public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Create kustomize manifests for common usage

This commit is contained in:
Yujun Zhang 2019-08-07 11:30:37 +08:00
parent 4a099d698d
commit ee3445c3f5
22 changed files with 631 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/postgres-cluster-clone/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../postgres-cluster
commonLabels:
cluster-name: postgres-cluster-clone
nameSuffix: -clone
patches:
- patches.yaml

10
manifests/postgres-cluster-clone/patches.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: postgres-cluster
# > you can clone only from clusters within the same namespace.
# See https://github.com/zalando/postgres-operator/blob/master/docs/user.md#clone-directly
namespace: postgres-cluster
spec:
clone:
cluster: postgres-cluster

11
manifests/postgres-cluster-pitr/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../postgres-cluster
commonLabels:
cluster-name: postgres-cluster-pitr
# MUST be in the same namespace to get secret "standby.postgres-cluster.credentials.postgresql.acid.zalan.do"
# namespace:
nameSuffix: -pitr
patches:
- patches.yaml

10
manifests/postgres-cluster-pitr/patches.yaml Normal file
View File

@ -0,0 +1,10 @@
# https://github.com/zalando/postgres-operator/blob/master/docs/user.md#clone-from-s3
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: postgres-cluster
namespace: postgres-cluster
spec:
clone:
uid: b9c8455e-b748-11e9-a18d-02650311323e
cluster: postgres-cluster

7
manifests/postgres-cluster/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
cluster-name: postgres-cluster
namespace: postgres-cluster
resources:
- resources.yaml

14
manifests/postgres-cluster/resources.yaml Normal file
View File

@ -0,0 +1,14 @@
# https://github.com/zalando/postgres-operator/blob/master/docs/reference/cluster_manifest.md
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: postgres-cluster
spec:
teamId: acid
volume:
size: 10Gi
numberOfInstances: 1
postgresql:
version: "10"
# # NOT WORKING, see https://github.com/zalando/postgres-operator/issues/641
# enableLogicalBackup: true

21
manifests/postgres-operator/base-crd/Kube-descriptor.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v1
appVersion: 1.2.0
description: Postgres Operator creates and manages PostgreSQL clusters running in
Kubernetes
engine: gotpl
home: https://github.com/zalando/postgres-operator
keywords:
- postgres
- operator
- cloud-native
- patroni
- spilo
maintainers:
- email: opensource@zalando.de
name: Zalando
- email: kgyoo8232@gmail.com
name: kimxogus
name: postgres-operator
sources:
- https://github.com/zalando/postgres-operator
version: 1.2.0

23
manifests/postgres-operator/base-crd/kustomization.yaml Normal file
View File

@ -0,0 +1,23 @@
# Labels to add to all resources and selectors.
commonLabels:
app.kubernetes.io/instance: postgres-operator
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: postgres-operator
helm.sh/chart: postgres-operator-1.2.0
# Images modify the tags for images without
# creating patches.
images:
- name: registry.opensource.zalan.do/acid/postgres-operator
newTag: v1.2.0
# List of resource files that kustomize reads, modifies
# and emits as a YAML string
resources:
- operator-clusterrole.yaml
- operator-crb.yaml
- operator-sa.yaml
- operatorconfigurations.acid.zalan.do-crd.yaml
- postgres-operator-deploy.yaml
- postgres-operator-operatorconfiguration.yaml
- postgresqls.acid.zalan.do-crd.yaml

149
manifests/postgres-operator/base-crd/operator-clusterrole.yaml Normal file
View File

@ -0,0 +1,149 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: operator
rules:
- apiGroups:
- acid.zalan.do
resources:
- postgresqls
- postgresqls/status
- operatorconfigurations
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- get
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- update
- delete
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- delete
- get
- list
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- patch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- get
- create
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- operator
resources:
- clusterroles
verbs:
- bind
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- create
- delete
- get
- list
- patch
- update

12
manifests/postgres-operator/base-crd/operator-crb.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: operator
subjects:
- kind: ServiceAccount
name: operator
namespace: default

4
manifests/postgres-operator/base-crd/operator-sa.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: operator

15
manifests/postgres-operator/base-crd/operatorconfigurations.acid.zalan.do-crd.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: operatorconfigurations.acid.zalan.do
spec:
group: acid.zalan.do
names:
kind: OperatorConfiguration
listKind: OperatorConfigurationList
plural: operatorconfigurations
shortNames:
- pgc
singular: operatorconfiguration
scope: Namespaced
version: v1

27
manifests/postgres-operator/base-crd/postgres-operator-deploy.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-operator
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: postgres-operator
app.kubernetes.io/name: postgres-operator
template:
metadata:
annotations:
checksum/config: 52ef20120c7c04050deedcf1a89d46ab05d8f1a393965add8b29be5f3f020443
labels:
app.kubernetes.io/instance: postgres-operator
app.kubernetes.io/name: postgres-operator
spec:
containers:
- env:
- name: POSTGRES_OPERATOR_CONFIGURATION_OBJECT
value: postgres-operator
image: registry.opensource.zalan.do/acid/postgres-operator:v1.2.0
imagePullPolicy: IfNotPresent
name: postgres-operator
serviceAccountName: operator
tolerations: []

73
manifests/postgres-operator/base-crd/postgres-operator-operatorconfiguration.yaml Normal file
View File

@ -0,0 +1,73 @@
apiVersion: acid.zalan.do/v1
configuration:
aws_or_gcp:
aws_region: eu-central-1
debug:
debug_logging: true
enable_database_access: true
docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p9
enable_shm_volume: true
etcd_host: ""
kubernetes:
cluster_domain: cluster.local
cluster_labels:
application: spilo
cluster_name_label: cluster-name
enable_pod_antiaffinity: false
enable_pod_disruption_budget: true
oauth_token_secret_name: postgres-operator
pdb_name_format: postgres-{cluster}-pdb
pod_antiaffinity_topology_key: kubernetes.io/hostname
pod_management_policy: ordered_ready
pod_role_label: spilo-role
pod_service_account_name: operator
pod_terminate_grace_period: 5m
secret_name_template: '{username}.{cluster}.credentials.{tprkind}.{tprgroup}'
spilo_privileged: false
watched_namespace: '*'
load_balancer:
db_hosted_zone: db.example.com
enable_master_load_balancer: true
enable_replica_load_balancer: false
master_dns_name_format: '{cluster}.{team}.{hostedzone}'
replica_dns_name_format: '{cluster}-repl.{team}.{hostedzone}'
logging_rest_api:
api_port: 8080
cluster_history_entries: 1000
ring_log_lines: 100
logical_backup:
logical_backup_docker_image: registry.opensource.zalan.do/acid/logical-backup
logical_backup_s3_bucket: my-bucket-url
logical_backup_schedule: 30 00 * * *
max_instances: -1
min_instances: -1
postgres_pod_resources:
default_cpu_limit: "3"
default_cpu_request: 100m
default_memory_limit: 1Gi
default_memory_request: 100Mi
repair_period: 5m
resync_period: 30m
teams_api:
enable_team_superuser: false
enable_teams_api: false
pam_role_name: zalandos
protected_role_names:
- admin
team_admin_role: admin
team_api_role_configuration:
log_statement: all
timeouts:
pod_deletion_wait_timeout: 10m
pod_label_wait_timeout: 10m
ready_wait_interval: 3s
ready_wait_timeout: 30s
resource_check_interval: 3s
resource_check_timeout: 10m
users:
replication_username: standby
super_username: postgres
workers: 4
kind: OperatorConfiguration
metadata:
name: postgres-operator

15
manifests/postgres-operator/base-crd/postgresqls.acid.zalan.do-crd.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: postgresqls.acid.zalan.do
spec:
group: acid.zalan.do
names:
kind: postgresql
listKind: postgresqlList
plural: postgresqls
shortNames:
- pg
singular: postgresql
scope: Namespaced
version: v1

27
manifests/postgres-operator/kustomization.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: postgres-operator
commonLabels:
app.kubernetes.io/managed-by: kustomize
team: acid
bases:
- base-crd
- ui
configMapGenerator:
- name: postgres-operator-ui
literals:
- WALE_S3_ENDPOINT=https+path://s3.us-west-1.amazonaws.com/bucket-for-wal
- SPILO_S3_BACKUP_BUCKET=bucket-for-backup
images:
- name: registry.opensource.zalan.do/acid/postgres-operator-ui
newTag: latest
patchesStrategicMerge:
- patches.yaml
resources:
- resources.yaml
vars:
- name: OPERATOR_API_SERVICE
objref:
apiVersion: v1
kind: Service
name: postgres-operator

36
manifests/postgres-operator/patches.yaml Normal file
View File

@ -0,0 +1,36 @@
apiVersion: acid.zalan.do/v1
kind: OperatorConfiguration
metadata:
name: postgres-operator
configuration:
aws_or_gcp:
aws_region: us-west-1
load_balancer:
enable_master_load_balancer: false
logical_backup:
logical_backup_docker_image: registry.opensource.zalan.do/acid/logical-backup
logical_backup_s3_bucket: postgres-operator-erica-nvda-dev
logical_backup_schedule: 30 00 * * *
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-operator-ui
spec:
template:
spec:
containers:
- name: service
env:
- name: OPERATOR_API_URL
value: http://$(OPERATOR_API_SERVICE)
- name: TARGET_NAMESPACE
value: postgres-cluster
- name: TEAMS
value: |-
[
"acid"
]
envFrom:
- configMapRef:
name: postgres-operator-ui

11
manifests/postgres-operator/resources.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: postgres-operator
spec:
selector:
app.kubernetes.io/instance: postgres-operator
app.kubernetes.io/name: postgres-operator
ports:
- port: 80
targetPort: 8080

68
manifests/postgres-operator/ui/deployment.yaml Normal file
View File

@ -0,0 +1,68 @@
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
name: "postgres-operator-ui"
namespace: "default"
labels:
application: "postgres-operator-ui"
team: "acid"
spec:
replicas: 1
selector:
matchLabels:
application: "postgres-operator-ui"
template:
metadata:
labels:
application: "postgres-operator-ui"
team: "acid"
spec:
serviceAccountName: postgres-operator-ui
containers:
- name: "service"
image: registry.opensource.zalan.do/acid/postgres-operator-ui:v1.2.0
ports:
- containerPort: 8081
protocol: "TCP"
readinessProbe:
httpGet:
path: "/health"
port: 8081
initialDelaySeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: "300m"
memory: "3000Mi"
requests:
cpu: "100m"
memory: "100Mi"
env:
- name: "APP_URL"
value: "http://localhost:8081"
- name: "OPERATOR_API_URL"
value: "http://localhost:8080"
- name: "TARGET_NAMESPACE"
value: "default"
- name: "TEAMS"
value: |-
[
"acid"
]
- name: "OPERATOR_UI_CONFIG"
value: |-
{
"docs_link":"https://postgres-operator.readthedocs.io/en/latest/",
"dns_format_string": "{1}-{0}.{2}",
"databases_visible": true,
"master_load_balancer_visible": true,
"nat_gateways_visible": false,
"replica_load_balancer_visible": true,
"resources_visible": true,
"users_visible": true,
"postgresql_versions": [
"11",
"10",
"9.6"
]
}

7
manifests/postgres-operator/ui/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: postgres-operator-ui
resources:
- deployment.yaml
- service.yaml
- ui-service-account-rbac.yaml

15
manifests/postgres-operator/ui/service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: "v1"
kind: "Service"
metadata:
name: "postgres-operator-ui"
namespace: "default"
labels:
application: "postgres-operator-ui"
spec:
type: "ClusterIP"
selector:
application: "postgres-operator-ui"
ports:
- port: 80
protocol: "TCP"
targetPort: 8081

67
manifests/postgres-operator/ui/ui-service-account-rbac.yaml Normal file
View File

@ -0,0 +1,67 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: postgres-operator-ui
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: postgres-operator-ui
rules:
- apiGroups:
- acid.zalan.do
resources:
- postgresqls
verbs:
- create
- delete
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: postgres-operator-ui
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: postgres-operator-ui
subjects:
- kind: ServiceAccount
# note: the cluster role binding needs to be defined
# for every namespace the operator-ui service account lives in.
name: postgres-operator-ui
namespace: default