diff --git a/charts/postgres-operator/.helmignore b/charts/postgres-operator/.helmignore index f0c131944..5a41c7275 100644 --- a/charts/postgres-operator/.helmignore +++ b/charts/postgres-operator/.helmignore @@ -19,3 +19,5 @@ .project .idea/ *.tmproj +# ConfigMap +# templates/configmap.yaml diff --git a/charts/postgres-operator/templates/configmap.yaml b/charts/postgres-operator/templates/configmap.yaml index bc004f579..15502522b 100644 --- a/charts/postgres-operator/templates/configmap.yaml +++ b/charts/postgres-operator/templates/configmap.yaml @@ -13,17 +13,13 @@ data: {{- else }} {{ .Values.serviceAccount.name }} {{- end }} - api_port: "{{ .Values.configLoggingRestApi.api_port }}" - cluster_history_entries: "{{ .Values.configLoggingRestApi.cluster_history_entries }}" - debug_logging: "{{ .Values.configDebug.debug_logging }}" - enable_database_access: "{{ .Values.configDebug.enable_database_access }}" - ring_log_lines: "{{ .Values.configLoggingRestApi.ring_log_lines }}" -{{ toYaml .Values.config | indent 2 }} -{{ toYaml .Values.configMap | indent 2 }} +{{ toYaml .Values.configGeneral | indent 2 }} {{ toYaml .Values.configUsers | indent 2 }} {{ toYaml .Values.configKubernetes | indent 2 }} {{ toYaml .Values.configTimeouts | indent 2 }} {{ toYaml .Values.configLoadBalancer | indent 2 }} {{ toYaml .Values.configAwsOrGcp | indent 2 }} {{ toYaml .Values.configLogicalBackup | indent 2 }} +{{ toYaml .Values.configDebug | indent 2 }} +{{ toYaml .Values.configLoggingRestApi | indent 2 }} {{ toYaml .Values.configTeamsApi | indent 2 }} diff --git a/charts/postgres-operator/templates/operatorconfiguration.yaml b/charts/postgres-operator/templates/operatorconfiguration.yaml index d305f0b25..cf44a904f 100644 --- a/charts/postgres-operator/templates/operatorconfiguration.yaml +++ b/charts/postgres-operator/templates/operatorconfiguration.yaml @@ -8,21 +8,19 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} configuration: -{{ toYaml .Values.config | indent 2 }} -{{ toYaml .Values.configCRD | indent 2 }} +{{ toYaml .Values.configGeneral | indent 2 }} users: {{ toYaml .Values.configUsers | indent 4 }} kubernetes: oauth_token_secret_name: {{ template "postgres-operator.fullname" . }} pod_service_account_name: operator {{ toYaml .Values.configKubernetes | indent 4 }} -{{ toYaml .Values.configKubernetesCRD | indent 4 }} postgres_pod_resources: {{ toYaml .Values.configPostgresPodResources | indent 4 }} timeouts: {{ toYaml .Values.configTimeouts | indent 4 }} load_balancer: -{{ toYaml .Values.configLoadBalancerCRD | indent 4 }} +{{ toYaml .Values.configLoadBalancer | indent 4 }} aws_or_gcp: {{ toYaml .Values.configAwsOrGcp | indent 4 }} logical_backup: @@ -30,7 +28,7 @@ configuration: debug: {{ toYaml .Values.configDebug | indent 4 }} teams_api: -{{ toYaml .Values.configTeamsApiCRD | indent 4 }} +{{ toYaml .Values.configTeamsApi | indent 4 }} logging_rest_api: {{ toYaml .Values.configLoggingRestApi | indent 4 }} scalyr: diff --git a/charts/postgres-operator/values-crd.yaml b/charts/postgres-operator/values-crd.yaml new file mode 100644 index 000000000..83acb9467 --- /dev/null +++ b/charts/postgres-operator/values-crd.yaml @@ -0,0 +1,265 @@ +image: + registry: registry.opensource.zalan.do + repository: acid/postgres-operator + tag: v1.1.0-52-g426b2c7-dirty + pullPolicy: "IfNotPresent" + +# Optionally specify an array of imagePullSecrets. +# Secrets must be manually created in the namespace. +# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod +# imagePullSecrets: + # - name: myRegistryKeySecretName + +podAnnotations: {} +podLabels: {} + +# general top-level configuration parameters +configGeneral: + # etcd connection string for Patroni. Empty uses K8s-native DCS. + etcd_host: "" + # Spilo docker image + docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7 + # max number of instances in Postgres cluster. -1 = no limit + min_instances: -1 + # min number of instances in Postgres