From 7656fdd0947ec23b09af2bbe728c63d198545139 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Thu, 23 May 2019 15:28:28 +0200 Subject: [PATCH] fixed ServiceAccount mapping and reordering values.yaml --- charts/postgres-operator/Chart.yaml | 9 +- .../templates/clusterrole.yaml | 12 +- .../templates/clusterrolebinding.yaml | 18 ++- .../templates/configmap.yaml | 12 +- .../templates/deployment.yaml | 6 +- .../templates/operatorconfiguration.yaml | 6 +- .../templates/serviceaccount.yaml | 6 +- charts/postgres-operator/values.yaml | 112 +++++++++--------- 8 files changed, 110 insertions(+), 71 deletions(-) diff --git a/charts/postgres-operator/Chart.yaml b/charts/postgres-operator/Chart.yaml index 3b55a37e9..1817bf411 100644 --- a/charts/postgres-operator/Chart.yaml +++ b/charts/postgres-operator/Chart.yaml @@ -1,13 +1,18 @@ apiVersion: v1 name: postgres-operator -version: 0.1.0 -appVersion: 1.1.0 +version: 1.2.0 +appVersion: 1.2.0 home: https://github.com/zalando/postgres-operator description: Postgres operator creates and manages PostgreSQL clusters running in Kubernetes keywords: - postgres - operator +- cloud-native +- patroni +- spilo maintainers: +- name: Zalando + email: opensource@zalando.de - name: kimxogus email: kgyoo8232@gmail.com sources: diff --git a/charts/postgres-operator/templates/clusterrole.yaml b/charts/postgres-operator/templates/clusterrole.yaml index a24571cf1..d9b081cd8 100644 --- a/charts/postgres-operator/templates/clusterrole.yaml +++ b/charts/postgres-operator/templates/clusterrole.yaml @@ -2,7 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: {{ template "postgres-operator.fullname" . }} + name: {{- if eq .Values.serviceAccount.name "" }} + {{ template "postgres-operator.fullname" . }} + {{- else }} + {{ .Values.serviceAccount.name }} + {{- end }} labels: app.kubernetes.io/name: {{ template "postgres-operator.name" . }} helm.sh/chart: {{ template "postgres-operator.chart" . }} @@ -140,5 +144,9 @@ rules: verbs: - bind resourceNames: - - {{ template "postgres-operator.fullname" . }} + - {{- if eq .Values.serviceAccount.name "" }} + {{ template "postgres-operator.fullname" . }} + {{- else }} + {{ .Values.serviceAccount.name }} + {{- end }} {{ end }} diff --git a/charts/postgres-operator/templates/clusterrolebinding.yaml b/charts/postgres-operator/templates/clusterrolebinding.yaml index 88c95128f..7e71ce6cb 100644 --- a/charts/postgres-operator/templates/clusterrolebinding.yaml +++ b/charts/postgres-operator/templates/clusterrolebinding.yaml @@ -2,7 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "postgres-operator.fullname" . }} + name: {{- if eq .Values.serviceAccount.name "" }} + {{ template "postgres-operator.fullname" . }} + {{- else }} + {{ .Values.serviceAccount.name }} + {{- end }} labels: app.kubernetes.io/name: {{ template "postgres-operator.name" . }} helm.sh/chart: {{ template "postgres-operator.chart" . }} @@ -11,11 +15,19 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "postgres-operator.fullname" . }} + name: {{- if eq .Values.serviceAccount.name "" }} + {{ template "postgres-operator.fullname" . }} + {{- else }} + {{ .Values.serviceAccount.name }} + {{- end }} subjects: - kind: ServiceAccount # note: the cluster role binding needs to be defined # for every namespace the operator service account lives in. - name: {{ template "postgres-operator.fullname" . }} + name: {{- if eq .Values.serviceAccount.name "" }} + {{ template "postgres-operator.fullname" . }} + {{- else }} + {{ .Values.serviceAccount.name }} + {{- end }} namespace: {{ .Release.Namespace }} {{ end }} diff --git a/charts/postgres-operator/templates/configmap.yaml b/charts/postgres-operator/templates/configmap.yaml index 8e855f695..4785a7758 100644 --- a/charts/postgres-operator/templates/configmap.yaml +++ b/charts/postgres-operator/templates/configmap.yaml @@ -8,19 +8,25 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} data: - pod_service_account_name: {{ template "postgres-operator.fullname" . }} + pod_service_account_name: {{- if eq .Values.serviceAccount.name "" }} + {{ template "postgres-operator.fullname" . }} + {{- else }} + {{ .Values.serviceAccount.name }} + {{- end }} + api_port: "{{ .Values.configLoggingRestApi.api_port }}" + cluster_history_entries: "{{ .Values.configLoggingRestApi.cluster_history_entries }}" docker_image: {{ .Values.docker_image }} debug_logging: "{{ .Values.configDebug.debug_logging }}" enable_database_access: "{{ .Values.configDebug.enable_database_access }}" repair_period: {{ .Values.repair_period }} resync_period: {{ .Values.resync_period }} + ring_log_lines: "{{ .Values.configLoggingRestApi.ring_log_lines }}" spilo_privileged: "{{ .Values.spilo_privileged }}" + workers: "{{ .Values.workers }}" {{ toYaml .Values.configMap | indent 2 }} {{ toYaml .Values.configUsers | indent 2 }} {{ toYaml .Values.configKubernetes | indent 2 }} -{{ toYaml .Values.configNamespace | indent 2 }} {{ toYaml .Values.configTimeouts | indent 2 }} {{ toYaml .Values.configLoadBalancer | indent 2 }} {{ toYaml .Values.configAwsOrGcp | indent 2 }} {{ toYaml .Values.configTeamsApi | indent 2 }} -{{ toYaml .Values.configLoggingRestApi | indent 2 }} diff --git a/charts/postgres-operator/templates/deployment.yaml b/charts/postgres-operator/templates/deployment.yaml index 5ccc1ce37..04393416e 100644 --- a/charts/postgres-operator/templates/deployment.yaml +++ b/charts/postgres-operator/templates/deployment.yaml @@ -29,7 +29,11 @@ spec: {{ toYaml .Values.podLabels | indent 8 }} {{- end }} spec: - serviceAccountName: {{ template "postgres-operator.fullname" . }} + serviceAccountName: {{- if eq .Values.serviceAccount.name "" }} + {{ template "postgres-operator.fullname" . }} + {{- else }} + {{ .Values.serviceAccount.name }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/charts/postgres-operator/templates/operatorconfiguration.yaml b/charts/postgres-operator/templates/operatorconfiguration.yaml index 54e97617a..7ed02f8f1 100644 --- a/charts/postgres-operator/templates/operatorconfiguration.yaml +++ b/charts/postgres-operator/templates/operatorconfiguration.yaml @@ -8,14 +8,16 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} configuration: - pod_service_account_name: operator docker_image: {{ .Values.docker_image }} repair_period: {{ .Values.repair_period }} resync_period: {{ .Values.resync_period }} + workers: {{ .Values.workers }} {{ toYaml .Values.configCRD | indent 2 }} users: {{ toYaml .Values.configUsers | indent 4 }} kubernetes: + oauth_token_secret_name: {{ template "postgres-operator.fullname" . }} + pod_service_account_name: operator spilo_privileged: {{ .Values.spilo_privileged }} {{ toYaml .Values.configKubernetes | indent 4 }} {{ toYaml .Values.configKubernetesCRD | indent 4 }} @@ -32,6 +34,6 @@ configuration: teams_api: {{ toYaml .Values.configTeamsApiCRD | indent 4 }} logging_rest_api: -{{ toYaml .Values.configLoggingRestApiCRD | indent 4 }} +{{ toYaml .Values.configLoggingRestApi | indent 4 }} scalyr: {{ toYaml .Values.configScalyr | indent 4 }} diff --git a/charts/postgres-operator/templates/serviceaccount.yaml b/charts/postgres-operator/templates/serviceaccount.yaml index dc996fc00..01ab2bc00 100644 --- a/charts/postgres-operator/templates/serviceaccount.yaml +++ b/charts/postgres-operator/templates/serviceaccount.yaml @@ -2,7 +2,11 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "postgres-operator.fullname" . }} + name: {{- if eq .Values.serviceAccount.name "" }} + {{ template "postgres-operator.fullname" . }} + {{- else }} + {{ .Values.serviceAccount.name }} + {{- end }} labels: app.kubernetes.io/name: {{ template "postgres-operator.name" . }} helm.sh/chart: {{ template "postgres-operator.chart" . }} diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index b6f93a8cd..db1d2aaf3 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -1,7 +1,7 @@ image: registry: registry.opensource.zalan.do repository: acid/postgres-operator - tag: v1.1.0-20-g25e02ad + tag: v1.1.0-28-g24d412a pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -10,25 +10,15 @@ image: # imagePullSecrets: # - name: myRegistryKeySecretName -docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p70 podAnnotations: {} podLabels: {} + +# config shared from ConfigMap and CRD +docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p70 repair_period: 5m resync_period: 5m spilo_privileged: false - -configMap: - cluster_labels: application:spilo - cluster_name_label: version - workers: "4" - -configCRD: - etcd_host: "" - min_instances: -1 - max_instances: -1 - workers: 4 - # sidecar_docker_images - # example: "exampleimage:exampletag" +workers: 4 configUsers: replication_username: standby @@ -46,20 +36,6 @@ configKubernetes: pod_terminate_grace_period: 5m secret_name_template: '{username}.{cluster}.credentials' -configKubernetesCRD: - cluster_labels: - application: spilo - cluster_name_label: cluster-name - enable_pod_antiaffinity: false - pod_antiaffinity_topology_key: "kubernetes.io/hostname" - secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" - # inherited_labels: - # - application - # - app - -configNamespace: - watched_namespace: "*" # listen to all namespaces - configPostgresPodResources: default_cpu_request: 100m default_memory_request: 100Mi @@ -76,27 +52,15 @@ configTimeouts: resource_check_interval: 3s resource_check_timeout: 10m -configLoadBalancer: - # custom_service_annotations: - # "keyx:valuez,keya:valuea" - enable_master_load_balancer: "true" - enable_replica_load_balancer: "false" - master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}' - replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}' - -configLoadBalancerCRD: - # custom_service_annotations: - # keyx: valuez - # keya: valuea - enable_master_load_balancer: false - enable_replica_load_balancer: false - master_dns_name_format: "{cluster}.{team}.{hostedzone}" - replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" - configDebug: debug_logging: true enable_database_access: true +configLoggingRestApi: + api_port: 8080 + cluster_history_entries: 1000 + ring_log_lines: 100 + configAwsOrGcp: aws_region: eu-central-1 db_hosted_zone: db.example.com @@ -104,6 +68,20 @@ configAwsOrGcp: # log_s3_bucket: "" # wal_s3_bucket: "" +# config exclusive to ConfigMap +configMap: + cluster_labels: application:spilo + cluster_name_label: version + watched_namespace: "*" # listen to all namespaces + +configLoadBalancer: + # custom_service_annotations: + # "keyx:valuez,keya:valuea" + enable_master_load_balancer: "true" + enable_replica_load_balancer: "false" + master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}' + replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}' + configTeamsApi: enable_teams_api: "false" # enable_admin_role_for_users: "true" @@ -115,6 +93,35 @@ configTeamsApi: # team_api_role_configuration: "log_statement:all" # teams_api_url: http://fake-teams-api.default.svc.cluster.local +# config exclusive to CRD +configCRD: + etcd_host: "" + min_instances: -1 + max_instances: -1 + # sidecar_docker_images + # example: "exampleimage:exampletag" + +configKubernetesCRD: + cluster_labels: + application: spilo + cluster_name_label: cluster-name + enable_pod_antiaffinity: false + pod_antiaffinity_topology_key: "kubernetes.io/hostname" + secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + # inherited_labels: + # - application + # - app + # watched_namespace: "" + +configLoadBalancerCRD: + # custom_service_annotations: + # keyx: valuez + # keya: valuea + enable_master_load_balancer: false + enable_replica_load_balancer: false + master_dns_name_format: "{cluster}.{team}.{hostedzone}" + replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" + configTeamsApiCRD: enable_teams_api: false enable_team_superuser: false @@ -128,16 +135,6 @@ configTeamsApiCRD: log_statement: all # teams_api_url: "" -configLoggingRestApi: - api_port: "8080" - cluster_history_entries: "1000" - ring_log_lines: "100" - -configLoggingRestApiCRD: - api_port: 8080 - cluster_history_entries: 1000 - ring_log_lines: 100 - scalyr: scalyr_cpu_request: 100m scalyr_memory_request: 50Mi @@ -156,7 +153,8 @@ serviceAccount: create: true # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template - name: + # When relying solely on the OperatorConfiguration CRD, set this value to "operator" + name: "" priorityClassName: ""