedule: "30 00 * * *" - # logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup" - # logical_backup_s3_bucket: "" + ring_log_lines: "100" + secret_name_template: '{username}.{cluster}.credentials' + # sidecar_docker_images: "" + # set_memory_request_to_limit: "true" + spilo_privileged: "false" + super_username: postgres + # team_admin_role: "admin" + # team_api_role_configuration: "log_statement:all" + # teams_api_url: http://fake-teams-api.default.svc.cluster.local + # toleration: "" + # wal_s3_bucket: "" + watched_namespace: "*" # listen to all namespaces + workers: "4" diff --git a/manifests/postgresql-operator-default-configuration.yaml b/manifests/postgresql-operator-default-configuration.yaml index e9c46dd8b..429fb1433 100644 --- a/manifests/postgresql-operator-default-configuration.yaml +++ b/manifests/postgresql-operator-default-configuration.yaml @@ -5,55 +5,56 @@ metadata: configuration: etcd_host: "" docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7 - workers: 4 - min_instances: -1 max_instances: -1 + min_instances: -1 resync_period: 30m repair_period: 5m - - #sidecar_docker_images: - # example: "exampleimage:exampletag" + # set_memory_request_to_limit: true + # sidecar_docker_images: + # example: "exampleimage:exampletag" + workers: 4 users: - super_username: postgres replication_username: standby + super_username: postgres kubernetes: - pod_service_account_name: operator - pod_terminate_grace_period: 5m - pdb_name_format: "postgres-{cluster}-pdb" - enable_pod_disruption_budget: true - secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" cluster_domain: cluster.local - oauth_token_secret_name: postgresql-operator - pod_role_label: spilo-role - # spilo_fsgroup: 103 - spilo_privileged: false cluster_labels: application: spilo + cluster_name_label: cluster-name + enable_pod_antiaffinity: false + enable_pod_disruption_budget: true + # infrastructure_roles_secret_name: "" # inherited_labels: # - application # - app - cluster_name_label: cluster-name - # watched_namespace:"" # node_readiness_label: "" - # toleration: {} - # infrastructure_roles_secret_name: "" + oauth_token_secret_name: postgresql-operator + pdb_name_format: "postgres-{cluster}-pdb" + pod_antiaffinity_topology_key: "kubernetes.io/hostname" # pod_environment_configmap: "" pod_management_policy: "ordered_ready" - enable_pod_antiaffinity: false - pod_antiaffinity_topology_key: "kubernetes.io/hostname" + pod_role_label: spilo-role + pod_service_account_name: operator + pod_terminate_grace_period: 5m + secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + # spilo_fsgroup: 103 + spilo_privileged: false + # toleration: {} + # watched_namespace:"" postgres_pod_resources: + default_cpu_limit: 3 default_cpu_request: 100m - default_memory_request: 100Mi - default_cpu_limit: "3" default_memory_limit: 1Gi + default_memory_request: 100Mi timeouts: - resource_check_interval: 3s - resource_check_timeout: 10m pod_label_wait_timeout: 10m pod_deletion_wait_timeout: 10m ready_wait_interval: 4s ready_wait_timeout: 30s + resource_check_interval: 3s + resource_check_timeout: 10m load_balancer: + # db_hosted_zone: "" enable_master_load_balancer: false enable_replica_load_balancer: false # custom_service_annotations: @@ -62,41 +63,41 @@ configuration: master_dns_name_format: "{cluster}.{team}.