add inheritedAnnotations feature
This commit is contained in:
Felix Kunde
parent
c4b1d69ef9
commit
63e7304a0e
|
|
@ -166,6 +166,10 @@ spec:
|
|||
type: string
|
||||
template:
|
||||
type: boolean
|
||||
inherited_annotations:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
inherited_labels:
|
||||
type: array
|
||||
items:
|
||||
|
|
|
|||
|
|
@ -89,7 +89,11 @@ configKubernetes:
|
|||
# namespaced name of the secret containing infrastructure roles names and passwords
|
||||
# infrastructure_roles_secret_name: postgresql-infrastructure-roles
|
||||
|
||||
# list of labels that can be inherited from the cluster manifest
|
||||
# list of annotation keys that can be inherited from the cluster manifest
|
||||
# inherited_labels:
|
||||
# - owned-by
|
||||
|
||||
# list of label keys that can be inherited from the cluster manifest
|
||||
# inherited_labels:
|
||||
# - application
|
||||
# - environment
|
||||
|
|
|
|||
|
|
@ -86,7 +86,10 @@ configKubernetes:
|
|||
# namespaced name of the secret containing infrastructure roles names and passwords
|
||||
# infrastructure_roles_secret_name: postgresql-infrastructure-roles
|
||||
|
||||
# list of labels that can be inherited from the cluster manifest
|
||||
# list of annotation keys that can be inherited from the cluster manifest
|
||||
# inherited_annotations: owned-by
|
||||
|
||||
# list of label keys that can be inherited from the cluster manifest
|
||||
# inherited_labels: application,environment
|
||||
|
||||
# timeout for successful migration of master pods from unschedulable node
|
||||
|
|
|
|||
|
|
@ -271,6 +271,12 @@ configuration they are grouped under the `kubernetes` key.
|
|||
are extracted. For the ConfigMap this has to be a string which allows
|
||||
referencing only one infrastructure roles secret. The default is empty.
|
||||
|
||||
* **inherited_annotations**
|
||||
list of annotation keys that can be inherited from the cluster manifest, and
|
||||
added to each child objects (`Deployment`, `StatefulSet`, `Pod`, `PVCs`,
|
||||
`PDB`, `Service`, `Endpoints` and `Secrets`) created by the operator.
|
||||
The default is empty.
|
||||
|
||||
* **pod_role_label**
|
||||
name of the label assigned to the Postgres pods (and services/endpoints) by
|
||||
the operator. The default is `spilo-role`.
|
||||
|
|
@ -280,15 +286,16 @@ configuration they are grouped under the `kubernetes` key.
|
|||
objects. The default is `application:spilo`.
|
||||
|
||||
* **inherited_labels**
|
||||
list of labels that can be inherited from the cluster manifest, and added to
|
||||
each child objects (`StatefulSet`, `Pod`, `Service` and `Endpoints`) created
|
||||
by the operator. Typical use case is to dynamically pass labels that are
|
||||
specific to a given Postgres cluster, in order to implement `NetworkPolicy`.
|
||||
The default is empty.
|
||||
list of label keys that can be inherited from the cluster manifest, and
|
||||
added to each child objects (`Deployment`, `StatefulSet`, `Pod`, `PVCs`,
|
||||
`PDB`, `Service`, `Endpoints` and `Secrets`) created by the operator.
|
||||
Typical use case is to dynamically pass labels that are specific to a
|
||||
given Postgres cluster, in order to implement `NetworkPolicy`. The default
|
||||
is empty.
|
||||
|
||||
* **cluster_name_label**
|
||||
name of the label assigned to Kubernetes objects created by the operator that
|
||||
indicates which cluster a given object belongs to. The default is
|
||||
name of the label assigned to Kubernetes objects created by the operator
|
||||
that indicates which cluster a given object belongs to. The default is
|
||||
`cluster-name`.
