split up values files and add comments

charts/postgres-operator/.helmignore

@@ -19,3 +19,5 @@
 .project
 .idea/
 *.tmproj
+# ConfigMap
+# templates/configmap.yaml

charts/postgres-operator/templates/configmap.yaml

@@ -13,17 +13,13 @@ data:
                             {{- else }}
                                 {{ .Values.serviceAccount.name }}
                             {{- end }}
-  api_port: "{{ .Values.configLoggingRestApi.api_port }}"
-  cluster_history_entries: "{{ .Values.configLoggingRestApi.cluster_history_entries }}"
-  debug_logging: "{{ .Values.configDebug.debug_logging }}"
-  enable_database_access: "{{ .Values.configDebug.enable_database_access }}"
-  ring_log_lines: "{{ .Values.configLoggingRestApi.ring_log_lines }}"
-{{ toYaml .Values.config | indent 2 }}
-{{ toYaml .Values.configMap | indent 2 }}
+{{ toYaml .Values.configGeneral | indent 2 }}
 {{ toYaml .Values.configUsers | indent 2 }}
 {{ toYaml .Values.configKubernetes | indent 2 }}
 {{ toYaml .Values.configTimeouts | indent 2 }}
 {{ toYaml .Values.configLoadBalancer | indent 2 }}
 {{ toYaml .Values.configAwsOrGcp | indent 2 }}
 {{ toYaml .Values.configLogicalBackup | indent 2 }}
+{{ toYaml .Values.configDebug | indent 2 }}
+{{ toYaml .Values.configLoggingRestApi | indent 2 }}
 {{ toYaml .Values.configTeamsApi | indent 2 }}

charts/postgres-operator/templates/operatorconfiguration.yaml

@@ -8,21 +8,19 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 configuration:
-{{ toYaml .Values.config | indent 2 }}
-{{ toYaml .Values.configCRD | indent 2 }}
+{{ toYaml .Values.configGeneral | indent 2 }}
   users:
 {{ toYaml .Values.configUsers | indent 4 }}
   kubernetes:
     oauth_token_secret_name: {{ template "postgres-operator.fullname" . }}
     pod_service_account_name: operator
 {{ toYaml .Values.configKubernetes | indent 4 }}
-{{ toYaml .Values.configKubernetesCRD | indent 4 }}
   postgres_pod_resources:
 {{ toYaml .Values.configPostgresPodResources | indent 4 }}
   timeouts:
 {{ toYaml .Values.configTimeouts | indent 4 }}
   load_balancer:
-{{ toYaml .Values.configLoadBalancerCRD | indent 4 }}
+{{ toYaml .Values.configLoadBalancer | indent 4 }}
   aws_or_gcp:
 {{ toYaml .Values.configAwsOrGcp | indent 4 }}
   logical_backup:
@@ -30,7 +28,7 @@ configuration:
   debug:
 {{ toYaml .Values.configDebug | indent 4 }}
   teams_api:
-{{ toYaml .Values.configTeamsApiCRD | indent 4 }}
+{{ toYaml .Values.configTeamsApi | indent 4 }}
   logging_rest_api:
 {{ toYaml .Values.configLoggingRestApi | indent 4 }}
   scalyr:

