Change type of pod environment config map to NamespacedName (#870)

* allow PodEnvironmentConfigMap in other namespaces * update codegen * update docs and comments
2020-03-25 15:59:31 +01:00 · 2020-03-25 15:59:31 +01:00 · ba9cf68650
parent 9dfa433363
commit ba9cf68650
10 changed files with 73 additions and 64 deletions
--- a/charts/postgres-operator/values-crd.yaml
+++ b/charts/postgres-operator/values-crd.yaml
@ -71,7 +71,7 @@ configKubernetes:
  enable_pod_disruption_budget: true
  # enables sidecar containers to run alongside Spilo in the same pod
  enable_sidecars: true
-  # name of the secret containing infrastructure roles names and passwords
+  # namespaced name of the secret containing infrastructure roles names and passwords
  # infrastructure_roles_secret_name: postgresql-infrastructure-roles
  # list of labels that can be inherited from the cluster manifest
@ -86,15 +86,15 @@ configKubernetes:
  # node_readiness_label:
  #   status: ready
-  # name of the secret containing the OAuth2 token to pass to the teams API
+  # namespaced name of the secret containing the OAuth2 token to pass to the teams API
  # oauth_token_secret_name: postgresql-operator
  # defines the template for PDB (Pod Disruption Budget) names
  pdb_name_format: "postgres-{cluster}-pdb"
  # override topology key for pod anti affinity
  pod_antiaffinity_topology_key: "kubernetes.io/hostname"
-  # name of the ConfigMap with environment variables to populate on every pod
+  # namespaced name of the ConfigMap with environment variables to populate on every pod
-  # pod_environment_configmap: ""
+  # pod_environment_configmap: "default/my-custom-config"
  # specify the pod management policy of stateful sets of Postgres clusters
  pod_management_policy: "ordered_ready"
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@ -67,7 +67,7 @@ configKubernetes:
  enable_pod_disruption_budget: "true"
  # enables sidecar containers to run alongside Spilo in the same pod
  enable_sidecars: "true"
-  # name of the secret containing infrastructure roles names and passwords
+  # namespaced name of the secret containing infrastructure roles names and passwords
  # infrastructure_roles_secret_name: postgresql-infrastructure-roles
  # list of labels that can be inherited from the cluster manifest
@ -79,15 +79,15 @@ configKubernetes:
  # set of labels that a running and active node should possess to be considered ready
  # node_readiness_label: ""
-  # name of the secret containing the OAuth2 token to pass to the teams API
+  # namespaced name of the secret containing the OAuth2 token to pass to the teams API
  # oauth_token_secret_name: postgresql-operator
  # defines the template for PDB (Pod Disruption Budget) names
  pdb_name_format: "postgres-{cluster}-pdb"
  # override topology key for pod anti affinity
  pod_antiaffinity_topology_key: "kubernetes.io/hostname"
-  # name of the ConfigMap with environment variables to populate on every pod
+  # namespaced name of the ConfigMap with environment variables to populate on every pod
-  # pod_environment_configmap: ""
+  # pod_environment_configmap: "default/my-custom-config"
  # specify the pod management policy of stateful sets of Postgres clusters
  pod_management_policy: "ordered_ready"
--- a/docs/administrator.md
+++ b/docs/administrator.md
@ -321,11 +321,12 @@ spec:
 ## Custom Pod Environment Variables
 It is possible to configure a ConfigMap which is used by the Postgres pods as
-an additional provider for environment variables.
+an additional provider for environment variables. One use case is to customize
-
+the Spilo image and configure it with environment variables. The ConfigMap with
-One use case is to customize the Spilo image and configure it with environment
+the additional settings is referenced in the operator's main configuration.
