From c243074083d7cb15eeb17e9ec94899bc51ac37f4 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Mon, 1 Apr 2019 15:39:18 +0200 Subject: [PATCH 1/7] Updated quickstart and link from README (#527) * updated quickstart and link from README * added/updated Helm chart description in other docs --- README.md | 69 +++------------------------ docs/administrator.md | 17 +++++-- docs/developer.md | 19 ++++---- docs/quickstart.md | 107 ++++++++++++++++++++++++++++++++---------- 4 files changed, 114 insertions(+), 98 deletions(-) diff --git a/README.md b/README.md index 8c6fee81a..61f5c5adc 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,11 @@ manages PostgreSQL clusters on Kubernetes: 4. The operator aims to be hands free and configuration happens only via manifests and its own config. This enables easy integration in automated deploy pipelines with no access to Kubernetes directly. +# Getting started + +For a quick first impression follow the instructions of [this](docs/quickstart.md) +tutorial. + # Google Summer of Code The Postgres Operator made it to the [Google Summer of Code 2019](https://summerofcode.withgoogle.com/)! As a brand new mentoring organization, we are now looking for our first mentees. Check [our ideas](https://github.com/zalando/postgres-operator/blob/master/docs/gsoc-2019/ideas.md#google-summer-of-code-2019) and start discussion in [the issue tracker](https://github.com/zalando/postgres-operator/issues). And don't forget to spread a word about our GSoC participation to attract even more students. @@ -48,7 +53,7 @@ The Postgres Operator made it to the [Google Summer of Code 2019](https://summer The rest of this document is a tutorial to get you up and running locally with the operator on Minikube. -## Overview of involved entities +## Overview of involved entities Here is a diagram, that summarizes what would be created by the operator, when a new Postgres cluster CRD is submitted: @@ -64,69 +69,9 @@ These two diagrams should help you to understand the basics of what kind of functionality the operator provides. There is a browser-friendly version of this documentation at [postgres-operator.readthedocs.io](https://postgres-operator.readthedocs.io) - + ## Community There are two places to get in touch with the community: 1. The [GitHub issue tracker](https://github.com/zalando/postgres-operator/issues) 2. The #postgres-operator slack channel under [Postgres Slack](https://postgres-slack.herokuapp.com) - -## Quickstart - -Prerequisites: - -* [minikube](https://github.com/kubernetes/minikube/releases) -* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-via-curl) - -Note that you can also use built-in Kubernetes support in the Docker Desktop -for Mac to follow the steps of this tutorial. You would have to replace -`minikube start` and `minikube delete` with your launch actionsfor the Docker -built-in Kubernetes support. - -### Local execution - -```bash -git clone https://github.com/zalando/postgres-operator.git -cd postgres-operator - -minikube start - -# start the operator; may take a few seconds -kubectl create -f manifests/configmap.yaml # configuration -kubectl create -f manifests/operator-service-account-rbac.yaml # identity and permissions -kubectl create -f manifests/postgres-operator.yaml # deployment - -# create a Postgres cluster in a non-default namespace -kubectl create namespace test -kubectl config set-context minikube --namespace=test -kubectl create -f manifests/minimal-postgres-manifest.yaml - -# connect to the Postgres master via psql -# operator creates the relevant k8s secret -export HOST_PORT=$(minikube service --namespace test acid-minimal-cluster --url | sed 's,.*/,,') -export PGHOST=$(echo $HOST_PORT | cut -d: -f 1) -export PGPORT=$(echo $HOST_PORT | cut -d: -f 2) -export PGPASSWORD=$(kubectl get secret postgres.acid-minimal-cluster.credentials -o 'jsonpath={.data.password}' | base64 -d) -psql -U postgres - -# tear down cleanly -minikube delete -``` - -We have automated starting the operator and submitting the `acid-minimal-cluster` for you: -```bash -cd postgres-operator -./run_operator_locally.sh -``` - -Note we provide the `/manifests` directory as an example only; you should consider adjusting the manifests to your particular setting. - -## Running and testing the operator - -The best way to test the operator is to run it locally in [minikube](https://kubernetes.io/docs/getting-started-guides/minikube/). See developer docs(`docs/developer.yaml`) for details. - -### Configuration Options - -The operator can be configured with the provided ConfigMap(`manifests/configmap.yaml`) or the operator's own CRD. - - diff --git a/docs/administrator.md b/docs/administrator.md index 208e9ddb9..32a749e36 100644 --- a/docs/administrator.md +++ b/docs/administrator.md @@ -22,6 +22,17 @@ Next deploy the postgres-operator from the docker image Zalando is using: If you prefer to build the image yourself follow up down below. +### - Helm chart + +You can install postgres-operator also with a [Helm](https://helm.sh/) chart. +This requires installing the Helm CLI first and then initializing it in the +cluster. + +```bash + $ helm init + $ helm install --name my-release ./charts/postgres-operator +``` + ## Check if CustomResourceDefinition has been registered ```bash @@ -312,7 +323,7 @@ generated from the current cluster manifest. There are two types of scans: * `sync scan`, running every `resync_period` seconds for every cluster * `repair scan`, coming every `repair_period` only for those clusters that didn't -report success as a result of the last operation applied to them. +report success as a result of the last operation applied to them. ## Postgres roles supported by the operator @@ -329,8 +340,8 @@ Postgres database cluster: ## Understanding rolling update of Spilo pods -The operator logs reasons for a rolling update with the `info` level and -a diff between the old and new StatefulSet specs with the `debug` level. +The operator logs reasons for a rolling update with the `info` level and +a diff between the old and new StatefulSet specs with the `debug` level. To read the latter log entry with the escaped characters rendered, view it in CLI with `echo -e`. Note that the resultant message will contain some noise because the `PodTemplate` used by the operator is yet to be updated diff --git a/docs/developer.md b/docs/developer.md index 5857c2266..294d06ebf 100644 --- a/docs/developer.md +++ b/docs/developer.md @@ -29,14 +29,6 @@ ConfigMap is used to store the configuration of the operator ## Deploying the operator -### - Helm chart - -You can install postgres-operator with helm chart. - -```bash - $ helm install --name my-release ./charts/postgres-operator -``` - ### - Kubernetes manifest First you need to install the service account definition in your Minikube cluster. @@ -53,6 +45,17 @@ Next deploy the postgres-operator from the docker image Zalando is using: If you prefer to build the image yourself follow up down below. +### - Helm chart + +You can install postgres-operator also with a [Helm](https://helm.sh/) chart. +This requires installing the Helm CLI first and then initializing it in the +cluster. + +```bash + $ helm init + $ helm install --name my-release ./charts/postgres-operator +``` + ## Check if CustomResourceDefinition has been registered ```bash diff --git a/docs/quickstart.md b/docs/quickstart.md index bdf5bd5d0..244f45b54 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -1,73 +1,130 @@ ## Prerequisites: -In order to run the Postgres operator locally in minikube you need to install the following tools: +In order to run the Postgres Operator locally in minikube you need to install +the following tools: * [minikube](https://github.com/kubernetes/minikube/releases) * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-binary-via-curl) Note that you can also use built-in Kubernetes support in the Docker Desktop for Mac to follow the steps of this tutorial. You would have to replace -`minikube start` and `minikube delete` with your launch actionsfor the Docker +`minikube start` and `minikube delete` with your launch actions for the Docker built-in Kubernetes support. -## Local execution +Clone the repository and change to the directory. Then start minikube. ```bash git clone https://github.com/zalando/postgres-operator.git cd postgres-operator minikube start +``` -# start the operator using one of helm chart or yaml manifests; +## Manual deployment setup -# - install postgres-operator with helm chart. +The Postgres Operator can be installed simply by applying yaml manifests. + +```bash +kubectl create -f manifests/configmap.yaml # configuration +kubectl create -f manifests/operator-service-account-rbac.yaml # identity and permissions +kubectl create -f manifests/postgres-operator.yaml # deployment +``` + +## Helm chart + +Another possibility is using a provided [Helm](https://helm.sh/) chart which +saves you these steps. Therefore, you would need to install the helm CLI on your +machine. After initializing helm (and its server component Tiller) in your local +cluster you can install the operator chart. + +```bash # 1) initialize helm helm init # 2) install postgres-operator chart helm install --name postgres-operator ./charts/postgres-operator +``` -# - install postgres-operator with yaml manifests. -kubectl create -f manifests/configmap.yaml # configuration -kubectl create -f manifests/operator-service-account-rbac.yaml # identity and permissions -kubectl create -f manifests/postgres-operator.yaml # deployment +## Create a Postgres cluster +Starting the operator may take a few seconds. Check if the operator pod is +running before applying a Postgres cluster manifest. -# starting the operator may take a few seconds -# check if operator pod is running - -# - if you've created the operator using helm chart -kubectl get po -l app.kubernetes.io/name=postgres-operator - -# - if you've created the operator using yaml manifests -kubectl get po -l name=postgres-operator +```bash +# if you've created the operator using yaml manifests +kubectl get pod -l name=postgres-operator +# if you've created the operator using helm chart +kubectl get pod -l app.kubernetes.io/name=postgres-operator # create a Postgres cluster kubectl create -f manifests/minimal-postgres-manifest.yaml +``` -# connect to the Postgres master via psql -# operator creates the relevant k8s secret +After the cluster manifest is submitted the operator will create Service and +Endpoint resources and a StatefulSet which spins up new Pod(s) given the number +of instances specified in the manifest. All resources are named like the +cluster. The database pods can be identified by their number suffix, starting +from `-0`. They run the [Spilo](https://github.com/zalando/spilo) container +image by Zalando. As for the services and endpoints, there will be one for the +master pod and another one for all the replicas (`-repl` suffix). Check if all +components are coming up. Use the label `application=spilo` to filter and list +the label `spilo-role` to see who is currently the master. + +```bash +# check the deployed cluster +kubectl get postgresql + +# check created database pods +kubectl get pods -l application=spilo -L spilo-role + +# check created service resources +kubectl get svc -l application=spilo -L spilo-role +``` + +## Connect to the Postgres cluster via psql + +You can retrieve the host and port of the Postgres master from minikube. +Retrieve the password from the Kubernetes Secret that is created in your cluster. + +```bash export HOST_PORT=$(minikube service acid-minimal-cluster --url | sed 's,.*/,,') export PGHOST=$(echo $HOST_PORT | cut -d: -f 1) export PGPORT=$(echo $HOST_PORT | cut -d: -f 2) export PGPASSWORD=$(kubectl get secret postgres.acid-minimal-cluster.credentials -o 'jsonpath={.data.password}' | base64 -d) psql -U postgres +``` + +## Delete a Postgres cluster + +To delete a Postgres cluster simply delete the postgresql custom resource. + +```bash +kubectl delete postgresql acid-minimal-cluster # tear down cleanly minikube delete ``` -We have automated starting the operator and submitting the `acid-minimal-cluster` for you: -```bash -cd postgres-operator -./run_operator_locally.sh -``` ## Running and testing the operator The best way to test the operator is to run it in [minikube](https://kubernetes.io/docs/getting-started-guides/minikube/). Minikube is a tool to run Kubernetes cluster locally. +For convenience, we have automated starting the operator and submitting the +`acid-minimal-cluster`. From inside the cloned repository execute the +`run_operator_locally` shell script. + +```bash +./run_operator_locally.sh +``` + +Note we provide the `/manifests` directory as an example only; you should +consider adjusting the manifests to your particular setting. + + ### Configuration Options -The operator can be configured with the provided ConfigMap (`manifests/configmap.yaml`). +The operator can be configured with the provided ConfigMap +(`manifests/configmap.yaml`) or the operator's own CRD. See +[developer docs](developer.md) for details. From 313db7d10bd5de7774c369a6a2e0d2334987cf72 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Tue, 2 Apr 2019 17:16:47 +0200 Subject: [PATCH 2/7] set default name also for RoleBinding and roleRef (#529) --- pkg/controller/controller.