cluster. -1 = no limit + max_instances: -1 + # period between consecutive repair requests + repair_period: 5m + # period between consecutive sync requests + resync_period: 30m + # map of sidecar names to docker images + # sidecar_docker_images + # example: "exampleimage:exampletag" + + # number of routines the operator spawns to process requests concurrently + workers: 4 + +# parameters describing Postgres users +configUsers: + # postgres username used for replication between instances + replication_username: standby + # postgres superuser name to be created by initdb + super_username: postgres + +configKubernetes: + # default DNS domain of K8s cluster where operator is running + cluster_domain: cluster.local + # additional labels assigned to the cluster objects + cluster_labels: + application: spilo + # label assigned to Kubernetes objects created by the operator + cluster_name_label: cluster-name + # toggles pod anti affinity on the Postgres pods + enable_pod_antiaffinity: false + # toggles PDB to set to MinAvailabe 0 or 1 + enable_pod_disruption_budget: true + # name of the secret containing infrastructure roles names and passwords + # infrastructure_roles_secret_name: postgresql-infrastructure-roles + + # list of labels that can be inherited from the cluster manifest + # inherited_labels: + # - application + # - app + + # timeout for successful migration of master pods from unschedulable node + # master_pod_move_timeout: 20m + + # set of labels that a running and active node should possess to be considered ready + # node_readiness_label: "" + + # name of the secret containing the OAuth2 token to pass to the teams API + # oauth_token_secret_name: postgresql-operator + + # defines the template for PDB (Pod Disruption Budget) names + pdb_name_format: "postgres-{cluster}-pdb" + # override topology key for pod anti affinity + pod_antiaffinity_topology_key: "kubernetes.io/hostname" + # name of the ConfigMap with environment variables to populate on every pod + # pod_environment_configmap: "" + + # specify the pod management policy of stateful sets of Postgres clusters + pod_management_policy: "ordered_ready" + # label assigned to the Postgres pods (and services/endpoints) + pod_role_label: spilo-role + # Postgres pods are terminated forcefully after this timeout + pod_terminate_grace_period: 5m + # template for database user secrets generated by the operator + secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + # group ID with write-access to volumes (reuired to run Spilo as non-root process) + # spilo_fsgroup: 103 + + # whether the Spilo container should run in privileged mode + spilo_privileged: false + # operator watches for postgres objects in the given namespace + watched_namespace: "*" # listen to all namespaces + +# configure resource requests for the Postgres pods +configPostgresPodResources: + # CPU limits for the postgres containers + default_cpu_limit: "3" + # cpu request value for the postgres containers + default_cpu_request: 100m + # memory limits for the postgres containers + default_memory_limit: 1Gi + # memory request value for the postgres containers + default_memory_request: 100Mi + # can prevent certain cases of memory overcommitment + # set_memory_request_to_limit: false + +# timeouts related to some operator actions +configTimeouts: + # timeout when waiting for the Postgres pods to be deleted + pod_deletion_wait_timeout: 10m + # timeout when waiting for pod role and cluster labels + pod_label_wait_timeout: 10m + # interval between consecutive attempts waiting for postgresql CRD to be created + ready_wait_interval: 3s + # timeout for the complete postgres CRD creation + ready_wait_timeout: 30s + # interval to wait between consecutive attempts to check for some K8s resources + resource_check_interval: 3s + # timeout when waiting for the presence of a certain K8s resource (e.g. Sts, PDB) + resource_check_timeout: 10m + +# configure behavior of