Merge branch 'master' into ignore-resources-limits

.gitignore

@@ -106,3 +106,6 @@ mocks
 ui/.npm/
 
 .DS_Store
+
+# temp build files
+pkg/apis/acid.zalan.do/v1/postgresql.crd.yaml

Makefile

@@ -21,6 +21,7 @@ GITSTATUS = $(shell git status --porcelain || echo "no changes")
 SOURCES = cmd/main.go
 VERSION ?= $(shell git describe --tags --always --dirty)
 CRD_SOURCES    = $(shell find pkg/apis/zalando.org pkg/apis/acid.zalan.do -name '*.go' -not -name '*.deepcopy.go')
+GENERATED_CRDS = manifests/postgresteam.crd.yaml manifests/postgresql.crd.yaml
 GENERATED      = pkg/apis/zalando.org/v1/zz_generated.deepcopy.go pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
 DIRS := cmd pkg
 PKG := `go list ./... | grep -v /vendor/`
@@ -53,6 +54,8 @@ default: local
 
 clean:
 	rm -rf build
+	rm $(GENERATED)
+	rm pkg/apis/acid.zalan.do/v1/postgresql.crd.yaml
 
 verify:
 	hack/verify-codegen.sh
@@ -60,13 +63,25 @@ verify:
 $(GENERATED): go.mod $(CRD_SOURCES)
 	hack/update-codegen.sh
 
-local: ${SOURCES} $(GENERATED)
+$(GENERATED_CRDS): $(GENERATED)
+	go tool controller-gen crd:crdVersions=v1,allowDangerousTypes=true paths=./pkg/apis/acid.zalan.do/... output:crd:dir=manifests
+	# only generate postgresteam.crd.yaml and postgresql.crd.yaml for now
+	@rm manifests/acid.zalan.do_operatorconfigurations.yaml
+	@mv manifests/acid.zalan.do_postgresqls.yaml manifests/postgresql.crd.yaml
+	@# hack to use lowercase kind and listKind
+	@sed -i -e 's/kind: Postgresql/kind: postgresql/' manifests/postgresql.crd.yaml
+	@sed -i -e 's/listKind: PostgresqlList/listKind: postgresqlList/' manifests/postgresql.crd.yaml
+	@hack/adjust_postgresql_crd.sh
+	@mv manifests/acid.zalan.do_postgresteams.yaml manifests/postgresteam.crd.yaml
+	@cp manifests/postgresql.crd.yaml pkg/apis/acid.zalan.do/v1/postgresql.crd.yaml
+
+local: ${SOURCES} $(GENERATED_CRDS)
 	CGO_ENABLED=${CGO_ENABLED} go build -o build/${BINARY} $(LOCAL_BUILD_FLAGS) -ldflags "$(LDFLAGS)" $(SOURCES)
 
-linux: ${SOURCES} $(GENERATED)
+linux: ${SOURCES} $(GENERATED_CRDS)
 	GOOS=linux GOARCH=amd64 CGO_ENABLED=${CGO_ENABLED} go build -o build/linux/${BINARY} ${BUILD_FLAGS} -ldflags "$(LDFLAGS)" $(SOURCES)
 
-macos: ${SOURCES} $(GENERATED)
+macos: ${SOURCES} $(GENERATED_CRDS)
 	GOOS=darwin GOARCH=amd64 CGO_ENABLED=${CGO_ENABLED} go build -o build/macos/${BINARY} ${BUILD_FLAGS} -ldflags "$(LDFLAGS)" $(SOURCES)
 
 docker: ${DOCKERDIR}/${DOCKERFILE}
@@ -90,7 +105,7 @@ vet:
 	@go vet $(PKG)
 	@staticcheck $(PKG)
 
-test: mocks $(GENERATED)
+test: mocks $(GENERATED) $(GENERATED_CRDS)
 	GO111MODULE=on go test ./...
 
 codegen: $(GENERATED)

go.mod

@@ -23,11 +23,13 @@ require (
 require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/gobuffalo/flect v1.0.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
@@ -35,18 +37,22 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/cobra v1.9.1 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	golang.org/x/mod v0.29.0 // indirect
 	golang.org/x/net v0.47.0 // indirect
@@ -67,6 +73,7 @@ require (
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
 	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
+	sigs.k8s.io/controller-tools v0.17.3 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
@@ -80,4 +87,5 @@ tool (
 	k8s.io/code-generator/cmd/deepcopy-gen
 	k8s.io/code-generator/cmd/informer-gen
 	k8s.io/code-generator/cmd/lister-gen
+	sigs.k8s.io/controller-tools/cmd/controller-gen
 )

go.sum

@@ -4,6 +4,7 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ=
 github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -11,6 +12,10 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
@@ -25,6 +30,8 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4=
+github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
@@ -45,6 +52,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
@@ -66,6 +75,11 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
 github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -79,10 +93,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
 github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
-github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
-github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
+github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -92,10 +110,13 @@ github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M=
 github.com/r3labs/diff v1.1.0/go.mod h1:7WjXasNzi0vJetRcB/RqNl5dlIsmXcTTLmF5IoH6Xig=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -146,6 +167,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -181,6 +204,8 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP
 gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
@@ -206,6 +231,8 @@ k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUy
 k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-tools v0.17.3 h1:lwFPLicpBKLgIepah+c8ikRBubFW5kOQyT88r3EwfNw=
+sigs.k8s.io/controller-tools v0.17.3/go.mod h1:1ii+oXcYZkxcBXzwv3YZBlzjt1fvkrCGjVF73blosJI=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=