charts/postgres-operator/values-crd.yaml

@@ -0,0 +1,265 @@
+image:
+  registry: registry.opensource.zalan.do
+  repository: acid/postgres-operator
+  tag: v1.1.0-52-g426b2c7-dirty
+  pullPolicy: "IfNotPresent"
+
+# Optionally specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+# imagePullSecrets:
+  # - name: myRegistryKeySecretName
+
+podAnnotations: {}
+podLabels: {}
+
+# general top-level configuration parameters
+configGeneral:
+  # etcd connection string for Patroni. Empty uses K8s-native DCS.
+  etcd_host: ""
+  # Spilo docker image
+  docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7
+  # max number of instances in Postgres cluster. -1 = no limit
+  min_instances: -1
+  # min number of instances in Postgres cluster. -1 = no limit
+  max_instances: -1
+  # period between consecutive repair requests
+  repair_period: 5m
+  # period between consecutive sync requests
+  resync_period: 30m
+  # map of sidecar names to docker images
+  # sidecar_docker_images
+  #  example: "exampleimage:exampletag"
+
+  # number of routines the operator spawns to process requests concurrently
+  workers: 4
+
+# parameters describing Postgres users
+configUsers:
+  # postgres username used for replication between instances
+  replication_username: standby
+  # postgres superuser name to be created by initdb
+  super_username: postgres
+
+configKubernetes:
+  # default DNS domain of K8s cluster where operator is running
+  cluster_domain: cluster.local
+  # additional labels assigned to the cluster objects
+  cluster_labels:
+      application: spilo
+  # label assigned to Kubernetes objects created by the operator
+  cluster_name_label: cluster-name
+  # toggles pod anti affinity on the Postgres pods
+  enable_pod_antiaffinity: false
+  # toggles PDB to set to MinAvailabe 0 or 1
+  enable_pod_disruption_budget: true
+  # name of the secret containing infrastructure roles names and passwords
+  # infrastructure_roles_secret_name: postgresql-infrastructure-roles
+
+  # list of labels that can be inherited from the cluster manifest
+  # inherited_labels:
+  # - application
+  # - app
+
+  # timeout for successful migration of master pods from unschedulable node
+  # master_pod_move_timeout: 20m
+
+  # set of labels that a running and active node should possess to be considered ready
+  # node_readiness_label: ""
+
+  # name of the secret containing the OAuth2 token to pass to the teams API
+  # oauth_token_secret_name: postgresql-operator
+
+  # defines the template for PDB (Pod Disruption Budget) names
+  pdb_name_format: "postgres-{cluster}-pdb"
+  # override topology key for pod anti affinity
+  pod_antiaffinity_topology_key: "kubernetes.io/hostname"
+  # name of the ConfigMap with environment variables to populate on every pod
+  # pod_environment_configmap: ""
+
+  # specify the pod management policy of stateful sets of Postgres clusters
+  pod_management_policy: "ordered_ready"
+  # label assigned to the Postgres pods (and services/endpoints)
+  pod_role_label: spilo-role
+  # Postgres pods are terminated forcefully after this timeout
+  pod_terminate_grace_period: 5m
+  # template for database user secrets generated by the operator
+  secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
+  # group ID with write-access to volumes (reuired to run Spilo as non-root process)
+  # spilo_fsgroup: 103
+
+  # whether the Spilo container should run in privileged mode
+  spilo_privileged: false
+  # operator watches for postgres objects in the given namespace
+  watched_namespace: "*" # listen to all namespaces
+
+# configure resource requests for the Postgres pods
+configPostgresPodResources:
+  # CPU limits for the postgres containers
+  default_cpu_limit: "3"
+  # cpu request value for the postgres containers
+  default_cpu_request: 100m
+  # memory limits for the postgres containers
+  default_memory_limit: 1Gi
+  # memory request value for the postgres containers
+  default_memory_request: 100Mi
+  # can prevent certain cases of memory overcommitment
+  # set_memory_request_to_limit: false
+
+# timeouts related to some operator actions
+configTimeouts:
+  # timeout when waiting for the Postgres pods to be deleted
+  pod_deletion_wait_timeout: 10m
+  # timeout when waiting for pod role and cluster labels
+  pod_label_wait_timeout: 10m
+  # interval between consecutive attempts waiting for postgresql CRD to be created
+  ready_wait_interval: 3s
+  # timeout for the complete postgres CRD creation
+  ready_wait_timeout: 30s
+  # interval to wait between consecutive attempts to check for some K8s resources
+  resource_check_interval: 3s
+  # timeout when waiting for the presence of a certain K8s resource (e.g. Sts, PDB)
+  resource_check_timeout: 10m
+
+# configure behavior of load balancers
+configLoadBalancer:
