diff --git a/package-lock.json b/package-lock.json index a5520390a11..6600383ab7b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -320,11 +320,12 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.21.4", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.21.4.tgz", - "integrity": "sha512-LYvhNKfwWSPpocw8GI7gpK2nq3HSDuEPC/uSYaALSJu9xjsalaaYFOq0Pwt5KmVqwEbZlDu81aLXwBOmD/Fv9g==", + "version": "7.22.13", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", + "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", "dependencies": { - "@babel/highlight": "^7.18.6" + "@babel/highlight": "^7.22.13", + "chalk": "^2.4.2" }, "engines": { "node": ">=6.9.0" @@ -401,11 +402,11 @@ } }, "node_modules/@babel/generator": { - "version": "7.21.4", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.21.4.tgz", - "integrity": "sha512-NieM3pVIYW2SwGzKoqfPrQsf4xGs9M9AIG3ThppsSRmO+m7eQhmI6amajKMUeIO37wFfsvnvcxQFx6x6iqxDnA==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", + "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", "dependencies": { - "@babel/types": "^7.21.4", + "@babel/types": "^7.23.0", "@jridgewell/gen-mapping": "^0.3.2", "@jridgewell/trace-mapping": "^0.3.17", "jsesc": "^2.5.1" @@ -524,9 +525,9 @@ } }, "node_modules/@babel/helper-environment-visitor": { - "version": "7.18.9", - "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.18.9.tgz", - "integrity": "sha512-3r/aACDJ3fhQ/EVgFy0hpj8oHyHpQc+LPtJoY9SzTThAsStm4Ptegq92vqKoE3vD706ZVFWITnMnxucw+S9Ipg==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==", "engines": { "node": ">=6.9.0" } @@ -543,23 +544,23 @@ } }, "node_modules/@babel/helper-function-name": { - "version": "7.21.0", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.21.0.tgz", - "integrity": "sha512-HfK1aMRanKHpxemaY2gqBmL04iAPOPRj7DxtNbiDOrJK+gdwkiNRVpCpUJYbUT+aZyemKN8brqTOxzCaG6ExRg==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "dependencies": { - "@babel/template": "^7.20.7", - "@babel/types": "^7.21.0" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-hoist-variables": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz", - "integrity": "sha512-UlJQPkFqFULIcyW5sbzgbkxn2FKRgwWiRexcuaR8RNJRy8+LLveqPjwZV/bwrLZCN0eUHD/x8D0heK1ozuoo6Q==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "dependencies": { - "@babel/types": "^7.18.6" + "@babel/types": "^7.22.5" }, "engines": { "node": ">=6.9.0" @@ -680,28 +681,28 @@ } }, "node_modules/@babel/helper-split-export-declaration": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.18.6.tgz", - "integrity": "sha512-bde1etTx6ZyTmobl9LLMMQsaizFVZrquTEHOqKeQESMKo4PlObf+8+JA25ZsIpZhT/WEd39+vOdLXAFG/nELpA==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "dependencies": { - "@babel/types": "^7.18.6" + "@babel/types": "^7.22.5" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-string-parser": { - "version": "7.19.4", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.19.4.tgz", - "integrity": "sha512-nHtDoQcuqFmwYNYPz3Rah5ph2p8PFeFCsZk9A/48dPc/rGocJ5J3hAAZ7pb76VWX3fZKu+uEr/FhH5jLx7umrw==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", + "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.19.1", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz", - "integrity": "sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", "engines": { "node": ">=6.9.0" } @@ -742,12 +743,12 @@ } }, "node_modules/@babel/highlight": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.18.6.tgz", - "integrity": "sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", + "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", "dependencies": { - "@babel/helper-validator-identifier": "^7.18.6", - "chalk": "^2.0.0", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" }, "engines": { @@ -755,9 +756,9 @@ } }, "node_modules/@babel/parser": { - "version": "7.21.4", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.21.4.tgz", - "integrity": "sha512-alVJj7k7zIxqBZ7BTRhz0IqJFxW1VJbm6N8JbcYhQ186df9ZBPbZBmWSqAMXwHGsCJdYks7z/voa3ibiS5bCIw==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", + "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==", "bin": { "parser": "bin/babel-parser.js" }, @@ -2033,31 +2034,31 @@ } }, "node_modules/@babel/template": { - "version": "7.20.7", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.20.7.tgz", - "integrity": "sha512-8SegXApWe6VoNw0r9JHpSteLKTpTiLZ4rMlGIm9JQ18KiCtyQiAMEazujAHrUS5flrcqYZa75ukev3P6QmUwUw==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "dependencies": { - "@babel/code-frame": "^7.18.6", - "@babel/parser": "^7.20.7", - "@babel/types": "^7.20.7" + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.21.4", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.21.4.tgz", - "integrity": "sha512-eyKrRHKdyZxqDm+fV1iqL9UAHMoIg0nDaGqfIOd8rKH17m5snv7Gn4qgjBoFfLz9APvjFU/ICT00NVCv1Epp8Q==", - "dependencies": { - "@babel/code-frame": "^7.21.4", - "@babel/generator": "^7.21.4", - "@babel/helper-environment-visitor": "^7.18.9", - "@babel/helper-function-name": "^7.21.0", - "@babel/helper-hoist-variables": "^7.18.6", - "@babel/helper-split-export-declaration": "^7.18.6", - "@babel/parser": "^7.21.4", - "@babel/types": "^7.21.4", + "version": "7.23.2", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", + "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", + "dependencies": { + "@babel/code-frame": "^7.22.13", + "@babel/generator": "^7.23.0", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.0", + "@babel/types": "^7.23.0", "debug": "^4.1.0", "globals": "^11.1.0" }, @@ -2066,12 +2067,12 @@ } }, "node_modules/@babel/types": { - "version": "7.21.4", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.21.4.tgz", - "integrity": "sha512-rU2oY501qDxE8Pyo7i/Orqma4ziCOrby0/9mvbDUGEfvZjb279Nk9k19e2fiCxHbRRpY2ZyrgW1eq22mvmOIzA==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", + "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", "dependencies": { - "@babel/helper-string-parser": "^7.19.4", - "@babel/helper-validator-identifier": "^7.19.1", + "@babel/helper-string-parser": "^7.22.5", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" }, "engines": { diff --git a/product_docs/docs/biganimal/release/planning/deployment_options/index.mdx b/product_docs/docs/biganimal/release/planning/deployment_options/index.mdx index b6a91bed1b3..a39b17b1c7e 100644 --- a/product_docs/docs/biganimal/release/planning/deployment_options/index.mdx +++ b/product_docs/docs/biganimal/release/planning/deployment_options/index.mdx @@ -18,7 +18,7 @@ When deploying in your cloud account, you need to set up your cloud service prov BigAnimal's cloud account offers a seamless deployment option if you don't want to set up a separate cloud account for your clusters. You can deploy a cluster in BigAnimal's cloud account instantly. !!! Note Note -Currently, when you deploy in BigAnimal's cloud account, you can use AWS or Google Cloud as your cloud provider. +Currently, when you deploy in BigAnimal's cloud account, you can use AWS or Google Cloud as your cloud provider. If you want to use your cloud account's Identity and Access Management (IAM) service for database authentication, you must deploy clusters in your own cloud account. If you deploy using BigAnimal's cloud account, the underlying cloud provider is hidden, so you can't manage IAM access. !!! diff --git a/product_docs/docs/biganimal/release/using_cluster/01_postgres_access/index.mdx b/product_docs/docs/biganimal/release/using_cluster/01_postgres_access/index.mdx index bd207325b1f..51c5804f7fc 100644 --- a/product_docs/docs/biganimal/release/using_cluster/01_postgres_access/index.mdx +++ b/product_docs/docs/biganimal/release/using_cluster/01_postgres_access/index.mdx @@ -98,7 +98,7 @@ If you use a single database to host multiple schemas, create a database owner a ``` ## IAM authentication for Postgres -Any AWS user with an AWS account connected to a BigAnimal subscription who has the Postgres role of iam_aws can authenticate to the database using their AWS IAM credentials. +Any user with a supported cloud account connected to a BigAnimal subscription who has the Postgres IAM role iam_aws, iam_azure, or iam_gcp can authenticate to the database using their IAM credentials. ### Configuring IAM for Postgres @@ -109,32 +109,37 @@ Provision your cluster before configuring IAM for Postgres. 1. Select **Create Cluster** or **Save**. !!!note To turn on IAM authentication using the CLI, see [Using IAM authentication on AWS](/biganimal/latest/reference/cli/using_features/#iam-authentication-cli-commands). -1. In AWS, get the ARN of each IAM user requiring database access. In the AWS account connected to BigAnimal, use AWS Identity and Access Management (IAM) to perform user management. See the [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html). +1. From your cloud provider, get the user name of each IAM user requiring database access. In the cloud account connected to BigAnimal, use Identity and Access Management (IAM) to perform user management. -1. In Postgres, if the IAM role doesn’t exist yet, run this Postgres command: +1. In Postgres, if the IAM role doesn’t exist yet, use the `CREATE ROLE` command. For example, for AWS, use: ``` CREATE ROLE "iam_aws"; ``` -1. For each IAM user, run this Postgres command: +1. For each IAM user, run the `CREATE USER` Postgres command. For example, for AWS, use: ``` CREATE USER "" IN ROLE iam_aws; ``` + Where <ARN> is the Amazon resource name. (For Azure, use the user principal name. For GCP, use the email address.) + ### Logging in to Postgres using IAM credentials -If IAM integration is configured for your cluster, you can log in to Postgres using your AWS Amazon Resource Name (ARN) and access key. Using this ARN + access key combination allows you to connect to your Postgres database using your AWS IAM standard credentials. +If IAM integration is configured for your cluster, you can log in to Postgres using your cloud credentials. Alternatively, you can use your token instead of your password. Logging in either way allows you to connect to your Postgres database using your cloud account's IAM standard credentials. + +For either method, you must first authenticate to your cloud service provider IAM to get your password or token. !!! Note You can continue to log in using your Postgres username and password. However, doing so doesn’t provide IAM authentication even if this feature is configured. -1. Using your AWS CLI or Cloud shell, obtain your ARN and access key. For guidance on obtaining your ARN and access key, see [Managing access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). +1. Get your credentials for your IAM-managed cloud account. + - For AWS, your password is your access key (in the form <access key id>:<secret access key>). To get your access key, see [get-access-key-info](https://docs.aws.amazon.com/cli/latest/reference/sts/get-access-key-info.html) To get your authorization token, see [get-authorization-token](https://docs.aws.amazon.com/cli/latest/reference/ecr-public/get-authorization-token.html). + - For GCP, to get your access token, see [Create a short-lived access token](https://cloud.google.com/iam/docs/create-short-lived-credentials-direct). + - For Azure, to get your access token, see [the get-access-token command](https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az-account-get-access-token()). 1. Connect to Postgres using your IAM credentials. -1. When prompted for the password, enter your access key (``). ### Using IAM authentication CLI commands For information on integrating with IAM on AWS using the CLI, see [IAM authentication CLI commands](/biganimal/latest/reference/cli/using_features/#iam-authentication-cli-commands). - diff --git a/product_docs/docs/biganimal/release/using_cluster/extensions.mdx b/product_docs/docs/biganimal/release/using_cluster/extensions.mdx index 771cca60523..bb6bacf17f9 100644 --- a/product_docs/docs/biganimal/release/using_cluster/extensions.mdx +++ b/product_docs/docs/biganimal/release/using_cluster/extensions.mdx @@ -42,7 +42,6 @@ PostgreSQL contrib extensions/modules: - pglogical3 (PostgreSQL v12 and v13 only) - pgrowlocks - pgstattupple -- postgis - postgres_fdw - seg (PostgreSQL v12 only) - sslinfo @@ -70,7 +69,7 @@ EDB extensions: ## Installing extensions -Use the [`CREATE EXTENSION`](https://www.postgresql.org/docs/current/sql-createextension.html) command to install most extensions. You must enable certain extensions, including the EDB Postgres Tuner (pg_tuner) extension and PostGIS on the **DB Configuration** tab of the Create or Edit Cluster page of the BigAnimal portal. +Use the [`CREATE EXTENSION`](https://www.postgresql.org/docs/current/sql-createextension.html) command to install extensions, except for the EDB Postgres Tuner (pg_tuner) extension. You enable edb_pg_tuner on the **DB Configuration** tab of the Create or Edit Cluster page of the BigAnimal portal. ### Example: Installing multiple extensions diff --git a/product_docs/docs/edb_plus/41/installing/configuring_linux_installation.mdx b/product_docs/docs/edb_plus/41/installing/configuring_linux_installation.mdx index 2b9248443fe..7a722b13e15 100644 --- a/product_docs/docs/edb_plus/41/installing/configuring_linux_installation.mdx +++ b/product_docs/docs/edb_plus/41/installing/configuring_linux_installation.mdx @@ -5,9 +5,11 @@ redirects: - /edb_plus/latest/03_installing_edb_plus/install_on_linux/configuring_linux_installation/ --- -By default, the `pg_hba.conf` file for the RPM installer enforces `IDENT` authentication. Before invoking EDB\*Plus, you must either modify the `pg_hba.conf` file, changing the authentication method to a form other than `IDENT` (and restarting the server), or perform the following steps to ensure that an `IDENT` server is accessible: +By default, the `pg_hba.conf` file for the RPM installer enforces `IDENT` authentication. Before invoking EDB\*Plus, you must either: +- Modify the `pg_hba.conf` file, changing the authentication method to a form other than `IDENT` (and restarting the server. +- Ensure that an `IDENT` server is accessible. -You must confirm that an `identd` server is installed and running. You can use the `yum` package manager to install an `identd` server by invoking the command: +To ensure an `IDENT` server is accessible, you must confirm that an `identd` server is installed and running. You can use the `yum` package manager to install an `identd` server. - On RHEL or CentOS 7: @@ -21,7 +23,7 @@ You must confirm that an `identd` server is installed and running. You can use t dnf -y install xinetd authd ``` -The command should create a file named `/etc/xinetd.d/auth` that contains: +The command creates a file named `/etc/xinetd.d/auth` that contains: ```text service auth @@ -37,9 +39,9 @@ server = /usr/sbin/in.authd server_args = -t60 --xerror –os ``` !!! Note - If the file includes a `-E` argument at the end of the server arguments, please erase `-E`. + If the file includes a `-E` argument at the end of the server arguments, delete `-E`. -Then, to start the `identd` server, invoke the following commands: +To start the `identd` server: ```text systemctl enable xinetd @@ -55,18 +57,18 @@ Open the `pg_ident.conf` file and create a user mapping: Where: -- The name specified in the `map_name` column is a user-defined name that will identify the mapping in the `pg_hba.conf` file. +- The name specified in the `map_name` column is a name you define to identify the mapping in the `pg_hba.conf` file. - The name specified in the `system_username` column is `enterprisedb`. - The name specified in the `postgres_username` column is `enterprisedb`. Then, open the `pg_hba.conf` file and modify the `IDENT` entries: -- If you are using an IPv4 local connection, modify the file entry to read: +- If you're using an IPv4 local connection, modify the file entry to read: `host all all 127.0.0.0/0 ident map=edbas` -- If you are using an IPv6 local connection, modify the file entry to read: +- If you're using an IPv6 local connection, modify the file entry to read: `host all all ::1/128 ident map=edbas` -You must restart the Advanced Server service before invoking EDB\*Plus. For detailed information about controlling the Advanced Server service, see the online documentation for [EDB Postgres Advanced Server](/epas/latest/). +You must restart the EDB Postgres Advanced Server service before invoking EDB\*Plus. For detailed information about EDB Postgres Advanced Server, see the [EDB Postgres Advanced Server](/epas/latest/) documentation. diff --git a/product_docs/docs/edb_plus/41/installing/windows.mdx b/product_docs/docs/edb_plus/41/installing/windows.mdx index e687a7819cb..c613b7fba69 100644 --- a/product_docs/docs/edb_plus/41/installing/windows.mdx +++ b/product_docs/docs/edb_plus/41/installing/windows.mdx @@ -10,30 +10,28 @@ EDB provides a graphical interactive installer for Windows. You access it using ## Prerequisites -Before installing EDB\*Plus, you must first install Java (version 1.8 or later). For Windows, Java installers and instructions are available online at: - - +Before installing EDB\*Plus, you must first install Java version 1.8 or later. For Windows, Java installers and instructions are available at the [Java download page](http://www.java.com/en/download/manual.jsp). ## Using StackBuilder Plus -After installing EDB Postgres Advanced Server, you can use StackBuilder Plus to invoke the graphical installer for EDB*Plus. See [Using StackBuilder Plus](/epas/latest/epas_inst_windows/installing_advanced_server_with_the_interactive_installer/using_stackbuilder_plus/). +After installing EDB Postgres Advanced Server, you can use StackBuilder Plus to invoke the graphical installer for EDB\*Plus. See [Using StackBuilder Plus](/epas/latest/epas_inst_windows/installing_advanced_server_with_the_interactive_installer/using_stackbuilder_plus/). -1. Using the Windows start menu, open StackBuilder Plus and follow the prompts until you get to the module selection page. +1. Using the Windows Start menu, open StackBuilder Plus. Follow the prompts until you get to the module selection page. -1. Expand the **Add-ons, tools, and utilities** node and select **EDB*Plus**. +1. Expand the **Add-ons, tools, and utilities** node and select **EDB\*Plus**. -1. Select **Next** and proceed to the [Using the graphical installer](#using-the-graphical-installer) section in this topic. +1. Select **Next**, which brings you to the graphical installer. ## Using the graphical installer 1. Select the installation language and select **OK**. -1. On the Setup EDB*Plus page, select **Next**. +1. On the Setup EDB\*Plus page, select **Next**. -1. Browse to a directory where you want EDB*Plus to be installed, or allow the installer to install it in the default location. Select **Next**. +1. Browse to a directory where you want to install EDB\*Plus, or leave the default location. Select **Next**. 1. On the Ready to Install page, select **Next**. - An information box shows installation progress. This may take a few minutes. + An information box shows installation progress. Installation might take a few minutes. 1. When the installation has completed, select **Finish**. diff --git a/product_docs/docs/efm/4/installing/install_details.mdx b/product_docs/docs/efm/4/installing/install_details.mdx index 26a96b0e319..325c623736d 100644 --- a/product_docs/docs/efm/4/installing/install_details.mdx +++ b/product_docs/docs/efm/4/installing/install_details.mdx @@ -6,7 +6,7 @@ redirects: -Components are installed in the following locations, where `4.x` indicates a minor release: +Components are installed in the following locations, where `4.x` indicates a minor release. | Component | Location | | --------------------------------- | ----------------------------- | diff --git a/product_docs/docs/efm/4/installing/prerequisites.mdx b/product_docs/docs/efm/4/installing/prerequisites.mdx index a4206bac8c0..a3846d706b0 100644 --- a/product_docs/docs/efm/4/installing/prerequisites.mdx +++ b/product_docs/docs/efm/4/installing/prerequisites.mdx @@ -11,11 +11,11 @@ legacyRedirectsGenerated: -Before configuring a Failover Manager cluster, you must satisfy the prerequisites described below. +Before configuring a Failover Manager cluster, you must satisfy these prerequisites. -## Install Java 1.8 (or later) +## Install Java 1.8 or later -Before using Failover Manager, you must first install Java (version 1.8 or later). Failover Manager is tested with OpenJDK, and we strongly recommend installing that version of Java. [Installation instructions for Java](https://openjdk.java.net/install/) are platform specific. +Before using Failover Manager, you must first install Java version 1.8 or later. Failover Manager is tested with OpenJDK, and we strongly recommend installing that version of Java. [Installation instructions for Java](https://openjdk.java.net/install/) are platform specific. !!! Note There's a temporary issue with OpenJDK version 11 on RHEL and its derivatives. When starting Failover Manager, you might see an error like the following: @@ -28,8 +28,8 @@ Before using Failover Manager, you must first install Java (version 1.8 or later You can receive notifications from Failover Manager as specified by a user-defined notification script, by email, or both. -- If you are using email notifications, an SMTP server must be running on each node of the Failover Manager scenario. -- If you provide a value in the `script.notification` property, you can leave the `user.email` field blank; an SMTP server is not required. +- If you're using email notifications, an SMTP server must be running on each node of the Failover Manager scenario. +- If you provide a value in the `script.notification` property, you can leave the `user.email` field blank. An SMTP server isn't required. If an event occurs, Failover Manager invokes the script (if provided) and can also send a notification email to any email addresses specified in the `user.email` parameter of the cluster properties file. For more information about using an SMTP server, see the [Red Hat deployment guide](https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-email-mta.html). @@ -37,13 +37,13 @@ If an event occurs, Failover Manager invokes the script (if provided) and can al Failover Manager requires that PostgreSQL streaming replication be configured between the primary node and the standby nodes. Failover Manager doesn't support other types of replication. -On database versions 11 (or prior), unless specified with the `-sourcenode` option, a `recovery.conf` file is copied from a random standby node to the stopped primary during switchover. Ensure that the paths in the `recovery.conf` file on your standby nodes are consistent before performing a switchover. For more information about the `-sourcenode` option, see [Promoting a Failover Manager node](../05_using_efm/#promote_node). +On database versions 11 or earlier, unless specified with the `-sourcenode` option, a `recovery.conf` file is copied from a random standby node to the stopped primary during switchover. Ensure that the paths in the `recovery.conf` file on your standby nodes are consistent before performing a switchover. For more information about the `-sourcenode` option, see [Promoting a Failover Manager node](../05_using_efm/#promote_node). On database version 12 or later, the `primary_conninfo` and `restore_command` properties are copied from a random standby node to the stopped primary during switchover unless otherwise specified with the `-sourcenode` option. ## Modify pg_hba.conf -You must modify `pg_hba.conf` on the primary and standby nodes, adding entries that allow communication between all of the nodes in the cluster. The following example shows entries you might make to the `pg_hba.conf` file on the primary node: +You must modify `pg_hba.conf` on the primary and standby nodes, adding entries that allow communication between all of the nodes in the cluster. This example shows entries you might make to the `pg_hba.conf` file on the primary node: ```shell # access for itself @@ -58,19 +58,19 @@ Where: `efm` specifies the name of a valid database user. - `fmdb` specifies the name of a database to which the efm user may connect. + `fmdb` specifies the name of a database to which the efm user can connect. -By default, the `pg_hba.conf` file resides in the `data` directory, under your Postgres installation. After modifying the `pg_hba.conf` file, you must reload the configuration file on each node for the changes to take effect. You can use the following command: +By default, the `pg_hba.conf` file resides in the `data` directory under your Postgres installation. After modifying the `pg_hba.conf` file, for the changes to take effect, you must reload the configuration file on each node. You can use the following command: `# systemctl reload edb-as-` Where `x` specifies the Postgres version. -## Using Autostart for the Database Servers +## Using autostart for the database servers -If a primary node reboots, Failover Manager might detect the database is down on the primary node and promote a standby node to the role of primary. If this happens, the Failover Manager agent on the rebooted primary node doesn't get a chance to write the `recovery.conf` file, and the `recovery.conf` file prevents the database server from starting. If this happens, the rebooted primary node returns to the cluster as a second primary node. +If a primary node restarts, Failover Manager might detect the database is down on the primary node and promote a standby node to the role of primary. If this happens, the Failover Manager agent on the restarted primary node doesn't get a chance to write the `recovery.conf` file, and the `recovery.conf` file prevents the database server from starting. In this case, the rebooted primary node returns to the cluster as a second primary node. -To prevent this condition, ensure that the Failover Manager agent auto starts before the database server. The agent starts in idle mode and checks to see if there is already a primary in the cluster. If there is a primary node, the agent verifies that a `recovery.conf` or `standby.signal` file exists. If neither file exits, the agent creates the `recovery.conf` file. +To prevent this condition, ensure that the Failover Manager agent auto starts before the database server. The agent starts in idle mode and checks to see if there's already a primary in the cluster. If there's a primary node, the agent verifies that a `recovery.conf` or `standby.signal` file exists. If neither file exits, the agent creates the `recovery.conf` file. ## Ensure communication through firewalls @@ -96,9 +96,7 @@ The database user specified by the `db.user` property in the `efm.properties` fi `pg_wal_replay_pause()` -If the `reconfigure.num.sync` or `reconfigure.sync.primary` property is set to `true`, then: - -- For database versions 10 and later, the db.user requires `pg_read_all_stats` privilege and permissions to run `pg_reload_conf()`. +If the `reconfigure.num.sync` or `reconfigure.sync.primary` property is set to `true`, then, for database versions 10 and later, the db.user requires `pg_read_all_stats` privilege and permissions to run `pg_reload_conf()`. For detailed information about each of these functions, see the [PostgreSQL core documentation](https://www.postgresql.org/docs/current/index.html). diff --git a/product_docs/docs/epas/15/upgrading/05_performing_a_minor_version_update_of_an_rpm_installation.mdx b/product_docs/docs/epas/15/upgrading/05_performing_a_minor_version_update_of_an_rpm_installation.mdx index 6d9e22f6863..4024708ec23 100644 --- a/product_docs/docs/epas/15/upgrading/05_performing_a_minor_version_update_of_an_rpm_installation.mdx +++ b/product_docs/docs/epas/15/upgrading/05_performing_a_minor_version_update_of_an_rpm_installation.mdx @@ -30,9 +30,9 @@ For more information about using `yum` commands and options, enter `yum --help` !!! Important -If upgrading to version 15.4, or later, you should run `edb_sqlpatch` +If upgrading to version 15.4 or later, run `edb_sqlpatch`. -If the command responds that it has a number of patches needing to be applied like so: +The command might respond that it has a number of patches needing to be applied, for example: ```console * database edb @@ -40,7 +40,7 @@ If the command responds that it has a number of patches needing to be applied li 58 patches need to be applied to this database. ``` -Then it will be necessary to execute edb_sqlpatch to patch the system catalog. Run: +In this case, you need to run edb_sqlpatch to patch the system catalog: ```shell edb_sqlpatch -af @@ -48,4 +48,4 @@ edb_sqlpatch -af !!! -For more information about using `edb_sqlpatch` commands and options, please see [edb_sqlpatch](/tools/edb_sqlpatch/) page. +For more information about using edb_sqlpatch commands and options, see [edb_sqlpatch](/tools/edb_sqlpatch/). diff --git a/product_docs/docs/eprs/7/installing/installation_details.mdx b/product_docs/docs/eprs/7/installing/installation_details.mdx index 2f1448b2a82..4884ed3d3d7 100644 --- a/product_docs/docs/eprs/7/installing/installation_details.mdx +++ b/product_docs/docs/eprs/7/installing/installation_details.mdx @@ -11,10 +11,10 @@ On Windows systems, the publication server and subscription server run as servic ## Linux details -On Linux hosts where you installed Replication Server with the graphical user interface or from the command line, you should now have a publication server daemon and a subscription server daemon running on your computer, assuming you chose to install the publication server and subscription server components. If you installed the Replication Server RPM package, you must start the publication server and the subscription server based on the instructions in [Registering a Publication Server](../05_smr_operation/02_creating_publication/01_registering_publication_server/#registering_publication_server) for the publication server and [Registering a Subscription Server](../05_smr_operation/03_creating_subscription/01_registering_subscription_server/#registering_subscription_server) for the subscription server. +On Linux hosts where you installed Replication Server with the graphical installer or from the command line, a publication server daemon and a subscription server daemon are now running on your computer, assuming you chose to install the publication server and subscription server components. If you installed the Replication Server RPM package, you must start the publication server and the subscription server based on the instructions in [Registering a publication server](../05_smr_operation/02_creating_publication/01_registering_publication_server/#registering_publication_server) for the publication server and [Registering a subscription server](../05_smr_operation/03_creating_subscription/01_registering_subscription_server/#registering_subscription_server) for the subscription server. !!! Note - On some Linux systems, you may have to restart the server before you can see the EPRS Replication Console choice in the application menu. If the Replication Console choice is still unavailable in the application menu, it can be started by invoking the script `XDB_HOME/bin/runRepConsole.sh`. + On some Linux systems, you might have to restart the server before you can see the EPRS Replication Console choice in the application menu. If the Replication Console choice is still unavailable in the application menu, you can start it by invoking the script `XDB_HOME/bin/runRepConsole.sh`. ## Additional details @@ -23,7 +23,7 @@ The Postgres application menu contains a new item for the EPRS Replication Conso !!! Note If Replication Server is installed from a Replication Server RPM package, start the EPRS Replication Console by invoking the script `XDB_HOME/bin/runRepConsole.sh`. -During the configuration process, you may need the following files that are created during installation. +During the configuration process, you might need the following files that are created during installation. | File Name | Location | Description | | ---------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------------ | @@ -50,10 +50,10 @@ During the configuration process, you may need the following files that are crea - For Windows, Replication Server is installed in the `C:\Program Files\edb\EnterpriseDB-xDBReplicationServer` directory. !!! Note - `POSTGRES_HOME` is the home directory of the postgres operating system account (enterprisedb for Advanced Server installed in Oracle compatible configuration mode). + `POSTGRES_HOME` is the home directory of the postgres operating system account (enterprisedb for EDB Postgres Advanced Server installed in Oracle-compatible configuration mode). !!! Note - The publication and subscription services startup log files (`edb-xdbpubserver.log` and `edb-xdbsubserver.log`) are not generated for Windows and Mac OS X operating systems. + The publication and subscription services startup log files (`edb-xdbpubserver.log` and `edb-xdbsubserver.log`) aren't generated for Windows and Mac OS X operating systems. !!! Note `USER_HOME` is the home directory of the operating system account in use. diff --git a/product_docs/docs/eprs/7/installing/installing_jdbc_driver.mdx b/product_docs/docs/eprs/7/installing/installing_jdbc_driver.mdx index edf20254360..931fe13675c 100644 --- a/product_docs/docs/eprs/7/installing/installing_jdbc_driver.mdx +++ b/product_docs/docs/eprs/7/installing/installing_jdbc_driver.mdx @@ -4,7 +4,7 @@ title: "Installing a JDBC driver" ## Choosing and installing a JDBC driver -Which JDBC driver you use depends on what database you're using. If you're using: +The JDBC driver you use depends on the database you're using. If you're using: - **EDB Postgres Advanced Server**, use the EDB JDBC driver. To download the latest driver, see [EDB Connectors](https://enterprisedb.com/software-downloads-postgres#edb-connectors) on the EDB Downloads page. For installation instructions, see [Installing and configuring EDB JDBC Connector](/jdbc_connector/latest/04_installing_and_configuring_the_jdbc_connector/). @@ -15,14 +15,14 @@ Which JDBC driver you use depends on what database you're using. If you're using - **Microsoft SQL Server**, use the freely available [Microsoft SQL Server JDBC](https://learn.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver?view=sql-server-ver16#102) driver. !!! Note -For Microsoft SQL Server, if your system uses JDK/JAVA then it is recommended that you use an equal or earlier mssql-jdbc jre version than the JDK/JAVA version on your system. For example, a system with JDK/JAVA version 18 can use `mssql-jdbc-11.2.0.jre18.jar`, `mssql-jdbc-11.2.0.jre17.jar`, and so on. +For Microsoft SQL Server, if your system uses JDK/JAVA, then we recommend that you use an equal or earlier mssql-jdbc jre version than the JDK/JAVA version on your system. For example, a system with JDK/JAVA version 18 can use `mssql-jdbc-11.2.0.jre18.jar`, `mssql-jdbc-11.2.0.jre17.jar`, and so on. !!! ## Configuring the driver After downloading the driver, create a symlink in the `XDB-install-folder/lib/jdbc` directory that points to the location where you installed the driver. -For Linux, create a symlink for the driver using these naming conventions: +For Linux, create a symlink for the driver using these naming conventions. | Driver | symlink name | | -------------------- | -------------- | @@ -32,5 +32,4 @@ For Linux, create a symlink for the driver using these naming conventions: | Microsoft SQL Server | mssql-jdbc.jar | | jTDS | jtds.jar | - For Windows, the drivers need to be copied to the `XDB-install-folder/lib/jdbc` directory and renamed using the same naming conventions. - + For Windows, copy the drivers to the `XDB-install-folder/lib/jdbc` directory and rename them using the same naming conventions. diff --git a/product_docs/docs/eprs/7/installing/uninstalling.mdx b/product_docs/docs/eprs/7/installing/uninstalling.mdx index 349b5876b22..a3f0d0136c6 100644 --- a/product_docs/docs/eprs/7/installing/uninstalling.mdx +++ b/product_docs/docs/eprs/7/installing/uninstalling.mdx @@ -7,7 +7,15 @@ redirects: -Uninstalling Replication Server results in the removal of the publication server, the subscription server, the EPRS console, the Replication Server command line interface, the EPRS replication configuration file, the Replication Server startup configuration file, the publication server configuration file, and the subscription server configuration file. +Uninstalling the Replication Server results in the removal of the following: +- Publication server +- Subscription server +- EPRS console +- Replication Server command line interface +- EPRS replication configuration file +- Replication Server startup configuration file +- Publication server configuration file +- Subscription server configuration file Uninstalling Replication Server doesn't remove any databases used as primary nodes, publication databases, or subscription databases. @@ -17,7 +25,7 @@ If you installed Replication Server using the Replication Server installer progr -## Uninstalling a RPM package installation +## Uninstalling an RPM package installation If you installed Replication Server from the RPM package, uninstall it using the yum package manager. @@ -93,23 +101,16 @@ Complete! ## Uninstalling a Windows installation -The following steps are for uninstalling Replication Server from a Windows host. +To uninstall Replication Server from a Windows host: 1. From the Windows Control Panel, select **Uninstall a Program**. - ![Uninstall a program](../images/image53.png) - -1. Select the Replication Server product in the list of programs to uninstall or change. Select **Uninstall/Change**. - - ![Uninstall or change a program](../images/image54.png) +1. From the list of programs to uninstall or change, select the Replication Server product. Select **Uninstall/Change**. 1. Select **Yes** to confirm that you want to unistall Replication Server. - ![Confirm Replication Server uninstallation](../images/image55.png) - -1. The Uninstallation Completed dialog box appears when the process has completed. Select **OK**. +1. The Uninstallation Completed dialog box appears when the process is complete. Select **OK**. - ![Uninstallation completed](../images/image56.png) ### Uninstalling in text or unattended mode diff --git a/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_linux.mdx b/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_linux.mdx index 5c7febc4aa4..665023ca15a 100644 --- a/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_linux.mdx +++ b/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_linux.mdx @@ -10,11 +10,11 @@ If you have an existing Replication Server 7.x installation on Linux, you can us `yum upgrade edb-repo` -`yum` will update the `edb.repo` file to enable access to the current EDB repository, configured to connect with the credentials specified in your `edb.repo` file. Then, you can use yum to upgrade any installed packages: +`yum` updates the `edb.repo` file to enable access to the current EDB repository, configured to connect with the credentials specified in your `edb.repo` file. Then, you can use yum to upgrade any installed packages: `yum upgrade edb-xdb*` -If you are upgrading from a Replication Server 6.2 installation on Linux, see [Upgrading from a Replication Server 6.2 installation on Linux](upgrading_with_xdb_rpm_package) for details. +If you're upgrading from a Replication Server 6.2 installation on Linux, see [Upgrading from a Replication Server 6.2 installation on Linux](upgrading_with_xdb_rpm_package) for details. After upgrading and before using Replication Server, you need to download a JDBC driver and create a symlink to it. See [Installing a JDBC driver](../installing_jdbc_driver/) for more information. diff --git a/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_with_gui_installer.mdx b/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_with_gui_installer.mdx index 7de246140a8..cdba1735a7b 100644 --- a/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_with_gui_installer.mdx +++ b/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_with_gui_installer.mdx @@ -1,5 +1,5 @@ --- -title: "Upgrading with the graphical user interface installer" +title: "Upgrading with the graphical installer" redirects: - /eprs/7/10_appendix/02_upgrading_to_xdb6_2/02_upgrading_with_gui_installer/ - /eprs/7/10_appendix/01_upgrading_to_xdb6_2/02_upgrading_with_gui_installer/ @@ -7,17 +7,17 @@ redirects: -You can upgrade to Replication Server 7 using the graphical user interface installer. +You can upgrade to Replication Server 7 using the graphical installer. 1. Before starting the upgrade process, replicate any pending backlog of transactions on the publication tables. 1. After all pending transactions are replicated to their target databases, stop the Replication Server 6.2.x publication server and subscription server. See [Registering a publication server](../../05_smr_operation/02_creating_publication/01_registering_publication_server/#registering_publication_server) and [Registering a subscription server](../../05_smr_operation/03_creating_subscription/01_registering_subscription_server/#registering_subscription_server). -1. Ensure the installation user has administrative permissions on the `XDB_HOME/xdata` folder. On Windows, this can be done by opening the Replication Server installation directory in Windows Explorer and selecting the xdata folder. When prompted, select **Continue** to enable the required permission. +1. Ensure the installation user has administrative permissions on the `XDB_HOME/xdata` folder. On Windows, you can do this by opening the Replication Server installation directory in Windows Explorer and selecting the xdata folder. When prompted, select **Continue** to enable the required permission. 1. Install Replication Server 7. See [Installation and uninstallation](../../05_smr_operation/03_creating_subscription/01_registering_subscription_server/#registering_subscription_server) for instructions on installing Replication Server, but note the differences described in the following steps. -1. Following the acceptance of the license agreement, the Select Components screen appears but with the entries grayed out. The old Replication Server components are replaced with the new ones in the old Replication Server’s directory location. Select **Next**. +1. Following the acceptance of the license agreement, the Select Components screen appears but with the entries disabled. The old Replication Server components are replaced with the new ones in the old Replication Server’s directory location. Select **Next**. 1. The Existing Installation screen confirms that an existing Replication Server installation was found. To proceed with the upgrade, select **Next**. @@ -25,7 +25,7 @@ You can upgrade to Replication Server 7 using the graphical user interface insta The remaining screens that appear confirm completion of the installation process and allow you to exit from Stack Builder or StackBuilder Plus. -1. After installation completes, the publication server of the new Replication Server product is running, connected to the controller database used by Replication Server 6.2. The subscription server might be running at this point. That is an expected outcome of this process. +1. After installation completes, the publication server of the new Replication Server product is running, connected to the controller database used by Replication Server 6.2. The subscription server might be running at this point, which is an expected outcome of this process. 1. Complete the publication server and subscription server configuration file setup. @@ -33,15 +33,15 @@ You can upgrade to Replication Server 7 using the graphical user interface insta The old configuration files used by Replication Server version 6.2.x remain unchanged as `xdb_pubserver.conf` and `xdb_subserver.conf`. - Merge the old and new configuration files so that the resulting, active configuration files contain any new Replication Server 7 configuration options as well as any nondefault settings you used with the Replication Server 6.2.x and want to continue to use with Replication Server 7. The final set of active configuration files must be named `xdb_pubserver.conf` and `xdb_subserver.conf`. + Merge the old and new configuration files so that the resulting active configuration files contain any new Replication Server 7 configuration options as well as any nondefault settings you used with the Replication Server 6.2.x and want to continue to use with Replication Server 7. The final set of active configuration files must be named `xdb_pubserver.conf` and `xdb_subserver.conf`. - In the `XDB_HOME/etc/sysconfig` directory, make sure the Replication Server startup configuration file `xdbReplicationServer-62.config` contains the parameter settings you want to use with Replication Server 7. See [Replication Server startup configuration file](../../02_overview/03_replication_server_components_and_architecture/01_physical_components/#xdb_startup_conf_file) for information on this file. + In the `XDB_HOME/etc/sysconfig` directory, make sure the Replication Server startup configuration file `xdbReplicationServer-62.config` contains the parameter settings you want to use with Replication Server 7. See [Replication Server startup configuration file](../../02_overview/03_replication_server_components_and_architecture/01_physical_components/#xdb_startup_conf_file) for more information. 1. Restart the publication server and the subscription server. See [Registering a publication server](../../05_smr_operation/02_creating_publication/01_registering_publication_server/#registering_publication_server) and [Registering a subscription server](../../05_smr_operation/03_creating_subscription/01_registering_subscription_server/#registering_subscription_server)). 1. Check the publication server and subscription server log files to verify that no errors occurred (see [Publication and subscription server startup failures](../../10_appendix/02_resolving_problems/02_where_to_look_for_errors/#publication-and-subscription-server-startup-failures)). -1. Adjust the publication server and subscription server port numbers if necessary. +1. If necessary, adjust the publication server and subscription server port numbers. The Replication Server 7 publication and subscription servers are installed to use the default port numbers `9051` and `9052`, respectively. If the Replication Server 6.2.x replication systems used port numbers other than `9051` and `9052`, then make the changes to correct this inconsistency as described in [Updating the publication and subscription server ports](updating_sub_and_pub_ports). @@ -52,4 +52,4 @@ After upgrading and before using Replication Server, you need to download a JDBC You're now ready to use Replication Server 7 to create new replication systems and manage existing ones. !!! Note - **For Windows:** If you give a new admin password during an upgrade, it is ignored. After the upgrade, Replication Server picks the old admin user name and password (which is saved in `edb-replconf`). + **For Windows:** If you give a new admin password during an upgrade, it's ignored. After the upgrade, Replication Server picks the old admin user name and password, which is saved in `edb-replconf`. diff --git a/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_with_xdb_rpm_package.mdx b/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_with_xdb_rpm_package.mdx index 8c4758286d8..b392e85d7f3 100644 --- a/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_with_xdb_rpm_package.mdx +++ b/product_docs/docs/eprs/7/installing/upgrading_replication_server/upgrading_with_xdb_rpm_package.mdx @@ -24,7 +24,7 @@ If you're using Replication Server 6.2.x that was installed using the Replicatio - `/usr/edb/xdb/etc/xdb_subserver.conf` - `/usr/edb/xdb/etc/sysconfig/xdbReplicationServer-70.config` - Copies of these files are typically saved by the upgrade process if the files were modified since their original installation. However, it is safest to save copies in case the upgrade process doesn't. Use the saved files as your Replication Server 6.2.x configuration files for the updates described in Step 7. + Copies of these files are typically saved by the upgrade process if the files were modified since their original installation. However, it's safest to save copies in case the upgrade process doesn't. Use the saved files as your Replication Server 6.2.x configuration files for the updates described in Step 7. 1. If any Oracle publication or subscription databases are used in existing single-master replication systems, make sure a copy of the Oracle JDBC driver, version ojdbc5 or later, is accessible by the publication server and subscription server where Replication Server 7 will be installed. See [Enabling access to Oracle](../../05_smr_operation/01_prerequisites/03_enable_access_to_database/#enable_access_to_oracle) for information. @@ -171,9 +171,9 @@ If you're using Replication Server 6.2.x that was installed using the Replicatio Merge the old and new configuration files so that the resulting, active configuration files contain any new Replication Server 7 configuration options as well as any nondefault settings you used with Replication Server 6.2.x and want to continue to use with Replication Server 7. - The final set of active configuration files must be contained in directory `/usr/edb/xdb/etc` named `xdb_pubserver.conf` and `xdb_subserver.conf`. In the `/usr/edb/xdb/etc/sysconfig directory`, make sure the Replication Server startup configuration file `xdbReplicationServer-70.config` contains the parameter settings you want to use with Replication Server 7. See [Replication Server configuration file](../../02_overview/03_replication_server_components_and_architecture/01_physical_components/#xdb_replication_conf_file) for information on this file. + The final set of active configuration files must be contained in the directory `/usr/edb/xdb/etc` and named `xdb_pubserver.conf` and `xdb_subserver.conf`. In the `/usr/edb/xdb/etc/sysconfig directory`, make sure the Replication Server startup configuration file `xdbReplicationServer-70.config` contains the parameter settings you want to use with Replication Server 7. See [Replication Server configuration file](../../02_overview/03_replication_server_components_and_architecture/01_physical_components/#xdb_replication_conf_file) for more information. -8. Restart the publication server and the subscription server (see sections [Registering a publication server](../../05_smr_operation/02_creating_publication/01_registering_publication_server/#registering_publication_server) and [Registering a subscription server](../../05_smr_operation/03_creating_subscription/01_registering_subscription_server/#registering_subscription_server)). +8. Restart the publication server and the subscription server (see [Registering a publication server](../../05_smr_operation/02_creating_publication/01_registering_publication_server/#registering_publication_server) and [Registering a subscription server](../../05_smr_operation/03_creating_subscription/01_registering_subscription_server/#registering_subscription_server)). 9. Check the publication server and subscription server log files to verify that no errors occurred (see [Replication Server configuration file](../../02_overview/03_replication_server_components_and_architecture/01_physical_components/#xdb_replication_conf_file)). diff --git a/product_docs/docs/eprs/7/installing/windows.mdx b/product_docs/docs/eprs/7/installing/windows.mdx index 53ca41f57a4..1981241c7ef 100644 --- a/product_docs/docs/eprs/7/installing/windows.mdx +++ b/product_docs/docs/eprs/7/installing/windows.mdx @@ -12,27 +12,27 @@ EDB provides a graphical interactive installer for Windows. You can access it tw - Download the graphical installer from the [Downloads page](https://www.enterprisedb.com/software-downloads-postgres#replication-server) and invoke the installer directly. See [Installing directly](/eprs/latest/installing/windows/#installing-directly). -- Use Stack Builder (with PostgreSQL) or StackBuilder Plus (with EDB Postgres Advanced Server) to download the EDB installer package and invoke the graphical installer. See [Using Stack Builder or StackBuilder Plus](/eprs/latest/installing/windows/#using-stack-builder-or-stackbuilder-plus). +- Use Stack Builder (with PostgreSQL) or StackBuilder Plus (with EDB Postgres Advanced Server) to download the EDB installer package and invoke the graphical installer. See [Using Stack Builder or StackBuilder Plus](/eprs/latest/installing/windows/#using-stack-builder-or-stackbuilder-plus). ## Prerequisites -- You must have Java Runtime Environment (JRE) version 1.8 or later installed on the hosts where you intend to install any Replication Server component (Replication Console, publication server, or subscription server). Any Java product such as Oracle Java or OpenJDK may be used. Follow the directions for your host operating system to install the Java runtime environment. +- You must have Java Runtime Environment (JRE) version 1.8 or later installed on the hosts where you intend to install any Replication Server component (Replication Console, publication server, or subscription server). You can use Any Java product, such as Oracle Java or OpenJDK. Follow the directions for your host operating system to install the Java runtime environment. -- Be sure the system environment variable, `JAVA_HOME`, is set to the JRE installation directory of the JRE version and bitness (32-bit or 64-bit) you want to use with Replication Server. The Replication Server installer for a Windows platform contains both the 32-bit and 64-bit versions. The `JAVA_HOME` setting determines whether the 32-bit or the 64-bit version of Replication Server is installed. If `JAVA_HOME` is not set, the first JRE version encountered in the Path system environment variable determines the Replication Server version to be installed. +- Be sure the system environment variable, `JAVA_HOME`, is set to the JRE installation directory of the JRE version and bitness (32-bit or 64-bit) you want to use with Replication Server. The Replication Server installer for a Windows platform contains both the 32-bit and 64-bit versions. The `JAVA_HOME` setting determines whether the 32-bit or the 64-bit version of Replication Server is installed. If `JAVA_HOME` isn't set, the first JRE version encountered in the `path` system environment variable determines the Replication Server version to be installed. ## Installing directly After downloading the graphical installer, to start the installation wizard, assume sufficient privileges (superuser or administrator) and double-click the installer icon. If prompted, provide a password. -In some versions of Windows, to invoke the installer with Administrator privileges, you need to right-click on the installer icon and select **Run as Administrator** from the context menu. +In some versions of Windows, to invoke the installer with administrator privileges, you need to right-click the installer icon and select **Run as Administrator** from the context menu. -Proceed to the [Using the graphical installer](#using-the-graphical-installer) section. +Proceed to [Using the graphical installer](#using-the-graphical-installer). ## Using Stack Builder or StackBuilder Plus -If you are using PostgreSQL, you can invoke the graphical installer with Stack Builder. See [Using Stack Builder](https://www.enterprisedb.com/docs/supported-open-source/postgresql/installer/03_using_stackbuilder/). +If you're using PostgreSQL, you can invoke the graphical installer with Stack Builder. See [Using Stack Builder](https://www.enterprisedb.com/docs/supported-open-source/postgresql/installer/03_using_stackbuilder/). 1. In Stack Builder, follow the prompts until you get to the module selection page. @@ -40,15 +40,15 @@ If you are using PostgreSQL, you can invoke the graphical installer with Stack B 1. Expand the **EnterpriseDB Tools** node and select **Replication Server**. -1. Proceed to the [Using the graphical installer](#using-the-graphical-installer) section in this topic. +1. Proceed to [Using the graphical installer](#using-the-graphical-installer). -If you are using EDB Postgres Advanced Server, you can invoke the graphical installer with StackBuilder Plus. See [Using StackBuilder Plus](/epas/latest/epas_inst_windows/installing_advanced_server_with_the_interactive_installer/using_stackbuilder_plus/). +If you're using EDB Postgres Advanced Server, you can invoke the graphical installer with StackBuilder Plus. See [Using StackBuilder Plus](/epas/latest/epas_inst_windows/installing_advanced_server_with_the_interactive_installer/using_stackbuilder_plus/). 1. In StackBuilder Plus, follow the prompts until you get to the module selection page. 1. Expand the **EnterpriseDB Tools** node and select **Replication Server**. -1. Proceed to the [Using the graphical installer](#using-the-graphical-installer) section in this topic. +1. Proceed to [Using the graphical installer](#using-the-graphical-installer). ## Using the graphical installer @@ -58,34 +58,33 @@ If you are using EDB Postgres Advanced Server, you can invoke the graphical inst 1. Read the license agreement. If you accept the agreement, select the **I accept the agreement** option and select **Next**. -1. Browse to a directory where you want the Replication Server components to be installed, or allow the installer to install the components in the default location. Select **Next**. +1. Browse to a directory where you want to install the Replication Server components, or leave the default location. Select **Next**. -1. If you do not want a particular Replication Server component installed, uncheck the box next to the component name. Select **Next**. +1. If you don't want a particular Replication Server component installed, clear the box next to the component name. Select **Next**. 1. Enter information for the Replication Server administrator. !!! Note - From this point on, we suggest you record the values you enter as they will be needed during the publication and subscription server registration process. + From this point on, we suggest you record the values you enter as you need them during the publication and subscription server registration process. Enter values for the following fields: - - **Admin User** — The Replication Server administrator user name needed to authenticate some Replication Server actions such as registering a publication server or subscription server running on this host. Any alphanumeric string may be entered for the admin user name. The default admin user name is *admin*. + - **Admin User** — The Replication Server administrator user name needed to authenticate some Replication Server actions, such as registering a publication server or subscription server running on this host. You can enter any alphanumeric string for the admin user name. The default admin user name is admin. - **Admin Password** — Password of your choice for the Replication Server administrator. The admin user and the admin password (in encrypted form) are saved to the `XDB_HOME\etc\edb-repl.conf` configuration file. Select **Next**. -1. If a publication server is being installed, enter an available port on which the publication server can run. The default port number is *9051*. Select **Next**. +1. If a publication server is being installed, enter an available port on which the publication server can run. The default port number is `9051`. Select **Next**. -1. If a subscription server is being installed, enter an available port on which the subscription server can run. The default port number is *9052*. Select **Next**. +1. If a subscription server is being installed, enter an available port on which the subscription server can run. The default port number is `9052`. Select **Next**. -1. If you are using EDB Postgres Advanced Server installed in Oracle compatible configuration mode, enter `postgres` or `enterprisedb` for the operating system account under which the publication server or subscription server runs. +1. If you're using EDB Postgres Advanced Server installed in Oracle-compatible configuration mode, enter `postgres` or `enterprisedb` for the operating system account under which the publication server or subscription server runs. 1. On the Ready to Install page, select **Next**. - An information box shows the installation progress of the selected components. This may take a few minutes. + An information box shows the installation progress of the selected components. This might take a few minutes. -1. When the installation has completed, select **Finish**. +1. When the installation is complete, select **Finish**. Successful installation of Replication Server results in the creation of directory structures and files in your host environment as described in [Installation details](installation_details). Verify that the path to your Java runtime program set in `XDB_HOME\etc\edb-repl.conf` is correct. - diff --git a/product_docs/docs/jdbc_connector/42.5.4.1/installing/configuring_for_java.mdx b/product_docs/docs/jdbc_connector/42.5.4.1/installing/configuring_for_java.mdx index 4abbad40348..74f50bf2452 100644 --- a/product_docs/docs/jdbc_connector/42.5.4.1/installing/configuring_for_java.mdx +++ b/product_docs/docs/jdbc_connector/42.5.4.1/installing/configuring_for_java.mdx @@ -16,7 +16,7 @@ legacyRedirectsGenerated: edb-jdbc18.jar supports JDBC version 4.2. -To make the JDBC driver available to Java, you must either copy the appropriate java `.jar` file for the JDBC version that you are using to your `$java_home/jre/lib/ext` directory or append the location of the `.jar` file to the `CLASSPATH` environment variable. +To make the JDBC driver available to Java, you must either copy the appropriate java `.jar` file for the JDBC version that you're using to your `$java_home/jre/lib/ext` directory or append the location of the `.jar` file to the `CLASSPATH` environment variable. If you choose to append the location of the `jar` file to the `CLASSPATH` environment variable, you must include the complete pathname: diff --git a/product_docs/docs/jdbc_connector/42.5.4.1/installing/upgrading.mdx b/product_docs/docs/jdbc_connector/42.5.4.1/installing/upgrading.mdx index 64a8f1c3d63..94424a24bfd 100644 --- a/product_docs/docs/jdbc_connector/42.5.4.1/installing/upgrading.mdx +++ b/product_docs/docs/jdbc_connector/42.5.4.1/installing/upgrading.mdx @@ -17,7 +17,7 @@ sudo upgrade edb-repo sudo upgrade edb-repo ``` -Where `` is the package manager used with your operating system: +Where `` is the package manager used with your operating system. | Package manager | Operating system | | --------------- | -------------------------------- | diff --git a/product_docs/docs/jdbc_connector/42.5.4.1/installing/windows.mdx b/product_docs/docs/jdbc_connector/42.5.4.1/installing/windows.mdx index dadda896944..2409e792f5f 100644 --- a/product_docs/docs/jdbc_connector/42.5.4.1/installing/windows.mdx +++ b/product_docs/docs/jdbc_connector/42.5.4.1/installing/windows.mdx @@ -12,11 +12,11 @@ legacyRedirectsGenerated: --- -EDB provides a graphical interactive installer for Windows. You can access it two ways: +EDB provides a graphical installer for Windows. You can access it two ways: - Download the graphical installer from the [Downloads page](https://www.enterprisedb.com/software-downloads-postgres#connectors), and invoke the installer directly. See [Installing directly](#installing-directly). -- Use Stack Builder (with PostgreSQL) or StackBuilder Plus (with EDB Postgres Advanced Server) to download the EDB installer package and invoke the graphical installer. See [Using Stack Builder or StackBuilder Plus](#using-stack-builder-or-stackbuilder-plus). +- Use Stack Builder (with PostgreSQL) or StackBuilder Plus (with EDB Postgres Advanced Server) to download the EDB installer package and invoke the graphical installer. See [Using Stack Builder or StackBuilder Plus](#using-stack-builder-or-stackbuilder-plus). ## Installing directly @@ -36,7 +36,7 @@ If you're using EDB Postgres Advanced Server, you can invoke the graphical insta 1. In Stack Builder or StackBuilder Plus, follow the prompts until you get to the module selection page. - On the Welcome page, select the target server installation from the list of available servers. If your network requires you to use a proxy server to access the internet, select **Proxy servers** and specify a server. Select **Next**. + On the Welcome page, from the list of available servers, select the target server installation. If your network requires you to use a proxy server to access the internet, select **Proxy servers** and specify a server. Select **Next**. 1. Expand the **Database Drivers** node and do one of the following: @@ -46,7 +46,6 @@ If you're using EDB Postgres Advanced Server, you can invoke the graphical insta 1. Proceed to [Using the graphical installer](#using-the-graphical-installer). - ## Using the graphical installer 1. Select the installation language and select **OK**. diff --git a/product_docs/docs/pem/8/pem_rel_notes/864_rel_notes.mdx b/product_docs/docs/pem/8/pem_rel_notes/864_rel_notes.mdx new file mode 100644 index 00000000000..4dc9399454b --- /dev/null +++ b/product_docs/docs/pem/8/pem_rel_notes/864_rel_notes.mdx @@ -0,0 +1,13 @@ +--- +title: "Postgres Enterprise Manager 8.6.4 release notes" +navTitle: Version 8.6.4 +--- + +Released: 12 Oct 2023 + +New features, enhancements, bug fixes, and other changes in PEM 8.6.4 include: + +| Type | Description | +| ----------- | -------------------------------------------------------------------------------------------------| +| Security fix | This is a security fix for [CVE-2023-5002](https://nvd.nist.gov/vuln/detail/CVE-2023-5002). This security fix includes updates for the pgAdmin vulnerability issues. This patch affects the PEM server only, no need to update PEM agents.| +| Security fix | This is a security fix for [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863). This security fix includes updates for the libwebp issues. This patch affects the PEM server only, no need to update PEM agents.| diff --git a/product_docs/docs/pem/8/pem_rel_notes/index.mdx b/product_docs/docs/pem/8/pem_rel_notes/index.mdx index 21b10925d1b..edef79e7b89 100644 --- a/product_docs/docs/pem/8/pem_rel_notes/index.mdx +++ b/product_docs/docs/pem/8/pem_rel_notes/index.mdx @@ -1,6 +1,7 @@ --- title: "Release notes" navigation: + - 864_rel_notes - 863_rel_notes - 861_rel_notes redirects: @@ -11,6 +12,7 @@ The Postgres Enterprise Manager (PEM) documentation describes the latest version | Version | Release Date | Upstream Merges | Accessibility Conformance | | ------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------- | +| [8.6.4](864_rel_notes) | 12 Oct 2023 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) | | [8.6.3](863_rel_notes) | 14 Jul 2023 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) | | [8.6.1](861_rel_notes) | 31 Mar 2023 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) | | [8.6.0](02_860_rel_notes) | 29 Sep 2022 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) | diff --git a/product_docs/docs/pem/9/pem_rel_notes/922_rel_notes.mdx b/product_docs/docs/pem/9/pem_rel_notes/922_rel_notes.mdx index c327e2e483f..4b6c2667dde 100644 --- a/product_docs/docs/pem/9/pem_rel_notes/922_rel_notes.mdx +++ b/product_docs/docs/pem/9/pem_rel_notes/922_rel_notes.mdx @@ -1,6 +1,6 @@ --- title: "Postgres Enterprise Manager 9.2.2 release notes" -navTitle: Version 2.2 +navTitle: Version 9.2.2 --- Released: 14 Jul 2023 @@ -9,4 +9,4 @@ New features, enhancements, bug fixes, and other changes in PEM 9.2.2 include: | Type | Description | | ----------- | -------------------------------------------------------------------------------------------------| -| Security fix | This is a security fix for CVE-2023-2650 and is recommended for all the Windows users. This security fix includes updates for the Apache HTTPD bundled with the Windows installer of PEM. This patch affects the PEM server only, no need to update PEM agents.| +| Security fix | This is a security fix for [CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650) and is recommended for all the Windows users. This security fix includes updates for the Apache HTTPD bundled with the Windows installer of PEM. This patch affects the PEM server only, no need to update PEM agents.| diff --git a/product_docs/docs/pem/9/pem_rel_notes/931_rel_notes.mdx b/product_docs/docs/pem/9/pem_rel_notes/931_rel_notes.mdx new file mode 100644 index 00000000000..fc478667f3d --- /dev/null +++ b/product_docs/docs/pem/9/pem_rel_notes/931_rel_notes.mdx @@ -0,0 +1,13 @@ +--- +title: "Postgres Enterprise Manager 9.3.1 release notes" +navTitle: Version 9.3.1 +--- + +Released: 12 Oct 2023 + +New features, enhancements, bug fixes, and other changes in PEM 9.3.1 include: + +| Type | Description | +| ----------- | -------------------------------------------------------------------------------------------------| +| Security fix | This is a security fix for [CVE-2023-5002](https://nvd.nist.gov/vuln/detail/CVE-2023-5002). This security fix includes updates for the pgAdmin vulnerability issues. This patch affects the PEM server only, no need to update PEM agents.| +| Security fix | This is a security fix for [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863). This security fix includes updates for the libwebp issues. This patch affects the PEM server only, no need to update PEM agents.