hack/adjust_postgresql_crd.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+# Hack to adjust the generated postgresql CRD YAML file and add missing field
+# settings which can not be expressed via kubebuilder markers.
+#
+# Injections:
+#
+#  * oneOf: for the standby field to enforce that only one of s3_wal_path, gs_wal_path or standby_host is set.
+#    * This can later be done with // +kubebuilder:validation:ExactlyOneOf marker, but this requires latest Kubernetes version. (Currently the operator depends on v1.32.9)
+#  * type: string and pattern for the maintenanceWindows items.
+
+file="${1:-"manifests/postgresql.crd.yaml"}"
+
+sed -i '/^[[:space:]]*standby:$/{
+    # Capture the indentation
+    s/^\([[:space:]]*\)standby:$/\1standby:\n\1  oneOf:\n\1  - required:\n\1    - s3_wal_path\n\1  - required:\n\1    - gs_wal_path\n\1  - required:\n\1    - standby_host/
+}' "$file"
+
+sed -i '/^[[:space:]]*maintenanceWindows:$/{
+    # Capture the indentation
+    s/^\([[:space:]]*\)maintenanceWindows:$/\1maintenanceWindows:\n\1  items:\n\1    pattern: '\''^\\ *((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\\d):([0-5]?\\d)|(2[0-3]|[01]?\\d):([0-5]?\\d))-((2[0-3]|[01]?\\d):([0-5]?\\d)|(2[0-3]|[01]?\\d):([0-5]?\\d))\\ *$'\''\n\1    type: string/
+}' "$file"

manifests/postgresteam.crd.yaml

@@ -1,68 +1,82 @@
+---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.3
   name: postgresteams.acid.zalan.do
 spec:
   group: acid.zalan.do
   names:
+    categories:
+    - all
     kind: PostgresTeam
     listKind: PostgresTeamList
     plural: postgresteams
-    singular: postgresteam
     shortNames:
     - pgteam
-    categories:
-    - all
+    singular: postgresteam
   scope: Namespaced
   versions:
   - name: v1
+    schema:
+      openAPIV3Schema:
+        description: PostgresTeam defines Custom Resource Definition Object for team
+          management.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: PostgresTeamSpec defines the specification for the PostgresTeam
+              TPR.
+            properties:
+              additionalMembers:
+                additionalProperties:
+                  description: List of users who will also be added to the Postgres
+                    cluster.
+                  items:
+                    type: string
+                  type: array
+                description: Map for teamId and associated additional users
+                type: object
+              additionalSuperuserTeams:
+                additionalProperties:
+                  description: List of teams to become Postgres superusers
+                  items:
+                    type: string
+                  type: array
+                description: Map for teamId and associated additional superuser teams
+                type: object
+              additionalTeams:
+                additionalProperties:
+                  description: List of teams whose members will also be added to the
+                    Postgres cluster.
+                  items:
+                    type: string
+                  type: array
+                description: Map for teamId and associated additional teams
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
     served: true
     storage: true
     subresources:
       status: {}
-    schema:
-      openAPIV3Schema:
-        type: object
-        required:
-          - kind
-          - apiVersion
-          - spec
-        properties:
-          kind:
-            type: string
-            enum:
-              - PostgresTeam
-          apiVersion:
-            type: string
-            enum:
-              - acid.zalan.do/v1
-          spec:
-            type: object
-            properties:
-              additionalSuperuserTeams:
-                type: object
-                description: "Map for teamId and associated additional superuser teams"
-                additionalProperties:
-                  type: array
-                  nullable: true
-                  description: "List of teams to become Postgres superusers"
-                  items:
-                    type: string
-              additionalTeams:
-                type: object
-                description: "Map for teamId and associated additional teams"
-                additionalProperties:
-                  type: array
-                  nullable: true
-                  description: "List of teams whose members will also be added to the Postgres cluster"
-                  items:
-                    type: string
-              additionalMembers:
-                type: object
-                description: "Map for teamId and associated additional users"
-                additionalProperties:
-                  type: array
-                  nullable: true
-                  description: "List of users who will also be added to the Postgres cluster"
-                  items:
-                    type: string

pkg/apis/acid.zalan.do/v1/postgres_team_type.go

@@ -8,18 +8,33 @@ import (
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // PostgresTeam defines Custom Resource Definition Object for team management.
+// +k8s:deepcopy-gen=true
+// +kubebuilder:resource:shortName=pgteam,categories=all
+// +kubebuilder:subresource:status
 type PostgresTeam struct {
 	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
+	metav1.ObjectMeta `json:"metadata"`
 