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 9b30f89a1..2d814fd14 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -230,6 +230,8 @@ func (c *Controller) initRoleBinding() { default: c.PodServiceAccountRoleBinding = obj.(*rbacv1beta1.RoleBinding) c.PodServiceAccountRoleBinding.Namespace = "" + c.PodServiceAccountRoleBinding.ObjectMeta.Name = c.PodServiceAccount.Name + c.PodServiceAccountRoleBinding.RoleRef.Name = c.PodServiceAccount.Name c.PodServiceAccountRoleBinding.Subjects[0].Name = c.PodServiceAccount.Name c.logger.Info("successfully parsed") From 15ec6a920d71282d28ce8239423c0239c7b28e02 Mon Sep 17 00:00:00 2001 From: Aaron Miller <1521726+aaroniscode@users.noreply.github.com> Date: Wed, 3 Apr 2019 11:13:39 -0400 Subject: [PATCH 3/7] Config option to allow Spilo container to run non-privileged. (#525) * Config option to allow Spilo container to run non-privileged. Runs non-privileged by default. Fixes #395 * add spilo_privileged to manifests/configmap.yaml * add spilo_privileged to helm chart's values.yaml --- charts/postgres-operator/values.yaml | 1 + docs/reference/operator_parameters.md | 3 +++ manifests/configmap.yaml | 1 + manifests/postgresql-operator-default-configuration.yaml | 1 + pkg/apis/acid.zalan.do/v1/operator_configuration_type.go | 1 + pkg/cluster/k8sres.go | 3 ++- pkg/controller/operator_config.go | 1 + pkg/util/config/config.go | 1 + 8 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index 5a4c48974..1f3397bad 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -25,6 +25,7 @@ config: secret_name_template: '{username}.{cluster}.credentials' super_username: postgres enable_teams_api: "false" + spilo_privileged: "false" # set_memory_request_to_limit: "true" # postgres_superuser_teams: "postgres_superusers" # enable_team_superuser: "false" diff --git a/docs/reference/operator_parameters.md b/docs/reference/operator_parameters.md index 6332e6d8a..11fee3846 100644 --- a/docs/reference/operator_parameters.md +++ b/docs/reference/operator_parameters.md @@ -212,6 +212,9 @@ configuration they are grouped under the `kubernetes` key. class](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass) that should be assigned to the Postgres pods. The priority class itself must be defined in advance. Default is empty (use the default priority class). + +* **spilo_privileged** + whether the Spilo container should run in privileged mode. Privileged mode is used for AWS volume resizing and not required if you don't need that capability. The default is `false`. * **master_pod_move_timeout** The period of time to wait for the success of migration of master pods from an unschedulable node. diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml index 28babdfe6..9b951e582 100644 --- a/manifests/configmap.yaml +++ b/manifests/configmap.yaml @@ -15,6 +15,7 @@ data: secret_name_template: '{username}.{cluster}.credentials' super_username: postgres enable_teams_api: "false" + spilo_privileged: "false" # custom_service_annotations: # "keyx:valuez,keya:valuea" # set_memory_request_to_limit: "true" diff --git a/manifests/postgresql-operator-default-configuration.yaml b/manifests/postgresql-operator-default-configuration.yaml index 5b9de1073..ef88fdd25 100644 --- a/manifests/postgresql-operator-default-configuration.yaml +++ b/manifests/postgresql-operator-default-configuration.yaml @@ -23,6 +23,7 @@ configuration: secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" oauth_token_secret_name: postgresql-operator pod_role_label: spilo-role + spilo_privileged: false cluster_labels: application: spilo # inherited_labels: diff --git a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go index dde9b624b..a13575de2 100644 --- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go +++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go @@ -45,6 +45,7 @@ type KubernetesMetaConfiguration struct { PodServiceAccountDefinition string `json:"pod_service_account_definition,omitempty"` PodServiceAccountRoleBindingDefinition string `json:"pod_service_account_role_binding_definition,omitempty"` PodTerminateGracePeriod