From ce5141656ab3a8443dbdf460eac15a9d7eb5ce6d Mon Sep 17 00:00:00 2001 From: ace Date: Tue, 21 Jun 2022 20:38:59 +0300 Subject: [PATCH] postgres-operator: bump to v1.8.2, helm chart v1.8.2 postgres-operator-ui: bump to v1.8.2, helm chart v1.8.2 --- postgres-operator-ui/Chart.yaml | 6 +- postgres-operator-ui/index.yaml | 106 +++++++++++----- .../templates/deployment.yaml | 5 + postgres-operator-ui/templates/ingress.yaml | 3 + postgres-operator-ui/values.yaml | 5 +- postgres-operator/Chart.yaml | 6 +- .../crds/operatorconfigurations.yaml | 75 +++++++++-- postgres-operator/crds/postgresqls.yaml | 119 +++++++++++++----- postgres-operator/crds/postgresteams.yaml | 2 - postgres-operator/index.yaml | 102 ++++++++++----- .../templates/clusterrole-postgres-pod.yaml | 8 +- postgres-operator/templates/clusterrole.yaml | 26 ++-- postgres-operator/templates/crds.yaml | 6 - postgres-operator/values.yaml | 58 +++++++-- 14 files changed, 382 insertions(+), 145 deletions(-) delete mode 100644 postgres-operator/templates/crds.yaml diff --git a/postgres-operator-ui/Chart.yaml b/postgres-operator-ui/Chart.yaml index 9e38f21..23ecad0 100644 --- a/postgres-operator-ui/Chart.yaml +++ b/postgres-operator-ui/Chart.yaml @@ -1,7 +1,7 @@ -apiVersion: v1 +apiVersion: v2 name: postgres-operator-ui -version: 1.7.1 -appVersion: 1.7.1 +version: 1.8.2 +appVersion: 1.8.2 home: https://github.com/zalando/postgres-operator description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience keywords: diff --git a/postgres-operator-ui/index.yaml b/postgres-operator-ui/index.yaml index f0005e0..df6018f 100644 --- a/postgres-operator-ui/index.yaml +++ b/postgres-operator-ui/index.yaml @@ -1,9 +1,78 @@ apiVersion: v1 entries: postgres-operator-ui: + - apiVersion: v2 + appVersion: 1.8.2 + created: "2022-06-20T11:58:48.148537324+02:00" + description: Postgres Operator UI provides a graphical interface for a convenient + database-as-a-service user experience + digest: fbfc90fa8fd007a08a7c02e0ec9108bb8282cbb42b8c976d88f2193d6edff30c + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - ui + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator-ui + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-ui-1.8.2.tgz + version: 1.8.2 + - apiVersion: v2 + appVersion: 1.8.1 + created: "2022-06-20T11:58:48.147974157+02:00" + description: Postgres Operator UI provides a graphical interface for a convenient + database-as-a-service user experience + digest: d26342e385ea51a0fbfbe23477999863e9489664ae803ea5c56da8897db84d24 + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - ui + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator-ui + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-ui-1.8.1.tgz + version: 1.8.1 + - apiVersion: v1 + appVersion: 1.8.0 + created: "2022-06-20T11:58:48.147454782+02:00" + description: Postgres Operator UI provides a graphical interface for a convenient + database-as-a-service user experience + digest: d4a7b40c23fd167841cc28342afdbd5ecc809181913a5c31061c83139187f148 + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - ui + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator-ui + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-ui-1.8.0.tgz + version: 1.8.0 - apiVersion: v1 appVersion: 1.7.1 - created: "2021-11-03T11:44:00.75040818+01:00" + created: "2022-06-20T11:58:48.14693682+02:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: 97aed1a1d37cd5f8441eea9522f38e56cc829786ad2134c437a5e6a15c995869 @@ -26,7 +95,7 @@ entries: version: 1.7.1 - apiVersion: v1 appVersion: 1.7.0 - created: "2021-11-03T11:44:00.748544296+01:00" + created: "2022-06-20T11:58:48.146431264+02:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: 37fba1968347daad393dbd1c6ee6e5b6a24d1095f972c0102197531c62dcada8 @@ -49,7 +118,7 @@ entries: version: 1.7.0 - apiVersion: v1 appVersion: 1.6.3 - created: "2021-11-03T11:44:00.745261041+01:00" + created: "2022-06-20T11:58:48.14552248+02:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: 08b810aa632dcc719e4785ef184e391267f7c460caa99677f2d00719075aac78 @@ -72,7 +141,7 @@ entries: version: 1.6.3 - apiVersion: v1 appVersion: 1.6.2 - created: "2021-11-03T11:44:00.743617168+01:00" + created: "2022-06-20T11:58:48.145033254+02:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: 14d1559bb0bd1e1e828f2daaaa6f6ac9ffc268d79824592c3589b55dd39241f6 @@ -95,7 +164,7 @@ entries: version: 1.6.2 - apiVersion: v1 appVersion: 1.6.1 - created: "2021-11-03T11:44:00.741913772+01:00" + created: "2022-06-20T11:58:48.144518247+02:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: 3d321352f2f1e7bb7450aa8876e3d818aa9f9da9bd4250507386f0490f2c1969 @@ -118,7 +187,7 @@ entries: version: 1.6.1 - apiVersion: v1 appVersion: 1.6.0 - created: "2021-11-03T11:44:00.740290409+01:00" + created: "2022-06-20T11:58:48.143943237+02:00" description: Postgres Operator UI provides a graphical interface for a convenient database-as-a-service user experience digest: 1e0aa1e7db3c1daa96927ffbf6fdbcdb434562f961833cb5241ddbe132220ee4 @@ -139,27 +208,4 @@ entries: urls: - postgres-operator-ui-1.6.0.tgz version: 1.6.0 - - apiVersion: v1 - appVersion: 1.5.0 - created: "2021-11-03T11:44:00.738607341+01:00" - description: Postgres Operator UI provides a graphical interface for a convenient - database-as-a-service user experience - digest: c91ea39e6d51d57f4048fb1b6ec53b40823f2690eb88e4e4f1a036367b9fdd61 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - ui - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator-ui - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-ui-1.5.0.tgz - version: 1.5.0 -generated: "2021-11-03T11:44:00.736383918+01:00" +generated: "2022-06-20T11:58:48.143164875+02:00" diff --git a/postgres-operator-ui/templates/deployment.yaml b/postgres-operator-ui/templates/deployment.yaml index 8942539..c82d38c 100644 --- a/postgres-operator-ui/templates/deployment.yaml +++ b/postgres-operator-ui/templates/deployment.yaml @@ -70,6 +70,11 @@ spec: "replica_load_balancer_visible": true, "resources_visible": true, "users_visible": true, + "cost_ebs": 0.0952, + "cost_iops": 0.006, + "cost_throughput": 0.0476, + "cost_core": 0.0575, + "cost_memory": 0.014375, "postgresql_versions": [ "14", "13", diff --git a/postgres-operator-ui/templates/ingress.yaml b/postgres-operator-ui/templates/ingress.yaml index 21e7dbe..37b47a6 100644 --- a/postgres-operator-ui/templates/ingress.yaml +++ b/postgres-operator-ui/templates/ingress.yaml @@ -23,6 +23,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: +{{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} +{{- end }} {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} diff --git a/postgres-operator-ui/values.yaml b/postgres-operator-ui/values.yaml index 06004b1..1fe4d37 100644 --- a/postgres-operator-ui/values.yaml +++ b/postgres-operator-ui/values.yaml @@ -8,7 +8,7 @@ replicaCount: 1 image: registry: registry.opensource.zalan.do repository: acid/postgres-operator-ui - tag: v1.7.1 + tag: v1.8.2 pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -39,7 +39,7 @@ resources: # configure UI ENVs envs: - # IMPORTANT: While operator chart and UI chart are idendependent, this is the interface between + # IMPORTANT: While operator chart and UI chart are independent, this is the interface between # UI and operator API. Insert the service name of the operator API here! operatorApiUrl: "http://postgres-operator:8080" operatorClusterNameLabel: "cluster-name" @@ -93,6 +93,7 @@ ingress: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" + ingressClassName: "" hosts: - host: ui.example.org paths: [""] diff --git a/postgres-operator/Chart.yaml b/postgres-operator/Chart.yaml index 7bc9ce8..96dd679 100644 --- a/postgres-operator/Chart.yaml +++ b/postgres-operator/Chart.yaml @@ -1,7 +1,7 @@ -apiVersion: v1 +apiVersion: v2 name: postgres-operator -version: 1.7.1 -appVersion: 1.7.1 +version: 1.8.2 +appVersion: 1.8.2 home: https://github.com/zalando/postgres-operator description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes keywords: diff --git a/postgres-operator/crds/operatorconfigurations.yaml b/postgres-operator/crds/operatorconfigurations.yaml index 90a632f..c5b9a4c 100644 --- a/postgres-operator/crds/operatorconfigurations.yaml +++ b/postgres-operator/crds/operatorconfigurations.yaml @@ -4,8 +4,6 @@ metadata: name: operatorconfigurations.acid.zalan.do labels: app.kubernetes.io/name: postgres-operator - annotations: - "helm.sh/hook": crd-install spec: group: acid.zalan.do names: @@ -63,11 +61,20 @@ spec: configuration: type: object properties: + crd_categories: + type: array + nullable: true + items: + type: string docker_image: type: string - default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p3" + default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p6" + enable_crd_registration: + type: boolean + default: true enable_crd_validation: type: boolean + description: deprecated default: true enable_lazy_spilo_upgrade: type: boolean @@ -89,11 +96,13 @@ spec: default: false max_instances: type: integer - minimum: -1 # -1 = disabled + description: "-1 = disabled" + minimum: -1 default: -1 min_instances: type: integer - minimum: -1 # -1 = disabled + description: "-1 = disabled" + minimum: -1 default: -1 resync_period: type: string @@ -121,6 +130,20 @@ spec: users: type: object properties: + additional_owner_roles: + type: array + nullable: true + items: + type: string + enable_password_rotation: + type: boolean + default: false + password_rotation_interval: + type: integer + default: 90 + password_rotation_user_retention: + type: integer + default: 180 replication_username: type: string default: standby @@ -133,6 +156,10 @@ spec: major_version_upgrade_mode: type: string default: "off" + major_version_upgrade_team_allow_list: + type: array + items: + type: string minimal_major_version: type: string default: "9.6" @@ -170,12 +197,12 @@ spec: type: array items: type: string - enable_init_containers: - type: boolean - default: true enable_cross_namespace_secret: type: boolean default: false + enable_init_containers: + type: boolean + default: true enable_pod_antiaffinity: type: boolean default: false @@ -185,6 +212,10 @@ spec: enable_sidecars: type: boolean default: true + ignored_annotations: + type: array + items: + type: string infrastructure_roles_secret_name: type: string infrastructure_roles_secrets: @@ -228,6 +259,11 @@ spec: type: object additionalProperties: type: string + node_readiness_label_merge: + type: string + enum: + - "AND" + - "OR" oauth_token_secret_name: type: string default: "postgresql-operator" @@ -322,6 +358,12 @@ spec: timeouts: type: object properties: + patroni_api_check_interval: + type: string + default: "1s" + patroni_api_check_timeout: + type: string + default: "5s" pod_label_wait_timeout: type: string default: "10m" @@ -353,9 +395,15 @@ spec: enable_master_load_balancer: type: boolean default: true + enable_master_pooler_load_balancer: + type: boolean + default: false enable_replica_load_balancer: type: boolean default: false + enable_replica_pooler_load_balancer: + type: boolean + default: false external_traffic_policy: type: string enum: @@ -391,18 +439,18 @@ spec: type: string log_s3_bucket: type: string + wal_az_storage_account: + type: string wal_gs_bucket: type: string wal_s3_bucket: type: string - wal_az_storage_account: - type: string logical_backup: type: object properties: logical_backup_docker_image: type: string - default: "registry.opensource.zalan.do/acid/logical-backup:v1.7.1" + default: "registry.opensource.zalan.do/acid/logical-backup:v1.8.2" logical_backup_google_application_credentials: type: string logical_backup_job_prefix: @@ -423,6 +471,8 @@ spec: type: string logical_backup_s3_sse: type: string + logical_backup_s3_retention_time: + type: string logical_backup_schedule: type: string pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' @@ -473,6 +523,7 @@ spec: type: string default: - admin + - cron_admin role_deletion_suffix: type: string default: "_deleted" @@ -537,7 +588,7 @@ spec: default: "pooler" connection_pooler_image: type: string - default: "registry.opensource.zalan.do/acid/pgbouncer:master-19" + default: "registry.opensource.zalan.do/acid/pgbouncer:master-22" connection_pooler_max_db_connections: type: integer default: 60 diff --git a/postgres-operator/crds/postgresqls.yaml b/postgres-operator/crds/postgresqls.yaml index 9ac4cfb..b8d3dcf 100644 --- a/postgres-operator/crds/postgresqls.yaml +++ b/postgres-operator/crds/postgresqls.yaml @@ -4,8 +4,6 @@ metadata: name: postgresqls.acid.zalan.do labels: app.kubernetes.io/name: postgres-operator - annotations: - "helm.sh/hook": crd-install spec: group: acid.zalan.do names: @@ -149,18 +147,12 @@ spec: - "transaction" numberOfInstances: type: integer - minimum: 2 + minimum: 1 resources: type: object - required: - - requests - - limits properties: limits: type: object - required: - - cpu - - memory properties: cpu: type: string @@ -170,9 +162,6 @@ spec: pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' requests: type: object - required: - - cpu - - memory properties: cpu: type: string @@ -199,16 +188,27 @@ spec: type: boolean enableMasterLoadBalancer: type: boolean + enableMasterPoolerLoadBalancer: + type: boolean enableReplicaLoadBalancer: type: boolean + enableReplicaPoolerLoadBalancer: + type: boolean enableShmVolume: type: boolean - init_containers: # deprecated + env: type: array nullable: true items: type: object x-kubernetes-preserve-unknown-fields: true + init_containers: + type: array + description: deprecated + nullable: true + items: + type: object + x-kubernetes-preserve-unknown-fields: true initContainers: type: array nullable: true @@ -231,8 +231,8 @@ spec: items: type: object required: - - weight - preference + - weight properties: preference: type: object @@ -344,14 +344,17 @@ spec: type: boolean synchronous_mode_strict: type: boolean + synchronous_node_count: + type: integer ttl: type: integer podAnnotations: type: object additionalProperties: type: string - pod_priority_class_name: # deprecated + pod_priority_class_name: type: string + description: deprecated podPriorityClassName: type: string postgresql: @@ -395,19 +398,14 @@ spec: type: boolean secretNamespace: type: string - replicaLoadBalancer: # deprecated + replicaLoadBalancer: type: boolean + description: deprecated resources: type: object - required: - - requests - - limits properties: limits: type: object - required: - - cpu - - memory properties: cpu: type: string @@ -436,9 +434,6 @@ spec: # than the corresponding limit. requests: type: object - required: - - cpu - - memory properties: cpu: type: string @@ -466,11 +461,54 @@ spec: type: integer standby: type: object - required: - - s3_wal_path properties: s3_wal_path: type: string + gs_wal_path: + type: string + standby_host: + type: string + standby_port: + type: string + oneOf: + - required: + - s3_wal_path + - required: + - gs_wal_path + - required: + - standby_host + streams: + type: array + items: + type: object + required: + - applicationId + - database + - tables + properties: + applicationId: + type: string + batchSize: + type: integer + database: + type: string + filter: + type: object + additionalProperties: + type: string + tables: + type: object + additionalProperties: + type: object + required: + - eventType + properties: + eventType: + type: string + idColumn: + type: string + payloadColumn: + type: string teamId: type: string tls: @@ -492,10 +530,6 @@ spec: type: array items: type: object - required: - - key - - operator - - effect properties: key: type: string @@ -514,14 +548,14 @@ spec: - PreferNoSchedule tolerationSeconds: type: integer - useLoadBalancer: # deprecated + useLoadBalancer: type: boolean + description: deprecated users: type: object additionalProperties: type: array nullable: true - description: "Role flags specified here must not contradict each other" items: type: string enum: @@ -553,6 +587,16 @@ spec: - SUPERUSER - nosuperuser - NOSUPERUSER + usersWithInPlaceSecretRotation: + type: array + nullable: true + items: + type: string + usersWithSecretRotation: + type: array + nullable: true + items: + type: string volume: type: object required: @@ -567,17 +611,26 @@ spec: type: array items: type: object + required: + - key + - operator properties: key: type: string operator: type: string + enum: + - DoesNotExists + - Exists + - In + - NotIn values: type: array items: type: string matchLabels: type: object + x-kubernetes-preserve-unknown-fields: true size: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' diff --git a/postgres-operator/crds/postgresteams.yaml b/postgres-operator/crds/postgresteams.yaml index fbf873b..b7a3684 100644 --- a/postgres-operator/crds/postgresteams.yaml +++ b/postgres-operator/crds/postgresteams.yaml @@ -4,8 +4,6 @@ metadata: name: postgresteams.acid.zalan.do