 	Spec PostgresTeamSpec `json:"spec"`
 }
 
+// List of users who will also be added to the Postgres cluster.
+type Users []string
+
+// List of teams whose members will also be added to the Postgres cluster.
+type Teams []string
+
+// List of teams to become Postgres superusers
+type SuperUserTeams []string
+
 // PostgresTeamSpec defines the specification for the PostgresTeam TPR.
 type PostgresTeamSpec struct {
-	AdditionalSuperuserTeams map[string][]string `json:"additionalSuperuserTeams,omitempty"`
-	AdditionalTeams          map[string][]string `json:"additionalTeams,omitempty"`
-	AdditionalMembers        map[string][]string `json:"additionalMembers,omitempty"`
+	// Map for teamId and associated additional superuser teams
+	AdditionalSuperuserTeams map[string]SuperUserTeams `json:"additionalSuperuserTeams,omitempty"`
+	// Map for teamId and associated additional teams
+	AdditionalTeams map[string]Teams `json:"additionalTeams,omitempty"`
+	// Map for teamId and associated additional users
+	AdditionalMembers map[string]Users `json:"additionalMembers,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

pkg/apis/acid.zalan.do/v1/postgresql_type.go

@@ -11,13 +11,25 @@ import (
 
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
 
 // Postgresql defines PostgreSQL Custom Resource Definition Object.
+// +kubebuilder:resource:categories=all,shortName=pg,scope=Namespaced
+// +kubebuilder:printcolumn:name="Team",type=string,JSONPath=`.spec.teamId`,description="Team responsible for Postgres cluster"
+// +kubebuilder:printcolumn:name="Version",type=string,JSONPath=`.spec.postgresql.version`,description="PostgreSQL version"
+// +kubebuilder:printcolumn:name="Pods",type=integer,JSONPath=`.spec.numberOfInstances`,description="Number of Pods per Postgres cluster"
+// +kubebuilder:printcolumn:name="Volume",type=string,JSONPath=`.spec.volume.size`,description="Size of the bound volume"
+// +kubebuilder:printcolumn:name="CPU-Request",type=string,JSONPath=`.spec.resources.requests.cpu`,description="Requested CPU for Postgres containers"
+// +kubebuilder:printcolumn:name="Memory-Request",type=string,JSONPath=`.spec.resources.requests.memory`,description="Requested memory for Postgres containers"
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Age of the PostgreSQL cluster"
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.PostgresClusterStatus`,description="Current sync status of postgresql resource"
+// +kubebuilder:subresource:status
 type Postgresql struct {
 	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
+	metav1.ObjectMeta `json:"metadata"`
 
-	Spec   PostgresSpec   `json:"spec"`
+	Spec PostgresSpec `json:"spec"`
+	// +optional
 	Status PostgresStatus `json:"status"`
 	Error  string         `json:"-"`
 }
@@ -25,9 +37,10 @@ type Postgresql struct {
 // PostgresSpec defines the specification for the PostgreSQL TPR.
 type PostgresSpec struct {
 	PostgresqlParam `json:"postgresql"`
-	Volume          `json:"volume,omitempty"`
-	Patroni         `json:"patroni,omitempty"`
-	*Resources      `json:"resources,omitempty"`
+	Volume          `json:"volume"`
+	// +optional
+	Patroni    `json:"patroni"`
+	*Resources `json:"resources,omitempty"`
 
 	EnableConnectionPooler        *bool             `json:"enableConnectionPooler,omitempty"`
 	EnableReplicaConnectionPooler *bool             `json:"enableReplicaConnectionPooler,omitempty"`
@@ -52,20 +65,33 @@ type PostgresSpec struct {
 
 	// deprecated load balancer settings maintained for backward compatibility
 	// see "Load balancers" operator docs
-	UseLoadBalancer     *bool `json:"useLoadBalancer,omitempty"`
+	UseLoadBalancer *bool `json:"useLoadBalancer,omitempty"`
+	// deprecated
 	ReplicaLoadBalancer *bool `json:"replicaLoadBalancer,omitempty"`
 
 	// load balancers' source ranges are the same for master and replica services
+	// +nullable
+	// +kubebuilder:validation:items:Pattern=`^(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\/(\d|[1-2]\d|3[0-2])$`
+	// +optional
 	AllowedSourceRanges []string `json:"allowedSourceRanges"`
 
-	Users                          map[string]UserFlags `json:"users,omitempty"`
-	UsersIgnoringSecretRotation    []string             `json:"usersIgnoringSecretRotation,omitempty"`
-	UsersWithSecretRotation        []string             `json:"usersWithSecretRotation,omitempty"`
-	UsersWithInPlaceSecretRotation []string             `json:"usersWithInPlaceSecretRotation,omitempty"`
+	Users map[string]UserFlags `json:"users,omitempty"`
+	// +nullable
+	UsersIgnoringSecretRotation []string `json:"usersIgnoringSecretRotation,omitempty"`
+	// +nullable
+	UsersWithSecretRotation []string `json:"usersWithSecretRotation,omitempty"`
+	// +nullable
+	UsersWithInPlaceSecretRotation []string `json:"usersWithInPlaceSecretRotation,omitempty"`
 