-variables. The ConfigMap with the additional settings is configured in the
+A namespace can be specified along with the name. If left out, the configured
-operator's main ConfigMap:
+default namespace of your K8s client will be used and if the ConfigMap is not
 found there, the Postgres cluster's namespace is taken when different:
 **postgres-operator ConfigMap**
@ -336,7 +337,7 @@ metadata:
  name: postgres-operator
 data:
  # referencing config map with custom settings
-  pod_environment_configmap: postgres-pod-config
+  pod_environment_configmap: default/postgres-pod-config
 ```
 **OperatorConfiguration**
@ -349,7 +350,7 @@ metadata:
 configuration:
  kubernetes:
    # referencing config map with custom settings
-    pod_environment_configmap: postgres-pod-config
+    pod_environment_configmap: default/postgres-pod-config
 ```
 **referenced ConfigMap `postgres-pod-config`**
--- a/docs/reference/operator_parameters.md
+++ b/docs/reference/operator_parameters.md
@ -221,11 +221,12 @@ configuration they are grouped under the `kubernetes` key.
  to the Postgres clusters after creation.
 * **oauth_token_secret_name**
-  a name of the secret containing the `OAuth2` token to pass to the teams API.
+  namespaced name of the secret containing the `OAuth2` token to pass to the
-  The default is `postgresql-operator`.
+  teams API. The default is `postgresql-operator`.
 * **infrastructure_roles_secret_name**
-  name of the secret containing infrastructure roles names and passwords.
+  namespaced name of the secret containing infrastructure roles names and
  passwords.
 * **pod_role_label**
  name of the label assigned to the Postgres pods (and services/endpoints) by
@ -262,11 +263,11 @@ configuration they are grouped under the `kubernetes` key.
  for details on taints and tolerations. The default is empty.
 * **pod_environment_configmap**
-  a name of the ConfigMap with environment variables to populate on every pod.
+  namespaced name of the ConfigMap with environment variables to populate on
-  Right now this ConfigMap is searched in the namespace of the Postgres cluster.
+  every pod. Right now this ConfigMap is searched in the namespace of the
-  All variables from that ConfigMap are injected to the pod's environment, on
+  Postgres cluster. All variables from that ConfigMap are injected to the pod's
-  conflicts they are overridden by the environment variables generated by the
+  environment, on conflicts they are overridden by the environment variables
-  operator. The default is empty.
+  generated by the operator. The default is empty.
 * **pod_priority_class_name**
  a name of the [priority class](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass)
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@ -69,7 +69,7 @@ data:
  pdb_name_format: "postgres-{cluster}-pdb"
  # pod_antiaffinity_topology_key: "kubernetes.io/hostname"
  pod_deletion_wait_timeout: 10m
-  # pod_environment_configmap: ""
+  # pod_environment_configmap: "default/my-custom-config"
  pod_label_wait_timeout: 10m
  pod_management_policy: "ordered_ready"
  pod_role_label: spilo-role
--- a/manifests/postgresql-operator-default-configuration.yaml
+++ b/manifests/postgresql-operator-default-configuration.yaml
@ -40,7 +40,7 @@ configuration:
    oauth_token_secret_name: postgresql-operator
    pdb_name_format: "postgres-{cluster}-pdb"
    pod_antiaffinity_topology_key: "kubernetes.io/hostname"
-    # pod_environment_configmap: ""
+    # pod_environment_configmap: "default/my-custom-config"
    pod_management_policy: "ordered_ready"
    # pod_priority_class_name: ""
    pod_role_label: spilo-role
--- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
+++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
@ -66,8 +66,7 @@ type KubernetesMetaConfiguration struct {
 	CustomPodAnnotations                   map[string]string     `json:"custom_pod_annotations,omitempty"`
 	// TODO: use a proper toleration structure?