load balancers +configLoadBalancer: + # DNS zone for cluster DNS name when load balancer is configured for cluster + db_hosted_zone: db.example.com + # annotations to apply to service when load balancing is enabled + # custom_service_annotations: + # keyx: valuez + # keya: valuea + + # toggles service type load balancer pointing to the master pod of the cluster + enable_master_load_balancer: true + # toggles service type load balancer pointing to the replica pod of the cluster + enable_replica_load_balancer: false + # defines the DNS name string template for the master load balancer cluster + master_dns_name_format: "{cluster}.{team}.{hostedzone}" + # defines the DNS name string template for the replica load balancer cluster + replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" + +# Options to aid debugging of the operator itself +configDebug: + # toggles verbose debug logs from the operator + debug_logging: true + # toggles operator functionality that require access to the postgres database + enable_database_access: true + +# parameters affecting logging and REST API listener +configLoggingRestApi: + # REST API listener listens to this port + api_port: 8080 + # number of entries in the cluster history ring buffer + cluster_history_entries: 1000 + # number of lines in the ring buffer used to store cluster logs + ring_log_lines: 100 + +# configure interaction with non-Kubernetes objects from AWS or GCP +configAwsOrGcp: + # Additional Secret (aws or gcp credentials) to mount in the pod + # additional_secret_mount: "some-secret-name" + + # Path to mount the above Secret in the filesystem of the container(s) + # additional_secret_mount_path: "/some/dir" + + # AWS region used to store ESB volumes + aws_region: eu-central-1 + + # AWS IAM role to supply in the iam.amazonaws.com/role annotation of Postgres pods + # kube_iam_role: "" + + # S3 bucket to use for shipping postgres daily logs + # log_s3_bucket: "" + + # S3 bucket to use for shipping WAL segments with WAL-E + # wal_s3_bucket: "" + +# configure K8s cron job managed by the operator +configLogicalBackup: + # backup schedule in the cron format + logical_backup_schedule: "30 00 * * *" + # image for pods of the logical backup job (example runs pg_dumpall) + logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup" + # S3 bucket to store backup results + logical_backup_s3_bucket: "" + +# automate creation of human users with teams API service +configTeamsApi: + # team_admin_role will have the rights to grant roles coming from PG manifests + # enable_admin_role_for_users: true + + # toggle to grant superuser to team members created from the Teams API + enable_team_superuser: false + # toggles usage of the Teams API by the operator + enable_teams_api: false + # should contain a URL to use for authentication (username and token) + # pam_configuration: "" + + # operator will add all team member roles to this group and add a pg_hba line + pam_role_name: zalandos + # List of teams which members need the superuser role in each Postgres cluster + # postgres_superuser_teams: "postgres_superusers" + + # List of roles that cannot be overwritten by an application, team or infrastructure role + protected_role_names: + - admin + # role name to grant to team members created from the Teams API + team_admin_role: admin + # postgres config parameters to apply to each team member role + team_api_role_configuration: + log_statement: all + # URL of the Teams API service + # teams_api_url: http://fake-teams-api.default.svc.cluster.local + +# Scalyr is a log management tool that Zalando uses as a sidecar +scalyr: + # API key for the Scalyr sidecar + # scalyr_api_key: "" + + # Docker image for the Scalyr sidecar + # scalyr_image: "" + + # CPU limit value for the Scalyr sidecar + scalyr_cpu_limit: "1" + # CPU rquest value for the Scalyr sidecar + scalyr_cpu_request: 100m + # Memory limit value for the Scalyr sidecar + scalyr_memory_limit: 1Gi + # Memory request value for the Scalyr sidecar + scalyr_memory_request: 50Mi + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + # When relying solely on the OperatorConfiguration CRD, set this value to "operator" + # Otherwise, the operator tries to use the "default" service account which is forbidden + name: "operator" + +priorityClassName: "" + +resources: {} + # limits: + # cpu: 100m + # memory: 300Mi + # requests: + # cpu: 100m + # memory: 300Mi + +# Affinity for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} + +# Tolerations for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Node labels for pod assignment +# Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index d47c62c1c..79c2f898d 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -14,157 +14,202 @@ podAnnotations: {} podLabels: {} # config shared from ConfigMap and CRD -config: +configGeneral: + # etcd connection string for Patroni. Empty uses K8s-native DCS. etcd_host: "" + # Spilo docker image docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7 + # max number of instances in Postgres cluster. -1 = no limit + min_instances: "-1" + # min number of instances in Postgres cluster. -1 = no limit + max_instances: "-1" + # period between consecutive repair requests repair_period: 5m - resync_period: 5m + # period between consecutive sync requests + resync_period: 30m + # map of sidecar names to docker images + # sidecar_docker_images: "" + # number of routines the operator spawns to process requests concurrently + workers: "4" + +# parameters describing Postgres users configUsers: + # postgres username used for replication between instances replication_username: standby + # postgres superuser name to be created by initdb super_username: postgres configKubernetes: + # default DNS domain of K8s cluster where operator is running cluster_domain: cluster.local + # additional labels assigned to the cluster objects + cluster_labels: application:spilo + # label assigned to Kubernetes objects created by the operator + cluster_name_label: version + # toggles pod anti affinity on the Postgres pods + enable_pod_antiaffinity: "false" + # toggles PDB to set to MinAvailabe 0 or 1 + enable_pod_disruption_budget: "true" + # name of the secret containing infrastructure roles names and passwords # infrastructure_roles_secret_name: postgresql-infrastructure-roles - # master_pod_move_timeout: 10m + + # list of labels that can be inherited from the cluster manifest + # inherited_labels: "" + + # timeout for successful migration of master pods from unschedulable node + # master_pod_move_timeout: 20m + + # set of labels that a running and active node should possess to be considered ready # node_readiness_label: "" + + # name of the secret containing the OAuth2 token to pass to the teams API # oauth_token_secret_name: postgresql-operator + + # defines the template for PDB (Pod Disruption Budget) names pdb_name_format: "postgres-{cluster}-pdb" + # override topology key for pod anti affinity pod_antiaffinity_topology_key: "kubernetes.io/hostname" + # name of the ConfigMap with environment variables to populate on every pod # pod_environment_configmap: "" + + # specify the pod management policy of stateful sets of Postgres clusters pod_management_policy: "ordered_ready" + # label assigned to the Postgres pods (and services/endpoints) pod_role_label: spilo-role + # Postgres pods are terminated forcefully after this timeout pod_terminate_grace_period: 5m + # template for database user secrets generated by the operator secret_name_template: '{username}.