| diff --git a/product_docs/docs/pem/9/pem_rel_notes/index.mdx b/product_docs/docs/pem/9/pem_rel_notes/index.mdx index 03b08dbda47..57fb390b904 100644 --- a/product_docs/docs/pem/9/pem_rel_notes/index.mdx +++ b/product_docs/docs/pem/9/pem_rel_notes/index.mdx @@ -1,6 +1,7 @@ --- title: "Release notes" navigation: + - 931_rel_notes - 930_rel_notes - 922_rel_notes - 921_rel_notes @@ -14,6 +15,7 @@ The Postgres Enterprise Manager (PEM) documentation describes the latest version | Version | Release Date | Upstream Merges | Accessibility Conformance | | ------------------------- | ------------ | --------------------------------------------------------------------------| --------------------------------------------------------------------------------------------------- | +| [9.3.1](931_rel_notes) | 12 Oct 2023 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) | | [9.3.0](930_rel_notes) | 31 Aug 2023 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) | | [9.2.2](922_rel_notes) | 14 Jul 2023 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) | | [9.2.1](921_rel_notes) | 03 Jul 2023 | NA | [Conformance Report](https://www.enterprisedb.com/accessibility) | diff --git a/product_docs/docs/pgbouncer/1/installing/03_uninstallation.mdx b/product_docs/docs/pgbouncer/1/installing/03_uninstallation.mdx index 9cdcb05118f..ca0dbabb9fc 100644 --- a/product_docs/docs/pgbouncer/1/installing/03_uninstallation.mdx +++ b/product_docs/docs/pgbouncer/1/installing/03_uninstallation.mdx @@ -7,11 +7,11 @@ legacyRedirectsGenerated: - "/edb-docs/d/pgbouncer/user-guides/pgbouncer-guide/1.0/uninstallation.html" --- -This section walks you through uninstalling EDB PgBouncer. +You can uninstall EDB PgBouncer. ## Uninstalling EDB PgBouncer on a RHEL/Rocky Linux/AlmaLinux host -To uninstall EDB PgBouncer on a CentOS host, assume the identity of the root user and invoke the following command: +To uninstall EDB PgBouncer on a CentOS host, assume the identity of the root user and invoke the command. On RHEL/CentOS 7: @@ -25,11 +25,11 @@ On RHEL/Rocky Linux/AlmaLinux 8: dnf -y erase edb-pgbouncer ``` -Where `` is the EDB PgBouncer version. +Where `` is the EDB PgBouncer version you want to uninstall. ## Uninstalling EDB PgBouncer on a Debian or Ubuntu host -To uninstall EDB PgBouncer on a Debian or Ubuntu host, invoke the following command: +To uninstall EDB PgBouncer on a Debian or Ubuntu host: ```shell apt-get remove edb-pgbouncer @@ -39,7 +39,7 @@ Where `` is the version you want to uninstall. ## Uninstalling EDB PgBouncer on an SLES 12 host -To uninstall PgBouncer on an SLES 12 host, assume the identity of the `root` user and invoke the following command: +To uninstall PgBouncer on an SLES 12 host, assume the identity of the root user and invoke: ```shell zypper remove edb-pgbouncer @@ -47,7 +47,7 @@ zypper remove edb-pgbouncer Where `` is the version you want to uninstall. -For example, to uninstall EDB PgBouncer 1.16, invoke the following command: +For example, to uninstall EDB PgBouncer 1.16: ```shell zypper remove edb-pgbouncer116 @@ -55,16 +55,9 @@ zypper remove edb-pgbouncer116 ## Uninstalling EDB PgBouncer on a Windows host -To uninstall EDB PgBouncer on a Windows Host, perform the following steps: +1. The EDB PgBouncer graphical installer creates an uninstaller in the installation directory. Navigate into the installation directory and assume superuser privileges. Open the uninstaller and select **Yes** to begin uninstalling EDB PgBouncer. -1. The EDB PgBouncer graphical installer creates an uninstaller in the installation directory. Navigate into the installation directory and assume superuser privileges. Open the uninstaller and click `Yes` to begin uninstalling EDB PgBouncer: + The uninstallation process begins. -![The EDB PgBouncer Uninstaller](images/uninstall1.png) +1. Select **OK** when the uninstallation completes. -Fig. 1: The EDB PgBouncer Uninstaller - -2. The uninstallation process begins. Click `OK` when the uninstallation completes: - -![Uninstallation completes](images/uninstall2.png) - -Fig. 2: Uninstallation completes \ No newline at end of file diff --git a/product_docs/docs/pgd/3.7/harp/01_release_notes/harp2.3.2_rel_notes.mdx b/product_docs/docs/pgd/3.7/harp/01_release_notes/harp2.3.2_rel_notes.mdx new file mode 100644 index 00000000000..4667232c20c --- /dev/null +++ b/product_docs/docs/pgd/3.7/harp/01_release_notes/harp2.3.2_rel_notes.mdx @@ -0,0 +1,13 @@ +--- +title: "Version 2.3.2" +--- + +This is a patch release of HARP 2 that includes fixes for issues identified +in previous versions. + +| Type | Description | +| ---- |------------ | +| Bug fix | Multiple fixes related to network partition in BDR DCS. | +| Bug fix | Fix intermittent harp-manager hang issue. | +| Bug fix | In Go driver calls, ensure rows.Err() is checked every time after rows.Next() returns false. | +| Change | Improve the BDR DCS's List method performance. | diff --git a/product_docs/docs/pgd/3.7/harp/01_release_notes/index.mdx b/product_docs/docs/pgd/3.7/harp/01_release_notes/index.mdx index 190f1efe85f..e422c0e9bc3 100644 --- a/product_docs/docs/pgd/3.7/harp/01_release_notes/index.mdx +++ b/product_docs/docs/pgd/3.7/harp/01_release_notes/index.mdx @@ -1,6 +1,7 @@ --- title: Release Notes navigation: +- harp2.3.2_rel_notes - harp2.3.1_rel_notes - harp2.3.0_rel_notes - harp2.2.3_rel_notes @@ -25,6 +26,7 @@ The release notes in this section provide information on what was new in each re | Version | Release Date | | ----------------------- | ------------ | +| [2.3.2](harp2.3.2_rel_notes) | 17 Oct 2023 | | [2.3.1](harp2.3.1_rel_notes) | 27 Jul 2023 | | [2.3.0](harp2.3.0_rel_notes) | 12 Jul 2023 | | [2.2.3](harp2.2.3_rel_notes) | 16 May 2023 | diff --git a/product_docs/docs/pgd/4/rel_notes/index.mdx b/product_docs/docs/pgd/4/rel_notes/index.mdx index 777c4fe8636..d81c4c2303d 100644 --- a/product_docs/docs/pgd/4/rel_notes/index.mdx +++ b/product_docs/docs/pgd/4/rel_notes/index.mdx @@ -2,6 +2,7 @@ title: "EDB Postgres Distributed Release notes" navTitle: "Release notes" navigation: +- pgd_4.3.2+p1_rel_notes - pgd_4.3.2_rel_notes - pgd_4.3.1+p2_rel_notes - pgd_4.3.1+p1_rel_notes @@ -26,6 +27,7 @@ The EDB Postgres Distributed documentation describes the latest version of EDB P | Release Date | EDB Postgres Distributed | BDR | HARP | CLI | TPAexec | | ------------ | ---------------------------- | ----- | ----- | ----- | -------------------------------------------------------------------------------- | +| 17 Oct 2023 | [4.3.2+p1](pgd_4.3.2+p1_rel_notes)| 4.3.2 | 2.3.2 | 1.1.1 | [23.20](/tpa/latest/rel_notes/tpa_23.20_rel_notes) | | 31 Aug 2023 | [4.3.2 ](pgd_4.3.2_rel_notes)| 4.3.2 | 2.3.1 | 1.1.1 | [23.20](/tpa/latest/rel_notes/tpa_23.20_rel_notes) | | 27 Jul 2023 | [4.3.1+p2 ](pgd_4.3.1+p2_rel_notes)| 4.3.1 | 2.3.1 | 1.1.1 | [23.19](/tpa/latest/rel_notes/tpa_23.19_rel_notes) | | 12 Jul 2023 | [4.3.1+p1 ](pgd_4.3.1+p1_rel_notes)| 4.3.1 | 2.3.0 | 1.1.1 | [23.19](/tpa/latest/rel_notes/tpa_23.19_rel_notes) | diff --git a/product_docs/docs/pgd/4/rel_notes/pgd_4.3.2+p1_rel_notes.mdx b/product_docs/docs/pgd/4/rel_notes/pgd_4.3.2+p1_rel_notes.mdx new file mode 100644 index 00000000000..bbed865536b --- /dev/null +++ b/product_docs/docs/pgd/4/rel_notes/pgd_4.3.2+p1_rel_notes.mdx @@ -0,0 +1,19 @@ +--- +title: "Release notes for EDB Postgres Distributed version 4.3.2+p1" +navTitle: "Version 4.3.2+p1" +--- + +EDB Postgres Distributed version 4.3.2+p1 is a patch release of EDB Postgres Distributed 4, which includes bug fixes for issues identified in previous versions. + +If you are using any previous release of HARP, we recommend that you upgrade to HARP 2.3.2. + +!!! Note +This version is required for EDB Postgres Advanced Server versions 12.15, 13.11, 14.8 and later. +!!! + +| Component | Version | Type | Description | +| --------- | ------- | --------------- | ------------------------------------------------------------------------------------------------------------------------| +| HARP | 2.3.2 | Bug fix | Multiple fixes related to network partition in BDR DCS. | +| HARP | 2.3.2 | Bug fix | Fix intermittent harp-manager hang issue. | +| HARP | 2.3.2 | Bug fix | In Go driver calls, ensure rows.Err() is checked every time after rows.Next() returns false. | +| HARP | 2.3.2 | Change | Improve the BDR DCS's List method performance. | diff --git a/product_docs/docs/pgd/5/appusage/dml-ddl.mdx b/product_docs/docs/pgd/5/appusage/dml-ddl.mdx index b754d80577c..84523d69b7d 100644 --- a/product_docs/docs/pgd/5/appusage/dml-ddl.mdx +++ b/product_docs/docs/pgd/5/appusage/dml-ddl.mdx @@ -1,5 +1,5 @@ --- -title: DML and DDL replication and nonreplication. +title: DML and DDL replication and nonreplication navTitle: DML and DDL replication --- @@ -26,7 +26,7 @@ DDL replication works differently from DML. For DDL, PGD replicates the statemen which then executes on all nodes. So a `DROP TABLE IF EXISTS` might not replicate anything on the local node, but the statement is still sent to other nodes for execution if DDL replication is enabled. For details, see -[DDL replication](ddl). +[DDL replication](../ddl). PGD works to ensure that intermixed DML and DDL statements work correctly, even in the same transaction. @@ -56,4 +56,4 @@ This is true in standard PostgreSQL replication, and PGD doesn't yet improve on this. CAMO and Eager Replication options don't allow the `NOTIFY` SQL command or the -`pg_notify()` function. \ No newline at end of file +`pg_notify()` function. diff --git a/product_docs/docs/pgd/5/appusage/index.mdx b/product_docs/docs/pgd/5/appusage/index.mdx index 031148504a2..e0d43932a66 100644 --- a/product_docs/docs/pgd/5/appusage/index.mdx +++ b/product_docs/docs/pgd/5/appusage/index.mdx @@ -24,7 +24,7 @@ Developing an application with PGD is mostly the same as working with any Postgr * [DML and DDL replication](dml-and-ddl) shows the differences between the two classes of SQL statements and how PGD handles replicating them. It also looks at the commands PGD doesn't replicate at all. -* [Nodes with differences](differences) examines how PGD works with configurations where there are differing table structures and schemas on replicated nodes. Also covered is how to compare between such nodes with LiveCompare and how differences in PostgreSQL versions running on nodes can be handled. +* [Nodes with differences](nodes-with-differences) examines how PGD works with configurations where there are differing table structures and schemas on replicated nodes. Also covered is how to compare between such nodes with LiveCompare and how differences in PostgreSQL versions running on nodes can be handled. * [Application rules](rules) offers some general rules for applications to avoid data anomalies. diff --git a/product_docs/docs/pgd/5/appusage/timing.mdx b/product_docs/docs/pgd/5/appusage/timing.mdx index fd8ef8f2e01..f79e02a733b 100644 --- a/product_docs/docs/pgd/5/appusage/timing.mdx +++ b/product_docs/docs/pgd/5/appusage/timing.mdx @@ -13,5 +13,5 @@ for clients or proxies to prevent such stale reads. The synchronous replication features of Postgres are available to PGD as well. In addition, PGD provides multiple variants for more synchronous replication. -See [Durability and performance options](durability) for an overview and +See [Durability and performance options](../durability) for an overview and comparison of all variants available and their different modes. diff --git a/product_docs/docs/pgd/5/sequences.mdx b/product_docs/docs/pgd/5/sequences.mdx index 2d5af6320ce..1196ae5d782 100644 --- a/product_docs/docs/pgd/5/sequences.mdx +++ b/product_docs/docs/pgd/5/sequences.mdx @@ -73,7 +73,7 @@ command is executed or when a `serial`, `bigserial`, or - `timeshard`, which is the older version of SnowflakeId sequence and is provided for backward compatibility only. The SnowflakeId is preferred. - `distributed` (the default), which is a special value that you can use only for - []`bdr.default_sequence_kind`](reference/pgdpostgres-settings/#global-sequence-parameters). It selects `snowflakeid` for `int8` + [`bdr.default_sequence_kind`](reference/pgdpostgres-settings/#global-sequence-parameters). It selects `snowflakeid` for `int8` sequences (that is, `bigserial`) and `galloc` sequence for `int4` (that is, `serial`) and `int2` sequences. diff --git a/product_docs/docs/pgd/5/terminology.mdx b/product_docs/docs/pgd/5/terminology.mdx index 6926698fa33..2f62c12b15b 100644 --- a/product_docs/docs/pgd/5/terminology.mdx +++ b/product_docs/docs/pgd/5/terminology.mdx @@ -22,7 +22,7 @@ As data is replicated across the nodes of a PGD cluster, there might be occasion #### Consensus -How [Raft](#raft) makes group-wide decisions. Given a number of nodes in a group, Raft looks for a consensus of the majority (number of nodes divided by 2 plus 1) voting for a decision. For example, when a write leader is being selected, a Raft consensus is sought over which node in the group will be the write leader. Consensus can be reached only if there's a quorum of voting members. +How [Raft](#replicated-available-fault-tolerance-raft) makes group-wide decisions. Given a number of nodes in a group, Raft looks for a consensus of the majority (number of nodes divided by 2 plus 1) voting for a decision. For example, when a write leader is being selected, a Raft consensus is sought over which node in the group will be the write leader. Consensus can be reached only if there's a quorum of voting members. #### Cluster @@ -88,7 +88,7 @@ Traditionally, in PostgreSQL, a number of databases running on a single server i #### Quorum -When a [Raft](#Raft) [consensus](#consensus) is needed by a PGD cluster, a minimum number of voting nodes participating in the vote are needed. This number is called a quorum. For example, with a 5-node cluster, the quorum is 3 nodes in the cluster voting. A consensus is 5/2+1 nodes, 3 nodes voting the same way. If there are only 2 voting nodes, then a consensus is never established. +When a [Raft](#replicated-available-fault-tolerance-raft) [consensus](#consensus) is needed by a PGD cluster, a minimum number of voting nodes participating in the vote are needed. This number is called a quorum. For example, with a 5-node cluster, the quorum is 3 nodes in the cluster voting. A consensus is 5/2+1 nodes, 3 nodes voting the same way. If there are only 2 voting nodes, then a consensus is never established. #### Replicated available fault tolerance (Raft) @@ -112,8 +112,15 @@ A PGD cluster is based around bidirectional replication. But in some use cases, #### Two-phase commit (2PC) -A multi-step process for achieving consistency across multiple database nodes. The first phase sees a transaction prepared on an originating node and sent to all participating nodes. Each participating node validates that it can apply the transaction and -signals its readiness to the originating node. This is the precommit or prepare phase. In the second phase, if all the participating nodes signal they're ready, the originating node proceeds to commit the transaction and signals the participating nodes to commit, too. This is the commit phase. If, in the precommit phase, any node signals it isn't ready, the entire transaction is aborted. This process ensures all nodes get the same changes. +A multi-step process for achieving consistency across multiple database nodes. +The first phase sees a transaction prepared on an originating node and sent to +all participating nodes. Each participating node validates that it can apply the +transaction and signals its readiness to the originating node. This is the +prepare phase. In the second phase, if all the participating nodes signal they +are ready, the originating node proceeds to commit the transaction and signals +the participating nodes to commit, too. This is the commit phase. If, in the +prepare phase, any node signals it is not ready, the entire transaction is +aborted. It's this process that ensures all nodes get the same changes. #### Vertical scaling or scale up diff --git a/product_docs/docs/pgpool/4/installing/uninstalling.mdx b/product_docs/docs/pgpool/4/installing/uninstalling.mdx index 5de2f602c48..6b5e6421d1c 100644 --- a/product_docs/docs/pgpool/4/installing/uninstalling.mdx +++ b/product_docs/docs/pgpool/4/installing/uninstalling.mdx @@ -8,13 +8,11 @@ legacyRedirectsGenerated: - "/edb-docs/d/pgpool-ii/user-guides/pgpool-ii-guide/1.0/uninstalling_pgpool-II.html" --- -The following sections outline the process for uninstalling EDB Pgpool-II. - For information about uninstallling extensions, see [Uninstalling EDB Pgpool-II extensions](). ## Uninstalling EDB Pgpool-II on an RHEL//Rocky Linux/AlmaLinux host -To uninstall EDB Pgpool-II, assume the identity of the root user and invoke the following command: +To uninstall EDB Pgpool-II, assume the identity of the root user and invoke the appropriate command. On RHEL/CentOS 7: @@ -32,28 +30,30 @@ Where `` is the EDB Pgpool-II version. ## Uninstalling EDB Pgpool-II on a Debian/Ubuntu host -To uninstall EDB Pgpool-II on a Debian/Ubuntu host, invoke the following command: +To uninstall EDB Pgpool-II on a Debian/Ubuntu host: ```shell apt-get remove -y edb-pgpool ``` -Where `` is the EDB Pgpool-II version you want to uninstall +Where `` is the EDB Pgpool-II version you want to uninstall. ## Uninstalling EDB Pgpool-II on a SLES 12 host -To uninstall EDB Pgpool-II on a SLES host, assume the identity of the root user and invoke the following command: +To uninstall EDB Pgpool-II on a SLES host, assume the identity of the root user and invoke: ```shell zypper remove edb-pgpool ``` -Where <xx> is the EDB Pgpool-II version you wish to uninstall. +Where `` is the EDB Pgpool-II version you want to uninstall. ## Uninstalling EDB Pgpool-II Linux uninstaller -The EDB Pgpool-II graphical installer creates an uninstaller in the installation directory. If you have used the default installation directory, i.e. `/opt/edb`, then uninstaller will be in the `/opt/edb/pgpool` (where <x.y> is the EDB Pgpool-II version you have installed). +The EDB Pgpool-II graphical installer creates an uninstaller in the installation directory. If you used the default installation directory `/opt/edb`, then the uninstaller is in `/opt/edb/pgpool`, where `` is the EDB Pgpool-II version you installed. -1. Navigate into the directory that contains the uninstaller and assume superuser privileges. Open the uninstaller and click `Yes` to begin uninstalling EDB Pgpool-II. +1. Navigate into the directory that contains the uninstaller and assume superuser privileges. Open the uninstaller and select **Yes** to begin uninstalling EDB Pgpool-II. -2. The uninstallation process begins. Click `OK` when the uninstallation completes. + The uninstallation process begins. + +1. Select **OK** when the uninstallation completes. diff --git a/product_docs/docs/pgpool/4/installing/upgrading.mdx b/product_docs/docs/pgpool/4/installing/upgrading.mdx index c80e8e23fe9..976f1c454ab 100644 --- a/product_docs/docs/pgpool/4/installing/upgrading.mdx +++ b/product_docs/docs/pgpool/4/installing/upgrading.mdx @@ -10,12 +10,12 @@ legacyRedirectsGenerated: -The following information outlines the EDB Pgpool-II minor version upgrade process (for example, to upgrade from 4.2.5 to 4.2.6). +You can perform an EDB Pgpool-II minor version upgrade, for example, to upgrade from 4.2.5 to 4.2.6. For information about upgrading extensions, see [Upgrading EDB Pgpool-II extensions](../installing_extensions/upgrading_extensions). !!! Note - Version 4.3 is a major release. For more details on migrating from earlier versions to version 4.3, see the [Migration Section](https://www.pgpool.net/docs/43/en/html/release-4-3-0.html#MIGRATION-4-3-0). + Version 4.3 is a major release. For more details on migrating from a version earlier than 4.3, see [Migration](https://www.pgpool.net/docs/43/en/html/release-4-3-0.html#MIGRATION-4-3-0). To upgrade: @@ -23,9 +23,9 @@ To upgrade: sudo upgrade edb-pgpool ``` -where: +Where: -- `` is the package manager used with your operating system: +- `` is the package manager used with your operating system. | Package manager | Operating system | | --------------- | -------------------------------- | @@ -34,9 +34,9 @@ where: | zypper | SLES | | apt-get | Debian and Ubuntu | -- <xx> is the EDB Pgpool-II version you want to upgrade. +- `` is the EDB Pgpool-II version you want to upgrade. -For example, to upgrade from EDB Pgpool-II 4.2.5 to 4.2.6 on RHEL 9, execute the following command: +For example, to upgrade from EDB Pgpool-II 4.2.5 to 4.2.6 on RHEL 9: ```shell sudo dnf upgrade edb-pgpool42 diff --git a/product_docs/docs/pgpool/4/installing_extensions/creating_pgpool_extensions.mdx b/product_docs/docs/pgpool/4/installing_extensions/creating_pgpool_extensions.mdx index 7b23508088f..bd4bea098fc 100644 --- a/product_docs/docs/pgpool/4/installing_extensions/creating_pgpool_extensions.mdx +++ b/product_docs/docs/pgpool/4/installing_extensions/creating_pgpool_extensions.mdx @@ -5,13 +5,13 @@ redirects: - /pgpool/latest/02_extensions/creating_pgpool_extensions/ --- -You must install and create the extensions in each database where you will be using EDB Pgpool-II functionality. To ensure all extensions are available for future databases, you can add the extension to the `template1` database; any extensions installed in the `template1` database will be created in each of the databases that uses `template1` as a template during creation. +You must install and create the extensions in each database where you plan to use EDB Pgpool-II. To ensure all extensions are available for future databases, you can add the extension to the `template1` database. Any extensions installed in the `template1` database are created in each of the databases that uses `template1` as a template during creation. -**Pgpool_adm Extension** +## Pgpool_adm extension -`Pgpool_adm` is a set of extensions that allows SQL access to PCP commands. To view information about PCP commands, see . +`Pgpool_adm` is a set of extensions that allows SQL access to PCP commands. For information, see [PCP commands](https://www.pgpool.net/docs/latest/en/html/pcp-commands.html). After installing the `Pgpool_adm` extension, use the psql client application to connect to the database, and execute the following SQL command: @@ -19,15 +19,15 @@ After installing the `Pgpool_adm` extension, use the psql client application to CREATE EXTENSION pgpool_adm; ``` -To view more information about `Pgpool_adm`, see . +For more information about `Pgpool_adm`, see [Pgpool_adm docs](https://www.pgpool.net/docs/latest/en/html/pgpool-adm.html). -**Pgpool_recovery Extension** +## Pgpool_recovery extension The `Pgpool_recovery` extension is required for online recovery and future fail-back mechanisms. -After installing the `Pgpool_recovery` extension, use psql to connect to the database, and execute the following SQL command to create a `Pgpool_recovery` extension: +After installing the `Pgpool_recovery` extension, use psql to connect to the database. Create a `Pgpool_recovery` extension: ```sql CREATE EXTENSION pgpool_recovery; diff --git a/product_docs/docs/pgpool/4/installing_extensions/uninstalling_extensions.mdx b/product_docs/docs/pgpool/4/installing_extensions/uninstalling_extensions.mdx index 3e795e21565..56d133bbfa6 100644 --- a/product_docs/docs/pgpool/4/installing_extensions/uninstalling_extensions.mdx +++ b/product_docs/docs/pgpool/4/installing_extensions/uninstalling_extensions.mdx @@ -6,11 +6,10 @@ legacyRedirectsGenerated: - "/edb-docs/d/pgpool-ii/user-guides/pgpool-ii-guide/1.0/uninstalling_pgpool-II.html" --- -The following sections outline the process of uninstalling EDB Pgpool-II extensions. ## Uninstalling EDB Pgpool-II extensions on an RHEL/CentOS/Rocky Linux/AlmaLinux host -To remove extensions from the server, execute the following command: +To remove extensions from the server, execute the appropriate command. On RHEL/CentOS 7: @@ -28,7 +27,7 @@ Where `` is the EDB Postgres Advanced Server version, and `` is the EDB ## Uninstalling EDB Pgpool-II extensions on a SLES 12 host -To uninstall EDB Pgpool-II extensions on a SLES host, assume the identity of the root user and invoke the following command: +To uninstall EDB Pgpool-II extensions on a SLES host, assume the identity of the root user and invoke: ```shell zypper remove edb-as-pgpool-extensions @@ -38,7 +37,7 @@ Where `` is the EDB Postgres Advanced Server version, and `` is the EDB ## Uninstalling EDB Pgpool-II extensions on a Debian/Ubuntu host -To uninstall EDB Pgpool-II extensions on a Debian/Ubuntu host, invoke the following command: +To uninstall EDB Pgpool-II extensions on a Debian/Ubuntu host: ```shell apt-get remove -y edb-as-pgpool-extensions @@ -48,7 +47,8 @@ Where `` is the EDB Postgres Advanced Server version, and `` is the EDB ## Uninstalling EDB Pgpool-II extensions Linux graphical uninstaller -The EDB Pgpool-II extensions graphical installer creates an uninstaller in the installation directory. If you have used the default installation directory, i.e. `/opt/edb/as`, then uninstaller will be in the `/opt/edb/as` (where <xx> is the EDB Postgres Advanced Server version you have installed). +The EDB Pgpool-II extensions graphical installer creates an uninstaller in the installation directory. If you used the default installation directory `/opt/edb/as`, then the uninstaller is in the `/opt/edb/as`, where `` is the EDB Postgres Advanced Server version you installed. -1. Navigate into the directory that contains the uninstaller and assume superuser privileges. Open the uninstaller and click `Yes` to begin uninstalling EDB Pgpool-II extensions. -2. The uninstallation process begins. Click `OK` when the uninstallation completes. +1. Navigate into the directory that contains the uninstaller and assume superuser privileges. Open the uninstaller and select **Yes** to begin uninstalling EDB Pgpool-II extensions. + The uninstallation process begins. +1. Select **OK** when the uninstallation completes. diff --git a/product_docs/docs/pgpool/4/installing_extensions/upgrading_extensions.mdx b/product_docs/docs/pgpool/4/installing_extensions/upgrading_extensions.mdx index 5d3ab129d50..19314344950 100644 --- a/product_docs/docs/pgpool/4/installing_extensions/upgrading_extensions.mdx +++ b/product_docs/docs/pgpool/4/installing_extensions/upgrading_extensions.mdx @@ -8,12 +8,12 @@ legacyRedirectsGenerated: -The following information outlines the version upgrade process for EDB PgPool-II extensions (for example, to upgrade from 4.2.5 to 4.2.6). +You can upgrade the version of EDB PgPool-II extensions, for example, from 4.2.5 to 4.2.6. For information about upgrading PgPool, see [Upgrading EDB Pgpool-II](../installing/upgrading). !!! Note - 4.3 is a major release. For more details on migrating from earlier versions to version 4.3, see the [Migration Section](https://www.pgpool.net/docs/43/en/html/release-4-3-0.html#MIGRATION-4-3-0). + 4.3 is a major release. For more details on migrating from earlier versions to version 4.3, see [Migration](https://www.pgpool.net/docs/43/en/html/release-4-3-0.html#MIGRATION-4-3-0). To upgrade PgPool-II extensions: @@ -21,9 +21,9 @@ To upgrade PgPool-II extensions: sudo upgrade edb-as-pgpool-extensions ``` -where: +Where: -- `` is the package manager used with your operating system: +- `` is the package manager used with your operating system. | Package manager | Operating system | | --------------- | -------------------------------- | @@ -35,5 +35,4 @@ where: - `` is the EDB Postgres Advanced Server version, and `` is the EDB Pgpool-II extension version. !!! Note - Only minor version upgrade is supported (for example, you can upgrade from 3.6.20 to 3.6.21 extension, but not 3.7.14). - + Only minor version upgrade is supported. For example, you can upgrade from 3.6.20 to 3.6.21 extension but not to 3.7.14. diff --git a/product_docs/docs/postgis/3.2/installing/uninstalling.mdx b/product_docs/docs/postgis/3.2/installing/uninstalling.mdx index 4d653d51d93..f6055408ad7 100644 --- a/product_docs/docs/postgis/3.2/installing/uninstalling.mdx +++ b/product_docs/docs/postgis/3.2/installing/uninstalling.mdx @@ -10,33 +10,31 @@ legacyRedirectsGenerated: -This section walks you through the process of uninstalling PostGIS. - ## Uninstalling PostGIS on a CentOS/RHEL/Rocky Linux/AlmaLinux host -To uninstall PostGIS on a CentOS/RHEL host, assume the identity of the root user and invoke the following command: +To uninstall PostGIS on a CentOS/RHEL host, assume the identity of the root user and invoke the appropriate command. -On CentOS/RHEL 7 for EPAS version 13: +On CentOS/RHEL 7 for EDB Posgres Advanced Server version 13: ```shell yum -y erase edb-as13-postgis3* ``` -On CentOS/RHEL 7 for older versions of EPAS: +On CentOS/RHEL 7 for earlier versions of EDB Posgres Advanced Server: ```shell yum erase edb-as-postgis-* ``` -Where *<xx>* is the Advanced Server version and <y.y.y> is the PostGIS version you want to uninstall. +Where `` is the EDB Postgres Advanced Server version and `` is the PostGIS version you want to uninstall. -On Rocky Linux/AlmaLinux/RHEL 8 for EPAS version 13: +On Rocky Linux/AlmaLinux/RHEL 8 for EDB Posgres Advanced Server version 13: ```shell dnf -y erase edb-as13-postgis3* ``` -On Rocky Linux/AlmaLinux/RHEL 8 for older versions of EPAS: +On Rocky Linux/AlmaLinux/RHEL 8 for earlier versions of EDB Posgres Advanced Server: ```shell dnf erase edb-as-postgis-* @@ -44,17 +42,17 @@ dnf erase edb-as-postgis-* ## Uninstalling PostGIS on a Debian/Ubuntu host -To uninstall PostGIS on a Debian or Ubuntu host, invoke the following command: +To uninstall PostGIS on a Debian or Ubuntu host: ```shell apt-get remove edb-as-postgis-* ``` -Where *<xx>* is the Advanced Server version and <y.y> is the PostGIS version you want to uninstall +Where `` is the EDB Postgres Advanced Server version and `` is the PostGIS version you want to uninstall ## Uninstalling PostGIS on a SLES host -To uninstall PostGIS on a SLES host, assume the identity of the root user and invoke the following command: +To uninstall PostGIS on a SLES host, assume the identity of the root user and invoke: ```shell zypper remove edb-as12-postgis* @@ -62,14 +60,12 @@ zypper remove edb-as12-postgis* ## Uninstalling PostGIS on a Windows host -The PostGIS graphical installer creates an uninstaller that you can use to remove PostGIS. The uninstaller is created in the installation directory that you have specified while installing PostGIS (default is `C:\Program Files\edb\as13`). - -1. Navigate into the directory that contains the uninstaller and assume superuser privileges. Open the uninstaller and click `Yes` to begin uninstalling PostGIS: +The PostGIS graphical installer creates an uninstaller that you can use to remove PostGIS. The uninstaller is created in the installation directory that you specified while installing PostGIS. The default is `C:\Program Files\edb\as13`. -![The Uninstaller opens](../../images/uninstall1.png) -Fig. 9: The Uninstaller Confirmation Dialog +1. Navigate into the directory that contains the uninstaller and assume superuser privileges. -2. The uninstallation process begins. Click `OK` when the uninstallation completes: +1. To begin uninstalling PostGIS, open the uninstaller and select **Yes**. -![Uninstallation is Complete](../../images/uninstall4final.png) -Fig. 10: Uninstallation is Complete + The uninstallation process begins. + +1. When the uninstallation completes, select **OK**. diff --git a/product_docs/docs/postgis/3.2/installing/upgrading.mdx b/product_docs/docs/postgis/3.2/installing/upgrading.mdx index a73e0993e34..558756020ba 100644 --- a/product_docs/docs/postgis/3.2/installing/upgrading.mdx +++ b/product_docs/docs/postgis/3.2/installing/upgrading.mdx @@ -10,7 +10,7 @@ legacyRedirectsGenerated: -This section walks you through the following upgrade examples for RHEL/CentOS 7 platforms: +These examples show upgrading for RHEL/CentOS 7 platforms: - [Example 1: Upgrading from PostGIS version 3.1 to 3.2](/postgis/latest/installing/upgrading/#example-1-upgrading-from-postgis-version-31-to-32) - [Example 2: Upgrading from PostGIS versions 2.5 or later to 3.1.4 on the same EDB Postgres Advanced Server version](/postgis/latest/installing/upgrading/#example-2-upgrading-from-postgis-versions-25-or-later-to-314-on-the-same-edb-postgres-advanced-server-version) @@ -18,21 +18,21 @@ This section walks you through the following upgrade examples for RHEL/CentOS 7 ## Example 1: Upgrading from PostGIS version 3.1 to 3.2 -The following example walks you through upgrading from PostGIS version 3.1 to version 3.2 for EDB Postgres Advanced Server 14. +This example upgrades from PostGIS version 3.1 to version 3.2 for EDB Postgres Advanced Server 14. -To avoid accidental upgrades, PostGIS version 3.1 and 3.2 use different package names. So, upgrading to version 3.2 requires that you first uninstall version 3.1. Once you install version 3.2, you can upgrade the PostGIS extensions. +To avoid accidental upgrades, PostGIS versions 3.1 and 3.2 use different package names. So, upgrading to version 3.2 requires that you first uninstall version 3.1. After you install version 3.2, you can upgrade the PostGIS extensions. -1. Create the PostGIS extensions in PostGIS version 3.1, if you haven't already. For instructions, see [Creating extensions](/postgis/latest/02_creating_extensions/). +1. If you haven't already, create the PostGIS extensions in PostGIS version 3.1. For instructions, see [Creating extensions](/postgis/latest/02_creating_extensions/). 1. Uninstall PostGIS version 3.1. - For EPAS version 14: + For EDB Posgres Advanced Server version 14: ```shell yum -y erase edb-as14-postgis3 ``` - For older versions of EDB Postgres Advanced Server: + For earlier versions of EDB Postgres Advanced Server: ```shell yum erase edb-as-postgis3 @@ -44,7 +44,7 @@ To avoid accidental upgrades, PostGIS version 3.1 and 3.2 use different package 1. Install PostGIS version 3.2. For instructions, see [Installing PostGIS on RHEL 7/OL 7 x86](/postgis/latest/installing/linux_x86_64/postgis_rhel_7/). -1. Upgrade the PostGIS extensions using the following command: +1. Upgrade the PostGIS extensions: !!! Note If you first upgraded from a PostGIS version earlier than 2.5 to PostGIS version 3.1, then you must `DROP` the `postgis_raster extension` before executing the command. @@ -66,19 +66,19 @@ To avoid accidental upgrades, PostGIS version 3.1 and 3.2 use different package ## Example 2: Upgrading from PostGIS versions 2.5 or later to 3.1.4 on the same EDB Postgres Advanced Server version -The following example walks you through the process of upgrading from PostGIS version 2.5.5 to PostGIS version 3.1.4 for EDB Postgres Advanced Server version 12. +This example upgrades from PostGIS version 2.5.5 to PostGIS version 3.1.4 for EDB Postgres Advanced Server version 12. !!! Note - It is assumed that you have already created extensions for PostGIS version 2.5.5 as described in [Creating extensions](/postgis/latest/02_creating_extensions/) and EDB Advanced Server 12 service is running. + It's assumed that you already created extensions for PostGIS version 2.5.5 as described in [Creating extensions](/postgis/latest/02_creating_extensions/) and that the EDB Advanced Server 12 service is running. -1. To upgrade PostGIS version 2.5.5 to PostGIS version 3.1.4 for EDB Postgres Advanced Server 12, assume the superuser privileges and invoke the following command: +1. To upgrade PostGIS version 2.5.5 to PostGIS version 3.1.4 for EDB Postgres Advanced Server 12, assume superuser privileges and invoke: ```shell yum upgrade edb-as12-postgis-3.1.4 -y ``` -2. To update extensions, switch to `enterprisedb` user, connect to the database (where you have already created extensions) with the psql client application, and execute the following commands: +2. To update extensions, switch to the enterprisedb user, connect to the database where you already created extensions with the psql client application, and invoke: ```sql edb=# alter extension postgis update to '3.1.4'; @@ -107,7 +107,7 @@ The following example walks you through the process of upgrading from PostGIS ve ## Example 3: Upgrading from PostGIS versions earlier than 2.5 to 3.1.4 on a different EDB Postgres Advanced Server version -The following example walks you through the process of upgrading PostGIS version 2.4.6 for EDB Postgres Advanced Server 10 to PostGIS version 3.1.4 for EDB Postgres Advanced Server version 14: +This example upgrades PostGIS version 2.4.6 for EDB Postgres Advanced Server 10 to PostGIS version 3.1.4 for EDB Postgres Advanced Server version 14: - Step 1 — Upgrade to PostGIS 3.1.1. This is an intermediate step required to resolve dependency issues. @@ -116,7 +116,7 @@ The following example walks you through the process of upgrading PostGIS version - Step 3 — Upgrade EDB Postgres Advanced Server version 10 to 14. !!! Note - It is assumed that you have already created extensions for the PostGIS version earlier than 2.5.5 as described in [Creating extensions](/postgis/latest/02_creating_extensions) and EDB Advanced Server 10 service is running. + It's assumed that you already created extensions for the PostGIS version earlier than 2.5.5, as described in [Creating extensions](/postgis/latest/02_creating_extensions), and EDB Advanced Server 10 service is running. When the PostGIS data has a dependency on the raster functions, upgrading to PostGIS version 3.1.4 requires [dumping and reloading the data](https://www.postgresql.org/docs/current/app-pgdump.html). @@ -128,7 +128,7 @@ Step 1 — To upgrade PostGIS version 2.4.6 to 3.1.4, you need to upgrade it cd /usr/edb/as10/bin/ ``` -2. Assume the superuser privileges and invoke the following command to upgrade to PostGIS version 3.1.1: +2. Assume superuser privileges and upgrade to PostGIS version 3.1.1: ```shell yum upgrade edb-as10-postgis-3.1.1 -y @@ -137,7 +137,7 @@ Step 1 — To upgrade PostGIS version 2.4.6 to 3.1.4, you need to upgrade it !!! Note See the [Installing PostGIS on a Debian/Ubuntu Host section](/postgis/latest/installing/linux_x86_64/) for information about Debian platform commands. -3. To update extensions, switch to `enterprisedb` user, connect to the database (where you have already created extensions) with the psql client application, and execute the following commands: +3. To update extensions, switch to the enterprisedb user, connect to the database where you already created extensions with the psql client application, and execute the following commands: ```sql edb=# alter extension postgis update to '3.1.1'; @@ -173,7 +173,7 @@ Step 2 — Upgrade to PostGIS version 3.1.4: yum upgrade edb-as10-postgis-3.1.4 -y ``` -2. To update extensions, switch to `enterprisedb` user and execute the following commands: +2. To update extensions, switch to the enterprisedb user and invoke: ```sql edb=# alter extension postgis update to '3.1.4'; @@ -206,7 +206,7 @@ Step 2 — Upgrade to PostGIS version 3.1.4: ALTER EXTENSION ``` - Quit and re-open the psql client session: + Quit and reopen the psql client session: ```sql edb=# \q @@ -220,7 +220,7 @@ Step 2 — Upgrade to PostGIS version 3.1.4: Step 3 — Upgrade EDB Postgres Advanced Server version 10 to 14: -1. Assume the superuser privileges to stop the EDB Postgres Advanced Server 10 service: +1. Assume superuser privileges and stop the EDB Postgres Advanced Server 10 service: ```shell systemctl stop edb-as-10 @@ -232,7 +232,7 @@ Step 3 — Upgrade EDB Postgres Advanced Server version 10 to 14: yum install edb-as14-server -y ``` -3. Navigate to the bin directory of EDB Advanced Server 14 and initialize the cluster: +3. Navigate to the `/bin` directory of EDB Advanced Server 14 and initialize the cluster: ```shell cd /usr/edb/as14/bin/ @@ -240,26 +240,26 @@ Step 3 — Upgrade EDB Postgres Advanced Server version 10 to 14: ./edb-as-14-setup initdb ``` -4. Install the PostGIS version 3.1.4 for EDB Postgres Advanced Server version 14.0: +4. Install PostGIS version 3.1.4 for EDB Postgres Advanced Server version 14.0: ```shell yum install edb-as14-postgis3-3.1.4 -y ``` -5. Assume the superuser privileges to stop the EDB Postgres Advanced Server 14.0 service: +5. Assume superuser privileges and stop the EDB Postgres Advanced Server 14.0 service: ```shell systemctl stop edb-as-14 ``` -6. Switch to `enterprisedb` user and create a `temp` folder: +6. Switch to the enterprisedb user and create a `temp` folder: ```shell su enterprisedb cd $(mktemp -d) ``` -7. Execute the following commands to check cluster compatibility and consistency, as well as to perform the upgrade. +7. Check cluster compatibility and consistency and perform the upgrade: ```text bash-4.2$ /usr/edb/as14/bin/pg_upgrade -d /var/lib/edb/as10/data/ -D /var/lib/edb/as14/data/ -U enterprisedb -b /usr/edb/as10/bin/ -B /usr/edb/as14/bin/ -p 5444 -P 5445 -c @@ -349,7 +349,7 @@ Step 3 — Upgrade EDB Postgres Advanced Server version 10 to 14: ./delete_old_cluster.sh ``` -8. Assume the superuser privileges, navigate to the `bin` directory of EDB Postgres Advanced Server 14, and start the service: +8. Assume superuser privileges, navigate to the `bin` directory of EDB Postgres Advanced Server 14, and start the service: ```shell cd /usr/edb/as14/bin/ @@ -357,7 +357,7 @@ Step 3 — Upgrade EDB Postgres Advanced Server version 10 to 14: systemctl start edb-as-14 ``` -9. To update extensions, switch to `enterprisedb` user, connect to the database (where you have already created extensions) with the psql client application, and execute the following commands: +9. To update extensions, switch to the enterprisedb user, connect to the database where you already created extensions with the psql client application, and execute the following commands: ```sql su enterprisedb @@ -370,4 +370,3 @@ Step 3 — Upgrade EDB Postgres Advanced Server version 10 to 14: Upgrade completed, run SELECT postgis_full_version(); for details (1 row) ``` - diff --git a/product_docs/docs/postgis/3.2/installing/windows.mdx b/product_docs/docs/postgis/3.2/installing/windows.mdx index 17a6960fd7b..10148f3c982 100644 --- a/product_docs/docs/postgis/3.2/installing/windows.mdx +++ b/product_docs/docs/postgis/3.2/installing/windows.mdx @@ -5,62 +5,50 @@ redirects: - /postgis/latest/01a_installing_postgis/installing_on_windows/ --- -You must install Advanced Server before installing PostGIS. If you have used the graphical Setup wizard to install EDB Postgres Advanced Server, you can use StackBuilder Plus to add PostGIS to your installation. For details about using the graphical installer to install and configure Advanced Server, see the EDB Postgres Advanced Server Installation Guide for Windows. +You must install EDB Postgres Advanced Server before installing PostGIS. If you used the graphical wizard to install EDB Postgres Advanced Server, you can use StackBuilder Plus to add PostGIS to your installation. For details about using the graphical installer to install and configure EDB Postgres Advanced Server, see the [EDB Postgres Advanced Server documentation](/epas/latest). !!! Note - To install PostGIS version 3.1 on EDB Postgres Advanced Server version 10 on Windows, you need to upgrade it to the latest EDB Postgres Advanced Server minor version of 10.16.25 (or later), and then proceed with PostGIS 3.1 installation. + To install PostGIS version 3.1 on EDB Postgres Advanced Server version 10 on Windows, you need to upgrade it to the latest EDB Postgres Advanced Server minor version of 10.16.25 or later, and then proceed with PostGIS 3.1 installation. -1. Open StackBuilder Plus and select your Advanced Server installation from the drop-down list on the `Welcome` window. Click `Next` to continue to the application selection page. +1. Open StackBuilder Plus and select your EDB Postgres Advanced Server installation from the list on the Welcome window. Select **Next** to continue to the application selection page. ![The StackBuilder Plus Welcome window](../images/SBP_welcome.png) - Fig. 1: The StackBuilder Plus Welcome window -2. Expand the `Spatial Extensions` node, and check the box next to the PostGIS version. Click `Next` to continue. +2. Expand the **Spatial Extensions** node, and select the check box next to the PostGIS version. Select **Next**. -3. The selected packages and the default download directory are displayed; change the locations if required. Click `Next`. +3. The selected packages and the default download directory are displayed. If requried, change the locations. Select **Next**. ![The Installation Directory window](../images/postgis_installation.png) - Fig. 2: The Installation Directory window -4. Once you have downloaded the installation files, a confirmation message is displayed. Click `Next` to start the PostGIS installation. +4. After you download the installation files, a confirmation message is displayed. Select **Next** to start the PostGIS installation. ![Installing Postgis](../images/SBP_Installation_Files_Downloaded.png) - Fig. 3: Installing Postgis -5. Select an installation language and click `OK`. +5. Select an installation language and select **OK**. -6. The PostGIS welcome screen is displayed. Click `Next`. +6. The PostGIS welcome screen is displayed. Select **Next**. ![The Postgis welcome window](../images/postgis_welcome.png) - Fig. 4: The Postgis welcome window -7. Use the `Installation Directory` field to specify the directory you wish to install the PostGIS software. Click `Next` to continue. +7. Use the **Installation Directory** field to specify the directory where you want to install the PostGIS software. Select **Next**. -8. Use fields on the `EDB Postgres Advanced Server Installation Details` window to provide connection information for the Advanced Server host: +8. Use fields on the EDB Postgres Advanced Server Installation Details window to provide connection information for the EDB Postgres Advanced Server host: - - Use the `Host` field to identify the system on which Advanced Server resides. + - Use the **Host** field to identify the system on which EDB Postgres Advanced Server resides. - - Provide the name of the role that PostGIS will use for connections to the server in the `User Name` field. + - In the **User Name** field, provide the name of the role for PostGIS to use for connections to the server. - - Provide the password associated with the role in the `Password` field. + - In the **Password** field, provide the password associated with the role. - - Use the `Port` field to identify the listener port that Advanced Server monitors for client connections. + - Use the **Port** field to identify the listener port that EDB Postgres Advanced Server monitors for client connections. - Click `Next` to continue. + Select **Next**. ![The Advanced Server installation details window](../images/advanced_server_installation_details.png) - Fig. 5: The Advanced Server installation details window -9. The `Ready to Install` window notifies you when the installer has all of the information needed to install PostGIS on your system. Click `Next`. +9. The Ready to Install window notifies you when the installer has all of the information needed to install PostGIS on your system. Select **Next**. - ![The ready to install window](../images/ready_to_install.png) - Fig. 6: The ready to install window +10. Progress bars inform you as the installation progresses. Select **Finish** to exit the installer when the PostGIS installation completes. -10. Progress bars inform you as the installation progresses. Click `Finish` to exit the installer when the PostGIS installation completes. - - ![The installation is complete](../images/installattion_complete.png) - - Fig. 7: The installation is complete - - StackBuilder Plus will install PostGIS and create the `template_postgis` database and PostGIS functions. + StackBuilder Plus installs PostGIS and creates the `template_postgis` database and PostGIS functions. diff --git a/product_docs/docs/postgres_for_kubernetes/1/addons.mdx b/product_docs/docs/postgres_for_kubernetes/1/addons.mdx index 2e1439c0d08..3d957d977b3 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/addons.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/addons.mdx @@ -491,4 +491,4 @@ command to restore from a backup created with the above parameters would be: velero create restore myrestore \ --from-backup mybackup \ -n velero-install-namespace -``` \ No newline at end of file +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/api_reference.md.in b/product_docs/docs/postgres_for_kubernetes/1/api_reference.md.in deleted file mode 100644 index cde03bde967..00000000000 --- a/product_docs/docs/postgres_for_kubernetes/1/api_reference.md.in +++ /dev/null @@ -1,40 +0,0 @@ -# API Reference - -EDB Postgres for Kubernetes extends the Kubernetes API defining the following -custom resources: - -- [Backup](#backup) -- [Cluster](#cluster) -- [Pooler](#pooler) -- [ScheduledBackup](#scheduledbackup) - -All the resources are defined in the `postgresql.k8s.enterprisedb.io/v1` -API. - -Please refer to the ["Configuration Samples" page](samples.md)" of the -documentation for examples of usage. - -Below you will find a description of the defined resources: - - - -{{ range $ -}} -- [{{ .Name -}}](#{{ .Name -}}) -{{ end }} - -{{ range $ -}} -{{ .Anchor }} - -## {{ .Name }} - -{{ .Doc -}} -{{ if .Items }} - -{{ .TableFieldName }} | {{ .TableFieldDoc }} | {{ .TableFieldRawType }} -{{ .TableFieldNameDashSize }} | {{ .TableFieldDocDashSize }} | {{ .TableFieldRawTypeDashSize }} -{{ end }} -{{- range .Items -}} -`{{ .Name }}` | {{ .Doc }}{{ if .Mandatory }} - *mandatory* {{ end }} | {{ .RawType }} -{{ end }} -{{ end -}} - diff --git a/product_docs/docs/postgres_for_kubernetes/1/api_reference.mdx b/product_docs/docs/postgres_for_kubernetes/1/api_reference.mdx deleted file mode 100644 index c23f4c19fe8..00000000000 --- a/product_docs/docs/postgres_for_kubernetes/1/api_reference.mdx +++ /dev/null @@ -1,1149 +0,0 @@ ---- -title: 'API Reference' -originalFilePath: 'src/api_reference.md' ---- - -EDB Postgres for Kubernetes extends the Kubernetes API defining the following -custom resources: - -- [Backup](#backup) -- [Cluster](#cluster) -- [Pooler](#pooler) -- [ScheduledBackup](#scheduledbackup) - -All the resources are defined in the `postgresql.k8s.enterprisedb.io/v1` -API. - -Please refer to the ["Configuration Samples" page](samples.md)" of the -documentation for examples of usage. - -Below you will find a description of the defined resources: - - - -- [AffinityConfiguration](#AffinityConfiguration) -- [AzureCredentials](#AzureCredentials) -- [Backup](#Backup) -- [BackupConfiguration](#BackupConfiguration) -- [BackupList](#BackupList) -- [BackupSource](#BackupSource) -- [BackupSpec](#BackupSpec) -- [BackupStatus](#BackupStatus) -- [BarmanCredentials](#BarmanCredentials) -- [BarmanObjectStoreConfiguration](#BarmanObjectStoreConfiguration) -- [BootstrapConfiguration](#BootstrapConfiguration) -- [BootstrapInitDB](#BootstrapInitDB) -- [BootstrapPgBaseBackup](#BootstrapPgBaseBackup) -- [BootstrapRecovery](#BootstrapRecovery) -- [CertificatesConfiguration](#CertificatesConfiguration) -- [CertificatesStatus](#CertificatesStatus) -- [Cluster](#Cluster) -- [ClusterList](#ClusterList) -- [ClusterSpec](#ClusterSpec) -- [ClusterStatus](#ClusterStatus) -- [ConfigMapKeySelector](#ConfigMapKeySelector) -- [ConfigMapResourceVersion](#ConfigMapResourceVersion) -- [DataBackupConfiguration](#DataBackupConfiguration) -- [DataSource](#DataSource) -- [EPASConfiguration](#EPASConfiguration) -- [EmbeddedObjectMetadata](#EmbeddedObjectMetadata) -- [ExternalCluster](#ExternalCluster) -- [GoogleCredentials](#GoogleCredentials) -- [Import](#Import) -- [ImportSource](#ImportSource) -- [InstanceID](#InstanceID) -- [InstanceReportedState](#InstanceReportedState) -- [LDAPBindAsAuth](#LDAPBindAsAuth) -- [LDAPBindSearchAuth](#LDAPBindSearchAuth) -- [LDAPConfig](#LDAPConfig) -- [LocalObjectReference](#LocalObjectReference) -- [ManagedConfiguration](#ManagedConfiguration) -- [ManagedRoles](#ManagedRoles) -- [Metadata](#Metadata) -- [MonitoringConfiguration](#MonitoringConfiguration) -- [NodeMaintenanceWindow](#NodeMaintenanceWindow) -- [PasswordState](#PasswordState) -- [PgBouncerIntegrationStatus](#PgBouncerIntegrationStatus) -- [PgBouncerSecrets](#PgBouncerSecrets) -- [PgBouncerSpec](#PgBouncerSpec) -- [PodTemplateSpec](#PodTemplateSpec) -- [Pooler](#Pooler) -- [PoolerIntegrations](#PoolerIntegrations) -- [PoolerList](#PoolerList) -- [PoolerMonitoringConfiguration](#PoolerMonitoringConfiguration) -- [PoolerSecrets](#PoolerSecrets) -- [PoolerSpec](#PoolerSpec) -- [PoolerStatus](#PoolerStatus) -- [PostInitApplicationSQLRefs](#PostInitApplicationSQLRefs) -- [PostgresConfiguration](#PostgresConfiguration) -- [RecoveryTarget](#RecoveryTarget) -- [ReplicaClusterConfiguration](#ReplicaClusterConfiguration) -- [ReplicationSlotsConfiguration](#ReplicationSlotsConfiguration) -- [ReplicationSlotsHAConfiguration](#ReplicationSlotsHAConfiguration) -- [RoleConfiguration](#RoleConfiguration) -- [RollingUpdateStatus](#RollingUpdateStatus) -- [S3Credentials](#S3Credentials) -- [ScheduledBackup](#ScheduledBackup) -- [ScheduledBackupList](#ScheduledBackupList) -- [ScheduledBackupSpec](#ScheduledBackupSpec) -- [ScheduledBackupStatus](#ScheduledBackupStatus) -- [SecretKeySelector](#SecretKeySelector) -- [SecretVersion](#SecretVersion) -- [SecretsResourceVersion](#SecretsResourceVersion) -- [ServiceAccountTemplate](#ServiceAccountTemplate) -- [StorageConfiguration](#StorageConfiguration) -- [SyncReplicaElectionConstraints](#SyncReplicaElectionConstraints) -- [TDEConfiguration](#TDEConfiguration) -- [Topology](#Topology) -- [WalBackupConfiguration](#WalBackupConfiguration) - - - -## AffinityConfiguration - -AffinityConfiguration contains the info we need to create the affinity rules for Pods - -| Name | Description | Type | -| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `enablePodAntiAffinity ` | Activates anti-affinity for the pods. The operator will define pods anti-affinity unless this field is explicitly set to false | \*bool | -| `topologyKey ` | TopologyKey to use for anti-affinity configuration. See k8s documentation for more info on that - *mandatory* | string | -| `nodeSelector ` | NodeSelector is map of key-value pairs used to define the nodes on which the pods can run. More info: | map[string]string | -| `nodeAffinity ` | NodeAffinity describes node affinity scheduling rules for the pod. More info: | \*corev1.NodeAffinity | -| `tolerations ` | Tolerations is a list of Tolerations that should be set for all the pods, in order to allow them to run on tainted nodes. More info: | \[]corev1.Toleration | -| `podAntiAffinityType ` | PodAntiAffinityType allows the user to decide whether pod anti-affinity between cluster instance has to be considered a strong requirement during scheduling or not. Allowed values are: "preferred" (default if empty) or "required". Setting it to "required", could lead to instances remaining pending until new kubernetes nodes are added if all the existing nodes don't match the required pod anti-affinity rule. More info: | string | -| `additionalPodAntiAffinity` | AdditionalPodAntiAffinity allows to specify pod anti-affinity terms to be added to the ones generated by the operator if EnablePodAntiAffinity is set to true (default) or to be used exclusively if set to false. | \*corev1.PodAntiAffinity | -| `additionalPodAffinity ` | AdditionalPodAffinity allows to specify pod affinity terms to be passed to all the cluster's pods. | \*corev1.PodAffinity | - - - -## AzureCredentials - -AzureCredentials is the type for the credentials to be used to upload files to Azure Blob Storage. The connection string contains every needed information. If the connection string is not specified, we'll need the storage account name and also one (and only one) of: - -- storageKey - storageSasToken - -- inheriting the credentials from the pod environment by setting inheritFromAzureAD to true - -| Name | Description | Type | -| -------------------- | ----------------------------------------------------------------------------------------------- | ----------------------------------------- | -| `connectionString ` | The connection string to be used | [\*SecretKeySelector](#SecretKeySelector) | -| `storageAccount ` | The storage account where to upload data | [\*SecretKeySelector](#SecretKeySelector) | -| `storageKey ` | The storage account key to be used in conjunction with the storage account name | [\*SecretKeySelector](#SecretKeySelector) | -| `storageSasToken ` | A shared-access-signature to be used in conjunction with the storage account name | [\*SecretKeySelector](#SecretKeySelector) | -| `inheritFromAzureAD` | Use the Azure AD based authentication without providing explicitly the keys. - *mandatory* | bool | - - - -## Backup - -Backup is the Schema for the backups API - -| Name | Description | Type | -| ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | -| `metadata` | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | -| `spec ` | Specification of the desired behavior of the backup. More info: | [BackupSpec](#BackupSpec) | -| `status ` | Most recently observed status of the backup. This data may not be up to date. Populated by the system. Read-only. More info: | [BackupStatus](#BackupStatus) | - - - -## BackupConfiguration - -BackupConfiguration defines how the backup of the cluster are taken. Currently the only supported backup method is barmanObjectStore. For details and examples refer to the Backup and Recovery section of the documentation - -| Name | Description | Type | -| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | -| `barmanObjectStore` | The configuration for the barman-cloud tool suite | [\*BarmanObjectStoreConfiguration](#BarmanObjectStoreConfiguration) | -| `retentionPolicy ` | RetentionPolicy is the retention policy to be used for backups and WALs (i.e. '60d'). The retention policy is expressed in the form of `XXu` where `XX` is a positive integer and `u` is in `[dwm]` - days, weeks, months. | string | -| `target ` | The policy to decide which instance should perform backups. Available options are empty string, which will default to `prefer-standby` policy, `primary` to have backups run always on primary instances, `prefer-standby` to have backups run preferably on the most updated standby, if available. | BackupTarget | - - - -## BackupList - -BackupList contains a list of Backup - -| Name | Description | Type | -| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | -| `metadata` | Standard list metadata. More info: | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | -| `items ` | List of backups - *mandatory* | [\[\]Backup](#Backup) | - - - -## BackupSource - -BackupSource contains the backup we need to restore from, plus some information that could be needed to correctly restore it. - -| Name | Description | Type | -| ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | -| `endpointCA` | EndpointCA store the CA bundle of the barman endpoint. Useful when using self-signed certificates to avoid errors with certificate issuer and barman-cloud-wal-archive. | [\*SecretKeySelector](#SecretKeySelector) | - - - -## BackupSpec - -BackupSpec defines the desired state of Backup - -| Name | Description | Type | -| --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------- | -| `cluster` | The cluster to backup | [LocalObjectReference](#LocalObjectReference) | -| `target ` | The policy to decide which instance should perform this backup. If empty, it defaults to `cluster.spec.backup.target`. Available options are empty string, `primary` and `prefer-standby`. `primary` to have backups run always on primary instances, `prefer-standby` to have backups run preferably on the most updated standby, if available. | BackupTarget | - - - -## BackupStatus - -BackupStatus defines the observed state of Backup - -| Name | Description | Type | -| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | -| `endpointCA ` | EndpointCA store the CA bundle of the barman endpoint. Useful when using self-signed certificates to avoid errors with certificate issuer and barman-cloud-wal-archive. | [\*SecretKeySelector](#SecretKeySelector) | -| `endpointURL ` | Endpoint to be used to upload data to the cloud, overriding the automatic endpoint discovery | string | -| `destinationPath` | The path where to store the backup (i.e. s3://bucket/path/to/folder) this path, with different destination folders, will be used for WALs and for data. This may not be populated in case of errors. | string | -| `serverName ` | The server name on S3, the cluster name is used if this parameter is omitted | string | -| `encryption ` | Encryption method required to S3 API | string | -| `backupId ` | The ID of the Barman backup | string | -| `backupName ` | The Name of the Barman backup | string | -| `phase ` | The last backup status | BackupPhase | -| `startedAt ` | When the backup was started | [\*metav1.Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#time-v1-meta) | -| `stoppedAt ` | When the backup was terminated | [\*metav1.Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#time-v1-meta) | -| `beginWal ` | The starting WAL | string | -| `endWal ` | The ending WAL | string | -| `beginLSN ` | The starting xlog | string | -| `endLSN ` | The ending xlog | string | -| `error ` | The detected error | string | -| `commandOutput ` | Unused. Retained for compatibility with old versions. | string | -| `commandError ` | The backup command output in case of error | string | -| `instanceID ` | Information to identify the instance where the backup has been taken from | [\*InstanceID](#InstanceID) | - - - -## BarmanCredentials - -BarmanCredentials an object containing the potential credentials for each cloud provider - -| Name | Description | Type | -| ------------------- | ------------------------------------------------------------- | ----------------------------------------- | -| `googleCredentials` | The credentials to use to upload data to Google Cloud Storage | [\*GoogleCredentials](#GoogleCredentials) | -| `s3Credentials ` | The credentials to use to upload data to S3 | [\*S3Credentials](#S3Credentials) | -| `azureCredentials ` | The credentials to use to upload data to Azure Blob Storage | [\*AzureCredentials](#AzureCredentials) | - - - -## BarmanObjectStoreConfiguration - -BarmanObjectStoreConfiguration contains the backup configuration using Barman against an S3-compatible object storage - -| Name | Description | Type | -| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------- | -| `endpointURL ` | Endpoint to be used to upload data to the cloud, overriding the automatic endpoint discovery | string | -| `endpointCA ` | EndpointCA store the CA bundle of the barman endpoint. Useful when using self-signed certificates to avoid errors with certificate issuer and barman-cloud-wal-archive | [\*SecretKeySelector](#SecretKeySelector) | -| `destinationPath` | The path where to store the backup (i.e. s3://bucket/path/to/folder) this path, with different destination folders, will be used for WALs and for data - *mandatory* | string | -| `serverName ` | The server name on S3, the cluster name is used if this parameter is omitted | string | -| `wal ` | The configuration for the backup of the WAL stream. When not defined, WAL files will be stored uncompressed and may be unencrypted in the object store, according to the bucket default policy. | [\*WalBackupConfiguration](#WalBackupConfiguration) | -| `data ` | The configuration to be used to backup the data files When not defined, base backups files will be stored uncompressed and may be unencrypted in the object store, according to the bucket default policy. | [\*DataBackupConfiguration](#DataBackupConfiguration) | -| `tags ` | Tags is a list of key value pairs that will be passed to the Barman --tags option. | map[string]string | -| `historyTags ` | HistoryTags is a list of key value pairs that will be passed to the Barman --history-tags option. | map[string]string | - - - -## BootstrapConfiguration - -BootstrapConfiguration contains information about how to create the PostgreSQL cluster. Only a single bootstrap method can be defined among the supported ones. `initdb` will be used as the bootstrap method if left unspecified. Refer to the Bootstrap page of the documentation for more information. - -| Name | Description | Type | -| --------------- | ---------------------------------------------------------------------------------------- | ------------------------------------------------- | -| `initdb ` | Bootstrap the cluster via initdb | [\*BootstrapInitDB](#BootstrapInitDB) | -| `recovery ` | Bootstrap the cluster from a backup | [\*BootstrapRecovery](#BootstrapRecovery) | -| `pg_basebackup` | Bootstrap the cluster taking a physical backup of another compatible PostgreSQL instance | [\*BootstrapPgBaseBackup](#BootstrapPgBaseBackup) | - - - -## BootstrapInitDB - -BootstrapInitDB is the configuration of the bootstrap process when initdb is used Refer to the Bootstrap page of the documentation for more information. - -| Name | Description | Type | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- | -| `database ` | Name of the database used by the application. Default: `app`. - *mandatory* | string | -| `owner ` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. - *mandatory* | string | -| `secret ` | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch | [\*LocalObjectReference](#LocalObjectReference) | -| `redwood ` | If we need to enable/disable Redwood compatibility. Requires EPAS and for EPAS defaults to true | \*bool | -| `options ` | The list of options that must be passed to initdb when creating the cluster. Deprecated: This could lead to inconsistent configurations, please use the explicit provided parameters instead. If defined, explicit values will be ignored. | \[]string | -| `dataChecksums ` | Whether the `-k` option should be passed to initdb, enabling checksums on data pages (default: `false`) | \*bool | -| `encoding ` | The value to be passed as option `--encoding` for initdb (default:`UTF8`) | string | -| `localeCollate ` | The value to be passed as option `--lc-collate` for initdb (default:`C`) | string | -| `localeCType ` | The value to be passed as option `--lc-ctype` for initdb (default:`C`) | string | -| `walSegmentSize ` | The value in megabytes (1 to 1024) to be passed to the `--wal-segsize` option for initdb (default: empty, resulting in PostgreSQL default: 16MB) | int | -| `postInitSQL ` | List of SQL queries to be executed as a superuser immediately after the cluster has been created - to be used with extreme care (by default empty) | \[]string | -| `postInitApplicationSQL ` | List of SQL queries to be executed as a superuser in the application database right after is created - to be used with extreme care (by default empty) | \[]string | -| `postInitTemplateSQL ` | List of SQL queries to be executed as a superuser in the `template1` after the cluster has been created - to be used with extreme care (by default empty) | \[]string | -| `import ` | Bootstraps the new cluster by importing data from an existing PostgreSQL instance using logical backup (`pg_dump` and `pg_restore`) | [\*Import](#Import) | -| `postInitApplicationSQLRefs` | PostInitApplicationSQLRefs points references to ConfigMaps or Secrets which contain SQL files, the general implementation order to these references is from all Secrets to all ConfigMaps, and inside Secrets or ConfigMaps, the implementation order is same as the order of each array (by default empty) | [\*PostInitApplicationSQLRefs](#PostInitApplicationSQLRefs) | - - - -## BootstrapPgBaseBackup - -BootstrapPgBaseBackup contains the configuration required to take a physical backup of an existing PostgreSQL cluster - -| Name | Description | Type | -| ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | -| `source ` | The name of the server of which we need to take a physical backup - *mandatory* | string | -| `database` | Name of the database used by the application. Default: `app`. - *mandatory* | string | -| `owner ` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. - *mandatory* | string | -| `secret ` | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch | [\*LocalObjectReference](#LocalObjectReference) | - - - -## BootstrapRecovery - -BootstrapRecovery contains the configuration required to restore from an existing cluster using 3 methodologies: external cluster, volume snapshots or backup objects. Full recovery and Point-In-Time Recovery are supported. The method can be also be used to create clusters in continuous recovery (replica clusters), also supporting cascading replication when `instances` > 1. Once the cluster exits recovery, the password for the superuser will be changed through the provided secret. Refer to the Bootstrap page of the documentation for more information. - -| Name | Description | Type | -| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | -| `backup ` | The backup object containing the physical base backup from which to initiate the recovery procedure. Mutually exclusive with `source` and `volumeSnapshots`. | [\*BackupSource](#BackupSource) | -| `source ` | The external cluster whose backup we will restore. This is also used as the name of the folder under which the backup is stored, so it must be set to the name of the source cluster Mutually exclusive with `backup` and `volumeSnapshots`. | string | -| `volumeSnapshots` | The static PVC data source(s) from which to initiate the recovery procedure. Currently supporting `VolumeSnapshot` and `PersistentVolumeClaim` resources that map an existing PVC group, compatible with EDB Postgres for Kubernetes, and taken with a cold backup copy on a fenced Postgres instance (limitation which will be removed in the future when online backup will be implemented). Mutually exclusive with `backup` and `source`. | [\*DataSource](#DataSource) | -| `recoveryTarget ` | By default, the recovery process applies all the available WAL files in the archive (full recovery). However, you can also end the recovery as soon as a consistent state is reached or recover to a point-in-time (PITR) by specifying a `RecoveryTarget` object, as expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...). More info: | [\*RecoveryTarget](#RecoveryTarget) | -| `database ` | Name of the database used by the application. Default: `app`. - *mandatory* | string | -| `owner ` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. - *mandatory* | string | -| `secret ` | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch | [\*LocalObjectReference](#LocalObjectReference) | - - - -## CertificatesConfiguration - -CertificatesConfiguration contains the needed configurations to handle server certificates. - -| Name | Description | Type | -| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------- | -| `serverCASecret ` | The secret containing the Server CA certificate. If not defined, a new secret will be created with a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.

