Merge ee3445c3f5 into 1af4c50ed0

manifests/postgres-cluster-clone/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../postgres-cluster
+commonLabels:
+  cluster-name: postgres-cluster-clone
+nameSuffix: -clone
+patches:
+- patches.yaml

manifests/postgres-cluster-clone/patches.yaml

@@ -0,0 +1,10 @@
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+  name: postgres-cluster
+  # > you can clone only from clusters within the same namespace.
+  # See https://github.com/zalando/postgres-operator/blob/master/docs/user.md#clone-directly
+  namespace: postgres-cluster
+spec:
+  clone:
+    cluster: postgres-cluster

manifests/postgres-cluster-pitr/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../postgres-cluster
+commonLabels:
+  cluster-name: postgres-cluster-pitr
+# MUST be in the same namespace to get secret "standby.postgres-cluster.credentials.postgresql.acid.zalan.do"
+# namespace:
+nameSuffix: -pitr
+patches:
+- patches.yaml

manifests/postgres-cluster-pitr/patches.yaml

@@ -0,0 +1,10 @@
+# https://github.com/zalando/postgres-operator/blob/master/docs/user.md#clone-from-s3
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+  name: postgres-cluster
+  namespace: postgres-cluster
+spec:
+  clone:
+    uid: b9c8455e-b748-11e9-a18d-02650311323e
+    cluster: postgres-cluster

manifests/postgres-cluster/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  cluster-name: postgres-cluster
+namespace: postgres-cluster
+resources:
+- resources.yaml

manifests/postgres-cluster/resources.yaml

@@ -0,0 +1,14 @@
+# https://github.com/zalando/postgres-operator/blob/master/docs/reference/cluster_manifest.md
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+  name: postgres-cluster
+spec:
+  teamId: acid
+  volume:
+    size: 10Gi
+  numberOfInstances: 1
+  postgresql:
+    version: "10"
+  # # NOT WORKING, see https://github.com/zalando/postgres-operator/issues/641
+  # enableLogicalBackup: true

manifests/postgres-operator/base-crd/Kube-descriptor.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+appVersion: 1.2.0
+description: Postgres Operator creates and manages PostgreSQL clusters running in
+  Kubernetes
+engine: gotpl
+home: https://github.com/zalando/postgres-operator
+keywords:
+- postgres
+- operator
+- cloud-native
+- patroni
+- spilo
+maintainers:
+- email: opensource@zalando.de
+  name: Zalando
+- email: kgyoo8232@gmail.com
+  name: kimxogus
+name: postgres-operator
+sources:
+- https://github.com/zalando/postgres-operator
+version: 1.2.0

manifests/postgres-operator/base-crd/kustomization.yaml

@@ -0,0 +1,23 @@
+# Labels to add to all resources and selectors.
+commonLabels:
+  app.kubernetes.io/instance: postgres-operator
+  app.kubernetes.io/managed-by: Tiller
+  app.kubernetes.io/name: postgres-operator
+  helm.sh/chart: postgres-operator-1.2.0
+
+# Images modify the tags for images without
+# creating patches.
+images:
+- name: registry.opensource.zalan.do/acid/postgres-operator
+  newTag: v1.2.0
+
+# List of resource files that kustomize reads, modifies
+# and emits as a YAML string
+resources:
+- operator-clusterrole.yaml
+- operator-crb.yaml
+- operator-sa.yaml
+- operatorconfigurations.acid.zalan.do-crd.yaml
+- postgres-operator-deploy.yaml
+- postgres-operator-operatorconfiguration.yaml
+- postgresqls.acid.zalan.do-crd.yaml

manifests/postgres-operator/base-crd/operator-clusterrole.yaml

@@ -0,0 +1,149 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: operator
+rules:
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - postgresqls
+  - postgresqls/status
+  - operatorconfigurations
+  verbs:
+  - '*'
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - update
+  - delete
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - delete
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - delete
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resourceNames:
+  - operator
+  resources:
+  - clusterroles
+  verbs:
+  - bind
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update

manifests/postgres-operator/base-crd/operator-crb.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: operator
+subjects:
+- kind: ServiceAccount
+  name: operator
+  namespace: default

manifests/postgres-operator/base-crd/operator-sa.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: operator

manifests/postgres-operator/base-crd/operatorconfigurations.acid.zalan.do-crd.yaml