+  # DNS zone for cluster DNS name when load balancer is configured for cluster
+  db_hosted_zone: db.example.com
+  # annotations to apply to service when load balancing is enabled
+  # custom_service_annotations:
+  #   keyx: valuez
+  #   keya: valuea
+
+  # toggles service type load balancer pointing to the master pod of the cluster
+  enable_master_load_balancer: true
+  # toggles service type load balancer pointing to the replica pod of the cluster
+  enable_replica_load_balancer: false
+  # defines the DNS name string template for the master load balancer cluster
+  master_dns_name_format: "{cluster}.{team}.{hostedzone}"
+  # defines the DNS name string template for the replica load balancer cluster
+  replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}"
+
+# Options to aid debugging of the operator itself
+configDebug:
+  # toggles verbose debug logs from the operator
+  debug_logging: true
+  # toggles operator functionality that require access to the postgres database
+  enable_database_access: true
+
+# parameters affecting logging and REST API listener
+configLoggingRestApi:
+  # REST API listener listens to this port
+  api_port: 8080
+  # number of entries in the cluster history ring buffer
+  cluster_history_entries: 1000
+  # number of lines in the ring buffer used to store cluster logs
+  ring_log_lines: 100
+
+# configure interaction with non-Kubernetes objects from AWS or GCP
+configAwsOrGcp:
+  # Additional Secret (aws or gcp credentials) to mount in the pod
+  # additional_secret_mount: "some-secret-name"
+
+  # Path to mount the above Secret in the filesystem of the container(s)
+  # additional_secret_mount_path: "/some/dir"
+
+  # AWS region used to store ESB volumes
+  aws_region: eu-central-1
+
+  # AWS IAM role to supply in the iam.amazonaws.com/role annotation of Postgres pods
+  # kube_iam_role: ""
+
+  # S3 bucket to use for shipping postgres daily logs
+  # log_s3_bucket: ""
+
+  # S3 bucket to use for shipping WAL segments with WAL-E
+  # wal_s3_bucket: ""
+
+# configure K8s cron job managed by the operator
+configLogicalBackup:
+  # backup schedule in the cron format
+  logical_backup_schedule: "30 00 * * *"
+  # image for pods of the logical backup job (example runs pg_dumpall)
+  logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
+  # S3 bucket to store backup results
+  logical_backup_s3_bucket: ""
+
+# automate creation of human users with teams API service
+configTeamsApi:
+  # team_admin_role will have the rights to grant roles coming from PG manifests
+  # enable_admin_role_for_users: true
+
+  # toggle to grant superuser to team members created from the Teams API
+  enable_team_superuser: false
+  # toggles usage of the Teams API by the operator
+  enable_teams_api: false
+  # should contain a URL to use for authentication (username and token)
+  # pam_configuration: ""
+
+  # operator will add all team member roles to this group and add a pg_hba line
+  pam_role_name: zalandos
+  # List of teams which members need the superuser role in each Postgres cluster
+  # postgres_superuser_teams: "postgres_superusers"
+
+  # List of roles that cannot be overwritten by an application, team or infrastructure role
+  protected_role_names:
+  - admin
+  # role name to grant to team members created from the Teams API
+  team_admin_role: admin
+  # postgres config parameters to apply to each team member role
+  team_api_role_configuration:
+    log_statement: all
+  # URL of the Teams API service
+  # teams_api_url: http://fake-teams-api.default.svc.cluster.local
+
+# Scalyr is a log management tool that Zalando uses as a sidecar
+scalyr:
+  # API key for the Scalyr sidecar
+  # scalyr_api_key: ""
+
+  # Docker image for the Scalyr sidecar
+  # scalyr_image: ""
+
+  # CPU limit value for the Scalyr sidecar
+  scalyr_cpu_limit: "1"
+  # CPU rquest value for the Scalyr sidecar
+  scalyr_cpu_request: 100m
+  # Memory limit value for the Scalyr sidecar
+  scalyr_memory_limit: 1Gi
+  # Memory request value for the Scalyr sidecar
+  scalyr_memory_request: 50Mi
+
+rbac:
+  # Specifies whether RBAC resources should be created
+  create: true
+
+serviceAccount:
+  # Specifies whether a ServiceAccount should be created
+  create: true
+  # The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using the fullname template
+  # When relying solely on the OperatorConfiguration CRD, set this value to "operator"
+  # Otherwise, the operator tries to use the "default" service account which is forbidden
+  name: "operator"
+
+priorityClassName: ""
+
+resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 300Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 300Mi
+
+# Affinity for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+affinity: {}
+
+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}

