bump version to 1.4.0 + some polishing

charts/postgres-operator-ui/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: postgres-operator-ui
-version: 0.1.0
+version: 1.3.0
 appVersion: 1.3.0
 home: https://github.com/zalando/postgres-operator
 description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience

charts/postgres-operator-ui/index.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+entries:
+  postgres-operator-ui:
+  - apiVersion: v1
+    appVersion: 1.3.0
+    created: "2020-02-20T17:23:07.003929681+01:00"
+    description: Postgres Operator UI provides a graphical interface for a convenient
+      database-as-a-service user experience
+    digest: 1fe8d9323e80b6bcf51f88342fccb49a09466a0dcf27bd089dd3707f3c1d5bbd
+    home: https://github.com/zalando/postgres-operator
+    keywords:
+    - postgres
+    - operator
+    - ui
+    - cloud-native
+    - patroni
+    - spilo
+    maintainers:
+    - email: opensource@zalando.de
+      name: Zalando
+    - email: sk@sik-net.de
+      name: siku4
+    name: postgres-operator-ui
+    sources:
+    - https://github.com/zalando/postgres-operator
+    urls:
+    - postgres-operator-ui-1.3.0.tgz
+    version: 1.3.0
+generated: "2020-02-20T17:23:07.002847456+01:00"

charts/postgres-operator-ui/values.yaml

@@ -8,7 +8,7 @@ replicaCount: 1
 image:
   registry: registry.opensource.zalan.do
   repository: acid/postgres-operator-ui
-  tag: v1.2.0
+  tag: v1.3.0
   pullPolicy: "IfNotPresent"
 
 rbac:

charts/postgres-operator/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: postgres-operator
-version: 1.3.0
+version: 1.4.0
-appVersion: 1.3.0
+appVersion: 1.4.0
 home: https://github.com/zalando/postgres-operator
 description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes
 keywords:

charts/postgres-operator/index.yaml

@@ -1,9 +1,31 @@
 apiVersion: v1
 entries:
   postgres-operator:
+  - apiVersion: v1
+    appVersion: 1.4.0
+    created: "2020-02-20T17:39:25.443276193+01:00"
+    description: Postgres Operator creates and manages PostgreSQL clusters running
+      in Kubernetes
+    digest: b93ccde5581deb8ed0857136b8ce74ca3f1b7240438fa4415f705764a1300bed
+    home: https://github.com/zalando/postgres-operator
+    keywords:
+    - postgres
+    - operator
+    - cloud-native
+    - patroni
+    - spilo
+    maintainers:
+    - email: opensource@zalando.de
+      name: Zalando
+    name: postgres-operator
+    sources:
+    - https://github.com/zalando/postgres-operator
+    urls:
+    - postgres-operator-1.4.0.tgz
+    version: 1.4.0
   - apiVersion: v1
     appVersion: 1.3.0
-    created: "2019-12-17T12:58:49.477140129+01:00"
+    created: "2020-02-20T17:39:25.441532163+01:00"
     description: Postgres Operator creates and manages PostgreSQL clusters running
       in Kubernetes
     digest: 7e788fd37daec76a01f6d6f9fe5be5b54f5035e4eba0041e80a760d656537325
@@ -25,7 +47,7 @@ entries:
     version: 1.3.0
   - apiVersion: v1
     appVersion: 1.2.0
-    created: "2019-12-17T12:58:49.475844233+01:00"
+    created: "2020-02-20T17:39:25.440278302+01:00"
     description: Postgres Operator creates and manages PostgreSQL clusters running
       in Kubernetes
     digest: d10710c7cf19f4e266e7704f5d1e98dcfc61bee3919522326c35c22ca7d2f2bf
@@ -47,4 +69,4 @@ entries:
     urls:
     - postgres-operator-1.2.0.tgz
     version: 1.2.0
-generated: "2019-12-17T12:58:49.474719294+01:00"
+generated: "2020-02-20T17:39:25.439168098+01:00"

charts/postgres-operator/templates/clusterrole.yaml

@@ -63,9 +63,9 @@ rules:
   - secrets
   verbs:
   - create
-  - update
   - delete
   - get
+  - update
 # to check nodes for node readiness label
 - apiGroups:
   - ""
@@ -102,9 +102,9 @@ rules:
   - delete
   - get
   - list
-  - watch
-  - update
   - patch
+  - update
+  - watch
 # to resize the filesystem in Spilo pods when increasing volume size
 - apiGroups:
   - ""

charts/postgres-operator/values-crd.yaml

@@ -1,7 +1,7 @@
 image:
   registry: registry.opensource.zalan.do
   repository: acid/postgres-operator
-  tag: v1.3.1
+  tag: v1.4.0
   pullPolicy: "IfNotPresent"
 
