add inheritedAnnotations feature

charts/postgres-operator/crds/operatorconfigurations.yaml

@@ -166,6 +166,10 @@ spec:
                           type: string
                         template:
                           type: boolean
+                  inherited_annotations:
+                    type: array
+                    items:
+                      type: string
                   inherited_labels:
                     type: array
                     items:

charts/postgres-operator/values-crd.yaml

@@ -89,7 +89,11 @@ configKubernetes:
   # namespaced name of the secret containing infrastructure roles names and passwords
   # infrastructure_roles_secret_name: postgresql-infrastructure-roles
 
-  # list of labels that can be inherited from the cluster manifest
+  # list of annotation keys that can be inherited from the cluster manifest
+  # inherited_labels:
+  # - owned-by
+
+  # list of label keys that can be inherited from the cluster manifest
   # inherited_labels:
   # - application
   # - environment

charts/postgres-operator/values.yaml

@@ -86,7 +86,10 @@ configKubernetes:
   # namespaced name of the secret containing infrastructure roles names and passwords
   # infrastructure_roles_secret_name: postgresql-infrastructure-roles
 
-  # list of labels that can be inherited from the cluster manifest
+  # list of annotation keys that can be inherited from the cluster manifest
+  # inherited_annotations: owned-by
+
+  # list of label keys that can be inherited from the cluster manifest
   # inherited_labels: application,environment
 
   # timeout for successful migration of master pods from unschedulable node

docs/reference/operator_parameters.md

@@ -271,6 +271,12 @@ configuration they are grouped under the `kubernetes` key.
   are extracted. For the ConfigMap this has to be a string which allows
   referencing only one infrastructure roles secret. The default is empty.
 
+* **inherited_annotations**
+  list of annotation keys that can be inherited from the cluster manifest, and
+  added to each child objects  (`Deployment`, `StatefulSet`, `Pod`, `PVCs`,
+  `PDB`, `Service`, `Endpoints` and `Secrets`) created by the operator.
+  The default is empty.
+
 * **pod_role_label**
   name of the label assigned to the Postgres pods (and services/endpoints) by
   the operator. The default is `spilo-role`.
@@ -280,15 +286,16 @@ configuration they are grouped under the `kubernetes` key.
   objects. The default is `application:spilo`.
 
 * **inherited_labels**
-  list of labels that can be inherited from the cluster manifest, and added to
+  list of label keys that can be inherited from the cluster manifest, and
-  each child objects (`StatefulSet`, `Pod`, `Service` and `Endpoints`) created
+  added to each child objects (`Deployment`, `StatefulSet`, `Pod`, `PVCs`,
-  by the operator. Typical use case is to dynamically pass labels that are
+  `PDB`, `Service`, `Endpoints` and `Secrets`) created by the operator.
-  specific to a given Postgres cluster, in order to implement `NetworkPolicy`.
+  Typical use case is to dynamically pass labels that are specific to a
-  The default is empty.
+  given Postgres cluster, in order to implement `NetworkPolicy`. The default
+  is empty.
 
 * **cluster_name_label**
-  name of the label assigned to Kubernetes objects created by the operator that
+  name of the label assigned to Kubernetes objects created by the operator
-  indicates which cluster a given object belongs to. The default is
+  that indicates which cluster a given object belongs to. The default is
   `cluster-name`.
 
 * **node_readiness_label**

e2e/tests/test_e2e.py

@@ -852,6 +852,7 @@ class EndToEndTestCase(unittest.TestCase):
         patch_sset_propagate_annotations = {
             "data": {
                 "downscaler_annotations": "deployment-time,downscaler/*",
+                "inherited_annotations": "owned-by",
             }
         }
         k8s.update_config(patch_sset_propagate_annotations)
@@ -861,6 +862,7 @@ class EndToEndTestCase(unittest.TestCase):
                 "annotations": {
                     "deployment-time": "2020-04-30 12:00:00",
                     "downscaler/downtime_replicas": "0",
+                    "owned-by": "acid"
                 },
             }
         }
@@ -870,6 +872,7 @@ class EndToEndTestCase(unittest.TestCase):
         annotations = {
             "deployment-time": "2020-04-30 12:00:00",
             "downscaler/downtime_replicas": "0",
+            "owned-by": "acid",
         }
 
         self.eventuallyTrue(lambda: k8s.check_statefulset_annotations(cluster_label, annotations), "Annotations missing")