|
||||
|
||||
* **node_readiness_label**
|
||||
|
|
|
|||
|
|
@ -852,6 +852,7 @@ class EndToEndTestCase(unittest.TestCase):
|
|||
patch_sset_propagate_annotations = {
|
||||
"data": {
|
||||
"downscaler_annotations": "deployment-time,downscaler/*",
|
||||
"inherited_annotations": "owned-by",
|
||||
}
|
||||
}
|
||||
k8s.update_config(patch_sset_propagate_annotations)
|
||||
|
|
@ -861,6 +862,7 @@ class EndToEndTestCase(unittest.TestCase):
|
|||
"annotations": {
|
||||
"deployment-time": "2020-04-30 12:00:00",
|
||||
"downscaler/downtime_replicas": "0",
|
||||
"owned-by": "acid"
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
@ -870,6 +872,7 @@ class EndToEndTestCase(unittest.TestCase):
|
|||
annotations = {
|
||||
"deployment-time": "2020-04-30 12:00:00",
|
||||
"downscaler/downtime_replicas": "0",
|
||||
"owned-by": "acid",
|
||||
}
|
||||
|
||||
self.eventuallyTrue(lambda: k8s.check_statefulset_annotations(cluster_label, annotations), "Annotations missing")
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ data:
|
|||
# kubernetes_use_configmaps: "false"
|
||||
# infrastructure_roles_secret_name: "postgresql-infrastructure-roles"
|
||||
# infrastructure_roles_secrets: "secretname:monitoring-roles,userkey:user,passwordkey:password,rolekey:inrole"
|
||||
# inherited_annotations: owned-by
|
||||
# inherited_labels: application,environment
|
||||
# kube_iam_role: ""
|
||||
# log_s3_bucket: ""
|
||||
|
|
|
|||
|
|
@ -162,6 +162,10 @@ spec:
|
|||
type: string
|
||||
template:
|
||||
type: boolean
|
||||
inherited_annotations:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
inherited_labels:
|
||||
type: array
|
||||
items:
|
||||
|
|
|
|||
|
|
@ -49,6 +49,8 @@ configuration:
|
|||
# - secretname: "other-infrastructure-role"
|
||||
# userkey: "other-user-key"
|
||||
# passwordkey: "other-password-key"
|
||||
# inherited_annotations:
|
||||
# - owned-by
|
||||
# inherited_labels:
|
||||
# - application
|
||||
# - environment
|
||||
|
|
|
|||
|
|
@ -963,6 +963,14 @@ var OperatorConfigCRDResourceValidation = apiextv1.CustomResourceValidation{
|
|||
},
|
||||
},
|
||||
},
|
||||
"inherited_annotations": {
|
||||
Type: "array",
|
||||
Items: &apiextv1.JSONSchemaPropsOrArray{
|
||||
Schema: &apiextv1.JSONSchemaProps{
|
||||
Type: "string",
|
||||
},
|
||||
},
|
||||
},
|
||||
"inherited_labels": {
|
||||
Type: "array",
|
||||
Items: &apiextv1.JSONSchemaPropsOrArray{
|
||||
|
|
@ -1400,7 +1408,7 @@ func buildCRD(name, kind, plural, short string, columns []apiextv1.CustomResourc
|
|||
},
|
||||
Scope: apiextv1.NamespaceScoped,
|
||||
Versions: []apiextv1.CustomResourceDefinitionVersion{
|
||||
apiextv1.CustomResourceDefinitionVersion{
|
||||
{
|
||||
Name: SchemeGroupVersion.Version,
|
||||
Served: true,
|
||||
Storage: true,
|
||||
|
|
|
|||
|
|
@ -66,6 +66,7 @@ type KubernetesMetaConfiguration struct {
|
|||
PodRoleLabel string `json:"pod_role_label,omitempty"`
|
||||
ClusterLabels map[string]string `json:"cluster_labels,omitempty"`
|
||||
InheritedLabels []string `json:"inherited_labels,omitempty"`
|
||||
InheritedAnnotations []string `json:"inherited_annotations,omitempty"`
|
||||
DownscalerAnnotations []string `json:"downscaler_annotations,omitempty"`
|
||||
ClusterNameLabel string `json:"cluster_name_label,omitempty"`
|
||||
DeleteAnnotationDateKey string `json:"delete_annotation_date_key,omitempty"`
|
||||
|
|
@ -167,7 +168,7 @@ type ScalyrConfiguration struct {
|
|||
ScalyrMemoryLimit string `json:"scalyr_memory_limit,omitempty"`
|
||||
}
