public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add configuration flag for disabling operator CRD creation/update (#1733) 

* Make CRD registration configurable and drop RBAC permissions when CRD registration is disabled
* add generated deep copy functions

Co-authored-by: Damian Peckett <d.peckett_admin@mgmt.innovo-cloud.de>
This commit is contained in:
Damian Peckett 2022-01-13 15:20:04 +01:00 committed by GitHub
parent b4155bc8fb
commit fe340192ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 41 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
charts/postgres-operator/crds/operatorconfigurations.yaml
View File

@ -64,6 +64,9 @@ spec:
docker_image: docker_image:
type: string type: string
default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p3" default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p3"
enable_crd_registration:
type: boolean
default: true
enable_crd_validation: enable_crd_validation:
type: boolean type: boolean
default: true default: true

4
charts/postgres-operator/templates/clusterrole.yaml
View File

@ -40,10 +40,12 @@ rules:
resources: resources:
- customresourcedefinitions - customresourcedefinitions
verbs: verbs:
- create
- get - get
{{- if toString .Values.configGeneral.enable_crd_registration | eq "true" }}
- create
- patch - patch
- update - update
{{- end }}
# to send events to the CRs # to send events to the CRs
- apiGroups: - apiGroups:
- "" - ""

2
charts/postgres-operator/values.yaml
View File

@ -20,6 +20,8 @@ enableJsonLogging: false
# general configuration parameters # general configuration parameters
configGeneral: configGeneral:
# the deployment should create/update the CRDs
enable_crd_registration: true
# choose if deployment creates/updates CRDs with OpenAPIV3Validation # choose if deployment creates/updates CRDs with OpenAPIV3Validation
enable_crd_validation: true enable_crd_validation: true
# update only the statefulsets without immediately doing the rolling update # update only the statefulsets without immediately doing the rolling update

4
docs/reference/operator_parameters.md
View File

@ -70,6 +70,10 @@ Variable names are underscore-separated words.
Those are top-level keys, containing both leaf keys and groups. Those are top-level keys, containing both leaf keys and groups.
* **enable_crd_registration**
Instruct the operator to create/update the CRDs. If disabled the operator will rely on the CRDs being managed separately.
The default is `true`.
* **enable_crd_validation** * **enable_crd_validation**
toggles if the operator will create or update CRDs with toggles if the operator will create or update CRDs with
[OpenAPI v3 schema validation](https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#validation) [OpenAPI v3 schema validation](https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#validation)

1
manifests/configmap.yaml
View File

@ -35,6 +35,7 @@ data:
docker_image: registry.opensource.zalan.do/acid/spilo-14:2.1-p3 docker_image: registry.opensource.zalan.do/acid/spilo-14:2.1-p3
# downscaler_annotations: "deployment-time,downscaler/*" # downscaler_annotations: "deployment-time,downscaler/*"
# enable_admin_role_for_users: "true" # enable_admin_role_for_users: "true"
# enable_crd_registration: "true"
# enable_crd_validation: "true" # enable_crd_validation: "true"
# enable_cross_namespace_secret: "false" # enable_cross_namespace_secret: "false"
# enable_database_access: "true" # enable_database_access: "true"

3
manifests/operatorconfiguration.crd.yaml
View File

@ -62,6 +62,9 @@ spec:
docker_image: docker_image:
type: string type: string
default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p3" default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p3"
enable_crd_registration:
type: boolean
default: true
enable_crd_validation: enable_crd_validation:
type: boolean type: boolean
default: true default: true

1
manifests/postgresql-operator-default-configuration.yaml
View File

@ -4,6 +4,7 @@ metadata:
name: postgresql-operator-default-configuration name: postgresql-operator-default-configuration
configuration: configuration:
docker_image: registry.opensource.zalan.do/acid/spilo-14:2.1-p3 docker_image: registry.opensource.zalan.do/acid/spilo-14:2.1-p3
# enable_crd_registration: true
# enable_crd_validation: true # enable_crd_validation: true
# enable_lazy_spilo_upgrade: false # enable_lazy_spilo_upgrade: false
enable_pgversion_env_var: true enable_pgversion_env_var: true

3
pkg/apis/acid.zalan.do/v1/crds.go
View File

@ -946,6 +946,9 @@ var OperatorConfigCRDResourceValidation = apiextv1.CustomResourceValidation{
"docker_image": { "docker_image": {
Type: "string", Type: "string",
}, },
"enable_crd_registration": {
Type: "boolean",
},
"enable_crd_validation": { "enable_crd_validation": {
Type: "boolean", Type: "boolean",
}, },

1
pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
View File

@ -215,6 +215,7 @@ type OperatorLogicalBackupConfiguration struct {
// OperatorConfigurationData defines the operation config // OperatorConfigurationData defines the operation config
type OperatorConfigurationData struct { type OperatorConfigurationData struct {
EnableCRDRegistration *bool `json:"enable_crd_registration,omitempty"`
EnableCRDValidation *bool `json:"enable_crd_validation,omitempty"` EnableCRDValidation *bool `json:"enable_crd_validation,omitempty"`
EnableLazySpiloUpgrade bool `json:"enable_lazy_spilo_upgrade,omitempty"` EnableLazySpiloUpgrade bool `json:"enable_lazy_spilo_upgrade,omitempty"`
EnablePgVersionEnvVar bool `json:"enable_pgversion_env_var,omitempty"` EnablePgVersionEnvVar bool `json:"enable_pgversion_env_var,omitempty"`

5
pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
View File

@ -367,6 +367,11 @@ func (in *OperatorConfiguration) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OperatorConfigurationData) DeepCopyInto(out *OperatorConfigurationData) { func (in *OperatorConfigurationData) DeepCopyInto(out *OperatorConfigurationData) {
*out = *in *out = *in
if in.EnableCRDRegistration != nil {
in, out := &in.EnableCRDRegistration, &out.EnableCRDRegistration
*out = new(bool)
**out = **in
}
if in.EnableCRDValidation != nil { if in.EnableCRDValidation != nil {
in, out := &in.EnableCRDValidation, &out.EnableCRDValidation in, out := &in.EnableCRDValidation, &out.EnableCRDValidation
*out = new(bool) *out = new(bool)

4
pkg/controller/controller.go
View File

@ -309,9 +309,11 @@ func (c *Controller) initController() {
c.controllerID = os.Getenv("CONTROLLER_ID") c.controllerID = os.Getenv("CONTROLLER_ID")
if configObjectName := os.Getenv("POSTGRES_OPERATOR_CONFIGURATION_OBJECT"); configObjectName != "" { if configObjectName := os.Getenv("POSTGRES_OPERATOR_CONFIGURATION_OBJECT"); configObjectName != "" {
if c.opConfig.EnableCRDRegistration != nil && *c.opConfig.EnableCRDRegistration {
if err := c.createConfigurationCRD(c.opConfig.EnableCRDValidation); err != nil { if err := c.createConfigurationCRD(c.opConfig.EnableCRDValidation); err != nil {
c.logger.Fatalf("could not register Operator Configuration CustomResourceDefinition: %v", err) c.logger.Fatalf("could not register Operator Configuration CustomResourceDefinition: %v", err)
} }
}
if cfg, err := c.readOperatorConfigurationFromCRD(spec.GetOperatorNamespace(), configObjectName); err != nil { if cfg, err := c.readOperatorConfigurationFromCRD(spec.GetOperatorNamespace(), configObjectName); err != nil {
c.logger.Fatalf("unable to read operator configuration: %v", err) c.logger.Fatalf("unable to read operator configuration: %v", err)
} else { } else {
@ -325,9 +327,11 @@ func (c *Controller) initController() {
c.modifyConfigFromEnvironment() c.modifyConfigFromEnvironment()
if c.opConfig.EnableCRDRegistration != nil && *c.opConfig.EnableCRDRegistration {
if err := c.createPostgresCRD(c.opConfig.EnableCRDValidation); err != nil { if err := c.createPostgresCRD(c.opConfig.EnableCRDValidation); err != nil {
c.logger.Fatalf("could not register Postgres CustomResourceDefinition: %v", err) c.logger.Fatalf("could not register Postgres CustomResourceDefinition: %v", err)
} }
}
c.initSharedInformers() c.initSharedInformers()

1
pkg/controller/operator_config.go
View File

@ -33,6 +33,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
result := &config.Config{} result := &config.Config{}
// general config // general config
result.EnableCRDRegistration = util.CoalesceBool(fromCRD.EnableCRDRegistration, util.True())
result.EnableCRDValidation = util.CoalesceBool(fromCRD.EnableCRDValidation, util.True()) result.EnableCRDValidation = util.CoalesceBool(fromCRD.EnableCRDValidation, util.True())
result.EnableLazySpiloUpgrade = fromCRD.EnableLazySpiloUpgrade result.EnableLazySpiloUpgrade = fromCRD.EnableLazySpiloUpgrade
result.EnablePgVersionEnvVar = fromCRD.EnablePgVersionEnvVar result.EnablePgVersionEnvVar = fromCRD.EnablePgVersionEnvVar

1
pkg/util/config/config.go
View File

@ -18,6 +18,7 @@ type CRD struct {
ReadyWaitTimeout time.Duration `name:"ready_wait_timeout" default:"30s"` ReadyWaitTimeout time.Duration `name:"ready_wait_timeout" default:"30s"`
ResyncPeriod time.Duration `name:"resync_period" default:"30m"` ResyncPeriod time.Duration `name:"resync_period" default:"30m"`
RepairPeriod time.Duration `name:"repair_period" default:"5m"` RepairPeriod time.Duration `name:"repair_period" default:"5m"`
EnableCRDRegistration *bool `name:"enable_crd_registration" default:"true"`
EnableCRDValidation *bool `name:"enable_crd_validation" default:"true"` EnableCRDValidation *bool `name:"enable_crd_validation" default:"true"`
} }