extend RBAC in prepatation to switch to configmap-based cluster management (#2961)
This commit is contained in:
Felix Kunde
GitHub
parent
dc29425969
commit
8ba57b28f5
|
|
@ -107,8 +107,13 @@ Those are top-level keys, containing both leaf keys and groups.
|
||||||
* **kubernetes_use_configmaps**
|
* **kubernetes_use_configmaps**
|
||||||
Select if setup uses endpoints (default), or configmaps to manage leader when
|
Select if setup uses endpoints (default), or configmaps to manage leader when
|
||||||
DCS is kubernetes (not etcd or similar). In OpenShift it is not possible to
|
DCS is kubernetes (not etcd or similar). In OpenShift it is not possible to
|
||||||
use endpoints option, and configmaps is required. By default,
|
use endpoints option, and configmaps is required. Starting with K8s 1.33,
|
||||||
`kubernetes_use_configmaps: false`, meaning endpoints will be used.
|
endpoints are marked as deprecated. It's recommended to switch to config maps
|
||||||
|
instead. But, to do so make sure you scale the Postgres cluster down to just
|
||||||
|
one primary pod (e.g. using `max_instances` option). Otherwise, you risk
|
||||||
|
running into a split-brain scenario.
|
||||||
|
By default, `kubernetes_use_configmaps: false`, meaning endpoints will be used.
|
||||||
|
Starting from v1.16.0 the default will be changed to `true`.
|
||||||
|
|
||||||
* **docker_image**
|
* **docker_image**
|
||||||
Spilo Docker image for Postgres instances. For production, don't rely on the
|
Spilo Docker image for Postgres instances. For production, don't rely on the
|
||||||
|
|
|
||||||
|
|
@ -59,13 +59,20 @@ rules:
|
||||||
- get
|
- get
|
||||||
- patch
|
- patch
|
||||||
- update
|
- update
|
||||||
# to read configuration from ConfigMaps
|
# to read configuration from ConfigMaps and help Patroni manage the cluster if endpoints are not used
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
- configmaps
|
- configmaps
|
||||||
verbs:
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- deletecollection
|
||||||
- get
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
# to send events to the CRs
|
# to send events to the CRs
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
|
|
@ -78,7 +85,7 @@ rules:
|
||||||
- patch
|
- patch
|
||||||
- update
|
- update
|
||||||
- watch
|
- watch
|
||||||
# to manage endpoints which are also used by Patroni
|
# to manage endpoints which are also used by Patroni (if it is using config maps)
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
|
|
@ -249,7 +256,21 @@ kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: postgres-pod
|
name: postgres-pod
|
||||||
rules:
|
rules:
|
||||||
# Patroni needs to watch and manage endpoints
|
# Patroni needs to watch and manage config maps (or endpoints)
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- deletecollection
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
# Patroni needs to watch and manage endpoints (or config maps)
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
resources:
|
resources:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue