Minor improvements (#381)

* Minor improvements

* Document empty list vs null for users without privileges

* Change the wording for null values

* Add talk by Oleksii in Atmosphere

.zappr.yaml

@@ -1,12 +0,0 @@
-# for github.com
-approvals:
-  groups:
-    zalando:
-      minimum: 2
-      from:
-        orgs:
-          - "zalando"
-X-Zalando-Team: "acid"
-# type should be one of [code, doc, config, tools, secrets]
-# code will be the default value, if X-Zalando-Type is not found in .zappr.yml
-X-Zalando-Type: code

Makefile

@@ -1,4 +1,4 @@
-.PHONY: clean local linux macos docker push scm-source.json
+.PHONY: clean local test linux macos docker push scm-source.json
 
 BINARY ?= postgres-operator
 BUILD_FLAGS ?= -v
@@ -86,3 +86,6 @@ vet:
 
 deps:
 	@glide install --strip-vendor
+
+test:
+	@go test ./...

README.md

@@ -67,12 +67,14 @@ kubectl create -f manifests/configmap.yaml  # configuration
 kubectl create -f manifests/operator-service-account-rbac.yaml  # identity and permissions
 kubectl create -f manifests/postgres-operator.yaml  # deployment
 
-# create a Postgres cluster
+# create a Postgres cluster in a non-default namespace
+kubectl create namespace test
+kubectl config set-context minikube --namespace=test
 kubectl create -f manifests/minimal-postgres-manifest.yaml
 
 # connect to the Postgres master via psql
 # operator creates the relevant k8s secret
-export HOST_PORT=$(minikube service acid-minimal-cluster --url | sed 's,.*/,,')
+export HOST_PORT=$(minikube service --namespace test acid-minimal-cluster --url | sed 's,.*/,,')
 export PGHOST=$(echo $HOST_PORT | cut -d: -f 1)
 export PGPORT=$(echo $HOST_PORT | cut -d: -f 2)
 export PGPASSWORD=$(kubectl get secret postgres.acid-minimal-cluster.credentials -o 'jsonpath={.data.password}' | base64 -d)
@@ -90,11 +92,10 @@ cd postgres-operator
 
 ## Running and testing the operator
 
-The best way to test the operator is to run it in [minikube](https://kubernetes.io/docs/getting-started-guides/minikube/).
-Minikube is a tool to run Kubernetes cluster locally.
+The best way to test the operator is to run it locally in [minikube](https://kubernetes.io/docs/getting-started-guides/minikube/). See developer docs(`docs/developer.yaml`) for details.
 
 ### Configuration Options
 
-The operator can be configured with the provided ConfigMap (`manifests/configmap.yaml`).
+The operator can be configured with the provided ConfigMap(`manifests/configmap.yaml`) or the operator's own CRD.
 
 

