Skip to content

Commit df06f64

Browse files
authored
Major update (#566)
* Bump controller-runtime * Fix metricsserver BindAddress * ... * Use same keys for logging in both reconcilers * Use common ns key in operatormanager as well * Add keys in lbmanager as well * Use both keys * Revert "Use both keys" This reverts commit d66c243. * Pass along logger * key naming * Logging * Logging * Logging * Logging * Logging * Logging * Logging * Logging * Logging * Set RequeueAfter * Logging * Logging * Logging * Logging * Logging * Add delay for requeueing * Add privileged label for initial development * operator-update step 1: bump version * operator update step 2: make svc-postgres-operator-yaml * operator update step 3: check config * operator update: update securityContext * Update YAML * Update YAML * Update securityContext of initDBJob * Add TODO * Add securityContext to etcd * Add runAsUser * Disable readonly filesystem * Update backup-restore-sidecar (and etcd) * Update etcd configMap * Revert "Set RequeueAfter" This reverts commit bdd9df0. * #88 Use default serviceAccount * Update existing namespaces with new label * Rename, logging and cleanup * (Temporarily) removing call to patroni for testing * Update to latest v0.16.x bugfix release * Add option for patroni failsafe mode (for e.g. when using K8s as DCS) * Change name again (fix for old cert-manager versions) * Revert "Change name again (fix for old cert-manager versions)" This reverts commit 9a5e7d6. * Set to nil when not needed (so it will actually be removed from the CR) * Sync mode reloaded (#572) * Check patronic config and only update if neccessary * Refactoring * ... * Refactoring * Fix linter warnings * Fix linter warning * Delay requeue by 10 secs * Check before updating standby configs as well * Improve logging * Improve logging * Improve logging * Fix check for SynchronousNodesAdditional * Fix comparison, improve logging * Additional nil check... * Test different execution order for primaries and standbies * Revert "Test different execution order for primaries and standbies" This reverts commit 3f57b1c. * Logging * Refactoring * Make requeue duration configurable * Rename variable * Add additional check (but only log the result for now) * Only requeue when REST call was successful * Fix linter errors * Set to nil when not needed (so it will actually be removed from the CR) * Only set the params required for sync replication and leave the rest to the postgres operator * Remove unneccessary code * logging * Remove unused code * Fix logic * Update logic * Revert "Remove unused code" This reverts commit 7e525ec. * Revert "Remove unneccessary code" This reverts commit 00cc28f. * Update previously reverted code * Set all values when paching * Logging * Back to status quo: set the whole config * typo * Logging * Remove TODOs after review * Simplify
1 parent cc65fff commit df06f64

File tree

10 files changed

+480
-449
lines changed

10 files changed

+480
-449
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
1919
CONTROLLER_TOOLS_VERSION ?= v0.14.0
2020

2121
# Postgres operator variables for YAML download
22-
POSTGRES_OPERATOR_VERSION ?= v1.6.0
22+
POSTGRES_OPERATOR_VERSION ?= v1.11.0
2323
POSTGRES_OPERATOR_URL ?= https://raw.githubusercontent.com/zalando/postgres-operator/$(POSTGRES_OPERATOR_VERSION)/manifests
2424
POSTGRES_CRD_URL ?= https://raw.githubusercontent.com/zalando/postgres-operator/$(POSTGRES_OPERATOR_VERSION)/charts/postgres-operator/crds/postgresqls.yaml
2525

controllers/postgres_controller.go

Lines changed: 184 additions & 69 deletions
Large diffs are not rendered by default.

controllers/suite_test.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ import (
3333
zalando "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
3434
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
3535
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
36+
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
3637
// +kubebuilder:scaffold:imports
3738
)
3839

@@ -101,8 +102,10 @@ var _ = BeforeSuite(func() {
101102
Expect(ctrlClusterMgr).ToNot(BeNil())
102103

103104
svcClusterMgr, err := cr.NewManager(svcClusterCfg, cr.Options{
104-
MetricsBindAddress: "0",
105-
Scheme: scheme,
105+
Metrics: metricsserver.Options{
106+
BindAddress: "0",
107+
},
108+
Scheme: scheme,
106109
})
107110
Expect(err).ToNot(HaveOccurred())
108111
Expect(svcClusterMgr).ToNot(BeNil())