Duration `json:"pod_terminate_grace_period,omitempty"` + SpiloPrivileged bool `json:"spilo_privileged,omitemty"` WatchedNamespace string `json:"watched_namespace,omitempty"` PDBNameFormat config.StringTemplate `json:"pdb_name_format,omitempty"` SecretNameTemplate config.StringTemplate `json:"secret_name_template,omitempty"` diff --git a/pkg/cluster/k8sres.go b/pkg/cluster/k8sres.go index 6f86edd85..a156b89d6 100644 --- a/pkg/cluster/k8sres.go +++ b/pkg/cluster/k8sres.go @@ -358,8 +358,8 @@ func generateSpiloContainer( resourceRequirements *v1.ResourceRequirements, envVars []v1.EnvVar, volumeMounts []v1.VolumeMount, + privilegedMode bool, ) *v1.Container { - privilegedMode := true return &v1.Container{ Name: name, Image: *dockerImage, @@ -797,6 +797,7 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*v1beta1.State resourceRequirements, spiloEnvVars, volumeMounts, + c.OpConfig.Resources.SpiloPrivileged, ) // resolve conflicts between operator-global and per-cluster sidecars diff --git a/pkg/controller/operator_config.go b/pkg/controller/operator_config.go index bca0f5b34..ea7ac1b3f 100644 --- a/pkg/controller/operator_config.go +++ b/pkg/controller/operator_config.go @@ -41,6 +41,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.PodServiceAccountRoleBindingDefinition = fromCRD.Kubernetes.PodServiceAccountRoleBindingDefinition result.PodEnvironmentConfigMap = fromCRD.Kubernetes.PodEnvironmentConfigMap result.PodTerminateGracePeriod = time.Duration(fromCRD.Kubernetes.PodTerminateGracePeriod) + result.SpiloPrivileged = fromCRD.Kubernetes.SpiloPrivileged result.WatchedNamespace = fromCRD.Kubernetes.WatchedNamespace result.PDBNameFormat = fromCRD.Kubernetes.PDBNameFormat result.SecretNameTemplate = fromCRD.Kubernetes.SecretNameTemplate diff --git a/pkg/util/config/config.go b/pkg/util/config/config.go index b52c57873..b2374e042 100644 --- a/pkg/util/config/config.go +++ b/pkg/util/config/config.go @@ -26,6 +26,7 @@ type Resources struct { PodDeletionWaitTimeout time.Duration `name:"pod_deletion_wait_timeout" default:"10m"` PodTerminateGracePeriod time.Duration `name:"pod_terminate_grace_period" default:"5m"` PodPriorityClassName string `name:"pod_priority_class_name"` + SpiloPrivileged bool `name:"spilo_privileged" default:"false"` ClusterLabels map[string]string `name:"cluster_labels" default:"application:spilo"` InheritedLabels []string `name:"inherited_labels" default:""` ClusterNameLabel string `name:"cluster_name_label" default:"cluster-name"` From 67b2fc40c027b0674bd77d9b1a5039b918839f17 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Thu, 4 Apr 2019 19:55:00 +0200 Subject: [PATCH 4/7] update db connection part in user docs (#536) --- docs/user.md | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/user.md b/docs/user.md index a0569fe2b..bab09f8c9 100644 --- a/docs/user.md +++ b/docs/user.md @@ -43,13 +43,25 @@ $ kubectl get pods -w --show-labels ## Connect to PostgreSQL -We can use the generated secret of the `postgres` robot user to connect to our `acid-minimal-cluster` master running in Minikube: +With a `port-forward` on one of the database pods (e.g. the master) you can +connect to the PostgreSQL database. Use labels to filter for the master pod of +our test cluster. + +```bash +# get name of master pod of acid-minimal-cluster +export PGMASTER=$(kubectl get pods -o jsonpath={.items..metadata.name} -l application=spilo,version=acid-minimal-cluster,spilo-role=master) + +# set up port forward +kubectl port-forward $PGMASTER 6432:5432 +``` + +Open another CLI and connect to the database. Use the generated secret of the +`postgres` robot user to connect to our `acid-minimal-cluster` master running +in Minikube: ```bash -$ export PGHOST=db_host -$ export PGPORT=db_port $ export PGPASSWORD=$(kubectl get secret postgres.acid-minimal-cluster.credentials -o 'jsonpath={.data.password}' | base64 -d) -$ psql -U postgres +$ psql -U postgres -p 6432 ``` # Defining database roles in the operator From 433bd8f500d126548bc5f176ac72647ce3f855ca Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Tue, 9 Apr 2019 11:23:07 +0200 Subject: [PATCH 5/7] Add paragraph on how to extend operator configuration in dev docs (#538) * add paragraph on how to extend operator configuration in dev docs --- docs/developer.md | 80 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 65 insertions(+), 