@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: operatorconfigurations.acid.zalan.do
+spec:
+  group: acid.zalan.do
+  names:
+    kind: OperatorConfiguration
+    listKind: OperatorConfigurationList
+    plural: operatorconfigurations
+    shortNames:
+    - pgc
+    singular: operatorconfiguration
+  scope: Namespaced
+  version: v1

manifests/postgres-operator/base-crd/postgres-operator-deploy.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: postgres-operator
+      app.kubernetes.io/name: postgres-operator
+  template:
+    metadata:
+      annotations:
+        checksum/config: 52ef20120c7c04050deedcf1a89d46ab05d8f1a393965add8b29be5f3f020443
+      labels:
+        app.kubernetes.io/instance: postgres-operator
+        app.kubernetes.io/name: postgres-operator
+    spec:
+      containers:
+      - env:
+        - name: POSTGRES_OPERATOR_CONFIGURATION_OBJECT
+          value: postgres-operator
+        image: registry.opensource.zalan.do/acid/postgres-operator:v1.2.0
+        imagePullPolicy: IfNotPresent
+        name: postgres-operator
+      serviceAccountName: operator
+      tolerations: []

manifests/postgres-operator/base-crd/postgres-operator-operatorconfiguration.yaml

@@ -0,0 +1,73 @@
+apiVersion: acid.zalan.do/v1
+configuration:
+  aws_or_gcp:
+    aws_region: eu-central-1
+  debug:
+    debug_logging: true
+    enable_database_access: true
+  docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p9
+  enable_shm_volume: true
+  etcd_host: ""
+  kubernetes:
+    cluster_domain: cluster.local
+    cluster_labels:
+      application: spilo
+    cluster_name_label: cluster-name
+    enable_pod_antiaffinity: false
+    enable_pod_disruption_budget: true
+    oauth_token_secret_name: postgres-operator
+    pdb_name_format: postgres-{cluster}-pdb
+    pod_antiaffinity_topology_key: kubernetes.io/hostname
+    pod_management_policy: ordered_ready
+    pod_role_label: spilo-role
+    pod_service_account_name: operator
+    pod_terminate_grace_period: 5m
+    secret_name_template: '{username}.{cluster}.credentials.{tprkind}.{tprgroup}'
+    spilo_privileged: false
+    watched_namespace: '*'
+  load_balancer:
+    db_hosted_zone: db.example.com
+    enable_master_load_balancer: true
+    enable_replica_load_balancer: false
+    master_dns_name_format: '{cluster}.{team}.{hostedzone}'
+    replica_dns_name_format: '{cluster}-repl.{team}.{hostedzone}'
+  logging_rest_api:
+    api_port: 8080
+    cluster_history_entries: 1000
+    ring_log_lines: 100
+  logical_backup:
+    logical_backup_docker_image: registry.opensource.zalan.do/acid/logical-backup
+    logical_backup_s3_bucket: my-bucket-url
+    logical_backup_schedule: 30 00 * * *
+  max_instances: -1
+  min_instances: -1
+  postgres_pod_resources:
+    default_cpu_limit: "3"
+    default_cpu_request: 100m
+    default_memory_limit: 1Gi
+    default_memory_request: 100Mi
+  repair_period: 5m
+  resync_period: 30m
+  teams_api:
+    enable_team_superuser: false
+    enable_teams_api: false
+    pam_role_name: zalandos
+    protected_role_names:
+    - admin
+    team_admin_role: admin
+    team_api_role_configuration:
+      log_statement: all
+  timeouts:
+    pod_deletion_wait_timeout: 10m
+    pod_label_wait_timeout: 10m
+    ready_wait_interval: 3s
+    ready_wait_timeout: 30s
+    resource_check_interval: 3s
+    resource_check_timeout: 10m
+  users:
+    replication_username: standby
+    super_username: postgres
+  workers: 4
+kind: OperatorConfiguration
+metadata:
+  name: postgres-operator

manifests/postgres-operator/base-crd/postgresqls.acid.zalan.do-crd.yaml

@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: postgresqls.acid.zalan.do
+spec:
+  group: acid.zalan.do
+  names:
+    kind: postgresql
+    listKind: postgresqlList
+    plural: postgresqls
+    shortNames:
+    - pg
+    singular: postgresql
+  scope: Namespaced
+  version: v1

manifests/postgres-operator/kustomization.yaml

@@ -0,0 +1,27 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: postgres-operator
+commonLabels:
+  app.kubernetes.io/managed-by: kustomize
+  team: acid
+bases:
+- base-crd
+- ui
+configMapGenerator:
+- name: postgres-operator-ui
+  literals:
+  - WALE_S3_ENDPOINT=https+path://s3.us-west-1.amazonaws.com/bucket-for-wal
+  - SPILO_S3_BACKUP_BUCKET=bucket-for-backup
+images:
+- name: registry.opensource.zalan.do/acid/postgres-operator-ui
+  newTag: latest
+patchesStrategicMerge:
+- patches.yaml
+resources:
+- resources.yaml
+vars:
+- name: OPERATOR_API_SERVICE
+  objref:
+    apiVersion: v1
+    kind: Service
+    name: postgres-operator