 	PodToleration              map[string]string   `json:"toleration,omitempty"`
-	// TODO: use namespacedname
+	PodEnvironmentConfigMap    spec.NamespacedName `json:"pod_environment_configmap,omitempty"`
 	PodEnvironmentConfigMap    string   `json:"pod_environment_configmap,omitempty"`
 	PodPriorityClassName       string              `json:"pod_priority_class_name,omitempty"`
 	MasterPodMoveTimeout       Duration            `json:"master_pod_move_timeout,omitempty"`
 	EnablePodAntiAffinity      bool                `json:"enable_pod_antiaffinity,omitempty"`
--- a/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
@ -179,6 +179,7 @@ func (in *KubernetesMetaConfiguration) DeepCopyInto(out *KubernetesMetaConfigura
 			(*out)[key] = val
 		}
 	}
 	out.PodEnvironmentConfigMap = in.PodEnvironmentConfigMap
 	return
 }
--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@ -18,6 +18,7 @@ import (
 	acidv1 "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
 	"github.com/zalando/postgres-operator/pkg/spec"
 	pkgspec "github.com/zalando/postgres-operator/pkg/spec"
 	"github.com/zalando/postgres-operator/pkg/util"
 	"github.com/zalando/postgres-operator/pkg/util/config"
 	"github.com/zalando/postgres-operator/pkg/util/constants"
@ -485,9 +486,9 @@ func generateSidecarContainers(sidecars []acidv1.Sidecar,
 // Check whether or not we're requested to mount an shm volume,
 // taking into account that PostgreSQL manifest has precedence.
-func mountShmVolumeNeeded(opConfig config.Config, pgSpec *acidv1.PostgresSpec) *bool {
+func mountShmVolumeNeeded(opConfig config.Config, spec *acidv1.PostgresSpec) *bool {
-	if pgSpec.ShmVolume != nil && *pgSpec.ShmVolume {
+	if spec.ShmVolume != nil && *spec.ShmVolume {
-		return pgSpec.ShmVolume
+		return spec.ShmVolume
 	}
 	return opConfig.ShmVolume
@ -911,12 +912,18 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
 	customPodEnvVarsList := make([]v1.EnvVar, 0)
-	if c.OpConfig.PodEnvironmentConfigMap != "" {
+	if c.OpConfig.PodEnvironmentConfigMap != (pkgspec.NamespacedName{}) {
 		var cm *v1.ConfigMap
-		cm, err = c.KubeClient.ConfigMaps(c.Namespace).Get(c.OpConfig.PodEnvironmentConfigMap, metav1.GetOptions{})
+		cm, err = c.KubeClient.ConfigMaps(c.OpConfig.PodEnvironmentConfigMap.Namespace).Get(c.OpConfig.PodEnvironmentConfigMap.Name, metav1.GetOptions{})
 		if err != nil {
 			// if not found, try again using the cluster's namespace if it's different (old behavior)
 			if k8sutil.ResourceNotFound(err) && c.Namespace != c.OpConfig.PodEnvironmentConfigMap.Namespace {
 				cm, err = c.KubeClient.ConfigMaps(c.Namespace).Get(c.OpConfig.PodEnvironmentConfigMap.Name, metav1.GetOptions{})
 			}
 			if err != nil {
 				return nil, fmt.Errorf("could not read PodEnvironmentConfigMap: %v", err)
 			}
 		}
 		for k, v := range cm.Data {
 			customPodEnvVarsList = append(customPodEnvVarsList, v1.EnvVar{Name: k, Value: v})
 		}
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@ -42,7 +42,7 @@ type Resources struct {
 	DefaultMemoryLimit      string              `name:"default_memory_limit" default:"500Mi"`
 	MinCPULimit             string              `name:"min_cpu_limit" default:"250m"`
 	MinMemoryLimit          string              `name:"min_memory_limit" default:"250Mi"`
-	PodEnvironmentConfigMap string            `name:"pod_environment_configmap" default:""`
+	PodEnvironmentConfigMap spec.NamespacedName `name:"pod_environment_configmap"`
 	NodeReadinessLabel      map[string]string   `name:"node_readiness_label" default:""`
 	MaxInstances            int32               `name:"max_instances" default:"-1"`
 	MinInstances            int32               `name:"min_instances" default:"-1"`