15 deletions(-) diff --git a/docs/developer.md b/docs/developer.md index 294d06ebf..a18ac3323 100644 --- a/docs/developer.md +++ b/docs/developer.md @@ -10,7 +10,8 @@ After the installation, issue $ minikube start ``` -Note: if you are running on a Mac, you may also use Docker for Mac Kubernetes instead of a docker-machine. +Note: if you are running on a Mac, you may also use Docker for Mac Kubernetes +instead of a docker-machine. Once you have it started successfully, use [the quickstart guide](https://github.com/kubernetes/minikube#quickstart) in order to test your @@ -79,7 +80,8 @@ cluster. ## Connect to PostgreSQL -We can use the generated secret of the `postgres` robot user to connect to our `acid-minimal-cluster` master running in Minikube: +We can use the generated secret of the `postgres` robot user to connect to our +`acid-minimal-cluster` master running in Minikube: ```bash $ export HOST_PORT=$(minikube service acid-minimal-cluster --url | sed 's,.*/,,') @@ -166,8 +168,15 @@ minikube. The following steps will get you the docker image built and deployed. # Code generation -The operator employs k8s-provided code generation to obtain deep copy methods and Kubernetes-like APIs for its custom resource definitons, namely the Postgres CRD and the operator CRD. The usage of the code generation follows conventions from the k8s community. Relevant scripts live in the `hack` directory: the `update-codegen.sh` triggers code generation for the APIs defined in `pkg/apis/acid.zalan.do/`, -the `verify-codegen.sh` checks if the generated code is up-to-date (to be used within CI). The `/pkg/generated/` contains the resultant code. To make these scripts work, you may need to `export GOPATH=$(go env GOPATH)` +The operator employs k8s-provided code generation to obtain deep copy methods +and Kubernetes-like APIs for its custom resource definitons, namely the Postgres +CRD and the operator CRD. The usage of the code generation follows conventions +from the k8s community. Relevant scripts live in the `hack` directory: +* `update-codegen.sh` triggers code generation for the APIs defined in `pkg/apis/acid.zalan.do/`, +* `verify-codegen.sh` checks if the generated code is up-to-date (to be used within CI). + +The `/pkg/generated/` contains the resultant code. To make these scripts work, +you may need to `export GOPATH=$(go env GOPATH)` References for code generation are: * [Relevant pull request](https://github.com/zalando/postgres-operator/pull/369) @@ -176,7 +185,12 @@ See comments there for minor issues that can sometimes broke the generation proc * [Code Generation for CustomResources](https://blog.openshift.com/kubernetes-deep-dive-code-generation-customresources/) - intro post on the topic * Code generation in [Prometheus](https://github.com/coreos/prometheus-operator) and [etcd](https://github.com/coreos/etcd-operator) operators -To debug the generated API locally, use the [kubectl proxy](https://kubernetes.io/docs/tasks/access-kubernetes-api/http-proxy-access-api/) and `kubectl --v=8` log level to display contents of HTTP requests (run the operator itself with `--v=8` to log all REST API requests). To attach a debugger to the operator, use the `-outofcluster` option to run the operator locally on the developer's laptop (and not in a docker container). +To debug the generated API locally, use the +[kubectl proxy](https://kubernetes.io/docs/tasks/access-kubernetes-api/http-proxy-access-api/) +and `kubectl --v=8` log level to display contents of HTTP requests (run the +operator itself with `--v=8` to log all REST API requests). To attach a debugger +to the operator, use the `-outofcluster` option to run the operator locally on +the developer's laptop (and not in a docker container). # Debugging the operator @@ -201,15 +215,15 @@ defaults to 4) * /workers/$id/logs - log of the operations performed by a given worker * /clusters/ - list of teams and clusters known to the operator * /clusters/$team - list of clusters for the given team -* /clusters/$team/$namespace/$clustername - detailed status of the cluster, including the - specifications for CRD, master and replica services, endpoints and - statefulsets, as well as any errors and the worker that cluster is assigned - to. -* /clusters/$team/$namespace/$clustername/logs/ - logs of all operations performed to the - cluster so