From 1e5293ce1fcc801546b367736b9fc5586dde8ab1 Mon Sep 17 00:00:00 2001 From: ace Date: Tue, 23 Feb 2021 03:40:14 +0300 Subject: [PATCH] update postgres operator and ui to 1.6.1 --- postgres-operator-ui/Chart.yaml | 4 +- postgres-operator-ui/index.yaml | 54 ++- .../templates/deployment.yaml | 10 +- postgres-operator-ui/values.yaml | 12 +- postgres-operator/Chart.yaml | 4 +- .../crds/operatorconfigurations.yaml | 320 +++++++-------- postgres-operator/crds/postgresqls.yaml | 385 ++++++++---------- postgres-operator/crds/postgresteams.yaml | 2 + postgres-operator/index.yaml | 50 ++- .../templates/clusterrole-postgres-pod.yaml | 24 ++ postgres-operator/templates/clusterrole.yaml | 42 +- postgres-operator/templates/deployment.yaml | 2 + postgres-operator/values-crd.yaml | 50 ++- postgres-operator/values.yaml | 57 ++- 14 files changed, 527 insertions(+), 489 deletions(-) diff --git a/postgres-operator-ui/Chart.yaml b/postgres-operator-ui/Chart.yaml index 13550d6..8ff7f66 100644 --- a/postgres-operator-ui/Chart.yaml +++ b/postgres-operator-ui/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: postgres-operator-ui -version: 1.5.0 -appVersion: 1.5.0 +version: 1.6.1 +appVersion: 1.6.1 home: https://github.com/zalando/postgres-operator description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience keywords: diff --git a/postgres-operator-ui/index.yaml b/postgres-operator-ui/index.yaml index 5a7b42d..7706f5b 100644 --- a/postgres-operator-ui/index.yaml +++ b/postgres-operator-ui/index.yaml @@ -1,11 +1,32 @@ apiVersion: v1 entries: postgres-operator-ui: + - apiVersion: v1 + appVersion: 1.6.1 + created: "2021-02-16T12:16:51.963793476+01:00" + description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience + digest: 3d321352f2f1e7bb7450aa8876e3d818aa9f9da9bd4250507386f0490f2c1969 + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - ui + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator-ui + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-ui-1.6.1.tgz + version: 1.6.1 - apiVersion: v1 appVersion: 1.5.0 - created: "2020-06-04T17:06:37.153522579+02:00" - description: Postgres Operator UI provides a graphical interface for a convenient - database-as-a-service user experience + created: "2021-02-16T12:16:51.96319758+01:00" + description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: c91ea39e6d51d57f4048fb1b6ec53b40823f2690eb88e4e4f1a036367b9fdd61 home: https://github.com/zalando/postgres-operator keywords: @@ -24,29 +45,4 @@ entries: urls: - postgres-operator-ui-1.5.0.tgz version: 1.5.0 - - apiVersion: v1 - appVersion: 1.4.0 - created: "2020-06-04T17:06:37.15302073+02:00" - description: Postgres Operator UI provides a graphical interface for a convenient - database-as-a-service user experience - digest: 00e0eff7056d56467cd5c975657fbb76c8d01accd25a4b7aca81bc42aeac961d - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - ui - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - - email: sk@sik-net.de - name: siku4 - name: postgres-operator-ui - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-ui-1.4.0.tgz - version: 1.4.0 -generated: "2020-06-04T17:06:37.152369987+02:00" +generated: "2021-02-16T12:16:51.962463462+01:00" diff --git a/postgres-operator-ui/templates/deployment.yaml b/postgres-operator-ui/templates/deployment.yaml index 4c6d466..29bf2e6 100644 --- a/postgres-operator-ui/templates/deployment.yaml +++ b/postgres-operator-ui/templates/deployment.yaml @@ -21,6 +21,10 @@ spec: team: "acid" # Parameterize? spec: serviceAccountName: {{ include "postgres-operator-ui.serviceAccountName" . }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} containers: - name: "service" image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -64,10 +68,8 @@ spec: "resources_visible": true, "users_visible": true, "postgresql_versions": [ + "13", "12", - "11", - "10", - "9.6", - "9.5" + "11" ] } diff --git a/postgres-operator-ui/values.yaml b/postgres-operator-ui/values.yaml index 2fdb8f8..926d99b 100644 --- a/postgres-operator-ui/values.yaml +++ b/postgres-operator-ui/values.yaml @@ -8,9 +8,15 @@ replicaCount: 1 image: registry: registry.opensource.zalan.do repository: acid/postgres-operator-ui - tag: v1.5.0-dirty + tag: v1.6.1 pullPolicy: "IfNotPresent" +# Optionally specify an array of imagePullSecrets. +# Secrets must be manually created in the namespace. +# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod +# imagePullSecrets: +# - name: + rbac: # Specifies whether RBAC resources should be created create: true @@ -43,10 +49,10 @@ envs: # configure UI service service: type: "ClusterIP" - port: "8081" + port: "80" # If the type of the service is NodePort a port can be specified using the nodePort field # If the nodePort field is not specified, or if it has no value, then a random port is used - # notePort: 32521 + # nodePort: 32521 # configure UI ingress. If needed: "enabled: true" ingress: diff --git a/postgres-operator/Chart.yaml b/postgres-operator/Chart.yaml index cd9f755..857967a 100644 --- a/postgres-operator/Chart.yaml +++ b/postgres-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: postgres-operator -version: 1.5.0 -appVersion: 1.5.0 +version: 1.6.1 +appVersion: 1.6.1 home: https://github.com/zalando/postgres-operator description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes keywords: diff --git a/postgres-operator/crds/operatorconfigurations.yaml b/postgres-operator/crds/operatorconfigurations.yaml index 28b8f28..3906f90 100644 --- a/postgres-operator/crds/operatorconfigurations.yaml +++ b/postgres-operator/crds/operatorconfigurations.yaml @@ -15,6 +15,8 @@ spec: singular: operatorconfiguration shortNames: - opconfig + categories: + - all scope: Namespaced versions: - name: v1 @@ -63,28 +65,45 @@ spec: properties: docker_image: type: string + default: "registry.opensource.zalan.do/acid/spilo-13:2.0-p4" enable_crd_validation: type: boolean + default: true enable_lazy_spilo_upgrade: type: boolean + default: false + enable_pgversion_env_var: + type: boolean + default: true enable_shm_volume: type: boolean + default: true + enable_spilo_wal_path_compat: + type: boolean + default: false etcd_host: type: string + default: "" kubernetes_use_configmaps: type: boolean + default: false max_instances: type: integer minimum: -1 # -1 = disabled + default: -1 min_instances: type: integer minimum: -1 # -1 = disabled + default: -1 resync_period: type: string + default: "30m" repair_period: type: string + default: "5m" set_memory_request_to_limit: type: boolean + default: false sidecar_docker_images: type: object additionalProperties: @@ -94,28 +113,39 @@ spec: nullable: true items: type: object - additionalProperties: true + x-kubernetes-preserve-unknown-fields: true workers: type: integer minimum: 1 + default: 8 users: type: object properties: replication_username: type: string + default: standby super_username: type: string + default: postgres kubernetes: type: object properties: + additional_pod_capabilities: + type: array + items: + type: string cluster_domain: type: string + default: "cluster.local" cluster_labels: type: object additionalProperties: type: string + default: + application: spilo cluster_name_label: type: string + default: "cluster-name" custom_pod_annotations: type: object additionalProperties: @@ -130,12 +160,16 @@ spec: type: string enable_init_containers: type: boolean + default: true enable_pod_antiaffinity: type: boolean + default: false enable_pod_disruption_budget: type: boolean + default: true enable_sidecars: type: boolean + default: true infrastructure_roles_secret_name: type: string infrastructure_roles_secrets: @@ -164,22 +198,30 @@ spec: type: string template: type: boolean + inherited_annotations: + type: array + items: + type: string inherited_labels: type: array items: type: string master_pod_move_timeout: type: string + default: "20m" node_readiness_label: type: object additionalProperties: type: string oauth_token_secret_name: type: string + default: "postgresql-operator" pdb_name_format: type: string + default: "postgres-{cluster}-pdb" pod_antiaffinity_topology_key: type: string + default: "kubernetes.io/hostname" pod_environment_configmap: type: string pod_environment_secret: @@ -189,20 +231,27 @@ spec: enum: - "ordered_ready" - "parallel" + default: "ordered_ready" pod_priority_class_name: type: string pod_role_label: type: string + default: "spilo-role" pod_service_account_definition: type: string + default: "" pod_service_account_name: type: string + default: "postgres-pod" pod_service_account_role_binding_definition: type: string + default: "" pod_terminate_grace_period: type: string + default: "5m" secret_name_template: type: string + default: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" spilo_runasuser: type: integer spilo_runasgroup: @@ -211,12 +260,14 @@ spec: type: integer spilo_privileged: type: boolean + default: false storage_resize_mode: type: string enum: - "ebs" - "pvc" - "off" + default: "pvc" toleration: type: object additionalProperties: @@ -229,36 +280,48 @@ spec: default_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + default: "1" default_cpu_request: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + default: "100m" default_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + default: "500Mi" default_memory_request: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + default: "100Mi" min_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + default: "250m" min_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + default: "250Mi" timeouts: type: object properties: pod_label_wait_timeout: type: string + default: "10m" pod_deletion_wait_timeout: type: string + default: "10m" ready_wait_interval: type: string + default: "4s" ready_wait_timeout: type: string + default: "30s" resource_check_interval: type: string + default: "3s" resource_check_timeout: type: string + default: "10m" load_balancer: type: object properties: @@ -268,14 +331,25 @@ spec: type: string db_hosted_zone: type: string + default: "db.example.com" enable_master_load_balancer: type: boolean + default: true enable_replica_load_balancer: type: boolean + default: false + external_traffic_policy: + type: string + enum: + - "Cluster" + - "Local" + default: "Cluster" master_dns_name_format: type: string + default: "{cluster}.{team}.{hostedzone}" replica_dns_name_format: type: string + default: "{cluster}-repl.{team}.