Contains:

- `ca.crt`: CA that should be used to validate the server certificate, used as `sslrootcert` in client connection strings.
- `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided, this can be omitted.
| string | -| `serverTLSSecret ` | The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as `ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely. If not defined, ServerCASecret must provide also `ca.key` and a new secret will be created using the provided CA. | string | -| `replicationTLSSecret` | The secret of type kubernetes.io/tls containing the client certificate to authenticate as the `streaming_replica` user. If not defined, ClientCASecret must provide also `ca.key`, and a new secret will be created using the provided CA. | string | -| `clientCASecret ` | The secret containing the Client CA certificate. If not defined, a new secret will be created with a self-signed CA and will be used to generate all the client certificates.

Contains:

- `ca.crt`: CA that should be used to validate the client certificates, used as `ssl_ca_file` of all the instances.
- `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided, this can be omitted.
| string | -| `serverAltDNSNames ` | The list of the server alternative DNS names to be added to the generated server TLS certificates, when required. | \[]string | - - - -## CertificatesStatus - -CertificatesStatus contains configuration certificates and related expiration dates. - -| Name | Description | Type | -| ------------- | -------------------------------------- | ----------------- | -| `expirations` | Expiration dates for all certificates. | map[string]string | - - - -## Cluster - -Cluster is the Schema for the PostgreSQL API - -| Name | Description | Type | -| ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | -| `metadata` | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | -| `spec ` | Specification of the desired behavior of the cluster. More info: | [ClusterSpec](#ClusterSpec) | -| `status ` | Most recently observed status of the cluster. This data may not be up to date. Populated by the system. Read-only. More info: | [ClusterStatus](#ClusterStatus) | - - - -## ClusterList - -ClusterList contains a list of Cluster - -| Name | Description | Type | -| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | -| `metadata` | Standard list metadata. More info: | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | -| `items ` | List of clusters - *mandatory* | [\[\]Cluster](#Cluster) | - - - -## ClusterSpec - -ClusterSpec defines the desired state of Cluster - -| Name | Description | Type | -| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | -| `description ` | Description of this PostgreSQL cluster | string | -| `inheritedMetadata ` | Metadata that will be inherited by all objects related to the Cluster | [\*EmbeddedObjectMetadata](#EmbeddedObjectMetadata) | -| `imageName ` | Name of the container image, supporting both tags (`:`) and digests for deterministic and repeatable deployments (`:@sha256:`) | string | -| `imagePullPolicy ` | Image pull policy. One of `Always`, `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. Cannot be updated. More info: | corev1.PullPolicy | -| `schedulerName ` | If specified, the pod will be dispatched by specified Kubernetes scheduler. If not specified, the pod will be dispatched by the default scheduler. More info: | string | -| `postgresUID ` | The UID of the `postgres` user inside the image, defaults to `26` | int64 | -| `postgresGID ` | The GID of the `postgres` user inside the image, defaults to `26` | int64 | -| `instances ` | Number of instances required in the cluster - *mandatory* | int | -| `minSyncReplicas ` | Minimum number of instances required in synchronous replication with the primary. Undefined or 0 allow writes to complete when no standby is available. | int | -| `maxSyncReplicas ` | The target value for the synchronous replication quorum, that can be decreased if the number of ready standbys is lower than this. Undefined or 0 disable synchronous replication. | int | -| `postgresql ` | Configuration of the PostgreSQL server | [PostgresConfiguration](#PostgresConfiguration) | -| `replicationSlots ` | Replication slots management configuration | [\*ReplicationSlotsConfiguration](#ReplicationSlotsConfiguration) | -| `bootstrap ` | Instructions to bootstrap this cluster | [\*BootstrapConfiguration](#BootstrapConfiguration) | -| `replica ` | Replica cluster configuration | [\*ReplicaClusterConfiguration](#ReplicaClusterConfiguration) | -| `superuserSecret ` | The secret containing the superuser password. If not defined a new secret will be created with a randomly generated password | [\*LocalObjectReference](#LocalObjectReference) | -| `enableSuperuserAccess ` | When this option is enabled, the operator will use the `SuperuserSecret` to update the `postgres` user password (if the secret is not present, the operator will automatically create one). When this option is disabled, the operator will ignore the `SuperuserSecret` content, delete it when automatically created, and then blank the password of the `postgres` user by setting it to `NULL`. Enabled by default. | \*bool | -| `certificates ` | The configuration for the CA and related certificates | [\*CertificatesConfiguration](#CertificatesConfiguration) | -| `imagePullSecrets ` | The list of pull secrets to be used to pull the images. If the license key contains a pull secret that secret will be automatically included. | [\[\]LocalObjectReference](#LocalObjectReference) | -| `storage ` | Configuration of the storage of the instances | [StorageConfiguration](#StorageConfiguration) | -| `serviceAccountTemplate ` | Configure the generation of the service account | [\*ServiceAccountTemplate](#ServiceAccountTemplate) | -| `walStorage ` | Configuration of the storage for PostgreSQL WAL (Write-Ahead Log) | [\*StorageConfiguration](#StorageConfiguration) | -| `startDelay ` | The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 30) | int32 | -| `stopDelay ` | The time in seconds that is allowed for a PostgreSQL instance to gracefully shutdown (default 30) | int32 | -| `switchoverDelay ` | The time in seconds that is allowed for a primary PostgreSQL instance to gracefully shutdown during a switchover. Default value is 40000000, greater than one year in seconds, big enough to simulate an infinite delay | int32 | -| `failoverDelay ` | The amount of time (in seconds) to wait before triggering a failover after the primary PostgreSQL instance in the cluster was detected to be unhealthy | int32 | -| `affinity ` | Affinity/Anti-affinity rules for Pods | [AffinityConfiguration](#AffinityConfiguration) | -| `topologySpreadConstraints` | TopologySpreadConstraints specifies how to spread matching pods among the given topology. More info: | \[]corev1.TopologySpreadConstraint | -| `resources ` | Resources requirements of every generated Pod. Please refer to for more information. | [corev1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core) | -| `priorityClassName ` | Name of the priority class which will be used in every generated Pod, if the PriorityClass specified does not exist, the pod will not be able to schedule. Please refer to for more information | string | -| `primaryUpdateStrategy ` | Deployment strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (`unsupervised` - default) or manual (`supervised`) | PrimaryUpdateStrategy | -| `primaryUpdateMethod ` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be with a switchover (`switchover`) or in-place (`restart` - default) | PrimaryUpdateMethod | -| `backup ` | The configuration to be used for backups | [\*BackupConfiguration](#BackupConfiguration) | -| `nodeMaintenanceWindow ` | Define a maintenance window for the Kubernetes nodes | [\*NodeMaintenanceWindow](#NodeMaintenanceWindow) | -| `licenseKey ` | The license key of the cluster. When empty, the cluster operates in trial mode and after the expiry date (default 30 days) the operator will cease any reconciliation attempt. For details, please refer to the license agreement that comes with the operator. | string | -| `licenseKeySecret ` | The reference to the license key. When this is set it take precedence over LicenseKey. | [\*corev1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `monitoring ` | The configuration of the monitoring infrastructure of this cluster | [\*MonitoringConfiguration](#MonitoringConfiguration) | -| `externalClusters ` | The list of external clusters which are used in the configuration | [\[\]ExternalCluster](#ExternalCluster) | -| `logLevel ` | The instances' log level, one of the following values: error, warning, info (default), debug, trace | string | -| `projectedVolumeTemplate ` | Template to be used to define projected volumes, projected volumes will be mounted under `/projected` base folder | \*corev1.ProjectedVolumeSource | -| `env ` | Env follows the Env format to pass environment variables to the pods created in the cluster | \[]corev1.EnvVar | -| `envFrom ` | EnvFrom follows the EnvFrom format to pass environment variables sources to the pods to be used by Env | \[]corev1.EnvFromSource | -| `managed ` | The configuration that is used by the portions of PostgreSQL that are managed by the instance manager | [\*ManagedConfiguration](#ManagedConfiguration) | -| `seccompProfile ` | The SeccompProfile applied to every Pod and Container. Defaults to: `RuntimeDefault` | \*corev1.SeccompProfile | - - - -## ClusterStatus - -ClusterStatus defines the observed state of Cluster - -| Name | Description | Type | -| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | -| `instances ` | The total number of PVC Groups detected in the cluster. It may differ from the number of existing instance pods. | int | -| `readyInstances ` | The total number of ready instances in the cluster. It is equal to the number of ready instance pods. | int | -| `instancesStatus ` | InstancesStatus indicates in which status the instances are | map[utils.PodStatus][]string | -| `instancesReportedState ` | The reported state of the instances during the last reconciliation loop | [map\[PodName\]InstanceReportedState](#InstanceReportedState) | -| `managedRolesStatus ` | ManagedRolesStatus reports the state of the managed roles in the cluster | [ManagedRoles](#ManagedRoles) | -| `timelineID ` | The timeline of the Postgres cluster | int | -| `topology ` | Instances topology. | [Topology](#Topology) | -| `latestGeneratedNode ` | ID of the latest generated node (used to avoid node name clashing) | int | -| `currentPrimary ` | Current primary instance | string | -| `targetPrimary ` | Target primary instance, this is different from the previous one during a switchover or a failover | string | -| `pvcCount ` | How many PVCs have been created by this cluster | int32 | -| `jobCount ` | How many Jobs have been created by this cluster | int32 | -| `danglingPVC ` | List of all the PVCs created by this cluster and still available which are not attached to a Pod | \[]string | -| `resizingPVC ` | List of all the PVCs that have ResizingPVC condition. | \[]string | -| `initializingPVC ` | List of all the PVCs that are being initialized by this cluster | \[]string | -| `healthyPVC ` | List of all the PVCs not dangling nor initializing | \[]string | -| `unusablePVC ` | List of all the PVCs that are unusable because another PVC is missing | \[]string | -| `licenseStatus ` | Status of the license | licensekey.Status | -| `writeService ` | Current write pod | string | -| `readService ` | Current list of read pods | string | -| `phase ` | Current phase of the cluster | string | -| `phaseReason ` | Reason for the current phase | string | -| `secretsResourceVersion ` | The list of resource versions of the secrets managed by the operator. Every change here is done in the interest of the instance manager, which will refresh the secret data | [SecretsResourceVersion](#SecretsResourceVersion) | -| `configMapResourceVersion ` | The list of resource versions of the configmaps, managed by the operator. Every change here is done in the interest of the instance manager, which will refresh the configmap data | [ConfigMapResourceVersion](#ConfigMapResourceVersion) | -| `certificates ` | The configuration for the CA and related certificates, initialized with defaults. | [CertificatesStatus](#CertificatesStatus) | -| `firstRecoverabilityPoint ` | The first recoverability point, stored as a date in RFC3339 format | string | -| `lastSuccessfulBackup ` | Stored as a date in RFC3339 format | string | -| `lastFailedBackup ` | Stored as a date in RFC3339 format | string | -| `cloudNativePostgresqlCommitHash ` | The commit hash number of which this operator running | string | -| `currentPrimaryTimestamp ` | The timestamp when the last actual promotion to primary has occurred | string | -| `currentPrimaryFailingSinceTimestamp` | The timestamp when the primary was detected to be unhealthy This field is reported when spec.failoverDelay is populated or during online upgrades | string | -| `targetPrimaryTimestamp ` | The timestamp when the last request for a new primary has occurred | string | -| `poolerIntegrations ` | The integration needed by poolers referencing the cluster | [\*PoolerIntegrations](#PoolerIntegrations) | -| `cloudNativePostgresqlOperatorHash ` | The hash of the binary of the operator | string | -| `onlineUpdateEnabled ` | OnlineUpdateEnabled shows if the online upgrade is enabled inside the cluster | bool | -| `azurePVCUpdateEnabled ` | AzurePVCUpdateEnabled shows if the PVC online upgrade is enabled for this cluster | bool | -| `conditions ` | Conditions for cluster object | \[]metav1.Condition | -| `instanceNames ` | List of instance names in the cluster | \[]string | - - - -## ConfigMapKeySelector - -ConfigMapKeySelector contains enough information to let you locate the key of a ConfigMap - -| Name | Description | Type | -| ----- | ------------------------------- | ------ | -| `key` | The key to select - *mandatory* | string | - - - -## ConfigMapResourceVersion - -ConfigMapResourceVersion is the resource versions of the secrets managed by the operator - -| Name | Description | Type | -| --------- | ----------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -| `metrics` | A map with the versions of all the config maps used to pass metrics. Map keys are the config map names, map values are the versions | map[string]string | - - - -## DataBackupConfiguration - -DataBackupConfiguration is the configuration of the backup of the data directory - -| Name | Description | Type | -| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -| `compression ` | Compress a backup file (a tar file per tablespace) while streaming it to the object store. Available options are empty string (no compression, default), `gzip`, `bzip2` or `snappy`. | CompressionType | -| `encryption ` | Whenever to force the encryption of files (if the bucket is not already configured for that). Allowed options are empty string (use the bucket policy, default), `AES256` and `aws:kms` | EncryptionType | -| `immediateCheckpoint` | Control whether the I/O workload for the backup initial checkpoint will be limited, according to the `checkpoint_completion_target` setting on the PostgreSQL server. If set to true, an immediate checkpoint will be used, meaning PostgreSQL will complete the checkpoint as soon as possible. `false` by default. | bool | -| `jobs ` | The number of parallel jobs to be used to upload the backup, defaults to 2 | \*int32 | - - - -## DataSource - -DataSource contains the configuration required to bootstrap a PostgreSQL cluster from an existing storage - -| Name | Description | Type | -| ------------ | ------------------------------------------------------------------------------- | ---------------------------------- | -| `storage ` | Configuration of the storage of the instances - *mandatory* | corev1.TypedLocalObjectReference | -| `walStorage` | Configuration of the storage for PostgreSQL WAL (Write-Ahead Log) | \*corev1.TypedLocalObjectReference | - - - -## EPASConfiguration - -EPASConfiguration contains EDB Postgres Advanced Server specific configurations - -| Name | Description | Type | -| ------- | --------------------------------- | --------------------------------------- | -| `audit` | If true enables edb_audit logging | bool | -| `tde ` | TDE configuration | [\*TDEConfiguration](#TDEConfiguration) | - - - -## EmbeddedObjectMetadata - -EmbeddedObjectMetadata contains metadata to be inherited by all resources related to a Cluster - -| Name | Description | Type | -| ------------- | ----------- | ----------------- | -| `labels ` | | map[string]string | -| `annotations` | | map[string]string | - - - -## ExternalCluster - -ExternalCluster represents the connection parameters to an external cluster which is used in the other sections of the configuration - -| Name | Description | Type | -| ---------------------- | ------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | -| `name ` | The server name, required - *mandatory* | string | -| `connectionParameters` | The list of connection parameters, such as dbname, host, username, etc | map[string]string | -| `sslCert ` | The reference to an SSL certificate to be used to connect to this instance | [\*corev1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `sslKey ` | The reference to an SSL private key to be used to connect to this instance | [\*corev1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `sslRootCert ` | The reference to an SSL CA public key to be used to connect to this instance | [\*corev1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `password ` | The reference to the password to be used to connect to the server | [\*corev1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `barmanObjectStore ` | The configuration for the barman-cloud tool suite | [\*BarmanObjectStoreConfiguration](#BarmanObjectStoreConfiguration) | - - - -## GoogleCredentials - -GoogleCredentials is the type for the Google Cloud Storage credentials. This needs to be specified even if we run inside a GKE environment. - -| Name | Description | Type | -| ------------------------ | -------------------------------------------------------------------------------------------------------- | ----------------------------------------- | -| `gkeEnvironment ` | If set to true, will presume that it's running inside a GKE environment, default to false. - *mandatory* | bool | -| `applicationCredentials` | The secret containing the Google Cloud Storage JSON file with the credentials | [\*SecretKeySelector](#SecretKeySelector) | - - - -## Import - -Import contains the configuration to init a database from a logic snapshot of an externalCluster - -| Name | Description | Type | -| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | -| `source ` | The source of the import - *mandatory* | [ImportSource](#ImportSource) | -| `type ` | The import type. Can be `microservice` or `monolith`. - *mandatory* | SnapshotType | -| `databases ` | The databases to import - *mandatory* | \[]string | -| `roles ` | The roles to import | \[]string | -| `postImportApplicationSQL` | List of SQL queries to be executed as a superuser in the application database right after is imported - to be used with extreme care (by default empty). Only available in microservice type. | \[]string | -| `schemaOnly ` | When set to true, only the `pre-data` and `post-data` sections of `pg_restore` are invoked, avoiding data import. Default: `false`. | bool | - - - -## ImportSource - -ImportSource describes the source for the logical snapshot - -| Name | Description | Type | -| ----------------- | ------------------------------------------------------------- | ------ | -| `externalCluster` | The name of the externalCluster used for import - *mandatory* | string | - - - -## InstanceID - -InstanceID contains the information to identify an instance - -| Name | Description | Type | -| ------------- | ---------------- | ------ | -| `podName ` | The pod name | string | -| `ContainerID` | The container ID | string | - - - -## InstanceReportedState - -InstanceReportedState describes the last reported state of an instance during a reconciliation loop - -| Name | Description | Type | -| ------------ | ----------------------------------------------------------- | ---- | -| `isPrimary ` | indicates if an instance is the primary one - *mandatory* | bool | -| `timeLineID` | indicates on which TimelineId the instance is | int | - - - -## LDAPBindAsAuth - -LDAPBindAsAuth provides the required fields to use the bind authentication for LDAP - -| Name | Description | Type | -| -------- | ----------------------------------------- | ------ | -| `prefix` | Prefix for the bind authentication option | string | -| `suffix` | Suffix for the bind authentication option | string | - - - -## LDAPBindSearchAuth - -LDAPBindSearchAuth provides the required fields to use the bind+search LDAP authentication process - -| Name | Description | Type | -| ----------------- | -------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | -| `baseDN ` | Root DN to begin the user search | string | -| `bindDN ` | DN of the user to bind to the directory | string | -| `bindPassword ` | Secret with the password for the user to bind to the directory | [\*corev1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `searchAttribute` | Attribute to match against the username | string | -| `searchFilter ` | Search filter to use when doing the search+bind authentication | string | - - - -## LDAPConfig - -LDAPConfig contains the parameters needed for LDAP authentication - -| Name | Description | Type | -| ---------------- | --------------------------------------------------------------- | ------------------------------------------- | -| `server ` | LDAP hostname or IP address | string | -| `port ` | LDAP server port | int | -| `scheme ` | LDAP schema to be used, possible options are `ldap` and `ldaps` | LDAPScheme | -| `tls ` | Set to 'true' to enable LDAP over TLS. 'false' is default | bool | -| `bindAsAuth ` | Bind as authentication configuration | [\*LDAPBindAsAuth](#LDAPBindAsAuth) | -| `bindSearchAuth` | Bind+Search authentication configuration | [\*LDAPBindSearchAuth](#LDAPBindSearchAuth) | - - - -## LocalObjectReference - -LocalObjectReference contains enough information to let you locate a local object with a known type inside the same namespace - -| Name | Description | Type | -| ------ | ----------------------------------- | ------ | -| `name` | Name of the referent. - *mandatory* | string | - - - -## ManagedConfiguration - -ManagedConfiguration represents the portions of PostgreSQL that are managed by the instance manager - -| Name | Description | Type | -| ------- | --------------------------------------- | ------------------------------------------- | -| `roles` | Database roles managed by the `Cluster` | [\[\]RoleConfiguration](#RoleConfiguration) | - - - -## ManagedRoles - -ManagedRoles tracks the status of a cluster's managed roles - -| Name | Description | Type | -| ----------------- | ----------------------------------------------------------------------------------------------------- | -------------------------------------------- | -| `byStatus ` | ByStatus gives the list of roles in each state | map[RoleStatus][]string | -| `cannotReconcile` | CannotReconcile lists roles that cannot be reconciled in PostgreSQL, with an explanation of the cause | map[string][]string | -| `passwordStatus ` | PasswordStatus gives the last transaction id and password secret version for each managed role | [map\[string\]PasswordState](#PasswordState) | - - - -## Metadata - -Metadata is a structure similar to the metav1.ObjectMeta, but still parseable by controller-gen to create a suitable CRD for the user. The comment of PodTemplateSpec has an explanation of why we are not using the core data types. - -| Name | Description | Type | -| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------- | -| `labels ` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: | map[string]string | -| `annotations` | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: | map[string]string | - - - -## MonitoringConfiguration - -MonitoringConfiguration is the type containing all the monitoring configuration for a certain cluster - -| Name | Description | Type | -| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | -| `disableDefaultQueries ` | Whether the default queries should be injected. Set it to `true` if you don't want to inject default queries into the cluster. Default: false. | \*bool | -| `customQueriesConfigMap` | The list of config maps containing the custom queries | [\[\]ConfigMapKeySelector](#ConfigMapKeySelector) | -| `customQueriesSecret ` | The list of secrets containing the custom queries | [\[\]SecretKeySelector](#SecretKeySelector) | -| `enablePodMonitor ` | Enable or disable the `PodMonitor` | bool | - - - -## NodeMaintenanceWindow - -NodeMaintenanceWindow contains information that the operator will use while upgrading the underlying node. - -This option is only useful when the chosen storage prevents the Pods from being freely moved across nodes. - -| Name | Description | Type | -| ------------ | ------------------------------------------------------------------------------------------------------------------------------ | ------ | -| `inProgress` | Is there a node maintenance activity in progress? - *mandatory* | bool | -| `reusePVC ` | Reuse the existing PVC (wait for the node to come up again) or not (recreate it elsewhere - when `instances` >1) - *mandatory* | \*bool | - - - -## PasswordState - -PasswordState represents the state of the password of a managed RoleConfiguration - -| Name | Description | Type | -| ----------------- | ------------------------------------------------------------------- | ------ | -| `transactionID ` | the last transaction ID to affect the role definition in PostgreSQL | int64 | -| `resourceVersion` | the resource version of the password secret | string | - - - -## PgBouncerIntegrationStatus - -PgBouncerIntegrationStatus encapsulates the needed integration for the pgbouncer poolers referencing the cluster - -| Name | Description | Type | -| --------- | ----------- | --------- | -| `secrets` | | \[]string | - - - -## PgBouncerSecrets - -PgBouncerSecrets contains the versions of the secrets used by pgbouncer - -| Name | Description | Type | -| ----------- | ----------------------------- | ------------------------------- | -| `authQuery` | The auth query secret version | [SecretVersion](#SecretVersion) | - - - -## PgBouncerSpec - -PgBouncerSpec defines how to configure PgBouncer - -| Name | Description | Type | -| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | -| `poolMode ` | The pool mode - *mandatory* | PgBouncerPoolMode | -| `authQuerySecret` | The credentials of the user that need to be used for the authentication query. In case it is specified, also an AuthQuery (e.g. "SELECT usename, passwd FROM pg_shadow WHERE usename=$1") has to be specified and no automatic CNP Cluster integration will be triggered. | [\*LocalObjectReference](#LocalObjectReference) | -| `authQuery ` | The query that will be used to download the hash of the password of a certain user. Default: "SELECT usename, passwd FROM user_search($1)". In case it is specified, also an AuthQuerySecret has to be specified and no automatic CNP Cluster integration will be triggered. | string | -| `parameters ` | Additional parameters to be passed to PgBouncer - please check the CNP documentation for a list of options you can configure | map[string]string | -| `pg_hba ` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) | \[]string | -| `paused ` | When set to `true`, PgBouncer will disconnect from the PostgreSQL server, first waiting for all queries to complete, and pause all new client connections until this value is set to `false` (default). Internally, the operator calls PgBouncer's `PAUSE` and `RESUME` commands. | \*bool | - - - -## PodTemplateSpec - -PodTemplateSpec is a structure allowing the user to set a template for Pod generation. - -Unfortunately we can't use the corev1.PodTemplateSpec type because the generated CRD won't have the field for the metadata section. - -References: - -| Name | Description | Type | -| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------- | -| `metadata` | Standard object's metadata. More info: | [Metadata](#Metadata) | -| `spec ` | Specification of the desired behavior of the pod. More info: | corev1.PodSpec | - - - -## Pooler - -Pooler is the Schema for the poolers API - -| Name | Description | Type | -| ---------- | ----------- | ------------------------------------------------------------------------------------------------------------ | -| `metadata` | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | -| `spec ` | | [PoolerSpec](#PoolerSpec) | -| `status ` | | [PoolerStatus](#PoolerStatus) | - - - -## PoolerIntegrations - -PoolerIntegrations encapsulates the needed integration for the poolers referencing the cluster - -| Name | Description | Type | -| ---------------------- | ----------- | --------------------------------------------------------- | -| `pgBouncerIntegration` | | [PgBouncerIntegrationStatus](#PgBouncerIntegrationStatus) | - - - -## PoolerList - -PoolerList contains a list of Pooler - -| Name | Description | Type | -| ---------- | ------------- | -------------------------------------------------------------------------------------------------------- | -| `metadata` | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | -| `items ` | - *mandatory* | [\[\]Pooler](#Pooler) | - - - -## PoolerMonitoringConfiguration - -PoolerMonitoringConfiguration is the type containing all the monitoring configuration for a certain Pooler. - -Mirrors the Cluster's MonitoringConfiguration but without the custom queries part for now. - -| Name | Description | Type | -| ------------------ | ---------------------------------- | ---- | -| `enablePodMonitor` | Enable or disable the `PodMonitor` | bool | - - - -## PoolerSecrets - -PoolerSecrets contains the versions of all the secrets used - -| Name | Description | Type | -| ------------------ | -------------------------------------------- | --------------------------------------- | -| `serverTLS ` | The server TLS secret version | [SecretVersion](#SecretVersion) | -| `serverCA ` | The server CA secret version | [SecretVersion](#SecretVersion) | -| `clientCA ` | The client CA secret version | [SecretVersion](#SecretVersion) | -| `pgBouncerSecrets` | The version of the secrets used by PgBouncer | [\*PgBouncerSecrets](#PgBouncerSecrets) | - - - -## PoolerSpec - -PoolerSpec defines the desired state of Pooler - -| Name | Description | Type | -| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | -| `cluster ` | This is the cluster reference on which the Pooler will work. Pooler name should never match with any cluster name within the same namespace. - *mandatory* | [LocalObjectReference](#LocalObjectReference) | -| `type ` | Which instances we must forward traffic to? - *mandatory* | PoolerType | -| `instances ` | The number of replicas we want - *mandatory* | int32 | -| `template ` | The template of the Pod to be created | [\*PodTemplateSpec](#PodTemplateSpec) | -| `pgbouncer ` | The PgBouncer configuration - *mandatory* | [\*PgBouncerSpec](#PgBouncerSpec) | -| `deploymentStrategy` | The deployment strategy to use for pgbouncer to replace existing pods with new ones | \*appsv1.DeploymentStrategy | -| `monitoring ` | The configuration of the monitoring infrastructure of this pooler. | [\*PoolerMonitoringConfiguration](#PoolerMonitoringConfiguration) | - - - -## PoolerStatus - -PoolerStatus defines the observed state of Pooler - -| Name | Description | Type | -| ----------- | ----------------------------------------- | --------------------------------- | -| `secrets ` | The resource version of the config object | [\*PoolerSecrets](#PoolerSecrets) | -| `instances` | The number of pods trying to be scheduled | int32 | - - - -## PostInitApplicationSQLRefs - -PostInitApplicationSQLRefs points references to ConfigMaps or Secrets which contain SQL files, the general implementation order to these references is from all Secrets to all ConfigMaps, and inside Secrets or ConfigMaps, the implementation order is same as the order of each array - -| Name | Description | Type | -| --------------- | ------------------------------------------------------ | ------------------------------------------------- | -| `secretRefs ` | SecretRefs holds a list of references to Secrets | [\[\]SecretKeySelector](#SecretKeySelector) | -| `configMapRefs` | ConfigMapRefs holds a list of references to ConfigMaps | [\[\]ConfigMapKeySelector](#ConfigMapKeySelector) | - - - -## PostgresConfiguration - -PostgresConfiguration defines the PostgreSQL configuration - -| Name | Description | Type | -| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | -| `parameters ` | PostgreSQL configuration options (postgresql.conf) | map[string]string | -| `pg_hba ` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) | \[]string | -| `epas ` | EDB Postgres Advanced Server specific configurations | [\*EPASConfiguration](#EPASConfiguration) | -| `syncReplicaElectionConstraint` | Requirements to be met by sync replicas. This will affect how the "synchronous_standby_names" parameter will be set up. | [SyncReplicaElectionConstraints](#SyncReplicaElectionConstraints) | -| `promotionTimeout ` | Specifies the maximum number of seconds to wait when promoting an instance to primary. Default value is 40000000, greater than one year in seconds, big enough to simulate an infinite timeout | int32 | -| `shared_preload_libraries ` | Lists of shared preload libraries to add to the default ones | \[]string | -| `ldap ` | Options to specify LDAP configuration | [\*LDAPConfig](#LDAPConfig) | - - - -## RecoveryTarget - -RecoveryTarget allows to configure the moment where the recovery process will stop. All the target options except TargetTLI are mutually exclusive. - -| Name | Description | Type | -| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `backupID ` | The ID of the backup from which to start the recovery process. If empty (default) the operator will automatically detect the backup based on targetTime or targetLSN if specified. Otherwise use the latest available backup in chronological order. | string | -| `targetTLI ` | The target timeline ("latest" or a positive integer) | string | -| `targetXID ` | The target transaction ID | string | -| `targetName ` | The target name (to be previously created with `pg_create_restore_point`) | string | -| `targetLSN ` | The target LSN (Log Sequence Number) | string | -| `targetTime ` | The target time as a timestamp in the RFC3339 standard | string | -| `targetImmediate` | End recovery as soon as a consistent state is reached | \*bool | -| `exclusive ` | Set the target to be exclusive. If omitted, defaults to false, so that in Postgres, `recovery_target_inclusive` will be true | \*bool | - - - -## ReplicaClusterConfiguration - -ReplicaClusterConfiguration encapsulates the configuration of a replica cluster - -| Name | Description | Type | -| --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `enabled` | If replica mode is enabled, this cluster will be a replica of an existing cluster. Replica cluster can be created from a recovery object store or via streaming through pg_basebackup. Refer to the Replication page of the documentation for more information. - *mandatory* | bool | -| `source ` | The name of the external cluster which is the replication origin - *mandatory* | string | - - - -## ReplicationSlotsConfiguration - -ReplicationSlotsConfiguration encapsulates the configuration of replication slots - -| Name | Description | Type | -| ------------------ | ---------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------- | -| `highAvailability` | Replication slots for high availability configuration | [\*ReplicationSlotsHAConfiguration](#ReplicationSlotsHAConfiguration) | -| `updateInterval ` | Standby will update the status of the local replication slots every `updateInterval` seconds (default 30). | int | - - - -## ReplicationSlotsHAConfiguration - -ReplicationSlotsHAConfiguration encapsulates the configuration of the replication slots that are automatically managed by the operator to control the streaming replication connections with the standby instances for high availability (HA) purposes. Replication slots are a PostgreSQL feature that makes sure that PostgreSQL automatically keeps WAL files in the primary when a streaming client (in this specific case a replica that is part of the HA cluster) gets disconnected. - -| Name | Description | Type | -| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------ | -| `enabled ` | If enabled, the operator will automatically manage replication slots on the primary instance and use them in streaming replication connections with all the standby instances that are part of the HA cluster. If disabled (default), the operator will not take advantage of replication slots in streaming connections with the replicas. This feature also controls replication slots in replica cluster, from the designated primary to its cascading replicas. This can only be set at creation time. - *mandatory* | \*bool | -| `slotPrefix` | Prefix for replication slots managed by the operator for HA. It may only contain lower case letters, numbers, and the underscore character. This can only be set at creation time. By default set to `_cnp_`. | string | - - - -## RoleConfiguration - -RoleConfiguration is the representation, in Kubernetes, of a PostgreSQL role with the additional field Ensure specifying whether to ensure the presence or absence of the role in the database - -The defaults of the CREATE ROLE command are applied Reference: - -| Name | Description | Type | -| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | -| `name ` | Name of the role - *mandatory* | string | -| `comment ` | Description of the role | string | -| `ensure ` | Ensure the role is `present` or `absent` - defaults to "present" | EnsureOption | -| `passwordSecret ` | Secret containing the password of the role (if present) If null, the password will be ignored unless DisablePassword is set | [\*LocalObjectReference](#LocalObjectReference) | -| `disablePassword` | DisablePassword indicates that a role's password should be set to NULL in Postgres | bool | -| `superuser ` | Whether the role is a `superuser` who can override all access restrictions within the database - superuser status is dangerous and should be used only when really needed. You must yourself be a superuser to create a new superuser. Defaults is `false`. | bool | -| `createdb ` | When set to `true`, the role being defined will be allowed to create new databases. Specifying `false` (default) will deny a role the ability to create databases. | bool | -| `createrole ` | Whether the role will be permitted to create, alter, drop, comment on, change the security label for, and grant or revoke membership in other roles. Default is `false`. | bool | -| `inherit ` | Whether a role "inherits" the privileges of roles it is a member of. Defaults is `true`. | \*bool | -| `login ` | Whether the role is allowed to log in. A role having the `login` attribute can be thought of as a user. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default is `false`. | bool | -| `replication ` | Whether a role is a replication role. A role must have this attribute (or be a superuser) in order to be able to connect to the server in replication mode (physical or logical replication) and in order to be able to create or drop replication slots. A role having the `replication` attribute is a very highly privileged role, and should only be used on roles actually used for replication. Default is `false`. | bool | -| `bypassrls ` | Whether a role bypasses every row-level security (RLS) policy. Default is `false`. | bool | -| `connectionLimit` | If the role can log in, this specifies how many concurrent connections the role can make. `-1` (the default) means no limit. | int64 | -| `validUntil ` | Date and time after which the role's password is no longer valid. When omitted, the password will never expire (default). | [\*metav1.Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#time-v1-meta) | -| `inRoles ` | List of one or more existing roles to which this role will be immediately added as a new member. Default empty. | \[]string | - - - -## RollingUpdateStatus - -RollingUpdateStatus contains the information about an instance which is being updated - -| Name | Description | Type | -| ----------- | ------------------------------------------------- | ------------------------------------------------------------------------------------------------ | -| `imageName` | The image which we put into the Pod - *mandatory* | string | -| `startedAt` | When the update has been started | [metav1.Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#time-v1-meta) | - - - -## S3Credentials - -S3Credentials is the type for the credentials to be used to upload files to S3. It can be provided in two alternative ways: - -- explicitly passing accessKeyId and secretAccessKey - -- inheriting the role from the pod environment by setting inheritFromIAMRole to true - -| Name | Description | Type | -| -------------------- | -------------------------------------------------------------------------------------- | ----------------------------------------- | -| `accessKeyId ` | The reference to the access key id | [\*SecretKeySelector](#SecretKeySelector) | -| `secretAccessKey ` | The reference to the secret access key | [\*SecretKeySelector](#SecretKeySelector) | -| `region ` | The reference to the secret containing the region name | [\*SecretKeySelector](#SecretKeySelector) | -| `sessionToken ` | The references to the session key | [\*SecretKeySelector](#SecretKeySelector) | -| `inheritFromIAMRole` | Use the role based authentication without providing explicitly the keys. - *mandatory* | bool | - - - -## ScheduledBackup - -ScheduledBackup is the Schema for the scheduledbackups API - -| Name | Description | Type | -| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | -| `metadata` | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#objectmeta-v1-meta) | -| `spec ` | Specification of the desired behavior of the ScheduledBackup. More info: | [ScheduledBackupSpec](#ScheduledBackupSpec) | -| `status ` | Most recently observed status of the ScheduledBackup. This data may not be up to date. Populated by the system. Read-only. More info: | [ScheduledBackupStatus](#ScheduledBackupStatus) | - - - -## ScheduledBackupList - -ScheduledBackupList contains a list of ScheduledBackup - -| Name | Description | Type | -| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | -| `metadata` | Standard list metadata. More info: | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#listmeta-v1-meta) | -| `items ` | List of clusters - *mandatory* | [\[\]ScheduledBackup](#ScheduledBackup) | - - - -## ScheduledBackupSpec - -ScheduledBackupSpec defines the desired state of ScheduledBackup - -| Name | Description | Type | -| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- | -| `suspend ` | If this backup is suspended or not | \*bool | -| `immediate ` | If the first backup has to be immediately start after creation or not | \*bool | -| `schedule ` | The schedule does not follow the same format used in Kubernetes CronJobs as it includes an additional seconds specifier, see - *mandatory* | string | -| `cluster ` | The cluster to backup | [LocalObjectReference](#LocalObjectReference) | -| `backupOwnerReference` | Indicates which ownerReference should be put inside the created backup resources.
- none: no owner reference for created backup objects (same behavior as before the field was introduced)
- self: sets the Scheduled backup object as owner of the backup
- cluster: set the cluster as owner of the backup
| string | -| `target ` | The policy to decide which instance should perform this backup. If empty, it defaults to `cluster.spec.backup.target`. Available options are empty string, `primary` and `prefer-standby`. `primary` to have backups run always on primary instances, `prefer-standby` to have backups run preferably on the most updated standby, if available. | BackupTarget | - - - -## ScheduledBackupStatus - -ScheduledBackupStatus defines the observed state of ScheduledBackup - -| Name | Description | Type | -| ------------------ | -------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | -| `lastCheckTime ` | The latest time the schedule | [\*metav1.Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#time-v1-meta) | -| `lastScheduleTime` | Information when was the last time that backup was successfully scheduled. | [\*metav1.Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#time-v1-meta) | -| `nextScheduleTime` | Next time we will run a backup | [\*metav1.Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#time-v1-meta) | - - - -## SecretKeySelector - -SecretKeySelector contains enough information to let you locate the key of a Secret - -| Name | Description | Type | -| ----- | ------------------------------- | ------ | -| `key` | The key to select - *mandatory* | string | - - - -## SecretVersion - -SecretVersion contains a secret name and its ResourceVersion - -| Name | Description | Type | -| --------- | --------------------------------- | ------ | -| `name ` | The name of the secret | string | -| `version` | The ResourceVersion of the secret | string | - - - -## SecretsResourceVersion - -SecretsResourceVersion is the resource versions of the secrets managed by the operator - -| Name | Description | Type | -| -------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----------------- | -| `superuserSecretVersion ` | The resource version of the "postgres" user secret | string | -| `replicationSecretVersion` | The resource version of the "streaming_replica" user secret | string | -| `applicationSecretVersion` | The resource version of the "app" user secret | string | -| `managedRoleSecretVersion` | The resource versions of the managed roles secrets | map[string]string | -| `caSecretVersion ` | Unused. Retained for compatibility with old versions. | string | -| `clientCaSecretVersion ` | The resource version of the PostgreSQL client-side CA secret version | string | -| `serverCaSecretVersion ` | The resource version of the PostgreSQL server-side CA secret version | string | -| `serverSecretVersion ` | The resource version of the PostgreSQL server-side secret version | string | -| `barmanEndpointCA ` | The resource version of the Barman Endpoint CA if provided | string | -| `metrics ` | A map with the versions of all the secrets used to pass metrics. Map keys are the secret names, map values are the versions | map[string]string | - - - -## ServiceAccountTemplate - -ServiceAccountTemplate contains the template needed to generate the service accounts - -| Name | Description | Type | -| ---------- | ------------------------------------------------------------------------------------ | --------------------- | -| `metadata` | Metadata are the metadata to be used for the generated service account - *mandatory* | [Metadata](#Metadata) | - - - -## StorageConfiguration - -StorageConfiguration is the configuration of the storage of the PostgreSQL instances - -| Name | Description | Type | -| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- | -| `storageClass ` | StorageClass to use for database data (`PGDATA`). Applied after evaluating the PVC template, if available. If not specified, generated PVCs will be satisfied by the default storage class | \*string | -| `size ` | Size of the storage. Required if not already specified in the PVC template. Changes to this field are automatically reapplied to the created PVCs. Size cannot be decreased. | string | -| `resizeInUseVolumes` | Resize existent PVCs, defaults to true | \*bool | -| `pvcTemplate ` | Template to be used to generate the Persistent Volume Claim | [\*corev1.PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#persistentvolumeclaim-v1-core) | - - - -## SyncReplicaElectionConstraints - -SyncReplicaElectionConstraints contains the constraints for sync replicas election. - -For anti-affinity parameters two instances are considered in the same location if all the labels values match. - -In future synchronous replica election restriction by name will be supported. - -| Name | Description | Type | -| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | --------- | -| `enabled ` | This flag enables the constraints for sync replicas - *mandatory* | bool | -| `nodeLabelsAntiAffinity` | A list of node labels values to extract and compare to evaluate if the pods reside in the same topology or not | \[]string | - - - -## TDEConfiguration - -TDEConfiguration contains the Transparent Data Encryption configuration - -| Name | Description | Type | -| ------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -| `enabled ` | True if we want to have TDE enabled | bool | -| `secretKeyRef ` | Reference to the secret that contains the encryption key | [\*v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `wrapCommand ` | WrapCommand is the encrypt command provided by the user | [\*v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `unwrapCommand ` | UnwrapCommand is the decryption command provided by the user | [\*v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | -| `passphraseCommand` | PassphraseCommand is the command executed to get the passphrase that will be passed to the OpenSSL command to encrypt and decrypt | [\*v1.SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#secretkeyselector-v1-core) | - - - -## Topology - -Topology contains the cluster topology - -| Name | Description | Type | -| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | -| `successfullyExtracted` | SuccessfullyExtracted indicates if the topology data was extract. It is useful to enact fallback behaviors in synchronous replica election in case of failures | bool | -| `instances ` | Instances contains the pod topology of the instances | map[PodName]PodTopologyLabels | -| `nodesUsed ` | NodesUsed represents the count of distinct nodes accommodating the instances. A value of '1' suggests that all instances are hosted on a single node, implying the absence of High Availability (HA). Ideally, this value should be the same as the number of instances in the Postgres HA cluster, implying shared nothing architecture on the compute side. | int32 | - - - -## WalBackupConfiguration - -WalBackupConfiguration is the configuration of the backup of the WAL stream - -| Name | Description | Type | -| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -| `compression` | Compress a WAL file before sending it to the object store. Available options are empty string (no compression, default), `gzip`, `bzip2` or `snappy`. | CompressionType | -| `encryption ` | Whenever to force the encryption of files (if the bucket is not already configured for that). Allowed options are empty string (use the bucket policy, default), `AES256` and `aws:kms` | EncryptionType | -| `maxParallel` | Number of WAL files to be either archived in parallel (when the PostgreSQL instance is archiving to a backup object store) or restored in parallel (when a PostgreSQL standby is fetching WAL files from a recovery object store). If not specified, WAL files will be processed one at a time. It accepts a positive integer as a value - with 1 being the minimum accepted value. | int | \ No newline at end of file diff --git a/product_docs/docs/postgres_for_kubernetes/1/applications.mdx b/product_docs/docs/postgres_for_kubernetes/1/applications.mdx index afd60986a0d..5c3a02df751 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/applications.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/applications.mdx @@ -68,11 +68,20 @@ PostgreSQL cluster it deploys: - `[cluster name]-superuser` - `[cluster name]-app` -The secrets contain the username, password, and a working -[`.pgpass file`](https://www.postgresql.org/docs/current/libpq-pgpass.html) -respectively for the `postgres` user and the *owner* of the database. +Each secret contain the following: + +- username +- password +- hostname to the RW service +- port number +- database name +- a working [`.pgpass file`](https://www.postgresql.org/docs/current/libpq-pgpass.html) +- [uri](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING) +- [jdbc-uri](https://jdbc.postgresql.org/documentation/use/#connecting-to-the-database) The `-app` credentials are the ones that should be used by applications -connecting to the PostgreSQL cluster. +connecting to the PostgreSQL cluster, and correspond to the user *owning* the +database. -The `-superuser` ones are supposed to be used only for administrative purposes. \ No newline at end of file +The `-superuser` ones are supposed to be used only for administrative purposes, +and correspond to the `postgres` user. diff --git a/product_docs/docs/postgres_for_kubernetes/1/architecture.mdx b/product_docs/docs/postgres_for_kubernetes/1/architecture.mdx index 25d13096d61..415d7d7ca22 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/architecture.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/architecture.mdx @@ -6,6 +6,10 @@ originalFilePath: 'src/architecture.md' This section covers the main architectural aspects you need to consider when deploying PostgreSQL in Kubernetes. +!!! Important + We encourage you to read an article that we've written for the CNCF blog + with title ["Recommended Architectures for PostgreSQL in Kubernetes"](https://www.cncf.io/blog/2023/09/29/recommended-architectures-for-postgresql-in-kubernetes/). + !!! Important If you are deploying PostgreSQL in a self-managed Kubernetes environment, please make sure you read the ["Kubernetes architecture"](#kubernetes-architecture) @@ -296,4 +300,4 @@ increase this number when the cluster is promoted to primary. Please refer to the ["Replica Clusters" section](replica_cluster.md) for more information about physical replica clusters work and how you can configure read-only clusters in different Kubernetes cluster to improve your global - disaster recovery and HA strategy. \ No newline at end of file + disaster recovery and HA strategy. diff --git a/product_docs/docs/postgres_for_kubernetes/1/backup.mdx b/product_docs/docs/postgres_for_kubernetes/1/backup.mdx new file mode 100644 index 00000000000..67bc5c8dedc --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/backup.mdx @@ -0,0 +1,382 @@ +--- +title: 'Backup' +originalFilePath: 'src/backup.md' +--- + +!!! Important + With version 1.21, backup and recovery capabilities in EDB Postgres for Kubernetes + have sensibly changed due to the introduction of native support for + [Kubernetes Volume Snapshots](backup_volumesnapshot.md). + Up to that point, backup and recovery were available only for object + stores. Please carefully read this section and the [recovery](recovery.md) + one if you have been a user of EDB Postgres for Kubernetes 1.15 through 1.20. + +PostgreSQL natively provides first class backup and recovery capabilities based +on file system level (physical) copy. These have been successfully used for +more than 15 years in mission critical production databases, helping +organizations all over the world achieve their disaster recovery goals with +Postgres. + +!!! Note + There's another way to backup databases in PostgreSQL, through the + `pg_dump` utility - which relies on logical backups instead of physical ones. + However, logical backups are not suitable for business continuity use cases + and as such are not covered by EDB Postgres for Kubernetes (yet, at least). + If you want to use the `pg_dump` utility, let yourself be inspired by the + ["Troubleshooting / Emergency backup" section](troubleshooting.md#emergency-backup). + +In EDB Postgres for Kubernetes, the backup infrastructure for each PostgreSQL cluster is made +up of the following resources: + +- **WAL archive**: a location containing the WAL files (transactional logs) + that are continuously written by Postgres and archived for data durability +- **Physical base backups**: a copy of all the files that PostgreSQL uses to + store the data in the database (primarily the `PGDATA` and any tablespace) + +The WAL archive can only be stored on object stores at the moment. + +On the other hand, EDB Postgres for Kubernetes supports two ways to store physical base backups: + +- on [object stores](backup_barmanobjectstore.md), as tarballs - optionally + compressed +- on [Kubernetes Volume Snapshots](backup_volumesnapshot.md), if supported by + the underlying storage class + +!!! Important + Before choosing your backup strategy with EDB Postgres for Kubernetes, it is important that + you take some time to familiarize with some basic concepts, like WAL archive, + hot and cold backups. + +## WAL archive + +The WAL archive in PostgreSQL is at the heart of **continuous backup**, and it +is fundamental for the following reasons: + +- **Hot backups**: the possibility to take physical base backups from any + instance in the Postgres cluster (either primary or standby) without shutting + down the server; they are also known as online backups +- **Point in Time recovery** (PITR): to possibility to recover at any point in + time from the first available base backup in your system + +!!! Warning + WAL archive alone is useless. Without a physical base backup, you cannot + restore a PostgreSQL cluster. + +In general, the presence of a WAL archive enhances the resilience of a +PostgreSQL cluster, allowing each instance to fetch any required WAL file from +the archive if needed (normally the WAL archive has higher retention periods +than any Postgres instance that normally recycles those files). + +This use case can also be extended to [replica clusters](replica_cluster.md), +as they can simply rely on the WAL archive to synchronize across long +distances, extending disaster recovery goals across different regions. + +When you [configure a WAL archive](wal_archiving.md), EDB Postgres for Kubernetes provides +out-of-the-box an RPO <= 5 minutes for disaster recovery, even across regions. + +!!! Important + Our recommendation is to always setup the WAL archive in production. + There are known use cases - normally involving staging and development + environments - where none of the above benefits are needed and the WAL + archive is not necessary. RPO in this case can be any value, such as + 24 hours (daily backups) or infinite (no backup at all). + +## Cold and Hot backups + +Hot backups have already been defined in the previous section. They require the +presence of a WAL archive and they are the norm in any modern database management +system. + +**Cold backups**, also known as offline backups, are instead physical base backups +taken when the PostgreSQL instance (standby or primary) is shut down. They are +consistent per definition and they represent a snapshot of the database at the +time it was shut down. + +As a result, PostgreSQL instances can be restarted from a cold backup without +the need of a WAL archive, even though they can take advantage of it, if +available (with all the benefits on the recovery side highlighted in the +previous section). + +In those situations with a higher RPO (for example, 1 hour or 24 hours), and +shorter retention periods, cold backups represent a viable option to be considered +for your disaster recovery plans. + +## Object stores or volume snapshots: which one to use? + +In EDB Postgres for Kubernetes, object store based backups: + +- always require the WAL archive +- support hot backup only +- don't support incremental copy +- don't support differential copy + +VolumeSnapshots instead: + +- don't require the WAL archive, although in production it is always recommended +- support cold backup only (currently) +- support incremental copy, depending on the underlying storage classes +- support differential copy, depending on the underlying storage classes + +Which one to use depends on your specific requirements and environment, +including: + +- availability of a viable object store solution in your Kubernetes cluster +- availability of a trusted storage class that supports volume snapshots +- size of the database: with object stores, the larger your database, the + longer backup and, most importantly, recovery procedures take (the latter + impacts RTO); in presence of Very Large Databases (VLDB), the general + advice is to rely on Volume Snapshots as, thanks to copy-on-write, they + provide faster recovery +- data mobility and possibility to store or relay backup files on a + secondary location in a different region, or any subsequent one +- other factors, mostly based on the confidence and familiarity with the + underlying storage solutions + +The summary table below highlights some of the main differences between the two +available methods for storing physical base backups. + +| | Object store | Volume Snapshots | +| --------------------------------- | :----------: | :------------------: | +| **WAL archiving** | Required | Recommended (1) | +| **Cold backup** | 𐄂 | ✓ | +| **Hot backup** | ✓ | 𐄂 (2) | +| **Incremental copy** | 𐄂 | ✓ (3) | +| **Differential copy** | 𐄂 | ✓ (3) | +| **Backup from a standby** | ✓ | ✓ | +| **Snapshot recovery** | 𐄂 (4) | ✓ | +| **Point In Time Recovery (PITR)** | ✓ | Requires WAL archive | +| **Underlying technology** | Barman Cloud | Kubernetes API | + +> See the explanation below for the notes in the above table: +> +> 1. WAL archive must be on an object store +> 2. Hot backup is not available yet for volume snapshots, and it is planned +> for version 1.22; however, considering that cold backup is taken by fencing +> temporarily a standby, the operation does not induce any downtime for your +> write applications +> 3. If supported by the underlying storage classes of the PostgreSQL volumes +> 4. Snapshot recovery can be emulated using the `bootstrap.recovery.recoveryTarget.targetImmediate` option + +## Scheduled backups + +Scheduled backups are the recommended way to configure your backup strategy in +EDB Postgres for Kubernetes. They are managed by the `ScheduledBackup` resource. + +!!! Info + Please refer to [`ScheduledBackupSpec`](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-ScheduledBackupSpec) + in the API reference for a full list of options. + +The `schedule` field allows you to define a *six-term cron schedule* specification, +which includes seconds, as expressed in +the [Go `cron` package format](https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format). + +!!! Warning + Beware that this format accepts also the `seconds` field, and it is + different from the `crontab` format in Unix/Linux systems. + +This is an example of a scheduled backup: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: ScheduledBackup +metadata: + name: backup-example +spec: + schedule: "0 0 0 * * *" + backupOwnerReference: self + cluster: + name: pg-backup +``` + +The above example will schedule a backup every day at midnight because the schedule +specifies zero for the second, minute, and hour, while specifying wildcard, meaning all, +for day of the month, month, and day of the week. + +In Kubernetes CronJobs, the equivalent expression is `0 0 * * *` because seconds +are not included. + +!!! Hint + Backup frequency might impact your recovery time object (RTO) after a + disaster which requires a full or Point-In-Time recovery operation. Our + advice is that you regularly test your backups by recovering them, and then + measuring the time it takes to recover from scratch so that you can refine + your RTO predictability. Recovery time is influenced by the size of the + base backup and the amount of WAL files that need to be fetched from the archive + and replayed during recovery (remember that WAL archiving is what enables + continuous backup in PostgreSQL!). + Based on our experience, a weekly base backup is more than enough for most + cases - while it is extremely rare to schedule backups more frequently than once + a day. + +You can choose whether to schedule a backup on a defined object store or a +volume snapshot via the `.spec.method` attribute, by default set to +`barmanObjectStore`. If you have properly defined +[volume snapshots](backup_volumesnapshot.md#how-to-configure-volume-snapshot-backups) +in the `backup` stanza of the cluster, you can set `method: volumeSnapshot` +to start scheduling base backups on volume snapshots. + +ScheduledBackups can be suspended, if needed, by setting `.spec.suspend: true`. +This will stop any new backup from being scheduled until the option is removed +or set back to `false`. + +In case you want to issue a backup as soon as the ScheduledBackup resource is created +you can set `.spec.immediate: true`. + +!!! Note + `.spec.backupOwnerReference` indicates which ownerReference should be put inside + the created backup resources. + + - *none:* no owner reference for created backup objects (same behavior as before the field was introduced) + - *self:* sets the Scheduled backup object as owner of the backup + - *cluster:* set the cluster as owner of the backup + +## On-demand backups + +!!! Info + Please refer to [`BackupSpec`](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-BackupSpec) + in the API reference for a full list of options. + +To request a new backup, you need to create a new `Backup` resource +like the following one: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Backup +metadata: + name: backup-example +spec: + method: barmanObjectStore + cluster: + name: pg-backup +``` + +In this case, the operator will start to orchestrate the cluster to take the +required backup on an object store, using `barman-cloud-backup`. You can check +the backup status using the plain `kubectl describe backup ` command: + +```text +Name: backup-example +Namespace: default +Labels: +Annotations: API Version: postgresql.k8s.enterprisedb.io/v1 +Kind: Backup +Metadata: + Creation Timestamp: 2020-10-26T13:57:40Z + Self Link: /apis/postgresql.k8s.enterprisedb.io/v1/namespaces/default/backups/backup-example + UID: ad5f855c-2ffd-454a-a157-900d5f1f6584 +Spec: + Cluster: + Name: pg-backup +Status: + Phase: running + Started At: 2020-10-26T13:57:40Z +Events: +``` + +When the backup has been completed, the phase will be `completed` +like in the following example: + +```text +Name: backup-example +Namespace: default +Labels: +Annotations: API Version: postgresql.k8s.enterprisedb.io/v1 +Kind: Backup +Metadata: + Creation Timestamp: 2020-10-26T13:57:40Z + Self Link: /apis/postgresql.k8s.enterprisedb.io/v1/namespaces/default/backups/backup-example + UID: ad5f855c-2ffd-454a-a157-900d5f1f6584 +Spec: + Cluster: + Name: pg-backup +Status: + Backup Id: 20201026T135740 + Destination Path: s3://backups/ + Endpoint URL: http://minio:9000 + Phase: completed + s3Credentials: + Access Key Id: + Key: ACCESS_KEY_ID + Name: minio + Secret Access Key: + Key: ACCESS_SECRET_KEY + Name: minio + Server Name: pg-backup + Started At: 2020-10-26T13:57:40Z + Stopped At: 2020-10-26T13:57:44Z +Events: +``` + +!!!Important + This feature will not backup the secrets for the superuser and the + application user. The secrets are supposed to be backed up as part of + the standard backup procedures for the Kubernetes cluster. + +## Backup from a standby + + + +Taking a base backup requires to scrape the whole data content of the +PostgreSQL instance on disk, possibly resulting in I/O contention with the +actual workload of the database. + +For this reason, EDB Postgres for Kubernetes allows you to take advantage of a +feature which is directly available in PostgreSQL: **backup from a standby**. + +By default, backups will run on the most aligned replica of a `Cluster`. If +no replicas are available, backups will run on the primary instance. + +!!! Info + Although the standby might not always be up to date with the primary, + in the time continuum from the first available backup to the last + archived WAL this is normally irrelevant. The base backup indeed + represents the starting point from which to begin a recovery operation, + including PITR. Similarly to what happens with + [`pg_basebackup`](https://www.postgresql.org/docs/current/app-pgbasebackup.html), + when backing up from an online standby we do not force a switch of the WAL on the + primary. This might produce unexpected results in the short term (before + `archive_timeout` kicks in) in deployments with low write activity. + +If you prefer to always run backups on the primary, you can set the backup +target to `primary` as outlined in the example below: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + [...] +spec: + backup: + target: "primary" +``` + +!!! Warning + Beware of setting the target to primary when performing a cold backup + with volume snapshots, as this will shut down the primary for + the time needed to take the snapshot, impacting write operations. + This also applies to taking a cold backup in a single-instance cluster, even + if you did not explicitly set the primary as the target. + +When the backup target is set to `prefer-standby`, such policy will ensure +backups are run on the most up-to-date available secondary instance, or if no +other instance is available, on the primary instance. + +By default, when not otherwise specified, target is automatically set to take +backups from a standby. + +The backup target specified in the `Cluster` can be overridden in the `Backup` +and `ScheduledBackup` types, like in the following example: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Backup +metadata: + [...] +spec: + cluster: + name: [...] + target: "primary" +``` + +In the previous example, EDB Postgres for Kubernetes will invariably choose the primary +instance even if the `Cluster` is set to prefer replicas. diff --git a/product_docs/docs/postgres_for_kubernetes/1/backup_barmanobjectstore.mdx b/product_docs/docs/postgres_for_kubernetes/1/backup_barmanobjectstore.mdx new file mode 100644 index 00000000000..0a0e316d77b --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/backup_barmanobjectstore.mdx @@ -0,0 +1,152 @@ +--- +title: 'Backup on object stores' +originalFilePath: 'src/backup_barmanobjectstore.md' +--- + +EDB Postgres for Kubernetes natively supports **online/hot backup** of PostgreSQL +clusters through continuous physical backup and WAL archiving on an object +store. This means that the database is always up (no downtime required) +and that Point In Time Recovery is available. + +The operator can orchestrate a continuous backup infrastructure +that is based on the [Barman Cloud](https://pgbarman.org) tool. Instead +of using the classical architecture with a Barman server, which +backs up many PostgreSQL instances, the operator relies on the +`barman-cloud-wal-archive`, `barman-cloud-check-wal-archive`, +`barman-cloud-backup`, `barman-cloud-backup-list`, and +`barman-cloud-backup-delete` tools. As a result, base backups will +be *tarballs*. Both base backups and WAL files can be compressed +and encrypted. + +For this, it is required to use an image with `barman-cli-cloud` included. +You can use the image `quay.io/enterprisedb/postgresql` for this scope, +as it is composed of a community PostgreSQL image and the latest +`barman-cli-cloud` package. + +!!! Important + Always ensure that you are running the latest version of the operands + in your system to take advantage of the improvements introduced in + Barman cloud (as well as improve the security aspects of your cluster). + +A backup is performed from a primary or a designated primary instance in a +`Cluster` (please refer to +[replica clusters](replica_cluster.md) +for more information about designated primary instances), or alternatively +on a [standby](backup/#backup-from-a-standby). + +## Common object stores + +If you are looking for a specific object store such as +[AWS S3](object_stores.md#aws-s3), +[Microsoft Azure Blob Storage](object_stores.md#azure-blob-storage), +[Google Cloud Storage](object_stores.md#google-cloud-storage), or +[MinIO Gateway](object_stores.md#minio-gateway), or a compatible +provider, please refer to [Appendix A - Common object stores](object_stores.md). + +## Retention policies + +!!! Important + Retention policies are not currently available on volume snapshots. + +EDB Postgres for Kubernetes can manage the automated deletion of backup files from +the backup object store, using **retention policies** based on the recovery +window. + +Internally, the retention policy feature uses `barman-cloud-backup-delete` +with `--retention-policy “RECOVERY WINDOW OF {{ retention policy value }} {{ retention policy unit }}”`. + +For example, you can define your backups with a retention policy of 30 days as +follows: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: "" + s3Credentials: + accessKeyId: + name: aws-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: aws-creds + key: ACCESS_SECRET_KEY + retentionPolicy: "30d" +``` + +!!! Note "There's more ..." + The **recovery window retention policy** is focused on the concept of + *Point of Recoverability* (`PoR`), a moving point in time determined by + `current time - recovery window`. The *first valid backup* is the first + available backup before `PoR` (in reverse chronological order). + EDB Postgres for Kubernetes must ensure that we can recover the cluster at + any point in time between `PoR` and the latest successfully archived WAL + file, starting from the first valid backup. Base backups that are older + than the first valid backup will be marked as *obsolete* and permanently + removed after the next backup is completed. + +## Compression algorithms + +EDB Postgres for Kubernetes by default archives backups and WAL files in an +uncompressed fashion. However, it also supports the following compression +algorithms via `barman-cloud-backup` (for backups) and +`barman-cloud-wal-archive` (for WAL files): + +- bzip2 +- gzip +- snappy + +The compression settings for backups and WALs are independent. See the +[DataBackupConfiguration](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-DataBackupConfiguration) and +[WALBackupConfiguration](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-WalBackupConfiguration) sections in +the API reference. + +It is important to note that archival time, restore time, and size change +between the algorithms, so the compression algorithm should be chosen according +to your use case. + +The Barman team has performed an evaluation of the performance of the supported +algorithms for Barman Cloud. The following table summarizes a scenario where a +backup is taken on a local MinIO deployment. The Barman GitHub project includes +a [deeper analysis](https://github.com/EnterpriseDB/barman/issues/344#issuecomment-992547396). + +| Compression | Backup Time (ms) | Restore Time (ms) | Uncompressed size (MB) | Compressed size (MB) | Approx ratio | +| ----------- | ---------------- | ----------------- | ---------------------- | -------------------- | ------------ | +| None | 10927 | 7553 | 395 | 395 | 1:1 | +| bzip2 | 25404 | 13886 | 395 | 67 | 5.9:1 | +| gzip | 116281 | 3077 | 395 | 91 | 4.3:1 | +| snappy | 8134 | 8341 | 395 | 166 | 2.4:1 | + +## Tagging of backup objects + +Barman 2.18 introduces support for tagging backup resources when saving them in +object stores via `barman-cloud-backup` and `barman-cloud-wal-archive`. As a +result, if your PostgreSQL container image includes Barman with version 2.18 or +higher, EDB Postgres for Kubernetes enables you to specify tags as key-value pairs +for backup objects, namely base backups, WAL files and history files. + +You can use two properties in the `.spec.backup.barmanObjectStore` definition: + +- `tags`: key-value pair tags to be added to backup objects and archived WAL + file in the backup object store +- `historyTags`: key-value pair tags to be added to archived history files in + the backup object store + +The excerpt of a YAML manifest below provides an example of usage of this +feature: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + [...] + tags: + backupRetentionPolicy: "expire" + historyTags: + backupRetentionPolicy: "keep" +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/backup_recovery.mdx b/product_docs/docs/postgres_for_kubernetes/1/backup_recovery.mdx index c891acbeded..8080d7e0fae 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/backup_recovery.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/backup_recovery.mdx @@ -3,915 +3,12 @@ title: 'Backup and Recovery' originalFilePath: 'src/backup_recovery.md' --- -EDB Postgres for Kubernetes natively supports **online/hot backup** of PostgreSQL -clusters through continuous physical backup and WAL archiving. -This means that the database is always up (no downtime required) -and that you can recover at any point in time from the first -available base backup in your system. The latter is normally -referred to as "Point In Time Recovery" (PITR). +Until EDB Postgres for Kubernetes 1.20, this page used to contain both the backup and +recovery phases of a PostgreSQL cluster. The reason was that EDB Postgres for Kubernetes +supported only backup and recovery object stores. -The operator can orchestrate a continuous backup infrastructure -that is based on the [Barman](https://pgbarman.org) tool. Instead -of using the classical architecture with a Barman server, which -backs up many PostgreSQL instances, the operator relies on the -`barman-cloud-wal-archive`, `barman-cloud-check-wal-archive`, -`barman-cloud-backup`, `barman-cloud-backup-list`, and -`barman-cloud-backup-delete` tools. As a result, base backups will -be *tarballs*. Both base backups and WAL files can be compressed -and encrypted. +Version 1.21 introduces support for the Kubernetes `VolumeSnapshot` API, +providing more possibilities for the end user. -For this, it is required to use an image with `barman-cli-cloud` included. -You can use the image `quay.io/enterprisedb/postgresql` for this scope, -as it is composed of a community PostgreSQL image and the latest -`barman-cli-cloud` package. - -!!! Important - Always ensure that you are running the latest version of the operands - in your system to take advantage of the improvements introduced in - Barman cloud (as well as improve the security aspects of your cluster). - -A backup is performed from a primary or a designated primary instance in a -`Cluster` (please refer to -[replica clusters](replica_cluster.md) -for more information about designated primary instances), or alternatively -on a [standby](#backup-from-a-standby). - -## Cloud provider support - -You can archive the backup files in any service that is supported -by the Barman Cloud infrastructure. That is: - -- [AWS S3](https://aws.amazon.com/s3/) -- [Microsoft Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) -- [Google Cloud Storage](https://cloud.google.com/storage/) - -You can also use any compatible implementation of the -supported services. - -The required setup depends on the chosen storage provider and is -discussed in the following sections. - -### S3 - -You can define the permissions to store backups in S3 buckets in two ways: - -- If EDB Postgres for Kubernetes is running in EKS. you may want to use the - [IRSA authentication method](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) -- Alternatively, you can use the `ACCESS_KEY_ID` and `ACCESS_SECRET_KEY` credentials - -#### AWS Access key - -You will need the following information about your environment: - -- `ACCESS_KEY_ID`: the ID of the access key that will be used - to upload files into S3 - -- `ACCESS_SECRET_KEY`: the secret part of the access key mentioned above - -- `ACCESS_SESSION_TOKEN`: the optional session token, in case it is required - -The access key used must have permission to upload files into -the bucket. Given that, you must create a Kubernetes secret with the -credentials, and you can do that with the following command: - -```sh -kubectl create secret generic aws-creds \ - --from-literal=ACCESS_KEY_ID= \ - --from-literal=ACCESS_SECRET_KEY= -# --from-literal=ACCESS_SESSION_TOKEN= # if required -``` - -The credentials will be stored inside Kubernetes and will be encrypted -if encryption at rest is configured in your installation. - -Once that secret has been created, you can configure your cluster like in -the following example: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - destinationPath: "" - s3Credentials: - accessKeyId: - name: aws-creds - key: ACCESS_KEY_ID - secretAccessKey: - name: aws-creds - key: ACCESS_SECRET_KEY -``` - -The destination path can be any URL pointing to a folder where -the instance can upload the WAL files, e.g. -`s3://BUCKET_NAME/path/to/folder`. - -#### IAM Role for Service Account (IRSA) - -In order to use IRSA you need to set an `annotation` in the `ServiceAccount` of -the Postgres cluster. - -We can configure EDB Postgres for Kubernetes to inject them using the `serviceAccountTemplate` -stanza: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -metadata: -[...] -spec: - serviceAccountTemplate: - metadata: - annotations: - eks.amazonaws.com/role-arn: arn:[...] - [...] -``` - -### Other S3-compatible Object Storages providers - -In case you're using S3-compatible object storage, like **MinIO** or -**Linode Object Storage**, you can specify an endpoint instead of using the -default S3 one. - -In this example, it will use the `bucket` of **Linode** in the region -`us-east1`. - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - destinationPath: "" - endpointURL: "https://bucket.us-east1.linodeobjects.com" - s3Credentials: - [...] -``` - -In case you're using **Digital Ocean Spaces**, you will have to use the Path-style syntax. -In this example, it will use the `bucket` from **Digital Ocean Spaces** in the region `SFO3`. - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - destinationPath: "s3://[your-bucket-name]/[your-backup-folder]/" - endpointURL: "https://sfo3.digitaloceanspaces.com" - s3Credentials: - [...] -``` - -!!! Important - Suppose you configure an Object Storage provider which uses a certificate signed with a private CA, - like when using OpenShift or MinIO via HTTPS. In that case, you need to set the option `endpointCA` - referring to a secret containing the CA bundle so that Barman can verify the certificate correctly. - -!!! Note - If you want ConfigMaps and Secrets to be **automatically** reloaded by instances, you can - add a label with key `k8s.enterprisedb.io/reload` to the Secrets/ConfigMaps. Otherwise, you will have to reload - the instances using the `kubectl cnp reload` subcommand. - -### MinIO Gateway - -Optionally, you can use MinIO Gateway as a common interface which -relays backup objects to other cloud storage solutions, like S3 or GCS. -For more information, please refer to [MinIO official documentation](https://docs.min.io/). - -Specifically, the EDB Postgres for Kubernetes cluster can directly point to a local -MinIO Gateway as an endpoint, using previously created credentials and service. - -MinIO secrets will be used by both the PostgreSQL cluster and the MinIO instance. -Therefore, you must create them in the same namespace: - -```sh -kubectl create secret generic minio-creds \ - --from-literal=MINIO_ACCESS_KEY= \ - --from-literal=MINIO_SECRET_KEY= -``` - -!!! Note - Cloud Object Storage credentials will be used only by MinIO Gateway in this case. - -!!! Important - In order to allow PostgreSQL to reach MinIO Gateway, it is necessary to create a - `ClusterIP` service on port `9000` bound to the MinIO Gateway instance. - -For example: - -```yaml -apiVersion: v1 -kind: Service -metadata: - name: minio-gateway-service -spec: - type: ClusterIP - ports: - - port: 9000 - targetPort: 9000 - protocol: TCP - selector: - app: minio -``` - -!!! Warning - At the time of writing this documentation, the official - [MinIO Operator](https://github.com/minio/minio-operator/issues/71) - for Kubernetes does not support the gateway feature. As such, we will use a - `deployment` instead. - -The MinIO deployment will use cloud storage credentials to upload objects to the -remote bucket and relay backup files to different locations. - -Here is an example using AWS S3 as Cloud Object Storage: - -```yaml -apiVersion: apps/v1 -kind: Deployment -[...] -spec: - containers: - - name: minio - image: minio/minio:RELEASE.2020-06-03T22-13-49Z - args: - - gateway - - s3 - env: - # MinIO access key and secret key - - name: MINIO_ACCESS_KEY - valueFrom: - secretKeyRef: - name: minio-creds - key: MINIO_ACCESS_KEY - - name: MINIO_SECRET_KEY - valueFrom: - secretKeyRef: - name: minio-creds - key: MINIO_SECRET_KEY - # AWS credentials - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: aws-creds - key: ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: aws-creds - key: ACCESS_SECRET_KEY -# Uncomment the below section if session token is required -# - name: AWS_SESSION_TOKEN -# valueFrom: -# secretKeyRef: -# name: aws-creds -# key: ACCESS_SESSION_TOKEN - ports: - - containerPort: 9000 -``` - -Proceed by configuring MinIO Gateway service as the `endpointURL` in the `Cluster` -definition, then choose a bucket name to replace `BUCKET_NAME`: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - destinationPath: s3://BUCKET_NAME/ - endpointURL: http://minio-gateway-service:9000 - s3Credentials: - accessKeyId: - name: minio-creds - key: MINIO_ACCESS_KEY - secretAccessKey: - name: minio-creds - key: MINIO_SECRET_KEY - [...] -``` - -Verify on `s3://BUCKET_NAME/` the presence of archived WAL files before -proceeding with a backup. - -### Azure Blob Storage - -In order to access your storage account, you will need one of the following combinations -of credentials: - -- [**Connection String**](https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string#configure-a-connection-string-for-an-azure-storage-account) -- **Storage account name** and [**Storage account access key**](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage) -- **Storage account name** and [**Storage account SAS Token**](https://docs.microsoft.com/en-us/azure/storage/blobs/sas-service-create) -- **Storage account name** and [**Azure AD Workload Identity**](https://azure.github.io/azure-workload-identity/docs/introduction.html) - properly configured. - -Using **Azure AD Workload Identity**, you can avoid saving the credentials into a Kubernetes Secret, -and have a Cluster configuration adding the `inheritFromAzureAD` as follows: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - destinationPath: "" - azureCredentials: - inheritFromAzureAD: true -``` - -On the other side, using both **Storage account access key** or **Storage account SAS Token**, -the credentials need to be stored inside a Kubernetes Secret, adding data entries only when -needed. The following command performs that: - -``` -kubectl create secret generic azure-creds \ - --from-literal=AZURE_STORAGE_ACCOUNT= \ - --from-literal=AZURE_STORAGE_KEY= \ - --from-literal=AZURE_STORAGE_SAS_TOKEN= \ - --from-literal=AZURE_STORAGE_CONNECTION_STRING= -``` - -The credentials will be encrypted at rest, if this feature is enabled in the used -Kubernetes cluster. - -Given the previous secret, the provided credentials can be injected inside the cluster -configuration: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - destinationPath: "" - azureCredentials: - connectionString: - name: azure-creds - key: AZURE_CONNECTION_STRING - storageAccount: - name: azure-creds - key: AZURE_STORAGE_ACCOUNT - storageKey: - name: azure-creds - key: AZURE_STORAGE_KEY - storageSasToken: - name: azure-creds - key: AZURE_STORAGE_SAS_TOKEN -``` - -When using the Azure Blob Storage, the `destinationPath` fulfills the following -structure: - -``` -://..core.windows.net/ -``` - -where `` is `/`. The **account name**, -which is also called **storage account name**, is included in the used host name. - -### Other Azure Blob Storage compatible providers - -If you are using a different implementation of the Azure Blob Storage APIs, -the `destinationPath` will have the following structure: - -``` -://:// -``` - -In that case, `` is the first component of the path. - -This is required if you are testing the Azure support via the Azure Storage -Emulator or [Azurite](https://github.com/Azure/Azurite). - -### Google Cloud Storage - -Currently, the operator supports two authentication methods for Google Cloud Storage: - -- the first one assumes that the pod is running inside a Google Kubernetes Engine cluster -- the second one leverages the environment variable `GOOGLE_APPLICATION_CREDENTIALS` - -#### Running inside Google Kubernetes Engine - -When running inside Google Kubernetes Engine you can configure your backups to -simply rely on [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity), -without having to set any credentials. In particular, you need to: - -- set `.spec.backup.barmanObjectStore.googleCredentials.gkeEnvironment` to `true` -- set the `iam.gke.io/gcp-service-account` annotation in the `serviceAccountTemplate` stanza - -Please use the following example as a reference: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - [...] - backup: - barmanObjectStore: - destinationPath: "gs://" - googleCredentials: - gkeEnvironment: true - - serviceAccountTemplate: - metadata: - annotations: - iam.gke.io/gcp-service-account: [...].iam.gserviceaccount.com - [...] -``` - -#### Using authentication - -Following the [instruction from Google](https://cloud.google.com/docs/authentication/getting-started) -you will get a JSON file that contains all the required information to authenticate. - -The content of the JSON file must be provided using a `Secret` that can be created -with the following command: - -```shell -kubectl create secret generic backup-creds --from-file=gcsCredentials=gcs_credentials_file.json -``` - -This will create the `Secret` with the name `backup-creds` to be used in the yaml file like this: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - destinationPath: "gs://" - googleCredentials: - applicationCredentials: - name: backup-creds - key: gcsCredentials -``` - -Now the operator will use the credentials to authenticate against Google Cloud Storage. - -!!! Important - This way of authentication will create a JSON file inside the container with all the needed - information to access your Google Cloud Storage bucket, meaning that if someone gets access to the pod - will also have write permissions to the bucket. - -## On-demand backups - -To request a new backup, you need to create a new Backup resource -like the following one: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Backup -metadata: - name: backup-example -spec: - cluster: - name: pg-backup -``` - -The operator will start to orchestrate the cluster to take the -required backup using `barman-cloud-backup`. You can check -the backup status using the plain `kubectl describe backup ` -command: - -```text -Name: backup-example -Namespace: default -Labels: -Annotations: API Version: postgresql.k8s.enterprisedb.io/v1 -Kind: Backup -Metadata: - Creation Timestamp: 2020-10-26T13:57:40Z - Self Link: /apis/postgresql.k8s.enterprisedb.io/v1/namespaces/default/backups/backup-example - UID: ad5f855c-2ffd-454a-a157-900d5f1f6584 -Spec: - Cluster: - Name: pg-backup -Status: - Phase: running - Started At: 2020-10-26T13:57:40Z -Events: -``` - -When the backup has been completed, the phase will be `completed` -like in the following example: - -```text -Name: backup-example -Namespace: default -Labels: -Annotations: API Version: postgresql.k8s.enterprisedb.io/v1 -Kind: Backup -Metadata: - Creation Timestamp: 2020-10-26T13:57:40Z - Self Link: /apis/postgresql.k8s.enterprisedb.io/v1/namespaces/default/backups/backup-example - UID: ad5f855c-2ffd-454a-a157-900d5f1f6584 -Spec: - Cluster: - Name: pg-backup -Status: - Backup Id: 20201026T135740 - Destination Path: s3://backups/ - Endpoint URL: http://minio:9000 - Phase: completed - s3Credentials: - Access Key Id: - Key: ACCESS_KEY_ID - Name: minio - Secret Access Key: - Key: ACCESS_SECRET_KEY - Name: minio - Server Name: pg-backup - Started At: 2020-10-26T13:57:40Z - Stopped At: 2020-10-26T13:57:44Z -Events: -``` - -!!!Important - This feature will not backup the secrets for the superuser and the - application user. The secrets are supposed to be backed up as part of - the standard backup procedures for the Kubernetes cluster. - -## Scheduled backups - -You can also schedule your backups periodically by creating a -resource named `ScheduledBackup`. The latter is similar to a -`Backup` but with an added field, called `schedule`. - -This field is a *cron schedule* specification, which follows the same -[format used in Kubernetes CronJobs](https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format). - -This is an example of a scheduled backup: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: ScheduledBackup -metadata: - name: backup-example -spec: - schedule: "0 0 0 * * *" - backupOwnerReference: self - cluster: - name: pg-backup -``` - -The above example will schedule a backup every day at midnight. - -!!! Hint - Backup frequency might impact your recovery time object (RTO) after a - disaster which requires a full or Point-In-Time recovery operation. Our - advice is that you regularly test your backups by recovering them, and then - measuring the time it takes to recover from scratch so that you can refine - your RTO predictability. Recovery time is influenced by the size of the - base backup and the amount of WAL files that need to be fetched from the archive - and replayed during recovery (remember that WAL archiving is what enables - continuous backup in PostgreSQL!). - Based on our experience, a weekly base backup is more than enough for most - cases - while it is extremely rare to schedule backups more frequently than once - a day. - -ScheduledBackups can be suspended if needed by setting `.spec.suspend: true`, -this will stop any new backup to be scheduled as long as the option is set to false. - -In case you want to issue a backup as soon as the ScheduledBackup resource is created -you can set `.spec.immediate: true`. - -!!! Note - `.spec.backupOwnerReference` indicates which ownerReference should be put inside - the created backup resources. - - - *none:* no owner reference for created backup objects (same behavior as before the field was introduced) - - *self:* sets the Scheduled backup object as owner of the backup - - *cluster:* set the cluster as owner of the backup - -## WAL archiving - -WAL archiving is enabled as soon as you choose a destination path -and you configure your cloud credentials. - -If required, you can choose to compress WAL files as soon as they -are uploaded and/or encrypt them: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - [...] - wal: - compression: gzip - encryption: AES256 -``` - -You can configure the encryption directly in your bucket, and the operator -will use it unless you override it in the cluster configuration. - -PostgreSQL implements a sequential archiving scheme, where the -`archive_command` will be executed sequentially for every WAL -segment to be archived. - -!!! Important - By default, EDB Postgres for Kubernetes sets `archive_timeout` to `5min`, ensuring - that WAL files, even in case of low workloads, are closed and archived - at least every 5 minutes, providing a deterministic time-based value for - your Recovery Point Objective (RPO). Even though you change the value - of the [`archive_timeout` setting in the PostgreSQL configuration](https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-ARCHIVE-TIMEOUT), - our experience suggests that the default value set by the operator is - suitable for most use cases. - -When the bandwidth between the PostgreSQL instance and the object -store allows archiving more than one WAL file in parallel, you -can use the parallel WAL archiving feature of the instance manager -like in the following example: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - [...] - wal: - compression: gzip - maxParallel: 8 - encryption: AES256 -``` - -In the previous example, the instance manager optimizes the WAL -archiving process by archiving in parallel at most eight ready -WALs, including the one requested by PostgreSQL. - -When PostgreSQL will request the archiving of a WAL that has -already been archived by the instance manager as an optimization, -that archival request will be just dismissed with a positive status. - -## Backup from a standby - -Taking a base backup requires to scrape the whole data content of the -PostgreSQL instance on disk, possibly resulting in I/O contention with the -actual workload of the database. - -For this reason, EDB Postgres for Kubernetes allows you to take advantage of a -feature which is directly available in PostgreSQL: **backup from a standby**. - -By default, backups will run on the most aligned replica of a `Cluster`. If -no replicas are available, backups will run on the primary instance. - -!!! Info - Although the standby might not always be up to date with the primary, - in the time continuum from the first available backup to the last - archived WAL this is normally irrelevant. The base backup indeed - represents the starting point from which to begin a recovery operation, - including PITR. Similarly to what happens with - [`pg_basebackup`](https://www.postgresql.org/docs/current/app-pgbasebackup.html), - when backing up from a standby we do not force a switch of the WAL on the - primary. This might produce unexpected results in the short term (before - `archive_timeout` kicks in) in deployments with low write activity. - -If you prefer to always run backups on the primary, you can set the backup -target to `primary` as outlined in the example below: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -metadata: - [...] -spec: - backup: - target: "primary" -``` - -When the backup target is set to `prefer-standby`, such policy will ensure -backups are run on the most up-to-date available secondary instance, or if no -other instance is available, on the primary instance. - -By default, when not otherwise specified, target is automatically set to take -backups from a standby. - -The backup target specified in the `Cluster` can be overridden in the `Backup` -and `ScheduledBackup` types, like in the following example: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Backup -metadata: - [...] -spec: - cluster: - name: [...] - target: "primary" -``` - -In the previous example, EDB Postgres for Kubernetes will invariably choose the primary -instance even if the `Cluster` is set to prefer replicas. - -## Recovery - -Cluster restores are not performed "in-place" on an existing cluster. -You can use the data uploaded to the object storage to *bootstrap* a -new cluster from a previously taken backup. -The operator will orchestrate the recovery process using the -`barman-cloud-restore` tool (for the base backup) and the -`barman-cloud-wal-restore` tool (for WAL files, including parallel support, if -requested). - -For details and instructions on the `recovery` bootstrap method, please refer -to the ["Bootstrap from a backup" section](bootstrap.md#bootstrap-from-a-backup-recovery). - -!!! Important - If you are not familiar with how [PostgreSQL PITR](https://www.postgresql.org/docs/current/continuous-archiving.html#BACKUP-PITR-RECOVERY) - works, we suggest that you configure the recovery cluster as the original - one when it comes to `.spec.postgresql.parameters`. Once the new cluster is - restored, you can then change the settings as desired. - -Under the hood, the operator will inject an init container in the first -instance of the new cluster, and the init container will start recovering the -backup from the object storage. - -!!! Important - The duration of the base backup copy in the new PVC depends on - the size of the backup, as well as the speed of both the network and the - storage. - -When the base backup recovery process is completed, the operator starts the -Postgres instance in recovery mode: in this phase, PostgreSQL is up, albeit not -able to accept connections, and the pod is healthy according to the -liveness probe. Through the `restore_command`, PostgreSQL starts fetching WAL -files from the archive (you can speed up this phase by setting the -`maxParallel` option and enable the parallel WAL restore capability). - -This phase terminates when PostgreSQL reaches the target (either the end of the -WAL or the required target in case of Point-In-Time-Recovery). Indeed, you can -optionally specify a `recoveryTarget` to perform a point in time recovery. If -left unspecified, the recovery will continue up to the latest available WAL on -the default target timeline (`current` for PostgreSQL up to 11, `latest` for -version 12 and above). - -Once the recovery is complete, the operator will set the required -superuser password into the instance. The new primary instance will start -as usual, and the remaining instances will join the cluster as replicas. - -The process is transparent for the user and it is managed by the instance -manager running in the Pods. - -### Restoring into a cluster with a backup section - -A manifest for a cluster restore may include a `backup` section. -This means that the new cluster, after recovery, will start archiving WAL's and -taking backups if configured to do so. - -For example, the section below could be part of a manifest for a Cluster -bootstrapping from Cluster `cluster-example-backup`, and would create a -new folder in the storage bucket named `recoveredCluster` where the base backups -and WAL's of the recovered cluster would be stored. - -```yaml - backup: - barmanObjectStore: - destinationPath: s3://backups/ - endpointURL: http://minio:9000 - serverName: "recoveredCluster" - s3Credentials: - accessKeyId: - name: minio - key: ACCESS_KEY_ID - secretAccessKey: - name: minio - key: ACCESS_SECRET_KEY - retentionPolicy: "30d" - - externalClusters: - - name: cluster-example-backup - barmanObjectStore: - destinationPath: s3://backups/ - endpointURL: http://minio:9000 - s3Credentials: -``` - -You should not re-use the exact same `barmanObjectStore` configuration -for different clusters. There could be cases where the existing information -in the storage buckets could be overwritten by the new cluster. - -!!! Warning - The operator includes a safety check to ensure a cluster will not - overwrite a storage bucket that contained information. A cluster that would - overwrite existing storage will remain in state `Setting up primary` with - Pods in an Error state. - The pod logs will show: - `ERROR: WAL archive check failed for server recoveredCluster: Expected empty archive` - -## Retention policies - -EDB Postgres for Kubernetes can manage the automated deletion of backup files from -the backup object store, using **retention policies** based on the recovery -window. - -Internally, the retention policy feature uses `barman-cloud-backup-delete` -with `--retention-policy “RECOVERY WINDOW OF {{ retention policy value }} {{ retention policy unit }}”`. - -For example, you can define your backups with a retention policy of 30 days as -follows: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - destinationPath: "" - s3Credentials: - accessKeyId: - name: aws-creds - key: ACCESS_KEY_ID - secretAccessKey: - name: aws-creds - key: ACCESS_SECRET_KEY - retentionPolicy: "30d" -``` - -!!! Note "There's more ..." - The **recovery window retention policy** is focused on the concept of - *Point of Recoverability* (`PoR`), a moving point in time determined by - `current time - recovery window`. The *first valid backup* is the first - available backup before `PoR` (in reverse chronological order). - EDB Postgres for Kubernetes must ensure that we can recover the cluster at - any point in time between `PoR` and the latest successfully archived WAL - file, starting from the first valid backup. Base backups that are older - than the first valid backup will be marked as *obsolete* and permanently - removed after the next backup is completed. - -## Compression algorithms - -EDB Postgres for Kubernetes by default archives backups and WAL files in an -uncompressed fashion. However, it also supports the following compression -algorithms via `barman-cloud-backup` (for backups) and -`barman-cloud-wal-archive` (for WAL files): - -- bzip2 -- gzip -- snappy - -The compression settings for backups and WALs are independent. See the -[DataBackupConfiguration](api_reference.md#DataBackupConfiguration) and -[WALBackupConfiguration](api_reference.md#WalBackupConfiguration) sections in -the API reference. - -It is important to note that archival time, restore time, and size change -between the algorithms, so the compression algorithm should be chosen according -to your use case. - -The Barman team has performed an evaluation of the performance of the supported -algorithms for Barman Cloud. The following table summarizes a scenario where a -backup is taken on a local MinIO deployment. The Barman GitHub project includes -a [deeper analysis](https://github.com/EnterpriseDB/barman/issues/344#issuecomment-992547396). - -| Compression | Backup Time (ms) | Restore Time (ms) | Uncompressed size (MB) | Compressed size (MB) | Approx ratio | -| ----------- | ---------------- | ----------------- | ---------------------- | -------------------- | ------------ | -| None | 10927 | 7553 | 395 | 395 | 1:1 | -| bzip2 | 25404 | 13886 | 395 | 67 | 5.9:1 | -| gzip | 116281 | 3077 | 395 | 91 | 4.3:1 | -| snappy | 8134 | 8341 | 395 | 166 | 2.4:1 | - -## Tagging of backup objects - -Barman 2.18 introduces support for tagging backup resources when saving them in -object stores via `barman-cloud-backup` and `barman-cloud-wal-archive`. As a -result, if your PostgreSQL container image includes Barman with version 2.18 or -higher, EDB Postgres for Kubernetes enables you to specify tags as key-value pairs -for backup objects, namely base backups, WAL files and history files. - -You can use two properties in the `.spec.backup.barmanObjectStore` definition: - -- `tags`: key-value pair tags to be added to backup objects and archived WAL - file in the backup object store -- `historyTags`: key-value pair tags to be added to archived history files in - the backup object store - -The excerpt of a YAML manifest below provides an example of usage of this -feature: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - backup: - barmanObjectStore: - [...] - tags: - backupRetentionPolicy: "expire" - historyTags: - backupRetentionPolicy: "keep" -``` \ No newline at end of file +As a result, [backup](backup.md) and [recovery](recovery.md) are now in two +separate sections. diff --git a/product_docs/docs/postgres_for_kubernetes/1/backup_volumesnapshot.mdx b/product_docs/docs/postgres_for_kubernetes/1/backup_volumesnapshot.mdx new file mode 100644 index 00000000000..2ed2c61cb58 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/backup_volumesnapshot.mdx @@ -0,0 +1,229 @@ +--- +title: 'Backup on volume snapshots' +originalFilePath: 'src/backup_volumesnapshot.md' +--- + +!!! Important + The current implementation of volume snapshots in EDB Postgres for Kubernetes + supports [cold backup](backup.md#cold-and-hot-backups) only. + Hot backup with direct support of + [PostgreSQL's low level API for base backups](https://www.postgresql.org/docs/current/continuous-archiving.html#BACKUP-LOWLEVEL-BASE-BACKUP) + will be added in version 1.22. Having said this, the current implementation + is suitable for production HA environments, as it will by default work on + the most aligned standby without impacting the primary. + +!!! Warning + As noted in the [backup document](backup.md), a cold snapshot explicitly + set to target the primary will result in the primary being fenced for + the duration of the backup, rendering the cluster read-only during that + time. + +!!! Warning + A volume snapshot backup requires fencing the target instance. For safety, + in a cluster already containing fenced instances, a cold snapshot would be + rejected. + +EDB Postgres for Kubernetes is one of the first known cases of database operators that +directly leverages the Kubernetes native Volume Snapshot API for both +backup and recovery operations, in an entirely declarative way. + +## About standard Volume Snapshots + +Volume snapshotting was first introduced in +[Kubernetes 1.12 (2018) as alpha](https://kubernetes.io/blog/2018/10/09/introducing-volume-snapshot-alpha-for-kubernetes/), +promoted to [beta in 1.17 (2019)](https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-cis-volume-snapshot-beta/), +and [moved to GA in 1.20 (2020)](https://kubernetes.io/blog/2020/12/10/kubernetes-1.20-volume-snapshot-moves-to-ga/). +It’s now stable, widely available, and standard, providing 3 custom resource +definitions: `VolumeSnapshot`, `VolumeSnapshotContent` and +`VolumeSnapshotClass`. + +This Kubernetes feature defines a generic interface for: + +- the creation of a new volume snapshot, starting from a PVC +- the deletion of an existing snapshot +- the creation of a new volume from a snapshot + +Kubernetes delegates the actual implementation to the underlying CSI drivers +(not all of them support volume snapshots). Normally, storage classes that +provide volume snapshotting support **incremental and differential block level +backup in a transparent way for the application**, which can delegate the +complexity and the independent management down the stack, including +cross-cluster availability of the snapshots. + +## Requirements + +For Volume Snapshots to work with a EDB Postgres for Kubernetes cluster, you need to ensure +that each storage class used to dynamically provision the PostgreSQL volumes +(namely, `storage` and `walStorage` sections) support volume snapshots. + +Given that instructions vary from storage class to storage class, please +refer to the documentation of the specific storage class and related CSI +drivers you have deployed in your Kubernetes system. + +Normally, it is the [`VolumeSnapshotClass`](https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes/) +that is responsible to ensure that snapshots can be taken from persistent +volumes of a given storage class, and managed as `VolumeSnapshot` and +`VolumeSnapshotContent` resources. + +!!! Important + It is your responsibility to verify with the third party vendor + that volume snapshots are supported. EDB Postgres for Kubernetes only interacts + with the Kubernetes API on this matter and we cannot support issues + at the storage level for each specific CSI driver. + +## How to configure Volume Snapshot backups + +EDB Postgres for Kubernetes allows you to configure a given Postgres cluster for Volume +Snapshot backups through the `backup.volumeSnapshot` stanza. + +!!! Info + Please refer to [`VolumeSnapshotConfiguration`](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-VolumeSnapshotConfiguration) + in the API reference for a full list of options. + +A generic example with volume snapshots (assuming that PGDATA and WALs share +the same storage class) is the following: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: snapshot-cluster +spec: + instances: 3 + + storage: + storageClass: @STORAGE_CLASS@ + size: 10Gi + walStorage: + storageClass: @STORAGE_CLASS@ + size: 10Gi + + backup: + # Volume snapshot backups + volumeSnapshot: + className: @VOLUME_SNAPSHOT_CLASS_NAME@ + # WAL archive + barmanObjectStore: + # ... +``` + +As you can see, the `backup` section contains both the `volumeSnapshot` stanza +(controlling physical base backups on volume snapshots) and the +`barmanObjectStore` one (controlling the [WAL archive](wal_archiving.md)). + +!!! Info + Once you have defined the `barmanObjectStore`, you can decide to use + both volume snapshot and object store backup strategies simultaneously + to take physical backups. + +The `volumeSnapshot.className` option allows you to reference the default +`VolumeSnapshotClass` object used for all the storage volumes you have +defined in your PostgreSQL cluster. + +!!! Info + In case you are using a different storage class for `PGDATA` and + WAL files, you can specify a separate `VolumeSnapshotClass` for + that volume through the `walClassName` option (which defaults to + the same value as `className`). + +Once a cluster is defined for volume snapshot backups, you need to define +a `ScheduledBackup` resource that requests such backups on a periodic basis. + +## Persistence of volume snapshot objects + +By default, `VolumeSnapshot` objects created by EDB Postgres for Kubernetes are retained after +deleting the `Backup` object that originated them, or the `Cluster` they refer to. +Such behavior is controlled by the `.spec.backup.volumeSnapshot.snapshotOwnerReference` +option which accepts the following values: + +- `none`: no ownership is set, meaning that `VolumeSnapshot` objects persist + after the `Backup` and/or the `Cluster` resources are removed +- `backup`: the `VolumeSnapshot` object is owned by the `Backup` resource that + originated it, and when the backup object is removed, the volume snapshot is + also removed +- `cluster`: the `VolumeSnapshot` object is owned by the `Cluster` resource that + is backed up, and when the Postgres cluster is removed, the volume snapshot is + also removed + +In case a `VolumeSnapshot` is deleted, the `deletionPolicy` specified in the +`VolumeSnapshotContent` is evaluated: + +- if set to `Retain`, the `VolumeSnapshotContent` object is kept +- if set to `Delete`, the `VolumeSnapshotContent` object is removed as well + +!!! Warning + `VolumeSnapshotContent` objects do not keep all the information regarding the + backup and the cluster they refer to (like the annotations and labels that + are contained in the `VolumeSnapshot` object). Although possible, restoring + from just this kind of object might not be straightforward. For this reason, + our recommendation is to always backup the `VolumeSnapshot` definitions, + even using a Kubernetes level data protection solution. + +The value in `VolumeSnapshotContent` is determined by the `deletionPolicy` set +in the corresponding `VolumeSnapshotClass` definition, which is +referenced in the `.spec.backup.volumeSnapshot.className` option. + +Please refer to the [Kubernetes documentation on Volume Snapshot Classes](https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes/) +for details on this standard behavior. + +## Example + +The following example shows how to configure volume snapshot base backups on an +EKS cluster on AWS using the `ebs-sc` storage class and the `csi-aws-vsc` +volume snapshot class. + +!!! Important + If you are interested in testing the example, please read + ["Volume Snapshots" for the Amazon Elastic Block Store (EBS) CSI driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/tree/master/examples/kubernetes/snapshot) + for detailed instructions on the installation process for the storage class and the snapshot class. + +The following manifest creates a `Cluster` that is ready to be used for volume +snapshots and that stores the WAL archive in a S3 bucket via IAM role for the +Service Account (IRSA, see [AWS S3](object_stores.md#aws-s3)): + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: hendrix +spec: + instances: 3 + + storage: + storageClass: ebs-sc + size: 10Gi + walStorage: + storageClass: ebs-sc + size: 10Gi + + backup: + volumeSnapshot: + className: csi-aws-vsc + barmanObjectStore: + destinationPath: s3://@BUCKET_NAME@/ + s3Credentials: + inheritFromIAMRole: true + wal: + compression: gzip + maxParallel: 2 + + serviceAccountTemplate: + metadata: + annotations: + eks.amazonaws.com/role-arn: "@ARN@" +--- +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: ScheduledBackup +metadata: + name: hendrix-vs-backup +spec: + cluster: + name: hendrix + method: volumeSnapshot + schedule: '0 0 0 * * *' + backupOwnerReference: cluster + immediate: true +``` + +The last resource defines daily volume snapshot backups at midnight, requesting +one immediately after the cluster is created. diff --git a/product_docs/docs/postgres_for_kubernetes/1/before_you_start.mdx b/product_docs/docs/postgres_for_kubernetes/1/before_you_start.mdx index d67cd01cddd..4f70234c7d5 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/before_you_start.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/before_you_start.mdx @@ -75,8 +75,8 @@ specific to Kubernetes and PostgreSQL. [`kubectl`](https://kubernetes.io/docs/reference/kubectl/overview/) : `kubectl` is the command-line tool used to manage a Kubernetes cluster. -EDB Postgres for Kubernetes requires a Kubernetes version supported by the community. Please refer to the -["Supported releases"](supported_releases.md) page for details. +EDB Postgres for Kubernetes requires a Kubernetes version supported by EDB. Please refer to the +["Platform Compatibility"](https://www.enterprisedb.com/resources/platform-compatibility#pgk8s) page for details. ## PostgreSQL terminology @@ -144,4 +144,4 @@ Zone Now that you have familiarized with the terminology, you can decide to [test EDB Postgres for Kubernetes on your laptop using a local cluster](quickstart.md) before -deploying the operator in your selected cloud environment. \ No newline at end of file +deploying the operator in your selected cloud environment. diff --git a/product_docs/docs/postgres_for_kubernetes/1/benchmarking.mdx b/product_docs/docs/postgres_for_kubernetes/1/benchmarking.mdx index 0884e13a29e..27d5daa558c 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/benchmarking.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/benchmarking.mdx @@ -193,4 +193,4 @@ After all testing is done, fio deployment and resources can be deleted by: kubectl cnp fio --dry-run | kubectl delete -f - ``` -make sure use the same name which was used to create the fio deployment and add namespace if applicable. \ No newline at end of file +make sure use the same name which was used to create the fio deployment and add namespace if applicable. diff --git a/product_docs/docs/postgres_for_kubernetes/1/bootstrap.mdx b/product_docs/docs/postgres_for_kubernetes/1/bootstrap.mdx index 62e64f500ae..67864d50050 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/bootstrap.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/bootstrap.mdx @@ -14,7 +14,7 @@ There are primarily two ways to bootstrap a new cluster: - from scratch (`initdb`) - from an existing PostgreSQL cluster, either directly (`pg_basebackup`) - or indirectly (`recovery`) + or indirectly through a physical base backup (`recovery`) The `initdb` bootstrap also offers the possibility to import one or more databases from an existing Postgres cluster, even outside Kubernetes, and @@ -40,7 +40,7 @@ For more detailed information about this feature, please refer to the [Kubernetes' native `VolumeSnapshot` API](https://github.com/cloudnative-pg/cloudnative-pg/issues/2081) for both incremental and differential copy in backup and recovery operations - if supported by the underlying storage classes. - Please see ["Recovery from Volume Snapshot objects"](#recovery-from-volumesnapshot-objects) + Please see ["Recovery from Volume Snapshot objects"](recovery.md#recovery-from-volumesnapshot-objects) for details. ## The `bootstrap` section @@ -50,7 +50,7 @@ specification. EDB Postgres for Kubernetes currently supports the following boot - `initdb`: initialize a new PostgreSQL cluster (default) - `recovery`: create a PostgreSQL cluster by restoring from a base backup of an - existing cluster, and replaying all the available WAL files or up to + existing cluster and, if needed, replaying all the available WAL files or up to a given *point in time* - `pg_basebackup`: create a PostgreSQL cluster by cloning an existing one of the same major version using `pg_basebackup` via streaming replication protocol - @@ -62,8 +62,12 @@ create a new cluster based on another one (either offline or online) and can be used to spin up replica clusters. They both rely on the definition of external clusters. +Given that there are several possible backup methods and combinations of backup +storage that the EDB Postgres for Kubernetes operator provides, please refer to the +["Recovery" section](recovery.md) for guidance on each method. + !!! Seealso "API reference" - Please refer to the ["API reference for the `bootstrap` section](api_reference.md#BootstrapConfiguration) + Please refer to the ["API reference for the `bootstrap` section](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-BootstrapConfiguration) for more information. ## The `externalClusters` section @@ -85,8 +89,9 @@ method or the `recovery` one. An external cluster needs to have: - information about streaming connection - information about the **recovery object store**, which is a Barman Cloud - compatible object store that contains the backup files of the source - cluster - that is, WAL archive and base backups. + compatible object store that contains: + - the WAL archive (required for Point In Time Recovery) + - the catalog of physical base backups for the Postgres cluster !!! Note A recovery object store is normally an AWS S3, or an Azure Blob Storage, @@ -103,7 +108,7 @@ continuously fed from the source, either via streaming, via WAL shipping through the PostgreSQL's `restore_command`, or any of the two. !!! Seealso "API reference" - Please refer to the ["API reference for the `externalClusters` section](api_reference.md#ExternalCluster) + Please refer to the ["API reference for the `externalClusters` section](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-ExternalCluster) for more information. ## Bootstrap an empty cluster (`initdb`) @@ -377,411 +382,9 @@ by `name` (our recommendation is to use the same `name` of the origin cluster). ### Bootstrap from a backup (`recovery`) -The `recovery` bootstrap mode lets you create a new cluster from an existing -physical base backup, and then reapply the WAL files containing the REDO log -from the archive. Both base backups and WAL files are pulled from the -*recovery object store*. - -Recovery from a *recovery object store* can be achieved in two ways: - -- using a recovery object store, that is a backup of another cluster - created by Barman Cloud and defined via the `barmanObjectStore` option - in the `externalClusters` section (*recommended*) -- using an existing `Backup` object in the same namespace (this was the - only option available before version 1.8.0). - -Both recovery methods enable either full recovery (up to the last -available WAL) or up to a [point in time](#point-in-time-recovery-pitr). -When performing a full recovery, the cluster can also be started -in replica mode. Also, make sure that the PostgreSQL configuration -(`.spec.postgresql.parameters`) of the recovered cluster is -compatible, from a physical replication standpoint, with the original one. - -!!! Note - You can find more information about backup and recovery of a running cluster - in the ["Backup and recovery" page](backup_recovery.md). - -EDB Postgres for Kubernetes is also introducing support for Kubernetes' volume snapshots. -With the current version of EDB Postgres for Kubernetes, you can: - -- take a consistent cold backup of the Postgres cluster from a standby through - the `kubectl cnp snapshot` command - which creates the necessary - `VolumeSnapshot` objects (currently one or two, if you have WALs in a separate - volume) -- recover from the above *VolumeSnapshot* objects through the `volumeSnapshots` - option in the `.spec.bootstrap.recovery` stanza, as described in - ["Recovery from `VolumeSnapshot` objects"](#recovery-from-volumesnapshot-objects) - below - -#### Recovery from an object store - -You can recover from a backup created by Barman Cloud and stored on a supported -object storage. Once you have defined the external cluster, including all the -required configuration in the `barmanObjectStore` section, you need to -reference it in the `.spec.recovery.source` option. The following example -defines a recovery object store in a blob container in Azure: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -metadata: - name: cluster-restore -spec: - [...] - - superuserSecret: - name: superuser-secret - - bootstrap: - recovery: - source: clusterBackup - - externalClusters: - - name: clusterBackup - barmanObjectStore: - destinationPath: https://STORAGEACCOUNTNAME.blob.core.windows.net/CONTAINERNAME/ - azureCredentials: - storageAccount: - name: recovery-object-store-secret - key: storage_account_name - storageKey: - name: recovery-object-store-secret - key: storage_account_key - wal: - maxParallel: 8 -``` - -!!! Important - By default the `recovery` method strictly uses the `name` of the - cluster in the `externalClusters` section to locate the main folder - of the backup data within the object store, which is normally reserved - for the name of the server. You can specify a different one with the - `barmanObjectStore.serverName` property (by default assigned to the - value of `name` in the external clusters definition). - -!!! Note - In the above example we are taking advantage of the parallel WAL restore - feature, dedicating up to 8 jobs to concurrently fetch the required WAL - files from the archive. This feature can appreciably reduce the recovery time. - Make sure that you plan ahead for this scenario and correctly tune the - value of this parameter for your environment. It will certainly make a - difference **when** (not if) you'll need it. - -#### Recovery from a `Backup` object - -In case a Backup resource is already available in the namespace in which the -cluster should be created, you can specify its name through -`.spec.bootstrap.recovery.backup.name`, as in the following example: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -metadata: - name: cluster-example-initdb -spec: - instances: 3 - - superuserSecret: - name: superuser-secret - - bootstrap: - recovery: - backup: - name: backup-example - - storage: - size: 1Gi -``` - -This bootstrap method allows you to specify just a reference to the -backup that needs to be restored. - -#### Recovery from `VolumeSnapshot` objects - -EDB Postgres for Kubernetes can create a new cluster from a `VolumeSnapshot` of a PVC of an -existing `Cluster` that's been taken with `kubectl cnp snapshot`. -You need to specify the name of the snapshot as in the following example: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -metadata: - name: cluster-restore -spec: - [...] - -bootstrap: - recovery: - volumeSnapshots: - storage: - name: - kind: VolumeSnapshot - apiGroup: snapshot.storage.k8s.io -``` - -!!! Warning - As the development of declarative support for Kubernetes' `VolumeSnapshot` API - progresses, you'll be able to use this technique in conjunction with a WAL - archive for Point In Time Recovery operations or replica clusters. - -In case the backed-up cluster was using a separate PVC to store the WAL files, -the recovery must include that too: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -metadata: - name: cluster-restore -spec: - [...] - -bootstrap: - recovery: - volumeSnapshots: - storage: - name: - kind: VolumeSnapshot - apiGroup: snapshot.storage.k8s.io - - walStorage: - name: - kind: VolumeSnapshot - apiGroup: snapshot.storage.k8s.io -``` - -The `kubectl cnp snapshot` command is able to take consistent snapshots of a -replica through a technique known as *cold backup*, by fencing the standby -before taking a physical copy of the volumes. For details, please refer to -["Snapshotting a Postgres cluster"](kubectl-plugin/#snapshotting-a-postgres-cluster). - -#### Additional considerations - -Whether you recover from a recovery object store or an existing `Backup` -resource, the following considerations apply: - -- The application database name and the application database user are preserved - from the backup that is being restored. The operator does not currently attempt - to back up the underlying secrets, as this is part of the usual maintenance - activity of the Kubernetes cluster itself. -- In case you don't supply any `superuserSecret`, a new one is automatically - generated with a secure and random password. The secret is then used to - reset the password for the `postgres` user of the cluster. -- By default, the recovery will continue up to the latest - available WAL on the default target timeline (`current` for PostgreSQL up to - 11, `latest` for version 12 and above). - You can optionally specify a `recoveryTarget` to perform a point in time - recovery (see the ["Point in time recovery" section](#point-in-time-recovery-pitr)). - -!!! Important - Consider using the `barmanObjectStore.wal.maxParallel` option to speed - up WAL fetching from the archive by concurrently downloading the transaction - logs from the recovery object store. - -#### Point in time recovery (PITR) - -Instead of replaying all the WALs up to the latest one, we can ask PostgreSQL -to stop replaying WALs at any given point in time, after having extracted a -base backup. PostgreSQL uses this technique to achieve *point-in-time* recovery -(PITR). - -!!! Note - PITR is available from recovery object stores as well as `Backup` objects. - -The operator will generate the configuration parameters required for this -feature to work in case a recovery target is specified, like in the following -example that uses a recovery object stored in Azure and a timestamp based -goal: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -metadata: - name: cluster-restore-pitr -spec: - instances: 3 - - storage: - size: 5Gi - - bootstrap: - recovery: - source: clusterBackup - recoveryTarget: - targetTime: "2020-11-26 15:22:00.00000+00" - - externalClusters: - - name: clusterBackup - barmanObjectStore: - destinationPath: https://STORAGEACCOUNTNAME.blob.core.windows.net/CONTAINERNAME/ - azureCredentials: - storageAccount: - name: recovery-object-store-secret - key: storage_account_name - storageKey: - name: recovery-object-store-secret - key: storage_account_key - wal: - maxParallel: 8 -``` - -You might have noticed that in the above example you only had to specify -the `targetTime` in the form of a timestamp, without having to worry about -specifying the base backup from which to start the recovery. - -The `backupID` option is the one that allows you to specify the base backup -from which to initiate the recovery process. By default, this value is -empty. - -If you assign a value to it (in the form of a Barman backup ID), the operator -will use that backup as base for the recovery. - -!!! Important - You need to make sure that such a backup exists and is accessible. - -If the backup ID is not specified, the operator will automatically detect the -base backup for the recovery as follows: - -- when you use `targetTime` or `targetLSN`, the operator selects the closest - backup that was completed before that target -- otherwise the operator selects the last available backup in chronological - order. - -Here are the recovery target criteria you can use: - -targetTime -: time stamp up to which recovery will proceed, expressed in - [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) format - (the precise stopping point is also influenced by the `exclusive` option) - -targetXID -: transaction ID up to which recovery will proceed - (the precise stopping point is also influenced by the `exclusive` option); - keep in mind that while transaction IDs are assigned sequentially at - transaction start, transactions can complete in a different numeric order. - The transactions that will be recovered are those that committed before - (and optionally including) the specified one - -targetName -: named restore point (created with `pg_create_restore_point()`) to which - recovery will proceed - -targetLSN -: LSN of the write-ahead log location up to which recovery will proceed - (the precise stopping point is also influenced by the `exclusive` option) - -targetImmediate -: recovery should end as soon as a consistent state is reached - i.e. as early - as possible. When restoring from an online backup, this means the point where - taking the backup ended - -!!! Important - While the operator is able to automatically retrieve the closest backup - when either `targetTime` or `targetLSN` is specified, this is not possible - for the remaining targets: `targetName`, `targetXID`, and `targetImmediate`. - In such cases, it is important to specify `backupID`, unless you are OK with - the last available backup in the catalog. - -The example below uses a `targetName` based recovery target: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] - bootstrap: - recovery: - source: clusterBackup - recoveryTarget: - backupID: 20220616T142236 - targetName: 'restore_point_1' -[...] -``` - -You can choose only a single one among the targets above in each -`recoveryTarget` configuration. - -Additionally, you can specify `targetTLI` force recovery to a specific -timeline. - -By default, the previous parameters are considered to be inclusive, stopping -just after the recovery target, matching [the behavior in PostgreSQL](https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-RECOVERY-TARGET-INCLUSIVE) -You can request exclusive behavior, -stopping right before the recovery target, by setting the `exclusive` parameter to -`true` like in the following example relying on a blob container in Azure: - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -metadata: - name: cluster-restore-pitr -spec: - instances: 3 - - storage: - size: 5Gi - - bootstrap: - recovery: - source: clusterBackup - recoveryTarget: - backupID: 20220616T142236 - targetName: "maintenance-activity" - exclusive: true - - externalClusters: - - name: clusterBackup - barmanObjectStore: - destinationPath: https://STORAGEACCOUNTNAME.blob.core.windows.net/CONTAINERNAME/ - azureCredentials: - storageAccount: - name: recovery-object-store-secret - key: storage_account_name - storageKey: - name: recovery-object-store-secret - key: storage_account_key - wal: - maxParallel: 8 -``` - -#### Configure the application database - -For the recovered cluster, we can configure the application database name and -credentials with additional configuration. To update application database -credentials, we can generate our own passwords, store them as secrets, and -update the database use the secrets. Or we can also let the operator generate a -secret with randomly secure password for use. Please reference the -["Bootstrap an empty cluster"](#bootstrap-an-empty-cluster-initdb) -section for more information about secrets. - -The following example configure the application database `app` with owner -`app`, and supplied secret `app-secret`. - -```yaml -apiVersion: postgresql.k8s.enterprisedb.io/v1 -kind: Cluster -[...] -spec: - bootstrap: - recovery: - database: app - owner: app - secret: - name: app-secret - [...] -``` - -With the above configuration, the following will happen after recovery is completed: - -1. if database `app` does not exist, a new database `app` will be created. -2. if user `app` does not exist, a new user `app` will be created. -3. if user `app` is not the owner of database, user `app` will be granted - as owner of database `app`. -4. If value of `username` match value of `owner` in secret, the password of - application database will be changed to the value of `password` in secret. - -!!! Important - For a replica cluster with replica mode enabled, the operator will not - create any database or user in the PostgreSQL instance, as these will be - recovered from the original cluster. +Given the several possibilities, methods, and combinations that the +EDB Postgres for Kubernetes operator provides in terms of backup and recovery, please refer +to the ["Recovery" section](recovery.md). ### Bootstrap from a live cluster (`pg_basebackup`) @@ -900,7 +503,7 @@ file on the source PostgreSQL instance: host replication streaming_replica all md5 ``` -The following manifest creates a new PostgreSQL 15.3 cluster, +The following manifest creates a new PostgreSQL 16.0 cluster, called `target-db`, using the `pg_basebackup` bootstrap method to clone an external PostgreSQL cluster defined as `source-db` (in the `externalClusters` array). As you can see, the `source-db` @@ -915,7 +518,7 @@ metadata: name: target-db spec: instances: 3 - imageName: quay.io/enterprisedb/postgresql:15.3 + imageName: quay.io/enterprisedb/postgresql:16.0 bootstrap: pg_basebackup: @@ -935,7 +538,7 @@ spec: ``` All the requirements must be met for the clone operation to work, including -the same PostgreSQL version (in our case 15.3). +the same PostgreSQL version (in our case 16.0). #### TLS certificate authentication @@ -950,7 +553,7 @@ in the same Kubernetes cluster. This example can be easily adapted to cover an instance that resides outside the Kubernetes cluster. -The manifest defines a new PostgreSQL 15.3 cluster called `cluster-clone-tls`, +The manifest defines a new PostgreSQL 16.0 cluster called `cluster-clone-tls`, which is bootstrapped using the `pg_basebackup` method from the `cluster-example` external cluster. The host is identified by the read/write service in the same cluster, while the `streaming_replica` user is authenticated @@ -965,7 +568,7 @@ metadata: name: cluster-clone-tls spec: instances: 3 - imageName: quay.io/enterprisedb/postgresql:15.3 + imageName: quay.io/enterprisedb/postgresql:16.0 bootstrap: pg_basebackup: @@ -1063,4 +666,4 @@ before migrating to the target database in Kubernetes. Before you attempt a migration, you must test both the procedure and the applications. In particular, it is fundamental that you run the migration procedure as many times as needed to systematically measure the downtime of your - applications in production. Feel free to contact EDB for assistance. \ No newline at end of file + applications in production. Feel free to contact EDB for assistance. diff --git a/product_docs/docs/postgres_for_kubernetes/1/certificates.mdx b/product_docs/docs/postgres_for_kubernetes/1/certificates.mdx index c35c528534c..d928ca3112f 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/certificates.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/certificates.mdx @@ -288,4 +288,4 @@ spec: ``` You can find a complete example using cert-manager to manage both server and client CA and certificates in -the [cluster-example-cert-manager.yaml](../samples/cluster-example-cert-manager.yaml) deployment manifest. \ No newline at end of file +the [cluster-example-cert-manager.yaml](../samples/cluster-example-cert-manager.yaml) deployment manifest. diff --git a/product_docs/docs/postgres_for_kubernetes/1/cloudnative-pg.v1.mdx b/product_docs/docs/postgres_for_kubernetes/1/cloudnative-pg.v1.mdx new file mode 100644 index 00000000000..5adfd4f53a5 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/cloudnative-pg.v1.mdx @@ -0,0 +1,4394 @@ +--- +title: 'API Reference' +originalFilePath: 'src/cloudnative-pg.v1.md' +redirects: +- ../api_reference +--- + +