far. -* /clusters/$team/$namespace/$clustername/history/ - history of cluster changes triggered - by the changes of the manifest (shows the somewhat obscure diff and what - exactly has triggered the change) +* /clusters/$team/$namespace/$clustername - detailed status of the cluster, + including the specifications for CRD, master and replica services, endpoints + and statefulsets, as well as any errors and the worker that cluster is + assigned to. +* /clusters/$team/$namespace/$clustername/logs/ - logs of all operations + performed to the cluster so far. +* /clusters/$team/$namespace/$clustername/history/ - history of cluster changes + triggered by the changes of the manifest (shows the somewhat obscure diff and + what exactly has triggered the change) The operator also supports pprof endpoints listed at the [pprof package](https://golang.org/pkg/net/http/pprof/), such as: @@ -290,10 +304,46 @@ PASS ``` To test the multinamespace setup, you can use + ``` ./run_operator_locally.sh --rebuild-operator ``` -It will automatically create an `acid-minimal-cluster` in the namespace `test`. Then you can for example check the Patroni logs: +It will automatically create an `acid-minimal-cluster` in the namespace `test`. +Then you can for example check the Patroni logs: + ``` kubectl logs acid-minimal-cluster-0 ``` + +## Introduce additional configuration parameters + +In the case you want to add functionality to the operator that shall be +controlled via the operator configuration there are a few places that need to +be updated. As explained [here](reference/operator_parameters.md), it's possible +to configure the operator either with a ConfigMap or CRD, but currently we aim +to synchronize parameters everywhere. + +Note: If one option is defined in the operator configuration and in the cluster +[manifest](../manifests/complete-postgres-manifest.yaml), the latter takes +precedence. + +So, first define the parameters in: +* the [ConfigMap](../manifests/configmap.yaml) manifest +* the CR's [default configuration](../manifests/postgresql-operator-default-configuration.yaml) +* the Helm chart [values](../charts/postgres-operator/values.yaml) + +Update the following Go files that obtain the configuration parameter from the +manifest files: +* [operator_configuration_type.go](../pkg/apis/acid.zalan.do/v1/operator_configuration_type.go) +* [operator_config.go](../pkg/controller/operator_config.go) +* [config.go](../pkg/util/config/config.go) + +The operator behavior has to be implemented at least in [k8sres.go](../pkg/cluster/k8sres.go). +Please, reflect your changes in tests, for example in: +* [config_test.go](../pkg/util/config/config_test.go) +* [k8sres_test.go](../pkg/cluster/k8sres_test.go) +* [util_test.go](../pkg/apis/acid.zalan.do/v1/util_test.go) + +Finally, document the new configuration option(s) for the operator in its +[reference](reference/operator_parameters.md) document and explain the feature +in the [administrator docs](administrator.md). From 32f106990aac8c01b1d1bda033769377615d4641 Mon Sep 17 00:00:00 2001 From: Sergey Dudoladov Date: Mon, 15 Apr 2019 11:52:07 +0200 Subject: [PATCH 6/7] Fix build (#542) * bump up golang version * gcc fix --- .travis.yml | 2 +- delivery.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4901e45ff..0fd48a9ca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,7 @@ branches: language: go go: - - "1.10.x" + - "1.12.x" before_install: - go get github.com/Masterminds/glide diff --git a/delivery.yaml b/delivery.yaml index de043a20d..1866486f8 100644 --- a/delivery.yaml +++ b/delivery.yaml @@ -11,11 +11,11 @@ pipeline: apt-get update - desc: 'Install required build software' cmd: | - apt-get install -y make git apt-transport-https ca-certificates curl + apt-get install -y make git apt-transport-https ca-certificates curl build-essential - desc: 'Install go' cmd: | cd /tmp - wget -q https://storage.googleapis.com/golang/go1.9.linux-amd64.tar.gz -O go.tar.gz + wget -q https://storage.googleapis.com/golang/go1.12.linux-amd64.tar.gz -O go.tar.gz tar -xf go.tar.gz mv go /usr/local ln -s /usr/local/go/bin/go /usr/bin/go From c1d108a8321190559e4280b440ffe448339f656f Mon Sep 17 00:00:00 2001 From: Sergey Dudoladov Date: Mon, 15 Apr 2019 13:52:38 +0200 Subject: [PATCH 7/7] Fix CRD-based operator configuration (#541) * Fix CRD-based operator configuration * add inherited labels, update docker image --- charts/postgres-operator/values.yaml | 7 +++++-- manifests/configmap.yaml | 3 ++- manifests/postgresql-operator-default-configuration.yaml | 3 +++ pkg/apis/acid.zalan.do/v1/operator_configuration_type.go | 5 +++-- pkg/controller/operator_config.go | 1 + 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index 1f3397bad..21813fbe9 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -21,7 +21,7 @@ config: debug_logging: "true" workers: "4" - docker_image: registry.opensource.zalan.do/acid/spilo-cdp-10:1.5-p35 + docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p70 secret_name_template: '{username}.