{hostedzone}" replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" aws_or_gcp: - # db_hosted_zone: "" - # wal_s3_bucket: "" - # log_s3_bucket: "" - # kube_iam_role: "" - aws_region: eu-central-1 # additional_secret_mount: "some-secret-name" # additional_secret_mount_path: "/some/dir" - debug: - debug_logging: true - enable_database_access: true - teams_api: - enable_teams_api: false - team_api_role_configuration: - log_statement: all - enable_team_superuser: false - team_admin_role: admin - pam_role_name: zalandos - # pam_configuration: "" - protected_role_names: - - admin - # teams_api_url: "" - # postgres_superuser_teams: "postgres_superusers" - logging_rest_api: - api_port: 8008 - ring_log_lines: 100 - cluster_history_entries: 1000 - scalyr: - scalyr_cpu_request: 100m - scalyr_memory_request: 50Mi - scalyr_cpu_limit: "1" - scalyr_memory_limit: 1Gi - # scalyr_api_key: "" - # scalyr_image: "" - # scalyr_server_url: "" + aws_region: eu-central-1 + # kube_iam_role: "" + # log_s3_bucket: "" + # wal_s3_bucket: "" logical_backup: logical_backup_schedule: "30 00 * * *" logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup" logical_backup_s3_bucket: "" + debug: + debug_logging: true + enable_database_access: true + teams_api: + # enable_admin_role_for_users: true + enable_team_superuser: false + enable_teams_api: false + # pam_configuration: "" + pam_role_name: zalandos + # postgres_superuser_teams: "postgres_superusers" + protected_role_names: + - admin + team_admin_role: admin + team_api_role_configuration: + log_statement: all + # teams_api_url: "" + logging_rest_api: + api_port: 8008 + cluster_history_entries: 1000 + ring_log_lines: 100 + scalyr: + # scalyr_api_key: "" + scalyr_cpu_limit: 1 + scalyr_cpu_request: 100m + # scalyr_image: "" + scalyr_memory_limit: 1Gi + scalyr_memory_request: 50Mi + # scalyr_server_url: "" diff --git a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go index f69737c37..30e1d1504 100644 --- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go +++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go @@ -121,6 +121,7 @@ type TeamsAPIConfiguration struct { TeamsAPIUrl string `json:"teams_api_url,omitempty"` TeamAPIRoleConfiguration map[string]string `json:"team_api_role_configuration,omitempty"` EnableTeamSuperuser bool `json:"enable_team_superuser,omitempty"` + EnableAdminRoleForUsers bool `json:"enable_admin_role_for_users,omitempty"` TeamAdminRole string `json:"team_admin_role,omitempty"` PamRoleName string `json:"pam_role_name,omitempty"` PamConfiguration string `json:"pam_configuration,omitempty"` diff --git a/pkg/apis/acid.zalan.do/v1/postgresql_type.go b/pkg/apis/acid.zalan.do/v1/postgresql_type.go index e971716bc..2238b4f2a 100644 --- a/pkg/apis/acid.zalan.do/v1/postgresql_type.go +++ b/pkg/apis/acid.zalan.do/v1/postgresql_type.go @@ -53,8 +53,8 @@ type PostgresSpec struct { Databases map[string]string `json:"databases,omitempty"` Tolerations []v1.Toleration `json:"tolerations,omitempty"` Sidecars []Sidecar `json:"sidecars,omitempty"` - InitContainers []v1.Container `json:"init_containers,omitempty"` - PodPriorityClassName string `json:"pod_priority_class_name,omitempty"` + InitContainers []v1.Container `json:"initContainers,omitempty"` + PodPriorityClassName string `json:"podPriorityClassName,omitempty"` ShmVolume *bool `json:"enableShmVolume,omitempty"` EnableLogicalBackup bool `json:"enableLogicalBackup,omitempty"` LogicalBackupSchedule string `json:"logicalBackupSchedule,omitempty"` diff --git a/pkg/controller/operator_config.go b/pkg/controller/operator_config.go index c74de8960..bfd46f163 100644 --- a/pkg/controller/operator_config.go +++ b/pkg/controller/operator_config.go @@ -95,6 +95,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.TeamsAPIUrl = fromCRD.TeamsAPI.TeamsAPIUrl result.TeamAPIRoleConfiguration = fromCRD.TeamsAPI.TeamAPIRoleConfiguration result.EnableTeamSuperuser = fromCRD.TeamsAPI.EnableTeamSuperuser + result.EnableAdminRoleForUsers = fromCRD.TeamsAPI.EnableAdminRoleForUsers result.TeamAdminRole = fromCRD.TeamsAPI.TeamAdminRole result.PamRoleName = fromCRD.TeamsAPI.PamRoleName result.PostgresSuperuserTeams = fromCRD.TeamsAPI.PostgresSuperuserTeams