Package v1 contains API Schema definitions for the postgresql v1 API group

+ +## Resource Types + +- [Backup](#postgresql-k8s-enterprisedb-io-v1-Backup) +- [Cluster](#postgresql-k8s-enterprisedb-io-v1-Cluster) +- [Pooler](#postgresql-k8s-enterprisedb-io-v1-Pooler) +- [ScheduledBackup](#postgresql-k8s-enterprisedb-io-v1-ScheduledBackup) + +
+ +## Backup + +

Backup is the Schema for the backups API

+ + + + + + + + + + + + + + + + +
FieldDescription
apiVersion [Required]
string
postgresql.k8s.enterprisedb.io/v1
kind [Required]
string
Backup
metadata [Required]
+meta/v1.ObjectMeta +
+ No description provided.Refer to the Kubernetes API documentation for the fields of the metadata field.
spec [Required]
+BackupSpec +
+

Specification of the desired behavior of the backup. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
status
+BackupStatus +
+

Most recently observed status of the backup. This data may not be up to +date. Populated by the system. Read-only. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
+ +
+ +## Cluster + +

Cluster is the Schema for the PostgreSQL API

+ + + + + + + + + + + + + + + + +
FieldDescription
apiVersion [Required]
string
postgresql.k8s.enterprisedb.io/v1
kind [Required]
string
Cluster
metadata [Required]
+meta/v1.ObjectMeta +
+ No description provided.Refer to the Kubernetes API documentation for the fields of the metadata field.
spec [Required]
+ClusterSpec +
+

Specification of the desired behavior of the cluster. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
status
+ClusterStatus +
+

Most recently observed status of the cluster. This data may not be up +to date. Populated by the system. Read-only. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
+ +
+ +## Pooler + +

Pooler is the Schema for the poolers API

+ + + + + + + + + + + + + + + + +
FieldDescription
apiVersion [Required]
string
postgresql.k8s.enterprisedb.io/v1
kind [Required]
string
Pooler
metadata [Required]
+meta/v1.ObjectMeta +
+ No description provided.Refer to the Kubernetes API documentation for the fields of the metadata field.
spec [Required]
+PoolerSpec +
+

Specification of the desired behavior of the Pooler. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
status
+PoolerStatus +
+

Most recently observed status of the Pooler. This data may not be up to +date. Populated by the system. Read-only. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
+ +
+ +## ScheduledBackup + +

ScheduledBackup is the Schema for the scheduledbackups API

+ + + + + + + + + + + + + + + + +
FieldDescription
apiVersion [Required]
string
postgresql.k8s.enterprisedb.io/v1
kind [Required]
string
ScheduledBackup
metadata [Required]
+meta/v1.ObjectMeta +
+ No description provided.Refer to the Kubernetes API documentation for the fields of the metadata field.
spec [Required]
+ScheduledBackupSpec +
+

Specification of the desired behavior of the ScheduledBackup. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
status
+ScheduledBackupStatus +
+

Most recently observed status of the ScheduledBackup. This data may not be up +to date. Populated by the system. Read-only. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
+ +
+ +## AffinityConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

AffinityConfiguration contains the info we need to create the +affinity rules for Pods

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
enablePodAntiAffinity
+bool +
+

Activates anti-affinity for the pods. The operator will define pods +anti-affinity unless this field is explicitly set to false

+
topologyKey
+string +
+

TopologyKey to use for anti-affinity configuration. See k8s documentation +for more info on that

+
nodeSelector
+map[string]string +
+

NodeSelector is map of key-value pairs used to define the nodes on which +the pods can run. +More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

+
nodeAffinity
+core/v1.NodeAffinity +
+

NodeAffinity describes node affinity scheduling rules for the pod. +More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

+
tolerations
+[]core/v1.Toleration +
+

Tolerations is a list of Tolerations that should be set for all the pods, in order to allow them to run +on tainted nodes. +More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

+
podAntiAffinityType
+string +
+

PodAntiAffinityType allows the user to decide whether pod anti-affinity between cluster instance has to be +considered a strong requirement during scheduling or not. Allowed values are: "preferred" (default if empty) or +"required". Setting it to "required", could lead to instances remaining pending until new kubernetes nodes are +added if all the existing nodes don't match the required pod anti-affinity rule. +More info: +https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

+
additionalPodAntiAffinity
+core/v1.PodAntiAffinity +
+

AdditionalPodAntiAffinity allows to specify pod anti-affinity terms to be added to the ones generated +by the operator if EnablePodAntiAffinity is set to true (default) or to be used exclusively if set to false.

+
additionalPodAffinity
+core/v1.PodAffinity +
+

AdditionalPodAffinity allows to specify pod affinity terms to be passed to all the cluster's pods.

+
+ +
+ +## AzureCredentials + +**Appears in:** + +- [BarmanCredentials](#postgresql-k8s-enterprisedb-io-v1-BarmanCredentials) + +

AzureCredentials is the type for the credentials to be used to upload +files to Azure Blob Storage. The connection string contains every needed +information. If the connection string is not specified, we'll need the +storage account name and also one (and only one) of:

+
    +
  • +

    storageKey

    +
  • +
  • +

    storageSasToken

    +
  • +
  • +

    inheriting the credentials from the pod environment by setting inheritFromAzureAD to true

    +
  • +
+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
connectionString
+SecretKeySelector +
+

The connection string to be used

+
storageAccount
+SecretKeySelector +
+

The storage account where to upload data

+
storageKey
+SecretKeySelector +
+

The storage account key to be used in conjunction +with the storage account name

+
storageSasToken
+SecretKeySelector +
+

A shared-access-signature to be used in conjunction with +the storage account name

+
inheritFromAzureAD
+bool +
+

Use the Azure AD based authentication without providing explicitly the keys.

+
+ +
+ +## BackupConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

BackupConfiguration defines how the backup of the cluster are taken. +The supported backup methods are BarmanObjectStore and VolumeSnapshot. +For details and examples refer to the Backup and Recovery section of the +documentation

+ + + + + + + + + + + + + + + + + +
FieldDescription
volumeSnapshot
+VolumeSnapshotConfiguration +
+

VolumeSnapshot provides the configuration for the execution of volume snapshot backups.

+
barmanObjectStore
+BarmanObjectStoreConfiguration +
+

The configuration for the barman-cloud tool suite

+
retentionPolicy
+string +
+

RetentionPolicy is the retention policy to be used for backups +and WALs (i.e. '60d'). The retention policy is expressed in the form +of XXu where XX is a positive integer and u is in [dwm] - +days, weeks, months. +It's currently only applicable when using the BarmanObjectStore method.

+
target
+BackupTarget +
+

The policy to decide which instance should perform backups. Available +options are empty string, which will default to prefer-standby policy, +primary to have backups run always on primary instances, prefer-standby +to have backups run preferably on the most updated standby, if available.

+
+ +
+ +## BackupMethod + +(Alias of `string`) + +**Appears in:** + +- [BackupSpec](#postgresql-k8s-enterprisedb-io-v1-BackupSpec) + +- [BackupStatus](#postgresql-k8s-enterprisedb-io-v1-BackupStatus) + +- [ScheduledBackupSpec](#postgresql-k8s-enterprisedb-io-v1-ScheduledBackupSpec) + +

BackupMethod defines the way of executing the physical base backups of +the selected PostgreSQL instance

+ +
+ +## BackupPhase + +(Alias of `string`) + +**Appears in:** + +- [BackupStatus](#postgresql-k8s-enterprisedb-io-v1-BackupStatus) + +

BackupPhase is the phase of the backup

+ +
+ +## BackupSnapshotElementStatus + +**Appears in:** + +- [BackupSnapshotStatus](#postgresql-k8s-enterprisedb-io-v1-BackupSnapshotStatus) + +

BackupSnapshotElementStatus is a volume snapshot that is part of a volume snapshot method backup

+ + + + + + + + + + + +
FieldDescription
name [Required]
+string +
+

Name is the snapshot resource name

+
type [Required]
+string +
+

Type is tho role of the snapshot in the cluster, such as PG_DATA and PG_WAL

+
+ +
+ +## BackupSnapshotStatus + +**Appears in:** + +- [BackupStatus](#postgresql-k8s-enterprisedb-io-v1-BackupStatus) + +

BackupSnapshotStatus the fields exclusive to the volumeSnapshot method backup

+ + + + + + + + +
FieldDescription
elements
+[]BackupSnapshotElementStatus +
+

The elements list, populated with the gathered volume snapshots

+
+ +
+ +## BackupSource + +**Appears in:** + +- [BootstrapRecovery](#postgresql-k8s-enterprisedb-io-v1-BootstrapRecovery) + +

BackupSource contains the backup we need to restore from, plus some +information that could be needed to correctly restore it.