|
||||
|
||||
// Defines default configuration for connection pooler
|
||||
// ConnectionPoolerConfiguration defines default configuration for connection pooler
|
||||
type ConnectionPoolerConfiguration struct {
|
||||
NumberOfInstances *int32 `json:"connection_pooler_number_of_instances,omitempty"`
|
||||
Schema string `json:"connection_pooler_schema,omitempty"`
|
||||
|
|
|
|||
|
|
@ -202,6 +202,11 @@ func (in *KubernetesMetaConfiguration) DeepCopyInto(out *KubernetesMetaConfigura
|
|||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.InheritedAnnotations != nil {
|
||||
in, out := &in.InheritedAnnotations, &out.InheritedAnnotations
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.DownscalerAnnotations != nil {
|
||||
in, out := &in.DownscalerAnnotations, &out.DownscalerAnnotations
|
||||
*out = make([]string, len(*in))
|
||||
|
|
@ -623,6 +628,11 @@ func (in *PostgresSpec) DeepCopyInto(out *PostgresSpec) {
|
|||
(*out)[key] = *val.DeepCopy()
|
||||
}
|
||||
}
|
||||
if in.SchedulerName != nil {
|
||||
in, out := &in.SchedulerName, &out.SchedulerName
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.Tolerations != nil {
|
||||
in, out := &in.Tolerations, &out.Tolerations
|
||||
*out = make([]corev1.Toleration, len(*in))
|
||||
|
|
@ -687,11 +697,6 @@ func (in *PostgresSpec) DeepCopyInto(out *PostgresSpec) {
|
|||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
if in.SchedulerName != nil {
|
||||
in, out := &in.SchedulerName, &out.SchedulerName
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -284,10 +284,9 @@ func (c *Cluster) generateConnectionPoolerPodTemplate(role PostgresRole) (
|
|||
|
||||
podTemplate := &v1.PodTemplateSpec{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Labels: c.connectionPoolerLabels(role, true).MatchLabels,
|
||||
Namespace: c.Namespace,
|
||||
// Annotations: c.annotationsSet(c.generatePodAnnotations(spec)),
|
||||
Annotations: c.generatePodAnnotations(spec),
|
||||
Labels: c.connectionPoolerLabels(role, true).MatchLabels,
|
||||
Namespace: c.Namespace,
|
||||
Annotations: c.annotationsSet(c.generatePodAnnotations(spec)),
|
||||
},
|
||||
Spec: v1.PodSpec{
|
||||
ServiceAccountName: c.OpConfig.PodServiceAccountName,
|
||||
|
|
@ -337,11 +336,10 @@ func (c *Cluster) generateConnectionPoolerDeployment(connectionPooler *Connectio
|
|||
|
||||
deployment := &appsv1.Deployment{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: connectionPooler.Name,
|
||||
Namespace: connectionPooler.Namespace,
|
||||
Labels: c.connectionPoolerLabels(connectionPooler.Role, true).MatchLabels,
|
||||
// Annotations: c.annotationsSet(map[string]string{}),
|
||||
Annotations: map[string]string{},
|
||||
Name: connectionPooler.Name,
|
||||
Namespace: connectionPooler.Namespace,
|
||||
Labels: c.connectionPoolerLabels(connectionPooler.Role, true).MatchLabels,
|
||||
Annotations: c.annotationsSet(map[string]string{}),
|
||||
// make StatefulSet object its owner to represent the dependency.
|
||||
// By itself StatefulSet is being deleted with "Orphaned"
|
||||
// propagation policy, which means that it's deletion will not
|
||||
|
|
@ -389,12 +387,10 @@ func (c *Cluster) generateConnectionPoolerService(connectionPooler *ConnectionPo
|
|||
|
||||
service := &v1.Service{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: connectionPooler.Name,
|
||||
Namespace: connectionPooler.Namespace,
|
||||
Labels: c.connectionPoolerLabels(connectionPooler.Role, false).MatchLabels,
|
||||
// TODO add generateServiceAnnotations?
