add toggle to disable creation of CRD validation and document it

2019-11-15 13:01:03 +01:00 · 2019-11-15 13:01:03 +01:00 · c4889a3c82
parent 9e222bf90c
commit c4889a3c82
16 changed files with 856 additions and 806 deletions
--- a/charts/postgres-operator/templates/customrresourcedefinition.yaml
+++ b/charts/postgres-operator/templates/customrresourcedefinition.yaml
@ -54,6 +54,7 @@ spec:
  scope: Namespaced
  subresources:
    status: {}
  version: v1
  validation:
    openAPIV3Schema:
      type: object
@ -364,7 +365,6 @@ spec:
                  type: string
                subPath:
                  type: string
  version: v1
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
@ -409,6 +409,7 @@ spec:
  scope: Namespaced
  subresources:
    status: {}
  version: v1
  validation:
    openAPIV3Schema:
      type: object
@ -657,5 +658,4 @@ spec:
                  pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$'
                scalyr_server_url:
                  type: string
  version: v1
 {{ end }}
--- a/charts/postgres-operator/values-crd.yaml
+++ b/charts/postgres-operator/values-crd.yaml
@ -17,6 +17,8 @@ configTarget: "OperatorConfigurationCRD"
 # general top-level configuration parameters
 configGeneral:
  # choose if deployment creates/updates CRDs with OpenAPIV3Validation
  enable_crd_validation: true
  # start any new database pod without limitations on shm memory
  enable_shm_volume: true
  # etcd connection string for Patroni. Empty uses K8s-native DCS.
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@ -17,6 +17,8 @@ configTarget: "ConfigMap"
 # general configuration parameters
 configGeneral:
  # choose if deployment creates/updates CRDs with OpenAPIV3Validation
  enable_crd_validation: "true"
  # start any new database pod without limitations on shm memory
  enable_shm_volume: "true"
  # etcd connection string for Patroni. Empty uses K8s-native DCS.
--- a/docs/administrator.md
+++ b/docs/administrator.md
@ -3,6 +3,30 @@
 Learn how to configure and manage the Postgres Operator in your Kubernetes (K8s)
 environment.
 ## CRD Validation
 [CustomResourceDefinitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions)
 will be registered with schema validation by default when the operator is
 deployed. The `OperatorConfiguration` CRD will only get created if the
 `POSTGRES_OPERATOR_CONFIGURATION_OBJECT` [environment variable](../manifests/postgres-operator.yaml#L36)
 in the deployment yaml is set and not empty.
 When submitting manifests of [`postgresql`](../manifests/postgresql.crd.yaml) or
 [`OperatorConfiguration`](../manifests/operatorconfiguration.crd.yaml) custom
 resources with kubectl, validation can be bypassed with `--validate=false`. The
 operator can also be configured to not register CRDs with validation on `ADD` or
 `UPDATE` events. Running instances are not affected when enabling the validation
 afterwards unless the manifests is not changed then. Note, that the provided CRD
 manifests contain the validation for users to understand what schema is
 enforced.
 Once the validation is enabled it can only be disabled manually by editing or
 patching the CRD manifest:
 ```bash
 zk8 patch crd postgresqls.acid.zalan.do -p '{"spec":{"validation": null}}'
 ```
 ## Namespaces
 ### Select the namespace to deploy to
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@ -119,15 +119,15 @@ kubectl get pod -l app.kubernetes.io/name=postgres-operator
 kubectl create -f manifests/minimal-postgres-manifest.yaml
 ```
-After the cluster manifest is submitted the operator will create Service and
+After the cluster manifest is submitted and passed the validation the operator
-Endpoint resources and a StatefulSet which spins up new Pod(s) given the number
+will create Service and Endpoint resources and a StatefulSet which spins up new
-of instances specified in the manifest. All resources are named like the
+Pod(s) given the number of instances specified in the manifest. All resources
-cluster. The database pods can be identified by their number suffix, starting
+are named like the cluster. The database pods can be identified by their number
-from `-0`. They run the [Spilo](https://github.com/zalando/spilo) container
+suffix, starting from `-0`. They run the [Spilo](https://github.com/zalando/spilo)
-image by Zalando. As for the services and endpoints, there will be one for the
+container image by Zalando. As for the services and endpoints, there will be one
-master pod and another one for all the replicas (`-repl` suffix). Check if all
+for the master pod and another one for all the replicas (`-repl` suffix). Check
-components are coming up. Use the label `application=spilo` to filter and list
+if all components are coming up. Use the label `application=spilo` to filter and
-the label `spilo-role` to see who is currently the master.
+list the label `spilo-role` to see who is currently the master.
 ```bash
 # check the deployed cluster
--- a/docs/reference/operator_parameters.md
+++ b/docs/reference/operator_parameters.md
@ -69,6 +69,11 @@ Variable names are underscore-separated words.