+ + + + + + + + + + + +
FieldDescription
LocalObjectReference
+LocalObjectReference +
(Members of LocalObjectReference are embedded into this type.) + No description provided.
endpointCA
+SecretKeySelector +
+

EndpointCA store the CA bundle of the barman endpoint. +Useful when using self-signed certificates to avoid +errors with certificate issuer and barman-cloud-wal-archive.

+
+ +
+ +## BackupSpec + +**Appears in:** + +- [Backup](#postgresql-k8s-enterprisedb-io-v1-Backup) + +

BackupSpec defines the desired state of Backup

+ + + + + + + + + + + + + + +
FieldDescription
cluster [Required]
+LocalObjectReference +
+

The cluster to backup

+
target
+BackupTarget +
+

The policy to decide which instance should perform this backup. If empty, +it defaults to cluster.spec.backup.target. +Available options are empty string, primary and prefer-standby. +primary to have backups run always on primary instances, +prefer-standby to have backups run preferably on the most updated +standby, if available.

+
method
+BackupMethod +
+

The backup method to be used, possible options are barmanObjectStore +and volumeSnapshot. Defaults to: barmanObjectStore.

+
+ +
+ +## BackupStatus + +**Appears in:** + +- [Backup](#postgresql-k8s-enterprisedb-io-v1-Backup) + +

BackupStatus defines the observed state of Backup

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
BarmanCredentials
+BarmanCredentials +
(Members of BarmanCredentials are embedded into this type.) +

The potential credentials for each cloud provider

+
endpointCA
+SecretKeySelector +
+

EndpointCA store the CA bundle of the barman endpoint. +Useful when using self-signed certificates to avoid +errors with certificate issuer and barman-cloud-wal-archive.

+
endpointURL
+string +
+

Endpoint to be used to upload data to the cloud, +overriding the automatic endpoint discovery

+
destinationPath
+string +
+

The path where to store the backup (i.e. s3://bucket/path/to/folder) +this path, with different destination folders, will be used for WALs +and for data. This may not be populated in case of errors.

+
serverName
+string +
+

The server name on S3, the cluster name is used if this +parameter is omitted

+
encryption
+string +
+

Encryption method required to S3 API

+
backupId
+string +
+

The ID of the Barman backup

+
backupName
+string +
+

The Name of the Barman backup

+
phase
+BackupPhase +
+

The last backup status

+
startedAt
+meta/v1.Time +
+

When the backup was started

+
stoppedAt
+meta/v1.Time +
+

When the backup was terminated

+
beginWal
+string +
+

The starting WAL

+
endWal
+string +
+

The ending WAL

+
beginLSN
+string +
+

The starting xlog

+
endLSN
+string +
+

The ending xlog

+
error
+string +
+

The detected error

+
commandOutput
+string +
+

Unused. Retained for compatibility with old versions.

+
commandError
+string +
+

The backup command output in case of error

+
instanceID
+InstanceID +
+

Information to identify the instance where the backup has been taken from

+
snapshotBackupStatus
+BackupSnapshotStatus +
+

Status of the volumeSnapshot backup

+
method
+BackupMethod +
+

The backup method being used

+
+ +
+ +## BackupTarget + +(Alias of `string`) + +**Appears in:** + +- [BackupConfiguration](#postgresql-k8s-enterprisedb-io-v1-BackupConfiguration) + +- [BackupSpec](#postgresql-k8s-enterprisedb-io-v1-BackupSpec) + +- [ScheduledBackupSpec](#postgresql-k8s-enterprisedb-io-v1-ScheduledBackupSpec) + +

BackupTarget describes the preferred targets for a backup

+ +
+ +## BarmanCredentials + +**Appears in:** + +- [BackupStatus](#postgresql-k8s-enterprisedb-io-v1-BackupStatus) + +- [BarmanObjectStoreConfiguration](#postgresql-k8s-enterprisedb-io-v1-BarmanObjectStoreConfiguration) + +

BarmanCredentials an object containing the potential credentials for each cloud provider

+ + + + + + + + + + + + + + +
FieldDescription
googleCredentials
+GoogleCredentials +
+

The credentials to use to upload data to Google Cloud Storage

+
s3Credentials
+S3Credentials +
+

The credentials to use to upload data to S3

+
azureCredentials
+AzureCredentials +
+

The credentials to use to upload data to Azure Blob Storage

+
+ +
+ +## BarmanObjectStoreConfiguration + +**Appears in:** + +- [BackupConfiguration](#postgresql-k8s-enterprisedb-io-v1-BackupConfiguration) + +- [ExternalCluster](#postgresql-k8s-enterprisedb-io-v1-ExternalCluster) + +

BarmanObjectStoreConfiguration contains the backup configuration +using Barman against an S3-compatible object storage

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
BarmanCredentials
+BarmanCredentials +
(Members of BarmanCredentials are embedded into this type.) +

The potential credentials for each cloud provider

+
endpointURL
+string +
+

Endpoint to be used to upload data to the cloud, +overriding the automatic endpoint discovery

+
endpointCA
+SecretKeySelector +
+

EndpointCA store the CA bundle of the barman endpoint. +Useful when using self-signed certificates to avoid +errors with certificate issuer and barman-cloud-wal-archive

+
destinationPath [Required]
+string +
+

The path where to store the backup (i.e. s3://bucket/path/to/folder) +this path, with different destination folders, will be used for WALs +and for data

+
serverName
+string +
+

The server name on S3, the cluster name is used if this +parameter is omitted

+
wal
+WalBackupConfiguration +
+

The configuration for the backup of the WAL stream. +When not defined, WAL files will be stored uncompressed and may be +unencrypted in the object store, according to the bucket default policy.

+
data
+DataBackupConfiguration +
+

The configuration to be used to backup the data files +When not defined, base backups files will be stored uncompressed and may +be unencrypted in the object store, according to the bucket default +policy.

+
tags
+map[string]string +
+

Tags is a list of key value pairs that will be passed to the +Barman --tags option.

+
historyTags
+map[string]string +
+

HistoryTags is a list of key value pairs that will be passed to the +Barman --history-tags option.

+
+ +
+ +## BootstrapConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

BootstrapConfiguration contains information about how to create the PostgreSQL +cluster. Only a single bootstrap method can be defined among the supported +ones. initdb will be used as the bootstrap method if left +unspecified. Refer to the Bootstrap page of the documentation for more +information.

+ + + + + + + + + + + + + + +
FieldDescription
initdb
+BootstrapInitDB +
+

Bootstrap the cluster via initdb

+
recovery
+BootstrapRecovery +
+

Bootstrap the cluster from a backup

+
pg_basebackup
+BootstrapPgBaseBackup +
+

Bootstrap the cluster taking a physical backup of another compatible +PostgreSQL instance

+
+ +
+ +## BootstrapInitDB + +**Appears in:** + +- [BootstrapConfiguration](#postgresql-k8s-enterprisedb-io-v1-BootstrapConfiguration) + +

BootstrapInitDB is the configuration of the bootstrap process when +initdb is used +Refer to the Bootstrap page of the documentation for more information.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
database
+string +
+

Name of the database used by the application. Default: app.

+
owner
+string +
+

Name of the owner of the database in the instance to be used +by applications. Defaults to the value of the database key.

+
secret
+LocalObjectReference +
+

Name of the secret containing the initial credentials for the +owner of the user database. If empty a new secret will be +created from scratch

+
redwood
+bool +
+

If we need to enable/disable Redwood compatibility. Requires +EPAS and for EPAS defaults to true

+
options
+[]string +
+

The list of options that must be passed to initdb when creating the cluster. +Deprecated: This could lead to inconsistent configurations, +please use the explicit provided parameters instead. +If defined, explicit values will be ignored.

+
dataChecksums
+bool +
+

Whether the -k option should be passed to initdb, +enabling checksums on data pages (default: false)

+
encoding
+string +
+

The value to be passed as option --encoding for initdb (default:UTF8)

+
localeCollate
+string +
+

The value to be passed as option --lc-collate for initdb (default:C)

+
localeCType
+string +
+

The value to be passed as option --lc-ctype for initdb (default:C)

+
walSegmentSize
+int +
+

The value in megabytes (1 to 1024) to be passed to the --wal-segsize +option for initdb (default: empty, resulting in PostgreSQL default: 16MB)

+
postInitSQL
+[]string +
+

List of SQL queries to be executed as a superuser immediately +after the cluster has been created - to be used with extreme care +(by default empty)

+
postInitApplicationSQL
+[]string +
+

List of SQL queries to be executed as a superuser in the application +database right after is created - to be used with extreme care +(by default empty)

+
postInitTemplateSQL
+[]string +
+

List of SQL queries to be executed as a superuser in the template1 +after the cluster has been created - to be used with extreme care +(by default empty)

+
import
+Import +
+

Bootstraps the new cluster by importing data from an existing PostgreSQL +instance using logical backup (pg_dump and pg_restore)

+
postInitApplicationSQLRefs
+PostInitApplicationSQLRefs +
+

PostInitApplicationSQLRefs points references to ConfigMaps or Secrets which +contain SQL files, the general implementation order to these references is +from all Secrets to all ConfigMaps, and inside Secrets or ConfigMaps, +the implementation order is same as the order of each array +(by default empty)

+
+ +
+ +## BootstrapPgBaseBackup + +**Appears in:** + +- [BootstrapConfiguration](#postgresql-k8s-enterprisedb-io-v1-BootstrapConfiguration) + +

BootstrapPgBaseBackup contains the configuration required to take +a physical backup of an existing PostgreSQL cluster

+ + + + + + + + + + + + + + + + + +
FieldDescription
source [Required]
+string +
+

The name of the server of which we need to take a physical backup

+
database
+string +
+

Name of the database used by the application. Default: app.

+
owner
+string +
+

Name of the owner of the database in the instance to be used +by applications. Defaults to the value of the database key.

+
secret
+LocalObjectReference +
+

Name of the secret containing the initial credentials for the +owner of the user database. If empty a new secret will be +created from scratch

+
+ +
+ +## BootstrapRecovery + +**Appears in:** + +- [BootstrapConfiguration](#postgresql-k8s-enterprisedb-io-v1-BootstrapConfiguration) + +

BootstrapRecovery contains the configuration required to restore +from an existing cluster using 3 methodologies: external cluster, +volume snapshots or backup objects. Full recovery and Point-In-Time +Recovery are supported. +The method can be also be used to create clusters in continuous recovery +(replica clusters), also supporting cascading replication when instances >

+
    +
  1. Once the cluster exits recovery, the password for the superuser +will be changed through the provided secret. +Refer to the Bootstrap page of the documentation for more information.
  2. +
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
backup
+BackupSource +
+

The backup object containing the physical base backup from which to +initiate the recovery procedure. +Mutually exclusive with source and volumeSnapshots.

+
source
+string +
+

The external cluster whose backup we will restore. This is also +used as the name of the folder under which the backup is stored, +so it must be set to the name of the source cluster +Mutually exclusive with backup.

+
volumeSnapshots
+DataSource +
+

The static PVC data source(s) from which to initiate the +recovery procedure. Currently supporting VolumeSnapshot +and PersistentVolumeClaim resources that map an existing +PVC group, compatible with EDB Postgres for Kubernetes, and taken with +a cold backup copy on a fenced Postgres instance (limitation +which will be removed in the future when online backup +will be implemented). +Mutually exclusive with backup.

+
recoveryTarget
+RecoveryTarget +
+

By default, the recovery process applies all the available +WAL files in the archive (full recovery). However, you can also +end the recovery as soon as a consistent state is reached or +recover to a point-in-time (PITR) by specifying a RecoveryTarget object, +as expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...). +More info: https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET

+
database
+string +
+

Name of the database used by the application. Default: app.

+
owner
+string +
+

Name of the owner of the database in the instance to be used +by applications. Defaults to the value of the database key.

+
secret
+LocalObjectReference +
+

Name of the secret containing the initial credentials for the +owner of the user database. If empty a new secret will be +created from scratch

+
+ +
+ +## CertificatesConfiguration + +**Appears in:** + +- [CertificatesStatus](#postgresql-k8s-enterprisedb-io-v1-CertificatesStatus) + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

CertificatesConfiguration contains the needed configurations to handle server certificates.

+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
serverCASecret
+string +
+

The secret containing the Server CA certificate. If not defined, a new secret will be created +with a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret. + +Contains: +

+
    +
  • ca.crt: CA that should be used to validate the server certificate, +used as sslrootcert in client connection strings.
  • +
  • ca.key: key used to generate Server SSL certs, if ServerTLSSecret is provided, +this can be omitted.
  • +
+
serverTLSSecret
+string +
+

The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as +ssl_cert_file and ssl_key_file so that clients can connect to postgres securely. +If not defined, ServerCASecret must provide also ca.key and a new secret will be +created using the provided CA.

+
replicationTLSSecret
+string +
+

The secret of type kubernetes.io/tls containing the client certificate to authenticate as +the streaming_replica user. +If not defined, ClientCASecret must provide also ca.key, and a new secret will be +created using the provided CA.

+
clientCASecret
+string +
+

The secret containing the Client CA certificate. If not defined, a new secret will be created +with a self-signed CA and will be used to generate all the client certificates. + +Contains: +

+
    +
  • ca.crt: CA that should be used to validate the client certificates, +used as ssl_ca_file of all the instances.
  • +
  • ca.key: key used to generate client certificates, if ReplicationTLSSecret is provided, +this can be omitted.
  • +
+
serverAltDNSNames
+[]string +
+

The list of the server alternative DNS names to be added to the generated server TLS certificates, when required.

+
+ +
+ +## CertificatesStatus + +**Appears in:** + +- [ClusterStatus](#postgresql-k8s-enterprisedb-io-v1-ClusterStatus) + +

CertificatesStatus contains configuration certificates and related expiration dates.

+ + + + + + + + + + + +
FieldDescription
CertificatesConfiguration
+CertificatesConfiguration +
(Members of CertificatesConfiguration are embedded into this type.) +

Needed configurations to handle server certificates, initialized with default values, if needed.

+
expirations
+map[string]string +
+

Expiration dates for all certificates.

+
+ +
+ +## ClusterSpec + +**Appears in:** + +- [Cluster](#postgresql-k8s-enterprisedb-io-v1-Cluster) + +

ClusterSpec defines the desired state of Cluster

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
description
+string +
+

Description of this PostgreSQL cluster

+
inheritedMetadata
+EmbeddedObjectMetadata +
+

Metadata that will be inherited by all objects related to the Cluster

+
imageName
+string +
+

Name of the container image, supporting both tags (<image>:<tag>) +and digests for deterministic and repeatable deployments +(<image>:<tag>@sha256:<digestValue>)

+
imagePullPolicy
+core/v1.PullPolicy +
+

Image pull policy. +One of Always, Never or IfNotPresent. +If not defined, it defaults to IfNotPresent. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

+
schedulerName
+string +
+

If specified, the pod will be dispatched by specified Kubernetes +scheduler. If not specified, the pod will be dispatched by the default +scheduler. More info: +https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/

+
postgresUID
+int64 +
+

The UID of the postgres user inside the image, defaults to 26

+
postgresGID
+int64 +
+

The GID of the postgres user inside the image, defaults to 26

+
instances [Required]
+int +
+

Number of instances required in the cluster

+
minSyncReplicas
+int +
+

Minimum number of instances required in synchronous replication with the +primary. Undefined or 0 allow writes to complete when no standby is +available.

+
maxSyncReplicas
+int +
+

The target value for the synchronous replication quorum, that can be +decreased if the number of ready standbys is lower than this. +Undefined or 0 disable synchronous replication.

+
postgresql
+PostgresConfiguration +
+

Configuration of the PostgreSQL server

+
replicationSlots
+ReplicationSlotsConfiguration +
+

Replication slots management configuration

+
bootstrap
+BootstrapConfiguration +
+

Instructions to bootstrap this cluster

+
replica
+ReplicaClusterConfiguration +
+

Replica cluster configuration

+
superuserSecret
+LocalObjectReference +
+

The secret containing the superuser password. If not defined a new +secret will be created with a randomly generated password

+
enableSuperuserAccess
+bool +
+

When this option is enabled, the operator will use the SuperuserSecret +to update the postgres user password (if the secret is +not present, the operator will automatically create one). When this +option is disabled, the operator will ignore the SuperuserSecret content, delete +it when automatically created, and then blank the password of the postgres +user by setting it to NULL. Disabled by default.

+
certificates
+CertificatesConfiguration +
+

The configuration for the CA and related certificates

+
imagePullSecrets
+[]LocalObjectReference +
+

The list of pull secrets to be used to pull the images. If the license key +contains a pull secret that secret will be automatically included.

+
storage
+StorageConfiguration +
+

Configuration of the storage of the instances

+
serviceAccountTemplate
+ServiceAccountTemplate +
+

Configure the generation of the service account

+
walStorage
+StorageConfiguration +
+

Configuration of the storage for PostgreSQL WAL (Write-Ahead Log)

+
startDelay
+int32 +
+

The time in seconds that is allowed for a PostgreSQL instance to +successfully start up (default 3600). +The startup probe failure threshold is derived from this value using the formula: +ceiling(startDelay / 10).

+
stopDelay
+int32 +
+

The time in seconds that is allowed for a PostgreSQL instance to +gracefully shutdown (default 1800)

+
smartShutdownTimeout
+int32 +
+

The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete. +Make sure you reserve enough time for the operator to request a fast shutdown of Postgres +(that is: stopDelay - smartShutdownTimeout).

+
switchoverDelay
+int32 +
+

The time in seconds that is allowed for a primary PostgreSQL instance +to gracefully shutdown during a switchover. +Default value is 3600 seconds (1 hour).

+
failoverDelay
+int32 +
+

The amount of time (in seconds) to wait before triggering a failover +after the primary PostgreSQL instance in the cluster was detected +to be unhealthy

+
affinity
+AffinityConfiguration +
+

Affinity/Anti-affinity rules for Pods

+
topologySpreadConstraints
+[]core/v1.TopologySpreadConstraint +
+

TopologySpreadConstraints specifies how to spread matching pods among the given topology. +More info: +https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/

+
resources
+core/v1.ResourceRequirements +
+

Resources requirements of every generated Pod. Please refer to +https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +for more information.

+
ephemeralVolumesSizeLimit [Required]
+EphemeralVolumesSizeLimitConfiguration +
+

EphemeralVolumesSizeLimit allows the user to set the limits for the ephemeral +volumes

+
priorityClassName
+string +
+

Name of the priority class which will be used in every generated Pod, if the PriorityClass +specified does not exist, the pod will not be able to schedule. Please refer to +https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass +for more information

+
primaryUpdateStrategy
+PrimaryUpdateStrategy +
+

Deployment strategy to follow to upgrade the primary server during a rolling +update procedure, after all replicas have been successfully updated: +it can be automated (unsupervised - default) or manual (supervised)

+
primaryUpdateMethod
+PrimaryUpdateMethod +
+

Method to follow to upgrade the primary server during a rolling +update procedure, after all replicas have been successfully updated: +it can be with a switchover (switchover) or in-place (restart - default)

+
backup
+BackupConfiguration +
+

The configuration to be used for backups

+
nodeMaintenanceWindow
+NodeMaintenanceWindow +
+

Define a maintenance window for the Kubernetes nodes

+
licenseKey
+string +
+

The license key of the cluster. When empty, the cluster operates in +trial mode and after the expiry date (default 30 days) the operator +will cease any reconciliation attempt. For details, please refer to +the license agreement that comes with the operator.

+
licenseKeySecret
+core/v1.SecretKeySelector +
+

The reference to the license key. When this is set it take precedence over LicenseKey.

+
monitoring
+MonitoringConfiguration +
+

The configuration of the monitoring infrastructure of this cluster

+
externalClusters
+[]ExternalCluster +
+

The list of external clusters which are used in the configuration

+
logLevel
+string +
+

The instances' log level, one of the following values: error, warning, info (default), debug, trace

+
projectedVolumeTemplate
+core/v1.ProjectedVolumeSource +
+

Template to be used to define projected volumes, projected volumes will be mounted +under /projected base folder

+
env
+[]core/v1.EnvVar +
+

Env follows the Env format to pass environment variables +to the pods created in the cluster

+
envFrom
+[]core/v1.EnvFromSource +
+

EnvFrom follows the EnvFrom format to pass environment variables +sources to the pods to be used by Env

+
managed
+ManagedConfiguration +
+

The configuration that is used by the portions of PostgreSQL that are managed by the instance manager

+
seccompProfile
+core/v1.SeccompProfile +
+

The SeccompProfile applied to every Pod and Container. +Defaults to: RuntimeDefault

+
+ +
+ +## ClusterStatus + +**Appears in:** + +- [Cluster](#postgresql-k8s-enterprisedb-io-v1-Cluster) + +

ClusterStatus defines the observed state of Cluster

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
instances
+int +
+

The total number of PVC Groups detected in the cluster. It may differ from the number of existing instance pods.

+
readyInstances
+int +
+

The total number of ready instances in the cluster. It is equal to the number of ready instance pods.

+
instancesStatus
+map[github.com/EnterpriseDB/cloud-native-postgres/pkg/utils.PodStatus][]string +
+

InstancesStatus indicates in which status the instances are

+
instancesReportedState
+map[github.com/EnterpriseDB/cloud-native-postgres/api/v1.PodName]github.com/EnterpriseDB/cloud-native-postgres/api/v1.InstanceReportedState +
+

The reported state of the instances during the last reconciliation loop

+
managedRolesStatus
+ManagedRoles +
+

ManagedRolesStatus reports the state of the managed roles in the cluster

+
timelineID
+int +
+

The timeline of the Postgres cluster

+
topology
+Topology +
+

Instances topology.

+
latestGeneratedNode
+int +
+

ID of the latest generated node (used to avoid node name clashing)

+
currentPrimary
+string +
+

Current primary instance

+
targetPrimary
+string +
+

Target primary instance, this is different from the previous one +during a switchover or a failover

+
pvcCount
+int32 +
+

How many PVCs have been created by this cluster

+
jobCount
+int32 +
+

How many Jobs have been created by this cluster

+
danglingPVC
+[]string +
+

List of all the PVCs created by this cluster and still available +which are not attached to a Pod

+
resizingPVC
+[]string +
+

List of all the PVCs that have ResizingPVC condition.

+
initializingPVC
+[]string +
+

List of all the PVCs that are being initialized by this cluster

+
healthyPVC
+[]string +
+

List of all the PVCs not dangling nor initializing

+
unusablePVC
+[]string +
+

List of all the PVCs that are unusable because another PVC is missing

+
licenseStatus
+github.com/EnterpriseDB/cloud-native-postgres/pkg/licensekey.Status +
+

Status of the license

+
writeService
+string +
+

Current write pod

+
readService
+string +
+

Current list of read pods

+
phase
+string +
+

Current phase of the cluster

+
phaseReason
+string +
+

Reason for the current phase

+
secretsResourceVersion
+SecretsResourceVersion +
+

The list of resource versions of the secrets +managed by the operator. Every change here is done in the +interest of the instance manager, which will refresh the +secret data

+
configMapResourceVersion
+ConfigMapResourceVersion +
+

The list of resource versions of the configmaps, +managed by the operator. Every change here is done in the +interest of the instance manager, which will refresh the +configmap data

+
certificates
+CertificatesStatus +
+

The configuration for the CA and related certificates, initialized with defaults.

+
firstRecoverabilityPoint
+string +
+

The first recoverability point, stored as a date in RFC3339 format

+
lastSuccessfulBackup
+string +
+

Stored as a date in RFC3339 format

+
lastFailedBackup
+string +
+

Stored as a date in RFC3339 format

+
cloudNativePostgresqlCommitHash
+string +
+

The commit hash number of which this operator running

+
currentPrimaryTimestamp
+string +
+

The timestamp when the last actual promotion to primary has occurred

+
currentPrimaryFailingSinceTimestamp
+string +
+

The timestamp when the primary was detected to be unhealthy +This field is reported when spec.failoverDelay is populated or during online upgrades

+
targetPrimaryTimestamp
+string +
+

The timestamp when the last request for a new primary has occurred

+
poolerIntegrations
+PoolerIntegrations +
+

The integration needed by poolers referencing the cluster

+
cloudNativePostgresqlOperatorHash
+string +
+

The hash of the binary of the operator

+
conditions
+[]meta/v1.Condition +
+

Conditions for cluster object

+
instanceNames
+[]string +
+

List of instance names in the cluster

+
onlineUpdateEnabled
+bool +
+

OnlineUpdateEnabled shows if the online upgrade is enabled inside the cluster

+
azurePVCUpdateEnabled
+bool +
+

AzurePVCUpdateEnabled shows if the PVC online upgrade is enabled for this cluster

+
+ +
+ +## CompressionType + +(Alias of `string`) + +**Appears in:** + +- [DataBackupConfiguration](#postgresql-k8s-enterprisedb-io-v1-DataBackupConfiguration) + +- [WalBackupConfiguration](#postgresql-k8s-enterprisedb-io-v1-WalBackupConfiguration) + +

CompressionType encapsulates the available types of compression

+ +
+ +## ConfigMapKeySelector + +**Appears in:** + +- [MonitoringConfiguration](#postgresql-k8s-enterprisedb-io-v1-MonitoringConfiguration) + +- [PostInitApplicationSQLRefs](#postgresql-k8s-enterprisedb-io-v1-PostInitApplicationSQLRefs) + +

ConfigMapKeySelector contains enough information to let you locate +the key of a ConfigMap

+ + + + + + + + + + + +
FieldDescription
LocalObjectReference
+LocalObjectReference +
(Members of LocalObjectReference are embedded into this type.) +

The name of the secret in the pod's namespace to select from.

+
key [Required]
+string +
+

The key to select

+
+ +
+ +## ConfigMapResourceVersion + +**Appears in:** + +- [ClusterStatus](#postgresql-k8s-enterprisedb-io-v1-ClusterStatus) + +

ConfigMapResourceVersion is the resource versions of the secrets +managed by the operator

+ + + + + + + + +
FieldDescription
metrics
+map[string]string +
+

A map with the versions of all the config maps used to pass metrics. +Map keys are the config map names, map values are the versions

+
+ +
+ +## DataBackupConfiguration + +**Appears in:** + +- [BarmanObjectStoreConfiguration](#postgresql-k8s-enterprisedb-io-v1-BarmanObjectStoreConfiguration) + +

DataBackupConfiguration is the configuration of the backup of +the data directory

+ + + + + + + + + + + + + + + + + +
FieldDescription
compression
+CompressionType +
+

Compress a backup file (a tar file per tablespace) while streaming it +to the object store. Available options are empty string (no +compression, default), gzip, bzip2 or snappy.

+
encryption
+EncryptionType +
+

Whenever to force the encryption of files (if the bucket is +not already configured for that). +Allowed options are empty string (use the bucket policy, default), +AES256 and aws:kms

+
jobs
+int32 +
+

The number of parallel jobs to be used to upload the backup, defaults +to 2

+
immediateCheckpoint
+bool +
+

Control whether the I/O workload for the backup initial checkpoint will +be limited, according to the checkpoint_completion_target setting on +the PostgreSQL server. If set to true, an immediate checkpoint will be +used, meaning PostgreSQL will complete the checkpoint as soon as +possible. false by default.

+
+ +
+ +## DataSource + +**Appears in:** + +- [BootstrapRecovery](#postgresql-k8s-enterprisedb-io-v1-BootstrapRecovery) + +

DataSource contains the configuration required to bootstrap a +PostgreSQL cluster from an existing storage

+ + + + + + + + + + + +
FieldDescription
storage [Required]
+core/v1.TypedLocalObjectReference +
+

Configuration of the storage of the instances

+
walStorage
+core/v1.TypedLocalObjectReference +
+

Configuration of the storage for PostgreSQL WAL (Write-Ahead Log)

+
+ +
+ +## EPASConfiguration + +**Appears in:** + +- [PostgresConfiguration](#postgresql-k8s-enterprisedb-io-v1-PostgresConfiguration) + +

EPASConfiguration contains EDB Postgres Advanced Server specific configurations

+ + + + + + + + + + + +
FieldDescription
audit
+bool +
+

If true enables edb_audit logging

+
tde
+TDEConfiguration +
+

TDE configuration

+
+ +
+ +## EmbeddedObjectMetadata + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

EmbeddedObjectMetadata contains metadata to be inherited by all resources related to a Cluster

+ + + + + + + + + + + +
FieldDescription
labels
+map[string]string +
+ No description provided.
annotations
+map[string]string +
+ No description provided.
+ +
+ +## EncryptionType + +(Alias of `string`) + +**Appears in:** + +- [DataBackupConfiguration](#postgresql-k8s-enterprisedb-io-v1-DataBackupConfiguration) + +- [WalBackupConfiguration](#postgresql-k8s-enterprisedb-io-v1-WalBackupConfiguration) + +

EncryptionType encapsulated the available types of encryption

+ +
+ +## EnsureOption + +(Alias of `string`) + +**Appears in:** + +- [RoleConfiguration](#postgresql-k8s-enterprisedb-io-v1-RoleConfiguration) + +

EnsureOption represents whether we should enforce the presence or absence of +a Role in a PostgreSQL instance

+ +
+ +## EphemeralVolumesSizeLimitConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

EphemeralVolumesSizeLimitConfiguration contains the configuration of the ephemeral +storage

+ + + + + + + + + + + +
FieldDescription
shm [Required]
+k8s.io/apimachinery/pkg/api/resource.Quantity +
+

Shm is the size limit of the shared memory volume

+
temporaryData [Required]
+k8s.io/apimachinery/pkg/api/resource.Quantity +
+

TemporaryData is the size limit of the temporary data volume

+
+ +
+ +## ExternalCluster + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

ExternalCluster represents the connection parameters to an +external cluster which is used in the other sections of the configuration

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
name [Required]
+string +
+

The server name, required

+
connectionParameters
+map[string]string +
+

The list of connection parameters, such as dbname, host, username, etc

+
sslCert
+core/v1.SecretKeySelector +
+

The reference to an SSL certificate to be used to connect to this +instance

+
sslKey
+core/v1.SecretKeySelector +
+

The reference to an SSL private key to be used to connect to this +instance

+
sslRootCert
+core/v1.SecretKeySelector +
+

The reference to an SSL CA public key to be used to connect to this +instance

+
password
+core/v1.SecretKeySelector +
+

The reference to the password to be used to connect to the server

+
barmanObjectStore
+BarmanObjectStoreConfiguration +
+

The configuration for the barman-cloud tool suite

+
+ +
+ +## GoogleCredentials + +**Appears in:** + +- [BarmanCredentials](#postgresql-k8s-enterprisedb-io-v1-BarmanCredentials) + +

GoogleCredentials is the type for the Google Cloud Storage credentials. +This needs to be specified even if we run inside a GKE environment.

+ + + + + + + + + + + +
FieldDescription
applicationCredentials
+SecretKeySelector +
+

The secret containing the Google Cloud Storage JSON file with the credentials

+
gkeEnvironment
+bool +
+

If set to true, will presume that it's running inside a GKE environment, +default to false.

+
+ +
+ +## Import + +**Appears in:** + +- [BootstrapInitDB](#postgresql-k8s-enterprisedb-io-v1-BootstrapInitDB) + +

Import contains the configuration to init a database from a logic snapshot of an externalCluster

+ + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
source [Required]
+ImportSource +
+

The source of the import

+
type [Required]
+SnapshotType +
+

The import type. Can be microservice or monolith.

+
databases [Required]
+[]string +
+

The databases to import

+
roles
+[]string +
+

The roles to import

+
postImportApplicationSQL
+[]string +
+

List of SQL queries to be executed as a superuser in the application +database right after is imported - to be used with extreme care +(by default empty). Only available in microservice type.

+
schemaOnly
+bool +
+

When set to true, only the pre-data and post-data sections of +pg_restore are invoked, avoiding data import. Default: false.

+
+ +
+ +## ImportSource + +**Appears in:** + +- [Import](#postgresql-k8s-enterprisedb-io-v1-Import) + +

ImportSource describes the source for the logical snapshot

+ + + + + + + + +
FieldDescription
externalCluster [Required]
+string +
+

The name of the externalCluster used for import

+
+ +
+ +## InstanceID + +**Appears in:** + +- [BackupStatus](#postgresql-k8s-enterprisedb-io-v1-BackupStatus) + +

InstanceID contains the information to identify an instance

+ + + + + + + + + + + +
FieldDescription
podName
+string +
+

The pod name

+
ContainerID
+string +
+

The container ID

+
+ +
+ +## InstanceReportedState + +**Appears in:** + +- [ClusterStatus](#postgresql-k8s-enterprisedb-io-v1-ClusterStatus) + +

InstanceReportedState describes the last reported state of an instance during a reconciliation loop

+ + + + + + + + + + + +
FieldDescription
isPrimary [Required]
+bool +
+

indicates if an instance is the primary one

+
timeLineID
+int +
+

indicates on which TimelineId the instance is

+
+ +
+ +## LDAPBindAsAuth + +**Appears in:** + +- [LDAPConfig](#postgresql-k8s-enterprisedb-io-v1-LDAPConfig) + +

LDAPBindAsAuth provides the required fields to use the +bind authentication for LDAP

+ + + + + + + + + + + +
FieldDescription
prefix
+string +
+

Prefix for the bind authentication option

+
suffix
+string +
+

Suffix for the bind authentication option

+
+ +
+ +## LDAPBindSearchAuth + +**Appears in:** + +- [LDAPConfig](#postgresql-k8s-enterprisedb-io-v1-LDAPConfig) + +

LDAPBindSearchAuth provides the required fields to use +the bind+search LDAP authentication process

+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
baseDN
+string +
+

Root DN to begin the user search

+
bindDN
+string +
+

DN of the user to bind to the directory

+
bindPassword
+core/v1.SecretKeySelector +
+

Secret with the password for the user to bind to the directory

+
searchAttribute
+string +
+

Attribute to match against the username

+
searchFilter
+string +
+

Search filter to use when doing the search+bind authentication

+
+ +
+ +## LDAPConfig + +**Appears in:** + +- [PostgresConfiguration](#postgresql-k8s-enterprisedb-io-v1-PostgresConfiguration) + +

LDAPConfig contains the parameters needed for LDAP authentication

+ + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
server
+string +
+

LDAP hostname or IP address

+
port
+int +
+

LDAP server port

+
scheme
+LDAPScheme +
+

LDAP schema to be used, possible options are ldap and ldaps

+
bindAsAuth
+LDAPBindAsAuth +
+

Bind as authentication configuration

+
bindSearchAuth
+LDAPBindSearchAuth +
+

Bind+Search authentication configuration

+
tls
+bool +
+

Set to 'true' to enable LDAP over TLS. 'false' is default

+
+ +
+ +## LDAPScheme + +(Alias of `string`) + +**Appears in:** + +- [LDAPConfig](#postgresql-k8s-enterprisedb-io-v1-LDAPConfig) + +

LDAPScheme defines the possible schemes for LDAP

+ +
+ +## LocalObjectReference + +**Appears in:** + +- [BackupSource](#postgresql-k8s-enterprisedb-io-v1-BackupSource) + +- [BackupSpec](#postgresql-k8s-enterprisedb-io-v1-BackupSpec) + +- [BootstrapInitDB](#postgresql-k8s-enterprisedb-io-v1-BootstrapInitDB) + +- [BootstrapPgBaseBackup](#postgresql-k8s-enterprisedb-io-v1-BootstrapPgBaseBackup) + +- [BootstrapRecovery](#postgresql-k8s-enterprisedb-io-v1-BootstrapRecovery) + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +- [ConfigMapKeySelector](#postgresql-k8s-enterprisedb-io-v1-ConfigMapKeySelector) + +- [PgBouncerSpec](#postgresql-k8s-enterprisedb-io-v1-PgBouncerSpec) + +- [PoolerSpec](#postgresql-k8s-enterprisedb-io-v1-PoolerSpec) + +- [RoleConfiguration](#postgresql-k8s-enterprisedb-io-v1-RoleConfiguration) + +- [ScheduledBackupSpec](#postgresql-k8s-enterprisedb-io-v1-ScheduledBackupSpec) + +- [SecretKeySelector](#postgresql-k8s-enterprisedb-io-v1-SecretKeySelector) + +

LocalObjectReference contains enough information to let you locate a +local object with a known type inside the same namespace

+ + + + + + + + +
FieldDescription
name [Required]
+string +
+

Name of the referent.

+
+ +
+ +## ManagedConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

ManagedConfiguration represents the portions of PostgreSQL that are managed +by the instance manager

+ + + + + + + + +
FieldDescription
roles
+[]RoleConfiguration +
+

Database roles managed by the Cluster

+
+ +
+ +## ManagedRoles + +**Appears in:** + +- [ClusterStatus](#postgresql-k8s-enterprisedb-io-v1-ClusterStatus) + +

ManagedRoles tracks the status of a cluster's managed roles

+ + + + + + + + + + + + + + +
FieldDescription
byStatus
+map[github.com/EnterpriseDB/cloud-native-postgres/api/v1.RoleStatus][]string +
+

ByStatus gives the list of roles in each state

+
cannotReconcile
+map[string][]string +
+

CannotReconcile lists roles that cannot be reconciled in PostgreSQL, +with an explanation of the cause

+
passwordStatus
+map[string]github.com/EnterpriseDB/cloud-native-postgres/api/v1.PasswordState +
+

PasswordStatus gives the last transaction id and password secret version for each managed role

+
+ +
+ +## Metadata + +**Appears in:** + +- [PodTemplateSpec](#postgresql-k8s-enterprisedb-io-v1-PodTemplateSpec) + +- [ServiceAccountTemplate](#postgresql-k8s-enterprisedb-io-v1-ServiceAccountTemplate) + +

Metadata is a structure similar to the metav1.ObjectMeta, but still +parseable by controller-gen to create a suitable CRD for the user. +The comment of PodTemplateSpec has an explanation of why we are +not using the core data types.

+ + + + + + + + + + + +
FieldDescription
labels
+map[string]string +
+

Map of string keys and values that can be used to organize and categorize +(scope and select) objects. May match selectors of replication controllers +and services. +More info: http://kubernetes.io/docs/user-guide/labels

+
annotations
+map[string]string +
+

Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: http://kubernetes.io/docs/user-guide/annotations

+
+ +
+ +## MonitoringConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

MonitoringConfiguration is the type containing all the monitoring +configuration for a certain cluster

+ + + + + + + + + + + + + + + + + +
FieldDescription
disableDefaultQueries
+bool +
+

Whether the default queries should be injected. +Set it to true if you don't want to inject default queries into the cluster. +Default: false.

+
customQueriesConfigMap
+[]ConfigMapKeySelector +
+

The list of config maps containing the custom queries

+
customQueriesSecret
+[]SecretKeySelector +
+

The list of secrets containing the custom queries

+
enablePodMonitor
+bool +
+

Enable or disable the PodMonitor

+
+ +
+ +## NodeMaintenanceWindow + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

NodeMaintenanceWindow contains information that the operator +will use while upgrading the underlying node.

+

This option is only useful when the chosen storage prevents the Pods +from being freely moved across nodes.

+ + + + + + + + + + + +
FieldDescription
reusePVC
+bool +
+

Reuse the existing PVC (wait for the node to come +up again) or not (recreate it elsewhere - when instances >1)

+
inProgress
+bool +
+

Is there a node maintenance activity in progress?

+
+ +
+ +## PasswordState + +**Appears in:** + +- [ManagedRoles](#postgresql-k8s-enterprisedb-io-v1-ManagedRoles) + +

PasswordState represents the state of the password of a managed RoleConfiguration

+ + + + + + + + + + + +
FieldDescription
transactionID
+int64 +
+

the last transaction ID to affect the role definition in PostgreSQL

+
resourceVersion
+string +
+

the resource version of the password secret

+
+ +
+ +## PgBouncerIntegrationStatus + +**Appears in:** + +- [PoolerIntegrations](#postgresql-k8s-enterprisedb-io-v1-PoolerIntegrations) + +

PgBouncerIntegrationStatus encapsulates the needed integration for the pgbouncer poolers referencing the cluster

+ + + + + + + + +
FieldDescription
secrets
+[]string +
+ No description provided.
+ +
+ +## PgBouncerPoolMode + +(Alias of `string`) + +**Appears in:** + +- [PgBouncerSpec](#postgresql-k8s-enterprisedb-io-v1-PgBouncerSpec) + +

PgBouncerPoolMode is the mode of PgBouncer

+ +
+ +## PgBouncerSecrets + +**Appears in:** + +- [PoolerSecrets](#postgresql-k8s-enterprisedb-io-v1-PoolerSecrets) + +

PgBouncerSecrets contains the versions of the secrets used +by pgbouncer

+ + + + + + + + +
FieldDescription
authQuery
+SecretVersion +
+

The auth query secret version

+
+ +
+ +## PgBouncerSpec + +**Appears in:** + +- [PoolerSpec](#postgresql-k8s-enterprisedb-io-v1-PoolerSpec) + +

PgBouncerSpec defines how to configure PgBouncer

+ + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
poolMode
+PgBouncerPoolMode +
+

The pool mode. Default: session.

+
authQuerySecret
+LocalObjectReference +
+

The credentials of the user that need to be used for the authentication +query. In case it is specified, also an AuthQuery +(e.g. "SELECT usename, passwd FROM pg_shadow WHERE usename=$1") +has to be specified and no automatic CNP Cluster integration will be triggered.

+
authQuery
+string +
+

The query that will be used to download the hash of the password +of a certain user. Default: "SELECT usename, passwd FROM user_search($1)". +In case it is specified, also an AuthQuerySecret has to be specified and +no automatic CNP Cluster integration will be triggered.

+
parameters
+map[string]string +
+

Additional parameters to be passed to PgBouncer - please check +the CNP documentation for a list of options you can configure

+
pg_hba
+[]string +
+

PostgreSQL Host Based Authentication rules (lines to be appended +to the pg_hba.conf file)

+
paused
+bool +
+

When set to true, PgBouncer will disconnect from the PostgreSQL +server, first waiting for all queries to complete, and pause all new +client connections until this value is set to false (default). Internally, +the operator calls PgBouncer's PAUSE and RESUME commands.

+
+ +
+ +## PodTemplateSpec + +**Appears in:** + +- [PoolerSpec](#postgresql-k8s-enterprisedb-io-v1-PoolerSpec) + +

PodTemplateSpec is a structure allowing the user to set +a template for Pod generation.

+

Unfortunately we can't use the corev1.PodTemplateSpec +type because the generated CRD won't have the field for the +metadata section.

+

References: +https://github.com/kubernetes-sigs/controller-tools/issues/385 +https://github.com/kubernetes-sigs/controller-tools/issues/448 +https://github.com/prometheus-operator/prometheus-operator/issues/3041

+ + + + + + + + + + + +
FieldDescription
metadata
+Metadata +
+

Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

+
spec
+core/v1.PodSpec +
+

Specification of the desired behavior of the pod. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

+
+ +
+ +## PodTopologyLabels + +(Alias of `map[string]string`) + +**Appears in:** + +- [Topology](#postgresql-k8s-enterprisedb-io-v1-Topology) + +

PodTopologyLabels represent the topology of a Pod. map[labelName]labelValue

+ +
+ +## PoolerIntegrations + +**Appears in:** + +- [ClusterStatus](#postgresql-k8s-enterprisedb-io-v1-ClusterStatus) + +

PoolerIntegrations encapsulates the needed integration for the poolers referencing the cluster

+ + + + + + + + +
FieldDescription
pgBouncerIntegration
+PgBouncerIntegrationStatus +
+ No description provided.
+ +
+ +## PoolerMonitoringConfiguration + +**Appears in:** + +- [PoolerSpec](#postgresql-k8s-enterprisedb-io-v1-PoolerSpec) + +

PoolerMonitoringConfiguration is the type containing all the monitoring +configuration for a certain Pooler.

+

Mirrors the Cluster's MonitoringConfiguration but without the custom queries +part for now.

+ + + + + + + + +
FieldDescription
enablePodMonitor
+bool +
+

Enable or disable the PodMonitor

+
+ +
+ +## PoolerSecrets + +**Appears in:** + +- [PoolerStatus](#postgresql-k8s-enterprisedb-io-v1-PoolerStatus) + +

PoolerSecrets contains the versions of all the secrets used

+ + + + + + + + + + + + + + + + + +
FieldDescription
serverTLS
+SecretVersion +
+

The server TLS secret version

+
serverCA
+SecretVersion +
+

The server CA secret version

+
clientCA
+SecretVersion +
+

The client CA secret version

+
pgBouncerSecrets
+PgBouncerSecrets +
+

The version of the secrets used by PgBouncer

+
+ +
+ +## PoolerSpec + +**Appears in:** + +- [Pooler](#postgresql-k8s-enterprisedb-io-v1-Pooler) + +

PoolerSpec defines the desired state of Pooler

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
cluster [Required]
+LocalObjectReference +
+

This is the cluster reference on which the Pooler will work. +Pooler name should never match with any cluster name within the same namespace.

+
type
+PoolerType +
+

Type of service to forward traffic to. Default: rw.

+
instances
+int32 +
+

The number of replicas we want. Default: 1.

+
template
+PodTemplateSpec +
+

The template of the Pod to be created

+
pgbouncer [Required]
+PgBouncerSpec +
+

The PgBouncer configuration

+
deploymentStrategy
+apps/v1.DeploymentStrategy +
+

The deployment strategy to use for pgbouncer to replace existing pods with new ones

+
monitoring
+PoolerMonitoringConfiguration +
+

The configuration of the monitoring infrastructure of this pooler.

+
+ +
+ +## PoolerStatus + +**Appears in:** + +- [Pooler](#postgresql-k8s-enterprisedb-io-v1-Pooler) + +

PoolerStatus defines the observed state of Pooler

+ + + + + + + + + + + +
FieldDescription
secrets
+PoolerSecrets +
+

The resource version of the config object

+
instances
+int32 +
+

The number of pods trying to be scheduled

+
+ +
+ +## PoolerType + +(Alias of `string`) + +**Appears in:** + +- [PoolerSpec](#postgresql-k8s-enterprisedb-io-v1-PoolerSpec) + +

PoolerType is the type of the connection pool, meaning the service +we are targeting. Allowed values are rw and ro.

+ +
+ +## PostInitApplicationSQLRefs + +**Appears in:** + +- [BootstrapInitDB](#postgresql-k8s-enterprisedb-io-v1-BootstrapInitDB) + +

PostInitApplicationSQLRefs points references to ConfigMaps or Secrets which +contain SQL files, the general implementation order to these references is +from all Secrets to all ConfigMaps, and inside Secrets or ConfigMaps, +the implementation order is same as the order of each array

+ + + + + + + + + + + +
FieldDescription
secretRefs
+[]SecretKeySelector +
+

SecretRefs holds a list of references to Secrets

+
configMapRefs
+[]ConfigMapKeySelector +
+

ConfigMapRefs holds a list of references to ConfigMaps

+
+ +
+ +## PostgresConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

PostgresConfiguration defines the PostgreSQL configuration

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
parameters
+map[string]string +
+

PostgreSQL configuration options (postgresql.conf)

+
pg_hba
+[]string +
+

PostgreSQL Host Based Authentication rules (lines to be appended +to the pg_hba.conf file)

+
epas
+EPASConfiguration +
+

EDB Postgres Advanced Server specific configurations

+
syncReplicaElectionConstraint
+SyncReplicaElectionConstraints +
+

Requirements to be met by sync replicas. This will affect how the "synchronous_standby_names" parameter will be +set up.

+
shared_preload_libraries
+[]string +
+

Lists of shared preload libraries to add to the default ones

+
ldap
+LDAPConfig +
+

Options to specify LDAP configuration

+
promotionTimeout
+int32 +
+

Specifies the maximum number of seconds to wait when promoting an instance to primary. +Default value is 40000000, greater than one year in seconds, +big enough to simulate an infinite timeout

+
+ +
+ +## PrimaryUpdateMethod + +(Alias of `string`) + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

PrimaryUpdateMethod contains the method to use when upgrading +the primary server of the cluster as part of rolling updates

+ +
+ +## PrimaryUpdateStrategy + +(Alias of `string`) + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

PrimaryUpdateStrategy contains the strategy to follow when upgrading +the primary server of the cluster as part of rolling updates

+ +
+ +## RecoveryTarget + +**Appears in:** + +- [BootstrapRecovery](#postgresql-k8s-enterprisedb-io-v1-BootstrapRecovery) + +

RecoveryTarget allows to configure the moment where the recovery process +will stop. All the target options except TargetTLI are mutually exclusive.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
backupID
+string +
+

The ID of the backup from which to start the recovery process. +If empty (default) the operator will automatically detect the backup +based on targetTime or targetLSN if specified. Otherwise use the +latest available backup in chronological order.

+
targetTLI
+string +
+

The target timeline ("latest" or a positive integer)

+
targetXID
+string +
+

The target transaction ID

+
targetName
+string +
+

The target name (to be previously created +with pg_create_restore_point)

+
targetLSN
+string +
+

The target LSN (Log Sequence Number)

+
targetTime
+string +
+

The target time as a timestamp in the RFC3339 standard

+
targetImmediate
+bool +
+

End recovery as soon as a consistent state is reached

+
exclusive
+bool +
+

Set the target to be exclusive. If omitted, defaults to false, so that +in Postgres, recovery_target_inclusive will be true

+
+ +
+ +## ReplicaClusterConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

ReplicaClusterConfiguration encapsulates the configuration of a replica +cluster

+ + + + + + + + + + + +
FieldDescription
source [Required]
+string +
+

The name of the external cluster which is the replication origin

+
enabled [Required]
+bool +
+

If replica mode is enabled, this cluster will be a replica of an +existing cluster. Replica cluster can be created from a recovery +object store or via streaming through pg_basebackup. +Refer to the Replica clusters page of the documentation for more information.

+
+ +
+ +## ReplicationSlotsConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

ReplicationSlotsConfiguration encapsulates the configuration +of replication slots

+ + + + + + + + + + + +
FieldDescription
highAvailability
+ReplicationSlotsHAConfiguration +
+

Replication slots for high availability configuration

+
updateInterval
+int +
+

Standby will update the status of the local replication slots +every updateInterval seconds (default 30).

+
+ +
+ +## ReplicationSlotsHAConfiguration + +**Appears in:** + +- [ReplicationSlotsConfiguration](#postgresql-k8s-enterprisedb-io-v1-ReplicationSlotsConfiguration) + +

ReplicationSlotsHAConfiguration encapsulates the configuration +of the replication slots that are automatically managed by +the operator to control the streaming replication connections +with the standby instances for high availability (HA) purposes. +Replication slots are a PostgreSQL feature that makes sure +that PostgreSQL automatically keeps WAL files in the primary +when a streaming client (in this specific case a replica that +is part of the HA cluster) gets disconnected.

+ + + + + + + + + + + +
FieldDescription
enabled
+bool +
+

If enabled (default), the operator will automatically manage replication slots +on the primary instance and use them in streaming replication +connections with all the standby instances that are part of the HA +cluster. If disabled, the operator will not take advantage +of replication slots in streaming connections with the replicas. +This feature also controls replication slots in replica cluster, +from the designated primary to its cascading replicas.

+
slotPrefix
+string +
+

Prefix for replication slots managed by the operator for HA. +It may only contain lower case letters, numbers, and the underscore character. +This can only be set at creation time. By default set to _cnp_.

+
+ +
+ +## RoleConfiguration + +**Appears in:** + +- [ManagedConfiguration](#postgresql-k8s-enterprisedb-io-v1-ManagedConfiguration) + +

RoleConfiguration is the representation, in Kubernetes, of a PostgreSQL role +with the additional field Ensure specifying whether to ensure the presence or +absence of the role in the database

+

The defaults of the CREATE ROLE command are applied +Reference: https://www.postgresql.org/docs/current/sql-createrole.html

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
name [Required]
+string +
+

Name of the role

+
comment
+string +
+

Description of the role

+
ensure
+EnsureOption +
+

Ensure the role is present or absent - defaults to "present"

+
passwordSecret
+LocalObjectReference +
+

Secret containing the password of the role (if present) +If null, the password will be ignored unless DisablePassword is set

+
connectionLimit
+int64 +
+

If the role can log in, this specifies how many concurrent +connections the role can make. -1 (the default) means no limit.

+
validUntil
+meta/v1.Time +
+

Date and time after which the role's password is no longer valid. +When omitted, the password will never expire (default).

+
inRoles
+[]string +
+

List of one or more existing roles to which this role will be +immediately added as a new member. Default empty.

+
inherit
+bool +
+

Whether a role "inherits" the privileges of roles it is a member of. +Defaults is true.

+
disablePassword
+bool +
+

DisablePassword indicates that a role's password should be set to NULL in Postgres

+
superuser
+bool +
+

Whether the role is a superuser who can override all access +restrictions within the database - superuser status is dangerous and +should be used only when really needed. You must yourself be a +superuser to create a new superuser. Defaults is false.

+
createdb
+bool +
+

When set to true, the role being defined will be allowed to create +new databases. Specifying false (default) will deny a role the +ability to create databases.

+
createrole
+bool +
+

Whether the role will be permitted to create, alter, drop, comment +on, change the security label for, and grant or revoke membership in +other roles. Default is false.

+
login
+bool +
+

Whether the role is allowed to log in. A role having the login +attribute can be thought of as a user. Roles without this attribute +are useful for managing database privileges, but are not users in +the usual sense of the word. Default is false.

+
replication
+bool +
+

Whether a role is a replication role. A role must have this +attribute (or be a superuser) in order to be able to connect to the +server in replication mode (physical or logical replication) and in +order to be able to create or drop replication slots. A role having +the replication attribute is a very highly privileged role, and +should only be used on roles actually used for replication. Default +is false.

+
bypassrls
+bool +
+

Whether a role bypasses every row-level security (RLS) policy. +Default is false.

+
+ +
+ +## S3Credentials + +**Appears in:** + +- [BarmanCredentials](#postgresql-k8s-enterprisedb-io-v1-BarmanCredentials) + +

S3Credentials is the type for the credentials to be used to upload +files to S3. It can be provided in two alternative ways:

+
    +
  • +

    explicitly passing accessKeyId and secretAccessKey

    +
  • +
  • +

    inheriting the role from the pod environment by setting inheritFromIAMRole to true

    +
  • +
+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
accessKeyId
+SecretKeySelector +
+

The reference to the access key id

+
secretAccessKey
+SecretKeySelector +
+

The reference to the secret access key

+
region
+SecretKeySelector +
+

The reference to the secret containing the region name

+
sessionToken
+SecretKeySelector +
+

The references to the session key

+
inheritFromIAMRole
+bool +
+

Use the role based authentication without providing explicitly the keys.

+
+ +
+ +## ScheduledBackupSpec + +**Appears in:** + +- [ScheduledBackup](#postgresql-k8s-enterprisedb-io-v1-ScheduledBackup) + +

ScheduledBackupSpec defines the desired state of ScheduledBackup

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
suspend
+bool +
+

If this backup is suspended or not

+
immediate
+bool +
+

If the first backup has to be immediately start after creation or not

+
schedule [Required]
+string +
+

The schedule does not follow the same format used in Kubernetes CronJobs +as it includes an additional seconds specifier, +see https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format

+
cluster [Required]
+LocalObjectReference +
+

The cluster to backup

+
backupOwnerReference
+string +
+

Indicates which ownerReference should be put inside the created backup resources.

+
    +
  • none: no owner reference for created backup objects (same behavior as before the field was introduced)
  • +
  • self: sets the Scheduled backup object as owner of the backup
  • +
  • cluster: set the cluster as owner of the backup
  • +
+
target
+BackupTarget +
+

The policy to decide which instance should perform this backup. If empty, +it defaults to cluster.spec.backup.target. +Available options are empty string, primary and prefer-standby. +primary to have backups run always on primary instances, +prefer-standby to have backups run preferably on the most updated +standby, if available.

+
method
+BackupMethod +
+

The backup method to be used, possible options are barmanObjectStore +and volumeSnapshot. Defaults to: barmanObjectStore.

+
+ +
+ +## ScheduledBackupStatus + +**Appears in:** + +- [ScheduledBackup](#postgresql-k8s-enterprisedb-io-v1-ScheduledBackup) + +

ScheduledBackupStatus defines the observed state of ScheduledBackup

+ + + + + + + + + + + + + + +
FieldDescription
lastCheckTime
+meta/v1.Time +
+

The latest time the schedule

+
lastScheduleTime
+meta/v1.Time +
+

Information when was the last time that backup was successfully scheduled.

+
nextScheduleTime
+meta/v1.Time +
+

Next time we will run a backup

+
+ +
+ +## SecretKeySelector + +**Appears in:** + +- [AzureCredentials](#postgresql-k8s-enterprisedb-io-v1-AzureCredentials) + +- [BackupSource](#postgresql-k8s-enterprisedb-io-v1-BackupSource) + +- [BackupStatus](#postgresql-k8s-enterprisedb-io-v1-BackupStatus) + +- [BarmanObjectStoreConfiguration](#postgresql-k8s-enterprisedb-io-v1-BarmanObjectStoreConfiguration) + +- [GoogleCredentials](#postgresql-k8s-enterprisedb-io-v1-GoogleCredentials) + +- [MonitoringConfiguration](#postgresql-k8s-enterprisedb-io-v1-MonitoringConfiguration) + +- [PostInitApplicationSQLRefs](#postgresql-k8s-enterprisedb-io-v1-PostInitApplicationSQLRefs) + +- [S3Credentials](#postgresql-k8s-enterprisedb-io-v1-S3Credentials) + +

SecretKeySelector contains enough information to let you locate +the key of a Secret

+ + + + + + + + + + + +
FieldDescription
LocalObjectReference
+LocalObjectReference +
(Members of LocalObjectReference are embedded into this type.) +

The name of the secret in the pod's namespace to select from.

+
key [Required]
+string +
+

The key to select

+
+ +
+ +## SecretVersion + +**Appears in:** + +- [PgBouncerSecrets](#postgresql-k8s-enterprisedb-io-v1-PgBouncerSecrets) + +- [PoolerSecrets](#postgresql-k8s-enterprisedb-io-v1-PoolerSecrets) + +

SecretVersion contains a secret name and its ResourceVersion

+ + + + + + + + + + + +
FieldDescription
name
+string +
+

The name of the secret

+
version
+string +
+

The ResourceVersion of the secret

+
+ +
+ +## SecretsResourceVersion + +**Appears in:** + +- [ClusterStatus](#postgresql-k8s-enterprisedb-io-v1-ClusterStatus) + +

SecretsResourceVersion is the resource versions of the secrets +managed by the operator

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
superuserSecretVersion
+string +
+

The resource version of the "postgres" user secret

+
replicationSecretVersion
+string +
+

The resource version of the "streaming_replica" user secret

+
applicationSecretVersion
+string +
+

The resource version of the "app" user secret

+
managedRoleSecretVersion
+map[string]string +
+

The resource versions of the managed roles secrets

+
caSecretVersion
+string +
+

Unused. Retained for compatibility with old versions.

+
clientCaSecretVersion
+string +
+

The resource version of the PostgreSQL client-side CA secret version

+
serverCaSecretVersion
+string +
+

The resource version of the PostgreSQL server-side CA secret version

+
serverSecretVersion
+string +
+

The resource version of the PostgreSQL server-side secret version

+
barmanEndpointCA
+string +
+

The resource version of the Barman Endpoint CA if provided

+
metrics
+map[string]string +
+

A map with the versions of all the secrets used to pass metrics. +Map keys are the secret names, map values are the versions

+
+ +
+ +## ServiceAccountTemplate + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

ServiceAccountTemplate contains the template needed to generate the service accounts

+ + + + + + + + +
FieldDescription
metadata [Required]
+Metadata +
+

Metadata are the metadata to be used for the generated +service account

+
+ +
+ +## SnapshotOwnerReference + +(Alias of `string`) + +**Appears in:** + +- [VolumeSnapshotConfiguration](#postgresql-k8s-enterprisedb-io-v1-VolumeSnapshotConfiguration) + +

SnapshotOwnerReference defines the reference type for the owner of the snapshot. +This specifies which owner the processed resources should relate to.

+ +
+ +## SnapshotType + +(Alias of `string`) + +**Appears in:** + +- [Import](#postgresql-k8s-enterprisedb-io-v1-Import) + +

SnapshotType is a type of allowed import

+ +
+ +## StorageConfiguration + +**Appears in:** + +- [ClusterSpec](#postgresql-k8s-enterprisedb-io-v1-ClusterSpec) + +

StorageConfiguration is the configuration of the storage of the PostgreSQL instances

+ + + + + + + + + + + + + + + + + +
FieldDescription
storageClass
+string +
+

StorageClass to use for database data (PGDATA). Applied after +evaluating the PVC template, if available. +If not specified, generated PVCs will be satisfied by the +default storage class

+
size
+string +
+

Size of the storage. Required if not already specified in the PVC template. +Changes to this field are automatically reapplied to the created PVCs. +Size cannot be decreased.

+
resizeInUseVolumes
+bool +
+

Resize existent PVCs, defaults to true

+
pvcTemplate
+core/v1.PersistentVolumeClaimSpec +
+

Template to be used to generate the Persistent Volume Claim

+
+ +
+ +## SyncReplicaElectionConstraints + +**Appears in:** + +- [PostgresConfiguration](#postgresql-k8s-enterprisedb-io-v1-PostgresConfiguration) + +

SyncReplicaElectionConstraints contains the constraints for sync replicas election.

+

For anti-affinity parameters two instances are considered in the same location +if all the labels values match.

+

In future synchronous replica election restriction by name will be supported.

+ + + + + + + + + + + +
FieldDescription
nodeLabelsAntiAffinity
+[]string +
+

A list of node labels values to extract and compare to evaluate if the pods reside in the same topology or not

+
enabled [Required]
+bool +
+

This flag enables the constraints for sync replicas

+
+ +
+ +## TDEConfiguration + +**Appears in:** + +- [EPASConfiguration](#postgresql-k8s-enterprisedb-io-v1-EPASConfiguration) + +

TDEConfiguration contains the Transparent Data Encryption configuration

+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
enabled
+bool +
+

True if we want to have TDE enabled

+
secretKeyRef
+core/v1.SecretKeySelector +
+

Reference to the secret that contains the encryption key

+
wrapCommand
+core/v1.SecretKeySelector +
+

WrapCommand is the encrypt command provided by the user

+
unwrapCommand
+core/v1.SecretKeySelector +
+

UnwrapCommand is the decryption command provided by the user

+
passphraseCommand
+core/v1.SecretKeySelector +
+

PassphraseCommand is the command executed to get the passphrase that will be +passed to the OpenSSL command to encrypt and decrypt

+
+ +
+ +## Topology + +**Appears in:** + +- [ClusterStatus](#postgresql-k8s-enterprisedb-io-v1-ClusterStatus) + +

Topology contains the cluster topology

+ + + + + + + + + + + + + + +
FieldDescription
instances
+map[github.com/EnterpriseDB/cloud-native-postgres/api/v1.PodName]github.com/EnterpriseDB/cloud-native-postgres/api/v1.PodTopologyLabels +
+

Instances contains the pod topology of the instances

+
nodesUsed
+int32 +
+

NodesUsed represents the count of distinct nodes accommodating the instances. +A value of '1' suggests that all instances are hosted on a single node, +implying the absence of High Availability (HA). Ideally, this value should +be the same as the number of instances in the Postgres HA cluster, implying +shared nothing architecture on the compute side.

+
successfullyExtracted
+bool +
+

SuccessfullyExtracted indicates if the topology data was extract. It is useful to enact fallback behaviors +in synchronous replica election in case of failures

+
+ +
+ +## VolumeSnapshotConfiguration + +**Appears in:** + +- [BackupConfiguration](#postgresql-k8s-enterprisedb-io-v1-BackupConfiguration) + +

VolumeSnapshotConfiguration represents the configuration for the execution of snapshot backups.