labels: app.kubernetes.io/name: postgres-operator - annotations: - "helm.sh/hook": crd-install spec: group: acid.zalan.do names: diff --git a/postgres-operator/index.yaml b/postgres-operator/index.yaml index a5a5d4f..ff025ba 100644 --- a/postgres-operator/index.yaml +++ b/postgres-operator/index.yaml @@ -1,9 +1,75 @@ apiVersion: v1 entries: postgres-operator: + - apiVersion: v2 + appVersion: 1.8.2 + created: "2022-06-20T11:57:53.031245647+02:00" + description: Postgres Operator creates and manages PostgreSQL clusters running + in Kubernetes + digest: f77ffad2e98b72a621e5527015cf607935d3ed688f10ba4b626435acb9631b5b + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-1.8.2.tgz + version: 1.8.2 + - apiVersion: v2 + appVersion: 1.8.1 + created: "2022-06-20T11:57:53.029722276+02:00" + description: Postgres Operator creates and manages PostgreSQL clusters running + in Kubernetes + digest: ee0c3bb6ba72fa4289ba3b1c6060e5b312dd023faba2a61b4cb7d9e5e2cc57a5 + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-1.8.1.tgz + version: 1.8.1 + - apiVersion: v1 + appVersion: 1.8.0 + created: "2022-06-20T11:57:53.028188865+02:00" + description: Postgres Operator creates and manages PostgreSQL clusters running + in Kubernetes + digest: 3ae232cf009e09aa2ad11c171484cd2f1b72e63c59735e58fbe2b6eb842f4c86 + home: https://github.com/zalando/postgres-operator + keywords: + - postgres + - operator + - cloud-native + - patroni + - spilo + maintainers: + - email: opensource@zalando.de + name: Zalando + name: postgres-operator + sources: + - https://github.com/zalando/postgres-operator + urls: + - postgres-operator-1.8.0.tgz + version: 1.8.0 - apiVersion: v1 appVersion: 1.7.1 - created: "2021-11-03T11:43:09.121092027+01:00" + created: "2022-06-20T11:57:53.026647776+02:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: 7262563bec0b058e669ae6bcff0226e33fa9ece9c41ac46a53274046afe7700c @@ -25,7 +91,7 @@ entries: version: 1.7.1 - apiVersion: v1 appVersion: 1.7.0 - created: "2021-11-03T11:43:09.119630978+01:00" + created: "2022-06-20T11:57:53.02514275+02:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: c3e99fb94305f81484b8b1af18eefb78681f3b5d057d5ad10565e4afb7c65ffe @@ -47,7 +113,7 @@ entries: version: 1.7.0 - apiVersion: v1 appVersion: 1.6.3 - created: "2021-11-03T11:43:09.118146221+01:00" + created: "2022-06-20T11:57:53.022692764+02:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: ea08f991bf23c9ad114bca98ebcbe3e2fa15beab163061399394905eaee89b35 @@ -69,7 +135,7 @@ entries: version: 1.6.3 - apiVersion: v1 appVersion: 1.6.2 - created: "2021-11-03T11:43:09.115637274+01:00" + created: "2022-06-20T11:57:53.021045272+02:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: d886f8a0879ca07d1e5246ee7bc55710e1c872f3977280fe495db6fc2057a7f4 @@ -91,7 +157,7 @@ entries: version: 1.6.2 - apiVersion: v1 appVersion: 1.6.1 - created: "2021-11-03T11:43:09.114107417+01:00" + created: "2022-06-20T11:57:53.019428631+02:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: 4ba5972cd486dcaa2d11c5613a6f97f6b7b831822e610fe9e10a57ea1db23556 @@ -113,7 +179,7 @@ entries: version: 1.6.1 - apiVersion: v1 appVersion: 1.6.0 - created: "2021-11-03T11:43:09.112550808+01:00" + created: "2022-06-20T11:57:53.017863057+02:00" description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes digest: f52149718ea364f46b4b9eec9a65f6253ad182bb78df541d14cd5277b9c8a8c3 @@ -133,26 +199,4 @@ entries: urls: - postgres-operator-1.6.0.tgz version: 1.6.0 - - apiVersion: v1 - appVersion: 1.5.0 - created: "2021-11-03T11:43:09.110907395+01:00" - description: Postgres Operator creates and manages PostgreSQL clusters running - in Kubernetes - digest: 198351d5db52e65cdf383d6f3e1745d91ac1e2a01121f8476f8b1be728b09531 - home: https://github.com/zalando/postgres-operator - keywords: - - postgres - - operator - - cloud-native - - patroni - - spilo - maintainers: - - email: opensource@zalando.de - name: Zalando - name: postgres-operator - sources: - - https://github.com/zalando/postgres-operator - urls: - - postgres-operator-1.5.0.tgz - version: 1.5.0 -generated: "2021-11-03T11:43:09.109237601+01:00" +generated: "2022-06-20T11:57:53.016179465+02:00" diff --git a/postgres-operator/templates/clusterrole-postgres-pod.yaml b/postgres-operator/templates/clusterrole-postgres-pod.yaml index 33c4382..fdccf16 100644 --- a/postgres-operator/templates/clusterrole-postgres-pod.yaml +++ b/postgres-operator/templates/clusterrole-postgres-pod.