|
||||
// TODO c.annotationsSet(map[string]string{})
|
||||
Annotations: map[string]string{},
|
||||
Name: connectionPooler.Name,
|
||||
Namespace: connectionPooler.Namespace,
|
||||
Labels: c.connectionPoolerLabels(connectionPooler.Role, false).MatchLabels,
|
||||
Annotations: c.annotationsSet(c.generateServiceAnnotations(connectionPooler.Role, spec)),
|
||||
// make StatefulSet object its owner to represent the dependency.
|
||||
// By itself StatefulSet is being deleted with "Orphaned"
|
||||
// propagation policy, which means that it's deletion will not
|
||||
|
|
|
|||
|
|
@ -1180,8 +1180,7 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
|
|||
podTemplate, err = c.generatePodTemplate(
|
||||
c.Namespace,
|
||||
c.labelsSet(true),
|
||||
// TODO c.annotationsSet(annotations),
|
||||
annotations,
|
||||
c.annotationsSet(annotations),
|
||||
spiloContainer,
|
||||
initContainers,
|
||||
sidecarContainers,
|
||||
|
|
@ -1232,11 +1231,10 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
|
|||
|
||||
statefulSet := &appsv1.StatefulSet{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: c.statefulSetName(),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.labelsSet(true),
|
||||
// TODO Annotations: c.annotationsSet(c.AnnotationsToPropagate(annotations)),
|
||||
Annotations: c.AnnotationsToPropagate(annotations),
|
||||
Name: c.statefulSetName(),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.labelsSet(true),
|
||||
Annotations: c.annotationsSet(c.AnnotationsToPropagate(annotations)),
|
||||
},
|
||||
Spec: appsv1.StatefulSetSpec{
|
||||
Replicas: &numberOfInstances,
|
||||
|
|
@ -1529,10 +1527,10 @@ func (c *Cluster) generateSingleUserSecret(namespace string, pgUser spec.PgUser)
|
|||
username := pgUser.Name
|
||||
secret := v1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: c.credentialSecretName(username),
|
||||
Namespace: namespace,
|
||||
Labels: c.labelsSet(true),
|
||||
// TODO Annotations: c.annotationsSet(map[string]string{}),
|
||||
Name: c.credentialSecretName(username),
|
||||
Namespace: namespace,
|
||||
Labels: c.labelsSet(true),
|
||||
Annotations: c.annotationsSet(map[string]string{}),
|
||||
},
|
||||
Type: v1.SecretTypeOpaque,
|
||||
Data: map[string][]byte{
|
||||
|
|
@ -1603,11 +1601,10 @@ func (c *Cluster) generateService(role PostgresRole, spec *acidv1.PostgresSpec)
|
|||
|
||||
service := &v1.Service{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: c.serviceName(role),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.roleLabelsSet(true, role),
|
||||
// TODO Annotations: c.annotationsSet(c.generateServiceAnnotations(role, spec)),
|
||||
Annotations: c.generateServiceAnnotations(role, spec),
|
||||
Name: c.serviceName(role),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.roleLabelsSet(true, role),
|
||||
Annotations: c.annotationsSet(c.generateServiceAnnotations(role, spec)),
|
||||
},
|
||||
Spec: serviceSpec,
|
||||
}
|
||||
|
|
@ -1654,10 +1651,10 @@ func (c *Cluster) generateServiceAnnotations(role PostgresRole, spec *acidv1.Pos
|
|||
func (c *Cluster) generateEndpoint(role PostgresRole, subsets []v1.EndpointSubset) *v1.Endpoints {
|
||||
endpoints := &v1.Endpoints{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: c.endpointName(role),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.roleLabelsSet(true, role),
|
||||
// TODO Annotations: c.annotationsSet(map[string]string{}),
|
||||
Name: c.endpointName(role),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.roleLabelsSet(true, role),
|
||||
Annotations: c.annotationsSet(map[string]string{}),
|
||||
},
|
||||
}
|
||||
if len(subsets) > 0 {
|
||||
|
|
@ -1811,10 +1808,10 @@ func (c *Cluster) generatePodDisruptionBudget() *policybeta1.PodDisruptionBudget