{cluster}.credentials' super_username: postgres enable_teams_api: "false" @@ -37,6 +37,7 @@ config: # pam_role_name: zalandos # pam_configuration: | # https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees + # inherited_labels: "" aws_region: eu-central-1 db_hosted_zone: db.example.com master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}' @@ -58,7 +59,9 @@ config: resource_check_interval: 3s resource_check_timeout: 10m resync_period: 5m - + pod_management_policy: "ordered_ready" + enable_pod_antiaffinity: "false" + pod_antiaffinity_topology_key: "kubernetes.io/hostname" rbac: # Specifies whether RBAC resources should be created create: true diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml index 9b951e582..17830c41f 100644 --- a/manifests/configmap.yaml +++ b/manifests/configmap.yaml @@ -10,7 +10,7 @@ data: debug_logging: "true" workers: "4" - docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p4 + docker_image: registry.opensource.zalan.do/acid/spilo-cdp-11:1.5-p70 pod_service_account_name: "zalando-postgres-operator" secret_name_template: '{username}.{cluster}.credentials' super_username: postgres @@ -30,6 +30,7 @@ data: # pam_role_name: zalandos # pam_configuration: | # https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees + # inherited_labels: "" aws_region: eu-central-1 db_hosted_zone: db.example.com master_dns_name_format: '{cluster}.{team}.staging.{hostedzone}' diff --git a/manifests/postgresql-operator-default-configuration.yaml b/manifests/postgresql-operator-default-configuration.yaml index ef88fdd25..5ea5ba87c 100644 --- a/manifests/postgresql-operator-default-configuration.yaml +++ b/manifests/postgresql-operator-default-configuration.yaml @@ -35,6 +35,9 @@ configuration: # toleration: {} # infrastructure_roles_secret_name: "" # pod_environment_configmap: "" + pod_management_policy: "ordered_ready" + enable_pod_antiaffinity: "false" + pod_antiaffinity_topology_key: "kubernetes.io/hostname" postgres_pod_resources: default_cpu_request: 100m default_memory_request: 100Mi diff --git a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go index a13575de2..d4ea04e15 100644 --- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go +++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go @@ -62,8 +62,9 @@ type KubernetesMetaConfiguration struct { PodEnvironmentConfigMap string `json:"pod_environment_configmap,omitempty"` PodPriorityClassName string `json:"pod_priority_class_name,omitempty"` MasterPodMoveTimeout time.Duration `json:"master_pod_move_timeout,omitempty"` - EnablePodAntiAffinity bool `json:"enable_pod_antiaffinity" default:"false"` - PodAntiAffinityTopologyKey string `name:"pod_antiaffinity_topology_key" default:"kubernetes.io/hostname"` + EnablePodAntiAffinity bool `json:"enable_pod_antiaffinity,omitempty"` + PodAntiAffinityTopologyKey string `json:"pod_antiaffinity_topology_key,omitempty"` + PodManagementPolicy string `json:"pod_management_policy,omitempty"` } // PostgresPodResourcesDefaults defines the spec of default resources diff --git a/pkg/controller/operator_config.go b/pkg/controller/operator_config.go index ea7ac1b3f..bb4f89918 100644 --- a/pkg/controller/operator_config.go +++ b/pkg/controller/operator_config.go @@ -53,6 +53,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.ClusterNameLabel = fromCRD.Kubernetes.ClusterNameLabel result.NodeReadinessLabel = fromCRD.Kubernetes.NodeReadinessLabel result.PodPriorityClassName = fromCRD.Kubernetes.PodPriorityClassName + result.PodManagementPolicy = fromCRD.Kubernetes.PodManagementPolicy result.MasterPodMoveTimeout = fromCRD.Kubernetes.MasterPodMoveTimeout result.EnablePodAntiAffinity = fromCRD.Kubernetes.EnablePodAntiAffinity