{cluster}.credentials' + # group ID with write-access to volumes (reuired to run Spilo as non-root process) # spilo_fsgroup: "103" + + # whether the Spilo container should run in privileged mode + spilo_privileged: "false" + # operator watches for postgres objects in the given namespace watched_namespace: "*" # listen to all namespaces +# configure resource requests for the Postgres pods configPostgresPodResources: - default_cpu_request: 100m - default_memory_request: 100Mi + # CPU limits for the postgres containers default_cpu_limit: "3" + # cpu request value for the postgres containers + default_cpu_request: 100m + # memory limits for the postgres containers default_memory_limit: 1Gi + # memory request value for the postgres containers + default_memory_request: 100Mi + # can prevent certain cases of memory overcommitment + # set_memory_request_to_limit: "false" +# timeouts related to some operator actions configTimeouts: + # timeout when waiting for the Postgres pods to be deleted pod_deletion_wait_timeout: 10m + # timeout when waiting for pod role and cluster labels pod_label_wait_timeout: 10m + # interval between consecutive attempts waiting for postgresql CRD to be created ready_wait_interval: 3s + # timeout for the complete postgres CRD creation ready_wait_timeout: 30s + # interval to wait between consecutive attempts to check for some K8s resources resource_check_interval: 3s + # timeout when waiting for the presence of a certain K8s resource (e.g. Sts, PDB) resource_check_timeout: 10m -configDebug: - debug_logging: true - enable_database_access: true - -configLoggingRestApi: - api_port: 8080 - cluster_history_entries: 1000 - ring_log_lines: 100 - -configAwsOrGcp: - # additional_secret_mount: "some-secret-name" - # additional_secret_mount_path: "/some/dir" - aws_region: eu-central-1 - # kube_iam_role: "" - # log_s3_bucket: "" - # wal_s3_bucket: "" - -configLogicalBackup: - logical_backup_schedule: "30 00 * * *" - logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup" - logical_backup_s3_bucket: "" - -# config exclusive to ConfigMap -configMap: - cluster_labels: application:spilo - cluster_name_label: version - enable_pod_antiaffinity: "false" - enable_pod_disruption_budget: "true" - # inherited_labels: "" - max_instances: "-1" - min_instances: "-1" - # set_memory_request_to_limit: "true" - # sidecar_docker_images: "" - spilo_privileged: "false" - workers: "4" - +# configure behavior of load balancers configLoadBalancer: + # DNS zone for cluster DNS name when load balancer is configured for cluster db_hosted_zone: db.example.com + # annotations to apply to service when load balancing is enabled # custom_service_annotations: # "keyx:valuez,keya:valuea" + + # toggles service type load balancer pointing to the master pod of the cluster enable_master_load_balancer: "true" + # toggles service type load balancer pointing to the replica pod of the cluster enable_replica_load_balancer: "false" + # defines the DNS name string template for the master load balancer cluster master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}' + # defines the DNS name string template for the replica load balancer cluster replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}' +# options to aid debugging of the operator itself +configDebug: + # toggles verbose debug logs from the operator + debug_logging: "true" + # toggles operator functionality that require access to the postgres database + enable_database_access: "true" + +# parameters affecting logging and REST API listener +configLoggingRestApi: + # REST API listener listens to this port + api_port: "8080" + # number of entries in the cluster history ring buffer + cluster_history_entries: "1000" + # number of lines in the ring buffer used to store cluster logs + ring_log_lines: "100" + +# configure interaction with non-Kubernetes objects from AWS or GCP +configAwsOrGcp: + # Additional Secret (aws or gcp credentials) to mount in the pod + # additional_secret_mount: "some-secret-name" + + # Path to mount the above Secret in the filesystem of the container(s) + # additional_secret_mount_path: "/some/dir" + + # AWS region used to store ESB volumes + aws_region: eu-central-1 + + # AWS IAM role to supply in the iam.amazonaws.com/role annotation of Postgres pods + # kube_iam_role: "" + + # S3 