charts/postgres-operator/values.yaml

@@ -14,157 +14,202 @@ podAnnotations: {}
 podLabels: {}
 
 # config shared from ConfigMap and CRD
-config:
+configGeneral:
+  # etcd connection string for Patroni. Empty uses K8s-native DCS.
   etcd_host: ""
+  # Spilo docker image
   docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7
+  # max number of instances in Postgres cluster. -1 = no limit
+  min_instances: "-1"
+  # min number of instances in Postgres cluster. -1 = no limit
+  max_instances: "-1"
+  # period between consecutive repair requests
   repair_period: 5m
-  resync_period: 5m
+  # period between consecutive sync requests
+  resync_period: 30m
+  # map of sidecar names to docker images
+  # sidecar_docker_images: ""
 
+  # number of routines the operator spawns to process requests concurrently
+  workers: "4"
+
+# parameters describing Postgres users
 configUsers:
+  # postgres username used for replication between instances
   replication_username: standby
+  # postgres superuser name to be created by initdb
   super_username: postgres
 
 configKubernetes:
+  # default DNS domain of K8s cluster where operator is running
   cluster_domain: cluster.local
+  # additional labels assigned to the cluster objects
+  cluster_labels: application:spilo
+  # label assigned to Kubernetes objects created by the operator
+  cluster_name_label: version
+  # toggles pod anti affinity on the Postgres pods
+  enable_pod_antiaffinity: "false"
+  # toggles PDB to set to MinAvailabe 0 or 1
+  enable_pod_disruption_budget: "true"
+  # name of the secret containing infrastructure roles names and passwords
   # infrastructure_roles_secret_name: postgresql-infrastructure-roles
-  # master_pod_move_timeout: 10m
+
+  # list of labels that can be inherited from the cluster manifest
+  # inherited_labels: ""
+
+  # timeout for successful migration of master pods from unschedulable node
+  # master_pod_move_timeout: 20m
+
+  # set of labels that a running and active node should possess to be considered ready
   # node_readiness_label: ""
+
+  # name of the secret containing the OAuth2 token to pass to the teams API
   # oauth_token_secret_name: postgresql-operator
+
+  # defines the template for PDB (Pod Disruption Budget) names
   pdb_name_format: "postgres-{cluster}-pdb"
+  # override topology key for pod anti affinity
   pod_antiaffinity_topology_key: "kubernetes.io/hostname"
+  # name of the ConfigMap with environment variables to populate on every pod
   # pod_environment_configmap: ""
+
+  # specify the pod management policy of stateful sets of Postgres clusters
   pod_management_policy: "ordered_ready"
+  # label assigned to the Postgres pods (and services/endpoints)
   pod_role_label: spilo-role
+  # Postgres pods are terminated forcefully after this timeout
   pod_terminate_grace_period: 5m
+  # template for database user secrets generated by the operator
   secret_name_template: '{username}.{cluster}.credentials'
+  # group ID with write-access to volumes (reuired to run Spilo as non-root process)
   # spilo_fsgroup: "103"
+
+  # whether the Spilo container should run in privileged mode
+  spilo_privileged: "false"
+  # operator watches for postgres objects in the given namespace
   watched_namespace: "*" # listen to all namespaces
 
+# configure resource requests for the Postgres pods
 configPostgresPodResources:
-  default_cpu_request: 100m
-  default_memory_request: 100Mi
+  # CPU limits for the postgres containers
   default_cpu_limit: "3"
+  # cpu request value for the postgres containers
+  default_cpu_request: 100m
+  # memory limits for the postgres containers
   default_memory_limit: 1Gi
+  # memory request value for the postgres containers
+  default_memory_request: 100Mi
+  # can prevent certain cases of memory overcommitment
+  # set_memory_request_to_limit: "false"
 
+# timeouts related to some operator actions
 configTimeouts:
+  # timeout when waiting for the Postgres pods to be deleted
   pod_deletion_wait_timeout: 10m
+  # timeout when waiting for pod role and cluster labels
   pod_label_wait_timeout: 10m
+  # interval between consecutive attempts waiting for postgresql CRD to be created
   ready_wait_interval: 3s
+  # timeout for the complete postgres CRD creation
   ready_wait_timeout: 30s
+  # interval to wait between consecutive attempts to check for some K8s resources
   resource_check_interval: 3s
+  # timeout when waiting for the presence of a certain K8s resource (e.g. Sts, PDB)
   resource_check_timeout: 10m
 
