some final polishing and fixing
This commit is contained in:
Felix Kunde
parent
59fa76110c
commit
c00d44d499
|
|
@ -118,10 +118,9 @@ spec:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
node_readiness_label:
|
node_readiness_label:
|
||||||
type: array
|
type: object
|
||||||
items:
|
additionalProperties:
|
||||||
type: string
|
type: string
|
||||||
nullable: true
|
|
||||||
oauth_token_secret_name:
|
oauth_token_secret_name:
|
||||||
type: string
|
type: string
|
||||||
pdb_name_format:
|
pdb_name_format:
|
||||||
|
|
|
||||||
|
|
@ -79,7 +79,8 @@ configKubernetes:
|
||||||
# master_pod_move_timeout: 20m
|
# master_pod_move_timeout: 20m
|
||||||
|
|
||||||
# set of labels that a running and active node should possess to be considered ready
|
# set of labels that a running and active node should possess to be considered ready
|
||||||
# node_readiness_label: ""
|
# node_readiness_label:
|
||||||
|
# status: ready
|
||||||
|
|
||||||
# name of the secret containing the OAuth2 token to pass to the teams API
|
# name of the secret containing the OAuth2 token to pass to the teams API
|
||||||
# oauth_token_secret_name: postgresql-operator
|
# oauth_token_secret_name: postgresql-operator
|
||||||
|
|
@ -189,20 +190,20 @@ configAwsOrGcp:
|
||||||
|
|
||||||
# configure K8s cron job managed by the operator
|
# configure K8s cron job managed by the operator
|
||||||
configLogicalBackup:
|
configLogicalBackup:
|
||||||
# backup schedule in the cron format
|
|
||||||
logical_backup_schedule: "30 00 * * *"
|
|
||||||
# image for pods of the logical backup job (example runs pg_dumpall)
|
# image for pods of the logical backup job (example runs pg_dumpall)
|
||||||
logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
|
logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
|
||||||
# S3 bucket to store backup results
|
|
||||||
logical_backup_s3_bucket: "my-bucket-url"
|
|
||||||
# S3 server side encription to use
|
|
||||||
logical_backup_s3_sse: "AES256"
|
|
||||||
# S3 endpoint url when not using AWS
|
|
||||||
logical_backup_s3_endpoint: ""
|
|
||||||
# S3 Access Key ID
|
# S3 Access Key ID
|
||||||
logical_backup_s3_access_key_id: ""
|
logical_backup_s3_access_key_id: ""
|
||||||
|
# S3 bucket to store backup results
|
||||||
|
logical_backup_s3_bucket: "my-bucket-url"
|
||||||
|
# S3 endpoint url when not using AWS
|
||||||
|
logical_backup_s3_endpoint: ""
|
||||||
# S3 Secret Access Key
|
# S3 Secret Access Key
|
||||||
logical_backup_s3_secret_access_key: ""
|
logical_backup_s3_secret_access_key: ""
|
||||||
|
# S3 server side encription
|
||||||
|
logical_backup_s3_sse: "AES256"
|
||||||
|
# backup schedule in the cron format
|
||||||
|
logical_backup_schedule: "30 00 * * *"
|
||||||
|
|
||||||
# automate creation of human users with teams API service
|
# automate creation of human users with teams API service
|
||||||
configTeamsApi:
|
configTeamsApi:
|
||||||
|
|
@ -219,7 +220,8 @@ configTeamsApi:
|
||||||
# operator will add all team member roles to this group and add a pg_hba line
|
# operator will add all team member roles to this group and add a pg_hba line
|
||||||
pam_role_name: zalandos
|
pam_role_name: zalandos
|
||||||
# List of teams which members need the superuser role in each Postgres cluster
|
# List of teams which members need the superuser role in each Postgres cluster
|