 # Optionally specify an array of imagePullSecrets.
@@ -100,8 +100,14 @@ configKubernetes:
   pod_management_policy: "ordered_ready"
   # label assigned to the Postgres pods (and services/endpoints)
   pod_role_label: spilo-role
+  # service account definition as JSON/YAML string to be used by postgres cluster pods
+  # pod_service_account_definition: ""
+
   # name of service account to be used by postgres cluster pods
   pod_service_account_name: "postgres-pod"
+  # role binding definition as JSON/YAML string to be used by pod service account
+  # pod_service_account_role_binding_definition: ""
+
   # Postgres pods are terminated forcefully after this timeout
   pod_terminate_grace_period: 5m
   # template for database user secrets generated by the operator

charts/postgres-operator/values.yaml

@@ -1,7 +1,7 @@
 image:
   registry: registry.opensource.zalan.do
   repository: acid/postgres-operator
-  tag: v1.3.1
+  tag: v1.4.0
   pullPolicy: "IfNotPresent"
 
 # Optionally specify an array of imagePullSecrets.
@@ -93,8 +93,14 @@ configKubernetes:
   pod_management_policy: "ordered_ready"
   # label assigned to the Postgres pods (and services/endpoints)
   pod_role_label: spilo-role
+  # service account definition as JSON/YAML string to be used by postgres cluster pods
+  # pod_service_account_definition: ""
+
   # name of service account to be used by postgres cluster pods
   pod_service_account_name: "postgres-pod"
+  # role binding definition as JSON/YAML string to be used by pod service account
+  # pod_service_account_role_binding_definition: ""
+
   # Postgres pods are terminated forcefully after this timeout
   pod_terminate_grace_period: 5m
   # template for database user secrets generated by the operator

manifests/configmap.yaml

@@ -63,7 +63,9 @@ data:
   pod_label_wait_timeout: 10m
   pod_management_policy: "ordered_ready"
   pod_role_label: spilo-role
+  # pod_service_account_definition: ""
   pod_service_account_name: "postgres-pod"
+  # pod_service_account_role_binding_definition: ""
   pod_terminate_grace_period: 5m
   # postgres_superuser_teams: "postgres_superusers"
   # protected_role_names: "admin"

manifests/operator-service-account-rbac.yaml

@@ -64,9 +64,9 @@ rules:
   - secrets
   verbs:
   - create
-  - update
   - delete
   - get
+  - update
 # to check nodes for node readiness label
 - apiGroups:
   - ""
@@ -103,9 +103,9 @@ rules:
   - delete
   - get
   - list
-  - watch
-  - update
   - patch
+  - update
+  - watch
 # to resize the filesystem in Spilo pods when increasing volume size
 - apiGroups:
   - ""

manifests/postgres-operator.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: postgres-operator
       containers:
       - name: postgres-operator
-        image: registry.opensource.zalan.do/acid/postgres-operator:v1.3.1
+        image: registry.opensource.zalan.do/acid/postgres-operator:v1.4.0
         imagePullPolicy: IfNotPresent
         resources:
           requests:

pkg/controller/controller.go

@@ -224,7 +224,7 @@ func (c *Controller) initRoleBinding() {
 
 	switch {
 	case err != nil:
-		panic(fmt.Errorf("unable to parse the definition of the role binding for the pod service account definition from the operator configuration: %v", err))
+		panic(fmt.Errorf("unable to parse the role binding definition from the operator configuration: %v", err))
 	case groupVersionKind.Kind != "RoleBinding":
 		panic(fmt.Errorf("role binding definition in the operator configuration defines another type of resource: %v", groupVersionKind.Kind))
 	default:

pkg/controller/postgresql.go

@@ -505,11 +505,11 @@ func (c *Controller) submitRBACCredentials(event ClusterEvent) error {
 	namespace := event.NewSpec.GetNamespace()
 
 	if err := c.createPodServiceAccount(namespace); err != nil {
-		return fmt.Errorf("could not create pod service account %v : %v", c.opConfig.PodServiceAccountName, err)
+		return fmt.Errorf("could not create pod service account %q : %v", c.opConfig.PodServiceAccountName, err)
 	}
 
 	if err := c.createRoleBindings(namespace); err != nil {
-		return fmt.Errorf("could not create role binding %v : %v", c.PodServiceAccountRoleBinding.Name, err)
+		return fmt.Errorf("could not create role binding %q : %v", c.PodServiceAccountRoleBinding.Name, err)
 	}
 	return nil
 }
@@ -520,16 +520,16 @@ func (c *Controller) createPodServiceAccount(namespace string) error {
 	_, err := c.KubeClient.ServiceAccounts(namespace).Get(podServiceAccountName, metav1.GetOptions{})
 	if k8sutil.ResourceNotFound(err) {
 