+ + + + + + + + + + + + + + + + + + + + +
FieldDescription
labels
+map[string]string +
+

Labels are key-value pairs that will be added to .metadata.labels snapshot resources.

+
annotations
+map[string]string +
+

Annotations key-value pairs that will be added to .metadata.annotations snapshot resources.

+
className
+string +
+

ClassName specifies the Snapshot Class to be used for PG_DATA PersistentVolumeClaim. +It is the default class for the other types if no specific class is present

+
walClassName
+string +
+

WalClassName specifies the Snapshot Class to be used for the PG_WAL PersistentVolumeClaim.

+
snapshotOwnerReference
+SnapshotOwnerReference +
+

SnapshotOwnerReference indicates the type of owner reference the snapshot should have

+
+ +
+ +## WalBackupConfiguration + +**Appears in:** + +- [BarmanObjectStoreConfiguration](#postgresql-k8s-enterprisedb-io-v1-BarmanObjectStoreConfiguration) + +

WalBackupConfiguration is the configuration of the backup of the +WAL stream

+ + + + + + + + + + + + + + +
FieldDescription
compression
+CompressionType +
+

Compress a WAL file before sending it to the object store. Available +options are empty string (no compression, default), gzip, bzip2 or snappy.

+
encryption
+EncryptionType +
+

Whenever to force the encryption of files (if the bucket is +not already configured for that). +Allowed options are empty string (use the bucket policy, default), +AES256 and aws:kms

+
maxParallel
+int +
+

Number of WAL files to be either archived in parallel (when the +PostgreSQL instance is archiving to a backup object store) or +restored in parallel (when a PostgreSQL standby is fetching WAL +files from a recovery object store). If not specified, WAL files +will be processed one at a time. It accepts a positive integer as a +value - with 1 being the minimum accepted value.