manifests/configmap.yaml

@@ -54,6 +54,7 @@ data:
   # kubernetes_use_configmaps: "false"
   # infrastructure_roles_secret_name: "postgresql-infrastructure-roles"
   # infrastructure_roles_secrets: "secretname:monitoring-roles,userkey:user,passwordkey:password,rolekey:inrole"
+  # inherited_annotations: owned-by
   # inherited_labels: application,environment
   # kube_iam_role: ""
   # log_s3_bucket: ""

manifests/operatorconfiguration.crd.yaml

@@ -162,6 +162,10 @@ spec:
                           type: string
                         template:
                           type: boolean
+                  inherited_annotations:
+                    type: array
+                    items:
+                      type: string
                   inherited_labels:
                     type: array
                     items:

manifests/postgresql-operator-default-configuration.yaml

@@ -49,6 +49,8 @@ configuration:
     # - secretname: "other-infrastructure-role"
     #   userkey: "other-user-key"
     #   passwordkey: "other-password-key"
+    # inherited_annotations:
+    # - owned-by
     # inherited_labels:
     # - application
     # - environment

pkg/apis/acid.zalan.do/v1/crds.go

@@ -963,6 +963,14 @@ var OperatorConfigCRDResourceValidation = apiextv1.CustomResourceValidation{
 									},
 								},
 							},
+							"inherited_annotations": {
+								Type: "array",
+								Items: &apiextv1.JSONSchemaPropsOrArray{
+									Schema: &apiextv1.JSONSchemaProps{
+										Type: "string",
+									},
+								},
+							},
 							"inherited_labels": {
 								Type: "array",
 								Items: &apiextv1.JSONSchemaPropsOrArray{
@@ -1400,7 +1408,7 @@ func buildCRD(name, kind, plural, short string, columns []apiextv1.CustomResourc
 			},
 			Scope: apiextv1.NamespaceScoped,
 			Versions: []apiextv1.CustomResourceDefinitionVersion{
-				apiextv1.CustomResourceDefinitionVersion{
+				{
 					Name:    SchemeGroupVersion.Version,
 					Served:  true,
 					Storage: true,

pkg/apis/acid.zalan.do/v1/operator_configuration_type.go

@@ -66,6 +66,7 @@ type KubernetesMetaConfiguration struct {
 	PodRoleLabel                           string                       `json:"pod_role_label,omitempty"`
 	ClusterLabels                          map[string]string            `json:"cluster_labels,omitempty"`
 	InheritedLabels                        []string                     `json:"inherited_labels,omitempty"`
+	InheritedAnnotations                   []string                     `json:"inherited_annotations,omitempty"`
 	DownscalerAnnotations                  []string                     `json:"downscaler_annotations,omitempty"`
 	ClusterNameLabel                       string                       `json:"cluster_name_label,omitempty"`
 	DeleteAnnotationDateKey                string                       `json:"delete_annotation_date_key,omitempty"`
@@ -167,7 +168,7 @@ type ScalyrConfiguration struct {
 	ScalyrMemoryLimit   string `json:"scalyr_memory_limit,omitempty"`
 }
 
-// Defines default configuration for connection pooler
+// ConnectionPoolerConfiguration defines default configuration for connection pooler
 type ConnectionPoolerConfiguration struct {
 	NumberOfInstances    *int32 `json:"connection_pooler_number_of_instances,omitempty"`
 	Schema               string `json:"connection_pooler_schema,omitempty"`

pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go

@@ -202,6 +202,11 @@ func (in *KubernetesMetaConfiguration) DeepCopyInto(out *KubernetesMetaConfigura
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.InheritedAnnotations != nil {
+		in, out := &in.InheritedAnnotations, &out.InheritedAnnotations
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	if in.DownscalerAnnotations != nil {
 		in, out := &in.DownscalerAnnotations, &out.DownscalerAnnotations
 		*out = make([]string, len(*in))
@@ -623,6 +628,11 @@ func (in *PostgresSpec) DeepCopyInto(out *PostgresSpec) {
 			(*out)[key] = *val.DeepCopy()
 		}
 	}
+	if in.SchedulerName != nil {
+		in, out := &in.SchedulerName, &out.SchedulerName
+		*out = new(string)
+		**out = **in
+	}
 	if in.Tolerations != nil {
 		in, out := &in.Tolerations, &out.Tolerations
 		*out = make([]corev1.Toleration, len(*in))
@@ -687,11 +697,6 @@ func (in *PostgresSpec) DeepCopyInto(out *PostgresSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	if in.SchedulerName != nil {
-		in, out := &in.SchedulerName, &out.SchedulerName
-		*out = new(string)
-		**out = **in
-	}
 	return
 }
 