external/svc-etcd.yaml

Lines changed: 45 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,8 @@ items:
6666
backup-cron-schedule: "*/1 * * * *"
6767
object-prefix: etcd-psql
6868
compression-method: tarlz4
69+
post-exec-cmds:
70+
- etcd --data-dir=/data/etcd --listen-metrics-urls http://0.0.0.0:2381
6971
- kind: StatefulSet
7072
apiVersion: apps/v1
7173
metadata:
@@ -96,7 +98,7 @@ items:
9698
spec:
9799
serviceAccountName: patroni-etcd
98100
containers:
99-
- image: quay.io/coreos/etcd:v3.5.4
101+
- image: quay.io/coreos/etcd:v3.5.13
100102
# can also be gcr.io/etcd-development/etcd
101103
env:
102104
- name: ETCD_ENABLE_V2
@@ -113,12 +115,8 @@ items:
113115
value: default=http://etcd-psql-headless.ft-etcd-psql.svc.cluster.local:2380
114116
name: etcd
115117
command:
116-
- tini
117-
- --
118-
args:
119-
- sh
120-
- -c
121-
- backup-restore-sidecar wait && etcd --data-dir=/data/etcd --listen-metrics-urls http://0.0.0.0:2381
118+
- backup-restore-sidecar
119+
- wait
122120
imagePullPolicy: IfNotPresent
123121
livenessProbe:
124122
exec:
@@ -155,6 +153,16 @@ items:
155153
requests:
156154
cpu: 300m
157155
memory: 1G
156+
securityContext:
157+
allowPrivilegeEscalation: false
158+
readOnlyRootFilesystem: true
159+
runAsNonRoot: true
160+
runAsUser: 1000
161+
seccompProfile:
162+
type: RuntimeDefault
163+
capabilities:
164+
drop:
165+
- ALL
158166
terminationMessagePath: /dev/termination-log
159167
terminationMessagePolicy: File
160168
volumeMounts:
@@ -165,10 +173,7 @@ items:
165173
mountPath: /usr/local/bin/backup-restore-sidecar
166174
- name: backup-restore-sidecar-config
167175
mountPath: /etc/backup-restore-sidecar
168-
- name: bin-provision
169-
subPath: tini
170-
mountPath: /usr/local/bin/tini
171-
- image: quay.io/coreos/etcd:v3.5.4
176+
- image: quay.io/coreos/etcd:v3.5.13
172177
name: backup-restore-sidecar
173178
env:
174179
- name: BACKUP_RESTORE_SIDECAR_S3_BUCKET_NAME
@@ -197,37 +202,52 @@ items:
197202
key: secret-key
198203
name: etcd-backup-restore-s3-config
199204
command:
200-
- tini
201-
- --
202-
args:
203-
- sh
204-
- -c
205-
- mkdir -p /data/etcd && backup-restore-sidecar start --log-level debug
205+
- backup-restore-sidecar
206+
- start
207+
- --log-level=debug
208+
securityContext:
209+
allowPrivilegeEscalation: false
210+
readOnlyRootFilesystem: false
211+
runAsNonRoot: true
212+
runAsUser: 1000
213+
seccompProfile:
214+
type: RuntimeDefault
215+
capabilities:
216+
drop:
217+
- ALL
206218
volumeMounts:
207219
- name: etcd
208220
mountPath: /data
221+
- name: tmp-backup
222+
mountPath: /backup
209223
- name: bin-provision
210224
subPath: backup-restore-sidecar
211225
mountPath: /usr/local/bin/backup-restore-sidecar
212226
- name: backup-restore-sidecar-config
213227
mountPath: /etc/backup-restore-sidecar
214-
- name: bin-provision
215-
subPath: tini
216-
mountPath: /usr/local/bin/tini
217228
- name: bin-provision
218229
subPath: certs
219230
mountPath: /etc/ssl/certs
220231
initContainers:
221232
- name: backup-restore-sidecar-provider
222-
image: ghcr.io/metal-stack/backup-restore-sidecar:latest
233+
image: ghcr.io/metal-stack/backup-restore-sidecar:v0.10.2
223234
imagePullPolicy: IfNotPresent
224235
command:
225236
- cp
226237
- -r
227238
- /etc/ssl/certs
228239
- /backup-restore-sidecar
229-
- /ubuntu/tini
230240
- /bin-provision
241+
securityContext:
242+
allowPrivilegeEscalation: false
243+
readOnlyRootFilesystem: true
244+
runAsNonRoot: true
245+
runAsUser: 1000
246+
seccompProfile:
247+
type: RuntimeDefault
248+
capabilities:
249+
drop:
250+
- ALL
231251
ports:
232252
- containerPort: 2112
233253
volumeMounts:
@@ -242,6 +262,9 @@ items:
242262
- emptyDir:
243263
sizeLimit: 1Gi
244264
name: etcd
265+
- emptyDir:
266+
sizeLimit: 1Gi
267+
name: tmp-backup
245268
- kind: Service
246269
apiVersion: v1
247270
metadata:

0 commit comments

Comments
 (0)