-configDebug:
-  debug_logging: true
-  enable_database_access: true
-
-configLoggingRestApi:
-  api_port: 8080
-  cluster_history_entries: 1000
-  ring_log_lines: 100
-
-configAwsOrGcp:
-  # additional_secret_mount: "some-secret-name"
-  # additional_secret_mount_path: "/some/dir"
-  aws_region: eu-central-1
-  # kube_iam_role: ""
-  # log_s3_bucket: ""
-  # wal_s3_bucket: ""
-
-configLogicalBackup:
-  logical_backup_schedule: "30 00 * * *"
-  logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
-  logical_backup_s3_bucket: ""
-
-# config exclusive to ConfigMap
-configMap:
-  cluster_labels: application:spilo
-  cluster_name_label: version
-  enable_pod_antiaffinity: "false"
-  enable_pod_disruption_budget: "true"
-  # inherited_labels: ""
-  max_instances: "-1"
-  min_instances: "-1"
-  # set_memory_request_to_limit: "true"
-  # sidecar_docker_images: ""
-  spilo_privileged: "false"
-  workers: "4"
-
+# configure behavior of load balancers
 configLoadBalancer:
+  # DNS zone for cluster DNS name when load balancer is configured for cluster
   db_hosted_zone: db.example.com
+  # annotations to apply to service when load balancing is enabled
   # custom_service_annotations:
   #   "keyx:valuez,keya:valuea"
+
+  # toggles service type load balancer pointing to the master pod of the cluster
   enable_master_load_balancer: "true"
+  # toggles service type load balancer pointing to the replica pod of the cluster
   enable_replica_load_balancer: "false"
+  # defines the DNS name string template for the master load balancer cluster
   master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}'
+  # defines the DNS name string template for the replica load balancer cluster
   replica_dns_name_format: '{cluster}-repl.{team}.staging.{hostedzone}'
 
+# options to aid debugging of the operator itself
+configDebug:
+  # toggles verbose debug logs from the operator
+  debug_logging: "true"
+  # toggles operator functionality that require access to the postgres database
+  enable_database_access: "true"
+
+# parameters affecting logging and REST API listener
+configLoggingRestApi:
+  # REST API listener listens to this port
+  api_port: "8080"
+  # number of entries in the cluster history ring buffer
+  cluster_history_entries: "1000"
+  # number of lines in the ring buffer used to store cluster logs
+  ring_log_lines: "100"
+
+# configure interaction with non-Kubernetes objects from AWS or GCP
+configAwsOrGcp:
+  # Additional Secret (aws or gcp credentials) to mount in the pod
+  # additional_secret_mount: "some-secret-name"
+
+  # Path to mount the above Secret in the filesystem of the container(s)
+  # additional_secret_mount_path: "/some/dir"
+
+  # AWS region used to store ESB volumes
+  aws_region: eu-central-1
+
+  # AWS IAM role to supply in the iam.amazonaws.com/role annotation of Postgres pods
+  # kube_iam_role: ""
+
+  # S3 bucket to use for shipping postgres daily logs
+  # log_s3_bucket: ""
+
+  # S3 bucket to use for shipping WAL segments with WAL-E
+  # wal_s3_bucket: ""
+
+# configure K8s cron job managed by the operator
+configLogicalBackup:
+  # backup schedule in the cron format
+  logical_backup_schedule: "30 00 * * *"
+  # image for pods of the logical backup job (example runs pg_dumpall)
+  logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
+  # S3 bucket to store backup results
+  logical_backup_s3_bucket: ""
+
+# automate creation of human users with teams API service
 configTeamsApi:
+  # team_admin_role will have the rights to grant roles coming from PG manifests
   # enable_admin_role_for_users: "true"
+
+  # toggle to grant superuser to team members created from the Teams API
   # enable_team_superuser: "false"
+
+  # toggles usage of the Teams API by the operator
   enable_teams_api: "false"
+  # should contain a URL to use for authentication (username and token)
   # pam_configuration: https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees
+
+  # operator will add all team member roles to this group and add a pg_hba line
   # pam_role_name: zalandos
+
+  # List of teams which members need the superuser role in each Postgres cluster
   # postgres_superuser_teams: "postgres_superusers"
+
+  # List of roles that cannot be overwritten by an application, team or infrastructure role
   # protected_role_names: "admin"
+
+  # role name to grant to team members created from the Teams API
   # team_admin_role: "admin"
+
+  # postgres config parameters to apply to each team member role
   # team_api_role_configuration: "log_statement:all"
+
+  # URL of the Teams API service
   # teams_api_url: http://fake-teams-api.default.svc.cluster.local
 
