From f5cb90cc5510db167b918c2cb27b7ce22c16ee50 Mon Sep 17 00:00:00 2001 From: dervoeti Date: Tue, 12 Jan 2021 19:13:46 +0100 Subject: [PATCH 1/3] added imagePullSecrets option for spilo pod --- charts/postgres-operator/crds/postgresqls.yaml | 11 +++++++++++ charts/postgres-operator/values-crd.yaml | 5 +++++ charts/postgres-operator/values.yaml | 3 +++ docs/reference/cluster_manifest.md | 4 ++++ docs/reference/operator_parameters.md | 4 ++++ manifests/complete-postgres-manifest.yaml | 2 ++ manifests/configmap.yaml | 1 + manifests/operatorconfiguration.crd.yaml | 10 ++++++++++ ...stgresql-operator-default-configuration.yaml | 2 ++ manifests/postgresql.crd.yaml | 11 +++++++++++ pkg/apis/acid.zalan.do/v1/crds.go | 16 ++++++++++++++++ .../v1/operator_configuration_type.go | 1 + pkg/apis/acid.zalan.do/v1/postgresql_type.go | 5 +++-- pkg/cluster/k8sres.go | 17 +++++++++++++++-- pkg/controller/operator_config.go | 1 + pkg/util/config/config.go | 15 ++++++++------- pkg/util/util.go | 10 ++++++++++ 17 files changed, 107 insertions(+), 11 deletions(-) diff --git a/charts/postgres-operator/crds/postgresqls.yaml b/charts/postgres-operator/crds/postgresqls.yaml index 13811936d..31015c72c 100644 --- a/charts/postgres-operator/crds/postgresqls.yaml +++ b/charts/postgres-operator/crds/postgresqls.yaml @@ -191,6 +191,17 @@ spec: # Note: usernames specified here as database owners must be declared in the users key of the spec key. dockerImage: type: string + imagePullSecrets: + type: array + nullable: true + description: "Optionally specify an array of imagePullSecrets for the spilo pod" + items: + type: object + required: + - name + properties: + name: + type: string enableConnectionPooler: type: boolean enableReplicaConnectionPooler: diff --git a/charts/postgres-operator/values-crd.yaml b/charts/postgres-operator/values-crd.yaml index 3593dd276..a884896bb 100644 --- a/charts/postgres-operator/values-crd.yaml +++ b/charts/postgres-operator/values-crd.yaml @@ -33,6 +33,11 @@ configGeneral: # kubernetes_use_configmaps: false # Spilo docker image docker_image: registry.opensource.zalan.do/acid/spilo-13:2.0-p2 + # Optionally specify an array of imagePullSecrets for the spilo pod. + # Secrets must be manually created in the namespace. + # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # image_pull_secrets: + # - name: myRegistryKeySecretName # max number of instances in Postgres cluster. -1 = no limit min_instances: -1 # min number of instances in Postgres cluster. -1 = no limit diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index 15f13df7e..e44056314 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -36,6 +36,9 @@ configGeneral: # kubernetes_use_configmaps: "false" # Spilo docker image docker_image: registry.opensource.zalan.do/acid/spilo-13:2.0-p2 + # Optionally specify an array of imagePullSecrets for the spilo pod + # image_pull_secrets: + # - myRegistryKeySecretName # max number of instances in Postgres cluster. -1 = no limit min_instances: "-1" # min number of instances in Postgres cluster. -1 = no limit diff --git a/docs/reference/cluster_manifest.md b/docs/reference/cluster_manifest.md index 589921bc5..72555e9ce 100644 --- a/docs/reference/cluster_manifest.md +++ b/docs/reference/cluster_manifest.md @@ -65,6 +65,10 @@ These parameters are grouped directly under the `spec` key in the manifest. custom Docker image that overrides the **docker_image** operator parameter. It should be a [Spilo](https://github.com/zalando/spilo) image. Optional. +* **imagePullSecrets** + Specify an array of imagePullSecrets to pull the spilo image (if you want + to pull your own spilo image from a private registry). Optional. + * **schedulerName** specifies the scheduling profile for database pods. If no value is provided K8s' `default-scheduler` will be used. Optional. diff --git a/docs/reference/operator_parameters.md b/docs/reference/operator_parameters.md index 212515dc1..f02aef59e 100644 --- a/docs/reference/operator_parameters.md +++ b/docs/reference/operator_parameters.md @@ -102,6 +102,10 @@ Those are top-level keys, containing both leaf keys and groups. your own Spilo image from the [github repository](https://github.com/zalando/spilo). +* **image_pull_secrets** + Specify an array of imagePullSecrets to pull the spilo image (if you + want to pull your own spilo image from a private registry). Optional. + * **sidecar_docker_images** *deprecated*: use **sidecars** instead. A map of sidecar names to Docker images to run with Spilo. In case of the name conflict with the definition in diff --git a/manifests/complete-postgres-manifest.yaml b/manifests/complete-postgres-manifest.yaml index 412bac29b..71d4efe81 100644 --- a/manifests/complete-postgres-manifest.yaml +++ b/manifests/complete-postgres-manifest.yaml @@ -10,6 +10,8 @@ metadata: # "delete-clustername": "acid-test-cluster" # can only be deleted when name matches if "delete-clustername" key is configured spec: dockerImage: registry.opensource.zalan.do/acid/spilo-13:2.0-p2 + # imagePullSecrets: + # - name: myRegistryKeySecretName teamId: "acid" numberOfInstances: 2 users: # Application/Robot users diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml index 3788d8b32..15f992b6d 100644 --- a/manifests/configmap.yaml +++ b/manifests/configmap.yaml @@ -32,6 +32,7 @@ data: # delete_annotation_date_key: delete-date # delete_annotation_name_key: delete-clustername docker_image: registry.opensource.zalan.do/acid/spilo-13:2.0-p2 + # image_pull_secrets: "myRegistryKeySecretName,myOtherRegistryKeySecretName" # downscaler_annotations: "deployment-time,downscaler/*" # enable_admin_role_for_users: "true" # enable_crd_validation: "true" diff --git a/manifests/operatorconfiguration.crd.yaml b/manifests/operatorconfiguration.crd.yaml index 7add1b8c6..e5c39e43e 100644 --- a/manifests/operatorconfiguration.crd.yaml +++ b/manifests/operatorconfiguration.crd.yaml @@ -62,6 +62,16 @@ spec: docker_image: type: string default: "registry.opensource.zalan.do/acid/spilo-13:2.0-p2" + image_pull_secrets: + type: array + nullable: true + items: + type: object + required: + - name + properties: + name: + type: string enable_crd_validation: type: boolean default: true diff --git a/manifests/postgresql-operator-default-configuration.yaml b/manifests/postgresql-operator-default-configuration.yaml index 96394976d..18d6c5734 100644 --- a/manifests/postgresql-operator-default-configuration.yaml +++ b/manifests/postgresql-operator-default-configuration.yaml @@ -4,6 +4,8 @@ metadata: name: postgresql-operator-default-configuration configuration: docker_image: registry.opensource.zalan.do/acid/spilo-13:2.0-p2 + # image_pull_secrets: + # - name: myRegistryKeySecretName # enable_crd_validation: true # enable_lazy_spilo_upgrade: false enable_pgversion_env_var: true diff --git a/manifests/postgresql.crd.yaml b/manifests/postgresql.crd.yaml index d5170e9d4..1f99dc861 100644 --- a/manifests/postgresql.crd.yaml +++ b/manifests/postgresql.crd.yaml @@ -187,6 +187,17 @@ spec: # Note: usernames specified here as database owners must be declared in the users key of the spec key. dockerImage: type: string + imagePullSecrets: + type: array + nullable: true + description: "Optionally specify an array of imagePullSecrets for the spilo pod" + items: + type: object + required: + - name + properties: + name: + type: string enableConnectionPooler: type: boolean enableReplicaConnectionPooler: diff --git a/pkg/apis/acid.zalan.do/v1/crds.go b/pkg/apis/acid.zalan.do/v1/crds.go index f03b4c2ab..7c47a1a50 100644 --- a/pkg/apis/acid.zalan.do/v1/crds.go +++ b/pkg/apis/acid.zalan.do/v1/crds.go @@ -291,6 +291,22 @@ var PostgresCRDResourceValidation = apiextv1.CustomResourceValidation{ "dockerImage": { Type: "string", }, + "imagePullSecrets": { + Type: "array", + Description: "Optionally specify an array of imagePullSecrets for the spilo pod", + Nullable: true, + Items: &apiextv1.JSONSchemaPropsOrArray{ + Schema: &apiextv1.JSONSchemaProps{ + Type: "object", + Required: []string{"name"}, + Properties: map[string]apiextv1.JSONSchemaProps{ + "name": { + Type: "string", + }, + }, + }, + }, + }, "enableConnectionPooler": { Type: "boolean", }, diff --git a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go index b55bfa492..688a53cd4 100644 --- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go +++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go @@ -208,6 +208,7 @@ type OperatorConfigurationData struct { EtcdHost string `json:"etcd_host,omitempty"` KubernetesUseConfigMaps bool `json:"kubernetes_use_configmaps,omitempty"` DockerImage string `json:"docker_image,omitempty"` + ImagePullSecrets []string `json:"image_pull_secrets,omitempty"` Workers uint32 `json:"workers,omitempty"` MinInstances int32 `json:"min_instances,omitempty"` MaxInstances int32 `json:"max_instances,omitempty"` diff --git a/pkg/apis/acid.zalan.do/v1/postgresql_type.go b/pkg/apis/acid.zalan.do/v1/postgresql_type.go index bdae22a7c..09f57bde8 100644 --- a/pkg/apis/acid.zalan.do/v1/postgresql_type.go +++ b/pkg/apis/acid.zalan.do/v1/postgresql_type.go @@ -33,8 +33,9 @@ type PostgresSpec struct { EnableReplicaConnectionPooler *bool `json:"enableReplicaConnectionPooler,omitempty"` ConnectionPooler *ConnectionPooler `json:"connectionPooler,omitempty"` - TeamID string `json:"teamId"` - DockerImage string `json:"dockerImage,omitempty"` + TeamID string `json:"teamId"` + DockerImage string `json:"dockerImage,omitempty"` + ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` SpiloRunAsUser *int64 `json:"spiloRunAsUser,omitempty"` SpiloRunAsGroup *int64 `json:"spiloRunAsGroup,omitempty"` diff --git a/pkg/cluster/k8sres.go b/pkg/cluster/k8sres.go index 6b1af045f..4db133252 100644 --- a/pkg/cluster/k8sres.go +++ b/pkg/cluster/k8sres.go @@ -569,6 +569,7 @@ func (c *Cluster) generatePodTemplate( additionalSecretMount string, additionalSecretMountPath string, additionalVolumes []acidv1.AdditionalVolume, + imagePullSecrets []v1.LocalObjectReference, ) (*v1.PodTemplateSpec, error) { terminateGracePeriodSeconds := terminateGracePeriod @@ -597,6 +598,10 @@ func (c *Cluster) generatePodTemplate( SecurityContext: &securityContext, } + if imagePullSecrets != nil { + podSpec.ImagePullSecrets = imagePullSecrets + } + if schedulerName != nil { podSpec.SchedulerName = *schedulerName } @@ -1064,6 +1069,12 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef // pickup the docker image for the spilo container effectiveDockerImage := util.Coalesce(spec.DockerImage, c.OpConfig.DockerImage) + // get ImagePullSecrets for spilo pod + effectiveImagePullSecrets := c.OpConfig.ImagePullSecrets + if spec.ImagePullSecrets != nil { + effectiveImagePullSecrets = spec.ImagePullSecrets + } + // determine the User, Group and FSGroup for the spilo pod effectiveRunAsUser := c.OpConfig.Resources.SpiloRunAsUser if spec.SpiloRunAsUser != nil { @@ -1234,7 +1245,8 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef c.OpConfig.PodAntiAffinityTopologyKey, c.OpConfig.AdditionalSecretMount, c.OpConfig.AdditionalSecretMountPath, - additionalVolumes) + additionalVolumes, + effectiveImagePullSecrets) if err != nil { return nil, fmt.Errorf("could not generate pod template: %v", err) @@ -1939,7 +1951,8 @@ func (c *Cluster) generateLogicalBackupJob() (*batchv1beta1.CronJob, error) { "", c.OpConfig.AdditionalSecretMount, c.OpConfig.AdditionalSecretMountPath, - []acidv1.AdditionalVolume{}); err != nil { + []acidv1.AdditionalVolume{}, + nil); err != nil { return nil, fmt.Errorf("could not generate pod template for logical backup pod: %v", err) } diff --git a/pkg/controller/operator_config.go b/pkg/controller/operator_config.go index 16fb05004..83ed6513d 100644 --- a/pkg/controller/operator_config.go +++ b/pkg/controller/operator_config.go @@ -40,6 +40,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur result.EtcdHost = fromCRD.EtcdHost result.KubernetesUseConfigMaps = fromCRD.KubernetesUseConfigMaps result.DockerImage = util.Coalesce(fromCRD.DockerImage, "registry.opensource.zalan.do/acid/spilo-13:2.0-p2") + result.ImagePullSecrets = util.StrArrToLocalObjectReferenceArr(fromCRD.ImagePullSecrets) result.Workers = util.CoalesceUInt32(fromCRD.Workers, 8) result.MinInstances = fromCRD.MinInstances result.MaxInstances = fromCRD.MaxInstances diff --git a/pkg/util/config/config.go b/pkg/util/config/config.go index 1d8e37bd2..9d3186a72 100644 --- a/pkg/util/config/config.go +++ b/pkg/util/config/config.go @@ -147,13 +147,14 @@ type Config struct { LogicalBackup ConnectionPooler - WatchedNamespace string `name:"watched_namespace"` // special values: "*" means 'watch all namespaces', the empty string "" means 'watch a namespace where operator is deployed to' - KubernetesUseConfigMaps bool `name:"kubernetes_use_configmaps" default:"false"` - EtcdHost string `name:"etcd_host" default:""` // special values: the empty string "" means Patroni will use K8s as a DCS - DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spilo-13:2.0-p2"` - SidecarImages map[string]string `name:"sidecar_docker_images"` // deprecated in favour of SidecarContainers - SidecarContainers []v1.Container `name:"sidecars"` - PodServiceAccountName string `name:"pod_service_account_name" default:"postgres-pod"` + WatchedNamespace string `name:"watched_namespace"` // special values: "*" means 'watch all namespaces', the empty string "" means 'watch a namespace where operator is deployed to' + KubernetesUseConfigMaps bool `name:"kubernetes_use_configmaps" default:"false"` + EtcdHost string `name:"etcd_host" default:""` // special values: the empty string "" means Patroni will use K8s as a DCS + DockerImage string `name:"docker_image" default:"registry.opensource.zalan.do/acid/spilo-13:2.0-p2"` + ImagePullSecrets []v1.LocalObjectReference `name:"image_pull_secrets"` + SidecarImages map[string]string `name:"sidecar_docker_images"` // deprecated in favour of SidecarContainers + SidecarContainers []v1.Container `name:"sidecars"` + PodServiceAccountName string `name:"pod_service_account_name" default:"postgres-pod"` // value of this string must be valid JSON or YAML; see initPodServiceAccount PodServiceAccountDefinition string `name:"pod_service_account_definition" default:""` PodServiceAccountRoleBindingDefinition string `name:"pod_service_account_role_binding_definition" default:""` diff --git a/pkg/util/util.go b/pkg/util/util.go index bebb9f8da..5b81092d8 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -17,6 +17,7 @@ import ( "time" "github.com/motomux/pretty" + corev1 "k8s.io/api/core/v1" resource "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -340,3 +341,12 @@ func IsSmallerQuantity(requestStr, limitStr string) (bool, error) { return request.Cmp(limit) == -1, nil } + +// StrArrToLocalObjectReferenceArr : Converts an array of strings into an array of v1.LocalObjectReference +func StrArrToLocalObjectReferenceArr(arr []string) []corev1.LocalObjectReference { + ret := make([]corev1.LocalObjectReference, len(arr)) + for k, v := range arr { + ret[k] = corev1.LocalObjectReference{Name: v} + } + return ret +} From a36800d2b6423484ee6758bd71295aa57b952c05 Mon Sep 17 00:00:00 2001 From: buckwx Date: Thu, 8 Aug 2024 12:11:57 -0500 Subject: [PATCH 2/3] resolved merge issues --- charts/postgres-operator/values-crd.yaml | 386 ----------------------- charts/postgres-operator/values.yaml | 9 +- 2 files changed, 8 insertions(+), 387 deletions(-) delete mode 100644 charts/postgres-operator/values-crd.yaml diff --git a/charts/postgres-operator/values-crd.yaml b/charts/postgres-operator/values-crd.yaml deleted file mode 100644 index a884896bb..000000000 --- a/charts/postgres-operator/values-crd.yaml +++ /dev/null @@ -1,386 +0,0 @@ -image: - registry: registry.opensource.zalan.do - repository: acid/postgres-operator - tag: v1.6.0 - pullPolicy: "IfNotPresent" - -# Optionally specify an array of imagePullSecrets. -# Secrets must be manually created in the namespace. -# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod -# imagePullSecrets: - # - name: myRegistryKeySecretName - -podAnnotations: {} -podLabels: {} - -configTarget: "OperatorConfigurationCRD" - -# general top-level configuration parameters -configGeneral: - # choose if deployment creates/updates CRDs with OpenAPIV3Validation - enable_crd_validation: true - # update only the statefulsets without immediately doing the rolling update - enable_lazy_spilo_upgrade: false - # set the PGVERSION env var instead of providing the version via postgresql.bin_dir in SPILO_CONFIGURATION - enable_pgversion_env_var: true - # start any new database pod without limitations on shm memory - enable_shm_volume: true - # enables backwards compatible path between Spilo 12 and Spilo 13 images - enable_spilo_wal_path_compat: false - # etcd connection string for Patroni. Empty uses K8s-native DCS. - etcd_host: "" - # Select if setup uses endpoints (default), or configmaps to manage leader (DCS=k8s) - # kubernetes_use_configmaps: false - # Spilo docker image - docker_image: registry.opensource.zalan.do/acid/spilo-13:2.0-p2 - # Optionally specify an array of imagePullSecrets for the spilo pod. - # Secrets must be manually created in the namespace. - # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # image_pull_secrets: - # - name: myRegistryKeySecretName - # max number of instances in Postgres cluster. -1 = no limit - min_instances: -1 - # min number of instances in Postgres cluster. -1 = no limit - max_instances: -1 - # period between consecutive repair requests - repair_period: 5m - # period between consecutive sync requests - resync_period: 30m - # can prevent certain cases of memory overcommitment - # set_memory_request_to_limit: false - - # map of sidecar names to docker images - # sidecar_docker_images - # example: "exampleimage:exampletag" - - # number of routines the operator spawns to process requests concurrently - workers: 8 - -# parameters describing Postgres users -configUsers: - # postgres username used for replication between instances - replication_username: standby - # postgres superuser name to be created by initdb - super_username: postgres - -configKubernetes: - # default DNS domain of K8s cluster where operator is running - cluster_domain: cluster.local - # additional labels assigned to the cluster objects - cluster_labels: - application: spilo - # label assigned to Kubernetes objects created by the operator - cluster_name_label: cluster-name - # additional annotations to add to every database pod - # custom_pod_annotations: - # keya: valuea - # keyb: valueb - - # key name for annotation that compares manifest value with current date - # delete_annotation_date_key: "delete-date" - - # key name for annotation that compares manifest value with cluster name - # delete_annotation_name_key: "delete-clustername" - - # list of annotations propagated from cluster manifest to statefulset and deployment - # downscaler_annotations: - # - deployment-time - # - downscaler/* - - # enables initContainers to run actions before Spilo is started - enable_init_containers: true - # toggles pod anti affinity on the Postgres pods - enable_pod_antiaffinity: false - # toggles PDB to set to MinAvailabe 0 or 1 - enable_pod_disruption_budget: true - # enables sidecar containers to run alongside Spilo in the same pod - enable_sidecars: true - # namespaced name of the secret containing infrastructure roles names and passwords - # infrastructure_roles_secret_name: postgresql-infrastructure-roles - - # list of annotation keys that can be inherited from the cluster manifest - # inherited_annotations: - # - owned-by - - # list of label keys that can be inherited from the cluster manifest - # inherited_labels: - # - application - # - environment - - # timeout for successful migration of master pods from unschedulable node - # master_pod_move_timeout: 20m - - # set of labels that a running and active node should possess to be considered ready - # node_readiness_label: - # status: ready - - # namespaced name of the secret containing the OAuth2 token to pass to the teams API - # oauth_token_secret_name: postgresql-operator - - # defines the template for PDB (Pod Disruption Budget) names - pdb_name_format: "postgres-{cluster}-pdb" - # override topology key for pod anti affinity - pod_antiaffinity_topology_key: "kubernetes.io/hostname" - # namespaced name of the ConfigMap with environment variables to populate on every pod - # pod_environment_configmap: "default/my-custom-config" - # name of the Secret (in cluster namespace) with environment variables to populate on every pod - # pod_environment_secret: "my-custom-secret" - - # specify the pod management policy of stateful sets of Postgres clusters - pod_management_policy: "ordered_ready" - # label assigned to the Postgres pods (and services/endpoints) - pod_role_label: spilo-role - # service account definition as JSON/YAML string to be used by postgres cluster pods - # pod_service_account_definition: "" - - # role binding definition as JSON/YAML string to be used by pod service account - # pod_service_account_role_binding_definition: "" - - # Postgres pods are terminated forcefully after this timeout - pod_terminate_grace_period: 5m - # template for database user secrets generated by the operator - secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" - # set user and group for the spilo container (required to run Spilo as non-root process) - # spilo_runasuser: "101" - # spilo_runasgroup: "103" - # group ID with write-access to volumes (required to run Spilo as non-root process) - # spilo_fsgroup: 103 - - # whether the Spilo container should run in privileged mode - spilo_privileged: false - # storage resize strategy, available options are: ebs, pvc, off - storage_resize_mode: pvc - # operator watches for postgres objects in the given namespace - watched_namespace: "*" # listen to all namespaces - -# configure resource requests for the Postgres pods -configPostgresPodResources: - # CPU limits for the postgres containers - default_cpu_limit: "1" - # CPU request value for the postgres containers - default_cpu_request: 100m - # memory limits for the postgres containers - default_memory_limit: 500Mi - # memory request value for the postgres containers - default_memory_request: 100Mi - # hard CPU minimum required to properly run a Postgres cluster - min_cpu_limit: 250m - # hard memory minimum required to properly run a Postgres cluster - min_memory_limit: 250Mi - -# timeouts related to some operator actions -configTimeouts: - # timeout when waiting for the Postgres pods to be deleted - pod_deletion_wait_timeout: 10m - # timeout when waiting for pod role and cluster labels - pod_label_wait_timeout: 10m - # interval between consecutive attempts waiting for postgresql CRD to be created - ready_wait_interval: 3s - # timeout for the complete postgres CRD creation - ready_wait_timeout: 30s - # interval to wait between consecutive attempts to check for some K8s resources - resource_check_interval: 3s - # timeout when waiting for the presence of a certain K8s resource (e.g. Sts, PDB) - resource_check_timeout: 10m - -# configure behavior of load balancers -configLoadBalancer: - # DNS zone for cluster DNS name when load balancer is configured for cluster - db_hosted_zone: db.example.com - # annotations to apply to service when load balancing is enabled - # custom_service_annotations: - # keyx: valuez - # keya: valuea - - # toggles service type load balancer pointing to the master pod of the cluster - enable_master_load_balancer: false - # toggles service type load balancer pointing to the replica pod of the cluster - enable_replica_load_balancer: false - # define external traffic policy for the load balancer - external_traffic_policy: "Cluster" - # defines the DNS name string template for the master load balancer cluster - master_dns_name_format: "{cluster}.{team}.