diff --git a/manifests/postgres-cluster-clone/kustomization.yaml b/manifests/postgres-cluster-clone/kustomization.yaml new file mode 100644 index 000000000..086b86c2a --- /dev/null +++ b/manifests/postgres-cluster-clone/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../postgres-cluster +commonLabels: + cluster-name: postgres-cluster-clone +nameSuffix: -clone +patches: +- patches.yaml diff --git a/manifests/postgres-cluster-clone/patches.yaml b/manifests/postgres-cluster-clone/patches.yaml new file mode 100644 index 000000000..dce207c40 --- /dev/null +++ b/manifests/postgres-cluster-clone/patches.yaml @@ -0,0 +1,10 @@ +apiVersion: "acid.zalan.do/v1" +kind: postgresql +metadata: + name: postgres-cluster + # > you can clone only from clusters within the same namespace. + # See https://github.com/zalando/postgres-operator/blob/master/docs/user.md#clone-directly + namespace: postgres-cluster +spec: + clone: + cluster: postgres-cluster diff --git a/manifests/postgres-cluster-pitr/kustomization.yaml b/manifests/postgres-cluster-pitr/kustomization.yaml new file mode 100644 index 000000000..e03443228 --- /dev/null +++ b/manifests/postgres-cluster-pitr/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../postgres-cluster +commonLabels: + cluster-name: postgres-cluster-pitr +# MUST be in the same namespace to get secret "standby.postgres-cluster.credentials.postgresql.acid.zalan.do" +# namespace: +nameSuffix: -pitr +patches: +- patches.yaml diff --git a/manifests/postgres-cluster-pitr/patches.yaml b/manifests/postgres-cluster-pitr/patches.yaml new file mode 100644 index 000000000..e3ae62dc4 --- /dev/null +++ b/manifests/postgres-cluster-pitr/patches.yaml @@ -0,0 +1,10 @@ +# https://github.com/zalando/postgres-operator/blob/master/docs/user.md#clone-from-s3 +apiVersion: "acid.zalan.do/v1" +kind: postgresql +metadata: + name: postgres-cluster + namespace: postgres-cluster +spec: + clone: + uid: b9c8455e-b748-11e9-a18d-02650311323e + cluster: postgres-cluster diff --git a/manifests/postgres-cluster/kustomization.yaml b/manifests/postgres-cluster/kustomization.yaml new file mode 100644 index 000000000..51cbf52bb --- /dev/null +++ b/manifests/postgres-cluster/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + cluster-name: postgres-cluster +namespace: postgres-cluster +resources: +- resources.yaml diff --git a/manifests/postgres-cluster/resources.yaml b/manifests/postgres-cluster/resources.yaml new file mode 100644 index 000000000..145e3baba --- /dev/null +++ b/manifests/postgres-cluster/resources.yaml @@ -0,0 +1,14 @@ +# https://github.com/zalando/postgres-operator/blob/master/docs/reference/cluster_manifest.md +apiVersion: "acid.zalan.do/v1" +kind: postgresql +metadata: + name: postgres-cluster +spec: + teamId: acid + volume: + size: 10Gi + numberOfInstances: 1 + postgresql: + version: "10" + # # NOT WORKING, see https://github.com/zalando/postgres-operator/issues/641 + # enableLogicalBackup: true diff --git a/manifests/postgres-operator/base-crd/Kube-descriptor.yaml b/manifests/postgres-operator/base-crd/Kube-descriptor.yaml new file mode 100644 index 000000000..4a95b875f --- /dev/null +++ b/manifests/postgres-operator/base-crd/Kube-descriptor.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +appVersion: 1.2.0 +description: Postgres Operator creates and manages PostgreSQL clusters running in + Kubernetes +engine: gotpl +home: https://github.com/zalando/postgres-operator +keywords: +- postgres +- operator +- cloud-native +- patroni +- spilo +maintainers: +- email: opensource@zalando.de + name: Zalando +- email: kgyoo8232@gmail.com + name: kimxogus +name: postgres-operator +sources: +- https://github.com/zalando/postgres-operator +version: 1.2.0 diff --git a/manifests/postgres-operator/base-crd/kustomization.yaml b/manifests/postgres-operator/base-crd/kustomization.yaml new file mode 100644 index 000000000..1fdc91837 --- /dev/null +++ b/manifests/postgres-operator/base-crd/kustomization.yaml @@ -0,0 +1,23 @@ +# Labels to add to all resources and selectors. +commonLabels: + app.kubernetes.io/instance: postgres-operator + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/name: postgres-operator + helm.sh/chart: postgres-operator-1.2.0 + +# Images modify the tags for images without +# creating patches. +images: +- name: registry.opensource.zalan.do/acid/postgres-operator + newTag: v1.2.0 + +# List of resource files that kustomize reads, modifies +# and emits as a YAML string +resources: +- operator-clusterrole.yaml +- operator-crb.yaml +- operator-sa.yaml +- operatorconfigurations.acid.zalan.do-crd.yaml +- postgres-operator-deploy.yaml +- postgres-operator-operatorconfiguration.yaml +- postgresqls.acid.zalan.do-crd.yaml \ No newline at end of file diff --git a/manifests/postgres-operator/base-crd/operator-clusterrole.yaml b/manifests/postgres-operator/base-crd/operator-clusterrole.yaml new file mode 100644 index 000000000..7a347a99a --- /dev/null +++ b/manifests/postgres-operator/base-crd/operator-clusterrole.yaml @@ -0,0 +1,149 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: operator +rules: +- apiGroups: + - acid.zalan.do + resources: + - postgresqls + - postgresqls/status + - operatorconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - update + - delete + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - delete + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - delete + - get + - list + - watch + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - patch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - create +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - get + - create +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - operator + resources: + - clusterroles + verbs: + - bind +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update diff --git a/manifests/postgres-operator/base-crd/operator-crb.yaml b/manifests/postgres-operator/base-crd/operator-crb.yaml new file mode 100644 index 000000000..3d2fa6dc3 --- /dev/null +++ b/manifests/postgres-operator/base-crd/operator-crb.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: operator +subjects: +- kind: ServiceAccount + name: operator + namespace: default diff --git a/manifests/postgres-operator/base-crd/operator-sa.yaml b/manifests/postgres-operator/base-crd/operator-sa.yaml new file mode 100644 index 000000000..5b9d50558 --- /dev/null +++ b/manifests/postgres-operator/base-crd/operator-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: operator diff --git a/manifests/postgres-operator/base-crd/operatorconfigurations.acid.zalan.do-crd.yaml b/manifests/postgres-operator/base-crd/operatorconfigurations.acid.zalan.do-crd.yaml new file mode 100644 index 000000000..e43db48c6 --- /dev/null +++ b/manifests/postgres-operator/base-crd/operatorconfigurations.acid.zalan.do-crd.yaml @@ -0,0 +1,15 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: operatorconfigurations.acid.zalan.do +spec: + group: acid.zalan.do + names: + kind: OperatorConfiguration + listKind: OperatorConfigurationList + plural: operatorconfigurations + shortNames: + - pgc + singular: operatorconfiguration + scope: Namespaced + version: v1 diff --git a/manifests/postgres-operator/base-crd/postgres-operator-deploy.yaml b/manifests/postgres-operator/base-crd/postgres-operator-deploy.yaml new file mode 100644 index 000000000..3461bbb55 --- /dev/null +++ b/manifests/postgres-operator/base-crd/postgres-operator-deploy.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres-operator +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: postgres-operator + app.kubernetes.io/name: postgres-operator + template: + metadata: + annotations: + checksum/config: 52ef20120c7c04050deedcf1a89d46ab05d8f1a393965add8b29be5f3f020443 + labels: + app.kubernetes.io/instance: postgres-operator + app.kubernetes.io/name: postgres-operator + spec: + containers: + - env: + - name: POSTGRES_OPERATOR_CONFIGURATION_OBJECT + value: postgres-operator + image: registry.opensource.zalan.do/acid/postgres-operator:v1.2.0 + imagePullPolicy: IfNotPresent + name: postgres-operator + serviceAccountName: operator + tolerations: [] diff --git a/manifests/postgres-operator/base-crd/postgres-operator-operatorconfiguration.yaml b/manifests/postgres-operator/base-crd/postgres-operator-operatorconfiguration.yaml new file mode 100644 index 000000000..a8ee145f6 --- /dev/null +++ b/manifests/postgres-operator/base-crd/postgres-operator-operatorconfiguration.yaml @@ -0,0 +1,73 @@ +apiVersion: acid.zalan.do/v1 +configuration: + aws_or_gcp: + aws_region: eu-central-1 + debug: + debug_logging: true + enable_database_access: true + docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p9 + enable_shm_volume: true + etcd_host: "" + kubernetes: + cluster_domain: cluster.local + cluster_labels: + application: spilo + cluster_name_label: cluster-name + enable_pod_antiaffinity: false + enable_pod_disruption_budget: true + oauth_token_secret_name: postgres-operator + pdb_name_format: postgres-{cluster}-pdb + pod_antiaffinity_topology_key: kubernetes.io/hostname + pod_management_policy: ordered_ready + pod_role_label: spilo-role + pod_service_account_name: operator + pod_terminate_grace_period: 5m + secret_name_template: '{username}.{cluster}.credentials.{tprkind}.{tprgroup}' + spilo_privileged: false + watched_namespace: '*' + load_balancer: + db_hosted_zone: db.example.com + enable_master_load_balancer: true + enable_replica_load_balancer: false + master_dns_name_format: '{cluster}.{team}.{hostedzone}' + replica_dns_name_format: '{cluster}-repl.{team}.{hostedzone}' + logging_rest_api: + api_port: 8080 + cluster_history_entries: 1000 + ring_log_lines: 100 + logical_backup: + logical_backup_docker_image: registry.opensource.zalan.do/acid/logical-backup + logical_backup_s3_bucket: my-bucket-url + logical_backup_schedule: 30 00 * * * + max_instances: -1 + min_instances: -1 + postgres_pod_resources: + default_cpu_limit: "3" + default_cpu_request: 100m + default_memory_limit: 1Gi + default_memory_request: 100Mi + repair_period: 5m + resync_period: 30m + teams_api: + enable_team_superuser: false + enable_teams_api: false + pam_role_name: zalandos + protected_role_names: + - admin + team_admin_role: admin + team_api_role_configuration: + log_statement: all + timeouts: + pod_deletion_wait_timeout: 10m + pod_label_wait_timeout: 10m + ready_wait_interval: 3s + ready_wait_timeout: 30s + resource_check_interval: 3s + resource_check_timeout: 10m + users: + replication_username: standby + super_username: postgres + workers: 4 +kind: OperatorConfiguration +metadata: + name: postgres-operator diff --git a/manifests/postgres-operator/base-crd/postgresqls.acid.zalan.do-crd.yaml b/manifests/postgres-operator/base-crd/postgresqls.acid.zalan.do-crd.yaml new file mode 100644 index 000000000..e22a4e06d --- /dev/null +++ b/manifests/postgres-operator/base-crd/postgresqls.acid.zalan.do-crd.yaml @@ -0,0 +1,15 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: postgresqls.acid.zalan.do +spec: + group: acid.zalan.do + names: + kind: postgresql + listKind: postgresqlList + plural: postgresqls + shortNames: + - pg + singular: postgresql + scope: Namespaced + version: v1 diff --git a/manifests/postgres-operator/kustomization.yaml b/manifests/postgres-operator/kustomization.yaml new file mode 100644 index 000000000..b6455a367 --- /dev/null +++ b/manifests/postgres-operator/kustomization.yaml @@ -0,0 +1,27 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: postgres-operator +commonLabels: + app.kubernetes.io/managed-by: kustomize + team: acid +bases: +- base-crd +- ui +configMapGenerator: +- name: postgres-operator-ui + literals: + - WALE_S3_ENDPOINT=https+path://s3.us-west-1.amazonaws.com/bucket-for-wal + - SPILO_S3_BACKUP_BUCKET=bucket-for-backup +images: +- name: registry.opensource.zalan.do/acid/postgres-operator-ui + newTag: latest +patchesStrategicMerge: +- patches.yaml +resources: +- resources.yaml +vars: +- name: OPERATOR_API_SERVICE + objref: + apiVersion: v1 + kind: Service + name: postgres-operator diff --git a/manifests/postgres-operator/patches.yaml b/manifests/postgres-operator/patches.yaml new file mode 100644 index 000000000..e96c257f7 --- /dev/null +++ b/manifests/postgres-operator/patches.yaml @@ -0,0 +1,36 @@ +apiVersion: acid.zalan.do/v1 +kind: OperatorConfiguration +metadata: + name: postgres-operator +configuration: + aws_or_gcp: + aws_region: us-west-1 + load_balancer: + enable_master_load_balancer: false + logical_backup: + logical_backup_docker_image: registry.opensource.zalan.do/acid/logical-backup + logical_backup_s3_bucket: postgres-operator-erica-nvda-dev + logical_backup_schedule: 30 00 * * * +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres-operator-ui +spec: + template: + spec: + containers: + - name: service + env: + - name: OPERATOR_API_URL + value: http://$(OPERATOR_API_SERVICE) + - name: TARGET_NAMESPACE + value: postgres-cluster + - name: TEAMS + value: |- + [ + "acid" + ] + envFrom: + - configMapRef: + name: postgres-operator-ui diff --git a/manifests/postgres-operator/resources.yaml b/manifests/postgres-operator/resources.yaml new file mode 100644 index 000000000..1c21e35da --- /dev/null +++ b/manifests/postgres-operator/resources.