fixed ServiceAccount mapping and reordering values.yaml

charts/postgres-operator/Chart.yaml

@@ -1,13 +1,18 @@
 apiVersion: v1
 name: postgres-operator
-version: 0.1.0
-appVersion: 1.1.0
+version: 1.2.0
+appVersion: 1.2.0
 home: https://github.com/zalando/postgres-operator
 description: Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
 keywords:
 - postgres
 - operator
+- cloud-native
+- patroni
+- spilo
 maintainers:
+- name: Zalando
+  email: opensource@zalando.de
 - name: kimxogus
   email: kgyoo8232@gmail.com
 sources:

charts/postgres-operator/templates/clusterrole.yaml

@@ -2,7 +2,11 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
   labels:
     app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
     helm.sh/chart: {{ template "postgres-operator.chart" . }}
@@ -140,5 +144,9 @@ rules:
   verbs:
   - bind
   resourceNames:
-  - {{ template "postgres-operator.fullname" . }}
+  - {{- if eq .Values.serviceAccount.name "" }}
+      {{ template "postgres-operator.fullname" . }}
+    {{- else }}
+      {{ .Values.serviceAccount.name }}
+    {{- end }}
 {{ end }}

charts/postgres-operator/templates/clusterrolebinding.yaml

@@ -2,7 +2,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
   labels:
     app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
     helm.sh/chart: {{ template "postgres-operator.chart" . }}
@@ -11,11 +15,19 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
 subjects:
 - kind: ServiceAccount
 # note: the cluster role binding needs to be defined
 # for every namespace the operator service account lives in.
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
   namespace: {{ .Release.Namespace }}
 {{ end }}

charts/postgres-operator/templates/configmap.yaml

@@ -8,19 +8,25 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 data:
-  pod_service_account_name: {{ template "postgres-operator.fullname" . }}
+  pod_service_account_name: {{- if eq .Values.serviceAccount.name "" }}
+                                {{ template "postgres-operator.fullname" . }}
+                            {{- else }}
+                                {{ .Values.serviceAccount.name }}
+                            {{- end }}
+  api_port: "{{ .Values.configLoggingRestApi.api_port }}"
+  cluster_history_entries: "{{ .Values.configLoggingRestApi.cluster_history_entries }}"
   docker_image: {{ .Values.docker_image }}
   debug_logging: "{{ .Values.configDebug.debug_logging }}"
   enable_database_access: "{{ .Values.configDebug.enable_database_access }}"
   repair_period: {{ .Values.repair_period }}
   resync_period: {{ .Values.resync_period }}
+  ring_log_lines: "{{ .Values.configLoggingRestApi.ring_log_lines }}"
   spilo_privileged: "{{ .Values.spilo_privileged }}"
+  workers: "{{ .Values.workers }}"
 {{ toYaml .Values.configMap | indent 2 }}
 {{ toYaml .Values.configUsers | indent 2 }}
 {{ toYaml .Values.configKubernetes | indent 2 }}
-{{ toYaml .Values.configNamespace | indent 2 }}
 {{ toYaml .Values.configTimeouts | indent 2 }}
 {{ toYaml .Values.configLoadBalancer | indent 2 }}
 {{ toYaml .Values.configAwsOrGcp | indent 2 }}
 {{ toYaml .Values.configTeamsApi | indent 2 }}
-{{ toYaml .Values.configLoggingRestApi | indent 2 }}

charts/postgres-operator/templates/deployment.yaml

@@ -29,7 +29,11 @@ spec:
 {{ toYaml .Values.podLabels | indent 8 }}
       {{- end }}
     spec:
-      serviceAccountName: {{ template "postgres-operator.fullname" . }}
+      serviceAccountName: {{- if eq .Values.serviceAccount.name "" }}
+                            {{ template "postgres-operator.fullname" . }}
+                          {{- else }}
+                            {{ .Values.serviceAccount.name }}
+                          {{- end }}
       containers:
       - name: {{ .Chart.Name }}
         image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"

charts/postgres-operator/templates/operatorconfiguration.yaml

@@ -8,14 +8,16 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 configuration:
-  pod_service_account_name: operator
   docker_image: {{ .Values.docker_image }}
   repair_period: {{ .Values.repair_period }}
   resync_period: {{ .Values.resync_period }}
+  workers: {{ .Values.workers }}
 {{ toYaml .Values.configCRD | indent 2 }}
   users:
 {{ toYaml .Values.configUsers | indent 4 }}
   kubernetes:
+    oauth_token_secret_name: {{ template "postgres-operator.fullname" . }}
+    pod_service_account_name: operator
     spilo_privileged: {{ .Values.spilo_privileged }}
 {{ toYaml .Values.configKubernetes | indent 4 }}
 {{ toYaml .Values.configKubernetesCRD | indent 4 }}
@@ -32,6 +34,6 @@ configuration:
   teams_api:
 {{ toYaml .Values.configTeamsApiCRD | indent 4 }}
   logging_rest_api:
-{{ toYaml .Values.configLoggingRestApiCRD | indent 4 }}
+{{ toYaml .Values.configLoggingRestApi | indent 4 }}
   scalyr:
 {{ toYaml .Values.configScalyr | indent 4 }}

charts/postgres-operator/templates/serviceaccount.yaml

@@ -2,7 +2,11 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
   labels:
     app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
     helm.sh/chart: {{ template "postgres-operator.chart" . }}

charts/postgres-operator/values.yaml

@@ -1,7 +1,7 @@
 image:
   registry: registry.opensource.zalan.do
   repository: acid/postgres-operator
-  tag: v1.1.0-20-g25e02ad
+  tag: v1.1.0-28-g24d412a
   pullPolicy: "IfNotPresent"
 