 Those are top-level keys, containing both leaf keys and groups.
 * **enable_crd_validation**
  toggles if the operator will create or update CRDs with
  [OpenAPI v3 schema validation](https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#validation)
  The default is `true`.
 * **etcd_host**
  Etcd connection string for Patroni defined as `host:port`. Not required when
  Patroni native Kubernetes support is used. The default is empty (use
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@ -21,6 +21,7 @@ data:
  # default_memory_request: 100Mi
  docker_image: registry.opensource.zalan.do/acid/spilo-11:1.6-p1
  # enable_admin_role_for_users: "true"
  # enable_crd_validation: "true"
  # enable_database_access: "true"
  enable_master_load_balancer: "false"
  # enable_pod_antiaffinity: "false"
--- a/manifests/operatorconfiguration.crd.yaml
+++ b/manifests/operatorconfiguration.crd.yaml
@ -14,6 +14,7 @@ spec:
  scope: Namespaced
  subresources:
    status: {}
  version: v1
  validation:
    openAPIV3Schema:
      type: object
@ -262,5 +263,3 @@ spec:
                  pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$'
                scalyr_server_url:
                  type: string
  version: v1
--- a/manifests/postgresql-operator-default-configuration.yaml
+++ b/manifests/postgresql-operator-default-configuration.yaml
@ -3,6 +3,7 @@ kind: OperatorConfiguration
 metadata:
  name: postgresql-operator-default-configuration
 configuration:
  # enable_crd_validation: true
  etcd_host: ""
  docker_image: registry.opensource.zalan.do/acid/spilo-11:1.6-p1
  # enable_shm_volume: true
--- a/manifests/postgresql.crd.yaml
+++ b/manifests/postgresql.crd.yaml
@ -14,6 +14,7 @@ spec:
  scope: Namespaced
  subresources:
    status: {}
  version: v1
  validation:
    openAPIV3Schema:
      type: object
@ -324,5 +325,3 @@ spec:
                  type: string
                subPath:
                  type: string
  version: v1
--- a/pkg/apis/acid.zalan.do/v1/crds.go
+++ b/pkg/apis/acid.zalan.do/v1/crds.go
@ -108,7 +108,8 @@ var min1 = 1.0
 var minDisable = -1.0
 // PostgresCRDResourceValidation to check applied manifest parameters
-var PostgresCRDResourceValidation = apiextv1beta1.JSONSchemaProps{
+var PostgresCRDResourceValidation = apiextv1beta1.CustomResourceValidation{
 	OpenAPIV3Schema: &apiextv1beta1.JSONSchemaProps{
 		Type:     "object",
 		Required: []string{"kind", "apiVersion", "spec"},
 		Properties: map[string]apiextv1beta1.JSONSchemaProps{
@ -578,10 +579,12 @@ var PostgresCRDResourceValidation = apiextv1beta1.JSONSchemaProps{
 				},
 			},
 		},
 	},
 }
 // OperatorConfigCRDResourceValidation to check applied manifest parameters
-var OperatorConfigCRDResourceValidation = apiextv1beta1.JSONSchemaProps{
+var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation{
 	OpenAPIV3Schema: &apiextv1beta1.JSONSchemaProps{
 		Type:     "object",
 		Required: []string{"kind", "apiVersion", "configuration"},
 		Properties: map[string]apiextv1beta1.JSONSchemaProps{
@ -975,9 +978,10 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.JSONSchemaProps{
 				},
 			},
 		},
 	},
 }
-func buildCRD(name, kind, plural, short string, columns []apiextv1beta1.CustomResourceColumnDefinition, validationSchema apiextv1beta1.JSONSchemaProps) *apiextv1beta1.CustomResourceDefinition {
+func buildCRD(name, kind, plural, short string, columns []apiextv1beta1.CustomResourceColumnDefinition, validation apiextv1beta1.CustomResourceValidation) *apiextv1beta1.CustomResourceDefinition {
 	return &apiextv1beta1.CustomResourceDefinition{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: name,
@ -995,29 +999,39 @@ func buildCRD(name, kind, plural, short string, columns []apiextv1beta1.CustomRe
 				Status: &apiextv1beta1.CustomResourceSubresourceStatus{},
 			},
 			AdditionalPrinterColumns: columns,
-			Validation: &apiextv1beta1.CustomResourceValidation{
+			Validation:               &validation,
 				OpenAPIV3Schema: &validationSchema,
 			},
 		},
 	}
 }
 // PostgresCRD returns CustomResourceDefinition built from PostgresCRDResource
-func PostgresCRD() *apiextv1beta1.CustomResourceDefinition {
+func PostgresCRD(enableValidation *bool) *apiextv1beta1.CustomResourceDefinition {
 	postgresCRDvalidation := apiextv1beta1.CustomResourceValidation{}
 	if enableValidation != nil && *enableValidation {