+
diff --git a/product_docs/docs/postgres_for_kubernetes/1/cluster_conf.mdx b/product_docs/docs/postgres_for_kubernetes/1/cluster_conf.mdx index 7b3f273e583..807fe05e6d3 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/cluster_conf.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/cluster_conf.mdx @@ -38,6 +38,25 @@ spec: You can find a complete example using projected volume template to mount Secret and Configmap in the [cluster-example-projected-volume.yaml](../samples/cluster-example-projected-volume.yaml) deployment manifest. +## Ephemeral volumes + +EDB Postgres for Kubernetes relies on [ephemeral volumes](https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/) +for part of the internal activities. Ephemeral volumes exist for the sole duration of +a pod's life, without persisting across pod restarts. + +### Volume for temporary storage + +An ephemeral volume used for temporary storage. An upper bound on the size can be +configured via the `spec.ephemeralVolumesSizeLimit.temporaryData` field in the cluster +spec. + +### Volume for shared memory + +This volume is used as shared memory space for Postgres, also an ephemeral type but +stored in-memory. An upper bound on the size can be configured via the +`spec.ephemeralVolumesSizeLimit.shm` field in the cluster spec. This is used only +in case of [PostgreSQL running with `posix` shared memory dynamic allocation](postgresql_conf.md#dynamic-shared-memory-settings). + ## Environment variables Some system behavior can be customized using environment variables. One example is @@ -100,4 +119,4 @@ update of the PostgreSQL Pods. If the `env` or the `envFrom` section refers to a Secret or a ConfigMap, the operator will not detect any changes in them and will not trigger a rollout. The Kubelet use the same behavior with Pods, and the user is supposed to -trigger the Pod rollout manually. \ No newline at end of file +trigger the Pod rollout manually. diff --git a/product_docs/docs/postgres_for_kubernetes/1/connection_pooling.mdx b/product_docs/docs/postgres_for_kubernetes/1/connection_pooling.mdx index 63521eb0afc..7663ae519b6 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/connection_pooling.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/connection_pooling.mdx @@ -71,7 +71,7 @@ Additionally, EDB Postgres for Kubernetes automatically creates a secret with th same name of the pooler containing the configuration files used with PgBouncer. !!! Seealso "API reference" - For details, please refer to [`PgBouncerSpec` section](api_reference.md#PgBouncerSpec) + For details, please refer to [`PgBouncerSpec` section](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-PgBouncerSpec) in the API reference. ## Pooler resource lifecycle @@ -177,7 +177,7 @@ GRANT EXECUTE ON FUNCTION user_search(text) You can take advantage of pod templates specification in the `template` section of a `Pooler` resource. For details, please refer to [`PoolerSpec` -section](api_reference.md#PoolerSpec) in the API reference. +section](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-PoolerSpec) in the API reference. Through templates you can configure pods as you like, including fine control over affinity and anti-affinity rules for pods and nodes. @@ -344,12 +344,13 @@ metrics having the `cnp_pgbouncer_` prefix, by running: Similarly to the EDB Postgres for Kubernetes instance, the exporter runs on port `9127` of each pod running PgBouncer, and also provides metrics related to the -Go runtime (with prefix `go_*`). You can debug the exporter on a pod running -PgBouncer through the following command: +Go runtime (with prefix `go_*`). -```console -kubectl exec -ti -- curl 127.0.0.1:9127/metrics -``` +!!! Info + You can inspect the exported metrics on a pod running PgBouncer, by following + the instructions provided in the + ["How to inspect the exported metrics" section from the "Monitoring" page](monitoring.md/#how-to-inspect-the-exported-metrics), + making sure that you use the correct IP and the `9127` port. An example of the output for `cnp_pgbouncer` metrics: @@ -609,4 +610,4 @@ users. We have reasons to believe that the adopted solution addresses the majority of use cases, while leaving room for the future implementation of a separate operator for PgBouncer to complete the gamma with more advanced and customized - scenarios. \ No newline at end of file + scenarios. diff --git a/product_docs/docs/postgres_for_kubernetes/1/container_images.mdx b/product_docs/docs/postgres_for_kubernetes/1/container_images.mdx index 03a3c6c80ed..5fad160a6d6 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/container_images.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/container_images.mdx @@ -63,4 +63,4 @@ Examples of accepted image tags: - `15.0` !!! Warning - `latest` is not considered a valid tag for the image. \ No newline at end of file + `latest` is not considered a valid tag for the image. diff --git a/product_docs/docs/postgres_for_kubernetes/1/controller.mdx b/product_docs/docs/postgres_for_kubernetes/1/controller.mdx index b8119e92116..f8b7ae9016e 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/controller.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/controller.mdx @@ -123,4 +123,4 @@ user can select the preferred behavior at the cluster level (read the ["Kubernetes upgrade"](kubernetes_upgrade.md) section for details). Being generic, the `StatefulSet` doesn't allow this level of -customization. \ No newline at end of file +customization. diff --git a/product_docs/docs/postgres_for_kubernetes/1/database_import.mdx b/product_docs/docs/postgres_for_kubernetes/1/database_import.mdx index 2533b18ddf7..3f4d576d270 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/database_import.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/database_import.mdx @@ -242,4 +242,4 @@ There are a few things you need to be aware of when using the `monolith` type: and those databases not allowing connections - After the clone procedure is done, `ANALYZE VERBOSE` is executed for every database. -- `postImportApplicationSQL` field is not supported \ No newline at end of file +- `postImportApplicationSQL` field is not supported diff --git a/product_docs/docs/postgres_for_kubernetes/1/declarative_hibernation.mdx b/product_docs/docs/postgres_for_kubernetes/1/declarative_hibernation.mdx index bd6906061e8..e09d829b8f8 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/declarative_hibernation.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/declarative_hibernation.mdx @@ -61,7 +61,7 @@ $ kubectl cnp status Cluster Summary Name: cluster-example Namespace: default -PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 +PostgreSQL Image: quay.io/enterprisedb/postgresql:16.0 Primary instance: cluster-example-2 Status: Cluster in healthy state Instances: 3 @@ -88,4 +88,4 @@ Or, just unset it altogether: $ kubectl annotate cluster k8s.enterprisedb.io/hibernation- ``` -The Pods will be recreated and the cluster will resume operation. \ No newline at end of file +The Pods will be recreated and the cluster will resume operation. diff --git a/product_docs/docs/postgres_for_kubernetes/1/declarative_role_management.mdx b/product_docs/docs/postgres_for_kubernetes/1/declarative_role_management.mdx index 44b34bd9470..9c195b11934 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/declarative_role_management.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/declarative_role_management.mdx @@ -42,7 +42,7 @@ spec: The role specification in `spec.managed.roles` adheres to the [PostgreSQL structure and naming conventions](https://www.postgresql.org/docs/current/sql-createrole.html). -Please refer to the [API reference](api_reference.md#RoleConfiguration) for +Please refer to the [API reference](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-RoleConfiguration) for the full list of attributes you can define for each role. A few points are worth noting: @@ -223,4 +223,4 @@ the database instances. In terms of backward compatibility, declarative role management is designed to ignore roles that exist in the database but are not included in the spec. The lifecycle of these roles will continue to be managed within PostgreSQL, - allowing EDB Postgres for Kubernetes users to adopt this feature at their convenience. \ No newline at end of file + allowing EDB Postgres for Kubernetes users to adopt this feature at their convenience. diff --git a/product_docs/docs/postgres_for_kubernetes/1/default-monitoring.yaml b/product_docs/docs/postgres_for_kubernetes/1/default-monitoring.yaml index 08dd66346a8..bc2a4fa4877 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/default-monitoring.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/default-monitoring.yaml @@ -132,13 +132,15 @@ data: description: "Number of streaming replicas connected to the instance" pg_replication_slots: - primary: true query: | SELECT slot_name, slot_type, database, active, - pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn) + (CASE pg_catalog.pg_is_in_recovery() + WHEN TRUE THEN pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_last_wal_receive_lsn(), restart_lsn) + ELSE pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn) + END) as pg_wal_lsn_diff FROM pg_catalog.pg_replication_slots WHERE NOT temporary metrics: @@ -319,6 +321,7 @@ data: SELECT usename , COALESCE(application_name, '') AS application_name , COALESCE(client_addr::text, '') AS client_addr + , COALESCE(client_port::text, '') AS client_port , EXTRACT(EPOCH FROM backend_start) AS backend_start , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes @@ -339,6 +342,9 @@ data: - client_addr: usage: "LABEL" description: "Client IP address" + - client_port: + usage: "LABEL" + description: "Client TCP port" - backend_start: usage: "COUNTER" description: "Time when this process was started" diff --git a/product_docs/docs/postgres_for_kubernetes/1/evaluation.mdx b/product_docs/docs/postgres_for_kubernetes/1/evaluation.mdx index 9d73191c64b..96aee4bcaff 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/evaluation.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/evaluation.mdx @@ -4,32 +4,25 @@ originalFilePath: 'src/evaluation.md' --- EDB Postgres for Kubernetes is available for a free evaluation. -The process is different between Vanilla/Community PostgreSQL -and EDB Postgres Advanced. -Refer to [License and License keys](license_keys.md) -for terms and more details. +The process is different between Community PostgreSQL and EDB Postgres Advanced Server. -## Evaluating PostgreSQL +## Evaluating using PostgreSQL By default, EDB Postgres for Kubernetes installs the latest available -version of Community PostgreSQL. The operator automatically -generates an implicit trial license for the cluster that lasts for -30 days. +version of Community PostgreSQL. -This license is ideal for evaluation, proof of concept, integration with CI/CD pipelines, and so on. +No license key is required. The operator automatically generates an implicit trial license for the cluster that lasts for +30 days. This trial license is ideal for evaluation, proof of concept, integration with CI/CD pipelines, and so on. -PostgreSQL container images are available at -[quay.io/enterprisedb/postgresql](https://quay.io/repository/enterprisedb/postgresql). +PostgreSQL container images are available at [quay.io/enterprisedb/postgresql](https://quay.io/repository/enterprisedb/postgresql). -## Evaluating EDB Postgres Advanced Server +## Evaluating using EDB Postgres Advanced Server -You can use EDB Postgres for Kubernetes with EDB Postgres Advanced Server -too. You need to request a trial license key from the -[EDB website](https://cloud-native.enterprisedb.com). +You can use EDB Postgres for Kubernetes with EDB Postgres Advanced Server. You will need a trial key to use EDB Postgres Advanced Server. -EDB Postgres Advanced container images are available at -[quay.io/enterprisedb/edb-postgres-advanced](https://quay.io/repository/enterprisedb/edb-postgres-advanced). +!!! Note Obtaining your trial key + You can request a key from the **[EDB Postgres for Kubernetes Trial License Request](https://cloud-native.enterprisedb.com/trial/)** page. You will also need to be signed into your EDB Account. If you do not have an EDB Account, you can [register for one](https://www.enterprisedb.com/accounts/register) on the EDB site. Once you have received the license key, you can use EDB Postgres Advanced Server by setting in the `spec` section of the `Cluster` deployment configuration file: @@ -37,4 +30,11 @@ by setting in the `spec` section of the `Cluster` deployment configuration file: - `imageName` to point to the `quay.io/enterprisedb/edb-postgres-advanced` repository - `licenseKey` to your license key (in the form of a string) -Please refer to the full example in the [configuration samples](samples.md) section. \ No newline at end of file +EDB Postgres Advanced container images are available at +[quay.io/enterprisedb/edb-postgres-advanced](https://quay.io/repository/enterprisedb/edb-postgres-advanced). + +To see how `imageName` and `licenseKey` is set, refer to the [cluster-full-example](../samples/cluster-example-full.yaml) file from the the [configuration samples](samples.md) section. + +## Further Information + +Refer to [License and License keys](license_keys.md) for terms and more details. diff --git a/product_docs/docs/postgres_for_kubernetes/1/expose_pg_services.mdx b/product_docs/docs/postgres_for_kubernetes/1/expose_pg_services.mdx index 67e9b7ef208..b111a67f282 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/expose_pg_services.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/expose_pg_services.mdx @@ -134,4 +134,4 @@ You can access the primary from your machine running: ```sh psql -h $(minikube ip) -p 5432 -U postgres -``` \ No newline at end of file +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/failover.mdx b/product_docs/docs/postgres_for_kubernetes/1/failover.mdx index 1779ddf5239..f7c5e73f79a 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/failover.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/failover.mdx @@ -92,4 +92,4 @@ subscribers) or when the time to perform the failover is longer than the expected outage. Enabling a new configuration option to delay failover provides a mechanism to -prevent premature failover for short-lived network or node instability. \ No newline at end of file +prevent premature failover for short-lived network or node instability. diff --git a/product_docs/docs/postgres_for_kubernetes/1/failure_modes.mdx b/product_docs/docs/postgres_for_kubernetes/1/failure_modes.mdx index 1c59d5874c2..a1aab1641cf 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/failure_modes.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/failure_modes.mdx @@ -75,6 +75,33 @@ or starting from a physical backup of the *primary* otherwise. Self-healing will happen as soon as the *apiserver* is notified. +You can trigger a sudden failure on a given pod of the cluster using the +following generic command: + +```sh +kubectl delete -n [namespace] \ + pod/[cluster-name]-[serial] --grace-period=1 +``` + +For example, if you want to simulate a real failure on the primary and trigger +the failover process, you can run: + +```sh +kubectl delete pod [primary pod] --grace-period=1 +``` + +!!! Warning + Never use `--grace-period=0` in your failover simulation tests, as this + might produce misleading results with your PostgreSQL cluster. A grace + period of 0 guarantees that the pod is immediately removed from the + Kubernetes API server, without first ensuring that the PID 1 process of + the `postgres` container (the instance manager) is shut down - contrary + to what would happen in case of a real failure (e.g. unplug the power cord + cable or network partitioning). + As a result, the operator doesn't see the pod of the primary anymore, and + triggers a failover promoting the most aligned standby, without + the guarantee that the primary had been shut down. + ### Readiness probe failure After 3 failures, the pod will be considered *not ready*. The pod will still @@ -171,4 +198,4 @@ and for the sole duration of the extraordinary/emergency operation. Please make sure that you use this annotation only for a limited period of time and you remove it when the emergency has finished. Leaving this annotation in a cluster will prevent the operator from issuing any self-healing operation, - such as a failover. \ No newline at end of file + such as a failover. diff --git a/product_docs/docs/postgres_for_kubernetes/1/faq.mdx b/product_docs/docs/postgres_for_kubernetes/1/faq.mdx index 1c9f2646b15..9ff148266ea 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/faq.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/faq.mdx @@ -134,6 +134,30 @@ Kubernetes controller. If the desired state and the actual state don't match, reconciliation loops trigger self-healing procedures. That's where an operator like EDB Postgres for Kubernetes comes into play. +**Are there any other operators for Postgres out there?** + +Yes, of course. And our advice is that you look at all of them and compare +them with EDB Postgres for Kubernetes before making your decision. You will see that +most of these operators use an external failover management tool (Patroni +or similar) and rely on StatefulSets. + +Here is a non exhaustive list, in chronological order from their +publication on GitHub: + +- [Crunchy Data Postgres Operator](https://github.com/CrunchyData/postgres-operator) (2017) +- [Zalando Postgres Operator](https://github.com/zalando/postgres-operator) (2017) +- [Stackgres](https://github.com/ongres/stackgres) (2020) +- [Percona Operator for PostgreSQL](https://github.com/percona/percona-postgresql-operator) (2021) +- [Kubegres](https://github.com/reactive-tech/kubegres) (2021) + +Feel free to report any relevant missing entry as a PR. + +!!! Info + The [Data on Kubernetes Community](https://dok.community) + (which includes some of our maintainers) is working on an independent and + vendor neutral project to list the operators called + [Operator Feature Matrix](https://github.com/dokc/operator-feature-matrix). + **You say that EDB Postgres for Kubernetes is a fully declarative operator. What do you mean by that?** @@ -206,94 +230,13 @@ of truth to: - control the Kubernetes services, that is the entry points for your applications - ## Database management @@ -367,9 +310,9 @@ Postgres instance, with dedicated storage. We proved that this extreme architectural pattern works when we benchmarked [running PostgreSQL on bare metal Kubernetes with local persistent volumes](https://www.2ndquadrant.com/en/blog/local-persistent-volumes-and-postgresql-usage-in-kubernetes/). -A current limitation of EDB Postgres for Kubernetes, which will be overcome in future -releases, is the lack of support for tablespaces so that horizontal -partitioning can be easily implemented. +A current limitation of EDB Postgres for Kubernetes, which will be overcome in version 1.22, +is the lack of support for tablespaces. Once tablespaces are available, horizontal partitioning can be +easily implemented. **How can I specify a time zone in the PostgreSQL cluster?** @@ -459,23 +402,3 @@ Teams can then create another user for read-write operations through the ["Declarative role management"](declarative_role_management.md) feature and assign the required `GRANT` to the tables. - \ No newline at end of file diff --git a/product_docs/docs/postgres_for_kubernetes/1/fencing.mdx b/product_docs/docs/postgres_for_kubernetes/1/fencing.mdx index aa23a285ee7..c35e05abb82 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/fencing.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/fencing.mdx @@ -80,9 +80,9 @@ kubectl cnp fencing off cluster-example "*" ## How fencing works Once an instance is set for fencing, the procedure to shut down the -`postmaster` process is initiated. This consists of an initial smart shutdown -with a timeout set to `.spec.stopDelay`, followed by a fast shutdown if -required. Then: +`postmaster` process is initiated, identical to the one of the switchover. +This consists of an initial fast shutdown with a timeout set to +`.spec.switchoverDelay`, followed by an immediate shutdown. Then: - the Pod will be kept alive @@ -106,4 +106,4 @@ required. Then: If a fenced instance is deleted, the pod will be recreated normally, but the postmaster won't be started. This can be extremely helpful when instances -are `Crashlooping`. \ No newline at end of file +are `Crashlooping`. diff --git a/product_docs/docs/postgres_for_kubernetes/1/images/grafana-local.png b/product_docs/docs/postgres_for_kubernetes/1/images/grafana-local.png index 740b8cd6dee..8ba6940cd99 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/images/grafana-local.png +++ b/product_docs/docs/postgres_for_kubernetes/1/images/grafana-local.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ef0f2c974fe4037fe0e43d6bf2dcb6318cc251524b8e4cd05fc9518906a13a59 -size 303983 +oid sha256:1b6fd7597138faadf132fd13dce4df89bbef2e771a45241d2defa32607f029a5 +size 241795 diff --git a/product_docs/docs/postgres_for_kubernetes/1/index.mdx b/product_docs/docs/postgres_for_kubernetes/1/index.mdx index 554cedde64e..25d53231219 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/index.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/index.mdx @@ -30,7 +30,11 @@ navigation: - failure_modes - rolling_update - replication - - backup_recovery + - backup + - recovery + - backup_volumesnapshot + - backup_barmanobjectstore + - wal_archiving - declarative_role_management - storage - labels_annotations @@ -62,7 +66,10 @@ navigation: - operator_capability_levels - faq - troubleshooting - - api_reference + - cloudnative-pg.v1 + - backup_recovery + - '#Appendix' + - object_stores --- diff --git a/product_docs/docs/postgres_for_kubernetes/1/installation_upgrade.mdx b/product_docs/docs/postgres_for_kubernetes/1/installation_upgrade.mdx index 0cfb10c663b..5efd28a4af9 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/installation_upgrade.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/installation_upgrade.mdx @@ -19,18 +19,18 @@ The operator can be installed using the provided [Helm chart](https://github.com The operator can be installed like any other resource in Kubernetes, through a YAML manifest applied via `kubectl`. -You can install the [latest operator manifest](https://get.enterprisedb.io/cnp/postgresql-operator-1.20.2.yaml) +You can install the [latest operator manifest](https://get.enterprisedb.io/cnp/postgresql-operator-1.21.0.yaml) for this minor release as follows: ```sh kubectl apply -f \ - https://get.enterprisedb.io/cnp/postgresql-operator-1.20.2.yaml + https://get.enterprisedb.io/cnp/postgresql-operator-1.21.0.yaml ``` You can verify that with: ```sh -kubectl get deploy -n postgresql-operator-system postgresql-operator-controller-manager +kubectl get deployment -n postgresql-operator-system postgresql-operator-controller-manager ``` ### Using the `cnp` plugin for `kubectl` @@ -75,7 +75,7 @@ For example, you can install the latest snapshot of the operator with: ```sh curl -sSfL \ - https://raw.githubusercontent.com/cloudnative-pg/artifacts/main/manifests/operator-manifest.yaml | \ + https://raw.githubusercontent.com/cloudnative-pg/artifacts/release-1.21/manifests/operator-manifest.yaml | \ kubectl apply -f - ``` @@ -84,7 +84,7 @@ specific minor release, you can just run: ```sh curl -sSfL \ - https://raw.githubusercontent.com/cloudnative-pg/artifacts/release-1.20/manifests/operator-manifest.yaml | \ + https://raw.githubusercontent.com/cloudnative-pg/artifacts/release-1.21/manifests/operator-manifest.yaml | \ kubectl apply -f - ``` @@ -101,6 +101,12 @@ You can install EDB Postgres for Kubernetes using the metadata available in the [EDB Postgres for Kubernetes page](https://operatorhub.io/operator/cloud-native-postgresql) from the [OperatorHub.io website](https://operatorhub.io), following the installation steps listed on that page. +### Using OLM + +EDB Postgres for Kubernetes can also be installed using the +[Operator Lifecycle Manager (OLM)](https://olm.operatorframework.io/docs/) +directly from [OperatorHub.io](https://operatorhub.io/operator/cloudnative-pg). + ## Details about the deployment In Kubernetes, the operator is by default installed in the `postgresql-operator-system` @@ -149,7 +155,7 @@ plane for self-managed Kubernetes installations). ## Upgrades !!! Important - Please carefully read the [release notes](release_notes.md) + Please carefully read the [release notes](rel_notes) before performing an upgrade as some versions might require extra steps. @@ -236,7 +242,7 @@ least monthly. If you are unable to apply updates as each version becomes available, we recommend upgrading through each version in sequential order to come current periodically and not skipping versions. -The [release notes](release_notes.md) page contains a detailed list of the +The [release notes](rel_notes) page contains a detailed list of the changes introduced in every released version of EDB Postgres for Kubernetes, and it must be read before upgrading to a newer version of the software. @@ -248,6 +254,222 @@ When versions are not directly upgradable, the old version needs to be removed before installing the new one. This won't affect user data but only the operator itself. +### Upgrading to 1.21.0, 1.20.3 or 1.19.5 + +!!! Important + We encourage all existing users of EDB Postgres for Kubernetes to upgrade to version + 1.21.0 or at least to the latest stable version of the minor release you are + currently using (namely 1.20.3 or 1.19.5). + +!!! Warning + Every time you are upgrading to a higher minor release, make sure you + go through the release notes and upgrade instructions of all the + intermediate minor releases. For example, if you want to move + from 1.19.x to 1.21, make sure you go through the release notes + and upgrade instructions for 1.20 and 1.21. + +With the goal to keep improving out-of-the-box the *convention over +configuration* behavior of the operator, EDB Postgres for Kubernetes changes the default +value of several knobs in the following areas: + +- startup and shutdown control of the PostgreSQL instance +- self-healing +- security +- labels + +Some of the above changes have been backported to 1.20.3 and 1.19.5, as +detailed below. Most of the changes will affect new PostgreSQL clusters only. + +!!! Warning + Please read carefully the list of changes below, and how to modify the + `Cluster` manifests to retain the existing behavior if you don't want to + disrupt your existing workloads. Alternatively, postpone the upgrade to + until you are sure. In general, we recommend adopting these default + values unless you have valid reasons not to. + +#### Superuser access disabled + +!!! Important + This change takes effect starting from EDB Postgres for Kubernetes 1.21.0. + +Pushing towards *security-by-default*, EDB Postgres for Kubernetes now disables access +`postgres` superuser access via the network in all new clusters, unless +explicitly enabled. + +If you want to ensure superuser access to the PostgreSQL cluster, regardless +which version of EDB Postgres for Kubernetes you are running, we advise you to explicitly +declare it by setting: + +```yaml +spec: + ... + enableSuperuserAccess: true +``` + +#### Replication slots for HA + +!!! Important + This change takes effect starting from EDB Postgres for Kubernetes 1.21.0. + +[As already anticipated in release 1.20](installation_upgrade.md#replication-slots-for-high-availability), +replication slots for High Availability are now enabled by default. + +If you want to ensure replication slots are disabled, regardless of which +version of EDB Postgres for Kubernetes you are running, we advise you to explicitly declare +it by setting: + +```yaml +spec: + ... + replicationSlots: + highAvailability: + enabled: false +``` + +#### Delay for PostgreSQL shutdown + +!!! Important + This change has been backported to all supported minor releases. As a + result, it will be available starting from versions 1.21.0, 1.20.3 and + 1.19.5. + +Up to now, [the `stopDelay` parameter](instance_manager.md#shutdown-control) +was set to 30 seconds. Despite the recommendations to change and tune this +value, almost all the cases we have examined during support incidents or +community issues show that this value is left unchanged. + +The [new default value is 1800 seconds](https://github.com/EnterpriseDB/cloud-native-postgres/commit/9f7f18c5b9d9103423a53d180c0e2f2189e71c3c), +the equivalent of 30 minutes. + +The new `smartShutdownTimeout` parameter has been introduced to define +the maximum time window within the `stopDelay` value reserved to complete +the `smart` shutdown procedure in PostgreSQL. During this time, the +Postgres server rejects any new connections while waiting for all regular +sessions to terminate. + +Once elapsed, the remaining time up to `stopDelay` will be reserved for +PostgreSQL to complete its duties regarding WAL commitments with both the +archive and the streaming replicas to ensure the cluster doesn't lose any data. + +If you want to retain the old behavior, you need to set explicitly: + +```yaml +spec: + ... + stopDelay: 30 +``` + +And, **after** the upgrade has completed, specify `smartShutdownTimeout`: + +```yaml +spec: + ... + stopDelay: 30 + smartShutdownTimeout: 15 +``` + +#### Delay for PostgreSQL startup + +!!! Important + This change has been backported to all supported minor releases. As a + result, it will be available starting from versions 1.21.0, 1.20.3 and + 1.19.5. + +Until now, [the `startDelay` parameter](instance_manager.md#startup-liveness-and-readiness-probes) +was set to 30 seconds, and EDB Postgres for Kubernetes used this parameter as +`initialDelaySeconds` for the Kubernetes liveness probe. Given that all the +supported Kubernetes releases provide [startup probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes), +version 1.21 has adopted this approach as well (`startDelay` is now +automatically divided into periods of 10 seconds of duration each). + +!!! Important + In order to add the `startupProbe`, each pod needs to be restarted. + As a result, when you upgrade the operator, a one-time rolling + update of the cluster will be executed even in the online update case. + +Despite the recommendations to change and tune this value, almost all the cases +we have examined during support incidents or community issues show that this +value is left unchanged. Given that this parameter influences the startup of +a PostgreSQL instance, a low value of `startDelay` would cause Postgres +never to reach a consistent recovery state and be restarted indefinitely. + +For this reason, `startDelay` has been [raised by default to 3600 seconds](https://github.com/EnterpriseDB/cloud-native-postgres/commit/4f4cd96bc6f8e284a200705c11a2b41652d58146), +the equivalent of 1 hour. + +If you want to retain the existing behavior using the new implementation, you +can do that by explicitly setting: + +```yaml +spec: + ... + startDelay: 30 +``` + +#### Delay for PostgreSQL switchover + +!!! Important + This change has been backported to all supported minor releases. As a + result, it will be available starting from versions 1.21.0, 1.20.3 and + 1.19.5. + +Up to now, [the `switchoverDelay` parameter](instance_manager.md#shutdown-of-the-primary-during-a-switchover) +was set by default to 40000000 seconds (over 15 months) to simulate a very long +interval. + +The [default value has been lowered to 3600 seconds](https://github.com/EnterpriseDB/cloud-native-postgres/commit/9565f9f2ebab8bc648d9c361198479974664c322), +the equivalent of 1 hour. + +If you want to retain the old behavior, you need to set explicitly: + +```yaml +spec: + ... + switchoverDelay: 40000000 +``` + +#### Labels + +!!! Important + This change has been backported to all supported minor releases. As a + result, it will be available starting from versions 1.21.0, 1.20.3 and + 1.19.5. + +In version 1.18, we deprecated the `postgresql` label in pods to identify the +name of the cluster, and replaced it with the more canonical `k8s.enterprisedb.io/cluster` +label. The `postgresql` label is no longer maintained. + +Similarly, from this version, the `role` label is deprecated. The new label +`k8s.enterprisedb.io/instanceRole` is now used, and will entirely replace the `role` label +in a future release. + +#### Shortcut for keeping the existing behavior + +If you want to explicitly keep the existing behavior of EDB Postgres for Kubernetes +(we advise not to), you need to set these values in all your `Cluster` +definitions **before upgrading** to version 1.21.0, 1.20.3 or 1.19.5: + +```yaml +spec: + ... + # Changed in 1.21.0, 1.20.3 and 1.19.5 + startDelay: 30 + stopDelay: 30 + switchoverDelay: 40000000 + # Changed in 1.21.0 only + enableSuperuserAccess: true + replicationSlots: + highAvailability: + enabled: false +``` + +Once the upgrade is completed, also add: + +```yaml +spec: + ... + smartShutdownTimeout: 15 +``` + ### Upgrading to 1.20 from a previous minor version EDB Postgres for Kubernetes 1.20 introduces some changes from previous versions of the @@ -261,7 +483,7 @@ convention over configuration. #### Backup from a standby -[Backup from a standby](backup_recovery.md#backup-from-a-standby) +[Backup from a standby](backup.md#backup-from-a-standby) was introduced in EDB Postgres for Kubernetes 1.19, but disabled by default - meaning that the base backup is taken from the primary unless the target is explicitly set to prefer standby. @@ -322,4 +544,4 @@ spec: replicationSlots: highAvailability: enabled: false -``` \ No newline at end of file +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/instance_manager.mdx b/product_docs/docs/postgres_for_kubernetes/1/instance_manager.mdx index b89463072e4..e7f3e5b159e 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/instance_manager.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/instance_manager.mdx @@ -15,35 +15,37 @@ The field `.spec.instances` specifies how many instances to create. Each Pod will start the instance manager as the parent process (PID 1) for the main container, which in turn runs the PostgreSQL instance. During the lifetime -of the Pod, the instance manager acts as a backend to handle the [liveness and -readiness probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). +of the Pod, the instance manager acts as a backend to handle the +[startup, liveness and readiness probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). -## Liveness and readiness probes +## Startup, liveness and readiness probes -The liveness probe relies on `pg_isready`, while the readiness probe checks if -the database is up and able to accept connections using the superuser -credentials. -The readiness probe is positive when the Pod is ready to accept traffic. -The liveness probe controls when to restart the container. +The startup and liveness probes rely on `pg_isready`, while the readiness +probe checks if the database is up and able to accept connections using the +superuser credentials. -> The two probes will report a failure if the probe command fails 3 times with a 10 seconds interval between each check. +The readiness probe is positive when the Pod is ready to accept traffic. +The liveness probe controls when to restart the container once +the startup probe interval has elapsed. -For now, the operator doesn't configure a `startupProbe` on the Pods, since -startup probes have been introduced only in Kubernetes 1.17. +!!! Important + The liveness and readiness probes will report a failure if the probe command + fails three times with a 10-second interval between each check. -The liveness probe is used to detect if the PostgreSQL instance is in a +The liveness probe detects if the PostgreSQL instance is in a broken state and needs to be restarted. The value in `startDelay` is used -to delay the probe's execution, which is used to prevent an +to delay the probe's execution, preventing an instance with a long startup time from being restarted. -The number of seconds after the Pod has started before the liveness +The interval (in seconds) after the Pod has started before the liveness probe starts working is expressed in the `.spec.startDelay` parameter, -which defaults to 30 seconds. The correct value for your cluster is +which defaults to 3600 seconds. The correct value for your cluster is related to the time needed by PostgreSQL to start. -If `.spec.startDelay` is too low, the liveness probe will start working -before the PostgreSQL startup, and the Pod could be restarted -inappropriately. +!!! Warning + If `.spec.startDelay` is too low, the liveness probe will start working + before the PostgreSQL startup is complete, and the Pod could be restarted + prematurely. ## Shutdown control @@ -51,20 +53,22 @@ When a Pod running Postgres is deleted, either manually or by Kubernetes following a node drain operation, the kubelet will send a termination signal to the instance manager, and the instance manager will take care of shutting down PostgreSQL in an appropriate way. -The `.spec.stopDelay`, expressed in seconds, is the amount of time -given to PostgreSQL to shut down. The value defaults to 30 seconds. +The `.spec.smartShutdownTimeout` and `.spec.stopDelay` options, expressed in seconds, +control the amount of time given to PostgreSQL to shut down. The values default +to 180 and 1800 seconds, respectively. The shutdown procedure is composed of two steps: 1. The instance manager requests a **smart** shut down, disallowing any - new connection to PostgreSQL. This step will last for half of the - time set in `.spec.stopDelay`. + new connection to PostgreSQL. This step will last for up to + `.spec.smartShutdownTimeout` seconds. 2. If PostgreSQL is still up, the instance manager requests a **fast** shut down, terminating any existing connection and exiting promptly. If the instance is archiving and/or streaming WAL files, the process - will wait for up to the remaining half of the time set in `.spec.stopDelay` - to complete the operation and then forcibly shut down. + will wait for up to the remaining time set in `.spec.stopDelay` to complete the + operation and then forcibly shut down. Such a timeout needs to be at least 15 + seconds. !!! Important In order to avoid any data loss in the Postgres cluster, which impacts @@ -79,11 +83,8 @@ general case. Indeed, the operator requires the former primary to issue a in order to ensure that all the data are available on the new primary. For this reason, the `.spec.switchoverDelay`, expressed in seconds, controls -the time given to the former primary to shut down gracefully and archive all -the WAL files. -During this time frame, the primary instance does not accept connections. -The value defaults is greater than one year in seconds, big enough to simulate -an infinite delay and therefore preserve data durability. +the time given to the former primary to shut down gracefully and archive all +the WAL files. By default it is set to `3600` (1 hour). !!! Warning The `.spec.switchoverDelay` option affects the RPO and RTO of your @@ -95,4 +96,4 @@ an infinite delay and therefore preserve data durability. ## Failover In case of primary pod failure, the cluster will go into failover mode. -Please refer to the ["Failover" section](failover.md) for details. \ No newline at end of file +Please refer to the ["Failover" section](failover.md) for details. diff --git a/product_docs/docs/postgres_for_kubernetes/1/interactive_demo.mdx b/product_docs/docs/postgres_for_kubernetes/1/interactive_demo.mdx index 31ebaa7366d..72f4151074c 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/interactive_demo.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/interactive_demo.mdx @@ -39,22 +39,22 @@ INFO[0000] Prep: Network INFO[0000] Created network 'k3d-k3s-default' INFO[0000] Created image volume k3d-k3s-default-images INFO[0000] Starting new tools node... -INFO[0001] Pulling image 'ghcr.io/k3d-io/k3d-tools:5.5.1' +INFO[0001] Pulling image 'ghcr.io/k3d-io/k3d-tools:5.6.0' INFO[0001] Creating node 'k3d-k3s-default-server-0' -INFO[0002] Pulling image 'docker.io/rancher/k3s:v1.26.4-k3s1' +INFO[0001] Pulling image 'docker.io/rancher/k3s:v1.27.4-k3s1' INFO[0003] Starting Node 'k3d-k3s-default-tools' -INFO[0006] Creating LoadBalancer 'k3d-k3s-default-serverlb' -INFO[0007] Pulling image 'ghcr.io/k3d-io/k3d-proxy:5.5.1' -INFO[0010] Using the k3d-tools node to gather environment information -INFO[0010] HostIP: using network gateway 172.17.0.1 address -INFO[0010] Starting cluster 'k3s-default' -INFO[0010] Starting servers... -INFO[0010] Starting Node 'k3d-k3s-default-server-0' -INFO[0015] All agents already running. -INFO[0015] Starting helpers... -INFO[0015] Starting Node 'k3d-k3s-default-serverlb' -INFO[0022] Injecting records for hostAliases (incl. host.k3d.internal) and for 2 network members into CoreDNS configmap... -INFO[0024] Cluster 'k3s-default' created successfully! +INFO[0005] Creating LoadBalancer 'k3d-k3s-default-serverlb' +INFO[0006] Pulling image 'ghcr.io/k3d-io/k3d-proxy:5.6.0' +INFO[0011] Using the k3d-tools node to gather environment information +INFO[0011] HostIP: using network gateway 172.17.0.1 address +INFO[0011] Starting cluster 'k3s-default' +INFO[0011] Starting servers... +INFO[0011] Starting Node 'k3d-k3s-default-server-0' +INFO[0016] All agents already running. +INFO[0016] Starting helpers... +INFO[0016] Starting Node 'k3d-k3s-default-serverlb' +INFO[0023] Injecting records for hostAliases (incl. host.k3d.internal) and for 2 network members into CoreDNS configmap... +INFO[0025] Cluster 'k3s-default' created successfully! INFO[0025] You can now use it like this: kubectl cluster-info ``` @@ -66,7 +66,7 @@ Verify that it works with the following command: kubectl get nodes __OUTPUT__ NAME STATUS ROLES AGE VERSION -k3d-k3s-default-server-0 Ready control-plane,master 17s v1.26.4+k3s1 +k3d-k3s-default-server-0 Ready control-plane,master 17s v1.27.4+k3s1 ``` You will see one node called `k3d-k3s-default-server-0`. If the status isn't yet "Ready", wait for a few seconds and run the command above again. @@ -76,7 +76,7 @@ You will see one node called `k3d-k3s-default-server-0`. If the status isn't yet Now that the Kubernetes cluster is running, you can proceed with EDB Postgres for Kubernetes installation as described in the ["Installation and upgrades"](installation_upgrade.md) section: ```shell -kubectl apply -f https://get.enterprisedb.io/cnp/postgresql-operator-1.20.2.yaml +kubectl apply -f https://get.enterprisedb.io/cnp/postgresql-operator-1.21.0.yaml __OUTPUT__ namespace/postgresql-operator-system created customresourcedefinition.apiextensions.k8s.io/backups.postgresql.k8s.enterprisedb.io created @@ -136,7 +136,7 @@ EOF !!! Note "There's more" For more detailed information about the available options, please refer - to the ["API Reference" section](api_reference.md). + to the ["API Reference" section](cloudnative-pg.v1.md). In order to create the 3-node PostgreSQL cluster, you need to run the following command: @@ -179,12 +179,12 @@ metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"postgresql.k8s.enterprisedb.io/v1","kind":"Cluster","metadata":{"annotations":{},"name":"cluster-example","namespace":"default"},"spec":{"instances":3,"primaryUpdateStrategy":"unsupervised","storage":{"size":"1Gi"}}} - creationTimestamp: "2023-07-28T16:14:08Z" + creationTimestamp: "2023-10-18T19:53:06Z" generation: 1 name: cluster-example namespace: default - resourceVersion: "1115" - uid: 70e054ae-b487-41e3-941b-b7c969f950be + resourceVersion: "1201" + uid: 9d712b83-f2ea-4835-8de1-c2cee75bd3c7 spec: affinity: podAntiAffinityType: preferred @@ -246,9 +246,9 @@ status: certificates: clientCASecret: cluster-example-ca expirations: - cluster-example-ca: 2023-10-26 16:09:09 +0000 UTC - cluster-example-replication: 2023-10-26 16:09:09 +0000 UTC - cluster-example-server: 2023-10-26 16:09:09 +0000 UTC + cluster-example-ca: 2024-01-16 19:48:06 +0000 UTC + cluster-example-replication: 2024-01-16 19:48:06 +0000 UTC + cluster-example-server: 2024-01-16 19:48:06 +0000 UTC replicationTLSSecret: cluster-example-replication serverAltDNSNames: - cluster-example-rw @@ -265,36 +265,36 @@ status: cloudNativePostgresqlCommitHash: c42ca1c2 cloudNativePostgresqlOperatorHash: 1d51c15adffb02c81dbc4e8752ddb68f709699c78d9c3384ed9292188685971b conditions: - - lastTransitionTime: "2023-07-28T16:15:29Z" + - lastTransitionTime: "2023-10-18T19:54:30Z" message: Cluster is Ready reason: ClusterIsReady status: "True" type: Ready - - lastTransitionTime: "2023-07-28T16:15:29Z" + - lastTransitionTime: "2023-10-18T19:54:30Z" message: velero addon is disabled reason: Disabled status: "False" type: k8s.enterprisedb.io/velero - - lastTransitionTime: "2023-07-28T16:15:29Z" + - lastTransitionTime: "2023-10-18T19:54:30Z" message: external-backup-adapter addon is disabled reason: Disabled status: "False" type: k8s.enterprisedb.io/externalBackupAdapter - - lastTransitionTime: "2023-07-28T16:15:30Z" + - lastTransitionTime: "2023-10-18T19:54:30Z" message: external-backup-adapter-cluster addon is disabled reason: Disabled status: "False" type: k8s.enterprisedb.io/externalBackupAdapterCluster - - lastTransitionTime: "2023-07-28T16:15:30Z" + - lastTransitionTime: "2023-10-18T19:54:31Z" message: kasten addon is disabled reason: Disabled status: "False" type: k8s.enterprisedb.io/kasten configMapResourceVersion: metrics: - postgresql-operator-default-monitoring: "788" + postgresql-operator-default-monitoring: "860" currentPrimary: cluster-example-1 - currentPrimaryTimestamp: "2023-07-28T16:14:48.609086Z" + currentPrimaryTimestamp: "2023-10-18T19:53:49.065241Z" healthyPVC: - cluster-example-1 - cluster-example-2 @@ -323,7 +323,7 @@ status: licenseStatus: isImplicit: true isTrial: true - licenseExpiration: "2023-08-27T16:14:08Z" + licenseExpiration: "2023-11-17T19:53:06Z" licenseStatus: Implicit trial license repositoryAccess: false valid: true @@ -335,14 +335,14 @@ status: readService: cluster-example-r readyInstances: 3 secretsResourceVersion: - applicationSecretVersion: "760" - clientCaSecretVersion: "756" - replicationSecretVersion: "758" - serverCaSecretVersion: "756" - serverSecretVersion: "757" - superuserSecretVersion: "759" + applicationSecretVersion: "832" + clientCaSecretVersion: "828" + replicationSecretVersion: "830" + serverCaSecretVersion: "828" + serverSecretVersion: "829" + superuserSecretVersion: "831" targetPrimary: cluster-example-1 - targetPrimaryTimestamp: "2023-07-28T16:14:09.501164Z" + targetPrimaryTimestamp: "2023-10-18T19:53:06.981792Z" timelineID: 1 topology: instances: @@ -358,7 +358,7 @@ status: By default, the operator will install the latest available minor version of the latest major version of PostgreSQL when the operator was released. You can override this by setting [the `imageName` key in the `spec` section of - the `Cluster` definition](api_reference/#clusterspec). + the `Cluster` definition](cloudnative-pg.v1/#clusterspec). !!! Important The immutable infrastructure paradigm requires that you always @@ -377,7 +377,7 @@ curl -sSfL \ sudo sh -s -- -b /usr/local/bin __OUTPUT__ EnterpriseDB/kubectl-cnp info checking GitHub for latest tag -EnterpriseDB/kubectl-cnp info found version: 1.20.2 for v1.20.2/linux/x86_64 +EnterpriseDB/kubectl-cnp info found version: 1.21.0 for v1.21.0/linux/x86_64 EnterpriseDB/kubectl-cnp info installed /usr/local/bin/kubectl-cnp ``` @@ -387,22 +387,23 @@ The `cnp` command is now available in kubectl: kubectl cnp status cluster-example __OUTPUT__ Cluster Summary -Name: cluster-example -Namespace: default -System ID: 7260903692491026447 -PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 -Primary instance: cluster-example-1 -Status: Cluster in healthy state -Instances: 3 -Ready instances: 3 -Current Write LSN: 0/6054B60 (Timeline: 1 - WAL File: 000000010000000000000006) +Name: cluster-example +Namespace: default +System ID: 7291389121501601807 +PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 +Primary instance: cluster-example-1 +Primary start time: 2023-10-18 19:53:49 +0000 UTC (uptime 2m32s) +Status: Cluster in healthy state +Instances: 3 +Ready instances: 3 +Current Write LSN: 0/6054B60 (Timeline: 1 - WAL File: 000000010000000000000006) Certificates Status Certificate Name Expiration Date Days Left Until Expiration ---------------- --------------- -------------------------- -cluster-example-ca 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-replication 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-server 2023-10-26 16:09:09 +0000 UTC 89.99 +cluster-example-ca 2024-01-16 19:48:06 +0000 UTC 89.99 +cluster-example-replication 2024-01-16 19:48:06 +0000 UTC 89.99 +cluster-example-server 2024-01-16 19:48:06 +0000 UTC 89.99 Continuous Backup status Not configured @@ -444,22 +445,23 @@ Now if we check the status... kubectl cnp status cluster-example __OUTPUT__ Cluster Summary -Name: cluster-example -Namespace: default -System ID: 7260903692491026447 -PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 -Primary instance: cluster-example-2 -Status: Failing over Failing over from cluster-example-1 to cluster-example-2 -Instances: 3 -Ready instances: 2 -Current Write LSN: 0/7001000 (Timeline: 2 - WAL File: 000000020000000000000007) +Name: cluster-example +Namespace: default +System ID: 7291389121501601807 +PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 +Primary instance: cluster-example-2 +Primary start time: 2023-10-18 19:57:07 +0000 UTC (uptime 5s) +Status: Failing over Failing over from cluster-example-1 to cluster-example-2 +Instances: 3 +Ready instances: 2 +Current Write LSN: 0/7001000 (Timeline: 2 - WAL File: 000000020000000000000007) Certificates Status Certificate Name Expiration Date Days Left Until Expiration ---------------- --------------- -------------------------- -cluster-example-ca 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-replication 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-server 2023-10-26 16:09:09 +0000 UTC 89.99 +cluster-example-ca 2024-01-16 19:48:06 +0000 UTC 89.99 +cluster-example-replication 2024-01-16 19:48:06 +0000 UTC 89.99 +cluster-example-server 2024-01-16 19:48:06 +0000 UTC 89.99 Continuous Backup status Not configured @@ -471,10 +473,11 @@ Unmanaged Replication Slot Status No unmanaged replication slots found Instances status -Name Database Size Current LSN Replication role Status QoS Manager Version Node ----- ------------- ----------- ---------------- ------ --- --------------- ---- -cluster-example-2 29 MB 0/7001000 Primary OK BestEffort 1.20.2 k3d-k3s-default-server-0 -cluster-example-3 29 MB 0/70000A0 Standby (file based) OK BestEffort 1.20.2 k3d-k3s-default-server-0 +Name Database Size Current LSN Replication role Status QoS Manager Version Node +---- ------------- ----------- ---------------- ------ --- --------------- ---- +cluster-example-2 29 MB 0/7001000 Primary OK BestEffort 1.20.2 k3d-k3s-default-server-0 +cluster-example-3 29 MB 0/70000A0 Standby (file based) OK BestEffort 1.20.2 k3d-k3s-default-server-0 +cluster-example-1 - - - pod not available BestEffort - k3d-k3s-default-server-0 ``` ...the failover process has begun, with the second pod promoted to primary. Once the failed pod has restarted, it will become a replica of the new primary: @@ -483,91 +486,23 @@ cluster-example-3 29 MB 0/70000A0 Standby (file based) OK Bes kubectl cnp status cluster-example __OUTPUT__ Cluster Summary -Name: cluster-example -Namespace: default -System ID: 7260903692491026447 -PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 -Primary instance: cluster-example-2 -Status: Failing over Failing over from cluster-example-1 to cluster-example-2 -Instances: 3 -Ready instances: 2 -Current Write LSN: 0/7001000 (Timeline: 2 - WAL File: 000000020000000000000007) +Name: cluster-example +Namespace: default +System ID: 7291389121501601807 +PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 +Primary instance: cluster-example-2 +Primary start time: 2023-10-18 19:57:07 +0000 UTC (uptime 1m14s) +Status: Cluster in healthy state +Instances: 3 +Ready instances: 3 +Current Write LSN: 0/7004D98 (Timeline: 2 - WAL File: 000000020000000000000007) Certificates Status Certificate Name Expiration Date Days Left Until Expiration ---------------- --------------- -------------------------- -cluster-example-ca 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-replication 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-server 2023-10-26 16:09:09 +0000 UTC 89.99 - -Continuous Backup status -Not configured - -Streaming Replication status -Not available yet - -Unmanaged Replication Slot Status -No unmanaged replication slots found - -Instances status -Name Database Size Current LSN Replication role Status QoS Manager Version Node ----- ------------- ----------- ---------------- ------ --- --------------- ---- -cluster-example-2 29 MB 0/7001000 Primary OK BestEffort 1.20.2 k3d-k3s-default-server-0 -cluster-example-3 29 MB 0/70000A0 Standby (file based) OK BestEffort 1.20.2 k3d-k3s-default-server-0 -$ kubectl cnp status cluster-example -Cluster Summary -Name: cluster-example -Namespace: default -System ID: 7260903692491026447 -PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 -Primary instance: cluster-example-2 -Status: Cluster in healthy state -Instances: 3 -Ready instances: 3 -Current Write LSN: 0/7004D60 (Timeline: 2 - WAL File: 000000020000000000000007) - -Certificates Status -Certificate Name Expiration Date Days Left Until Expiration ----------------- --------------- -------------------------- -cluster-example-ca 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-replication 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-server 2023-10-26 16:09:09 +0000 UTC 89.99 - -Continuous Backup status -Not configured - -Streaming Replication status -Name Sent LSN Write LSN Flush LSN Replay LSN Write Lag Flush Lag Replay Lag State Sync State Sync Priority ----- -------- --------- --------- ---------- --------- --------- ---------- ----- ---------- ------------- -cluster-example-1 0/7004D60 0/7004D60 0/7004D60 0/7004D60 00:00:00 00:00:00 00:00:00 streaming async 0 - -Unmanaged Replication Slot Status -No unmanaged replication slots found - -Instances status -Name Database Size Current LSN Replication role Status QoS Manager Version Node ----- ------------- ----------- ---------------- ------ --- --------------- ---- -cluster-example-2 29 MB 0/7004D60 Primary OK BestEffort 1.20.2 k3d-k3s-default-server-0 -cluster-example-1 29 MB 0/7004D60 Standby (async) OK BestEffort 1.20.2 k3d-k3s-default-server-0 -cluster-example-3 29 MB 0/70000A0 Standby (file based) OK BestEffort 1.20.2 k3d-k3s-default-server-0 -$ kubectl cnp status cluster-example -Cluster Summary -Name: cluster-example -Namespace: default -System ID: 7260903692491026447 -PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3 -Primary instance: cluster-example-2 -Status: Cluster in healthy state -Instances: 3 -Ready instances: 3 -Current Write LSN: 0/7004D98 (Timeline: 2 - WAL File: 000000020000000000000007) - -Certificates Status -Certificate Name Expiration Date Days Left Until Expiration ----------------- --------------- -------------------------- -cluster-example-ca 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-replication 2023-10-26 16:09:09 +0000 UTC 89.99 -cluster-example-server 2023-10-26 16:09:09 +0000 UTC 89.99 +cluster-example-ca 2024-01-16 19:48:06 +0000 UTC 89.99 +cluster-example-replication 2024-01-16 19:48:06 +0000 UTC 89.99 +cluster-example-server 2024-01-16 19:48:06 +0000 UTC 89.99 Continuous Backup status Not configured @@ -576,16 +511,17 @@ Streaming Replication status Name Sent LSN Write LSN Flush LSN Replay LSN Write Lag Flush Lag Replay Lag State Sync State Sync Priority ---- -------- --------- --------- ---------- --------- --------- ---------- ----- ---------- ------------- cluster-example-1 0/7004D98 0/7004D98 0/7004D98 0/7004D98 00:00:00 00:00:00 00:00:00 streaming async 0 +cluster-example-3 0/7004D98 0/7004D98 0/7004D98 0/7004D98 00:00:00 00:00:00 00:00:00 streaming async 0 Unmanaged Replication Slot Status No unmanaged replication slots found Instances status -Name Database Size Current LSN Replication role Status QoS Manager Version Node ----- ------------- ----------- ---------------- ------ --- --------------- ---- -cluster-example-2 29 MB 0/7004D98 Primary OK BestEffort 1.20.2 k3d-k3s-default-server-0 -cluster-example-1 29 MB 0/7004D98 Standby (async) OK BestEffort 1.20.2 k3d-k3s-default-server-0 -cluster-example-3 29 MB 0/70000A0 Standby (file based) OK BestEffort 1.20.2 k3d-k3s-default-server-0 +Name Database Size Current LSN Replication role Status QoS Manager Version Node +---- ------------- ----------- ---------------- ------ --- --------------- ---- +cluster-example-2 29 MB 0/7004D98 Primary OK BestEffort 1.20.2 k3d-k3s-default-server-0 +cluster-example-1 29 MB 0/7004D98 Standby (async) OK BestEffort 1.20.2 k3d-k3s-default-server-0 +cluster-example-3 29 MB 0/7004D98 Standby (async) OK BestEffort 1.20.2 k3d-k3s-default-server-0 ``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/kubectl-plugin.mdx b/product_docs/docs/postgres_for_kubernetes/1/kubectl-plugin.mdx index 84a5744a4e3..e1982245b0a 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/kubectl-plugin.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/kubectl-plugin.mdx @@ -889,7 +889,7 @@ postgres=# \q This command will start `kubectl exec`, and the `kubectl` executable must be reachable in your `PATH` variable to correctly work. -!!! Note +!!!Note When connecting to instances running on OpenShift, you must explicitly pass a username to the `psql` command, because of a [security measure built into OpenShift](https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids): @@ -941,4 +941,4 @@ A specific `VolumeSnapshotClass` can be requested via the `-c` option: ```shell kubectl cnp snapshot cluster-example -c longhorn -``` \ No newline at end of file +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/kubernetes_upgrade.mdx b/product_docs/docs/postgres_for_kubernetes/1/kubernetes_upgrade.mdx index 8088b9e5369..321a8dd6b29 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/kubernetes_upgrade.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/kubernetes_upgrade.mdx @@ -125,4 +125,4 @@ A possible approach could be: perform a switchover given that the current primary is running on a cordoned node. 4. Scale back down the cluster to a single instance, this will delete the old instance 5. The old primary's node can now be drained successfully, while leaving the new primary - running on a new node. \ No newline at end of file + running on a new node. diff --git a/product_docs/docs/postgres_for_kubernetes/1/labels_annotations.mdx b/product_docs/docs/postgres_for_kubernetes/1/labels_annotations.mdx index 901043803e7..100e3b6ecfb 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/labels_annotations.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/labels_annotations.mdx @@ -29,6 +29,159 @@ they are automatically inherited by all resources created by it (including pods) Label and annotation inheritance is the technique adopted by EDB Postgres for Kubernetes in lieu of alternative approaches such as pod templates. +## Predefined labels + +Below is a list of predefined labels that are managed by EDB Postgres for Kubernetes. + +`k8s.enterprisedb.io/backupName` +: Backup identifier, only available on `Backup` and `VolumeSnapshot` + resources + +`k8s.enterprisedb.io/cluster` +: Name of the cluster + +`k8s.enterprisedb.io/immediateBackup` +: Applied to a `Backup` resource if the backup is the first one created from + a `ScheduledBackup` object having `immediate` set to `true`. + +`k8s.enterprisedb.io/instanceName` +: Name of the PostgreSQL instance - this label replaces the old and + deprecated `postgresql` label + +`k8s.enterprisedb.io/jobRole` +: Role of the job (i.e. `import`, `initdb`, `join`, ...) + +`k8s.enterprisedb.io/podRole` +: Currently fixed to `instance` to identify a pod running PostgreSQL + +`k8s.enterprisedb.io/poolerName` +: Name of the PgBouncer pooler + +`k8s.enterprisedb.io/pvcRole` +: Purpose of the PVC, such as `PG_DATA` or `PG_WAL` + +`k8s.enterprisedb.io/reload` +: Available on `ConfigMap` and `Secret` resources. When set to `true`, + a change in the resource will be automatically reloaded by the operator. + +`k8s.enterprisedb.io/scheduled-backup` +: When available, name of the `ScheduledBackup` resource that created a given + `Backup` object + +`role` +: Whether the instance running in a pod is a `primary` or a `replica` + +`k8s.enterprisedb.io/backupTimeline` +: The timeline of the instance when a backup was taken + +`k8s.enterprisedb.io/backupYear` +: The year a backup was taken + +`k8s.enterprisedb.io/backupMonth` +: The year/month when a backup was taken + +`k8s.enterprisedb.io/backupDate` +: The date in ISO 8601 format (`YYYYMMDD`) of the backup + +`k8s.enterprisedb.io/onlineBackup` +: Whether the backup is online (hot) or cold (taken when Postgres is down) + +## Predefined annotations + +Below is a list of predefined annotations that are managed by EDB Postgres for Kubernetes. + +`container.apparmor.security.beta.kubernetes.io/*` +: Name of the AppArmor profile to apply to the named container. + See [AppArmor](security.md#restricting-pod-access-using-apparmor) + documentation for details + +`k8s.enterprisedb.io/coredumpFilter` +: Filter to control the coredump of Postgres processes, expressed with a + bitmask. By default it is set to `0x31` in order to exclude shared memory + segments from the dump. Please refer to ["PostgreSQL core dumps"](troubleshooting.md#postgresql-core-dumps) + for more information. + +`k8s.enterprisedb.io/clusterManifest` +: Manifest of the `Cluster` owning this resource (such as a PVC) - this label + replaces the old and deprecated `k8s.enterprisedb.io/hibernateClusterManifest` label + +`k8s.enterprisedb.io/fencedInstances` +: List, expressed in JSON format, of the instances that need to be fenced. + The whole cluster is fenced if the list contains the `*` element. + +`k8s.enterprisedb.io/forceLegacyBackup` +: Applied to a `Cluster` resource for testing purposes only, in order to + simulate the behavior of `barman-cloud-backup` prior to version 3.4 (Jan 2023) + when the `--name` option was not available. + +`k8s.enterprisedb.io/hash` +: The hash value of the resource + +`k8s.enterprisedb.io/hibernation` +: Applied to a `Cluster` resource to control the [declarative hibernation feature](declarative_hibernation.md). + Allowed values are `on` and `off`. + +`k8s.enterprisedb.io/managedSecrets` +: Pull secrets managed by the operator and automatically set in the + `ServiceAccount` resources for each Postgres cluster + +`k8s.enterprisedb.io/nodeSerial` +: On a pod resource, identifies the serial number of the instance within the + Postgres cluster + +`k8s.enterprisedb.io/operatorVersion` +: Version of the operator + +`k8s.enterprisedb.io/pgControldata` +: Output of the `pg_controldata` command - this annotation replaces the old and + deprecated `k8s.enterprisedb.io/hibernatePgControlData` annotation + +`k8s.enterprisedb.io/podEnvHash` +: *Deprecated* as the `k8s.enterprisedb.io/podSpec` annotation now also contains the pod environment + +`k8s.enterprisedb.io/podSpec` +: Snapshot of the `spec` of the Pod generated by the operator - this annotation replaces + the old and deprecated `k8s.enterprisedb.io/podEnvHash` annotation + +`k8s.enterprisedb.io/poolerSpecHash` +: Hash of the pooler resource + +`k8s.enterprisedb.io/pvcStatus` +: Current status of the pvc, one of `initializing`, `ready`, `detached` + +`k8s.enterprisedb.io/reconciliationLoop` +: When set to `disabled` on a `Cluster`, the operator prevents the + reconciliation loop from running + +`k8s.enterprisedb.io/reloadedAt` +: Contains the latest cluster `reload` time, `reload` is triggered by user through plugin + +`k8s.enterprisedb.io/skipEmptyWalArchiveCheck` +: When set to `true` on a `Cluster` resource, the operator disables the check + that ensures that the WAL archive is empty before writing data. Use at your own + risk. + +`k8s.enterprisedb.io/backupStartWAL` +: The WAL at the start of a backup + +`k8s.enterprisedb.io/backupEndWAL` +: The WAL at the conclusion of a backup + +`k8s.enterprisedb.io/backupStartTime` +: The time a backup started + +`k8s.enterprisedb.io/backupEndTime` +: The time a backup ended + +`k8s.enterprisedb.io/snapshotStartTime` +: The time a snapshot started + +`k8s.enterprisedb.io/snapshotEndTime` +: The time a snapshot was marked as ready to use + +`kubectl.kubernetes.io/restartedAt` +: When available, the time of last requested restart of a Postgres cluster + ## Pre-requisites By default, no label or annotation defined in the cluster's metadata is @@ -79,4 +232,4 @@ kubectl get pods --show-labels Currently, EDB Postgres for Kubernetes does not automatically propagate labels or annotations deletions. Therefore, when an annotation or label is removed from a Cluster, which was previously propagated to the underlying pods, the operator -will not automatically remove it on the associated resources. \ No newline at end of file +will not automatically remove it on the associated resources. diff --git a/product_docs/docs/postgres_for_kubernetes/1/license_keys.mdx b/product_docs/docs/postgres_for_kubernetes/1/license_keys.mdx index 617c4e775f1..f8e700d28f0 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/license_keys.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/license_keys.mdx @@ -130,4 +130,4 @@ attempt on the cluster, effectively stopping to manage its status. This also includes any self-healing and high availability capabilities, such as automated failover and switchovers. -The pods and the data will still be available. \ No newline at end of file +The pods and the data will still be available. diff --git a/product_docs/docs/postgres_for_kubernetes/1/logging.mdx b/product_docs/docs/postgres_for_kubernetes/1/logging.mdx index 7848ed30eb7..0a128ad3841 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/logging.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/logging.mdx @@ -176,7 +176,7 @@ See the example below: ``` Please refer to the -[PGAudit documentation](https://github.com/pgaudit/pgaudit/blob/master/README.md#format) +[PGAudit documentation](https://github.com/pgaudit/pgaudit/blob/master/README.md#format) for more details about each field in a record. ## EDB Audit logs @@ -289,4 +289,4 @@ Therefore, all the possible `logger` values are the following ones: Except for `postgres` and `edb_audit` that have the aforementioned structures, all other possible values just have `msg` set to the escaped message that is -logged. \ No newline at end of file +logged. diff --git a/product_docs/docs/postgres_for_kubernetes/1/monitoring.mdx b/product_docs/docs/postgres_for_kubernetes/1/monitoring.mdx index 2221bd3cb0d..af8038b1368 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/monitoring.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/monitoring.mdx @@ -176,7 +176,7 @@ cnp_collector_up{cluster="cluster-example"} 1 # HELP cnp_collector_postgres_version Postgres version # TYPE cnp_collector_postgres_version gauge -cnp_collector_postgres_version{cluster="cluster-example",full="15.3"} 15.3 +cnp_collector_postgres_version{cluster="cluster-example",full="16.0"} 16.0 # HELP cnp_collector_last_failed_backup_timestamp The last failed backup as a unix timestamp # TYPE cnp_collector_last_failed_backup_timestamp gauge @@ -442,7 +442,7 @@ data: ``` A list of basic monitoring queries can be found in the -[`default-monitoring.yaml` file](default-monitoring.yaml) +[`default-monitoring.yaml` file](../default-monitoring.yaml) that is already installed in your EDB Postgres for Kubernetes deployment (see ["Default set of metrics"](#default-set-of-metrics)). #### Example of a user defined metric running on multiple databases @@ -544,7 +544,7 @@ Here is a short description of all the available fields: - ``: the name of the Prometheus metric - `query`: the SQL query to run on the target database to generate the metrics - `primary`: whether to run the query only on the primary instance - - `master`: same as `primary` (for compatibility with the Prometheus PostgreSQL exporter's syntax - deprecated) + - `master`: same as `primary` (for compatibility with the Prometheus PostgreSQL exporter's syntax - deprecated) - `runonserver`: a semantic version range to limit the versions of PostgreSQL the query should run on (e.g. `">=11.0.0"` or `">=12.0.0 <=15.0.0"`) - `target_databases`: a list of databases to run the `query` against, @@ -689,7 +689,7 @@ metadata: spec: containers: - name: curl - image: curlimages/curl:7.84.0 + image: curlimages/curl:8.2.1 command: ['sleep', '3600'] ``` @@ -816,4 +816,4 @@ spec: !!! Note We currently don’t use `ServiceMonitor` because our service doesn’t define a port pointing to the metrics. If we added a metric port this could expose - sensitive data. \ No newline at end of file + sensitive data. diff --git a/product_docs/docs/postgres_for_kubernetes/1/networking.mdx b/product_docs/docs/postgres_for_kubernetes/1/networking.mdx index 98bee802a9d..0df3fb93072 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/networking.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/networking.mdx @@ -49,4 +49,4 @@ While [bootstrapping](bootstrap.md) from another cluster or when using the `exte ensure connectivity among all clusters, object stores, and namespaces involved. Again, we refer you to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/) -for setup information. \ No newline at end of file +for setup information. diff --git a/product_docs/docs/postgres_for_kubernetes/1/object_stores.mdx b/product_docs/docs/postgres_for_kubernetes/1/object_stores.mdx new file mode 100644 index 00000000000..f692a3fe6be --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/object_stores.mdx @@ -0,0 +1,447 @@ +--- +title: 'Appendix A - Common object stores for backups' +originalFilePath: 'src/appendixes/object_stores.md' +--- + +You can store the [backup](backup.md) files in any service that is supported +by the Barman Cloud infrastructure. That is: + +- [Amazon S3](#aws-s3) +- [Microsoft Azure Blob Storage](#azure-blob-storage) +- [Google Cloud Storage](#google-cloud-storage) + +You can also use any compatible implementation of the supported services. + +The required setup depends on the chosen storage provider and is +discussed in the following sections. + +## AWS S3 + +[AWS Simple Storage Service (S3)](https://aws.amazon.com/s3/) is +a very popular object storage service offered by Amazon. + +As far as EDB Postgres for Kubernetes backup is concerned, you can define the permissions to +store backups in S3 buckets in two ways: + +- If EDB Postgres for Kubernetes is running in EKS. you may want to use the + [IRSA authentication method](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) +- Alternatively, you can use the `ACCESS_KEY_ID` and `ACCESS_SECRET_KEY` credentials + +### AWS Access key + +You will need the following information about your environment: + +- `ACCESS_KEY_ID`: the ID of the access key that will be used + to upload files into S3 + +- `ACCESS_SECRET_KEY`: the secret part of the access key mentioned above + +- `ACCESS_SESSION_TOKEN`: the optional session token, in case it is required + +The access key used must have permission to upload files into +the bucket. Given that, you must create a Kubernetes secret with the +credentials, and you can do that with the following command: + +```sh +kubectl create secret generic aws-creds \ + --from-literal=ACCESS_KEY_ID= \ + --from-literal=ACCESS_SECRET_KEY= +# --from-literal=ACCESS_SESSION_TOKEN= # if required +``` + +The credentials will be stored inside Kubernetes and will be encrypted +if encryption at rest is configured in your installation. + +Once that secret has been created, you can configure your cluster like in +the following example: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: "" + s3Credentials: + accessKeyId: + name: aws-creds + key: ACCESS_KEY_ID + secretAccessKey: + name: aws-creds + key: ACCESS_SECRET_KEY +``` + +The destination path can be any URL pointing to a folder where +the instance can upload the WAL files, e.g. +`s3://BUCKET_NAME/path/to/folder`. + +### IAM Role for Service Account (IRSA) + +In order to use IRSA you need to set an `annotation` in the `ServiceAccount` of +the Postgres cluster. + +We can configure EDB Postgres for Kubernetes to inject them using the `serviceAccountTemplate` +stanza: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: +[...] +spec: + serviceAccountTemplate: + metadata: + annotations: + eks.amazonaws.com/role-arn: arn:[...] + [...] +``` + +### S3 lifecycle policy + +Barman Cloud writes objects to S3, then does not update them until they are +deleted by the Barman Cloud retention policy. A recommended approach for an S3 +lifecycle policy is to expire the current version of objects a few days longer +than the Barman retention policy, enable object versioning, and expire +non-current versions after a number of days. Such a policy protects against +accidental deletion, and also allows for restricting permissions to the +EDB Postgres for Kubernetes workload so that it may delete objects from S3 without granting +permissions to permanently delete objects. + +### Other S3-compatible Object Storages providers + +In case you're using S3-compatible object storage, like **MinIO** or +**Linode Object Storage**, you can specify an endpoint instead of using the +default S3 one. + +In this example, it will use the `bucket` of **Linode** in the region +`us-east1`. + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: "s3://bucket/" + endpointURL: "https://us-east1.linodeobjects.com" + s3Credentials: + [...] +``` + +In case you're using **Digital Ocean Spaces**, you will have to use the Path-style syntax. +In this example, it will use the `bucket` from **Digital Ocean Spaces** in the region `SFO3`. + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: "s3://[your-bucket-name]/[your-backup-folder]/" + endpointURL: "https://sfo3.digitaloceanspaces.com" + s3Credentials: + [...] +``` + +!!! Important + Suppose you configure an Object Storage provider which uses a certificate signed with a private CA, + like when using OpenShift or MinIO via HTTPS. In that case, you need to set the option `endpointCA` + referring to a secret containing the CA bundle so that Barman can verify the certificate correctly. + +!!! Note + If you want ConfigMaps and Secrets to be **automatically** reloaded by instances, you can + add a label with key `k8s.enterprisedb.io/reload` to the Secrets/ConfigMaps. Otherwise, you will have to reload + the instances using the `kubectl cnp reload` subcommand. + +## Azure Blob Storage + +[Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) is the +obect storage service provided by Microsoft. + +In order to access your storage account for backup and recovery of +EDB Postgres for Kubernetes managed databases, you will need one of the following +combinations of credentials: + +- [Connection String](https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string#configure-a-connection-string-for-an-azure-storage-account) +- Storage account name and [Storage account access key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage) +- Storage account name and [Storage account SAS Token](https://docs.microsoft.com/en-us/azure/storage/blobs/sas-service-create) +- Storage account name and [Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/introduction.html) + properly configured. + +Using **Azure AD Workload Identity**, you can avoid saving the credentials into a Kubernetes Secret, +and have a Cluster configuration adding the `inheritFromAzureAD` as follows: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: "" + azureCredentials: + inheritFromAzureAD: true +``` + +On the other side, using both **Storage account access key** or **Storage account SAS Token**, +the credentials need to be stored inside a Kubernetes Secret, adding data entries only when +needed. The following command performs that: + +``` +kubectl create secret generic azure-creds \ + --from-literal=AZURE_STORAGE_ACCOUNT= \ + --from-literal=AZURE_STORAGE_KEY= \ + --from-literal=AZURE_STORAGE_SAS_TOKEN= \ + --from-literal=AZURE_STORAGE_CONNECTION_STRING= +``` + +The credentials will be encrypted at rest, if this feature is enabled in the used +Kubernetes cluster. + +Given the previous secret, the provided credentials can be injected inside the cluster +configuration: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: "" + azureCredentials: + connectionString: + name: azure-creds + key: AZURE_CONNECTION_STRING + storageAccount: + name: azure-creds + key: AZURE_STORAGE_ACCOUNT + storageKey: + name: azure-creds + key: AZURE_STORAGE_KEY + storageSasToken: + name: azure-creds + key: AZURE_STORAGE_SAS_TOKEN +``` + +When using the Azure Blob Storage, the `destinationPath` fulfills the following +structure: + +``` +://..core.windows.net/ +``` + +where `` is `/`. The **account name**, +which is also called **storage account name**, is included in the used host name. + +### Other Azure Blob Storage compatible providers + +If you are using a different implementation of the Azure Blob Storage APIs, +the `destinationPath` will have the following structure: + +``` +://:// +``` + +In that case, `` is the first component of the path. + +This is required if you are testing the Azure support via the Azure Storage +Emulator or [Azurite](https://github.com/Azure/Azurite). + +## Google Cloud Storage + +Currently, the EDB Postgres for Kubernetes operator supports two authentication methods for +[Google Cloud Storage](https://cloud.google.com/storage/): + +- the first one assumes that the pod is running inside a Google Kubernetes Engine cluster +- the second one leverages the environment variable `GOOGLE_APPLICATION_CREDENTIALS` + +### Running inside Google Kubernetes Engine + +When running inside Google Kubernetes Engine you can configure your backups to +simply rely on [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity), +without having to set any credentials. In particular, you need to: + +- set `.spec.backup.barmanObjectStore.googleCredentials.gkeEnvironment` to `true` +- set the `iam.gke.io/gcp-service-account` annotation in the `serviceAccountTemplate` stanza + +Please use the following example as a reference: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + [...] + backup: + barmanObjectStore: + destinationPath: "gs://" + googleCredentials: + gkeEnvironment: true + + serviceAccountTemplate: + metadata: + annotations: + iam.gke.io/gcp-service-account: [...].iam.gserviceaccount.com + [...] +``` + +### Using authentication + +Following the [instruction from Google](https://cloud.google.com/docs/authentication/getting-started) +you will get a JSON file that contains all the required information to authenticate. + +The content of the JSON file must be provided using a `Secret` that can be created +with the following command: + +```shell +kubectl create secret generic backup-creds --from-file=gcsCredentials=gcs_credentials_file.json +``` + +This will create the `Secret` with the name `backup-creds` to be used in the yaml file like this: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: "gs://" + googleCredentials: + applicationCredentials: + name: backup-creds + key: gcsCredentials +``` + +Now the operator will use the credentials to authenticate against Google Cloud Storage. + +!!! Important + This way of authentication will create a JSON file inside the container with all the needed + information to access your Google Cloud Storage bucket, meaning that if someone gets access to the pod + will also have write permissions to the bucket. + +## MinIO Gateway + +Optionally, you can use MinIO Gateway as a common interface which +relays backup objects to other cloud storage solutions, like S3 or GCS. +For more information, please refer to [MinIO official documentation](https://docs.min.io/). + +Specifically, the EDB Postgres for Kubernetes cluster can directly point to a local +MinIO Gateway as an endpoint, using previously created credentials and service. + +MinIO secrets will be used by both the PostgreSQL cluster and the MinIO instance. +Therefore, you must create them in the same namespace: + +```sh +kubectl create secret generic minio-creds \ + --from-literal=MINIO_ACCESS_KEY= \ + --from-literal=MINIO_SECRET_KEY= +``` + +!!! Note + Cloud Object Storage credentials will be used only by MinIO Gateway in this case. + +!!! Important + In order to allow PostgreSQL to reach MinIO Gateway, it is necessary to create a + `ClusterIP` service on port `9000` bound to the MinIO Gateway instance. + +For example: + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: minio-gateway-service +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + selector: + app: minio +``` + +!!! Warning + At the time of writing this documentation, the official + [MinIO Operator](https://github.com/minio/minio-operator/issues/71) + for Kubernetes does not support the gateway feature. As such, we will use a + `deployment` instead. + +The MinIO deployment will use cloud storage credentials to upload objects to the +remote bucket and relay backup files to different locations. + +Here is an example using AWS S3 as Cloud Object Storage: + +```yaml +apiVersion: apps/v1 +kind: Deployment +[...] +spec: + containers: + - name: minio + image: minio/minio:RELEASE.2020-06-03T22-13-49Z + args: + - gateway + - s3 + env: + # MinIO access key and secret key + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: minio-creds + key: MINIO_ACCESS_KEY + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: minio-creds + key: MINIO_SECRET_KEY + # AWS credentials + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-creds + key: ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-creds + key: ACCESS_SECRET_KEY +# Uncomment the below section if session token is required +# - name: AWS_SESSION_TOKEN +# valueFrom: +# secretKeyRef: +# name: aws-creds +# key: ACCESS_SESSION_TOKEN + ports: + - containerPort: 9000 +``` + +Proceed by configuring MinIO Gateway service as the `endpointURL` in the `Cluster` +definition, then choose a bucket name to replace `BUCKET_NAME`: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: s3://BUCKET_NAME/ + endpointURL: http://minio-gateway-service:9000 + s3Credentials: + accessKeyId: + name: minio-creds + key: MINIO_ACCESS_KEY + secretAccessKey: + name: minio-creds + key: MINIO_SECRET_KEY + [...] +``` + +Verify on `s3://BUCKET_NAME/` the presence of archived WAL files before +proceeding with a backup. diff --git a/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx b/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx index cb417fda042..096880532f0 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx @@ -246,8 +246,8 @@ available to all the projects in the cluster. This is the default and normally recommended approach to install EDB Postgres for Kubernetes. !!! Warning - This doesn't mean that every user in the OpenShift cluster can use the Cloud Native - PostgreSQL Operator, deploy a `Cluster` object or even see the `Cluster` objects that + This doesn't mean that every user in the OpenShift cluster can use the EDB Postgres for + Kubernetes Operator, deploy a `Cluster` object or even see the `Cluster` objects that are running in their own namespaces. There are some special roles that users must have in the namespace in order to interact with EDB Postgres for Kubernetes' managed custom resources - primarily the `Cluster` one. Please refer to the @@ -272,8 +272,8 @@ With single project installation, you are asking OpenShift to install the Operator in a given namespace, and to make it available to that project only. !!! Warning - This doesn't mean that every user in the namespace can use the Cloud Native - PostgreSQL Operator, deploy a `Cluster` object or even see the `Cluster` objects that + This doesn't mean that every user in the namespace can use the EDB Postgres for + Kubernetes Operator, deploy a `Cluster` object or even see the `Cluster` objects that are running in the namespace. Similarly to the cluster-wide installation mode, There are some special roles that users must have in the namespace in order to interact with EDB Postgres for Kubernetes' managed custom resources - primarily the `Cluster` @@ -984,7 +984,7 @@ enabled, so you can peek the `cnp_` prefix: ![Prometheus queries](./images/openshift/prometheus-queries.png) It is easy to define Alerts based on the default metrics as `PrometheusRules`. -You can find some examples of rules in the [prometheusrule.yaml](../samples/monitoring/prometheusrule.yaml) +You can find some examples of rules in the [cnp-prometheusrule.yaml](../samples/monitoring/cnp-prometheusrule.yaml) file, which you can download. Before applying the rules, again, some OpenShift setup may be necessary. @@ -1013,4 +1013,4 @@ there might be no alerts. ![Prometheus alerts](./images/openshift/alerts-openshift.png) -Alert routing and notifications are beyond the scope of this guide. \ No newline at end of file +Alert routing and notifications are beyond the scope of this guide. diff --git a/product_docs/docs/postgres_for_kubernetes/1/operator_capability_levels.mdx b/product_docs/docs/postgres_for_kubernetes/1/operator_capability_levels.mdx index 8a3cc8edb00..4e7975f6b43 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/operator_capability_levels.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/operator_capability_levels.mdx @@ -335,20 +335,18 @@ failover and switchover operations. This area includes enhancements in: - connection pooling, to improve performance and control through a connection pooling layer with pgBouncer. -### PostgreSQL Hot Backups +### PostgreSQL WAL archive -The operator has been designed to provide application-level backups using -PostgreSQL’s native continuous hot backup technology based on -physical base backups and continuous WAL archiving. Specifically, -the operator currently supports only backups on object stores (AWS S3 and -S3-compatible, Azure Blob Storage, Google Cloud Storage, and gateways like -MinIO). - -WAL archiving and base backups are defined at the cluster level, declaratively, -through the `backup` parameter in the cluster definition, by specifying -an S3 protocol destination URL (for example, to point to a specific folder in -an AWS S3 bucket) and, optionally, a generic endpoint URL. WAL archiving, -a prerequisite for continuous backup, does not require any further +The operator supports PostgreSQL continuous archiving of WAL files +to an object store (AWS S3 and S3-compatible, Azure Blob Storage, Google Cloud +Storage, and gateways like MinIO). + +WAL archiving is defined at the cluster level, declaratively, through the +`backup` parameter in the cluster definition, by specifying an S3 protocol +destination URL (for example, to point to a specific folder in an AWS S3 +bucket) and, optionally, a generic endpoint URL. + +WAL archiving, a prerequisite for continuous backup, does not require any further action from the user: the operator will automatically and transparently set the `archive_command` to rely on `barman-cloud-wal-archive` to ship WAL files to the defined endpoint. Users can decide the compression algorithm, @@ -357,15 +355,40 @@ in the archive. In addition to that `Instance Manager` automatically checks the correctness of the archive destination, by performing `barman-cloud-check-wal-archive` command before beginning to ship the very first set of WAL files. +### PostgreSQL Backups + +The operator has been designed to provide application-level backups using +PostgreSQL’s native continuous hot backup technology based on +physical base backups and continuous WAL archiving. +Base backups can be saved on: + +- Kubernetes Volume Snapshots +- object stores (AWS S3 and S3-compatible, Azure Blob Storage, Google Cloud + Storage, and gateways like MinIO) + +Base backups are defined at the cluster level, declaratively, +through the `backup` parameter in the cluster definition. + You can define base backups in two ways: on-demand (through the `Backup` custom resource definition) or scheduled (through the `ScheduledBackup` -customer resource definition, using a cron-like syntax). They both rely on -`barman-cloud-backup` for the job (distributed as part of the application -container image) to relay backups in the same endpoint, alongside WAL files. +custom resource definition, using a cron-like syntax). + +Volume Snapshots rely directly on the Kubernetes API, which delegates this +capability to the underlying storage classes and CSI drivers. Volume snapshot +backups are suitable for Very Large Database (VLDB) contexts. + +Object store backups rely on `barman-cloud-backup` for the job (distributed as +part of the application container image) to relay backups in the same endpoint, +alongside WAL files. Both `barman-cloud-wal-restore` and `barman-cloud-backup` are distributed in the application container image under GNU GPL 3 terms. +Object store backups are taken while PostgreSQL is up and running (hot +backups). Volume Snapshot backups are currently taken after PostgreSQL has +been shut down (cold backups). This will change in the future with support +for online Volume Snapshot backups. + ### Backups from a standby The operator supports offloading base backups onto a standby without impacting @@ -375,10 +398,12 @@ particular I/O, for standard database operations. ### Full restore from a backup The operator enables you to bootstrap a new cluster (with its settings) -starting from an existing and accessible backup taken using -`barman-cloud-backup`. Once the bootstrap process is completed, the operator -initiates the instance in recovery mode and replays all available WAL files -from the specified archive, exiting recovery and starting as a primary. +starting from an existing and accessible backup, either on a volume snapshot +or in an object store. + +Once the bootstrap process is completed, the operator initiates the instance in +recovery mode and replays all available WAL files from the specified archive, +exiting recovery and starting as a primary. Subsequently, the operator will clone the requested number of standby instances from the primary. EDB Postgres for Kubernetes supports parallel WAL fetching from the archive. @@ -389,7 +414,7 @@ The operator enables you to create a new PostgreSQL cluster by recovering an existing backup to a specific point-in-time, defined with a timestamp, a label or a transaction ID. This capability is built on top of the full restore one and supports all the options available in -[PostgreSQL for PITR](https://www.postgresql.org/docs/13/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET). +[PostgreSQL for PITR](https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET). ### Zero Data Loss clusters through synchronous replication @@ -414,9 +439,9 @@ version: such a source can be anywhere, as long as a direct streaming connection via TLS is allowed from the two endpoints. Moreover, the source can be even outside Kubernetes, running in a physical or virtual environment. -Replica clusters can be created from a recovery object store (backup in Barman -Cloud format) or via streaming through `pg_basebackup`. Both WAL file shipping -and WAL streaming are allowed. +Replica clusters can be created from a volume snapshot, a recovery object store +(backup in Barman Cloud format) or via streaming through `pg_basebackup`. +Both WAL file shipping and WAL streaming are allowed. Replica clusters dramatically improve the business continuity posture of your PostgreSQL databases in Kubernetes, spanning over multiple datacenters and opening up for hybrid and multi-cloud setups (currently, manual switchover @@ -611,4 +636,4 @@ the server and restarting it as a standby. ### Automated recreation of a standby In case the pod hosting a standby has been removed, the operator initiates -the procedure to recreate a standby server. \ No newline at end of file +the procedure to recreate a standby server. diff --git a/product_docs/docs/postgres_for_kubernetes/1/operator_conf.mdx b/product_docs/docs/postgres_for_kubernetes/1/operator_conf.mdx index 8097d31b22b..6a5e06b4845 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/operator_conf.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/operator_conf.mdx @@ -179,4 +179,4 @@ Once inside execute: ```shell curl localhost:6060/debug/pprof/ -``` \ No newline at end of file +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/postgis.mdx b/product_docs/docs/postgres_for_kubernetes/1/postgis.mdx index c018111c7be..b3839ecbacd 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/postgis.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/postgis.mdx @@ -98,7 +98,7 @@ both the template database and the application database, ready for use. !!! Info Take some time and look at the available options in `.spec.bootstrap.initdb` - from the [API reference](api_reference.md#BootstrapInitDB), such as + from the [API reference](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-BootstrapInitDB), such as `postInitApplicationSQL`. You can easily verify the available version of PostGIS that is in the @@ -108,7 +108,7 @@ values from the ones in this document): ```console $ kubectl exec -ti postgis-example-1 -- psql app Defaulted container "postgres" out of: postgres, bootstrap-controller (init) -psql (15.3 (Debian 15.3-1.pgdg110+1)) +psql (16.0 (Debian 16.0-1.pgdg110+1)) Type "help" for help. app=# SELECT * FROM pg_available_extensions WHERE name ~ '^postgis' ORDER BY 1; @@ -152,4 +152,4 @@ app=# SELECT postgis_full_version(); ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- POSTGIS="3.2.2 628da50" [EXTENSION] PGSQL="140" GEOS="3.9.0-CAPI-1.16.2" PROJ="7.2.1" LIBXML="2.9.10" LIBJSON="0.15" LIBPROTOBUF="1.3.3" WAGYU="0.5.0 (Internal)" TOPOLOGY (1 row) -``` \ No newline at end of file +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/postgresql_conf.mdx b/product_docs/docs/postgres_for_kubernetes/1/postgresql_conf.mdx index 2e3f713276e..2afc1f8d7ee 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/postgresql_conf.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/postgresql_conf.mdx @@ -56,6 +56,7 @@ The `custom.conf` file will contain the user-defined settings in the Refer to the PostgreSQL documentation for [more information on the available parameters](https://www.postgresql.org/docs/current/runtime-config.html), also known as GUC (Grand Unified Configuration). + Please note that EDB Postgres for Kubernetes accepts only strings for the PostgreSQL parameters. The content of `custom.conf` is automatically generated and maintained by the operator by applying the following sections in this order: @@ -445,6 +446,16 @@ You should get something similar to the following output: shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=******) ``` +If you would like to set a maximum size for the `shm` volume, you can do so by +setting the `spec.ephemeralVolumesSizeLimit.shm` field in the `Cluster` resource. +For example: + +```yaml +spec: + ephemeralVolumesSizeLimit: + shm: 1Gi +``` + ### System V shared memory In case your Kubernetes cluster has a high enough value for the `SHMMAX` @@ -563,4 +574,4 @@ Users are not allowed to set the following configuration parameters in the - `unix_socket_group` - `unix_socket_permissions` - `wal_level` -- `wal_log_hints` \ No newline at end of file +- `wal_log_hints` diff --git a/product_docs/docs/postgres_for_kubernetes/1/quickstart.mdx b/product_docs/docs/postgres_for_kubernetes/1/quickstart.mdx index 881fb86b8fa..54c1e31aa74 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/quickstart.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/quickstart.mdx @@ -7,18 +7,17 @@ This section describes how to test a PostgreSQL cluster on your laptop/computer using EDB Postgres for Kubernetes on a local Kubernetes cluster in [Kind](https://kind.sigs.k8s.io/) or [Minikube](https://kubernetes.io/docs/setup/learning-environment/minikube/). - + !!! Tip "Live demonstration" Don't want to install anything locally just yet? Try a demonstration directly in your browser: [EDB Postgres for Kubernetes Operator Interactive Quickstart](interactive_demo) - + Red Hat OpenShift Container Platform users can test the certified operator for -EDB Postgres for Kubernetes on the [Red Hat CodeReady Containers (CRC)](https://developers.redhat.com/products/codeready-containers/overview) -for OpenShift. +EDB Postgres for Kubernetes on the [Red Hat OpenShift Local](https://developers.redhat.com/products/openshift-local/overview) (formerly Red Hat CodeReady Containers). !!! Warning The instructions contained in this section are for demonstration, @@ -32,7 +31,7 @@ cluster on your local Kubernetes/Openshift installation and experiment with it. !!! Important Make sure that you have `kubectl` installed on your machine in order - to connect to the Kubernetes cluster, or `oc` if using CRC for OpenShift. + to connect to the Kubernetes cluster, or `oc` if using OpenShift Local. Please follow the Kubernetes documentation on [how to install `kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) or the Openshift documentation on [how to install `oc`](https://docs.openshift.com/container-platform/4.6/cli_reference/openshift_cli/getting-started-cli.html). @@ -40,9 +39,9 @@ cluster on your local Kubernetes/Openshift installation and experiment with it. If you are running Openshift, use `oc` every time `kubectl` is mentioned in this documentation. `kubectl` commands are compatible with `oc` ones. -## Part 1: Setup the local Kubernetes/Openshift playground +## Part 1 - Setup the local Kubernetes/Openshift Local playground -The first part is about installing Minikube, Kind, or CRC. Please spend some time +The first part is about installing Minikube, Kind, or OpenShift Local. Please spend some time reading about the systems and decide which one to proceed with. After setting up one of them, please proceed with part 2. @@ -85,9 +84,9 @@ then create a Kubernetes cluster with: kind create cluster --name pg ``` -### CodeReady Containers (CRC) +### OpenShift Local (formerly CodeReady Containers (CRC)) -1. [Download Red Hat CRC](https://developers.redhat.com/products/codeready-containers/overview) +1. [Download OpenShift Local](https://developers.redhat.com/products/openshift-local/overview) and move the binary inside a directory in your `PATH`. 2. Run the following commands: @@ -100,13 +99,14 @@ kind create cluster --name pg The `crc start` output will explain how to proceed. + 3. Execute the output of the `crc oc-env` command. 