-	NumberOfInstances      int32                       `json:"numberOfInstances"`
-	MaintenanceWindows     []MaintenanceWindow         `json:"maintenanceWindows,omitempty"`
-	Clone                  *CloneDescription           `json:"clone,omitempty"`
+	// +kubebuilder:validation:Minimum=0
+	NumberOfInstances int32 `json:"numberOfInstances"`
+	// +kubebuilder:validation:Schemaless
+	// +kubebuilder:validation:Type=array
+	// +kubebuilde:validation:items:Type=string
+	MaintenanceWindows []MaintenanceWindow `json:"maintenanceWindows,omitempty"`
+	Clone              *CloneDescription   `json:"clone,omitempty"`
+	// Note: usernames specified here as database owners must be declared
+	// in the users key of the spec key.
 	Databases              map[string]string           `json:"databases,omitempty"`
 	PreparedDatabases      map[string]PreparedDatabase `json:"preparedDatabases,omitempty"`
 	SchedulerName          *string                     `json:"schedulerName,omitempty"`
@@ -77,10 +103,11 @@ type PostgresSpec struct {
 	ShmVolume              *bool                       `json:"enableShmVolume,omitempty"`
 	EnableLogicalBackup    bool                        `json:"enableLogicalBackup,omitempty"`
 	LogicalBackupRetention string                      `json:"logicalBackupRetention,omitempty"`
-	LogicalBackupSchedule  string                      `json:"logicalBackupSchedule,omitempty"`
-	StandbyCluster         *StandbyDescription         `json:"standby,omitempty"`
-	PodAnnotations         map[string]string           `json:"podAnnotations,omitempty"`
-	ServiceAnnotations     map[string]string           `json:"serviceAnnotations,omitempty"`
+	// +kubebuilder:validation:Pattern=`^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$`
+	LogicalBackupSchedule string              `json:"logicalBackupSchedule,omitempty"`
+	StandbyCluster        *StandbyDescription `json:"standby,omitempty"`
+	PodAnnotations        map[string]string   `json:"podAnnotations,omitempty"`
+	ServiceAnnotations    map[string]string   `json:"serviceAnnotations,omitempty"`
 	// MasterServiceAnnotations takes precedence over ServiceAnnotations for master role if not empty
 	MasterServiceAnnotations map[string]string `json:"masterServiceAnnotations,omitempty"`
 	// ReplicaServiceAnnotations takes precedence over ServiceAnnotations for replica role if not empty
@@ -90,9 +117,10 @@ type PostgresSpec struct {
 	Streams                   []Stream           `json:"streams,omitempty"`
 	Env                       []v1.EnvVar        `json:"env,omitempty"`
 
-	// deprecated json tags
-	InitContainersOld       []v1.Container `json:"init_containers,omitempty"`
-	PodPriorityClassNameOld string         `json:"pod_priority_class_name,omitempty"`
+	// deprecated
+	InitContainersOld []v1.Container `json:"init_containers,omitempty"`
+	// deprecated
+	PodPriorityClassNameOld string `json:"pod_priority_class_name,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -123,50 +151,84 @@ type PreparedSchema struct {
 type MaintenanceWindow struct {
 	Everyday  bool         `json:"everyday,omitempty"`
 	Weekday   time.Weekday `json:"weekday,omitempty"`
-	StartTime metav1.Time  `json:"startTime,omitempty"`
-	EndTime   metav1.Time  `json:"endTime,omitempty"`
+	StartTime metav1.Time  `json:"startTime"`
+	EndTime   metav1.Time  `json:"endTime"`
 }
 
 // Volume describes a single volume in the manifest.
 type Volume struct {
-	Selector      *metav1.LabelSelector `json:"selector,omitempty"`
-	Size          string                `json:"size"`
-	StorageClass  string                `json:"storageClass,omitempty"`
-	SubPath       string                `json:"subPath,omitempty"`
-	IsSubPathExpr *bool                 `json:"isSubPathExpr,omitempty"`
-	Iops          *int64                `json:"iops,omitempty"`
-	Throughput    *int64                `json:"throughput,omitempty"`
-	VolumeType    string                `json:"type,omitempty"`
+	Selector *metav1.LabelSelector `json:"selector,omitempty"`
+	// +kubebuilder:validation:Pattern=`^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$`
+	Size          string `json:"size"`
+	StorageClass  string `json:"storageClass,omitempty"`
+	SubPath       string `json:"subPath,omitempty"`
+	IsSubPathExpr *bool  `json:"isSubPathExpr,omitempty"`
+	Iops          *int64 `json:"iops,omitempty"`
+	Throughput    *int64 `json:"throughput,omitempty"`
+	VolumeType    string `json:"type,omitempty"`
 }
 