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} rules: -# Patroni needs to watch and manage endpoints +# Patroni needs to watch and manage config maps or endpoints {{- if toString .Values.configGeneral.kubernetes_use_configmaps | eq "true" }} - apiGroups: - "" @@ -24,12 +24,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get {{- else }} - apiGroups: - "" diff --git a/postgres-operator/templates/clusterrole.yaml b/postgres-operator/templates/clusterrole.yaml index 885bad3..199086a 100644 --- a/postgres-operator/templates/clusterrole.yaml +++ b/postgres-operator/templates/clusterrole.yaml @@ -34,16 +34,34 @@ rules: - get - list - watch +# all verbs allowed for event streams +{{- if .Values.enableStreams }} +- apiGroups: + - zalando.org + resources: + - fabriceventstreams + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} # to create or get/update CRDs when starting up - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - - create - get +{{- if toString .Values.configGeneral.enable_crd_registration | eq "true" }} + - create - patch - update +{{- end }} # to send events to the CRs - apiGroups: - "" @@ -71,12 +89,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get {{- else }} # to read configuration from ConfigMaps - apiGroups: diff --git a/postgres-operator/templates/crds.yaml b/postgres-operator/templates/crds.yaml deleted file mode 100644 index 7338300..0000000 --- a/postgres-operator/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{ if .Values.crd.create }} -{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/postgres-operator/values.yaml b/postgres-operator/values.yaml index 1ad0964..2650824 100644 --- a/postgres-operator/values.yaml +++ b/postgres-operator/values.yaml @@ -1,7 +1,7 @@ image: registry: registry.opensource.zalan.do repository: acid/postgres-operator - tag: v1.7.1 + tag: v1.8.2 pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. @@ -20,8 +20,11 @@ enableJsonLogging: false # general configuration parameters configGeneral: - # choose if deployment creates/updates CRDs with OpenAPIV3Validation - enable_crd_validation: true + # the deployment should create/update the CRDs + enable_crd_registration: true + # specify categories under which crds should be listed + crd_categories: + - "all" # update only the statefulsets without immediately doing the rolling update enable_lazy_spilo_upgrade: false # set the PGVERSION env var instead of providing the version via postgresql.bin_dir in SPILO_CONFIGURATION @@ -35,7 +38,7 @@ configGeneral: # Select if setup uses endpoints (default), or configmaps to manage leader (DCS=k8s) # kubernetes_use_configmaps: false # Spilo docker image - docker_image: registry.opensource.zalan.do/acid/spilo-14:2.1-p3 + docker_image: registry.opensource.zalan.do/acid/spilo-14:2.1-p6 # min number of instances in Postgres cluster. -1 = no limit min_instances: -1 # max number of instances in Postgres cluster. -1 = no limit @@ -56,6 +59,16 @@ configGeneral: # parameters describing Postgres users configUsers: + # roles to be granted to database owners + # additional_owner_roles: + # - cron_admin + + # enable password rotation for app users that are not database owners + enable_password_rotation: false + # rotation interval for updating credentials in K8s secrets of app users + password_rotation_interval: 90 + # retention interval to keep rotation users + password_rotation_user_retention: 180 # postgres username used for replication between instances replication_username: standby # postgres superuser name to be created by initdb @@ -64,6 +77,10 @@ configUsers: configMajorVersionUpgrade: # "off": no upgrade, "manual": manifest triggers action, "full": minimal version violation triggers too major_version_upgrade_mode: "off" + # upgrades will only be carried out for clusters of listed teams when mode is "off" + # major_version_upgrade_team_allow_list: + # - acid + # minimal Postgres major version that will not automatically be