-# config exclusive to CRD
-configCRD:
-  min_instances: -1
-  max_instances: -1
-  # set_memory_request_to_limit: true
-  # sidecar_docker_images
-  #  example: "exampleimage:exampletag"
-
-configKubernetesCRD:
-  cluster_labels:
-      application: spilo
-  cluster_name_label: cluster-name
-  enable_pod_antiaffinity: false
-  enable_pod_disruption_budget: true
-  secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
-  spilo_privileged: false
-  # inherited_labels:
-  # - application
-  # - app
-  # watched_namespace: ""
-
-configLoadBalancerCRD:
-  # db_hosted_zone: ""
-  # custom_service_annotations:
-  #   keyx: valuez
-  #   keya: valuea
-  enable_master_load_balancer: false
-  enable_replica_load_balancer: false
-  master_dns_name_format: "{cluster}.{team}.{hostedzone}"
-  replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}"
-
-configTeamsApiCRD:
-  # enable_admin_role_for_users: true
-  enable_teams_api: false
-  enable_team_superuser: false
-  # pam_configuration: ""
-  pam_role_name: zalandos
-  # postgres_superuser_teams: "postgres_superusers"
-  protected_role_names:
-  - admin
-  team_admin_role: admin
-  team_api_role_configuration:
-    log_statement: all
-  # teams_api_url: ""
-
-scalyr:
-  scalyr_cpu_request: 100m
-  scalyr_memory_request: 50Mi
-  scalyr_cpu_limit: "1"
-  scalyr_memory_limit: 1Gi
-  # scalyr_api_key: ""
-  # scalyr_image: ""
-  # scalyr_server_url: ""
-
 rbac:
   # Specifies whether RBAC resources should be created
   create: true

docs/reference/operator_parameters.md

@@ -478,7 +478,7 @@ key.
   `https://info.example.com/oauth2/tokeninfo?access_token= uid
   realm=/employees`.
 
-* **protected_roles**
+* **protected_role_names**
   List of roles that cannot be overwritten by an application, team or
   infrastructure role. The default is `admin`.
 

manifests/configmap.yaml

@@ -67,7 +67,7 @@ data:
   ring_log_lines: "100"
   secret_name_template: '{username}.{cluster}.credentials'
   # sidecar_docker_images: ""
-  # set_memory_request_to_limit: "true"
+  # set_memory_request_to_limit: "false"
   spilo_privileged: "false"
   super_username: postgres
   # team_admin_role: "admin"

manifests/postgresql-operator-default-configuration.yaml

@@ -9,7 +9,6 @@ configuration:
   min_instances: -1
   resync_period: 30m
   repair_period: 5m
-  # set_memory_request_to_limit: true
   # sidecar_docker_images:
   #   example: "exampleimage:exampletag"
   workers: 4
@@ -42,10 +41,11 @@ configuration:
     # toleration: {}
     # watched_namespace:""
   postgres_pod_resources:
-    default_cpu_limit: 3
+    default_cpu_limit: "3"
     default_cpu_request: 100m
     default_memory_limit: 1Gi
     default_memory_request: 100Mi
+    # set_memory_request_to_limit: false
   timeouts:
     pod_label_wait_timeout: 10m
     pod_deletion_wait_timeout: 10m
@@ -95,7 +95,7 @@ configuration:
     ring_log_lines: 100
   scalyr:
     # scalyr_api_key: ""
-    scalyr_cpu_limit: 1
+    scalyr_cpu_limit: "1"
     scalyr_cpu_request: 100m
     # scalyr_image: ""
     scalyr_memory_limit: 1Gi