{hostedzone}" aws_or_gcp: type: object properties: @@ -283,8 +357,16 @@ spec: type: string additional_secret_mount_path: type: string + default: "/meta/credentials" aws_region: type: string + default: "eu-central-1" + enable_ebs_gp3_migration: + type: boolean + default: false + enable_ebs_gp3_migration_max_size: + type: integer + default: 1000 gcp_credentials: type: string kube_iam_role: @@ -300,6 +382,15 @@ spec: properties: logical_backup_docker_image: type: string + default: "registry.opensource.zalan.do/acid/logical-backup:v1.6.1" + logical_backup_google_application_credentials: + type: string + logical_backup_job_prefix: + type: string + default: "logical-backup-" + logical_backup_provider: + type: string + default: "s3" logical_backup_s3_access_key_id: type: string logical_backup_s3_bucket: @@ -315,212 +406,74 @@ spec: logical_backup_schedule: type: string pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' + default: "30 00 * * *" debug: type: object properties: debug_logging: type: boolean + default: true enable_database_access: type: boolean + default: true teams_api: type: object properties: enable_admin_role_for_users: type: boolean + default: true + enable_postgres_team_crd: + type: boolean + default: true + enable_postgres_team_crd_superusers: + type: boolean + default: false enable_team_superuser: type: boolean + default: false enable_teams_api: type: boolean + default: true pam_configuration: type: string + default: "https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees" pam_role_name: type: string + default: "zalandos" postgres_superuser_teams: type: array items: type: string - pod_service_account_name: + protected_role_names: + type: array + items: type: string - pod_terminate_grace_period: - type: string - secret_name_template: - type: string - spilo_fsgroup: - type: integer - spilo_privileged: - type: boolean - toleration: - type: object - additionalProperties: - type: string - watched_namespace: - type: string - postgres_pod_resources: - type: object - properties: - default_cpu_limit: - type: string - pattern: '^(\d+m|\d+(\.\d{1,3})?)$' - default_cpu_request: - type: string - pattern: '^(\d+m|\d+(\.\d{1,3})?)$' - default_memory_limit: - type: string - pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - default_memory_request: - type: string - pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - timeouts: - type: object - properties: - pod_label_wait_timeout: - type: string - pod_deletion_wait_timeout: - type: string - ready_wait_interval: - type: string - ready_wait_timeout: - type: string - resource_check_interval: - type: string - resource_check_timeout: - type: string - load_balancer: - type: object - properties: - custom_service_annotations: - type: object - additionalProperties: - type: string - db_hosted_zone: - type: string - enable_master_load_balancer: - type: boolean - enable_replica_load_balancer: - type: boolean - external_traffic_policy: - type: string - enum: - - "Cluster" - - "Local" - master_dns_name_format: - type: string - replica_dns_name_format: - type: string - aws_or_gcp: - type: object - properties: - additional_secret_mount: - type: string - additional_secret_mount_path: - type: string - aws_region: - type: string - kube_iam_role: - type: string - log_s3_bucket: - type: string - wal_s3_bucket: - type: string - logical_backup: - type: object - properties: - logical_backup_schedule: - type: string - pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' - logical_backup_docker_image: - type: string - logical_backup_s3_bucket: - type: string - logical_backup_s3_endpoint: - type: string - logical_backup_s3_sse: - type: string - logical_backup_s3_access_key_id: - type: string - logical_backup_s3_secret_access_key: - type: string - debug: - type: object - properties: - debug_logging: - type: boolean - enable_database_access: - type: boolean - teams_api: - type: object - properties: - enable_admin_role_for_users: - type: boolean - enable_postgres_team_crd: - type: boolean - enable_postgres_team_crd_superusers: - type: boolean - enable_team_superuser: - type: boolean - enable_teams_api: - type: boolean - pam_configuration: - type: string - pam_role_name: - type: string - postgres_superuser_teams: - type: array - items: - type: string - protected_role_names: - type: array - items: - type: string - team_admin_role: - type: string - team_api_role_configuration: - type: object - additionalProperties: - type: string - teams_api_url: - type: string - logging_rest_api: - type: object - properties: - api_port: - type: integer - cluster_history_entries: - type: integer - ring_log_lines: - type: integer - scalyr: - type: object - properties: - scalyr_api_key: - type: string - scalyr_cpu_limit: - type: string - pattern: '^(\d+m|\d+(\.\d{1,3})?)$' - scalyr_cpu_request: - type: string - pattern: '^(\d+m|\d+(\.\d{1,3})?)