public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

some corrections

This commit is contained in:
Felix Kunde 2021-11-18 09:40:38 +01:00
parent 995ffe5297
commit b7537a7455
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/user.md
View File

@ -141,14 +141,18 @@ other roles.
To define the secrets for the users in a different namespace than that of the To define the secrets for the users in a different namespace than that of the
cluster, one can set `enable_cross_namespace_secret` and declare the namespace cluster, one can set `enable_cross_namespace_secret` and declare the namespace
for the secrets in the manifest in the following manner, for the secrets in the manifest in the following manner (note, that it has to
be reflected in the `database` section, too),
```yaml ```yaml
spec: spec:
users: users:
#users with secret in dfferent namespace # users with secret in different namespace
appspace.db_user: appspace.db_user:
- createdb - createdb
databases:
# namespace notation is part of user name
app_db: appspace.db_user
``` ```
Here, anything before the first dot is considered the namespace and the text after Here, anything before the first dot is considered the namespace and the text after
@ -554,7 +558,8 @@ schema creation. This means they are currently not set when `defaultUsers`
For all LOGIN roles the operator will create K8s secrets in the namespace For all LOGIN roles the operator will create K8s secrets in the namespace
specified in `secretNamespace`, if `enable_cross_namespace_secret` is set to specified in `secretNamespace`, if `enable_cross_namespace_secret` is set to
`true` in the config. Otherwise, they are created in the same namespace like `true` in the config. Otherwise, they are created in the same namespace like
the Postgres cluster. the Postgres cluster. Unlike roles specified with `namespace.username` under
`users`, the namespace will not be part of the role name here.
```yaml ```yaml
spec: spec:

3
pkg/cluster/cluster.go
View File

@ -1118,7 +1118,6 @@ func (c *Cluster) initDefaultRoles(defaultRoles map[string]string, admin, prefix
if secretNamespace != "" { if secretNamespace != "" {
if c.Config.OpConfig.EnableCrossNamespaceSecret { if c.Config.OpConfig.EnableCrossNamespaceSecret {
namespace = secretNamespace namespace = secretNamespace
c.logger.Warningf("enable_cross_namespace_secret is set. Hence username contains the respective namespace i.e. %s is the created user", prefix+defaultRole)
} else { } else {
c.logger.Warn("secretNamespace ignored because enable_cross_namespace_secret set to false. Creating secrets in cluster namespace.") c.logger.Warn("secretNamespace ignored because enable_cross_namespace_secret set to false. Creating secrets in cluster namespace.")
} }
@ -1177,7 +1176,7 @@ func (c *Cluster) initRobotUsers() error {
if strings.Contains(username, ".") { if strings.Contains(username, ".") {
splits := strings.Split(username, ".") splits := strings.Split(username, ".")
namespace = splits[0] namespace = splits[0]
c.logger.Warningf("enable_cross_namespace_secret is set. Hence username contains the respective namespace i.e. %s is the created user", username) c.logger.Warningf("enable_cross_namespace_secret is set. Database role name contains the respective namespace i.e. %s is the created user", username)
} }
} }