upgraded minimal_major_version: "9.6" # target Postgres major version when upgrading clusters automatically @@ -107,6 +124,11 @@ configKubernetes: enable_pod_disruption_budget: true # enables sidecar containers to run alongside Spilo in the same pod enable_sidecars: true + + # annotations to be ignored when comparing statefulsets, services etc. + # ignored_annotations: + # - k8s.v1.cni.cncf.io/network-status + # namespaced name of the secret containing infrastructure roles names and passwords # infrastructure_roles_secret_name: postgresql-infrastructure-roles @@ -126,6 +148,9 @@ configKubernetes: # node_readiness_label: # status: ready + # defines how nodeAffinity from manifest should be merged with node_readiness_label + # node_readiness_label_merge: "OR" + # namespaced name of the secret containing the OAuth2 token to pass to the teams API # oauth_token_secret_name: postgresql-operator @@ -194,6 +219,10 @@ configPostgresPodResources: # timeouts related to some operator actions configTimeouts: + # interval between consecutive attempts of operator calling the Patroni API + patroni_api_check_interval: 1s + # timeout when waiting for successful response from Patroni API + patroni_api_check_timeout: 5s # timeout when waiting for the Postgres pods to be deleted pod_deletion_wait_timeout: 10m # timeout when waiting for pod role and cluster labels @@ -218,8 +247,12 @@ configLoadBalancer: # toggles service type load balancer pointing to the master pod of the cluster enable_master_load_balancer: false + # toggles service type load balancer pointing to the master pooler pod of the cluster + enable_master_pooler_load_balancer: false # toggles service type load balancer pointing to the replica pod of the cluster enable_replica_load_balancer: false + # toggles service type load balancer pointing to the replica pooler pod of the cluster + enable_replica_pooler_load_balancer: false # define external traffic policy for the load balancer external_traffic_policy: "Cluster" # defines the DNS name string template for the master load balancer cluster @@ -280,7 +313,7 @@ configAwsOrGcp: # configure K8s cron job managed by the operator configLogicalBackup: # image for pods of the logical backup job (example runs pg_dumpall) - logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.7.1" + logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.8.0" # path of google cloud service account json file # logical_backup_google_application_credentials: "" @@ -300,6 +333,8 @@ configLogicalBackup: logical_backup_s3_secret_access_key: "" # S3 server side encryption logical_backup_s3_sse: "AES256" + # S3 retention time for stored backups for example "2 week" or "7 days" + logical_backup_s3_retention_time: "" # backup schedule in the cron format logical_backup_schedule: "30 00 * * *" @@ -328,6 +363,7 @@ configTeamsApi: # List of roles that cannot be overwritten by an application, team or infrastructure role protected_role_names: - admin + - cron_admin # Suffix to add if members are removed from TeamsAPI or PostgresTeam CRD role_deletion_suffix: "_deleted" # role name to grant to team members created from the Teams API @@ -345,7 +381,7 @@ configConnectionPooler: # db user for pooler to use connection_pooler_user: "pooler" # docker image - connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-19" + connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-22" # max db connections the pooler should hold connection_pooler_max_db_connections: 60 # default pooling mode @@ -358,14 +394,14 @@ configConnectionPooler: connection_pooler_default_cpu_limit: "1" connection_pooler_default_memory_limit: 100Mi +# Zalando's internal CDC stream feature +enableStreams: false + rbac: # Specifies whether RBAC resources should be created create: true - -crd: - # Specifies whether custom resource definitions should be created - # When using helm3, this is ignored; instead use "--skip-crds" to skip. - create: true + # Specifies whether ClusterRoles that are aggregated into the K8s default roles should be created. (https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) + createAggregateClusterRoles: false serviceAccount: # Specifies whether a ServiceAccount should be created