$' - scalyr_image: - type: string - scalyr_memory_limit: - type: string - pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - scalyr_memory_request: - type: string - pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - scalyr_server_url: + default: + - admin + team_admin_role: + type: string + default: "admin" + team_api_role_configuration: + type: object + additionalProperties: type: string + default: + log_statement: all teams_api_url: type: string + default: "https://teams.example.com/api/" logging_rest_api: type: object properties: api_port: type: integer + default: 8080 cluster_history_entries: type: integer + default: 1000 ring_log_lines: type: integer + default: 100 scalyr: # deprecated type: object properties: @@ -529,60 +482,65 @@ spec: scalyr_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + default: "1" scalyr_cpu_request: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + default: "100m" scalyr_image: type: string scalyr_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + default: "500Mi" scalyr_memory_request: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + default: "50Mi" scalyr_server_url: type: string + default: "https://upload.eu.scalyr.com" connection_pooler: type: object properties: connection_pooler_schema: type: string - #default: "pooler" + default: "pooler" connection_pooler_user: type: string - #default: "pooler" + default: "pooler" connection_pooler_image: type: string - #default: "registry.opensource.zalan.do/acid/pgbouncer" + default: "registry.opensource.zalan.do/acid/pgbouncer:master-14" connection_pooler_max_db_connections: type: integer - #default: 60 + default: 60 connection_pooler_mode: type: string enum: - "session" - "transaction" - #default: "transaction" + default: "transaction" connection_pooler_number_of_instances: type: integer - minimum: 2 - #default: 2 + minimum: 1 + default: 2 connection_pooler_default_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' - #default: "1" + default: "1" connection_pooler_default_cpu_request: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' - #default: "500m" + default: "500m" connection_pooler_default_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - #default: "100Mi" + default: "100Mi" connection_pooler_default_memory_request: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - #default: "100Mi" + default: "100Mi" status: type: object additionalProperties: diff --git a/postgres-operator/crds/postgresqls.yaml b/postgres-operator/crds/postgresqls.yaml index 9127fa8..ad11f64 100644 --- a/postgres-operator/crds/postgresqls.yaml +++ b/postgres-operator/crds/postgresqls.yaml @@ -15,6 +15,8 @@ spec: singular: postgresql shortNames: - pg + categories: + - all scope: Namespaced versions: - name: v1 @@ -98,6 +100,7 @@ spec: type: string volumeSource: type: object + x-kubernetes-preserve-unknown-fields: true subPath: type: string allowedSourceRanges: @@ -125,7 +128,7 @@ spec: type: string timestamp: type: string - pattern: '^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?(([Zz])|([+-]([01][0-9]|2[0-3]):[0-5][0-9]))$' + pattern: '^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?(([+-]([01][0-9]|2[0-3]):[0-5][0-9]))$' # The regexp matches the date-time format (RFC 3339 Section 5.6) that specifies a timezone as an offset relative to UTC # Example: 1996-12-19T16:39:57-08:00 # Note: this field requires a timezone @@ -205,87 +208,53 @@ spec: nullable: true items: type: object - required: - - cluster - properties: - cluster: - type: string - s3_endpoint: - type: string - s3_access_key_id: - type: string - s3_secret_access_key: - type: string - s3_force_path_style: - type: string - s3_wal_path: - type: string - timestamp: - type: string - pattern: '^([0-9]+)-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])[Tt]([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]|60)(\.[0-9]+)?(([Zz])|([+-]([01][0-9]|2[0-3]):[0-5][0-9]))$' - # The regexp matches the date-time format (RFC 3339 Section 5.6) that specifies a timezone as an offset relative to UTC - # Example: 1996-12-19T16:39:57-08:00 - # Note: this field requires a timezone - uid: - format: uuid - type: string - databases: + x-kubernetes-preserve-unknown-fields: true + initContainers: + type: array + nullable: true + items: type: object - additionalProperties: - type: string - # Note: usernames specified here as database owners must be declared in the users key of the spec key. - dockerImage: + x-kubernetes-preserve-unknown-fields: true + logicalBackupSchedule: + type: string + pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' + maintenanceWindows: + type: array + items: type: string - enableLogicalBackup: - type: boolean - enableMasterLoadBalancer: - type: boolean - enableReplicaLoadBalancer: - type: boolean - enableShmVolume: - type: boolean - init_containers: # deprecated - type: array - nullable: true - items: + pattern: '^\ *((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))-((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))\ *$' + numberOfInstances: + type: integer + minimum: 0 + patroni: + type: object + properties: + initdb: type: object - additionalProperties: true - initContainers: - type: array - nullable: true - items: - type: object - additionalProperties: true - logicalBackupSchedule: - type: string - pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' - maintenanceWindows: - type: array - items: - type: string - pattern: '^\ *((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))-((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))\ *$' - numberOfInstances: - type: integer - minimum: 0 - patroni: - type: object - properties: - initdb: - type: object - additionalProperties: - type: string - ttl: - type: integer + additionalProperties: + type: string loop_wait: type: integer - retry_timeout: - type: integer maximum_lag_on_failover: type: integer + pg_hba: + type: array + items: + type: string + retry_timeout: + type: integer + slots: + type: object + additionalProperties: + type: object + additionalProperties: + type: string synchronous_mode: type: boolean synchronous_mode_strict: type: boolean + ttl: + type: integer podAnnotations: type: object additionalProperties: @@ -301,113 +270,18 @@ spec: properties: version: type: string - pod_priority_class_name: # deprecated - type: string - podPriorityClassName: - type: string - postgresql: - type: object - required: - - version - properties: - version: - type: string - enum: - - "9.3" - - "9.4" - - "9.5" - - "9.6" - - "10" - - "11" - - "12" - parameters: - type: object - additionalProperties: - type: string - replicaLoadBalancer: # deprecated - type: boolean - resources: - type: object - required: - - requests - - limits - properties: - limits: - type: object - required: - - cpu - - memory - properties: - cpu: - type: string - # Decimal natural followed by m, or decimal natural followed by - # dot followed by up to three decimal digits. - # - # This is because the Kubernetes CPU resource has millis as the - # maximum precision. The actual values are checked in code - # because the regular expression would be huge and horrible and - # not very helpful in validation error messages; this one checks - # only the format of the given number. - # - # https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu - pattern: '^(\d+m|\d+\.\d{1,3})$' - # Note: the value specified here must not be zero or be lower - # than the corresponding request. - memory: - type: string - # You can express memory as a plain integer or as a fixed-point - # integer using one of these suffixes: E, P, T, G, M, k. You can - # also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki - # - # https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory - pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - # Note: the value specified here must not be zero or be lower - # than the corresponding request. - requests: - type: object - required: - - cpu - - memory - properties: - cpu: - type: string - # Decimal natural followed by m, or decimal natural followed by - # dot followed by up to three decimal digits. - # - # This is because the Kubernetes CPU resource has millis as the - # maximum precision. The actual values are checked in code - # because the regular expression would be huge and horrible and - # not very helpful in validation error messages; this one checks - # only the format of the given number. - # - # https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu - pattern: '^(\d+m|\d+\.\d{1,3})$' - # Note: the value specified here must not be zero or be higher - # than the corresponding limit. - memory: - type: string - # You can express memory as a plain integer or as a fixed-point - # integer using one of these suffixes: E, P, T, G, M, k. You can - # also use the power-of-two equivalents: Ei, Pi, Ti, Gi, Mi, Ki - # - # https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory - pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - # Note: the value specified here must not be zero or be higher - # than the corresponding limit. - sidecars: - type: array - nullable: true - items: + enum: + - "9.3" + - "9.4" + - "9.5" + - "9.6" + - "10" + - "11" + - "12" + - "13" + parameters: type: object - additionalProperties: true - spiloFSGroup: - type: integer - standby: - type: object - required: - - s3_wal_path - properties: - s3_wal_path: + additionalProperties: type: string preparedDatabases: type: object @@ -440,11 +314,10 @@ spec: limits: type: object required: - - key - - operator - - effect + - cpu + - memory properties: - key: + cpu: type: string # Decimal natural followed by m, or decimal natural followed by # dot followed by up to three decimal digits. @@ -459,26 +332,6 @@ spec: pattern: '^(\d+m|\d+(\.\d{1,3})?)$' # Note: the value specified here must not be zero or be lower # than the corresponding request. - memory: - type: string - enum: - - Equal - - Exists - value: - type: string - # Decimal natural followed by m, or decimal natural followed by - # dot followed by up to three decimal digits. - # - # This is because the Kubernetes CPU resource has millis as the - # maximum precision. The actual values are checked in code - # because the regular expression would be huge and horrible and - # not very helpful in validation error messages; this one checks - # only the format of the given number. - # - # https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu - pattern: '^(\d+m|\d+(\.\d{1,3})?)$' - # Note: the value specified here must not be zero or be higher - # than the corresponding limit. memory: type: string # You can express memory as a plain integer or as a fixed-point @@ -489,6 +342,20 @@ spec: pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' # Note: the value specified here must not be zero or be higher # than the corresponding limit. + requests: + type: object + required: + - cpu + - memory + properties: + cpu: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + memory: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + schedulerName: + type: string serviceAnnotations: type: object additionalProperties: @@ -498,7 +365,7 @@ spec: nullable: true items: type: object - additionalProperties: true + x-kubernetes-preserve-unknown-fields: true spiloRunAsUser: type: integer spiloRunAsGroup: @@ -529,20 +396,116 @@ spec: type: string caSecretName: type: string + nodeAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + type: object + required: + - weight + - preference + properties: + preference: + type: object + properties: + matchExpressions: + type: array + items: + type: object + required: + - key + - operator + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + required: + - key + - operator + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + weight: + format: int32 + type: integer + requiredDuringSchedulingIgnoredDuringExecution: + type: object + required: + - nodeSelectorTerms + properties: + nodeSelectorTerms: + type: array + items: + type: object + properties: + matchExpressions: + type: array + items: + type: object + required: + - key + - operator + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string + matchFields: + type: array + items: + type: object + required: + - key + - operator + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string tolerations: type: array items: type: object required: - - size + - key + - operator + - effect properties: - size: + key: type: string - pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' - # Note: the value specified here must not be zero. - storageClass: + operator: type: string - subPath: + enum: + - Equal + - Exists + value: + type: string + effect: type: string enum: - NoExecute @@ -594,6 +557,8 @@ spec: required: - size properties: + iops: + type: integer size: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' @@ -602,7 +567,9 @@ spec: type: string subPath: type: string + throughput: + type: integer status: type: object additionalProperties: - type: string \ No newline at end of file + type: string diff --git a/postgres-operator/crds/postgresteams.yaml b/postgres-operator/crds/postgresteams.yaml index 81c5e1e..fbf873b 100644 --- a/postgres-operator/crds/postgresteams.yaml +++ b/postgres-operator/crds/postgresteams.yaml @@ -15,6 +15,8 @@ spec: singular: postgresteam shortNames: - pgteam + categories: + - all scope: Namespaced versions: - name: v1 diff --git a/postgres-operator/index.yaml b/postgres-operator/index.yaml index 3c62625..a0f705e 100644 --- a/postgres-operator/index.yaml +++ b/postgres-operator/index.yaml @@ -1,11 +1,31 @@ apiVersion: v1 entries: postgres-operator: + - apiVersion: v1 + appVersion: 1.6.1 + created: "2021-02-16T11:49:43.295433402+01:00" + description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes + digest: ce9cfc0d4838edf307b690b942bd4e1ea73c3b93bb5552ae8ecd2952d55383ea + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-1.6.1.tgz + version: 1.6.1 - apiVersion: v1 appVersion: 1.5.0 - created: "2020-06-04T17:06:49.41741489+02:00" - description: Postgres Operator creates and manages PostgreSQL clusters running - in Kubernetes + created: "2021-02-16T11:49:43.292890391+01:00" + description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: 198351d5db52e65cdf383d6f3e1745d91ac1e2a01121f8476f8b1be728b09531 home: https://github.com/zalando/postgres-operator keywords: @@ -23,26 +43,4 @@ entries: urls: - postgres-operator-1.5.0.tgz version: 1.5.0 - - apiVersion: v1 - appVersion: 1.4.0 - created: "2020-06-04T17:06:49.416001109+02:00" - description: Postgres Operator creates and manages PostgreSQL clusters running - in Kubernetes - digest: f8b90fecfc3cb825b94ed17edd9d5cefc36ae61801d4568597b4a79bcd73b2e9 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-1.4.0.tgz - version: 1.4.0 -generated: "2020-06-04T17:06:49.414521538+02:00" +generated: "2021-02-16T11:49:43.291315248+01:00" diff --git a/postgres-operator/templates/clusterrole-postgres-pod.yaml b/postgres-operator/templates/clusterrole-postgres-pod.yaml index ef607ae..33c4382 100644 --- a/postgres-operator/templates/clusterrole-postgres-pod.yaml +++ b/postgres-operator/templates/clusterrole-postgres-pod.yaml @@ -10,6 +10,27 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} rules: # Patroni needs to watch and manage endpoints +{{- if toString .Values.configGeneral.kubernetes_use_configmaps | eq "true" }} +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- else }} - apiGroups: - "" resources: @@ -23,6 +44,7 @@ rules: - patch - update - watch +{{- end }} # Patroni needs to watch pods - apiGroups: - "" @@ -41,6 +63,7 @@ rules: - services verbs: - create +{{- if toString .Values.configKubernetes.spilo_privileged | eq "true" }} # to run privileged pods - apiGroups: - extensions @@ -50,4 +73,5 @@ rules: - privileged verbs: - use +{{- end }} {{ end }} diff --git a/postgres-operator/templates/clusterrole.yaml b/postgres-operator/templates/clusterrole.yaml index 00ee776..885bad3 100644 --- a/postgres-operator/templates/clusterrole.yaml +++ b/postgres-operator/templates/clusterrole.yaml @@ -44,13 +44,6 @@ rules: - get - patch - update -# to read configuration from ConfigMaps -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get # to send events to the CRs - apiGroups: - "" @@ -63,7 +56,35 @@ rules: - patch - update - watch -# to manage endpoints which are also used by Patroni +# to manage endpoints/configmaps which are also used by Patroni +{{- if toString .Values.configGeneral.kubernetes_use_configmaps | eq "true" }} +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- else }} +# to read configuration from ConfigMaps +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get - apiGroups: - "" resources: @@ -77,6 +98,7 @@ rules: - patch - update - watch +{{- end }} # to CRUD secrets for database access - apiGroups: - "" @@ -206,7 +228,8 @@ rules: verbs: - get - create -# to grant privilege to run privileged pods +{{- if toString .Values.configKubernetes.spilo_privileged | eq "true" }} +# to run privileged pods - apiGroups: - extensions resources: @@ -215,4 +238,5 @@ rules: - privileged verbs: - use +{{- end }} {{ end }} diff --git a/postgres-operator/templates/deployment.yaml b/postgres-operator/templates/deployment.yaml index 9841bf1..89500ae 100644 --- a/postgres-operator/templates/deployment.yaml +++ b/postgres-operator/templates/deployment.yaml @@ -54,6 +54,8 @@ spec: {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} + securityContext: +{{ toYaml .Values.securityContext | indent 10 }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} diff --git a/postgres-operator/values-crd.yaml b/postgres-operator/values-crd.yaml index 71c2d5b..a66911f 100644 --- a/postgres-operator/values-crd.yaml +++ b/postgres-operator/values-crd.yaml @@ -1,7 +1,7 @@ image: registry: registry.opensource.zalan.do repository: acid/postgres-operator - tag: v1.5.0 + tag: v1.6.1 pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -21,14 +21,18 @@ configGeneral: enable_crd_validation: true # update only the statefulsets without immediately doing the rolling update enable_lazy_spilo_upgrade: false + # set the PGVERSION env var instead of providing the version via postgresql.bin_dir in SPILO_CONFIGURATION + enable_pgversion_env_var: true # start any new database pod without limitations on shm memory enable_shm_volume: true + # enables backwards compatible path between Spilo 12 and Spilo 13 images + enable_spilo_wal_path_compat: false # etcd connection string for Patroni. Empty uses K8s-native DCS. etcd_host: "" # Select if setup uses endpoints (default), or configmaps to manage leader (DCS=k8s) # kubernetes_use_configmaps: false # Spilo docker image - docker_image: registry.opensource.zalan.do/acid/spilo-12:1.6-p3 + docker_image: registry.opensource.zalan.do/acid/spilo-13:2.0-p4 # max number of instances in Postgres cluster. -1 = no limit min_instances: -1 # min number of instances in Postgres cluster. -1 = no limit @@ -55,6 +59,10 @@ configUsers: super_username: postgres configKubernetes: + # list of additional capabilities for postgres container + # additional_pod_capabilities: + # - "SYS_NICE" + # default DNS domain of K8s cluster where operator is running cluster_domain: cluster.local # additional labels assigned to the cluster objects @@ -89,7 +97,11 @@ configKubernetes: # namespaced name of the secret containing infrastructure roles names and passwords # infrastructure_roles_secret_name: postgresql-infrastructure-roles - # list of labels that can be inherited from the cluster manifest + # list of annotation keys that can be inherited from the cluster manifest + # inherited_annotations: + # - owned-by + + # list of label keys that can be inherited from the cluster manifest # inherited_labels: # - application # - environment @@ -217,6 +229,11 @@ configAwsOrGcp: # AWS region used to store ESB volumes aws_region: eu-central-1 + # enable automatic migration on AWS from gp2 to gp3 volumes + enable_ebs_gp3_migration: false + # defines maximum volume size in GB until which auto migration happens + # enable_ebs_gp3_migration_max_size: 1000 + # GCP credentials that will be used by the operator / pods # gcp_credentials: "" @@ -235,7 +252,14 @@ configAwsOrGcp: # configure K8s cron job managed by the operator configLogicalBackup: # image for pods of the logical backup job (example runs pg_dumpall) - logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:master-58" + logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.6.1" + # path of google cloud service account json file + # logical_backup_google_application_credentials: "" + + # prefix for the backup job name + logical_backup_job_prefix: "logical-backup-" + # storage provider - either "s3" or "gcs" + logical_backup_provider: "s3" # S3 Access Key ID logical_backup_s3_access_key_id: "" # S3 bucket to store backup results @@ -259,7 +283,7 @@ configTeamsApi: # operator watches for PostgresTeam CRs to assign additional teams and members to clusters enable_postgres_team_crd: false # toogle to create additional superuser teams from PostgresTeam CRs - # enable_postgres_team_crd_superusers: "false" + # enable_postgres_team_crd_superusers: false # toggle to grant superuser to team members created from the Teams API enable_team_superuser: false @@ -291,7 +315,7 @@ configConnectionPooler: # db user for pooler to use connection_pooler_user: "pooler" # docker image - connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-9" + connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-14" # max db connections the pooler should hold connection_pooler_max_db_connections: 60 # default pooling mode @@ -339,18 +363,24 @@ resources: cpu: 100m memory: 250Mi +securityContext: + runAsUser: 1000 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + # Affinity for pod assignment # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} -# Tolerations for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - # Node labels for pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} +# Tolerations for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + controllerID: # Specifies whether a controller ID should be defined for the operator # Note, all postgres manifest must then contain the following annotation to be found by this operator diff --git a/postgres-operator/values.yaml b/postgres-operator/values.yaml index 9586550..e55da4b 100644 --- a/postgres-operator/values.yaml +++ b/postgres-operator/values.yaml @@ -1,7 +1,7 @@ image: registry: registry.opensource.zalan.do repository: acid/postgres-operator - tag: v1.5.0 + tag: v1.6.1 pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -24,14 +24,18 @@ configGeneral: enable_crd_validation: "true" # update only the statefulsets without immediately doing the rolling update enable_lazy_spilo_upgrade: "false" + # set the PGVERSION env var instead of providing the version via postgresql.bin_dir in SPILO_CONFIGURATION + enable_pgversion_env_var: "true" # start any new database pod without limitations on shm memory enable_shm_volume: "true" + # enables backwards compatible path between Spilo 12 and Spilo 13 images + enable_spilo_wal_path_compat: "false" # etcd connection string for Patroni. Empty uses K8s-native DCS. etcd_host: "" # Select if setup uses endpoints (default), or configmaps to manage leader (DCS=k8s) # kubernetes_use_configmaps: "false" # Spilo docker image - docker_image: registry.opensource.zalan.do/acid/spilo-12:1.6-p3 + docker_image: registry.opensource.zalan.do/acid/spilo-13:2.0-p4 # max number of instances in Postgres cluster. -1 = no limit min_instances: "-1" # min number of instances in Postgres cluster. -1 = no limit @@ -57,6 +61,9 @@ configUsers: super_username: postgres configKubernetes: + # list of additional capabilities for postgres container + # additional_pod_capabilities: "SYS_NICE" + # default DNS domain of K8s cluster where operator is running cluster_domain: cluster.local # additional labels assigned to the cluster objects @@ -86,7 +93,10 @@ configKubernetes: # namespaced name of the secret containing infrastructure roles names and passwords # infrastructure_roles_secret_name: postgresql-infrastructure-roles - # list of labels that can be inherited from the cluster manifest + # list of annotation keys that can be inherited from the cluster manifest + # inherited_annotations: owned-by + + # list of label keys that can be inherited from the cluster manifest # inherited_labels: application,environment # timeout for successful migration of master pods from unschedulable node @@ -209,6 +219,14 @@ configAwsOrGcp: # AWS region used to store ESB volumes aws_region: eu-central-1 + # enable automatic migration on AWS from gp2 to gp3 volumes + enable_ebs_gp3_migration: "false" + # defines maximum volume size in GB until which auto migration happens + # enable_ebs_gp3_migration_max_size: "1000" + + # GCP credentials for setting the GOOGLE_APPLICATION_CREDNETIALS environment variable + # gcp_credentials: "" + # AWS IAM role to supply in the iam.amazonaws.com/role annotation of Postgres pods # kube_iam_role: "" @@ -221,21 +239,25 @@ configAwsOrGcp: # GCS bucket to use for shipping WAL segments with WAL-E # wal_gs_bucket: "" - # GCP credentials for setting the GOOGLE_APPLICATION_CREDNETIALS environment variable - # gcp_credentials: "" - # configure K8s cron job managed by the operator configLogicalBackup: # image for pods of the logical backup job (example runs pg_dumpall) - logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:master-58" + logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.6.1" + # path of google cloud service account json file + # logical_backup_google_application_credentials: "" + + # prefix for the backup job name + logical_backup_job_prefix: "logical-backup-" + # storage provider - either "s3" or "gcs" + logical_backup_provider: "s3" # S3 Access Key ID logical_backup_s3_access_key_id: "" # S3 bucket to store backup results logical_backup_s3_bucket: "my-bucket-url" - # S3 region of bucket - logical_backup_s3_region: "" # S3 endpoint url when not using AWS logical_backup_s3_endpoint: "" + # S3 region of bucket + logical_backup_s3_region: "" # S3 Secret Access Key logical_backup_s3_secret_access_key: "" # S3 server side encryption @@ -243,6 +265,7 @@ configLogicalBackup: # backup schedule in the cron format logical_backup_schedule: "30 00 * * *" + # automate creation of human users with teams API service configTeamsApi: # team_admin_role will have the rights to grant roles coming from PG manifests @@ -286,7 +309,7 @@ configConnectionPooler: # db user for pooler to use connection_pooler_user: "pooler" # docker image - connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-9" + connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-14" # max db connections the pooler should hold connection_pooler_max_db_connections: "60" # default pooling mode @@ -334,18 +357,24 @@ resources: cpu: 100m memory: 250Mi +securityContext: + runAsUser: 1000 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + # Affinity for pod assignment # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} -# Tolerations for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - # Node labels for pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} +# Tolerations for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + controllerID: # Specifies whether a controller ID should be defined for the operator # Note, all postgres manifest must then contain the following annotation to be found by this operator