-		c.logger.Infof(fmt.Sprintf("creating pod service account in the namespace %v", namespace))
+		c.logger.Infof(fmt.Sprintf("creating pod service account %q in the %q namespace", podServiceAccountName, namespace))
 
 		// get a separate copy of service account
 		// to prevent a race condition when setting a namespace for many clusters
 		sa := *c.PodServiceAccount
 		if _, err = c.KubeClient.ServiceAccounts(namespace).Create(&sa); err != nil {
-			return fmt.Errorf("cannot deploy the pod service account %v defined in the config map to the %v namespace: %v", podServiceAccountName, namespace, err)
+			return fmt.Errorf("cannot deploy the pod service account %q defined in the configuration to the %q namespace: %v", podServiceAccountName, namespace, err)
 		}
 
-		c.logger.Infof("successfully deployed the pod service account %v to the %v namespace", podServiceAccountName, namespace)
+		c.logger.Infof("successfully deployed the pod service account %q to the %q namespace", podServiceAccountName, namespace)
 	} else if k8sutil.ResourceAlreadyExists(err) {
 		return nil
 	}
@@ -545,14 +545,14 @@ func (c *Controller) createRoleBindings(namespace string) error {
 	_, err := c.KubeClient.RoleBindings(namespace).Get(podServiceAccountRoleBindingName, metav1.GetOptions{})
 	if k8sutil.ResourceNotFound(err) {
 
-		c.logger.Infof("Creating the role binding %v in the namespace %v", podServiceAccountRoleBindingName, namespace)
+		c.logger.Infof("Creating the role binding %q in the %q namespace", podServiceAccountRoleBindingName, namespace)
 
 		// get a separate copy of role binding
 		// to prevent a race condition when setting a namespace for many clusters
 		rb := *c.PodServiceAccountRoleBinding
 		_, err = c.KubeClient.RoleBindings(namespace).Create(&rb)
 		if err != nil {
-			return fmt.Errorf("cannot bind the pod service account %q defined in the config map to the cluster role in the %q namespace: %v", podServiceAccountName, namespace, err)
+			return fmt.Errorf("cannot bind the pod service account %q defined in the configuration to the cluster role in the %q namespace: %v", podServiceAccountName, namespace, err)
 		}
 
 		c.logger.Infof("successfully deployed the role binding for the pod service account %q to the %q namespace", podServiceAccountName, namespace)

pkg/util/config/config.go

@@ -91,12 +91,11 @@ type Config struct {
 	Scalyr
 	LogicalBackup
 
-	WatchedNamespace string            `name:"watched_namespace"`    // special values: "*" means 'watch all namespaces', the empty string "" means 'watch a namespace where operator is deployed to'
+	WatchedNamespace      string            `name:"watched_namespace"`    // special values: "*" means 'watch all namespaces', the empty string "" means 'watch a namespace where operator is deployed to'
-	EtcdHost         string            `name:"etcd_host" default:""` // special values: the empty string "" means Patroni will use K8s as a DCS
+	EtcdHost              string            `name:"etcd_host" default:""` // special values: the empty string "" means Patroni will use K8s as a DCS
-	DockerImage      string            `name:"docker_image" default:"registry.opensource.zalan.do/acid/spilo-12:1.6-p2"`
+	DockerImage           string            `name:"docker_image" default:"registry.opensource.zalan.do/acid/spilo-12:1.6-p2"`
-	Sidecars         map[string]string `name:"sidecar_docker_images"`
+	Sidecars              map[string]string `name:"sidecar_docker_images"`
-	// default name `operator` enables backward compatibility with the older ServiceAccountName field
+	PodServiceAccountName string            `name:"pod_service_account_name" default:"postgres-pod"`
-	PodServiceAccountName string `name:"pod_service_account_name" default:"postgres-pod"`
 	// value of this string must be valid JSON or YAML; see initPodServiceAccount
 	PodServiceAccountDefinition            string            `name:"pod_service_account_definition" default:""`
 	PodServiceAccountRoleBindingDefinition string            `name:"pod_service_account_role_binding_definition" default:""`