Skip to content

Commit

Permalink
Major update (#566)
Browse files Browse the repository at this point in the history 
* Bump controller-runtime

* Fix metricsserver BindAddress

* ...

* Use same keys for logging in both reconcilers

* Use common ns key in operatormanager as well

* Add keys in lbmanager as well

* Use both keys

* Revert "Use both keys"

This reverts commit d66c243.

* Pass along logger

* key naming

* Logging

* Logging

* Logging

* Logging

* Logging

* Logging

* Logging

* Logging

* Logging

* Set RequeueAfter

* Logging

* Logging

* Logging

* Logging

* Logging

* Add delay for requeueing

* Add privileged label for initial development

* operator-update step 1:
bump version

* operator update step 2:
make svc-postgres-operator-yaml

* operator update step 3:
check config

* operator update:
update securityContext

* Update YAML

* Update YAML

* Update securityContext of initDBJob

* Add TODO

* Add securityContext to etcd

* Add runAsUser

* Disable readonly filesystem

* Update backup-restore-sidecar (and etcd)

* Update etcd configMap

* Revert "Set RequeueAfter"

This reverts commit bdd9df0.

* #88 Use default serviceAccount

* Update existing namespaces with new label

* Rename, logging and cleanup

* (Temporarily) removing call to patroni for testing

* Update to latest v0.16.x bugfix release

* Add option for patroni failsafe mode (for e.g. when using K8s as DCS)

* Change name again (fix for old cert-manager versions)

* Revert "Change name again (fix for old cert-manager versions)"

This reverts commit 9a5e7d6.

* Set to nil when not needed (so it will actually be removed from the CR)

* Sync mode reloaded (#572)

* Check patronic config and only update if neccessary

* Refactoring

* ...

* Refactoring

* Fix linter warnings

* Fix linter warning

* Delay requeue by 10 secs

* Check before updating standby configs as well

* Improve logging

* Improve logging

* Improve logging

* Fix check for SynchronousNodesAdditional

* Fix comparison, improve logging

* Additional nil check...

* Test different execution order for primaries and standbies

* Revert "Test different execution order for primaries and standbies"

This reverts commit 3f57b1c.

* Logging

* Refactoring

* Make requeue duration configurable

* Rename variable

* Add additional check (but only log the result for now)

* Only requeue when REST call was successful

* Fix linter errors

* Set to nil when not needed (so it will actually be removed from the CR)

* Only set the params required for sync replication and leave the rest to the postgres operator

* Remove unneccessary code

* logging

* Remove unused code

* Fix logic

* Update logic

* Revert "Remove unused code"

This reverts commit 7e525ec.

* Revert "Remove unneccessary code"

This reverts commit 00cc28f.

* Update previously reverted code

* Set all values when paching

* Logging

* Back to status quo: set the whole config

* typo

* Logging

* Remove TODOs after review

* Simplify
  • Loading branch information
@eberlep
eberlep committed Jun 28, 2024
1 parent cc65fff commit df06f64
Show file tree
Hide file tree
Showing 10 changed files with 480 additions and 449 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
CONTROLLER_TOOLS_VERSION ?= v0.14.0

# Postgres operator variables for YAML download
POSTGRES_OPERATOR_VERSION ?= v1.6.0
POSTGRES_OPERATOR_VERSION ?= v1.11.0
POSTGRES_OPERATOR_URL ?= https://raw.githubusercontent.com/zalando/postgres-operator/$(POSTGRES_OPERATOR_VERSION)/manifests
POSTGRES_CRD_URL ?= https://raw.githubusercontent.com/zalando/postgres-operator/$(POSTGRES_OPERATOR_VERSION)/charts/postgres-operator/crds/postgresqls.yaml

Expand Down
253 changes: 184 additions & 69 deletions controllers/postgres_controller.go
View file

Large diffs are not rendered by default.