 // AdditionalVolume specs additional optional volumes for statefulset
 type AdditionalVolume struct {
-	Name             string          `json:"name"`
-	MountPath        string          `json:"mountPath"`
-	SubPath          string          `json:"subPath,omitempty"`
-	IsSubPathExpr    *bool           `json:"isSubPathExpr,omitempty"`
-	TargetContainers []string        `json:"targetContainers"`
-	VolumeSource     v1.VolumeSource `json:"volumeSource"`
+	Name          string `json:"name"`
+	MountPath     string `json:"mountPath"`
+	SubPath       string `json:"subPath,omitempty"`
+	IsSubPathExpr *bool  `json:"isSubPathExpr,omitempty"`
+	// +nullable
+	// +optional
+	TargetContainers []string `json:"targetContainers"`
+	// +kubebuilder:validation:XPreserveUnknownFields
+	// +kubebuilder:validation:Type=object
+	// +kubebuilder:validation:Schemaless
+	VolumeSource v1.VolumeSource `json:"volumeSource"`
 }
 
 // PostgresqlParam describes PostgreSQL version and pairs of configuration parameter name - values.
 type PostgresqlParam struct {
+	// +kubebuilder:validation:Enum=13;14;15;16;17
 	PgVersion  string            `json:"version"`
 	Parameters map[string]string `json:"parameters,omitempty"`
 }
 
 // ResourceDescription describes CPU and memory resources defined for a cluster.
 type ResourceDescription struct {
-	CPU          *string `json:"cpu,omitempty"`
-	Memory       *string `json:"memory,omitempty"`
+	// Decimal natural followed by m, or decimal natural followed by
+	// dot followed by up to three decimal digits.
+	//
+	// This is because the Kubernetes CPU resource has millis as the
+	// maximum precision.  The actual values are checked in code
+	// because the regular expression would be huge and horrible and
+	// not very helpful in validation error messages; this one checks
+	// only the format of the given number.
+	//
+	// https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu
+	//
+	// Note: the value specified here must not be zero or be lower
+	// than the corresponding request.
+	// +kubebuilder:validation:Pattern=`^(\d+m|\d+(\.\d{1,3})?)$`
+	CPU *string `json:"cpu,omitempty"`
+	// You can express memory as a plain integer or as a fixed-point
+	// integer using one of these suffixes: E, P, T, G, M, k. You can
+	// also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki
+	//
+	// https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory
+	//
+	// Note: the value specified here must not be zero or be higher
+	// than the corresponding limit.
+	// +kubebuilder:validation:Pattern=`^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$`
+	Memory *string `json:"memory,omitempty"`
+	// +kubebuilder:validation:Pattern=`^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$`
 	HugePages2Mi *string `json:"hugepages-2Mi,omitempty"`
+	// +kubebuilder:validation:Pattern=`^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$`
 	HugePages1Gi *string `json:"hugepages-1Gi,omitempty"`
 }
 
 // Resources describes requests and limits for the cluster resouces.
 type Resources struct {
-	ResourceRequests ResourceDescription `json:"requests,omitempty"`
-	ResourceLimits   ResourceDescription `json:"limits,omitempty"`
+	// +optional
+	ResourceRequests ResourceDescription `json:"requests"`
+	// +optional
+	ResourceLimits ResourceDescription `json:"limits"`
 }
 
 // Patroni contains Patroni-specific configuration
@@ -176,7 +238,7 @@ type Patroni struct {
 	TTL                   uint32                       `json:"ttl,omitempty"`
 	LoopWait              uint32                       `json:"loop_wait,omitempty"`
 	RetryTimeout          uint32                       `json:"retry_timeout,omitempty"`
-	MaximumLagOnFailover  float32                      `json:"maximum_lag_on_failover,omitempty"` // float32 because https://github.com/kubernetes/kubernetes/issues/30213
+	MaximumLagOnFailover  int64                        `json:"maximum_lag_on_failover,omitempty"`
 	Slots                 map[string]map[string]string `json:"slots,omitempty"`
 	SynchronousMode       bool                         `json:"synchronous_mode,omitempty"`
 	SynchronousModeStrict bool                         `json:"synchronous_mode_strict,omitempty"`
@@ -185,6 +247,7 @@ type Patroni struct {
 }
 
 // StandbyDescription contains remote primary config or s3/gs wal path
+// +kubebuilder:validation:ExactlyOneOf=s3_wal_path;gs_wal_path;standby_host
 type StandbyDescription struct {
 	S3WalPath   string `json:"s3_wal_path,omitempty"`
 	GSWalPath   string `json:"gs_wal_path,omitempty"`
@@ -194,6 +257,7 @@ type StandbyDescription struct {
 
 // TLSDescription specs TLS properties
 type TLSDescription struct {
+	// +required
 	SecretName      string `json:"secretName,omitempty"`
 	CertificateFile string `json:"certificateFile,omitempty"`
 	PrivateKeyFile  string `json:"privateKeyFile,omitempty"`
@@ -203,8 +267,14 @@ type TLSDescription struct {
 
 // CloneDescription describes which cluster the new should clone and up to which point in time
 type CloneDescription struct {
-	ClusterName       string `json:"cluster,omitempty"`
-	UID               string `json:"uid,omitempty"`
+	// +required
+	ClusterName string `json:"cluster,omitempty"`
+	// +kubebuilder:validation:Format=uuid
+	UID string `json:"uid,omitempty"`
+	// The regexp matches the date-time format (RFC 3339 Section 5.6) that specifies a timezone as an offset relative to UTC
+	// Example: 1996-12-19T16:39:57-08:00
+	// Note: this field requires a timezone
+	// +kubebuilder:validation:Pattern=`^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?(([+-]([01][0-9]|2[0-3]):[0-5][0-9]))$`
 	EndTimestamp      string `json:"timestamp,omitempty"`
 	S3WalPath         string `json:"s3_wal_path,omitempty"`
 	S3Endpoint        string `json:"s3_endpoint,omitempty"`
@@ -224,6 +294,8 @@ type Sidecar struct {
 }
 
 // UserFlags defines flags (such as superuser, nologin) that could be assigned to individual users
+// +kubebuilder:validation:items:Enum=bypassrls;BYPASSRLS;nobypassrls;NOBYPASSRLS;createdb;CREATEDB;nocreatedb;NOCREATEDB;createrole;CREATEROLE;nocreaterole;NOCREATEROLE;inherit;INHERIT;noinherit;NOINHERIT;login;LOGIN;nologin;NOLOGIN;replication;REPLICATION;noreplication;NOREPLICATION;superuser;SUPERUSER;nosuperuser;NOSUPERUSER
+// +nullable
 type UserFlags []string
 
 // PostgresStatus contains status of the PostgreSQL cluster (running, creation failed etc.)
@@ -242,26 +314,30 @@ type PostgresStatus struct {
 // makes sense to expose. E.g. pool size (min/max boundaries), max client
 // connections etc.
 type ConnectionPooler struct {
+	// +kubebuilder:validation:Minimum=1
 	NumberOfInstances *int32 `json:"numberOfInstances,omitempty"`
 	Schema            string `json:"schema,omitempty"`
 	User              string `json:"user,omitempty"`
-	Mode              string `json:"mode,omitempty"`
-	DockerImage       string `json:"dockerImage,omitempty"`
-	MaxDBConnections  *int32 `json:"maxDBConnections,omitempty"`
+	// +kubebuilder:validation:Enum=session;transaction
+	Mode             string `json:"mode,omitempty"`
+	DockerImage      string `json:"dockerImage,omitempty"`
+	MaxDBConnections *int32 `json:"maxDBConnections,omitempty"`
 
 	*Resources `json:"resources,omitempty"`
 }
 
 // Stream defines properties for creating FabricEventStream resources
 type Stream struct {
-	ApplicationId  string                 `json:"applicationId"`
-	Database       string                 `json:"database"`
-	Tables         map[string]StreamTable `json:"tables"`
-	Filter         map[string]*string     `json:"filter,omitempty"`
-	BatchSize      *uint32                `json:"batchSize,omitempty"`
-	CPU            *string                `json:"cpu,omitempty"`
-	Memory         *string                `json:"memory,omitempty"`
-	EnableRecovery *bool                  `json:"enableRecovery,omitempty"`
+	ApplicationId string                 `json:"applicationId"`
+	Database      string                 `json:"database"`
+	Tables        map[string]StreamTable `json:"tables"`
+	Filter        map[string]*string     `json:"filter,omitempty"`
+	BatchSize     *uint32                `json:"batchSize,omitempty"`
+	// +kubebuilder:validation:Pattern=`^(\d+m|\d+(\.\d{1,3})?)$`
+	CPU *string `json:"cpu,omitempty"`
+	// +kubebuilder:validation:Pattern=`^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$`
+	Memory         *string `json:"memory,omitempty"`
+	EnableRecovery *bool   `json:"enableRecovery,omitempty"`
 }
 
 // StreamTable defines properties of outbox tables for FabricEventStreams

pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go

@@ -975,14 +975,14 @@ func (in *PostgresTeamSpec) DeepCopyInto(out *PostgresTeamSpec) {
 	*out = *in
 	if in.AdditionalSuperuserTeams != nil {
 		in, out := &in.AdditionalSuperuserTeams, &out.AdditionalSuperuserTeams
-		*out = make(map[string][]string, len(*in))
+		*out = make(map[string]SuperUserTeams, len(*in))
 		for key, val := range *in {
 			var outVal []string
 			if val == nil {
 				(*out)[key] = nil
 			} else {
 				in, out := &val, &outVal
-				*out = make([]string, len(*in))
+				*out = make(SuperUserTeams, len(*in))
 				copy(*out, *in)
 			}
 			(*out)[key] = outVal
@@ -990,14 +990,14 @@ func (in *PostgresTeamSpec) DeepCopyInto(out *PostgresTeamSpec) {
 	}
 	if in.AdditionalTeams != nil {
 		in, out := &in.AdditionalTeams, &out.AdditionalTeams
-		*out = make(map[string][]string, len(*in))
+		*out = make(map[string]Teams, len(*in))
 		for key, val := range *in {
 			var outVal []string
 			if val == nil {
 				(*out)[key] = nil
 			} else {
 				in, out := &val, &outVal
-				*out = make([]string, len(*in))
+				*out = make(Teams, len(*in))
 				copy(*out, *in)
 			}
 			(*out)[key] = outVal
@@ -1005,14 +1005,14 @@ func (in *PostgresTeamSpec) DeepCopyInto(out *PostgresTeamSpec) {
 	}
 	if in.AdditionalMembers != nil {
 		in, out := &in.AdditionalMembers, &out.AdditionalMembers
-		*out = make(map[string][]string, len(*in))
+		*out = make(map[string]Users, len(*in))
 		for key, val := range *in {
 			var outVal []string
 			if val == nil {
 				(*out)[key] = nil
 			} else {
 				in, out := &val, &outVal
-				*out = make([]string, len(*in))
+				*out = make(Users, len(*in))
 				copy(*out, *in)
 			}
 			(*out)[key] = outVal
@@ -1400,6 +1400,26 @@ func (in *StreamTable) DeepCopy() *StreamTable {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in SuperUserTeams) DeepCopyInto(out *SuperUserTeams) {
+	{
+		in := &in
+		*out = make(SuperUserTeams, len(*in))
+		copy(*out, *in)
+		return
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SuperUserTeams.
+func (in SuperUserTeams) DeepCopy() SuperUserTeams {
+	if in == nil {
+		return nil
+	}
+	out := new(SuperUserTeams)
+	in.DeepCopyInto(out)
+	return *out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TLSDescription) DeepCopyInto(out *TLSDescription) {
 	*out = *in
@@ -1416,6 +1436,26 @@ func (in *TLSDescription) DeepCopy() *TLSDescription {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in Teams) DeepCopyInto(out *Teams) {
+	{
+		in := &in
+		*out = make(Teams, len(*in))
+		copy(*out, *in)
+		return
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Teams.
+func (in Teams) DeepCopy() Teams {
+	if in == nil {
+		return nil
+	}
+	out := new(Teams)
+	in.DeepCopyInto(out)
+	return *out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TeamsAPIConfiguration) DeepCopyInto(out *TeamsAPIConfiguration) {
 	*out = *in
@@ -1469,6 +1509,26 @@ func (in UserFlags) DeepCopy() UserFlags {
 	return *out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in Users) DeepCopyInto(out *Users) {
+	{
+		in := &in
+		*out = make(Users, len(*in))
+		copy(*out, *in)
+		return
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Users.
+func (in Users) DeepCopy() Users {
+	if in == nil {
+		return nil
+	}
+	out := new(Users)
+	in.DeepCopyInto(out)
+	return *out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Volume) DeepCopyInto(out *Volume) {
 	*out = *in

pkg/cluster/k8sres.go

@@ -420,7 +420,7 @@ PatroniInitDBParams:
 	}
 
 	if patroni.MaximumLagOnFailover >= 0 {
-		config.Bootstrap.DCS.MaximumLagOnFailover = patroni.MaximumLagOnFailover
+		config.Bootstrap.DCS.MaximumLagOnFailover = float32(patroni.MaximumLagOnFailover)
 	}
 	if patroni.LoopWait != 0 {
 		config.Bootstrap.DCS.LoopWait = patroni.LoopWait

pkg/controller/util.go

@@ -103,7 +103,11 @@ func (c *Controller) createOperatorCRD(desiredCrd *apiextv1.CustomResourceDefini
 }
 
 func (c *Controller) createPostgresCRD() error {
-	return c.createOperatorCRD(acidv1.PostgresCRD(c.opConfig.CRDCategories))
+	crd, err := acidv1.PostgresCRD(c.opConfig.CRDCategories)
+	if err != nil {
+		return fmt.Errorf("could not create Postgres CRD object: %v", err)
+	}
+	return c.createOperatorCRD(crd)
 }
 
 func (c *Controller) createConfigurationCRD() error {

pkg/spec/types.go

@@ -14,8 +14,39 @@ import (
 	"k8s.io/client-go/rest"
 )
 
-// NamespacedName describes the namespace/name pairs used in Kubernetes names.
-type NamespacedName types.NamespacedName
+// NamespacedName comprises a resource name, with a mandatory namespace,
+// rendered as "<namespace>/<name>".  Being a type captures intent and
+// helps make sure that UIDs, namespaced names and non-namespaced names
+// do not get conflated in code.  For most use cases, namespace and name
+// will already have been format validated at the API entry point, so we
+// don't do that here.  Where that's not the case (e.g. in testing),
+// consider using NamespacedNameOrDie() in testing.go in this package.
+//
+// from: https://github.com/kubernetes/apimachinery/blob/master/pkg/types/namespacedname.go
+type NamespacedName struct {
+	Namespace string `json:"namespace,omitempty"`
+	Name      string `json:"name"`
+}
+
+const (
+	Separator = '/'
+)
+
+// String returns the general purpose string representation
+func (n NamespacedName) String() string {
+	return n.Namespace + string(Separator) + n.Name
+}
+
+// MarshalLog emits a struct containing required key/value pair
+func (n NamespacedName) MarshalLog() interface{} {
+	return struct {
+		Name      string `json:"name"`
+		Namespace string `json:"namespace,omitempty"`
+	}{
+		Name:      n.Name,
+		Namespace: n.Namespace,
+	}
+}
 
 const fileWithNamespace = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
 
@@ -131,10 +162,6 @@ type ControllerConfig struct {
 // cached value for the GetOperatorNamespace
 var operatorNamespace string
 