{hostedzone}" - # defines the DNS name string template for the replica load balancer cluster - replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}" - -# options to aid debugging of the operator itself -configDebug: - # toggles verbose debug logs from the operator - debug_logging: true - # toggles operator functionality that require access to the postgres database - enable_database_access: true - -# parameters affecting logging and REST API listener -configLoggingRestApi: - # REST API listener listens to this port - api_port: 8080 - # number of entries in the cluster history ring buffer - cluster_history_entries: 1000 - # number of lines in the ring buffer used to store cluster logs - ring_log_lines: 100 - -# configure interaction with non-Kubernetes objects from AWS or GCP -configAwsOrGcp: - # Additional Secret (aws or gcp credentials) to mount in the pod - # additional_secret_mount: "some-secret-name" - - # Path to mount the above Secret in the filesystem of the container(s) - # additional_secret_mount_path: "/some/dir" - - # AWS region used to store ESB volumes - aws_region: eu-central-1 - - # enable automatic migration on AWS from gp2 to gp3 volumes - enable_ebs_gp3_migration: false - # defines maximum volume size in GB until which auto migration happens - # enable_ebs_gp3_migration_max_size: 1000 - - # GCP credentials that will be used by the operator / pods - # gcp_credentials: "" - - # AWS IAM role to supply in the iam.amazonaws.com/role annotation of Postgres pods - # kube_iam_role: "" - - # S3 bucket to use for shipping postgres daily logs - # log_s3_bucket: "" - - # GCS bucket to use for shipping WAL segments with WAL-E - # wal_gs_bucket: "" - - # S3 bucket to use for shipping WAL segments with WAL-E - # wal_s3_bucket: "" - -# configure K8s cron job managed by the operator -configLogicalBackup: - # image for pods of the logical backup job (example runs pg_dumpall) - logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.6.0" - # path of google cloud service account json file - # logical_backup_google_application_credentials: "" - - # prefix for the backup job name - logical_backup_job_prefix: "logical-backup-" - # storage provider - either "s3" or "gcs" - logical_backup_provider: "s3" - # S3 Access Key ID - logical_backup_s3_access_key_id: "" - # S3 bucket to store backup results - logical_backup_s3_bucket: "my-bucket-url" - # S3 region of bucket - logical_backup_s3_region: "" - # S3 endpoint url when not using AWS - logical_backup_s3_endpoint: "" - # S3 Secret Access Key - logical_backup_s3_secret_access_key: "" - # S3 server side encryption - logical_backup_s3_sse: "AES256" - # backup schedule in the cron format - logical_backup_schedule: "30 00 * * *" - -# automate creation of human users with teams API service -configTeamsApi: - # team_admin_role will have the rights to grant roles coming from PG manifests - # enable_admin_role_for_users: true - - # operator watches for PostgresTeam CRs to assign additional teams and members to clusters - enable_postgres_team_crd: false - # toogle to create additional superuser teams from PostgresTeam CRs - # enable_postgres_team_crd_superusers: false - - # toggle to grant superuser to team members created from the Teams API - enable_team_superuser: false - # toggles usage of the Teams API by the operator - enable_teams_api: false - # should contain a URL to use for authentication (username and token) - # pam_configuration: "" - - # operator will add all team member roles to this group and add a pg_hba line - pam_role_name: zalandos - # List of teams which members need the superuser role in each Postgres cluster - # postgres_superuser_teams: - # - postgres_superusers - - # List of roles that cannot be overwritten by an application, team or infrastructure role - protected_role_names: - - admin - # role name to grant to team members created from the Teams API - team_admin_role: admin - # postgres config parameters to apply to each team member role - team_api_role_configuration: - log_statement: all - # URL of the Teams API service - # teams_api_url: http://fake-teams-api.default.svc.cluster.local - -configConnectionPooler: - # db schema to install lookup function into - connection_pooler_schema: "pooler" - # db user for pooler to use - connection_pooler_user: "pooler" - # docker image - connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-9" - # max db connections the pooler should hold - connection_pooler_max_db_connections: 60 - # default pooling mode - connection_pooler_mode: "transaction" - # number of pooler instances - connection_pooler_number_of_instances: 2 - # default resources - connection_pooler_default_cpu_request: 500m - connection_pooler_default_memory_request: 100Mi - connection_pooler_default_cpu_limit: "1" - connection_pooler_default_memory_limit: 100Mi - -rbac: - # Specifies whether RBAC resources should be created - create: true - -crd: - # Specifies whether custom resource definitions should be created - # When using helm3, this is ignored; instead use "--skip-crds" to skip. - create: true - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - -podServiceAccount: - # The name of the ServiceAccount to be used by postgres cluster pods - # If not set a name is generated using the fullname template and "-pod" suffix - name: "postgres-pod" - -# priority class for operator pod -priorityClassName: "" - -# priority class for database pods -podPriorityClassName: "" - -resources: - limits: - cpu: 500m - memory: 500Mi - requests: - cpu: 100m - memory: 250Mi - -# Affinity for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} - -# Tolerations for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Node labels for pod assignment -# Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -controllerID: - # Specifies whether a controller ID should be defined for the operator - # Note, all postgres manifest must then contain the following annotation to be found by this operator - # "acid.zalan.do/controller": - create: false - # The name of the controller ID to use. - # If not set and create is true, a name is generated using the fullname template - name: diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml index 9984ad1cd..ffd4106d7 100644 --- a/charts/postgres-operator/values.yaml +++ b/charts/postgres-operator/values.yaml @@ -42,7 +42,14 @@ configGeneral: # Optionally specify an array of imagePullSecrets for the spilo pod # image_pull_secrets: # - myRegistryKeySecretName - # max number of instances in Postgres cluster. -1 = no limit + + # key name for annotation to ignore globally configured instance limits + # ignore_instance_limits_annotation_key: "" + + # Select if setup uses endpoints (default), or configmaps to manage leader (DCS=k8s) + # kubernetes_use_configmaps: false + + # min number of instances in Postgres cluster. -1 = no limit min_instances: -1 # max number of instances in Postgres cluster. -1 = no limit max_instances: -1 From d362c07229804ef6050070676586c5598c5d6170 Mon Sep 17 00:00:00 2001 From: buckwx Date: Thu, 8 Aug 2024 15:04:17 -0500 Subject: [PATCH 3/3] added ImagePullSecrets to OperatorConfigurationData deep copy --- pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go b/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go index 80bc7b34d..6c7a0fd21 100644 --- a/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go +++ b/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go @@ -428,6 +428,11 @@ func (in *OperatorConfigurationData) DeepCopyInto(out *OperatorConfigurationData *out = make([]string, len(*in)) copy(*out, *in) } + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.ShmVolume != nil { in, out := &in.ShmVolume, &out.ShmVolume *out = new(bool) @@ -668,6 +673,11 @@ func (in *PostgresSpec) DeepCopyInto(out *PostgresSpec) { *out = new(ConnectionPooler) (*in).DeepCopyInto(*out) } + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]corev1.LocalObjectReference, len(*in)) + copy(*out, *in) + } if in.SpiloRunAsUser != nil { in, out := &in.SpiloRunAsUser, &out.SpiloRunAsUser *out = new(int64)