 # Optionally specify an array of imagePullSecrets.
@@ -10,25 +10,15 @@ image:
 # imagePullSecrets:
   # - name: myRegistryKeySecretName
 
-docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p70
 podAnnotations: {}
 podLabels: {}
+
+# config shared from ConfigMap and CRD
+docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p70
 repair_period: 5m
 resync_period: 5m
 spilo_privileged: false
-
-configMap:
-  cluster_labels: application:spilo
-  cluster_name_label: version
-  workers: "4"
-
-configCRD:
-  etcd_host: ""
-  min_instances: -1
-  max_instances: -1
 workers: 4
-  # sidecar_docker_images
-  #  example: "exampleimage:exampletag"
 
 configUsers:
   replication_username: standby
@@ -46,20 +36,6 @@ configKubernetes:
   pod_terminate_grace_period: 5m
   secret_name_template: '{username}.{cluster}.credentials'
 
-configKubernetesCRD:
-  cluster_labels:
-      application: spilo
-  cluster_name_label: cluster-name
-  enable_pod_antiaffinity: false
-  pod_antiaffinity_topology_key: "kubernetes.io/hostname"
-  secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
-  # inherited_labels:
-  # - application
-  # - app
-
-configNamespace:
-  watched_namespace: "*" # listen to all namespaces
-
 configPostgresPodResources:
   default_cpu_request: 100m
   default_memory_request: 100Mi
@@ -76,27 +52,15 @@ configTimeouts:
   resource_check_interval: 3s
   resource_check_timeout: 10m
 
-configLoadBalancer:
-  # custom_service_annotations:
-  #   "keyx:valuez,keya:valuea"
-  enable_master_load_balancer: "true"
-  enable_replica_load_balancer: "false"
-  master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}'
-  replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}'
-
-configLoadBalancerCRD:
-  # custom_service_annotations:
-  #   keyx: valuez
-  #   keya: valuea
-  enable_master_load_balancer: false
-  enable_replica_load_balancer: false
-  master_dns_name_format: "{cluster}.{team}.{hostedzone}"
-  replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}"
-
 configDebug:
   debug_logging: true
   enable_database_access: true
 
+configLoggingRestApi:
+  api_port: 8080
+  cluster_history_entries: 1000
+  ring_log_lines: 100
+
 configAwsOrGcp:
   aws_region: eu-central-1
   db_hosted_zone: db.example.com
@@ -104,6 +68,20 @@ configAwsOrGcp:
   # log_s3_bucket: ""
   # wal_s3_bucket: ""
 
+# config exclusive to ConfigMap
+configMap:
+  cluster_labels: application:spilo
+  cluster_name_label: version
+  watched_namespace: "*" # listen to all namespaces
+
+configLoadBalancer:
+  # custom_service_annotations:
+  #   "keyx:valuez,keya:valuea"
+  enable_master_load_balancer: "true"
+  enable_replica_load_balancer: "false"
+  master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}'
+  replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}'
+
 configTeamsApi:
   enable_teams_api: "false"
   # enable_admin_role_for_users: "true"
@@ -115,6 +93,35 @@ configTeamsApi:
   # team_api_role_configuration: "log_statement:all"
   # teams_api_url: http://fake-teams-api.default.svc.cluster.local
 
+# config exclusive to CRD
+configCRD:
+  etcd_host: ""
+  min_instances: -1
+  max_instances: -1
+  # sidecar_docker_images
+  #  example: "exampleimage:exampletag"
+
+configKubernetesCRD:
+  cluster_labels:
+      application: spilo
+  cluster_name_label: cluster-name
+  enable_pod_antiaffinity: false
+  pod_antiaffinity_topology_key: "kubernetes.io/hostname"
+  secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
+  # inherited_labels:
+  # - application
+  # - app
+  # watched_namespace: ""
+
+configLoadBalancerCRD:
+  # custom_service_annotations:
+  #   keyx: valuez
+  #   keya: valuea
+  enable_master_load_balancer: false
+  enable_replica_load_balancer: false
+  master_dns_name_format: "{cluster}.{team}.{hostedzone}"
+  replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}"
+
 configTeamsApiCRD:
   enable_teams_api: false
   enable_team_superuser: false
@@ -128,16 +135,6 @@ configTeamsApiCRD:
     log_statement: all
   # teams_api_url: ""
 
-configLoggingRestApi:
-  api_port: "8080"
-  cluster_history_entries: "1000"
-  ring_log_lines: "100"
-
-configLoggingRestApiCRD:
-  api_port: 8080
-  cluster_history_entries: 1000
-  ring_log_lines: 100
-
 scalyr:
   scalyr_cpu_request: 100m
   scalyr_memory_request: 50Mi
@@ -156,7 +153,8 @@ serviceAccount:
   create: true
   # The name of the ServiceAccount to use.
   # If not set and create is true, a name is generated using the fullname template
-  name:
+  # When relying solely on the OperatorConfiguration CRD, set this value to "operator"
+  name: ""
 
 priorityClassName: ""