7 changes: 5 additions & 2 deletions controllers/suite_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ import (
zalando "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
// +kubebuilder:scaffold:imports
)

Expand Down Expand Up @@ -101,8 +102,10 @@ var _ = BeforeSuite(func() {
Expect(ctrlClusterMgr).ToNot(BeNil())

svcClusterMgr, err := cr.NewManager(svcClusterCfg, cr.Options{
MetricsBindAddress: "0",
Scheme: scheme,
Metrics: metricsserver.Options{
BindAddress: "0",
},
Scheme: scheme,
})
Expect(err).ToNot(HaveOccurred())
Expect(svcClusterMgr).ToNot(BeNil())
Expand Down
67 changes: 45 additions & 22 deletions external/svc-etcd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ items:
backup-cron-schedule: "*/1 * * * *"
object-prefix: etcd-psql
compression-method: tarlz4
post-exec-cmds:
- etcd --data-dir=/data/etcd --listen-metrics-urls http://0.0.0.0:2381
- kind: StatefulSet
apiVersion: apps/v1
metadata:
Expand Down Expand Up @@ -96,7 +98,7 @@ items:
spec:
serviceAccountName: patroni-etcd
containers:
- image: quay.io/coreos/etcd:v3.5.4
- image: quay.io/coreos/etcd:v3.5.13
# can also be gcr.io/etcd-development/etcd
env:
- name: ETCD_ENABLE_V2
Expand All @@ -113,12 +115,8 @@ items:
value: default=http://etcd-psql-headless.ft-etcd-psql.svc.cluster.local:2380
name: etcd
command:
- tini
- --
args:
- sh
- -c
- backup-restore-sidecar wait && etcd --data-dir=/data/etcd --listen-metrics-urls http://0.0.0.0:2381
- backup-restore-sidecar
- wait
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
Expand Down Expand Up @@ -155,6 +153,16 @@ items:
requests:
cpu: 300m
memory: 1G
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
Expand All @@ -165,10 +173,7 @@ items:
mountPath: /usr/local/bin/backup-restore-sidecar
- name: backup-restore-sidecar-config
mountPath: /etc/backup-restore-sidecar
- name: bin-provision
subPath: tini
mountPath: /usr/local/bin/tini
- image: quay.io/coreos/etcd:v3.5.4
- image: quay.io/coreos/etcd:v3.5.13
name: backup-restore-sidecar
env:
- name: BACKUP_RESTORE_SIDECAR_S3_BUCKET_NAME
Expand Down Expand Up @@ -197,37 +202,52 @@ items:
key: secret-key
name: etcd-backup-restore-s3-config
command:
- tini
- --
args:
- sh
- -c
- mkdir -p /data/etcd && backup-restore-sidecar start --log-level debug
- backup-restore-sidecar
- start
- --log-level=debug
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
volumeMounts:
- name: etcd
mountPath: /data
- name: tmp-backup
mountPath: /backup
- name: bin-provision
subPath: backup-restore-sidecar
mountPath: /usr/local/bin/backup-restore-sidecar
- name: backup-restore-sidecar-config
mountPath: /etc/backup-restore-sidecar
- name: bin-provision
subPath: tini
mountPath: /usr/local/bin/tini
- name: bin-provision
subPath: certs
mountPath: /etc/ssl/certs
initContainers:
- name: backup-restore-sidecar-provider
image: ghcr.io/metal-stack/backup-restore-sidecar:latest
image: ghcr.io/metal-stack/backup-restore-sidecar:v0.10.2
imagePullPolicy: IfNotPresent
command:
- cp
- -r
- /etc/ssl/certs
- /backup-restore-sidecar
- /ubuntu/tini
- /bin-provision
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
ports:
- containerPort: 2112
volumeMounts:
Expand All @@ -242,6 +262,9 @@ items:
- emptyDir:
sizeLimit: 1Gi
name: etcd
- emptyDir:
sizeLimit: 1Gi
name: tmp-backup
- kind: Service
apiVersion: v1
metadata:
Expand Down
Loading

0 comments on commit df06f64

Please sign in to comment.