||||||
# postgres_superuser_teams: "postgres_superusers"
|
# postgres_superuser_teams:
|
||||||
|
# - postgres_superusers
|
||||||
|
|
||||||
# List of roles that cannot be overwritten by an application, team or infrastructure role
|
# List of roles that cannot be overwritten by an application, team or infrastructure role
|
||||||
protected_role_names:
|
protected_role_names:
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,7 @@ data:
|
||||||
# logical_backup_s3_secret_access_key: ""
|
# logical_backup_s3_secret_access_key: ""
|
||||||
# logical_backup_s3_sse: "AES256"
|
# logical_backup_s3_sse: "AES256"
|
||||||
# logical_backup_schedule: "30 00 * * *"
|
# logical_backup_schedule: "30 00 * * *"
|
||||||
master_dns_name_format: "{cluster}.{team}.staging.{hostedzone}"
|
master_dns_name_format: "{cluster}.{team}.{hostedzone}"
|
||||||
# master_pod_move_timeout: 10m
|
# master_pod_move_timeout: 10m
|
||||||
# max_instances: "-1"
|
# max_instances: "-1"
|
||||||
# min_instances: "-1"
|
# min_instances: "-1"
|
||||||
|
|
@ -65,11 +65,11 @@ data:
|
||||||
ready_wait_interval: 3s
|
ready_wait_interval: 3s
|
||||||
ready_wait_timeout: 30s
|
ready_wait_timeout: 30s
|
||||||
repair_period: 5m
|
repair_period: 5m
|
||||||
replica_dns_name_format: "{cluster}-repl.{team}.staging.{hostedzone}"
|
replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}"
|
||||||
replication_username: standby
|
replication_username: standby
|
||||||
resource_check_interval: 3s
|
resource_check_interval: 3s
|
||||||
resource_check_timeout: 10m
|
resource_check_timeout: 10m
|
||||||
resync_period: 5m
|
resync_period: 30m
|
||||||
ring_log_lines: "100"
|
ring_log_lines: "100"
|
||||||
secret_name_template: "{username}.{cluster}.credentials"
|
secret_name_template: "{username}.{cluster}.credentials"
|
||||||
# sidecar_docker_images: ""
|
# sidecar_docker_images: ""
|
||||||
|
|
|
||||||
|
|
@ -94,10 +94,9 @@ spec:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
node_readiness_label:
|
node_readiness_label:
|
||||||
type: array
|
type: object
|
||||||
items:
|
additionalProperties:
|
||||||
type: string
|
type: string
|
||||||
nullable: true
|
|
||||||
oauth_token_secret_name:
|
oauth_token_secret_name:
|
||||||
type: string
|
type: string
|
||||||
pdb_name_format:
|
pdb_name_format:
|
||||||
|
|
|
||||||
|
|
@ -28,25 +28,25 @@ configuration:
|
||||||
# keyb: valueb
|
# keyb: valueb
|
||||||
enable_pod_antiaffinity: false
|
enable_pod_antiaffinity: false
|
||||||
enable_pod_disruption_budget: true
|
enable_pod_disruption_budget: true
|
||||||
# infrastructure_roles_secret_name: postgresql-operator
|
# infrastructure_roles_secret_name: postgresql-infrastructure-roles
|
||||||
# inherited_labels:
|
# inherited_labels:
|
||||||
# - application
|
# - application
|
||||||
# - environment
|
# - environment
|
||||||
# node_readiness_label:
|
node_readiness_label:
|
||||||
# - status:ready
|
status: ready
|
||||||
oauth_token_secret_name: postgresql-operator
|
oauth_token_secret_name: postgresql-operator
|
||||||
pdb_name_format: "postgres-{cluster}-pdb"
|
pdb_name_format: "postgres-{cluster}-pdb"
|
||||||
pod_antiaffinity_topology_key: "kubernetes.io/hostname"
|
pod_antiaffinity_topology_key: "kubernetes.io/hostname"
|
||||||
pod_environment_configmap: ""
|
# pod_environment_configmap: ""
|