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: postgres-operator +spec: + selector: + app.kubernetes.io/instance: postgres-operator + app.kubernetes.io/name: postgres-operator + ports: + - port: 80 + targetPort: 8080 diff --git a/manifests/postgres-operator/ui/deployment.yaml b/manifests/postgres-operator/ui/deployment.yaml new file mode 100644 index 000000000..c270cbe11 --- /dev/null +++ b/manifests/postgres-operator/ui/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: "postgres-operator-ui" + namespace: "default" + labels: + application: "postgres-operator-ui" + team: "acid" +spec: + replicas: 1 + selector: + matchLabels: + application: "postgres-operator-ui" + template: + metadata: + labels: + application: "postgres-operator-ui" + team: "acid" + spec: + serviceAccountName: postgres-operator-ui + containers: + - name: "service" + image: registry.opensource.zalan.do/acid/postgres-operator-ui:v1.2.0 + ports: + - containerPort: 8081 + protocol: "TCP" + readinessProbe: + httpGet: + path: "/health" + port: 8081 + initialDelaySeconds: 5 + timeoutSeconds: 1 + resources: + limits: + cpu: "300m" + memory: "3000Mi" + requests: + cpu: "100m" + memory: "100Mi" + env: + - name: "APP_URL" + value: "http://localhost:8081" + - name: "OPERATOR_API_URL" + value: "http://localhost:8080" + - name: "TARGET_NAMESPACE" + value: "default" + - name: "TEAMS" + value: |- + [ + "acid" + ] + - name: "OPERATOR_UI_CONFIG" + value: |- + { + "docs_link":"https://postgres-operator.readthedocs.io/en/latest/", + "dns_format_string": "{1}-{0}.{2}", + "databases_visible": true, + "master_load_balancer_visible": true, + "nat_gateways_visible": false, + "replica_load_balancer_visible": true, + "resources_visible": true, + "users_visible": true, + "postgresql_versions": [ + "11", + "10", + "9.6" + ] + } diff --git a/manifests/postgres-operator/ui/kustomization.yaml b/manifests/postgres-operator/ui/kustomization.yaml new file mode 100644 index 000000000..aff4e8403 --- /dev/null +++ b/manifests/postgres-operator/ui/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: postgres-operator-ui +resources: +- deployment.yaml +- service.yaml +- ui-service-account-rbac.yaml diff --git a/manifests/postgres-operator/ui/service.yaml b/manifests/postgres-operator/ui/service.yaml new file mode 100644 index 000000000..989ec041e --- /dev/null +++ b/manifests/postgres-operator/ui/service.yaml @@ -0,0 +1,15 @@ +apiVersion: "v1" +kind: "Service" +metadata: + name: "postgres-operator-ui" + namespace: "default" + labels: + application: "postgres-operator-ui" +spec: + type: "ClusterIP" + selector: + application: "postgres-operator-ui" + ports: + - port: 80 + protocol: "TCP" + targetPort: 8081 diff --git a/manifests/postgres-operator/ui/ui-service-account-rbac.yaml b/manifests/postgres-operator/ui/ui-service-account-rbac.yaml new file mode 100644 index 000000000..4ae218e74 --- /dev/null +++ b/manifests/postgres-operator/ui/ui-service-account-rbac.yaml @@ -0,0 +1,67 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: postgres-operator-ui + namespace: default + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: postgres-operator-ui +rules: +- apiGroups: + - acid.zalan.do + resources: + - postgresqls + verbs: + - create + - delete + - get + - list + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: postgres-operator-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: postgres-operator-ui +subjects: +- kind: ServiceAccount +# note: the cluster role binding needs to be defined +# for every namespace the operator-ui service account lives in. + name: postgres-operator-ui + namespace: default