docs/developer.md

@@ -275,3 +275,12 @@ Type 'help' for list of commands.
 (dlv) c
 PASS
 ```
+
+To test the multinamespace setup, you can use
+```
+./run_operator_locally.sh --rebuild-operator
+```
+It will automatically create an `acid-minimal-cluster` in the namespace `test`. Then you can for example check the Patroni logs:
+```
+kubectl logs acid-minimal-cluster-0 
+```

docs/index.md

@@ -51,6 +51,8 @@ Please, report any issues discovered to https://github.com/zalando-incubator/pos
 
 ## Talks
 
-1. "Blue elephant on-demand: Postgres + Kubernetes" talk by Oleksii Kliukin and Jan Mussler, FOSDEM 2018: [video](https://fosdem.org/2018/schedule/event/blue_elephant_on_demand_postgres_kubernetes/) | [slides (pdf)](https://www.postgresql.eu/events/fosdem2018/sessions/session/1735/slides/59/FOSDEM%202018_%20Blue_Elephant_On_Demand.pdf)
+1. "PostgreSQL High Availability on Kubernetes with Patroni" talk by Oleksii Kliukin, Atmosphere 2018: [video](https://www.youtube.com/watch?v=cFlwQOPPkeg) | [slides](https://speakerdeck.com/alexeyklyukin/postgresql-high-availability-on-kubernetes-with-patroni)
 
-2. "Kube-Native Postgres" talk by Josh Berkus, KubeCon 2017: [video](https://www.youtube.com/watch?v=Zn1vd7sQ_bc)
+2. "Blue elephant on-demand: Postgres + Kubernetes" talk by Oleksii Kliukin and Jan Mussler, FOSDEM 2018: [video](https://fosdem.org/2018/schedule/event/blue_elephant_on_demand_postgres_kubernetes/) | [slides (pdf)](https://www.postgresql.eu/events/fosdem2018/sessions/session/1735/slides/59/FOSDEM%202018_%20Blue_Elephant_On_Demand.pdf)
+
+3. "Kube-Native Postgres" talk by Josh Berkus, KubeCon 2017: [video](https://www.youtube.com/watch?v=Zn1vd7sQ_bc)

docs/reference/operator_parameters.md

@@ -379,7 +379,7 @@ key.
   infrastructure role. The default is `admin`.
 
 * **postgres_superuser_teams**
-  List of teams which members need the superuser role in each PG database cluster to administer Postgres and maintain infrastructure built around it. The default is `postgres_superuser`.
+  List of teams which members need the superuser role in each PG database cluster to administer Postgres and maintain infrastructure built around it. The default is empty.
 
 ## Logging and REST API
 

docs/user.md

@@ -20,7 +20,7 @@ spec:
     - createdb
 
     # role for application foo
-    foo_user:
+    foo_user: # or 'foo_user: []'
 
   #databases: name->owner
   databases:
@@ -74,8 +74,8 @@ for an example of `zalando` role, defined with `superuser` and `createdb`
 flags.
 
 Manifest roles are defined as a dictionary, with a role name as a key and a
-list of role options as a value. For a role without any options supply an empty
-list.
+list of role options as a value. For a role without any options it is best to supply the empty
+list `[]`. It is also possible to leave this field empty as in our example manifests, but in certain cases such empty field may removed by Kubernetes [due to the `null` value it gets](https://kubernetes.io/docs/concepts/overview/object-management-kubectl/declarative-config/#how-apply-calculates-differences-and-merges-changes) (`foobar_user:` is equivalent to `foobar_user: null`). 
 
 The operator accepts the following options:  `superuser`, `inherit`, `login`,
 `nologin`, `createrole`, `createdb`, `replication`, `bypassrls`.

manifests/configmap.yaml

@@ -3,19 +3,19 @@ kind: ConfigMap
 metadata:
   name: postgres-operator
 data:  
-  # if set to the "*", listen to all namespaces
-  # watched_namespace: development
+  watched_namespace: "*" # listen to all namespaces
   cluster_labels: application:spilo
   cluster_name_label: version
   pod_role_label: spilo-role
 
   debug_logging: "true"
   workers: "4"
-  docker_image: registry.opensource.zalan.do/acid/spilo-cdp-10:1.4-p8
+  docker_image: registry.opensource.zalan.do/acid/spilo-cdp-10:1.4-p29
   pod_service_account_name: "zalando-postgres-operator"
   secret_name_template: '{username}.{cluster}.credentials'
   super_username: postgres
   enable_teams_api: "false"
+  # postgres_superuser_teams: "postgres_superusers"
   # enable_team_superuser: "false"
   # team_admin_role: "admin"
   # teams_api_url: http://fake-teams-api.default.svc.cluster.local

manifests/minimal-postgres-manifest.yaml

@@ -2,6 +2,7 @@ apiVersion: "acid.zalan.do/v1"
 kind: postgresql
 metadata:
   name: acid-minimal-cluster
+  namespace: test # assumes namespace exists beforehand
 spec:
   teamId: "ACID"
   volume:

manifests/postgresql-operator-default-configuration.yaml

@@ -4,7 +4,7 @@ metadata:
   name: postgresql-operator-default-configuration
 configuration:
   etcd_host: ""
-  docker_image: registry.opensource.zalan.do/acid/spilo-cdp-10:1.4-p8
+  docker_image: registry.opensource.zalan.do/acid/spilo-cdp-10:1.4-p29
   workers: 4
   min_instances: -1
   max_instances: -1
@@ -68,6 +68,7 @@ configuration:
     protected_role_names: 
       - admin
     # teams_api_url: ""
+    # postgres_superuser_teams: "postgres_superusers"
   logging_rest_api:
     api_port: 8008
     ring_log_lines: 100

run_operator_locally.sh

@@ -94,7 +94,7 @@ function build_operator_binary(){
 
     # redirecting stderr greatly reduces non-informative output during normal builds
     echo "Build operator binary (stderr redirected to /dev/null)..."
-    make tools deps local > /dev/null 2>&1
+    make clean tools deps local test > /dev/null 2>&1
 
 }
 
@@ -215,6 +215,7 @@ function main(){
 
     clean_up
     start_minikube
+    kubectl create namespace test
     start_operator
     forward_ports
     check_health