diff --git a/setup/helm/operator/crds/operatorconfiguration.crd.yaml b/setup/helm/operator/crds/operatorconfiguration.crd.yaml index 5a4383e..8582c86 100644 --- a/setup/helm/operator/crds/operatorconfiguration.crd.yaml +++ b/setup/helm/operator/crds/operatorconfiguration.crd.yaml @@ -66,7 +66,7 @@ spec: type: string docker_image: type: string - default: "registry.opensource.zalan.do/acid/spilo-14:2.1-p7" + default: "ghcr.io/zalando/spilo-15:2.1-p9" enable_crd_registration: type: boolean default: true @@ -165,10 +165,10 @@ spec: type: string minimal_major_version: type: string - default: "9.6" + default: "11" target_major_version: type: string - default: "14" + default: "15" kubernetes: type: object properties: @@ -276,6 +276,9 @@ spec: pdb_name_format: type: string default: "postgres-{cluster}-pdb" + pod_antiaffinity_preferred_during_scheduling: + type: boolean + default: false pod_antiaffinity_topology_key: type: string default: "kubernetes.io/hostname" @@ -309,6 +312,9 @@ spec: secret_name_template: type: string default: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" + share_pgsocket_with_sidecars: + type: boolean + default: false spilo_allow_privilege_escalation: type: boolean default: true @@ -426,9 +432,15 @@ spec: master_dns_name_format: type: string default: "{cluster}.{namespace}.{hostedzone}" + master_legacy_dns_name_format: + type: string + default: "{cluster}.{team}.{hostedzone}" replica_dns_name_format: type: string default: "{cluster}-repl.{namespace}.{hostedzone}" + replica_legacy_dns_name_format: + type: string + default: "{cluster}-repl.{team}.{hostedzone}" aws_or_gcp: type: object properties: @@ -461,16 +473,38 @@ spec: logical_backup: type: object properties: + logical_backup_azure_storage_account_name: + type: string + logical_backup_azure_storage_container: + type: string + logical_backup_azure_storage_account_key: + type: string + logical_backup_cpu_limit: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + logical_backup_cpu_request: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' logical_backup_docker_image: type: string - default: "registry.opensource.zalan.do/acid/logical-backup:v1.8.2" + default: "registry.opensource.zalan.do/acid/logical-backup:v1.9.0" logical_backup_google_application_credentials: type: string logical_backup_job_prefix: type: string default: "logical-backup-" + logical_backup_memory_limit: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + logical_backup_memory_request: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' logical_backup_provider: type: string + enum: + - "az" + - "gcs" + - "s3" default: "s3" logical_backup_s3_access_key_id: type: string @@ -601,7 +635,7 @@ spec: default: "pooler" connection_pooler_image: type: string - default: "registry.opensource.zalan.do/acid/pgbouncer:master-24" + default: "registry.opensource.zalan.do/acid/pgbouncer:master-26" connection_pooler_max_db_connections: type: integer default: 60 @@ -631,6 +665,12 @@ spec: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "100Mi" + patroni: + type: object + properties: + failsafe_mode: + type: boolean + default: false status: type: object additionalProperties: diff --git a/setup/helm/operator/crds/postgresql.crd.yaml b/setup/helm/operator/crds/postgresql.crd.yaml index 8d85766..b17ab9e 100644 --- a/setup/helm/operator/crds/postgresql.crd.yaml +++ b/setup/helm/operator/crds/postgresql.crd.yaml @@ -213,6 +213,121 @@ spec: items: type: object x-kubernetes-preserve-unknown-fields: true + topologySpreadConstraints: + description: 'Topology spread constraints of a Dedicated + repo host pod. Changing this value causes the repo host + to restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/' + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between + the number of matching pods in the target topology + and the global minimum. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the + same labelSelector spread as 1/1/0: | zone1 | + zone2 | zone3 | | P | P | | - if + MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and + try to put balanced number of pods into each bucket. + It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to + deal with a pod if it doesn''t satisfy the spread + constraint. - DoNotSchedule (default) tells the + scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any + location, but giving higher precedence to topologies + that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming + pod if and only if every possible node assigment + for that pod would violate "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set + to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) + satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array logicalBackupSchedule: type: string pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' @@ -221,6 +336,10 @@ spec: items: type: string pattern: '^\ *((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))-((Mon|Tue|Wed|Thu|Fri|Sat|Sun):(2[0-3]|[01]?\d):([0-5]?\d)|(2[0-3]|[01]?\d):([0-5]?\d))\ *$' + masterServiceAnnotations: + type: object + additionalProperties: + type: string nodeAffinity: type: object properties: @@ -318,6 +437,8 @@ spec: patroni: type: object properties: + failsafe_mode: + type: boolean initdb: type: object additionalProperties: @@ -398,6 +519,10 @@ spec: replicaLoadBalancer: type: boolean description: deprecated + replicaServiceAnnotations: + type: object + additionalProperties: + type: string resources: type: object properties: @@ -708,6 +833,27 @@ spec: type: array items: type: string + resources: + type: object + properties: + limits: + type: object + properties: + cpu: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + memory: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' + requests: + type: object + properties: + cpu: + type: string + pattern: '^(\d+m|\d+(\.\d{1,3})?)$' + memory: + type: string + pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' required: - image - repos diff --git a/setup/helm/operator/templates/operator-service-account-rbac-openshift.yaml b/setup/helm/operator/templates/operator-service-account-rbac-openshift.yaml index 7830c8a..26b770a 100644 --- a/setup/helm/operator/templates/operator-service-account-rbac-openshift.yaml +++ b/setup/helm/operator/templates/operator-service-account-rbac-openshift.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: postgres-operator - namespace: {{ .Release.Namespace }} + namespace: {{ .Values.operatorSettings.operator_namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -210,6 +210,15 @@ rules: verbs: - get - create +# to grant privilege to run privileged pods (not needed by default) +#- apiGroups: +# - extensions +# resources: +# - podsecuritypolicies +# resourceNames: +# - privileged +# verbs: +# - use --- apiVersion: rbac.authorization.k8s.io/v1 @@ -223,14 +232,7 @@ roleRef: subjects: - kind: ServiceAccount name: postgres-operator - namespace: {{ .Release.Namespace }} - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: postgres-pod - namespace: {{ .Release.Namespace }} + namespace: {{ .Values.operatorSettings.operator_namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -270,23 +272,12 @@ rules: - services verbs: - create -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: postgres-pod -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: postgres-pod -subjects: -- kind: ServiceAccount - name: postgres-pod - namespace: {{ .Release.Namespace }} \ No newline at end of file +# to grant privilege to run privileged pods (not needed by default) +#- apiGroups: +# - extensions +# resources: +# - podsecuritypolicies +# resourceNames: +# - privileged +# verbs: +# - use \ No newline at end of file diff --git a/setup/helm/operator/values.yaml b/setup/helm/operator/values.yaml index e99570a..0540a32 100644 --- a/setup/helm/operator/values.yaml +++ b/setup/helm/operator/values.yaml @@ -15,6 +15,9 @@ imagePullSecretNames: [] # Define the operator settings to add to the configmap operatorSettings: - operatorImage: 'docker.io/cybertecpostgresql/cybertec-pg-operator:0.3.0-1' + operatorImage: 'docker.io/cybertecpostgresql/cybertec-pg-operator:0.5.0-2' namespace: '*' enable_pod_antiaffinity: 'true' + operator_namespace: 'zalando' + +