||||||
pod_management_policy: "ordered_ready"
|
pod_management_policy: "ordered_ready"
|
||||||
pod_role_label: spilo-role
|
pod_role_label: spilo-role
|
||||||
pod_service_account_name: operator
|
pod_service_account_name: zalando-postgres-operator
|
||||||
pod_terminate_grace_period: 5m
|
pod_terminate_grace_period: 5m
|
||||||
secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
|
secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
|
||||||
# spilo_fsgroup: 103
|
# spilo_fsgroup: 103
|
||||||
spilo_privileged: false
|
spilo_privileged: false
|
||||||
toleration: {}
|
# toleration: {}
|
||||||
watched_namespace: ""
|
# watched_namespace: ""
|
||||||
postgres_pod_resources:
|
postgres_pod_resources:
|
||||||
default_cpu_limit: "3"
|
default_cpu_limit: "3"
|
||||||
default_cpu_request: 100m
|
default_cpu_request: 100m
|
||||||
|
|
@ -60,7 +60,7 @@ configuration:
|
||||||
resource_check_interval: 3s
|
resource_check_interval: 3s
|
||||||
resource_check_timeout: 10m
|
resource_check_timeout: 10m
|
||||||
load_balancer:
|
load_balancer:
|
||||||
db_hosted_zone: ""
|
# db_hosted_zone: ""
|
||||||
enable_master_load_balancer: false
|
enable_master_load_balancer: false
|
||||||
enable_replica_load_balancer: false
|
enable_replica_load_balancer: false
|
||||||
# custom_service_annotations:
|
# custom_service_annotations:
|
||||||
|
|
@ -72,9 +72,9 @@ configuration:
|
||||||
# additional_secret_mount: "some-secret-name"
|
# additional_secret_mount: "some-secret-name"
|
||||||
# additional_secret_mount_path: "/some/dir"
|
# additional_secret_mount_path: "/some/dir"
|
||||||
aws_region: eu-central-1
|
aws_region: eu-central-1
|
||||||
kube_iam_role: ""
|
# kube_iam_role: ""
|
||||||
log_s3_bucket: ""
|
# log_s3_bucket: ""
|
||||||
wal_s3_bucket: ""
|
# wal_s3_bucket: ""
|
||||||
logical_backup:
|
logical_backup:
|
||||||
logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
|
logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
|
||||||
logical_backup_s3_access_key_id: ""
|
logical_backup_s3_access_key_id: ""
|
||||||
|
|
@ -90,12 +90,12 @@ configuration:
|
||||||
# enable_admin_role_for_users: true
|
# enable_admin_role_for_users: true
|
||||||
enable_team_superuser: false
|
enable_team_superuser: false
|
||||||
enable_teams_api: false
|
enable_teams_api: false
|
||||||
pam_configuration: ""
|
# pam_configuration: ""
|
||||||
pam_role_name: zalandos
|
pam_role_name: zalandos
|
||||||
# postgres_superuser_teams:
|
# postgres_superuser_teams:
|
||||||
# - postgres_superusers
|
# - postgres_superusers
|
||||||
protected_role_names:
|
protected_role_names:
|
||||||
- admin
|
- admin
|
||||||
team_admin_role: admin
|
team_admin_role: admin
|
||||||
team_api_role_configuration:
|
team_api_role_configuration:
|
||||||
log_statement: all
|
log_statement: all
|
||||||
|
|
|
||||||
|
|
@ -704,9 +704,8 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"node_readiness_label": {
|
"node_readiness_label": {
|
||||||
Type: "array",
|
Type: "object",
|
||||||
Nullable: true,
|
AdditionalProperties: &apiextv1beta1.JSONSchemaPropsOrBool{
|
||||||
Items: &apiextv1beta1.JSONSchemaPropsOrArray{
|
|
||||||
Schema: &apiextv1beta1.JSONSchemaProps{
|
Schema: &apiextv1beta1.JSONSchemaProps{
|
||||||
Type: "string",
|
Type: "string",
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue