public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

move annotation patch and add hint in docs

This commit is contained in:
Felix Kunde 2020-06-04 13:55:50 +02:00
parent 1f44e4a460
commit f6f0c148df
2 changed files with 31 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/administrator.md
View File

@ -406,6 +406,10 @@ internal ELB:
- `service.beta.kubernetes.io/aws-load-balancer-internal: "true"` - `service.beta.kubernetes.io/aws-load-balancer-internal: "true"`
Note, that changing between public and internal load balancers might require to
toggle the `enable<Role>LoadBalancer` fields as some cloud infrastructures do
not support switching the type on-the-fly.
To limit the range of IP addresses that can reach a load balancer, specify the To limit the range of IP addresses that can reach a load balancer, specify the
desired ranges in the `allowedSourceRanges` field (applies to both master and desired ranges in the `allowedSourceRanges` field (applies to both master and
replica load balancers). To prevent exposing load balancers to the entire replica load balancers). To prevent exposing load balancers to the entire
@ -540,9 +544,9 @@ The configuration paramaters that we will be using are:
### Generate a K8 secret resource ### Generate a K8 secret resource
Generate the K8 secret resource that will contain your service account's Generate the K8 secret resource that will contain your service account's
credentials. It's highly recommended to use a service account and limit its credentials. It's highly recommended to use a service account and limit its
scope to just the WAL-E bucket. scope to just the WAL-E bucket.
```yaml ```yaml
apiVersion: v1 apiVersion: v1

48
pkg/cluster/resources.go
View File

@ -14,6 +14,7 @@ import (
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"github.com/zalando/postgres-operator/pkg/util" "github.com/zalando/postgres-operator/pkg/util"
"github.com/zalando/postgres-operator/pkg/util/constants"
"github.com/zalando/postgres-operator/pkg/util/k8sutil" "github.com/zalando/postgres-operator/pkg/util/k8sutil"
"github.com/zalando/postgres-operator/pkg/util/retryutil" "github.com/zalando/postgres-operator/pkg/util/retryutil"
) )
@ -520,32 +521,14 @@ func (c *Cluster) updateService(role PostgresRole, newService *v1.Service) error
serviceName := util.NameFromMeta(c.Services[role].ObjectMeta) serviceName := util.NameFromMeta(c.Services[role].ObjectMeta)
// update the service annotation in order to propagate ELB notation. // update service when disabling LoadBalancers or changing from internal LBs to public LBs
if len(newService.ObjectMeta.Annotations) > 0 { // because patch does not remove fields from the service resource
if annotationsPatchData, err := metaAnnotationsPatch(newService.ObjectMeta.Annotations); err == nil {
_, err = c.KubeClient.Services(serviceName.Namespace).Patch(
context.TODO(),
serviceName.Name,
types.MergePatchType,
[]byte(annotationsPatchData),
metav1.PatchOptions{},
"")
if err != nil {
return fmt.Errorf("could not replace annotations for the service %q: %v", serviceName, err)
}
} else {
return fmt.Errorf("could not form patch for the service metadata: %v", err)
}
}
// now, patch the service spec, but when disabling LoadBalancers do update instead
// patch does not work because of LoadBalancerSourceRanges field (even if set to nil)
oldServiceType := c.Services[role].Spec.Type oldServiceType := c.Services[role].Spec.Type
newServiceType := newService.Spec.Type newServiceType := newService.Spec.Type
_, oldInternal := c.Services[role].ObjectMeta.Annotations[constants.ElbInternal]
_, newInternal := newService.ObjectMeta.Annotations[constants.ElbInternal]
if (newServiceType == "ClusterIP" && newServiceType != oldServiceType) || if (newServiceType == "ClusterIP" && newServiceType != oldServiceType) ||
newServiceType == "LoadBalancer" && newServiceType == oldServiceType && (oldInternal && !newInternal) {
len(newService.ObjectMeta.Annotations) != len(c.Services[role].ObjectMeta.Annotations) {
newService.ResourceVersion = c.Services[role].ResourceVersion newService.ResourceVersion = c.Services[role].ResourceVersion
newService.Spec.ClusterIP = c.Services[role].Spec.ClusterIP newService.Spec.ClusterIP = c.Services[role].Spec.ClusterIP
svc, err = c.KubeClient.Services(serviceName.Namespace).Update(context.TODO(), newService, metav1.UpdateOptions{}) svc, err = c.KubeClient.Services(serviceName.Namespace).Update(context.TODO(), newService, metav1.UpdateOptions{})
@ -553,6 +536,25 @@ func (c *Cluster) updateService(role PostgresRole, newService *v1.Service) error
return fmt.Errorf("could not update service %q: %v", serviceName, err) return fmt.Errorf("could not update service %q: %v", serviceName, err)
} }
} else { } else {
// update the service annotation in order to propagate ELB notation.
if len(newService.ObjectMeta.Annotations) > 0 {
if annotationsPatchData, err := metaAnnotationsPatch(newService.ObjectMeta.Annotations); err == nil {
_, err = c.KubeClient.Services(serviceName.Namespace).Patch(
context.TODO(),
serviceName.Name,
types.MergePatchType,
[]byte(annotationsPatchData),
metav1.PatchOptions{},
"")
if err != nil {
return fmt.Errorf("could not replace annotations for the service %q: %v", serviceName, err)
}
} else {
return fmt.Errorf("could not form patch for the service metadata: %v", err)
}
}
patchData, err := specPatch(newService.Spec) patchData, err := specPatch(newService.Spec)
if err != nil { if err != nil {
return fmt.Errorf("could not form patch for the service %q: %v", serviceName, err) return fmt.Errorf("could not form patch for the service %q: %v", serviceName, err)