bucket to use for shipping postgres daily logs + # log_s3_bucket: "" + + # S3 bucket to use for shipping WAL segments with WAL-E + # wal_s3_bucket: "" + +# configure K8s cron job managed by the operator +configLogicalBackup: + # backup schedule in the cron format + logical_backup_schedule: "30 00 * * *" + # image for pods of the logical backup job (example runs pg_dumpall) + logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup" + # S3 bucket to store backup results + logical_backup_s3_bucket: "" + +# automate creation of human users with teams API service configTeamsApi: + # team_admin_role will have the rights to grant roles coming from PG manifests # enable_admin_role_for_users: "true" + + # toggle to grant superuser to team members created from the Teams API # enable_team_superuser: "false" + + # toggles usage of the Teams API by the operator enable_teams_api: "false" + # should contain a URL to use for authentication (username and token) # pam_configuration: https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees + + # operator will add all team member roles to this group and add a pg_hba line # pam_role_name: zalandos + + # List of teams which members need the superuser role in each Postgres cluster # postgres_superuser_teams: "postgres_superusers" + + # List of roles that cannot be overwritten by an application, team or infrastructure role # protected_role_names: "admin" + + # role name to grant to team members created from the Teams API # team_admin_role: "admin" + + # postgres config parameters to apply to each team member role # team_api_role_configuration: "log_statement:all" + + # URL of the Teams API service # teams_api_url: http://fake-teams-api.default.svc.cluster.local -# config exclusive to CRD -configCRD: - min_instances: -1 - max_instances: -1 - # set_memory_request_to_limit: true - # sidecar_docker_images - # example: "exampleimage:exampletag" - -configKubernetesCRD: - cluster_labels: - application: spilo - cluster_name_label: cluster-name - enable_pod_antiaffinity: false - enable_pod_disruption_budget: true - secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" - spilo_privileged: false - # inherited_labels: - # - application - # - app - # watched_namespace: "" - -configLoadBalancerCRD: - # db_hosted_zone: "" - # custom_service_annotations: - # keyx: valuez - # keya: valuea - enable_master_load_balancer: false - enable_replica_load_balancer: false - master_dns_name_format: "{cluster}.{team}.{hostedzone}" - replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" - -configTeamsApiCRD: - # enable_admin_role_for_users: true - enable_teams_api: false - enable_team_superuser: false - # pam_configuration: "" - pam_role_name: zalandos - # postgres_superuser_teams: "postgres_superusers" - protected_role_names: - - admin - team_admin_role: admin - team_api_role_configuration: - log_statement: all - # teams_api_url: "" - -scalyr: - scalyr_cpu_request: 100m - scalyr_memory_request: 50Mi - scalyr_cpu_limit: "1" - scalyr_memory_limit: 1Gi - # scalyr_api_key: "" - # scalyr_image: "" - # scalyr_server_url: "" - rbac: # Specifies whether RBAC resources should be created create: true diff --git a/docs/reference/operator_parameters.md b/docs/reference/operator_parameters.md index fcd0b2623..8a2212ad4 100644 --- a/docs/reference/operator_parameters.md +++ b/docs/reference/operator_parameters.md @@ -478,7 +478,7 @@ key. `https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees`. -* **protected_roles** +* **protected_role_names** List of roles that cannot be overwritten by an application, team or infrastructure role. The default is `admin`. diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml index 52dd5bf70..c721b33e8 100644 --- a/manifests/configmap.yaml +++ b/manifests/configmap.yaml @@ -67,7 +67,7 @@ data: ring_log_lines: "100" secret_name_template: '{username}.