-func (n NamespacedName) String() string {
-	return types.NamespacedName(n).String()
-}
-
 // MarshalJSON defines marshaling rule for the namespaced name type.
 func (n NamespacedName) MarshalJSON() ([]byte, error) {
 	return []byte("\"" + n.String() + "\""), nil

pkg/teams/postgres_team.go

@@ -44,6 +44,14 @@ func (ths *teamHashSet) toMap() map[string][]string {
 	return newTeamMap
 }
 
+func mapStringSliceToStringSliceMap[T ~[]string](input map[string]T) map[string][]string {
+	output := make(map[string][]string)
+	for k, v := range input {
+		output[k] = []string(v)
+	}
+	return output
+}
+
 func (ths *teamHashSet) mergeCrdMap(crdTeamMap map[string][]string) {
 	for t, at := range crdTeamMap {
 		ths.add(t, at)
@@ -110,9 +118,9 @@ func (ptm *PostgresTeamMap) Load(pgTeams *acidv1.PostgresTeamList) {
 	teamIDs := make(map[string]struct{})
 
 	for _, pgTeam := range pgTeams.Items {
-		superuserTeamSet.mergeCrdMap(pgTeam.Spec.AdditionalSuperuserTeams)
-		teamSet.mergeCrdMap(pgTeam.Spec.AdditionalTeams)
-		teamMemberSet.mergeCrdMap(pgTeam.Spec.AdditionalMembers)
+		superuserTeamSet.mergeCrdMap(mapStringSliceToStringSliceMap(pgTeam.Spec.AdditionalSuperuserTeams))
+		teamSet.mergeCrdMap(mapStringSliceToStringSliceMap(pgTeam.Spec.AdditionalTeams))
+		teamMemberSet.mergeCrdMap(mapStringSliceToStringSliceMap(pgTeam.Spec.AdditionalMembers))
 	}
 	fetchTeams(&teamIDs, superuserTeamSet)
 	fetchTeams(&teamIDs, teamSet)

pkg/teams/postgres_team_test.go

@@ -24,9 +24,9 @@ var (
 					Name: "teamAB",
 				},
 				Spec: acidv1.PostgresTeamSpec{
-					AdditionalSuperuserTeams: map[string][]string{"teamA": []string{"teamB", "team24x7"}, "teamB": []string{"teamA", "teamC", "team24x7"}},
-					AdditionalTeams:          map[string][]string{"teamA": []string{"teamC"}, "teamB": []string{}},
-					AdditionalMembers:        map[string][]string{"team24x7": []string{"optimusprime"}, "teamB": []string{"drno"}},
+					AdditionalSuperuserTeams: map[string]acidv1.SuperUserTeams{"teamA": []string{"teamB", "team24x7"}, "teamB": []string{"teamA", "teamC", "team24x7"}},
+					AdditionalTeams:          map[string]acidv1.Teams{"teamA": []string{"teamC"}, "teamB": []string{}},
+					AdditionalMembers:        map[string]acidv1.Users{"team24x7": []string{"optimusprime"}, "teamB": []string{"drno"}},
 				},
 			}, {
 				TypeMeta: metav1.TypeMeta{
@@ -37,9 +37,9 @@ var (
 					Name: "teamC",
 				},
 				Spec: acidv1.PostgresTeamSpec{
-					AdditionalSuperuserTeams: map[string][]string{"teamC": []string{"team24x7"}},
-					AdditionalTeams:          map[string][]string{"teamA": []string{"teamC"}, "teamC": []string{"teamA", "teamB", "acid"}},
-					AdditionalMembers:        map[string][]string{"acid": []string{"batman"}},
+					AdditionalSuperuserTeams: map[string]acidv1.SuperUserTeams{"teamC": []string{"team24x7"}},
+					AdditionalTeams:          map[string]acidv1.Teams{"teamA": []string{"teamC"}, "teamC": []string{"teamA", "teamB", "acid"}},
+					AdditionalMembers:        map[string]acidv1.Users{"acid": []string{"batman"}},
 				},
 			},
 			{
@@ -51,9 +51,9 @@ var (
 					Name: "teamD",
 				},
 				Spec: acidv1.PostgresTeamSpec{
-					AdditionalSuperuserTeams: map[string][]string{},
-					AdditionalTeams:          map[string][]string{"teamA": []string{"teamD"}, "teamC": []string{"teamD"}, "teamD": []string{"teamA", "teamB", "teamC"}},
-					AdditionalMembers:        map[string][]string{"acid": []string{"batman"}},
+					AdditionalSuperuserTeams: map[string]acidv1.SuperUserTeams{},
+					AdditionalTeams:          map[string]acidv1.Teams{"teamA": []string{"teamD"}, "teamC": []string{"teamD"}, "teamD": []string{"teamA", "teamB", "teamC"}},
+					AdditionalMembers:        map[string]acidv1.Users{"acid": []string{"batman"}},
 				},
 			},
 		},