manifests/postgres-operator/patches.yaml

@@ -0,0 +1,36 @@
+apiVersion: acid.zalan.do/v1
+kind: OperatorConfiguration
+metadata:
+  name: postgres-operator
+configuration:
+  aws_or_gcp:
+    aws_region: us-west-1
+  load_balancer:
+    enable_master_load_balancer: false
+  logical_backup:
+    logical_backup_docker_image: registry.opensource.zalan.do/acid/logical-backup
+    logical_backup_s3_bucket: postgres-operator-erica-nvda-dev
+    logical_backup_schedule: 30 00 * * *
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres-operator-ui
+spec:
+  template:
+    spec:
+      containers:
+      - name: service
+        env:
+        - name: OPERATOR_API_URL
+          value: http://$(OPERATOR_API_SERVICE)
+        - name: TARGET_NAMESPACE
+          value: postgres-cluster
+        - name: TEAMS
+          value: |-
+            [
+              "acid"
+            ]
+        envFrom:
+        - configMapRef:
+            name: postgres-operator-ui

manifests/postgres-operator/resources.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-operator
+spec:
+  selector:
+    app.kubernetes.io/instance: postgres-operator
+    app.kubernetes.io/name: postgres-operator
+  ports:
+  - port: 80
+    targetPort: 8080

manifests/postgres-operator/ui/deployment.yaml

@@ -0,0 +1,68 @@
+apiVersion: "apps/v1"
+kind: "Deployment"
+metadata:
+  name: "postgres-operator-ui"
+  namespace: "default"
+  labels:
+    application: "postgres-operator-ui"
+    team: "acid"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      application: "postgres-operator-ui"
+  template:
+    metadata:
+      labels:
+        application: "postgres-operator-ui"
+        team: "acid"
+    spec:
+      serviceAccountName: postgres-operator-ui
+      containers:
+        - name: "service"
+          image: registry.opensource.zalan.do/acid/postgres-operator-ui:v1.2.0
+          ports:
+            - containerPort: 8081
+              protocol: "TCP"
+          readinessProbe:
+            httpGet:
+              path: "/health"
+              port: 8081
+            initialDelaySeconds: 5
+            timeoutSeconds: 1
+          resources:
+            limits:
+              cpu: "300m"
+              memory: "3000Mi"
+            requests:
+              cpu: "100m"
+              memory: "100Mi"
+          env:
+            - name: "APP_URL"
+              value: "http://localhost:8081"
+            - name: "OPERATOR_API_URL"
+              value: "http://localhost:8080"
+            - name: "TARGET_NAMESPACE"
+              value: "default"
+            - name: "TEAMS"
+              value: |-
+                [
+                  "acid"
+                ]
+            - name: "OPERATOR_UI_CONFIG"
+              value: |-
+                {
+                  "docs_link":"https://postgres-operator.readthedocs.io/en/latest/",
+                  "dns_format_string": "{1}-{0}.{2}",
+                  "databases_visible": true,
+                  "master_load_balancer_visible": true,
+                  "nat_gateways_visible": false,
+                  "replica_load_balancer_visible": true,
+                  "resources_visible": true,
+                  "users_visible": true,
+                  "postgresql_versions": [
+                    "11",
+                    "10",
+                    "9.6"
+                  ]
+                }

manifests/postgres-operator/ui/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: postgres-operator-ui
+resources:
+- deployment.yaml
+- service.yaml
+- ui-service-account-rbac.yaml

manifests/postgres-operator/ui/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: "v1"
+kind: "Service"
+metadata:
+  name: "postgres-operator-ui"
+  namespace: "default"
+  labels:
+    application: "postgres-operator-ui"
+spec:
+  type: "ClusterIP"
+  selector:
+    application: "postgres-operator-ui"
+  ports:
+    - port: 80
+      protocol: "TCP"
+      targetPort: 8081

manifests/postgres-operator/ui/ui-service-account-rbac.yaml

@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: postgres-operator-ui
+  namespace: default
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: postgres-operator-ui
+rules:
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - postgresqls
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: postgres-operator-ui
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: postgres-operator-ui
+subjects:
+- kind: ServiceAccount
+# note: the cluster role binding needs to be defined
+# for every namespace the operator-ui service account lives in.
+  name: postgres-operator-ui
+  namespace: default