pkg/apis/acid.zalan.do/v1/operator_configuration_type.go

@@ -76,6 +76,7 @@ type PostgresPodResourcesDefaults struct {
 	DefaultMemoryRequest    string `json:"default_memory_request,omitempty"`
 	DefaultCPULimit         string `json:"default_cpu_limit,omitempty"`
 	DefaultMemoryLimit      string `json:"default_memory_limit,omitempty"`
+	SetMemoryRequestToLimit bool   `json:"set_memory_request_to_limit,omitempty"`
 }
 
 // OperatorTimeouts defines the timeout of ResourceCheck, PodWait, ReadyWait
@@ -160,7 +161,6 @@ type OperatorConfigurationData struct {
 	PostgresUsersConfiguration PostgresUsersConfiguration         `json:"users"`
 	Kubernetes                 KubernetesMetaConfiguration        `json:"kubernetes"`
 	PostgresPodResources       PostgresPodResourcesDefaults       `json:"postgres_pod_resources"`
-	SetMemoryRequestToLimit    bool                               `json:"set_memory_request_to_limit,omitempty"`
 	Timeouts                   OperatorTimeouts                   `json:"timeouts"`
 	LoadBalancer               LoadBalancerConfiguration          `json:"load_balancer"`
 	AWSGCP                     AWSGCPConfiguration                `json:"aws_or_gcp"`

pkg/controller/operator_config.go

@@ -24,6 +24,7 @@ func (c *Controller) readOperatorConfigurationFromCRD(configObjectNamespace, con
 func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigurationData) *config.Config {
 	result := &config.Config{}
 
+	// general config
 	result.EtcdHost = fromCRD.EtcdHost
 	result.DockerImage = fromCRD.DockerImage
 	result.Workers = fromCRD.Workers
@@ -33,9 +34,11 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.RepairPeriod = time.Duration(fromCRD.RepairPeriod)
 	result.Sidecars = fromCRD.Sidecars
 
+	// user config
 	result.SuperUsername = fromCRD.PostgresUsersConfiguration.SuperUsername
 	result.ReplicationUsername = fromCRD.PostgresUsersConfiguration.ReplicationUsername
 
+	// kubernetes config
 	result.PodServiceAccountName = fromCRD.Kubernetes.PodServiceAccountName
 	result.PodServiceAccountDefinition = fromCRD.Kubernetes.PodServiceAccountDefinition
 	result.PodServiceAccountRoleBindingDefinition = fromCRD.Kubernetes.PodServiceAccountRoleBindingDefinition
@@ -58,16 +61,17 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.PodPriorityClassName = fromCRD.Kubernetes.PodPriorityClassName
 	result.PodManagementPolicy = fromCRD.Kubernetes.PodManagementPolicy
 	result.MasterPodMoveTimeout = fromCRD.Kubernetes.MasterPodMoveTimeout
-
 	result.EnablePodAntiAffinity = fromCRD.Kubernetes.EnablePodAntiAffinity
 	result.PodAntiAffinityTopologyKey = fromCRD.Kubernetes.PodAntiAffinityTopologyKey
 
+	// Postgres Pod resources
 	result.DefaultCPURequest = fromCRD.PostgresPodResources.DefaultCPURequest
 	result.DefaultMemoryRequest = fromCRD.PostgresPodResources.DefaultMemoryRequest
 	result.DefaultCPULimit = fromCRD.PostgresPodResources.DefaultCPULimit
 	result.DefaultMemoryLimit = fromCRD.PostgresPodResources.DefaultMemoryLimit
-	result.SetMemoryRequestToLimit = fromCRD.SetMemoryRequestToLimit
+	result.SetMemoryRequestToLimit = fromCRD.PostgresPodResources.SetMemoryRequestToLimit
 