pkg/cluster/connection_pooler.go

@@ -286,8 +286,7 @@ func (c *Cluster) generateConnectionPoolerPodTemplate(role PostgresRole) (
 		ObjectMeta: metav1.ObjectMeta{
 			Labels:      c.connectionPoolerLabels(role, true).MatchLabels,
 			Namespace:   c.Namespace,
-			// Annotations: c.annotationsSet(c.generatePodAnnotations(spec)),
+			Annotations: c.annotationsSet(c.generatePodAnnotations(spec)),
-			Annotations: c.generatePodAnnotations(spec),
 		},
 		Spec: v1.PodSpec{
 			ServiceAccountName:            c.OpConfig.PodServiceAccountName,
@@ -340,8 +339,7 @@ func (c *Cluster) generateConnectionPoolerDeployment(connectionPooler *Connectio
 			Name:        connectionPooler.Name,
 			Namespace:   connectionPooler.Namespace,
 			Labels:      c.connectionPoolerLabels(connectionPooler.Role, true).MatchLabels,
-			// Annotations: c.annotationsSet(map[string]string{}),
+			Annotations: c.annotationsSet(map[string]string{}),
-			Annotations: map[string]string{},
 			// make StatefulSet object its owner to represent the dependency.
 			// By itself StatefulSet is being deleted with "Orphaned"
 			// propagation policy, which means that it's deletion will not
@@ -392,9 +390,7 @@ func (c *Cluster) generateConnectionPoolerService(connectionPooler *ConnectionPo
 			Name:        connectionPooler.Name,
 			Namespace:   connectionPooler.Namespace,
 			Labels:      c.connectionPoolerLabels(connectionPooler.Role, false).MatchLabels,
-			// TODO add generateServiceAnnotations?
+			Annotations: c.annotationsSet(c.generateServiceAnnotations(connectionPooler.Role, spec)),
-			// TODO c.annotationsSet(map[string]string{})
-			Annotations: map[string]string{},
 			// make StatefulSet object its owner to represent the dependency.
 			// By itself StatefulSet is being deleted with "Orphaned"
 			// propagation policy, which means that it's deletion will not

pkg/cluster/k8sres.go

@@ -1180,8 +1180,7 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
 	podTemplate, err = c.generatePodTemplate(
 		c.Namespace,
 		c.labelsSet(true),
-		// TODO c.annotationsSet(annotations),
+		c.annotationsSet(annotations),
-		annotations,
 		spiloContainer,
 		initContainers,
 		sidecarContainers,
@@ -1235,8 +1234,7 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
 			Name:        c.statefulSetName(),
 			Namespace:   c.Namespace,
 			Labels:      c.labelsSet(true),
-			// TODO Annotations: c.annotationsSet(c.AnnotationsToPropagate(annotations)),
+			Annotations: c.annotationsSet(c.AnnotationsToPropagate(annotations)),
-			Annotations: c.AnnotationsToPropagate(annotations),
 		},
 		Spec: appsv1.StatefulSetSpec{
 			Replicas:             &numberOfInstances,
@@ -1532,7 +1530,7 @@ func (c *Cluster) generateSingleUserSecret(namespace string, pgUser spec.PgUser)
 			Name:        c.credentialSecretName(username),
 			Namespace:   namespace,
 			Labels:      c.labelsSet(true),
-			// TODO Annotations: c.annotationsSet(map[string]string{}),
+			Annotations: c.annotationsSet(map[string]string{}),
 		},
 		Type: v1.SecretTypeOpaque,
 		Data: map[string][]byte{
@@ -1606,8 +1604,7 @@ func (c *Cluster) generateService(role PostgresRole, spec *acidv1.PostgresSpec)
 			Name:        c.serviceName(role),
 			Namespace:   c.Namespace,
 			Labels:      c.roleLabelsSet(true, role),
-			// TODO Annotations: c.annotationsSet(c.generateServiceAnnotations(role, spec)),
+			Annotations: c.annotationsSet(c.generateServiceAnnotations(role, spec)),
-			Annotations: c.generateServiceAnnotations(role, spec),
 		},
 		Spec: serviceSpec,
 	}
@@ -1657,7 +1654,7 @@ func (c *Cluster) generateEndpoint(role PostgresRole, subsets []v1.EndpointSubse
 			Name:        c.endpointName(role),
 			Namespace:   c.Namespace,
 			Labels:      c.roleLabelsSet(true, role),
-			// TODO Annotations: c.annotationsSet(map[string]string{}),
+			Annotations: c.annotationsSet(map[string]string{}),
 		},
 	}
 	if len(subsets) > 0 {
@@ -1814,7 +1811,7 @@ func (c *Cluster) generatePodDisruptionBudget() *policybeta1.PodDisruptionBudget
 			Name:        c.podDisruptionBudgetName(),
 			Namespace:   c.Namespace,
 			Labels:      c.labelsSet(true),
-			// TODO Annotations: c.annotationsSet(map[string]string{}),
+			Annotations: c.annotationsSet(map[string]string{}),
 		},
 		Spec: policybeta1.PodDisruptionBudgetSpec{
 			MinAvailable: &minAvailable,
@@ -1937,7 +1934,7 @@ func (c *Cluster) generateLogicalBackupJob() (*batchv1beta1.CronJob, error) {
 			Name:        c.getLogicalBackupJobName(),
 			Namespace:   c.Namespace,
 			Labels:      c.labelsSet(true),
-			// TODO Annotations: c.annotationsSet(map[string]string{}),
+			Annotations: c.annotationsSet(map[string]string{}),
 		},
 		Spec: batchv1beta1.CronJobSpec{
 			Schedule:          schedule,