{cluster}.credentials' # sidecar_docker_images: "" - # set_memory_request_to_limit: "true" + # set_memory_request_to_limit: "false" spilo_privileged: "false" super_username: postgres # team_admin_role: "admin" diff --git a/manifests/postgresql-operator-default-configuration.yaml b/manifests/postgresql-operator-default-configuration.yaml index 429fb1433..c5baf705e 100644 --- a/manifests/postgresql-operator-default-configuration.yaml +++ b/manifests/postgresql-operator-default-configuration.yaml @@ -9,7 +9,6 @@ configuration: min_instances: -1 resync_period: 30m repair_period: 5m - # set_memory_request_to_limit: true # sidecar_docker_images: # example: "exampleimage:exampletag" workers: 4 @@ -42,10 +41,11 @@ configuration: # toleration: {} # watched_namespace:"" postgres_pod_resources: - default_cpu_limit: 3 + default_cpu_limit: "3" default_cpu_request: 100m default_memory_limit: 1Gi default_memory_request: 100Mi + # set_memory_request_to_limit: false timeouts: pod_label_wait_timeout: 10m pod_deletion_wait_timeout: 10m @@ -95,7 +95,7 @@ configuration: ring_log_lines: 100 scalyr: # scalyr_api_key: "" - scalyr_cpu_limit: 1 + scalyr_cpu_limit: "1" scalyr_cpu_request: 100m # scalyr_image: "" scalyr_memory_limit: 1Gi diff --git a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go index 30e1d1504..64b181a6d 100644 --- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go +++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go @@ -72,10 +72,11 @@ type KubernetesMetaConfiguration struct { // PostgresPodResourcesDefaults defines the spec of default resources type PostgresPodResourcesDefaults struct { - DefaultCPURequest string `json:"default_cpu_request,omitempty"` - DefaultMemoryRequest string `json:"default_memory_request,omitempty"` - DefaultCPULimit string `json:"default_cpu_limit,omitempty"` - DefaultMemoryLimit string `json:"default_memory_limit,omitempty"` + DefaultCPURequest string `json:"default_cpu_request,omitempty"` + DefaultMemoryRequest string `json:"default_memory_request,omitempty"` + DefaultCPULimit string `json:"default_cpu_limit,omitempty"` + DefaultMemoryLimit string `json:"default_memory_limit,omitempty"` + SetMemoryRequestToLimit bool `json:"set_memory_request_to_limit,omitempty"` } // OperatorTimeouts defines the timeout of ResourceCheck, PodWait, ReadyWait @@ -160,7 +161,6 @@ type OperatorConfigurationData struct { PostgresUsersConfiguration PostgresUsersConfiguration `json:"users"` Kubernetes KubernetesMetaConfiguration `json:"kubernetes"` PostgresPodResources PostgresPodResourcesDefaults `json:"postgres_pod_resources"` - SetMemoryRequestToLimit bool `json:"set_memory_request_to_limit,omitempty"` Timeouts OperatorTimeouts `json:"timeouts"` LoadBalancer LoadBalancerConfiguration `json:"load_balancer"` AWSGCP AWSGCPConfiguration `json:"aws_or_gcp"` diff --git a/pkg/controller/operator_config.go b/pkg/controller/operator_config.go index bfd46f163..0a2141b25 100644 --- a/pkg/controller/operator_config.go +++ b/pkg/controller/operator_config.go @@ -24,6 +24,7 @@ func (c *Controller) readOperatorConfigurationFromCRD(configObjectNamespace, con func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigurationData) *config.Config { result := &config.Config{} + // general config result.EtcdHost = fromCRD.EtcdHost result.DockerImage = fromCRD.DockerImage result.Workers = fromCRD.Workers @@ -33,9 +34,11 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.RepairPeriod = time.Duration(fromCRD.RepairPeriod) result.Sidecars = fromCRD.Sidecars + // user config result.SuperUsername = fromCRD.PostgresUsersConfiguration.SuperUsername result.ReplicationUsername = fromCRD.PostgresUsersConfiguration.ReplicationUsername + // kubernetes config result.PodServiceAccountName = fromCRD.Kubernetes.PodServiceAccountName result.PodServiceAccountDefinition = fromCRD.Kubernetes.PodServiceAccountDefinition result.PodServiceAccountRoleBindingDefinition = fromCRD.Kubernetes.PodServiceAccountRoleBindingDefinition @@ -58,16 +61,17 