+	// timeout config
 	result.ResourceCheckInterval = time.Duration(fromCRD.Timeouts.ResourceCheckInterval)
 	result.ResourceCheckTimeout = time.Duration(fromCRD.Timeouts.ResourceCheckTimeout)
 	result.PodLabelWaitTimeout = time.Duration(fromCRD.Timeouts.PodLabelWaitTimeout)
@@ -75,6 +79,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.ReadyWaitInterval = time.Duration(fromCRD.Timeouts.ReadyWaitInterval)
 	result.ReadyWaitTimeout = time.Duration(fromCRD.Timeouts.ReadyWaitTimeout)
 
+	// load balancer config
 	result.DbHostedZone = fromCRD.LoadBalancer.DbHostedZone
 	result.EnableMasterLoadBalancer = fromCRD.LoadBalancer.EnableMasterLoadBalancer
 	result.EnableReplicaLoadBalancer = fromCRD.LoadBalancer.EnableReplicaLoadBalancer
@@ -82,6 +87,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.MasterDNSNameFormat = fromCRD.LoadBalancer.MasterDNSNameFormat
 	result.ReplicaDNSNameFormat = fromCRD.LoadBalancer.ReplicaDNSNameFormat
 
+	// AWS or GCP config
 	result.WALES3Bucket = fromCRD.AWSGCP.WALES3Bucket
 	result.AWSRegion = fromCRD.AWSGCP.AWSRegion
 	result.LogS3Bucket = fromCRD.AWSGCP.LogS3Bucket
@@ -89,8 +95,16 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.AdditionalSecretMount = fromCRD.AWSGCP.AdditionalSecretMount
 	result.AdditionalSecretMountPath = fromCRD.AWSGCP.AdditionalSecretMountPath
 
+	// logical backup config
+	result.LogicalBackupSchedule = fromCRD.LogicalBackup.Schedule
+	result.LogicalBackupDockerImage = fromCRD.LogicalBackup.DockerImage
+	result.LogicalBackupS3Bucket = fromCRD.LogicalBackup.S3Bucket
+
+	// debug config
 	result.DebugLogging = fromCRD.OperatorDebug.DebugLogging
 	result.EnableDBAccess = fromCRD.OperatorDebug.EnableDBAccess
+
+	// Teams API config
 	result.EnableTeamsAPI = fromCRD.TeamsAPI.EnableTeamsAPI
 	result.TeamsAPIUrl = fromCRD.TeamsAPI.TeamsAPIUrl
 	result.TeamAPIRoleConfiguration = fromCRD.TeamsAPI.TeamAPIRoleConfiguration
@@ -98,12 +112,16 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.EnableAdminRoleForUsers = fromCRD.TeamsAPI.EnableAdminRoleForUsers
 	result.TeamAdminRole = fromCRD.TeamsAPI.TeamAdminRole
 	result.PamRoleName = fromCRD.TeamsAPI.PamRoleName
+	result.PamConfiguration = fromCRD.TeamsAPI.PamConfiguration
+	result.ProtectedRoles = fromCRD.TeamsAPI.ProtectedRoles
 	result.PostgresSuperuserTeams = fromCRD.TeamsAPI.PostgresSuperuserTeams
 
+	// logging REST API config
 	result.APIPort = fromCRD.LoggingRESTAPI.APIPort
 	result.RingLogLines = fromCRD.LoggingRESTAPI.RingLogLines
 	result.ClusterHistoryEntries = fromCRD.LoggingRESTAPI.ClusterHistoryEntries
 
+	// Scalyr config
 	result.ScalyrAPIKey = fromCRD.Scalyr.ScalyrAPIKey
 	result.ScalyrImage = fromCRD.Scalyr.ScalyrImage
 	result.ScalyrServerURL = fromCRD.Scalyr.ScalyrServerURL
@@ -112,9 +130,5 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.ScalyrCPULimit = fromCRD.Scalyr.ScalyrCPULimit
 	result.ScalyrMemoryLimit = fromCRD.Scalyr.ScalyrMemoryLimit
 
-	result.LogicalBackupSchedule = fromCRD.LogicalBackup.Schedule
-	result.LogicalBackupDockerImage = fromCRD.LogicalBackup.DockerImage
-	result.LogicalBackupS3Bucket = fromCRD.LogicalBackup.S3Bucket
-
 	return result
 }