pkg/cluster/util.go

@@ -271,6 +271,27 @@ func (c *Cluster) getTeamMembers(teamID string) ([]string, error) {
 	return members, nil
 }
 
+// Returns annotations used to create or list k8s objects such as pods
+// For backward compatibility, shouldAddExtraLabels must be false
+// when listing k8s objects. See operator PR #252
+func (c *Cluster) annotationsSet(annotations map[string]string) map[string]string {
+
+	// allow to inherit certain labels from the 'postgres' object
+	if spec, err := c.GetSpec(); err == nil {
+		for k, v := range spec.ObjectMeta.Annotations {
+			for _, match := range c.OpConfig.InheritedAnnotations {
+				if k == match {
+					annotations[k] = v
+				}
+			}
+		}
+	} else {
+		c.logger.Warningf("could not get the list of InheritedAnnoations for cluster %q: %v", c.Name, err)
+	}
+
+	return annotations
+}
+
 func (c *Cluster) waitForPodLabel(podEvents chan PodEvent, stopChan chan struct{}, role *PostgresRole) (*v1.Pod, error) {
 	timeout := time.After(c.OpConfig.PodLabelWaitTimeout)
 	for {

pkg/controller/operator_config.go

@@ -92,6 +92,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.PodRoleLabel = util.Coalesce(fromCRD.Kubernetes.PodRoleLabel, "spilo-role")
 	result.ClusterLabels = util.CoalesceStrMap(fromCRD.Kubernetes.ClusterLabels, map[string]string{"application": "spilo"})
 	result.InheritedLabels = fromCRD.Kubernetes.InheritedLabels
+	result.InheritedAnnotations = fromCRD.Kubernetes.InheritedAnnotations
 	result.DownscalerAnnotations = fromCRD.Kubernetes.DownscalerAnnotations
 	result.ClusterNameLabel = util.Coalesce(fromCRD.Kubernetes.ClusterNameLabel, "cluster-name")
 	result.DeleteAnnotationDateKey = fromCRD.Kubernetes.DeleteAnnotationDateKey

pkg/util/config/config.go

@@ -36,6 +36,7 @@ type Resources struct {
 	SpiloPrivileged         bool                `name:"spilo_privileged" default:"false"`
 	ClusterLabels           map[string]string   `name:"cluster_labels" default:"application:spilo"`
 	InheritedLabels         []string            `name:"inherited_labels" default:""`
+	InheritedAnnotations    []string            `name:"inherited_annotations" default:""`
 	DownscalerAnnotations   []string            `name:"downscaler_annotations"`
 	ClusterNameLabel        string              `name:"cluster_name_label" default:"cluster-name"`
 	DeleteAnnotationDateKey string              `name:"delete_annotation_date_key"`