 		postgresCRDvalidation = PostgresCRDResourceValidation
 	}
 	return buildCRD(PostgresCRDResouceName,
 		PostgresCRDResourceKind,
 		PostgresCRDResourcePlural,
 		PostgresCRDResourceShort,
 		PostgresCRDResourceColumns,
-		PostgresCRDResourceValidation)
+		postgresCRDvalidation)
 }
 // ConfigurationCRD returns CustomResourceDefinition built from OperatorConfigCRDResource
-func ConfigurationCRD() *apiextv1beta1.CustomResourceDefinition {
+func ConfigurationCRD(enableValidation *bool) *apiextv1beta1.CustomResourceDefinition {
 	opconfigCRDvalidation := apiextv1beta1.CustomResourceValidation{}
 	if enableValidation != nil && *enableValidation {
 		opconfigCRDvalidation = OperatorConfigCRDResourceValidation
 	}
 	return buildCRD(OperatorConfigCRDResourceName,
 		OperatorConfigCRDResouceKind,
 		OperatorConfigCRDResourcePlural,
 		OperatorConfigCRDResourceShort,
 		OperatorConfigCRDResourceColumns,
-		OperatorConfigCRDResourceValidation)
+		opconfigCRDvalidation)
 }
--- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
+++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
@ -150,6 +150,7 @@ type ScalyrConfiguration struct {
 // OperatorConfigurationData defines the operation config
 type OperatorConfigurationData struct {
 	EnableCRDValidation        *bool                              `json:"enable_crd_validation,omitempty"`
 	EtcdHost                   string                             `json:"etcd_host,omitempty"`
 	DockerImage                string                             `json:"docker_image,omitempty"`
 	Workers                    uint32                             `json:"workers,omitempty"`
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@ -6,7 +6,7 @@ import (
 	"sync"
 	"github.com/sirupsen/logrus"
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	rbacv1beta1 "k8s.io/api/rbac/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
@ -240,7 +240,7 @@ func (c *Controller) initController() {
 	c.initClients()
 	if configObjectName := os.Getenv("POSTGRES_OPERATOR_CONFIGURATION_OBJECT"); configObjectName != "" {
-		if err := c.createConfigurationCRD(); err != nil {
+		if err := c.createConfigurationCRD(c.opConfig.EnableCRDValidation); err != nil {
 			c.logger.Fatalf("could not register Operator Configuration CustomResourceDefinition: %v", err)
 		}
 		if cfg, err := c.readOperatorConfigurationFromCRD(spec.GetOperatorNamespace(), configObjectName); err != nil {
@ -256,7 +256,7 @@ func (c *Controller) initController() {
 	c.modifyConfigFromEnvironment()
-	if err := c.createPostgresCRD(); err != nil {
+	if err := c.createPostgresCRD(c.opConfig.EnableCRDValidation); err != nil {
 		c.logger.Fatalf("could not register Postgres CustomResourceDefinition: %v", err)
 	}
--- a/pkg/controller/operator_config.go
+++ b/pkg/controller/operator_config.go
@ -25,6 +25,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result := &config.Config{}
 	// general config
 	result.EnableCRDValidation = fromCRD.EnableCRDValidation
 	result.EtcdHost = fromCRD.EtcdHost
 	result.DockerImage = fromCRD.DockerImage
 	result.Workers = fromCRD.Workers
--- a/pkg/controller/util.go
+++ b/pkg/controller/util.go
@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
@ -91,12 +91,12 @@ func (c *Controller) createOperatorCRD(crd *apiextv1beta1.CustomResourceDefiniti
 	})
 }
-func (c *Controller) createPostgresCRD() error {
+func (c *Controller) createPostgresCRD(enableValidation *bool) error {
-	return c.createOperatorCRD(acidv1.PostgresCRD())
+	return c.createOperatorCRD(acidv1.PostgresCRD(enableValidation))
 }
-func (c *Controller) createConfigurationCRD() error {
+func (c *Controller) createConfigurationCRD(enableValidation *bool) error {
-	return c.createOperatorCRD(acidv1.ConfigurationCRD())
+	return c.createOperatorCRD(acidv1.ConfigurationCRD(enableValidation))
 }
 func readDecodedRole(s string) (*spec.PgUser, error) {
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@ -16,6 +16,7 @@ type CRD struct {
 	ReadyWaitTimeout    time.Duration `name:"ready_wait_timeout" default:"30s"`
 	ResyncPeriod        time.Duration `name:"resync_period" default:"30m"`
 	RepairPeriod        time.Duration `name:"repair_period" default:"5m"`
 	EnableCRDValidation *bool         `name:"enable_crd_validation" default:"true"`
 }
 // Resources describes kubernetes resource specific configuration parameters