update postgres operator and ui to 1.6.1

2021-02-23 03:40:14 +03:00
parent cb25eca7df
commit 1e5293ce1f
14 changed files with 527 additions and 489 deletions
--- a/postgres-operator/values.yaml
+++ b/postgres-operator/values.yaml
@ -1,7 +1,7 @@
 image:
  registry: registry.opensource.zalan.do
  repository: acid/postgres-operator
-  tag: v1.5.0
+  tag: v1.6.1
  pullPolicy: "IfNotPresent"

 # Optionally specify an array of imagePullSecrets.
@ -24,14 +24,18 @@ configGeneral:
  enable_crd_validation: "true"
  # update only the statefulsets without immediately doing the rolling update
  enable_lazy_spilo_upgrade: "false"
+  # set the PGVERSION env var instead of providing the version via postgresql.bin_dir in SPILO_CONFIGURATION
+  enable_pgversion_env_var: "true"
  # start any new database pod without limitations on shm memory
  enable_shm_volume: "true"
+  # enables backwards compatible path between Spilo 12 and Spilo 13 images
+  enable_spilo_wal_path_compat: "false"
  # etcd connection string for Patroni. Empty uses K8s-native DCS.
  etcd_host: ""
  # Select if setup uses endpoints (default), or configmaps to manage leader (DCS=k8s)
  # kubernetes_use_configmaps: "false"
  # Spilo docker image
-  docker_image: registry.opensource.zalan.do/acid/spilo-12:1.6-p3
+  docker_image: registry.opensource.zalan.do/acid/spilo-13:2.0-p4
  # max number of instances in Postgres cluster. -1 = no limit
  min_instances: "-1"
  # min number of instances in Postgres cluster. -1 = no limit
@ -57,6 +61,9 @@ configUsers:
  super_username: postgres

 configKubernetes:
+  # list of additional capabilities for postgres container
+  # additional_pod_capabilities: "SYS_NICE"
+
  # default DNS domain of K8s cluster where operator is running
  cluster_domain: cluster.local
  # additional labels assigned to the cluster objects
@ -86,7 +93,10 @@ configKubernetes:
  # namespaced name of the secret containing infrastructure roles names and passwords
  # infrastructure_roles_secret_name: postgresql-infrastructure-roles

-  # list of labels that can be inherited from the cluster manifest
+  # list of annotation keys that can be inherited from the cluster manifest
+  # inherited_annotations: owned-by
+
+  # list of label keys that can be inherited from the cluster manifest
  # inherited_labels: application,environment

  # timeout for successful migration of master pods from unschedulable node
@ -209,6 +219,14 @@ configAwsOrGcp:
  # AWS region used to store ESB volumes
  aws_region: eu-central-1

+  # enable automatic migration on AWS from gp2 to gp3 volumes
+  enable_ebs_gp3_migration: "false"
+  # defines maximum volume size in GB until which auto migration happens
+  # enable_ebs_gp3_migration_max_size: "1000"
+
+  # GCP credentials for setting the GOOGLE_APPLICATION_CREDNETIALS environment variable
+  # gcp_credentials: ""
+
  # AWS IAM role to supply in the iam.amazonaws.com/role annotation of Postgres pods
  # kube_iam_role: ""

@ -221,21 +239,25 @@ configAwsOrGcp:
  # GCS bucket to use for shipping WAL segments with WAL-E
  # wal_gs_bucket: ""

-  # GCP credentials for setting the GOOGLE_APPLICATION_CREDNETIALS environment variable
-  # gcp_credentials: ""
-
 # configure K8s cron job managed by the operator
 configLogicalBackup:
  # image for pods of the logical backup job (example runs pg_dumpall)
-  logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:master-58"
+  logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.6.1"
+  # path of google cloud service account json file
+  # logical_backup_google_application_credentials: ""
+
+  # prefix for the backup job name
+  logical_backup_job_prefix: "logical-backup-"
+  # storage provider - either "s3" or "gcs"
+  logical_backup_provider: "s3"
  # S3 Access Key ID
  logical_backup_s3_access_key_id: ""
  # S3 bucket to store backup results
  logical_backup_s3_bucket: "my-bucket-url"
-  # S3 region of bucket
-  logical_backup_s3_region: ""
  # S3 endpoint url when not using AWS
  logical_backup_s3_endpoint: ""
+  # S3 region of bucket
+  logical_backup_s3_region: ""
  # S3 Secret Access Key
  logical_backup_s3_secret_access_key: ""
  # S3 server side encryption
@ -243,6 +265,7 @@ configLogicalBackup:
  # backup schedule in the cron format
  logical_backup_schedule: "30 00 * * *"

+
 # automate creation of human users with teams API service
 configTeamsApi:
  # team_admin_role will have the rights to grant roles coming from PG manifests
@ -286,7 +309,7 @@ configConnectionPooler:
  # db user for pooler to use
  connection_pooler_user: "pooler"
  # docker image
-  connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-9"
+  connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-14"
  # max db connections the pooler should hold
  connection_pooler_max_db_connections: "60"
  # default pooling mode
@ -334,18 +357,24 @@ resources:
    cpu: 100m
    memory: 250Mi

+securityContext:
+  runAsUser: 1000
+  runAsNonRoot: true
+  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false
+
 # Affinity for pod assignment
 # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 affinity: {}

-# Tolerations for pod assignment
-# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-tolerations: []
-
 # Node labels for pod assignment
 # Ref: https://kubernetes.io/docs/user-guide/node-selection/
 nodeSelector: {}

+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
 controllerID:
  # Specifies whether a controller ID should be defined for the operator
  # Note, all postgres manifest must then contain the following annotation to be found by this operator