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.PodPriorityClassName = fromCRD.Kubernetes.PodPriorityClassName result.PodManagementPolicy = fromCRD.Kubernetes.PodManagementPolicy result.MasterPodMoveTimeout = fromCRD.Kubernetes.MasterPodMoveTimeout - result.EnablePodAntiAffinity = fromCRD.Kubernetes.EnablePodAntiAffinity result.PodAntiAffinityTopologyKey = fromCRD.Kubernetes.PodAntiAffinityTopologyKey + // Postgres Pod resources result.DefaultCPURequest = fromCRD.PostgresPodResources.DefaultCPURequest result.DefaultMemoryRequest = fromCRD.PostgresPodResources.DefaultMemoryRequest result.DefaultCPULimit = fromCRD.PostgresPodResources.DefaultCPULimit result.DefaultMemoryLimit = fromCRD.PostgresPodResources.DefaultMemoryLimit - result.SetMemoryRequestToLimit = fromCRD.SetMemoryRequestToLimit + result.SetMemoryRequestToLimit = fromCRD.PostgresPodResources.SetMemoryRequestToLimit + // timeout config result.ResourceCheckInterval = time.Duration(fromCRD.Timeouts.ResourceCheckInterval) result.ResourceCheckTimeout = time.Duration(fromCRD.Timeouts.ResourceCheckTimeout) result.PodLabelWaitTimeout = time.Duration(fromCRD.Timeouts.PodLabelWaitTimeout) @@ -75,6 +79,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.ReadyWaitInterval = time.Duration(fromCRD.Timeouts.ReadyWaitInterval) result.ReadyWaitTimeout = time.Duration(fromCRD.Timeouts.ReadyWaitTimeout) + // load balancer config result.DbHostedZone = fromCRD.LoadBalancer.DbHostedZone result.EnableMasterLoadBalancer = fromCRD.LoadBalancer.EnableMasterLoadBalancer result.EnableReplicaLoadBalancer = fromCRD.LoadBalancer.EnableReplicaLoadBalancer @@ -82,6 +87,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.MasterDNSNameFormat = fromCRD.LoadBalancer.MasterDNSNameFormat result.ReplicaDNSNameFormat = fromCRD.LoadBalancer.ReplicaDNSNameFormat + // AWS or GCP config result.WALES3Bucket = fromCRD.AWSGCP.WALES3Bucket result.AWSRegion = fromCRD.AWSGCP.AWSRegion result.LogS3Bucket = fromCRD.AWSGCP.LogS3Bucket @@ -89,8 +95,16 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.AdditionalSecretMount = fromCRD.AWSGCP.AdditionalSecretMount result.AdditionalSecretMountPath = fromCRD.AWSGCP.AdditionalSecretMountPath + // logical backup config + result.LogicalBackupSchedule = fromCRD.LogicalBackup.Schedule + result.LogicalBackupDockerImage = fromCRD.LogicalBackup.DockerImage + result.LogicalBackupS3Bucket = fromCRD.LogicalBackup.S3Bucket + + // debug config result.DebugLogging = fromCRD.OperatorDebug.DebugLogging result.EnableDBAccess = fromCRD.OperatorDebug.EnableDBAccess + + // Teams API config result.EnableTeamsAPI = fromCRD.TeamsAPI.EnableTeamsAPI result.TeamsAPIUrl = fromCRD.TeamsAPI.TeamsAPIUrl result.TeamAPIRoleConfiguration = fromCRD.TeamsAPI.TeamAPIRoleConfiguration @@ -98,12 +112,16 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.EnableAdminRoleForUsers = fromCRD.TeamsAPI.EnableAdminRoleForUsers result.TeamAdminRole = fromCRD.TeamsAPI.TeamAdminRole result.PamRoleName = fromCRD.TeamsAPI.PamRoleName + result.PamConfiguration = fromCRD.TeamsAPI.PamConfiguration + result.ProtectedRoles = fromCRD.TeamsAPI.ProtectedRoles result.PostgresSuperuserTeams = fromCRD.TeamsAPI.PostgresSuperuserTeams + // logging REST API config result.APIPort = fromCRD.LoggingRESTAPI.APIPort result.RingLogLines = fromCRD.LoggingRESTAPI.RingLogLines result.ClusterHistoryEntries = fromCRD.LoggingRESTAPI.ClusterHistoryEntries + // Scalyr config result.ScalyrAPIKey = fromCRD.Scalyr.ScalyrAPIKey result.ScalyrImage = fromCRD.Scalyr.ScalyrImage result.ScalyrServerURL = fromCRD.Scalyr.ScalyrServerURL @@ -112,9 +130,5 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.ScalyrCPULimit = fromCRD.Scalyr.ScalyrCPULimit result.ScalyrMemoryLimit = fromCRD.Scalyr.ScalyrMemoryLimit - result.LogicalBackupSchedule = fromCRD.LogicalBackup.Schedule - result.LogicalBackupDockerImage = fromCRD.LogicalBackup.DockerImage - result.LogicalBackupS3Bucket = fromCRD.LogicalBackup.S3Bucket - return result }