|
|||
|
||||
return &policybeta1.PodDisruptionBudget{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: c.podDisruptionBudgetName(),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.labelsSet(true),
|
||||
// TODO Annotations: c.annotationsSet(map[string]string{}),
|
||||
Name: c.podDisruptionBudgetName(),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.labelsSet(true),
|
||||
Annotations: c.annotationsSet(map[string]string{}),
|
||||
},
|
||||
Spec: policybeta1.PodDisruptionBudgetSpec{
|
||||
MinAvailable: &minAvailable,
|
||||
|
|
@ -1934,10 +1931,10 @@ func (c *Cluster) generateLogicalBackupJob() (*batchv1beta1.CronJob, error) {
|
|||
|
||||
cronJob := &batchv1beta1.CronJob{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: c.getLogicalBackupJobName(),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.labelsSet(true),
|
||||
// TODO Annotations: c.annotationsSet(map[string]string{}),
|
||||
Name: c.getLogicalBackupJobName(),
|
||||
Namespace: c.Namespace,
|
||||
Labels: c.labelsSet(true),
|
||||
Annotations: c.annotationsSet(map[string]string{}),
|
||||
},
|
||||
Spec: batchv1beta1.CronJobSpec{
|
||||
Schedule: schedule,
|
||||
|
|
|
|||
|
|
@ -271,6 +271,27 @@ func (c *Cluster) getTeamMembers(teamID string) ([]string, error) {
|
|||
return members, nil
|
||||
}
|
||||
|
||||
// Returns annotations used to create or list k8s objects such as pods
|
||||
// For backward compatibility, shouldAddExtraLabels must be false
|
||||
// when listing k8s objects. See operator PR #252
|
||||
func (c *Cluster) annotationsSet(annotations map[string]string) map[string]string {
|
||||
|
||||
// allow to inherit certain labels from the 'postgres' object
|
||||
if spec, err := c.GetSpec(); err == nil {
|
||||
for k, v := range spec.ObjectMeta.Annotations {
|
||||
for _, match := range c.OpConfig.InheritedAnnotations {
|
||||
if k == match {
|
||||
annotations[k] = v
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
c.logger.Warningf("could not get the list of InheritedAnnoations for cluster %q: %v", c.Name, err)
|
||||
}
|
||||
|
||||
return annotations
|
||||
}
|
||||
|
||||
func (c *Cluster) waitForPodLabel(podEvents chan PodEvent, stopChan chan struct{}, role *PostgresRole) (*v1.Pod, error) {
|
||||
timeout := time.After(c.OpConfig.PodLabelWaitTimeout)
|
||||
for {
|
||||
|
|
|
|||
|
|
@ -92,6 +92,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
|
|||
result.PodRoleLabel = util.Coalesce(fromCRD.Kubernetes.PodRoleLabel, "spilo-role")
|
||||
result.ClusterLabels = util.CoalesceStrMap(fromCRD.Kubernetes.ClusterLabels, map[string]string{"application": "spilo"})
|
||||
result.InheritedLabels = fromCRD.Kubernetes.InheritedLabels
|
||||
result.InheritedAnnotations = fromCRD.Kubernetes.InheritedAnnotations
|
||||
result.DownscalerAnnotations = fromCRD.Kubernetes.DownscalerAnnotations
|
||||
result.ClusterNameLabel = util.Coalesce(fromCRD.Kubernetes.ClusterNameLabel, "cluster-name")
|
||||
result.DeleteAnnotationDateKey = fromCRD.Kubernetes.DeleteAnnotationDateKey
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ type Resources struct {
|
|||
SpiloPrivileged bool `name:"spilo_privileged" default:"false"`
|
||||
ClusterLabels map[string]string `name:"cluster_labels" default:"application:spilo"`
|
||||
InheritedLabels []string `name:"inherited_labels" default:""`
|
||||
InheritedAnnotations []string `name:"inherited_annotations" default:""`
|
||||
DownscalerAnnotations []string `name:"downscaler_annotations"`
|
||||
ClusterNameLabel string `name:"cluster_name_label" default:"cluster-name"`
|
||||
DeleteAnnotationDateKey string `name:"delete_annotation_date_key"`
|
||||
|
|
|
|||
Loading…
Reference in New Issue