4. Log in as `kubeadmin` with the printed `oc login` command. You can also open the web console running `crc console`. User and password are the same as for the `oc login` command. -5. CRC doesn't come with a StorageClass, so one has to be configured. +5. OpenShift Local doesn't come with a StorageClass, so one has to be configured. Follow the [Dynamic volume provisioning wiki page](https://github.com/code-ready/crc/wiki/Dynamic-volume-provisioning) and install `rancher/local-path-provisioner`. @@ -150,7 +150,7 @@ spec: !!! Note "There's more" For more detailed information about the available options, please refer - to the ["API Reference" section](api_reference.md). + to the ["API Reference" section](cloudnative-pg.v1.md). In order to create the 3-node PostgreSQL cluster, you need to run the following command: @@ -375,4 +375,4 @@ see the `EDB Postgres for Kubernetes` dashboard. ![local grafana](images/grafana-local.png) Note that in our example setup, both Prometheus and Grafana will pick up -any other EDB Postgres for Kubernetes clusters deployed with Monitoring activated. \ No newline at end of file +any other EDB Postgres for Kubernetes clusters deployed with Monitoring activated. diff --git a/product_docs/docs/postgres_for_kubernetes/1/recovery.mdx b/product_docs/docs/postgres_for_kubernetes/1/recovery.mdx new file mode 100644 index 00000000000..2f7b156f2f0 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/recovery.mdx @@ -0,0 +1,615 @@ +--- +title: 'Recovery' +originalFilePath: 'src/recovery.md' +--- + +In PostgreSQL terminology, recovery is the process of starting a PostgreSQL +instance using a previously taken backup. The PostgreSQL recovery mechanism +is very solid and rich. It also supports Point In Time Recovery, which allows +you to restore a given cluster up to any point in time from the first available +backup in your catalog to the last archived WAL (as you can see, the WAL +archive is mandatory in this case). + +In EDB Postgres for Kubernetes, recovery cannot be performed "in-place" on an existing +cluster. Recovery is rather a way to bootstrap a new Postgres cluster +starting from an available physical backup. + +!!! Note + For details on the `bootstrap` stanza, please refer to the + ["Bootstrap" section](bootstrap.md). + +The `recovery` bootstrap mode lets you create a new cluster from an existing +physical base backup, and then reapply the WAL files containing the REDO log +from the archive. + +WAL files are pulled from the defined *recovery object store*. + +Base backups may be taken either on object stores, or using volume snapshots +(from version 1.21). + +!!! Warning + Recovery using volume snapshots had an initial release on 1.20.1. Because of + the amount of progress on the feature for 1.21.0, it is strongly advised + that you upgrade to 1.21.0 or more advanced releases to use volume + snapshots. + +Recovery from a *recovery object store* can be achieved in two ways: + +- using a recovery object store, that is, a backup of another cluster + created by Barman Cloud and defined via the `barmanObjectStore` option + in the `externalClusters` section (*recommended*) +- using an existing `Backup` object in the same namespace (this was the + only option available before version 1.8.0). + +Both recovery methods enable either full recovery (up to the last +available WAL) or up to a [point in time](#point-in-time-recovery-pitr). +When performing a full recovery, the cluster can also be started +in replica mode (see [replica clusters](replica_cluster.md) for reference). +If using replica mode, make sure that the PostgreSQL configuration +(`.spec.postgresql.parameters`) of the recovered cluster is +compatible, from a physical replication standpoint, with the original one. + +For recovery using volume snapshots: + +- take a consistent cold backup of the Postgres cluster from a standby through + the `kubectl cnp backup` command (see the [plugin document](kubectl-plugin.md#requesting-a-new-base-backup) + for reference), which creates the necessary `VolumeSnapshot` objects (two if + you have a separate volume for WALs, one if you don't) - recover from the above + *VolumeSnapshot* objects through the `volumeSnapshots` option in the + `.spec.bootstrap.recovery` stanza, as described in + ["Recovery from `VolumeSnapshot` objects"](#recovery-from-volumesnapshot-objects) + below + +## Recovery from an object store + +You can recover from a backup created by Barman Cloud and stored on a supported +object store. Once you have defined the external cluster, including all the +required configuration in the `barmanObjectStore` section, you need to +reference it in the `.spec.recovery.source` option. The following example +defines a recovery object store in a blob container in Azure: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-restore +spec: + [...] + + superuserSecret: + name: superuser-secret + + bootstrap: + recovery: + source: clusterBackup + + externalClusters: + - name: clusterBackup + barmanObjectStore: + destinationPath: https://STORAGEACCOUNTNAME.blob.core.windows.net/CONTAINERNAME/ + azureCredentials: + storageAccount: + name: recovery-object-store-secret + key: storage_account_name + storageKey: + name: recovery-object-store-secret + key: storage_account_key + wal: + maxParallel: 8 +``` + +!!! Important + By default the `recovery` method strictly uses the `name` of the + cluster in the `externalClusters` section as the name of the main folder + of the backup data within the object store, which is normally reserved + for the name of the server. You can specify a different folder name + with the `barmanObjectStore.serverName` property. + +!!! Note + In the above example we are taking advantage of the parallel WAL restore + feature, dedicating up to 8 jobs to concurrently fetch the required WAL + files from the archive. This feature can appreciably reduce the recovery time. + Make sure that you plan ahead for this scenario and correctly tune the + value of this parameter for your environment. It will certainly make a + difference **when** (not if) you'll need it. + +## Recovery from `VolumeSnapshot` objects + +!!! Warning + When creating replicas after having recovered the primary instance from + the volume snapshot, the operator might end up using `pg_basebackup` + to synchronize them, resulting in a slower process depending on the size + of the database. This limitation will be lifted in the future when support + for online backups will be introduced. + +EDB Postgres for Kubernetes can create a new cluster from a `VolumeSnapshot` of a PVC of an +existing `Cluster` that's been taken using the declarative API for +[volume snapshot backups](backup_volumesnapshot.md). +You will need to specify the name of the snapshot, as in the following example: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-restore +spec: + [...] + +bootstrap: + recovery: + volumeSnapshots: + storage: + name: + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io +``` + +In case the backed-up cluster was using a separate PVC to store the WAL files, +the recovery must include that too: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-restore +spec: + [...] + +bootstrap: + recovery: + volumeSnapshots: + storage: + name: + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + + walStorage: + name: + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io +``` + +!!! Warning + If bootstrapping a replica-mode cluster from snapshots, to leverage + snapshots for the standby instances and not just the primary, + it would be advisable to: + + 1. start with a single instance replica cluster. The primary instance will + be recovered using the snapshot and available WALs form the source cluster + 2. take a snapshot of the primary in the replica cluster + 3. increase the number of instances in the replica cluster as desired + +## Recovery from a `Backup` object + +!!! Important + Recovery from `Backup` objects works only on object store backups, + not on volume snapshots. + +In case a `Backup` resource is already available in the namespace in which the +cluster should be created, you can specify its name through +`.spec.bootstrap.recovery.backup.name`, as in the following example: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-example-initdb +spec: + instances: 3 + + superuserSecret: + name: superuser-secret + + bootstrap: + recovery: + backup: + name: backup-example + + storage: + size: 1Gi +``` + +This bootstrap method allows you to specify just a reference to the +backup that needs to be restored. + +The previous example implies the application database and its owning user to be +the default one, `app`. If the PostgreSQL cluster being restored was using +different names, they can be specified as documented in the [Configure the +application database](#configure-the-application-database) section. + +## Additional considerations + +Whether you recover from a recovery object store, a volume snapshot, or an +existing `Backup` resource, the following considerations apply: + +- The application database name and the application database user are preserved + from the backup that is being restored. The operator does not currently attempt + to back up the underlying secrets, as this is part of the usual maintenance + activity of the Kubernetes cluster itself. +- In case you don't supply any `superuserSecret`, a new one is automatically + generated with a secure and random password. The secret is then used to + reset the password for the `postgres` user of the cluster. +- By default, the recovery will continue up to the latest + available WAL on the default target timeline (`current` for PostgreSQL up to + 11, `latest` for version 12 and above). + You can optionally specify a `recoveryTarget` to perform a point in time + recovery (see the ["Point in time recovery" section](#point-in-time-recovery-pitr)). + +!!! Important + Consider using the `barmanObjectStore.wal.maxParallel` option to speed + up WAL fetching from the archive by concurrently downloading the transaction + logs from the recovery object store. + +## Point in time recovery (PITR) + +Instead of replaying all the WALs up to the latest one, we can ask PostgreSQL +to stop replaying WALs at any given point in time, after having extracted a +base backup. PostgreSQL uses this technique to achieve *point-in-time* recovery +(PITR). The presence of a WAL archive is mandatory. + +!!! Important + PITR requires you to specify a **recovery target**, by using the options + described in the ["Recovery targets" section](#recovery-targets) below. + +The operator will generate the configuration parameters required for this +feature to work in case a recovery target is specified. + +### PITR from an object store + +The example below uses a recovery object store in Azure that contains both +the base backups and the WAL archive. The recovery target is based on a +requested timestamp: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-restore-pitr +spec: + instances: 3 + + storage: + size: 5Gi + + bootstrap: + recovery: + # Recovery object store containing WAL archive and base backups + source: clusterBackup + recoveryTarget: + # Time base target for the recovery + targetTime: "2023-08-11 11:14:21.00000+02" + + externalClusters: + - name: clusterBackup + barmanObjectStore: + destinationPath: https://STORAGEACCOUNTNAME.blob.core.windows.net/CONTAINERNAME/ + azureCredentials: + storageAccount: + name: recovery-object-store-secret + key: storage_account_name + storageKey: + name: recovery-object-store-secret + key: storage_account_key + wal: + maxParallel: 8 +``` + +You might have noticed that in the above example you only had to specify +the `targetTime` in the form of a timestamp, without having to worry about +specifying the base backup from which to start the recovery. + +The `backupID` option is the one that allows you to specify the base backup +from which to initiate the recovery process. By default, this value is +empty. + +If you assign a value to it (in the form of a Barman backup ID), the operator +will use that backup as base for the recovery. + +!!! Important + You need to make sure that such a backup exists and is accessible. + +If the backup ID is not specified, the operator will automatically detect the +base backup for the recovery as follows: + +- when you use `targetTime` or `targetLSN`, the operator selects the closest + backup that was completed before that target +- otherwise the operator selects the last available backup in chronological + order. + +### PITR from `VolumeSnapshot` Objects + +The example below uses: + +- a Kubernetes volume snapshot for the `PGDATA` containing the base backup from + which to start the recovery process, identified in the + `recovery.volumeSnapshots` section and called `test-snapshot-1` +- a recovery object store in MinIO containing the WAL archive, identified by + the `recovery.source` option in the form of an external cluster definition + +The recovery target is based on a requested timestamp. + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-example-snapshot +spec: + # ... + bootstrap: + recovery: + source: cluster-example-with-backup + volumeSnapshots: + storage: + name: test-snapshot-1 + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + recoveryTarget: + targetTime: "2023-07-06T08:00:39" + externalClusters: + - name: cluster-example-with-backup + barmanObjectStore: + destinationPath: s3://backups/ + endpointURL: http://minio:9000 + s3Credentials: + accessKeyId: + name: minio + key: ACCESS_KEY_ID + secretAccessKey: + name: minio + key: ACCESS_SECRET_KEY +``` + +!!! Note + In case the backed up Cluster had `walStorage` enabled, you also must + specify the volume snapshot containing the `PGWAL` directory, as mentioned + in the [Recovery from VolumeSnapshot objects](#recovery-from-volumesnapshot-objects) + section. + +!!! Warning + It is your responsibility to ensure that the end time of the base backup in + the volume snapshot is prior to the recovery target timestamp. + +### Recovery targets + +Here are the recovery target criteria you can use: + +targetTime +: time stamp up to which recovery will proceed, expressed in + [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) format + (the precise stopping point is also influenced by the `exclusive` option) + +targetXID +: transaction ID up to which recovery will proceed + (the precise stopping point is also influenced by the `exclusive` option); + keep in mind that while transaction IDs are assigned sequentially at + transaction start, transactions can complete in a different numeric order. + The transactions that will be recovered are those that committed before + (and optionally including) the specified one + +targetName +: named restore point (created with `pg_create_restore_point()`) to which + recovery will proceed + +targetLSN +: LSN of the write-ahead log location up to which recovery will proceed + (the precise stopping point is also influenced by the `exclusive` option) + +targetImmediate +: recovery should end as soon as a consistent state is reached - i.e. as early + as possible. When restoring from an online backup, this means the point where + taking the backup ended + +!!! Important + While the operator is able to automatically retrieve the closest backup + when either `targetTime` or `targetLSN` is specified, this is not possible + for the remaining targets: `targetName`, `targetXID`, and `targetImmediate`. + In such cases, it is important to specify `backupID`, unless you are OK with + the last available backup in the catalog. + +The example below uses a `targetName` based recovery target: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] + bootstrap: + recovery: + source: clusterBackup + recoveryTarget: + backupID: 20220616T142236 + targetName: 'restore_point_1' +[...] +``` + +You can choose only a single one among the targets above in each +`recoveryTarget` configuration. + +Additionally, you can specify `targetTLI` force recovery to a specific +timeline. + +By default, the previous parameters are considered to be inclusive, stopping +just after the recovery target, matching [the behavior in PostgreSQL](https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-RECOVERY-TARGET-INCLUSIVE) +You can request exclusive behavior, +stopping right before the recovery target, by setting the `exclusive` parameter to +`true` like in the following example relying on a blob container in Azure +for both base backups and the WAL archive: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-restore-pitr +spec: + instances: 3 + + storage: + size: 5Gi + + bootstrap: + recovery: + source: clusterBackup + recoveryTarget: + backupID: 20220616T142236 + targetName: "maintenance-activity" + exclusive: true + + externalClusters: + - name: clusterBackup + barmanObjectStore: + destinationPath: https://STORAGEACCOUNTNAME.blob.core.windows.net/CONTAINERNAME/ + azureCredentials: + storageAccount: + name: recovery-object-store-secret + key: storage_account_name + storageKey: + name: recovery-object-store-secret + key: storage_account_key + wal: + maxParallel: 8 +``` + +## Configure the application database + +For the recovered cluster, we can configure the application database name and +credentials with additional configuration. To update application database +credentials, we can generate our own passwords, store them as secrets, and +update the database use the secrets. Or we can also let the operator generate a +secret with randomly secure password for use. Please reference the +["Bootstrap an empty cluster"](bootstrap.md#bootstrap-an-empty-cluster-initdb) +section for more information about secrets. + +The following example configure the application database `app` with owner +`app`, and supplied secret `app-secret`. + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + bootstrap: + recovery: + database: app + owner: app + secret: + name: app-secret + [...] +``` + +With the above configuration, the following will happen after recovery is completed: + +1. if database `app` does not exist, a new database `app` will be created. +2. if user `app` does not exist, a new user `app` will be created. +3. if user `app` is not the owner of database, user `app` will be granted + as owner of database `app`. +4. If value of `username` match value of `owner` in secret, the password of + application database will be changed to the value of `password` in secret. + +!!! Important + For a replica cluster with replica mode enabled, the operator will not + create any database or user in the PostgreSQL instance, as these will be + recovered from the original cluster. + +## How recovery works under the hood + + + +You can use the data uploaded to the object storage to *bootstrap* a +new cluster from a previously taken backup. +The operator will orchestrate the recovery process using the +`barman-cloud-restore` tool (for the base backup) and the +`barman-cloud-wal-restore` tool (for WAL files, including parallel support, if +requested). + +For details and instructions on the `recovery` bootstrap method, please refer +to the ["Bootstrap from a backup" section](bootstrap.md#bootstrap-from-a-backup-recovery). + +!!! Important + If you are not familiar with how [PostgreSQL PITR](https://www.postgresql.org/docs/current/continuous-archiving.html#BACKUP-PITR-RECOVERY) + works, we suggest that you configure the recovery cluster as the original + one when it comes to `.spec.postgresql.parameters`. Once the new cluster is + restored, you can then change the settings as desired. + +Under the hood, the operator will inject an init container in the first +instance of the new cluster, and the init container will start recovering the +backup from the object storage. + +!!! Important + The duration of the base backup copy in the new PVC depends on + the size of the backup, as well as the speed of both the network and the + storage. + +When the base backup recovery process is completed, the operator starts the +Postgres instance in recovery mode: in this phase, PostgreSQL is up, albeit not +able to accept connections, and the pod is healthy according to the +liveness probe. Through the `restore_command`, PostgreSQL starts fetching WAL +files from the archive (you can speed up this phase by setting the +`maxParallel` option and enable the parallel WAL restore capability). + +This phase terminates when PostgreSQL reaches the target (either the end of the +WAL or the required target in case of Point-In-Time-Recovery). Indeed, you can +optionally specify a `recoveryTarget` to perform a point in time recovery. If +left unspecified, the recovery will continue up to the latest available WAL on +the default target timeline (`current` for PostgreSQL up to 11, `latest` for +version 12 and above). + +Once the recovery is complete, the operator will set the required +superuser password into the instance. The new primary instance will start +as usual, and the remaining instances will join the cluster as replicas. + +The process is transparent for the user and it is managed by the instance +manager running in the Pods. + +## Restoring into a cluster with a backup section + + + +A manifest for a cluster restore may include a `backup` section. +This means that the new cluster, after recovery, will start archiving WAL's and +taking backups if configured to do so. + +For example, the section below could be part of a manifest for a Cluster +bootstrapping from Cluster `cluster-example-backup`, and would create a +new folder in the storage bucket named `recoveredCluster` where the base backups +and WAL's of the recovered cluster would be stored. + +```yaml + backup: + barmanObjectStore: + destinationPath: s3://backups/ + endpointURL: http://minio:9000 + serverName: "recoveredCluster" + s3Credentials: + accessKeyId: + name: minio + key: ACCESS_KEY_ID + secretAccessKey: + name: minio + key: ACCESS_SECRET_KEY + retentionPolicy: "30d" + + externalClusters: + - name: cluster-example-backup + barmanObjectStore: + destinationPath: s3://backups/ + endpointURL: http://minio:9000 + s3Credentials: +``` + +You should not re-use the exact same `barmanObjectStore` configuration +for different clusters. There could be cases where the existing information +in the storage buckets could be overwritten by the new cluster. + +!!! Warning + The operator includes a safety check to ensure a cluster will not + overwrite a storage bucket that contained information. A cluster that would + overwrite existing storage will remain in state `Setting up primary` with + Pods in an Error state. + The pod logs will show: + `ERROR: WAL archive check failed for server recoveredCluster: Expected empty archive` + +!!! Important + If you set the `k8s.enterprisedb.io/skipEmptyWalArchiveCheck` annotation to `enabled` in + the recovered cluster, you can skip the above check. This is not recommended + as for the general use case the above check works fine. Please don't do + this unless you are familiar with PostgreSQL recovery system, as this can lead + you to severe data loss. diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_18_7_rel_notes.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_18_7_rel_notes.mdx new file mode 100644 index 00000000000..d890387b3da --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_18_7_rel_notes.mdx @@ -0,0 +1,57 @@ +--- +title: "EDB Postgres for Kubernetes 1.18.7 release notes" +navTitle: "Version 1.18.7" +--- + +Released: 18 Oct 2023 + +EDB Postgres for Kubernetes version 1.8.7 is an LTS release of EDB Postgres for Kubernetes; there is no corresponding upstream release of CloudNativePG. + +## Highlights of EDB Postgres for Kubernetes 1.8.7 + +- Changed the default value of `stopDelay` to 1800 seconds instead of 30 seconds +- Introduced a new parameter, called `smartShutdownTimeout`, to control the + window of time reserved for the smart shutdown of Postgres to complete; the + general formula to compute the overall timeout to stop Postgres is + `max(stopDelay - smartShutdownTimeout, 30)` +- Changed the default value of `startDelay` to 3600, instead of 30 seconds +- Replaced the livenessProbe initial delay with a more proper Kubernetes + startup probe to deal with the start of a Postgres server +- Changed the default value of `switchoverDelay` to 3600 seconds instead of + 40000000 seconds + +Additionally, this release of EDB Postgres for Kubernetes includes the following: + +| Type | Description | +| ------------ | ------------------------------------------------------------------------------------------------------------------------------ | +| Security fix | Added a default `seccompProfile` to the operator deployment. | | +| Enhancement | Introduced the `k8s.enterprisedb.io/coredumpFilter` annotation to control the content of a core dump generated in the unlikely event of a PostgreSQL crash, by default set to exclude shared memory segments from the dump. | +| Enhancement | Allowed configuration of ephemeral-storage limits for the shared memory and temporary data ephemeral volumes. | +| Enhancement | Validation of resource limits and requests through the webhook. | +| Enhancement | Ensure that PostgreSQL's `shared_buffers` are coherent with the pods' allocated memory resources. | +| Enhancement | Added `uri` and `jdbc-uri` fields in the credential secrets to facilitate developers when connecting their applications to the database. | +| Enhancement | Added a new phase, `Waiting for the instances to become active`, for finer control of a cluster's state waiting for the replicas to be ready. | +| Enhancement | Improved detection of Pod rollout conditions through the `podSpec` annotation. | +| Enhancement | Added primary timestamp and uptime to the kubectl plugin's `status` command. | +| Technical enhancement | Replaced `k8s-api-docgen` with `gen-crd-api-reference-docs` to automatically build the API reference documentation. | +| Bug fix | Ensure that the primary instance is always recreated first by prioritizing ready PVCs with a primary role. | +| Bug fix | Honor the `k8s.enterprisedb.io/skipEmptyWalArchiveCheck` annotation during recovery to bypass the check for an empty WAL archive. | +| Bug fix | prevent a cluster from being stuck when the PostgreSQL server is down but the pod is up on the primary. | +| Bug fix | Avoid treating the designated primary in a replica cluster as a regular HA replica when replication slots are enabled. | +| Bug fix | Reconcile services every time the selectors change or when labels/annotations need to be changed. | +| Bug fix | Default to `app` for both the owner and database during recovery bootstrap. | +| Bug fix | Avoid write-read concurrency on cached cluster. | +| Bug fix | Remove empty items, make them unique and sort in the `ResourceName` sections of the generated roles. | +| Bug fix | Ensure that the `ContinuousArchiving` condition is properly set to 'failed' in case of errors. | +| Bug fix | Reconcile PodMonitor `labels` and `annotations`. | +| Bug fix | Fixed backup failure due to missing RBAC `resourceNames` on the `Role` object. | +| Observability | Added TCP port label to default `pg_stat_replication` metric. | +| Observability | Fixed the `pg_wal_stat` default metric for Prometheus. | +| Observability | Improved the `pg_replication` default metric for Prometheus | +| Observability | Used `alertInstanceLabelFilter` instead of `alertName` in the provided Grafana dashboard | +| Observability | Enforce `standard_conforming_strings` in metric collection. | +| Change | Set the default operand image to PostgreSQL 16.0. | +| Change | Fencing now uses PostgreSQL's fast shutdown instead of smart shutdown to halt an instance. | +| Change | Rename webhooks from kb.io to k8s.enterprisedb.io group. | +| Change | Added the `k8s.enterprisedb.io/instanceRole` label and deprecated the existing `role` label. | + diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_19_5_rel_notes.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_19_5_rel_notes.mdx new file mode 100644 index 00000000000..30879ecdb11 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_19_5_rel_notes.mdx @@ -0,0 +1,12 @@ +--- +title: "EDB Postgres for Kubernetes 1.19.5 release notes" +navTitle: "Version 1.19.5" +--- + +Released: 18 Oct 2023 + +This release of EDB Postgres for Kubernetes includes the following: + +| Type | Description | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Upstream merge | Merged with community CloudNativePG 1.19.5. See the community [Release Notes](https://cloudnative-pg.io/documentation/1.19/release_notes/v1.19/). | diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_20_3_rel_notes.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_20_3_rel_notes.mdx new file mode 100644 index 00000000000..080f8819a5d --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_20_3_rel_notes.mdx @@ -0,0 +1,12 @@ +--- +title: "EDB Postgres for Kubernetes 1.20.3 release notes" +navTitle: "Version 1.20.3" +--- + +Released: 18 Oct 2023 + +This release of EDB Postgres for Kubernetes includes the following: + +| Type | Description | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Upstream merge | Merged with community CloudNativePG 1.20.3. See the community [Release Notes](https://cloudnative-pg.io/documentation/1.20/release_notes/v1.20/). | diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_21_0_rel_notes.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_21_0_rel_notes.mdx new file mode 100644 index 00000000000..067237c3ffa --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_21_0_rel_notes.mdx @@ -0,0 +1,12 @@ +--- +title: "EDB Postgres for Kubernetes 1.21.0 release notes" +navTitle: "Version 1.21.0" +--- + +Released: 18 Oct 2023 + +This release of EDB Postgres for Kubernetes includes the following: + +| Type | Description | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Upstream merge | Merged with community CloudNativePG 1.21.0. See the community [Release Notes](https://cloudnative-pg.io/documentation/1.21/release_notes/v1.21/). | diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/index.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/index.mdx index 0dc85308acc..8771282f438 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/index.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/index.mdx @@ -4,14 +4,18 @@ navTitle: "Release notes" redirects: - ../release_notes navigation: +- 1_21_0_rel_notes +- 1_20_3_rel_notes - 1_20_2_rel_notes - 1_20_1_rel_notes - 1_20_0_rel_notes +- 1_19_5_rel_notes - 1_19_4_rel_notes - 1_19_3_rel_notes - 1_19_2_rel_notes - 1_19_1_rel_notes - 1_19_0_rel_notes +- 1_18_7_rel_notes - 1_18_6_rel_notes - 1_18_5_rel_notes - 1_18_4_rel_notes @@ -63,14 +67,18 @@ The EDB Postgres for Kubernetes documentation describes the major version of EDB | Version | Release date | Upstream merges | | -------------------------- | ------------ | ------------------------------------------------------------------------------------------- | +| [1.21.0](1_21_0_rel_notes) | 18 Oct 2023 | Upstream [1.21.0](https://cloudnative-pg.io/documentation/1.21/release_notes/v1.21/) | +| [1.20.3](1_20_3_rel_notes) | 18 Oct 2023 | Upstream [1.20.3](https://cloudnative-pg.io/documentation/1.20/release_notes/v1.20/) | | [1.20.2](1_20_2_rel_notes) | 27 Jul 2023 | Upstream [1.20.2](https://cloudnative-pg.io/documentation/1.20/release_notes/v1.20/) | | [1.20.1](1_20_1_rel_notes) | 13 Jun 2023 | Upstream [1.20.1](https://cloudnative-pg.io/documentation/1.20/release_notes/v1.20/) | | [1.20.0](1_20_0_rel_notes) | 27 Apr 2023 | Upstream [1.20.0](https://cloudnative-pg.io/documentation/1.20/release_notes/v1.20/) | +| [1.19.5](1_19_5_rel_notes) | 18 Oct 2023 | Upstream [1.19.5](https://cloudnative-pg.io/documentation/1.19/release_notes/v1.19/) | | [1.19.4](1_19_4_rel_notes) | 27 Jul 2023 | Upstream [1.19.4](https://cloudnative-pg.io/documentation/1.19/release_notes/v1.19/) | | [1.19.3](1_19_3_rel_notes) | 13 Jun 2023 | Upstream [1.19.3](https://cloudnative-pg.io/documentation/1.19/release_notes/v1.19/) | | [1.19.2](1_19_2_rel_notes) | 27 Apr 2023 | Upstream [1.19.2](https://cloudnative-pg.io/documentation/1.19/release_notes/v1.19/) | | [1.19.1](1_19_1_rel_notes) | 20 Mar 2023 | Upstream [1.19.1](https://cloudnative-pg.io/documentation/1.19/release_notes/v1.19/) | | [1.19.0](1_19_0_rel_notes) | 14 Feb 2023 | Upstream [1.19.0](https://cloudnative-pg.io/documentation/1.19/release_notes/v1.19/) | +| [1.18.7](1_18_7_rel_notes) | 18 Oct 2023 | None | | [1.18.6](1_18_6_rel_notes) | 27 Jul 2023 | None | | [1.18.5](1_18_5_rel_notes) | 13 Jun 2023 | Upstream [1.18.5](https://cloudnative-pg.io/documentation/1.18/release_notes/v1.18/) | | [1.18.4](1_18_4_rel_notes) | 27 Apr 2023 | Upstream [1.18.4](https://cloudnative-pg.io/documentation/1.18/release_notes/v1.18/) | diff --git a/product_docs/docs/postgres_for_kubernetes/1/replica_cluster.mdx b/product_docs/docs/postgres_for_kubernetes/1/replica_cluster.mdx index e568ba94361..2373f4f4cf0 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/replica_cluster.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/replica_cluster.mdx @@ -25,29 +25,39 @@ and kept synchronized through the [replica cluster](architecture.md#deployments-across-kubernetes-clusters) feature. The source can be a primary cluster or another replica cluster (cascading replica cluster). -The available options in terms of replication, both at bootstrap and continuous -recovery level, are: +The first step is to bootstrap the replica cluster, choosing among one of the +available methods: + +- streaming replication, via `pg_basebackup` +- recovery from a volume snapshot +- recovery from a Barman Cloud backup in an object store + +Please refer to the ["Bootstrap" section](bootstrap.md#bootstrap-from-another-cluster) +for information on how to clone a PostgreSQL server using either +`pg_basebackup` (streaming) or `recovery` (volume snapshot or object store). + +Once the replica cluster's base backup is available, you need to define how +changes are replicated from the origin, through PostgreSQL continuous recovery. +There are two options: - use streaming replication between the replica cluster and the source (this will certainly require some administrative and security related work to be done to make sure that the network connection between the two clusters are correctly setup) -- use a Barman Cloud object store for recovery of the base backups and - the WAL files that are regularly shipped from the source to the object - store and pulled by `barman-cloud-wal-restore` in the replica cluster +- use the WAL archive (on an object store) to fetch the WAL files that are + regularly shipped from the source to the object store and pulled by + `barman-cloud-wal-restore` in the replica cluster - any of the two All you have to do is actually define an external cluster. -Please refer to the ["Bootstrap" section](bootstrap.md#bootstrap-from-another-cluster) -for information on how to clone a PostgreSQL server using either -`pg_basebackup` (streaming) or `recovery` (object store). If the external cluster contains a `barmanObjectStore` section: +- you'll be able to use the WAL archive, and EDB Postgres for Kubernetes will automatically + set the `restore_command` in the designated primary instance - you'll be able to bootstrap the replica cluster from an object store - using the `recovery` section -- EDB Postgres for Kubernetes will automatically set the `restore_command` - in the designated primary instance + using the `recovery` section, in case you cannot take advantage of + volume snapshots If the external cluster contains a `connectionParameters` section: @@ -79,12 +89,14 @@ file and define the following parts accordingly: - define the `externalClusters` section in the replica cluster - define the bootstrap part for the replica cluster. We can either bootstrap via - streaming using the `pg_basebackup` section, or bootstrap from an object store - using the `recovery` section + streaming using the `pg_basebackup` section, or bootstrap from a volume snapshot + or an object store using the `recovery` section - define the continuous recovery part (`spec.replica`) in the replica cluster. All we need to do is to enable the replica mode through option `spec.replica.enabled` and set the `externalClusters` name in option `spec.replica.source` +#### Example using pg_basebackup + This **first example** defines a replica cluster using streaming replication in both bootstrap and continuous recovery. The replica cluster connects to the source cluster using TLS authentication. @@ -128,6 +140,8 @@ in case the replica cluster is in a separate namespace. key: ca.crt ``` +#### Example using a Backup from an object store + The **second example** defines a replica cluster that bootstraps from an object store using the `recovery` section and continuous recovery using both streaming replication and the given object store. For streaming replication, the replica @@ -176,6 +190,21 @@ a backup of the source cluster has been created already. clusters, and that all the necessary secrets which hold passwords or certificates are properly created in advance. +#### Example using a Volume Snapshot + +If you use volume snapshots and your storage class provides +snapshots cross-cluster availability, you can leverage that to +bootstrap a replica cluster through a volume snapshot of the +source cluster. + +The **third example** defines a replica cluster that bootstraps +from a volume snapshot using the `recovery` section. It uses +streaming replication (via basic authentication) and the object +store to fetch the WAL files. + +You can check the [sample YAML](../samples/cluster-example-replica-from-volume-snapshot.yaml) +for it in the `samples/` subdirectory. + ## Promoting the designated primary in the replica cluster To promote the **designated primary** to **primary**, all we need to do is to @@ -202,4 +231,4 @@ kubectl cnp -n status cluster-replica-example Disabling replication is an **irreversible** operation: once replication is disabled and the **designated primary** is promoted to **primary**, the replica cluster and the source cluster will become two independent clusters - definitively. \ No newline at end of file + definitively. diff --git a/product_docs/docs/postgres_for_kubernetes/1/replication.mdx b/product_docs/docs/postgres_for_kubernetes/1/replication.mdx index 21277446ce8..50170e760e7 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/replication.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/replication.mdx @@ -229,11 +229,11 @@ In EDB Postgres for Kubernetes, we use the terms: This feature, introduced in EDB Postgres for Kubernetes 1.18, is now enabled by default and can be disabled via configuration. For details, please refer to the -["replicationSlots" section in the API reference](api_reference.md#ReplicationSlotsConfiguration). +["replicationSlots" section in the API reference](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-ReplicationSlotsConfiguration). Here follows a brief description of the main options: `.spec.replicationSlots.highAvailability.enabled` -: if true, the feature is enabled (`true` is the default - since 1.20) +: if true, the feature is enabled (`true` is the default since 1.21) `.spec.replicationSlots.highAvailability.slotPrefix` : the prefix that identifies replication slots managed by the operator @@ -258,8 +258,8 @@ Here follows a brief description of the main options: Although it is not recommended, if you desire a different behavior, you can customize the above options. -For example, the following manifest will create a cluster without replication -slots enabled. +For example, the following manifest will create a cluster with replication +slots disabled. ```yaml apiVersion: postgresql.k8s.enterprisedb.io/v1 @@ -305,4 +305,28 @@ the lag from the primary. !!! Seealso "Monitoring" Please refer to the ["Monitoring" section](monitoring.md) for details on - how to monitor a EDB Postgres for Kubernetes deployment. \ No newline at end of file + how to monitor a EDB Postgres for Kubernetes deployment. + +### Capping the WAL size retained for replication slots + +When replication slots is enabled, you might end up running out of disk +space due to PostgreSQL trying to retain WAL files requested by a replication +slot. This might happen due to a standby that is (temporarily?) down, or +lagging, or simply an orphan replication slot. + +Starting with PostgreSQL 13, you can take advantage of the +[`max_slot_wal_keep_size`](https://www.postgresql.org/docs/current/runtime-config-replication.html#GUC-MAX-SLOT-WAL-KEEP-SIZE) +configuration option controlling the maximum size of WAL files that replication +slots are allowed to retain in the `pg_wal` directory at checkpoint time. +By default, in PostgreSQL `max_slot_wal_keep_size` is set to `-1`, meaning that +replication slots may retain an unlimited amount of WAL files. +As a result, our recommendation is to explicitly set `max_slot_wal_keep_size` +when replication slots support is enabled. For example: + +```ini + # ... + postgresql: + parameters: + max_slot_wal_keep_size: "10GB" + # ... +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/resource_management.mdx b/product_docs/docs/postgres_for_kubernetes/1/resource_management.mdx index 42e2d78e0fc..aa354aede0e 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/resource_management.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/resource_management.mdx @@ -54,7 +54,7 @@ while creating a cluster: in a VM or physical machine scenario - see below). - Set up database server pods on a dedicated node using nodeSelector. See the "nodeSelector" and "tolerations" fields of the - [“affinityconfiguration"](api_reference.md#affinityconfiguration) resource on the API reference page. + [“affinityconfiguration"](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-AffinityConfiguration) resource on the API reference page. You can refer to the following example manifest: @@ -97,4 +97,4 @@ section in the PostgreSQL documentation. !!! Seealso "Managing Compute Resources for Containers" For more details on resource management, please refer to the ["Managing Compute Resources for Containers"](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) - page from the Kubernetes documentation. \ No newline at end of file + page from the Kubernetes documentation. diff --git a/product_docs/docs/postgres_for_kubernetes/1/rolling_update.mdx b/product_docs/docs/postgres_for_kubernetes/1/rolling_update.mdx index c6f79ab0085..e68d22cae34 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/rolling_update.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/rolling_update.mdx @@ -93,4 +93,4 @@ You can trigger a restart with: kubectl cnp restart [cluster] [current_primary] ``` -You can find more information in the [`cnp` plugin page](kubectl-plugin.md). \ No newline at end of file +You can find more information in the [`cnp` plugin page](kubectl-plugin.md). diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples.mdx b/product_docs/docs/postgres_for_kubernetes/1/samples.mdx index 3b97553f228..e993654f699 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/samples.mdx @@ -48,7 +48,7 @@ PostGIS example : [`postgis-example.yaml`](../samples/postgis-example.yaml): an example of "PostGIS cluster" (see the [PostGIS section](postgis.md) for details.) -Replica cluster via streaming +Replica cluster via streaming (pg_basebackup) : **Prerequisites**: [`cluster-example.yaml`](../samples/cluster-example.yaml) applied and Healthy : [`cluster-example-replica-streaming.yaml`](../samples/cluster-example-replica-streaming.yaml): a replica cluster following `cluster-example` with streaming replication. @@ -59,7 +59,7 @@ Simple cluster with backup configured : [`cluster-example-with-backup.yaml`](../samples/cluster-example-with-backup.yaml) a basic cluster with backups configured. -Replica cluster via backup +Replica cluster via Backup from an object store : **Prerequisites**: [`cluster-storage-class-with-backup.yaml`](../samples/cluster-storage-class-with-backup.yaml) applied and Healthy. And a backup @@ -68,6 +68,15 @@ Replica cluster via backup : [`cluster-example-replica-from-backup-simple.yaml`](../samples/cluster-example-replica-from-backup-simple.yaml): a replica cluster following a cluster with backup configured. +Replica cluster via Volume Snapshot +: **Prerequisites**: + [`cluster-example-with-volume-snapshot.yaml`](../samples/cluster-example-with-volume-snapshot.yaml) applied and Healthy. + And a volume snapshot + [`backup-with-volume-snapshot.yaml`](../samples/backup-with-volume-snapshot.yaml) + applied and Completed. +: [`cluster-example-replica-from-volume-snapshot.yaml`](../samples/cluster-example-replica-from-volume-snapshot.yaml): + a replica cluster following a cluster with volume snapshot configured. + Bootstrap cluster with SQL files : [`cluster-example-initdb-sql-refs.yaml`](../samples/cluster-example-initdb-sql-refs.yaml): a cluster example that will execute a set of queries defined in a Secret and a ConfigMap right after the database is created. @@ -90,4 +99,4 @@ Cluster with TDE enabled an EPAS 15 cluster with TDE. Note that you will need access credentials to download the image used. -For a list of available options, please refer to the ["API Reference" page](api_reference.md). \ No newline at end of file +For a list of available options, please refer to the ["API Reference" page](cloudnative-pg.v1.md). diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/backup-with-volume-snapshot.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/backup-with-volume-snapshot.yaml new file mode 100644 index 00000000000..371c8f0beba --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/backup-with-volume-snapshot.yaml @@ -0,0 +1,8 @@ +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Backup +metadata: + name: backup-with-volume-snapshot +spec: + method: volumeSnapshot + cluster: + name: cluster-example-with-volume-snapshot diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-full.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-full.yaml index 79b833f6912..f7e772b6c02 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-full.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-full.yaml @@ -35,7 +35,7 @@ metadata: name: cluster-example-full spec: description: "Example of cluster" - imageName: quay.io/enterprisedb/postgresql:15.3 + imageName: quay.io/enterprisedb/postgresql:16.0 # imagePullSecret is only required if the images are located in a private registry # imagePullSecrets: # - name: private_registry_access diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-monitoring.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-monitoring.yaml index 42834b2f7fd..88e6951652a 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-monitoring.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-monitoring.yaml @@ -25,38 +25,6 @@ metadata: k8s.enterprisedb.io/reload: "" data: custom-queries: | - pg_replication: - query: "SELECT CASE WHEN NOT pg_is_in_recovery() - THEN 0 - ELSE GREATEST (0, - EXTRACT(EPOCH FROM (now() - pg_last_xact_replay_timestamp()))) - END AS lag, - pg_is_in_recovery() AS in_recovery, - EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up, - (SELECT count(*) FROM pg_stat_replication) AS streaming_replicas" - - metrics: - - lag: - usage: "GAUGE" - description: "Replication lag behind primary in seconds" - - in_recovery: - usage: "GAUGE" - description: "Whether the instance is in recovery" - - is_wal_receiver_up: - usage: "GAUGE" - description: "Whether the instance wal_receiver is up" - - streaming_replicas: - usage: "GAUGE" - description: "Number of streaming replicas connected to the instance" - - pg_postmaster: - query: "SELECT pg_postmaster_start_time as start_time from pg_postmaster_start_time()" - primary: true - metrics: - - start_time: - usage: "GAUGE" - description: "Time at which postgres started" - pg_stat_user_tables: target_databases: - "*" diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-replica-from-volume-snapshot.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-replica-from-volume-snapshot.yaml new file mode 100644 index 00000000000..ca3bc3dc2eb --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-replica-from-volume-snapshot.yaml @@ -0,0 +1,54 @@ +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-example-replica-from-snapshot +spec: + instances: 1 + + storage: + storageClass: csi-hostpath-sc + size: 1Gi + walStorage: + storageClass: csi-hostpath-sc + size: 1Gi + + bootstrap: + recovery: + source: cluster-example-with-volume-snapshot + volumeSnapshots: + storage: + name: cluster-example-with-volume-snapshot-2-1692618163 + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + walStorage: + name: cluster-example-with-volume-snapshot-2-wal-1692618163 + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + + replica: + enabled: true + source: cluster-example-with-volume-snapshot + + externalClusters: + - name: cluster-example-with-volume-snapshot + + connectionParameters: + host: cluster-example-with-volume-snapshot-rw.default.svc + user: postgres + dbname: postgres + password: + name: cluster-example-with-volume-snapshot-superuser + key: password + + barmanObjectStore: + destinationPath: s3://backups/ + endpointURL: http://minio:9000 + s3Credentials: + accessKeyId: + name: minio + key: ACCESS_KEY_ID + secretAccessKey: + name: minio + key: ACCESS_SECRET_KEY + wal: + maxParallel: 8 diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-replica-streaming.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-replica-streaming.yaml index 847a9d4dbe3..63eba35085d 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-replica-streaming.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-replica-streaming.yaml @@ -10,7 +10,7 @@ spec: source: cluster-example replica: - enabled: false + enabled: true source: cluster-example storage: diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-with-backup.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-with-backup.yaml index 9caf09bb71d..a0a99d90b41 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-with-backup.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-with-backup.yaml @@ -8,7 +8,7 @@ spec: # Persistent storage configuration storage: - storageClass: standard + storageClass: csi-hostpath-sc size: 1Gi # Backup properties diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-with-volume-snapshot.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-with-volume-snapshot.yaml new file mode 100644 index 00000000000..ef58162a061 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-example-with-volume-snapshot.yaml @@ -0,0 +1,32 @@ +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-example-with-volume-snapshot +spec: + instances: 3 + primaryUpdateStrategy: unsupervised + + # Persistent storage configuration + storage: + storageClass: csi-hostpath-sc + size: 1Gi + walStorage: + storageClass: csi-hostpath-sc + size: 1Gi + + # Backup properties + backup: + volumeSnapshot: + className: csi-hostpath-snapclass + barmanObjectStore: + destinationPath: s3://backups/ + endpointURL: http://minio:9000 + s3Credentials: + accessKeyId: + name: minio + key: ACCESS_KEY_ID + secretAccessKey: + name: minio + key: ACCESS_SECRET_KEY + wal: + compression: gzip diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot-full.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot-full.yaml new file mode 100644 index 00000000000..72d7d11507e --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot-full.yaml @@ -0,0 +1,18 @@ +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-restore-full +spec: + instances: 3 + + storage: + size: 1Gi + storageClass: csi-hostpath-sc + + bootstrap: + recovery: + volumeSnapshots: + storage: + name: cluster-example-2-1695821489 + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot-pitr.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot-pitr.yaml new file mode 100644 index 00000000000..67890530b5f --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot-pitr.yaml @@ -0,0 +1,40 @@ +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +metadata: + name: cluster-restore-pitr +spec: + instances: 3 + + storage: + size: 1Gi + storageClass: csi-hostpath-sc + + externalClusters: + - name: origin + + barmanObjectStore: + serverName: cluster-example-with-backup + destinationPath: s3://backups/ + endpointURL: http://minio:9000 + s3Credentials: + accessKeyId: + name: minio + key: ACCESS_KEY_ID + secretAccessKey: + name: minio + key: ACCESS_SECRET_KEY + wal: + maxParallel: 8 + + bootstrap: + recovery: + source: origin + + recoveryTarget: + targetTime: "2023-08-21 12:00:00.00000+00" + + volumeSnapshots: + storage: + name: cluster-example-with-backup-3-1692618163 + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot.yaml index 5a2f24f2883..4b232d016d1 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/cluster-restore-snapshot.yaml @@ -7,12 +7,13 @@ spec: storage: size: 1Gi + storageClass: csi-hostpath-sc bootstrap: recovery: volumeSnapshots: storage: - name: my-backup + name: cluster-example-20230930084154 kind: VolumeSnapshot apiGroup: snapshot.storage.k8s.io diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/alerts.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/alerts.yaml index 7e1987b1521..a0bb9098d01 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/alerts.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/alerts.yaml @@ -55,3 +55,12 @@ groups: for: 1m labels: severity: warning + - alert: ReplicaFailingReplication + annotations: + description: Replica {{ $labels.pod }} is failing to replicate + summary: Checks if the replica is failing to replicate + expr: |- + cnp_pg_replication_in_recovery > cnp_pg_replication_is_wal_receiver_up + for: 1m + labels: + severity: warning diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/grafana-configmap.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/grafana-configmap.yaml index 1e14184ae1f..a8ed15e61d6 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/grafana-configmap.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/grafana-configmap.yaml @@ -23,6 +23,85 @@ metadata: data: cnp.json: |- { + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "panel", + "id": "alertlist", + "name": "Alert list", + "version": "" + }, + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "panel", + "id": "gauge", + "name": "Gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.5.1" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph (old)", + "version": "" + }, + { + "type": "panel", + "id": "heatmap", + "name": "Heatmap", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "table", + "name": "Table", + "version": "" + }, + { + "type": "panel", + "id": "text", + "name": "Text", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], "annotations": { "list": [ { @@ -48,7 +127,7 @@ data: "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 1, - "id": 452, + "id": null, "links": [ { "asDropdown": false, @@ -68,7 +147,10 @@ data: "liveNow": false, "panels": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 7, "w": 3, @@ -77,8 +159,8 @@ data: }, "id": 334, "options": { - "alertInstanceLabelFilter": "", - "alertName": "Database", + "alertInstanceLabelFilter": "{namespace=~\"$namespace\",pod=~\"$cluster-[0-9]+$\"}", + "alertName": "", "dashboardAlerts": false, "folder": "", "groupBy": [], @@ -98,7 +180,10 @@ data: "type": "alertlist" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 15, @@ -120,7 +205,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -142,7 +230,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -164,7 +255,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -210,7 +304,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": false, "expr": "max(cnp_pg_postmaster_start_time{namespace=~\"$namespace\",pod=~\"$instances\"})*1000", @@ -228,7 +325,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -272,7 +372,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "sum(rate(cnp_pg_stat_database_xact_commit{namespace=~\"$namespace\",pod=~\"$instances\"}[$__interval])) + sum(rate(cnp_pg_stat_database_xact_rollback{namespace=~\"$namespace\",pod=~\"$instances\"}[$__interval]))", @@ -286,7 +389,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "CPU Utilisation from Requests", "fieldConfig": { "defaults": { @@ -341,7 +447,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{ namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", namespace=\"$namespace\", resource=\"cpu\"})", "format": "time_series", @@ -354,7 +463,10 @@ data: "type": "gauge" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "Memory Utilisation from Requests", "fieldConfig": { "defaults": { @@ -409,7 +521,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(max by(pod) (kube_pod_container_resource_requests{job=\"kube-state-metrics\", namespace=\"$namespace\", resource=\"memory\"}))", "format": "time_series", @@ -422,7 +537,10 @@ data: "type": "gauge" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -480,9 +598,12 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", - "expr": "cnp_pg_replication_lag{namespace=~\"$namespace\",pod=~\"$instances\"}", + "expr": "max(cnp_pg_replication_lag{namespace=~\"$namespace\",pod=~\"$instances\"})", "legendFormat": "__auto", "range": true, "refId": "A" @@ -492,7 +613,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -548,7 +672,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "max(cnp_pg_stat_replication_write_lag_seconds{namespace=~\"$namespace\",pod=~\"$instances\"})", "legendFormat": "__auto", @@ -560,7 +687,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -612,21 +742,40 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"$instances\"} / kubelet_volume_stats_capacity_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"$instances\"}))", "format": "time_series", "interval": "", - "legendFormat": "{{persistentvolumeclaim}}", + "legendFormat": "DATA", "range": true, - "refId": "FREE_SPACE" + "refId": "DATA" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"} / kubelet_volume_stats_capacity_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"}))", + "format": "time_series", + "interval": "", + "legendFormat": "WAL", + "range": true, + "refId": "WAL" } ], "title": "Volume Space Usage", "type": "gauge" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "Elapsed time since the last successful base backup.", "fieldConfig": { "defaults": { @@ -645,6 +794,18 @@ data: "to": 1e+42 }, "type": "range" + }, + { + "options": { + "from": -2147483648, + "result": { + "color": "red", + "index": 1, + "text": "N/A" + }, + "to": -1577847600 + }, + "type": "range" } ], "thresholds": { @@ -700,7 +861,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "-(time() - max(cnp_collector_last_available_backup_timestamp{namespace=\"$namespace\",pod=~\"$instances\"}))", "legendFormat": "__auto", @@ -712,7 +876,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -780,10 +947,13 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, - "expr": "(1 - cnp_pg_replication_in_recovery{namespace=~\"$namespace\",pod=~\"$instances\"} + cnp_pg_replication_is_wal_receiver_up{namespace=~\"$namespace\",pod=~\"$instances\"}) * (time() - timestamp(cnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"}) -\ncnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"})", + "expr": "min((1 - cnp_pg_replication_in_recovery{namespace=~\"$namespace\",pod=~\"$instances\"} + cnp_pg_replication_is_wal_receiver_up{namespace=~\"$namespace\",pod=~\"$instances\"}) * (time() - timestamp(cnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"}) -\ncnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"}))", "format": "time_series", "interval": "", "legendFormat": "__auto", @@ -795,7 +965,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -842,7 +1015,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "builder", "exemplar": false, "expr": "cnp_collector_postgres_version{namespace=~\"$namespace\",pod=~\"$instances\"}", @@ -861,7 +1037,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -917,7 +1096,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "max(cnp_pg_stat_replication_flush_lag_seconds{namespace=~\"$namespace\",pod=~\"$cluster-[0-9]+$\"})", "legendFormat": "__auto", @@ -929,7 +1111,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -985,7 +1170,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "max(cnp_pg_stat_replication_replay_lag_seconds{namespace=~\"$namespace\",pod=~\"$cluster-[0-9]+$\"})", "legendFormat": "__auto", @@ -997,7 +1185,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -1052,7 +1243,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{ namespace=\"$namespace\"})", @@ -1066,7 +1260,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "Excluding cache", "fieldConfig": { "defaults": { @@ -1120,7 +1317,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "sum(container_memory_working_set_bytes{pod=~\"$instances\", namespace=\"$namespace\", container!=\"\", image!=\"\"})", @@ -1134,7 +1334,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -1189,7 +1392,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": false, "expr": "cnp_pg_database_size_bytes{namespace=\"$namespace\"}", @@ -1223,13 +1429,26 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [ + { + "options": { + "0": { + "color": "red", + "index": 1, + "text": "N/A" + } + }, + "type": "value" + }, { "options": { "match": "null", @@ -1279,7 +1498,10 @@ data: "pluginVersion": "9.5.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "max(cnp_collector_first_recoverability_point{namespace=~\"$namespace\",pod=~\"$instances\"})*1000", @@ -1318,7 +1540,10 @@ data: "type": "row" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -1339,7 +1564,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1353,7 +1581,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 2, @@ -1374,7 +1605,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1387,7 +1621,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -1408,7 +1645,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1421,7 +1661,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 2, @@ -1442,7 +1685,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1455,7 +1701,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 4, @@ -1476,7 +1725,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1489,7 +1741,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -1510,7 +1765,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1523,7 +1781,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "gridPos": { "h": 1, @@ -1545,7 +1806,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1558,7 +1822,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 2, @@ -1579,7 +1846,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1592,7 +1862,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 2, @@ -1613,7 +1886,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1626,7 +1902,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 3, "w": 3, @@ -1648,7 +1927,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1660,7 +1942,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -1724,7 +2009,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "min(kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"})", @@ -1737,7 +2025,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -1805,7 +2096,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "1 - cnp_pg_replication_in_recovery{namespace=~\"$namespace\",pod=~\"$instances\"} + cnp_pg_replication_is_wal_receiver_up{namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1818,7 +2112,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -1870,7 +2167,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_replication_streaming_replicas{namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -1883,7 +2183,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "This metric depends on exporting the: `topology.kubernetes.io/zone` label through kube-state-metrics (not enabled by default). Can be added by changing its configuration with:\n\n```yaml\nmetricLabelsAllowlist:\n - nodes=[topology.kubernetes.io/zone]\n```", "fieldConfig": { "defaults": { @@ -1932,7 +2235,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "kube_pod_info{namespace=~\"$namespace\",pod=~\"$instances\"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels", @@ -1947,7 +2253,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -1967,6 +2276,7 @@ data: "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -2024,7 +2334,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum by (pod) (cnp_backends_total{namespace=~\"$namespace\",pod=~\"$instances\"})", "instant": false, @@ -2036,7 +2349,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -2094,7 +2410,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "100 * sum by (pod) (cnp_backends_total{namespace=~\"$namespace\",pod=~\"$instances\"}) / sum by (pod) (cnp_pg_settings_setting{name=\"max_connections\",namespace=~\"$namespace\",pod=~\"$instances\"})", "instant": true, @@ -2106,7 +2425,10 @@ data: "type": "gauge" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -2164,7 +2486,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "max by (pod) (cnp_pg_database_xid_age{namespace=~\"$namespace\",pod=~\"$instances\"})", "instant": true, @@ -2176,7 +2501,10 @@ data: "type": "bargauge" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -2224,7 +2552,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": false, "expr": "cnp_pg_postmaster_start_time{namespace=~\"$namespace\",pod=~\"$instances\"}*1000", "format": "time_series", @@ -2240,7 +2571,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -2288,7 +2622,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": false, "expr": "cnp_collector_postgres_version{namespace=~\"$namespace\",pod=~\"$instances\"}", @@ -2329,7 +2666,10 @@ data: "type": "row" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -2350,7 +2690,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2364,7 +2707,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -2385,7 +2731,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2398,7 +2747,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -2419,7 +2771,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2432,7 +2787,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -2453,7 +2811,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2466,7 +2827,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -2487,7 +2851,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2500,7 +2867,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -2521,7 +2891,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2534,7 +2907,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -2555,7 +2931,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2568,7 +2947,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 1, "w": 3, @@ -2589,7 +2971,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2602,7 +2987,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "gridPos": { "h": 3, "w": 3, @@ -2624,7 +3012,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "kube_pod_container_status_ready{container=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2636,7 +3027,10 @@ data: "type": "text" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -2682,7 +3076,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_settings_setting{name=\"max_connections\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2694,7 +3091,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -2742,7 +3142,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "max by (pod) (cnp_pg_settings_setting{name=\"shared_buffers\",namespace=~\"$namespace\",pod=~\"$instances\"}) * max by (pod) (cnp_pg_settings_setting{name=\"block_size\",namespace=~\"$namespace\",pod=~\"$instances\"})", "instant": true, @@ -2754,7 +3157,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -2802,9 +3208,12 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, - "expr": "cnp_pg_settings_setting{name=\"effective_cache_size\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "expr": "max by (pod) (cnp_pg_settings_setting{name=\"effective_cache_size\",namespace=~\"$namespace\",pod=~\"$instances\"}) * max by (pod) (cnp_pg_settings_setting{name=\"block_size\",namespace=~\"$namespace\",pod=~\"$instances\"})", "instant": true, "interval": "", "legendFormat": "{{pod}}", @@ -2814,7 +3223,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -2862,7 +3274,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_settings_setting{name=\"work_mem\",namespace=~\"$namespace\",pod=~\"$instances\"} * 1024", "instant": true, @@ -2874,7 +3289,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -2921,7 +3339,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_settings_setting{name=\"maintenance_work_mem\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2933,7 +3354,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -2980,7 +3404,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_settings_setting{name=\"random_page_cost\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -2992,7 +3419,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -3039,7 +3469,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_settings_setting{name=\"seq_page_cost\",namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": true, @@ -3051,7 +3484,10 @@ data: "type": "stat" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -3102,7 +3538,10 @@ data: "repeatDirection": "v", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_settings_setting{namespace=~\"$namespace\",pod=~\"$instances\"}", "format": "table", @@ -3185,7 +3624,10 @@ data: "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fill": 1, "fillGradient": 0, "gridPos": { @@ -3223,7 +3665,10 @@ data: "steppedLine": false, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{pod=~\"$instances\", namespace=~\"$namespace\"}) by (pod)", "format": "time_series", @@ -3234,7 +3679,10 @@ data: "step": 10 }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{pod=~\"$instances\", namespace=~\"$namespace\"})", "hide": false, @@ -3281,7 +3729,10 @@ data: "bars": false, "dashLength": 10, "dashes": false, - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fill": 2, "fillGradient": 0, "gridPos": { @@ -3342,7 +3793,10 @@ data: "steppedLine": false, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum(container_memory_working_set_bytes{pod=~\"$instances\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)", "format": "time_series", @@ -3353,7 +3807,10 @@ data: "step": 10 }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum(container_memory_working_set_bytes{pod=~\"$instances\", namespace=\"$namespace\", container!=\"\", image!=\"\"})", "hide": false, @@ -3396,7 +3853,10 @@ data: } }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -3466,7 +3926,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum(cnp_backends_total{namespace=~\"$namespace\",pod=~\"$instances\"}) by (pod)", "hide": false, @@ -3475,7 +3938,10 @@ data: "refId": "B" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum(cnp_backends_total{namespace=~\"$namespace\",pod=~\"$instances\"}) by (state, pod)", "interval": "", @@ -3487,7 +3953,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -3560,7 +4029,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum(rate(cnp_pg_stat_database_xact_commit{namespace=~\"$namespace\",pod=~\"$instances\"}[5m])) by (pod)", "interval": "", @@ -3568,7 +4040,10 @@ data: "refId": "A" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "sum(rate(cnp_pg_stat_database_xact_rollback{namespace=~\"$namespace\",pod=~\"$instances\"}[5m])) by (pod)", "hide": false, @@ -3581,7 +4056,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -3656,7 +4134,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "max by (pod) (cnp_backends_max_tx_duration_seconds{namespace=~\"$namespace\",pod=~\"$instances\"})", "interval": "", @@ -3668,7 +4149,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -3742,7 +4226,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "rate(cnp_pg_stat_database_deadlocks{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", "hide": false, @@ -3756,7 +4243,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -3830,7 +4320,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_backends_waiting_total{namespace=~\"$namespace\",pod=~\"$instances\"}", "interval": "", @@ -3867,7 +4360,10 @@ data: "id": 35, "panels": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -3919,7 +4415,10 @@ data: "pluginVersion": "9.4.7", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"$instances\"} / kubelet_volume_stats_capacity_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"$instances\"})", "format": "time_series", @@ -3927,6 +4426,19 @@ data: "legendFormat": "{{persistentvolumeclaim}}", "range": true, "refId": "FREE_SPACE" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"} / kubelet_volume_stats_capacity_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"})", + "format": "time_series", + "interval": "", + "legendFormat": "{{persistentvolumeclaim}}", + "range": true, + "refId": "FREE_SPACE_WAL" } ], "title": "Volume Space Usage", @@ -3934,7 +4446,10 @@ data: "type": "gauge" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -3986,7 +4501,10 @@ data: "pluginVersion": "9.4.7", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "expr": "max by(persistentvolumeclaim) (kubelet_volume_stats_inodes_used{namespace=\"$namespace\", persistentvolumeclaim=~\"$instances\"} / kubelet_volume_stats_inodes{namespace=\"$namespace\", persistentvolumeclaim=~\"$instances\"})", "format": "time_series", @@ -3994,6 +4512,19 @@ data: "legendFormat": "{{persistentvolumeclaim}}", "range": true, "refId": "FREE_INODES" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "max by(persistentvolumeclaim) (kubelet_volume_stats_inodes_used{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"} / kubelet_volume_stats_inodes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"})", + "format": "time_series", + "interval": "", + "legendFormat": "{{persistentvolumeclaim}}", + "range": true, + "refId": "FREE_INODES_WAL" } ], "title": "Volume Inode Usage", @@ -4001,7 +4532,10 @@ data: "type": "gauge" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4074,7 +4608,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "sum(rate(cnp_pg_stat_database_tup_deleted{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m]))", @@ -4084,7 +4621,10 @@ data: "refId": "A" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "sum(rate(cnp_pg_stat_database_tup_inserted{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m]))", @@ -4095,7 +4635,10 @@ data: "refId": "B" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "sum(rate(cnp_pg_stat_database_tup_fetched{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m]))", @@ -4106,7 +4649,10 @@ data: "refId": "C" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "sum(rate(cnp_pg_stat_database_tup_returned{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m]))", @@ -4117,7 +4663,10 @@ data: "refId": "D" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "sum(rate(cnp_pg_stat_database_tup_updated{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m]))", @@ -4132,7 +4681,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4205,7 +4757,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "rate(cnp_pg_stat_database_blks_hit{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", @@ -4215,7 +4770,10 @@ data: "refId": "A" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "rate(cnp_pg_stat_database_blks_read{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", @@ -4230,7 +4788,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4301,7 +4862,10 @@ data: "pluginVersion": "8.0.5", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "editorMode": "code", "exemplar": true, "expr": "max by (datname) (cnp_pg_database_size_bytes{datname!~\"template.*\",datname!=\"postgres\",namespace=~\"$namespace\",pod=~\"$instances\"})", @@ -4315,7 +4879,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4389,7 +4956,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "rate(cnp_pg_stat_database_temp_bytes{datname=\"\",namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", "instant": false, @@ -4427,7 +4997,10 @@ data: "id": 37, "panels": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4500,7 +5073,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_collector_pg_wal_archive_status{value=\"ready\",namespace=~\"$namespace\",pod=~\"$instances\"}", "interval": "", @@ -4508,7 +5084,10 @@ data: "refId": "A" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_collector_pg_wal_archive_status{value=\"done\",namespace=~\"$namespace\",pod=~\"$instances\"}", "hide": false, @@ -4521,7 +5100,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4594,7 +5176,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "rate(cnp_pg_stat_archiver_archived_count{namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", "interval": "", @@ -4602,7 +5187,10 @@ data: "refId": "A" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "rate(cnp_pg_stat_archiver_failed_count{namespace=~\"$namespace\",pod=~\"$instances\"}[5m])", "hide": false, @@ -4615,7 +5203,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -4690,7 +5281,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"}", "interval": "", @@ -4727,7 +5321,10 @@ data: "id": 18, "panels": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4805,7 +5402,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_replication_lag{namespace=~\"$namespace\",pod=~\"$instances\"}", "instant": false, @@ -4818,7 +5418,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4892,7 +5495,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_stat_replication_write_lag_seconds{namespace=~\"$namespace\",pod=~\"$cluster-[0-9]+$\"}", "instant": false, @@ -4905,7 +5511,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -4979,7 +5588,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_stat_replication_flush_lag_seconds{namespace=~\"$namespace\",pod=~\"$cluster-[0-9]+$\"}", "instant": false, @@ -4992,7 +5604,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -5067,7 +5682,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_stat_replication_replay_lag_seconds{namespace=~\"$namespace\",pod=~\"$cluster-[0-9]+$\"}", "interval": "", @@ -5113,7 +5731,10 @@ data: "mode": "spectrum" }, "dataFormat": "timeseries", - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "custom": { @@ -5183,7 +5804,10 @@ data: "reverseYBuckets": false, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_collector_collection_duration_seconds{namespace=~\"$namespace\",pod=~\"$instances\"}", "interval": "", @@ -5208,7 +5832,10 @@ data: "yBucketBound": "auto" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -5281,7 +5908,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_collector_last_collection_error{namespace=~\"$namespace\",pod=~\"$instances\"}", "interval": "", @@ -5318,7 +5948,10 @@ data: "id": 239, "panels": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "fieldConfig": { "defaults": { "color": { @@ -5392,7 +6025,10 @@ data: }, "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_collector_first_recoverability_point{namespace=~\"$namespace\",pod=~\"$instances\"}*1000 > 0", "format": "time_series", @@ -5430,7 +6066,10 @@ data: "id": 293, "panels": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -5506,7 +6145,10 @@ data: "pluginVersion": "8.2.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_stat_bgwriter_checkpoints_req{namespace=~\"$namespace\",pod=~\"$instances\"}", "format": "time_series", @@ -5518,7 +6160,10 @@ data: "refId": "B" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_stat_bgwriter_checkpoints_timed{namespace=~\"$namespace\",pod=~\"$instances\"}", "format": "time_series", @@ -5532,7 +6177,10 @@ data: "type": "timeseries" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "description": "", "fieldConfig": { "defaults": { @@ -5608,7 +6256,10 @@ data: "pluginVersion": "8.2.1", "targets": [ { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_stat_bgwriter_checkpoint_write_time{namespace=~\"$namespace\",pod=~\"$instances\"}", "format": "time_series", @@ -5620,7 +6271,10 @@ data: "refId": "B" }, { - "datasource": "${DS_PROMETHEUS}", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, "exemplar": true, "expr": "cnp_pg_stat_bgwriter_checkpoint_sync_time{namespace=~\"$namespace\",pod=~\"$instances\"}", "format": "time_series", @@ -5675,11 +6329,7 @@ data: "type": "datasource" }, { - "current": { - "selected": false, - "text": "database", - "value": "database" - }, + "current": {}, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" @@ -5701,11 +6351,7 @@ data: "type": "query" }, { - "current": { - "selected": false, - "text": "database-clustermarket-database", - "value": "database-clustermarket-database" - }, + "current": {}, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" @@ -5727,15 +6373,7 @@ data: "type": "query" }, { - "current": { - "selected": true, - "text": [ - "All" - ], - "value": [ - "$__all" - ] - }, + "current": {}, "datasource": { "type": "prometheus", "uid": "${DS_PROMETHEUS}" @@ -5767,7 +6405,7 @@ data: }, "timezone": "", "title": "EDB Postgres for Kubernetes", - "uid": "z7FCA4Nnk", - "version": 9, + "uid": "cloudnative-pg", + "version": 1, "weekStart": "" } diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/grafana-dashboard.json b/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/grafana-dashboard.json index f389574ea43..faa3846ede5 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/grafana-dashboard.json +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/grafana-dashboard.json @@ -135,8 +135,8 @@ }, "id": 334, "options": { - "alertInstanceLabelFilter": "", - "alertName": "Database", + "alertInstanceLabelFilter": "{namespace=~\"$namespace\",pod=~\"$cluster-[0-9]+$\"}", + "alertName": "", "dashboardAlerts": false, "folder": "", "groupBy": [], @@ -579,7 +579,7 @@ "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", - "expr": "cnp_pg_replication_lag{namespace=~\"$namespace\",pod=~\"$instances\"}", + "expr": "max(cnp_pg_replication_lag{namespace=~\"$namespace\",pod=~\"$instances\"})", "legendFormat": "__auto", "range": true, "refId": "A" @@ -726,9 +726,22 @@ "expr": "max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"$instances\"} / kubelet_volume_stats_capacity_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"$instances\"}))", "format": "time_series", "interval": "", - "legendFormat": "{{persistentvolumeclaim}}", + "legendFormat": "DATA", "range": true, - "refId": "FREE_SPACE" + "refId": "DATA" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"} / kubelet_volume_stats_capacity_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"}))", + "format": "time_series", + "interval": "", + "legendFormat": "WAL", + "range": true, + "refId": "WAL" } ], "title": "Volume Space Usage", @@ -757,6 +770,18 @@ "to": 1e+42 }, "type": "range" + }, + { + "options": { + "from": -2147483648, + "result": { + "color": "red", + "index": 1, + "text": "N/A" + }, + "to": -1577847600 + }, + "type": "range" } ], "thresholds": { @@ -904,7 +929,7 @@ }, "editorMode": "code", "exemplar": true, - "expr": "(1 - cnp_pg_replication_in_recovery{namespace=~\"$namespace\",pod=~\"$instances\"} + cnp_pg_replication_is_wal_receiver_up{namespace=~\"$namespace\",pod=~\"$instances\"}) * (time() - timestamp(cnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"}) -\ncnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"})", + "expr": "min((1 - cnp_pg_replication_in_recovery{namespace=~\"$namespace\",pod=~\"$instances\"} + cnp_pg_replication_is_wal_receiver_up{namespace=~\"$namespace\",pod=~\"$instances\"}) * (time() - timestamp(cnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"}) -\ncnp_pg_stat_archiver_seconds_since_last_archival{namespace=~\"$namespace\",pod=~\"$instances\"}))", "format": "time_series", "interval": "", "legendFormat": "__auto", @@ -1390,6 +1415,16 @@ "mode": "thresholds" }, "mappings": [ + { + "options": { + "0": { + "color": "red", + "index": 1, + "text": "N/A" + } + }, + "type": "value" + }, { "options": { "match": "null", @@ -2217,6 +2252,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -3153,7 +3189,7 @@ "uid": "${DS_PROMETHEUS}" }, "exemplar": true, - "expr": "cnp_pg_settings_setting{name=\"effective_cache_size\",namespace=~\"$namespace\",pod=~\"$instances\"}", + "expr": "max by (pod) (cnp_pg_settings_setting{name=\"effective_cache_size\",namespace=~\"$namespace\",pod=~\"$instances\"}) * max by (pod) (cnp_pg_settings_setting{name=\"block_size\",namespace=~\"$namespace\",pod=~\"$instances\"})", "instant": true, "interval": "", "legendFormat": "{{pod}}", @@ -4366,6 +4402,19 @@ "legendFormat": "{{persistentvolumeclaim}}", "range": true, "refId": "FREE_SPACE" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"} / kubelet_volume_stats_capacity_bytes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"})", + "format": "time_series", + "interval": "", + "legendFormat": "{{persistentvolumeclaim}}", + "range": true, + "refId": "FREE_SPACE_WAL" } ], "title": "Volume Space Usage", @@ -4439,6 +4488,19 @@ "legendFormat": "{{persistentvolumeclaim}}", "range": true, "refId": "FREE_INODES" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "max by(persistentvolumeclaim) (kubelet_volume_stats_inodes_used{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"} / kubelet_volume_stats_inodes{namespace=\"$namespace\", persistentvolumeclaim=~\"(${instances})-wal\"})", + "format": "time_series", + "interval": "", + "legendFormat": "{{persistentvolumeclaim}}", + "range": true, + "refId": "FREE_INODES_WAL" } ], "title": "Volume Inode Usage", @@ -6319,7 +6381,7 @@ }, "timezone": "", "title": "EDB Postgres for Kubernetes", - "uid": "z7FCA4Nnk", - "version": 9, + "uid": "cloudnative-pg", + "version": 1, "weekStart": "" } diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/prometheusrule.yaml b/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/prometheusrule.yaml index 2eaaec978cd..ed877e922b1 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/prometheusrule.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/monitoring/prometheusrule.yaml @@ -60,3 +60,12 @@ spec: for: 1m labels: severity: warning + - alert: ReplicaFailingReplication + annotations: + description: Replica {{ $labels.pod }} is failing to replicate + summary: Checks if the replica is failing to replicate + expr: |- + cnp_pg_replication_in_recovery > cnp_pg_replication_is_wal_receiver_up + for: 1m + labels: + severity: warning diff --git a/product_docs/docs/postgres_for_kubernetes/1/scheduling.mdx b/product_docs/docs/postgres_for_kubernetes/1/scheduling.mdx index df12107675f..fe164b17126 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/scheduling.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/scheduling.mdx @@ -14,7 +14,7 @@ the best node possible, based on several criteria. anti-affinity, node selectors, and so on. You can control how the EDB Postgres for Kubernetes cluster's instances should be -scheduled through the [`affinity`](api_reference.md#AffinityConfiguration) +scheduled through the [`affinity`](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-AffinityConfiguration) section in the definition of the cluster, which supports: - pod affinity/anti-affinity @@ -61,7 +61,7 @@ metadata: name: cluster-example spec: instances: 3 - imageName: quay.io/enterprisedb/postgresql:15.3 + imageName: quay.io/enterprisedb/postgresql:16.0 affinity: enablePodAntiAffinity: true #default value @@ -82,7 +82,7 @@ The aforementioned default behavior can be changed by tweaking the above setting `preferredDuringSchedulingIgnoredDuringExecution`. Please, be aware that such a strong requirement might result in pending instances in case resources are not available (which is an expected condition when using -[Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler) +[Cluster Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler) for automated horizontal scaling of a Kubernetes cluster). !!! Seealso "Inter-pod affinity and anti-affinity" @@ -147,4 +147,4 @@ for tolerations. !!! Seealso "Taints and Tolerations" More information on taints and tolerations can be found in the - [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). \ No newline at end of file + [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). diff --git a/product_docs/docs/postgres_for_kubernetes/1/security.mdx b/product_docs/docs/postgres_for_kubernetes/1/security.mdx index dad9841372d..fe00f55b4d4 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/security.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/security.mdx @@ -324,9 +324,19 @@ levels, as listed in the table below: ### PostgreSQL The current implementation of EDB Postgres for Kubernetes automatically creates -passwords and `.pgpass` files for the `postgres` superuser and the database owner. +passwords and `.pgpass` files for the the database owner and, only +if requested by setting `enableSuperuserAccess` to `true`, for the +`postgres` superuser. -As far as encryption of password is concerned, EDB Postgres for Kubernetes follows +!!! Warning + Prior to EDB Postgres for Kubernetes 1.21, `enableSuperuserAccess` was set to `true` by + default. This change has been implemented to improve the security-by-default + posture of the operator, fostering a microservice approach where changes to + PostgreSQL are performed in a declarative way through the `spec` of the + `Cluster` resource, while providing developers with full powers inside the + database through the database owner user. + +As far as password encryption is concerned, EDB Postgres for Kubernetes follows the default behavior of PostgreSQL: starting from PostgreSQL 14, `password_encryption` is by default set to `scram-sha-256`, while on earlier versions it is set to `md5`. @@ -335,9 +345,6 @@ versions it is set to `md5`. Please refer to the ["Password authentication"](https://www.postgresql.org/docs/current/auth-password.html) section in the PostgreSQL documentation for details. -You can disable management of the `postgres` user password via secrets by setting -`enableSuperuserAccess` to `false`. - !!! Note The operator supports toggling the `enableSuperuserAccess` option. When you disable it on a running cluster, the operator will ignore the content of the secret, @@ -369,4 +376,4 @@ For further detail on how `pg_hba.conf` is managed by the operator, see the EDB Postgres for Kubernetes delegates encryption at rest to the underlying storage class. For data protection in production environments, we highly recommend that you choose -a storage class that supports encryption at rest. \ No newline at end of file +a storage class that supports encryption at rest. diff --git a/product_docs/docs/postgres_for_kubernetes/1/ssl_connections.mdx b/product_docs/docs/postgres_for_kubernetes/1/ssl_connections.mdx index ca9bba80492..e437cc8950d 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/ssl_connections.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/ssl_connections.mdx @@ -166,7 +166,7 @@ Output : version -------------------------------------------------------------------------------------- ------------------ -PostgreSQL 15.3 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.3.1 20191121 (Red Hat +PostgreSQL 16.0 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.3.1 20191121 (Red Hat 8.3.1-5), 64-bit (1 row) -``` \ No newline at end of file +``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/storage.mdx b/product_docs/docs/postgres_for_kubernetes/1/storage.mdx index cf8f18fd6a5..eec486ff6a0 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/storage.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/storage.mdx @@ -47,13 +47,19 @@ guarantees higher and more predictable performance. to know more, please read the ["Custom Pod Controller"](controller.md) document. +## Backup and recovery + +Since EDB Postgres for Kubernetes supports volume snapshots for both backup and recovery, +we recommend that you also consider this aspect when you choose your storage +solution, especially if you manage very large databases. + ## Benchmarking EDB Postgres for Kubernetes -EDB maintains [cnp-bench](https://github.com/EnterpriseDB/cnp-bench), -an open source set of guidelines and Helm charts for benchmarking EDB Postgres for Kubernetes -in a controlled Kubernetes environment, before deploying the database in production. +We recommend that you benchmark EDB Postgres for Kubernetes in a controlled Kubernetes +environment, before deploying the database in production, by following +the [guidelines in the "Benchmarking" section](benchmarking.md). -Briefly, `cnp-bench` is designed to operate at two levels: +Briefly, our advice is to operate at two levels: - measuring the performance of the underlying storage using `fio`, with relevant metrics for database workloads such as throughput for sequential reads, sequential @@ -263,7 +269,7 @@ cluster-example-3 1/1 Running 0 2m10s ``` An Azure disk can only be expanded while in "unattached" state, as described in the -[docs](https://github.com/kubernetes-sigs/azuredisk-csi-driver/blob/master/docs/known-issues/sizegrow.md). +[docs](https://github.com/kubernetes-sigs/azuredisk-csi-driver/blob/master/docs/known-issues/sizegrow.md). This means, that to resize a disk used by a PostgreSQL cluster, you will need to perform a manual rollout, first cordoning the node that hosts the Pod using the PVC bound to the disk. This will prevent the Operator to recreate the Pod and immediately reattach it to its PVC before the background disk resizing has been completed. @@ -436,4 +442,16 @@ You can use a pre-provisioned volume in EDB Postgres for Kubernetes by following on the affinity rules of your cluster, Postgres pods can be correctly scheduled by Kubernetes where a pre-provisioned volume exists. Make sure you check for any pods stuck in `Pending` after you have deployed the cluster, and - if the condition persists investigate why this is happening. \ No newline at end of file + if the condition persists investigate why this is happening. + +## Block storage considerations (Ceph/ Longhorn) + +Most block storage solutions in Kubernetes suggest to have multiple 'replicas' of a volume +to improve resiliency. This works well for workloads that don't have resiliency built into the +application. However, EDB Postgres for Kubernetes has this resiliency built directly into the Postgres `Cluster` +through the number of instances and the persistent volumes that are attached to them. + +In these cases it makes sense to define the storage class used by the Postgres clusters +to be defined as 1 replica. By having additional replicas defined in the storage solution like +Longhorn and Ceph you might incur in the issue known as write amplification, unnecessarily +increasing disk I/O and space used. diff --git a/product_docs/docs/postgres_for_kubernetes/1/tde.mdx b/product_docs/docs/postgres_for_kubernetes/1/tde.mdx index e23e7f943d5..22c2f28d9b1 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/tde.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/tde.mdx @@ -157,4 +157,4 @@ The custom commands need to obey the following conventions: For example: - wrap command: `openssl enc -aes-128-cbc -pass pass:temp-pass -e -out %p` -- unwrap command: `openssl enc -aes-128-cbc -pass pass:temp-pass -d -in %p` \ No newline at end of file +- unwrap command: `openssl enc -aes-128-cbc -pass pass:temp-pass -d -in %p` diff --git a/product_docs/docs/postgres_for_kubernetes/1/troubleshooting.mdx b/product_docs/docs/postgres_for_kubernetes/1/troubleshooting.mdx index c65e8fd390b..06bf2d3f0e9 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/troubleshooting.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/troubleshooting.mdx @@ -183,7 +183,7 @@ Cluster in healthy state Name: cluster-example Namespace: default System ID: 7044925089871458324 -PostgreSQL Image: quay.io/enterprisedb/postgresql:15.3-3 +PostgreSQL Image: quay.io/enterprisedb/postgresql:16.0-3 Primary instance: cluster-example-1 Instances: 3 Ready instances: 3 @@ -259,7 +259,7 @@ kubectl describe cluster -n | grep "Image Name" Output: ```shell - Image Name: quay.io/enterprisedb/postgresql:15.3-3 + Image Name: quay.io/enterprisedb/postgresql:16.0-3 ``` !!! Note @@ -547,6 +547,61 @@ allow-prometheus k8s.enterprisedb.io/cluster=cluster-example 47m default-deny-ingress 57m ``` +## PostgreSQL core dumps + +Although rare, PostgreSQL can sometimes crash and generate a core dump +in the `PGDATA` folder. When that happens, normally it is a bug in PostgreSQL +(and most likely it has already been solved - this is why it is important +to always run the latest minor version of PostgreSQL). + +EDB Postgres for Kubernetes allows you to control what to include in the core dump through +the `k8s.enterprisedb.io/coredumpFilter` annotation. + +!!! Info + Please refer to ["Labels and annotations"](labels_annotations.md) + for more details on the standard annotations that EDB Postgres for Kubernetes provides. + +By default, the `k8s.enterprisedb.io/coredumpFilter` is set to `0x31` in order to +exclude shared memory segments from the dump, as this is the safest +approach in most cases. + +!!! Info + Please refer to + ["Core dump filtering settings" section of "The `/proc` Filesystem" page of the Linux Kernel documentation](https://docs.kernel.org/filesystems/proc.html#proc-pid-coredump-filter-core-dump-filtering-settings). + for more details on how to set the bitmask that controls the core dump filter. + +!!! Important + Beware that this setting only takes effect during Pod startup and that changing + the annotation doesn't trigger an automated rollout of the instances. + +Although you might not personally be involved in inspecting core dumps, +you might be asked to provide them so that a Postgres expert can look +into them. First, verify that you have a core dump in the `PGDATA` +directory with the following command (please run it against the +correct pod where the Postgres instance is running): + +```sh +kubectl exec -ti POD -c postgres \ + -- find /var/lib/postgresql/data/pgdata -name 'core.*' +``` + +Under normal circumstances, this should return an empty set. Suppose, for +example, that we have a core dump file: + +``` +/var/lib/postgresql/data/pgdata/core.14177 +``` + +Once you have verified the space on disk is sufficient, you can collect the +core dump on your machine through `kubectl cp` as follows: + +```sh +kubectl cp POD:/var/lib/postgresql/data/pgdata/core.14177 core.14177 +``` + +You now have the file. Make sure you free the space on the server by +removing the core dumps. + ## Some common issues ### Storage is full @@ -692,4 +747,4 @@ For example: Please remember that you must have enough hugepages memory available to schedule every Pod in the Cluster (in the example above, at least 512MiB per Pod must be -free). \ No newline at end of file +free). diff --git a/product_docs/docs/postgres_for_kubernetes/1/use_cases.mdx b/product_docs/docs/postgres_for_kubernetes/1/use_cases.mdx index 52a8617cdf6..3b20172c3e4 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/use_cases.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/use_cases.mdx @@ -46,4 +46,4 @@ resource in Kubernetes. The application can still benefit from a TLS connection to PostgreSQL. -![Application outside Kubernetes](./images/apps-outside-k8s.png) \ No newline at end of file +![Application outside Kubernetes](./images/apps-outside-k8s.png) diff --git a/product_docs/docs/postgres_for_kubernetes/1/wal_archiving.mdx b/product_docs/docs/postgres_for_kubernetes/1/wal_archiving.mdx new file mode 100644 index 00000000000..1900d9bec12 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/wal_archiving.mdx @@ -0,0 +1,79 @@ +--- +title: 'WAL archiving' +originalFilePath: 'src/wal_archiving.md' +--- + +WAL archiving is the process that feeds a [WAL archive](backup.md#wal-archive) +in EDB Postgres for Kubernetes. + +!!! Important + EDB Postgres for Kubernetes currently only supports WAL archives on object stores. Such + WAL archives serve for both object store backups and volume snapshot backups. + +The WAL archive is defined in the `.spec.backup.barmanObjectStore` stanza of +a `Cluster` resource. Please proceed with the same instructions you find in +the ["Backup on object stores" section](backup_barmanobjectstore.md) to set up +the WAL archive. + +!!! Info + Please refer to [`BarmanObjectStoreConfiguration`](cloudnative-pg.v1.md#postgresql-k8s-enterprisedb-io-v1-BarmanObjectStoreConfiguration) + in the API reference for a full list of options. + +If required, you can choose to compress WAL files as soon as they +are uploaded and/or encrypt them: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + [...] + wal: + compression: gzip + encryption: AES256 +``` + +You can configure the encryption directly in your bucket, and the operator +will use it unless you override it in the cluster configuration. + +PostgreSQL implements a sequential archiving scheme, where the +`archive_command` will be executed sequentially for every WAL +segment to be archived. + +!!! Important + By default, EDB Postgres for Kubernetes sets `archive_timeout` to `5min`, ensuring + that WAL files, even in case of low workloads, are closed and archived + at least every 5 minutes, providing a deterministic time-based value for + your Recovery Point Objective (RPO). Even though you change the value + of the [`archive_timeout` setting in the PostgreSQL configuration](https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-ARCHIVE-TIMEOUT), + our experience suggests that the default value set by the operator is + suitable for most use cases. + +When the bandwidth between the PostgreSQL instance and the object +store allows archiving more than one WAL file in parallel, you +can use the parallel WAL archiving feature of the instance manager +like in the following example: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + [...] + wal: + compression: gzip + maxParallel: 8 + encryption: AES256 +``` + +In the previous example, the instance manager optimizes the WAL +archiving process by archiving in parallel at most eight ready +WALs, including the one requested by PostgreSQL. + +When PostgreSQL will request the archiving of a WAL that has +already been archived by the instance manager as an optimization, +that archival request will be just dismissed with a positive status. diff --git a/product_docs/docs/tpa/23/INSTALL.mdx b/product_docs/docs/tpa/23/INSTALL.mdx index f7967e3f294..0faa32c8cf8 100644 --- a/product_docs/docs/tpa/23/INSTALL.mdx +++ b/product_docs/docs/tpa/23/INSTALL.mdx @@ -9,7 +9,7 @@ To use TPA, you need to install from packages or source and run the `tpaexec setup` command. This document explains how to install TPA packages. If you have an EDB subscription plan, and therefore have access to the EDB repositories, you should follow these instructions. To -install TPA from source, please refer to +install TPA from source, please refer to [Installing TPA from Source](INSTALL-repo/). See [Distribution support](reference/distributions/) for information @@ -61,7 +61,7 @@ More detailed explanations of each step are given below. ## Where to install TPA As long as you are using a supported platform, TPA can be installed and -run from your workstation. This is fine for learning, local testing or +run from your workstation. This is fine for learning, local testing or demonstration purposes. TPA supports [deploying to Docker containers](platform-docker/) should you wish to perform a complete deployment on your own workstation. @@ -216,17 +216,13 @@ this, but others will not work without it. ## Ansible community support -TPA now supports ansible community, you may choose to use it by -using `--use-community-ansible` option during `tpaexec setup`, default -will be to use the legacy 2ndQuadrant/ansible fork. This will change in -a future release, support for 2ndQuadrant/ansible will be dropped and -community ansible will become the new default. +TPA now uses the community distribution of ansible by default; you can +continue to use the 2ndQuadrant/ansible fork by passing the +`--use-2q-ansible` option to `tpaexec setup`. In a future TPA release, +support for the 2ndQuadrant ansible fork will be removed. -notable difference: - -- change the `--skip-flags` options to community behavior where a - task will be skipped if part of the list given to the `--skip-tags` - option even if it is also tagged with special tag `always`. - TPA expects all tasks tagged with `always` to be run to ensure - a complete deployment, therefor `--skip-tags` should not be used when - using community ansible. +For most users, this makes no difference. However, if you are using +`--skip-tags` with 2ndQuadrant ansible, be aware that this is not supported +An alternative means of skipping tasks, compatible with all ansible +versions, will be provided before support for 2ndQuadrant ansible is +removed. diff --git a/product_docs/docs/tpa/23/reference/pem.mdx b/product_docs/docs/tpa/23/reference/pem.mdx index c65263b6342..fde8a98e6d9 100644 --- a/product_docs/docs/tpa/23/reference/pem.mdx +++ b/product_docs/docs/tpa/23/reference/pem.mdx @@ -28,13 +28,13 @@ requires a valid subscription. ## Supported architectures -PEM is supported with M1 and BDR-Always-ON architectures via `--enable-pem` -configuration command line option. You could optionally edit the generated +PEM is supported with all architectures via the `--enable-pem` +configuration command line option, with the exception of the +BDR-Always-ON architecture when used with EDB Postgres Extended. +You can optionally edit the generated cluster config (config.yml) and assign or remove `pem-agent` role from any postgres instance in the cluster in order to enable or disable PEM there. -Note that PEM server does not support pgextended for a backend yet. - ## PEM configuration TPA will configure pem agents and pem server with the appropriate @@ -45,17 +45,17 @@ configuration at some point in future. PEM server's web interface is configured to run on https and uses 443 port for the same. PEM's webserver configuration uses self-signed certificates. -Default login credentials for PEM server web interface use the postgres -backend database user which is set to `postgres` for postgresql and -`enterprisedb` for EPAS clusters by default. You could get the login +The default login credentials for the PEM server web interface use the postgres +backend database user, which is set to `postgres` for postgresql and +`enterprisedb` for EPAS clusters by default. You can get the login password for the web interface by running `tpaexec show-password $clusterdir $user`. ## Shared PEM server -Some deployments may want to use a single PEM sever for monitoring and +Some deployments may want to use a single PEM server for monitoring and managing multiple clusters in the organization. Shared pem server deployment -within tpaexec is supported via `pem_shared` variable that you could set via +within tpaexec is supported via the `pem_shared` variable that you could set via `vars:` under the pem server instance for the given cluster config that plans to use an existing pem server. `pem_shared` is a boolean variable so possible values are true and false(default). When declaring a pemserver instance as diff --git a/product_docs/docs/tpa/23/rel_notes/index.mdx b/product_docs/docs/tpa/23/rel_notes/index.mdx index c35d67d7f63..8be8fac3392 100644 --- a/product_docs/docs/tpa/23/rel_notes/index.mdx +++ b/product_docs/docs/tpa/23/rel_notes/index.mdx @@ -2,6 +2,7 @@ title: Trusted Postgres Architect release notes navTitle: "Release notes" navigation: + - tpa_23.24_rel_notes - tpa_23.23_rel_notes - tpa_23.22_rel_notes - tpa_23.21_rel_notes @@ -21,6 +22,7 @@ The Trusted Postgres Architect documentation describes the latest version of Tru | Version | Release date | | ---------------------------- | ------------ | +| [23.24](tpa_23.24_rel_notes) | 17 Oct 2023 | | [23.23](tpa_23.23_rel_notes) | 21 Sep 2023 | | [23.22](tpa_23.22_rel_notes) | 06 Sep 2023 | | [23.21](tpa_23.21_rel_notes) | 05 Sep 2023 | diff --git a/product_docs/docs/tpa/23/rel_notes/tpa_23.24_rel_notes.mdx b/product_docs/docs/tpa/23/rel_notes/tpa_23.24_rel_notes.mdx new file mode 100644 index 00000000000..0cd392ab6c0 --- /dev/null +++ b/product_docs/docs/tpa/23/rel_notes/tpa_23.24_rel_notes.mdx @@ -0,0 +1,31 @@ +--- +title: Trusted Postgres Architect 23.24 release notes +navTitle: "Version 23.24" +--- + +Released: 17 Oct 2023 + +!!! Note 2ndQuadrant/ansible deprecation + +2ndQuadrant/ansible is now deprecated and `tpaexec setup` now defaults to Community Ansible. + +Support for using the 2ndQuadrant Ansible fork will be removed from TPA in April 2024 and the GitHub repository will be archived. + +You should switch to Community Ansible, which is now the default. For the vast majority of users, this change will be transparent. + +If you are using `--skip-tags` with 2ndQuadrant Ansible, be aware that this is not supported with TPA and Community Ansible. +We plan to provide an alternative to `--skip-tags` compatible with Community Ansible before the removal of 2ndQuadrant Ansible. +!!! + +New features, enhancements, bug fixes, and other changes in Trusted Postgres Architect 23.24 include the following: + +| Type | Description | +| ---- |------------ | +| Change | `tpaexec setup` now defaults to using community ansible rather than 2ndQuadrant ansible. The option `--use-2q-ansible` can be used to force the use of 2ndQuadrant ansible, which is now deprecated and will be removed in a future release. If you are using `--skip-tags`, see [the install documentation](../INSTALL.mdx). | +| Change | When a repository has been removed from `edb_repositories` in config.yml, `tpaexec deploy` now removes it from the nodes. | +| Change | TPA will now detect when harp-proxy and harp-manager are running on the same node and use a different config file for harp-proxy. | +| Change | The `upgrade` command will now update local repositories on target instances. | +| Bug Fix | Fixed an issue whereby TPA did not respect `postgres_wal_dir` in pg_basebackup invocation | +| Bug Fix | TPA will now accept repmgr as a failover manager for subscriber-only nodes in PGD clusters, allowing physical replication of such nodes. | +| Bug Fix | Fixed a typo which prevented TPA building Ubuntu 22.04 Docker images. | +| Bug Fix | TPA will now reject unsupported combination of the BDR-Always-ON architecture, the EDB Postgres Extended flavour, and PEM at configure-time. | diff --git a/scripts/fileProcessor/package-lock.json b/scripts/fileProcessor/package-lock.json index 29e5152b1ba..d7cdd398f6b 100644 --- a/scripts/fileProcessor/package-lock.json +++ b/scripts/fileProcessor/package-lock.json @@ -26,11 +26,12 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.0.tgz", - "integrity": "sha512-IF4EOMEV+bfYwOmNxGzSnjR2EmQod7f1UXOpZM3l4i4o4QNwzjtJAu/HxdjHq0aYBvdqMuQEY1eg0nqW9ZPORA==", + "version": "7.22.13", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", + "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", "dependencies": { - "@babel/highlight": "^7.16.0" + "@babel/highlight": "^7.22.13", + "chalk": "^2.4.2" }, "engines": { "node": ">=6.9.0" @@ -67,48 +68,45 @@ } }, "node_modules/@babel/generator": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.16.0.tgz", - "integrity": "sha512-RR8hUCfRQn9j9RPKEVXo9LiwoxLPYn6hNZlvUOR8tSnaxlD0p0+la00ZP9/SnRt6HchKr+X0fO2r8vrETiJGew==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", + "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", "dependencies": { - "@babel/types": "^7.16.0", - "jsesc": "^2.5.1", - "source-map": "^0.5.0" + "@babel/types": "^7.23.0", + "@jridgewell/gen-mapping": "^0.3.2", + "@jridgewell/trace-mapping": "^0.3.17", + "jsesc": "^2.5.1" }, "engines": { "node": ">=6.9.0" } }, - "node_modules/@babel/helper-function-name": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.16.0.tgz", - "integrity": "sha512-BZh4mEk1xi2h4HFjWUXRQX5AEx4rvaZxHgax9gcjdLWdkjsY7MKt5p0otjsg5noXw+pB+clMCjw+aEVYADMjog==", - "dependencies": { - "@babel/helper-get-function-arity": "^7.16.0", - "@babel/template": "^7.16.0", - "@babel/types": "^7.16.0" - }, + "node_modules/@babel/helper-environment-visitor": { + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==", "engines": { "node": ">=6.9.0" } }, - "node_modules/@babel/helper-get-function-arity": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.16.0.tgz", - "integrity": "sha512-ASCquNcywC1NkYh/z7Cgp3w31YW8aojjYIlNg4VeJiHkqyP4AzIvr4qx7pYDb4/s8YcsZWqqOSxgkvjUz1kpDQ==", + "node_modules/@babel/helper-function-name": { + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "dependencies": { - "@babel/types": "^7.16.0" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-hoist-variables": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.16.0.tgz", - "integrity": "sha512-1AZlpazjUR0EQZQv3sgRNfM9mEVWPK3M6vlalczA+EECcPz3XPh6VplbErL5UoMpChhSck5wAJHthlj1bYpcmg==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "dependencies": { - "@babel/types": "^7.16.0" + "@babel/types": "^7.22.5" }, "engines": { "node": ">=6.9.0" @@ -196,20 +194,28 @@ } }, "node_modules/@babel/helper-split-export-declaration": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.16.0.tgz", - "integrity": "sha512-0YMMRpuDFNGTHNRiiqJX19GjNXA4H0E8jZ2ibccfSxaCogbm3am5WN/2nQNj0YnQwGWM1J06GOcQ2qnh3+0paw==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "dependencies": { - "@babel/types": "^7.16.0" + "@babel/types": "^7.22.5" }, "engines": { "node": ">=6.9.0" } }, + "node_modules/@babel/helper-string-parser": { + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", + "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==", + "engines": { + "node": ">=6.9.0" + } + }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.15.7", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz", - "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", "engines": { "node": ">=6.9.0" } @@ -228,12 +234,12 @@ } }, "node_modules/@babel/highlight": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.16.0.tgz", - "integrity": "sha512-t8MH41kUQylBtu2+4IQA3atqevA2lRgqA2wyVB/YiWmsDSuylZZuXOUy9ric30hfzauEFfdsuk/eXTRrGrfd0g==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", + "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", "dependencies": { - "@babel/helper-validator-identifier": "^7.15.7", - "chalk": "^2.0.0", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" }, "engines": { @@ -241,9 +247,9 @@ } }, "node_modules/@babel/parser": { - "version": "7.16.3", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.16.3.tgz", - "integrity": "sha512-dcNwU1O4sx57ClvLBVFbEgx0UZWfd0JQX5X6fxFRCLHelFBGXFfSz6Y0FAq2PEwUqlqLkdVjVr4VASEOuUnLJw==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", + "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==", "bin": { "parser": "bin/babel-parser.js" }, @@ -309,30 +315,31 @@ } }, "node_modules/@babel/template": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.16.0.tgz", - "integrity": "sha512-MnZdpFD/ZdYhXwiunMqqgyZyucaYsbL0IrjoGjaVhGilz+x8YB++kRfygSOIj1yOtWKPlx7NBp+9I1RQSgsd5A==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "dependencies": { - "@babel/code-frame": "^7.16.0", - "@babel/parser": "^7.16.0", - "@babel/types": "^7.16.0" + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.16.3", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.16.3.tgz", - "integrity": "sha512-eolumr1vVMjqevCpwVO99yN/LoGL0EyHiLO5I043aYQvwOJ9eR5UsZSClHVCzfhBduMAsSzgA/6AyqPjNayJag==", - "dependencies": { - "@babel/code-frame": "^7.16.0", - "@babel/generator": "^7.16.0", - "@babel/helper-function-name": "^7.16.0", - "@babel/helper-hoist-variables": "^7.16.0", - "@babel/helper-split-export-declaration": "^7.16.0", - "@babel/parser": "^7.16.3", - "@babel/types": "^7.16.0", + "version": "7.23.2", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", + "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", + "dependencies": { + "@babel/code-frame": "^7.22.13", + "@babel/generator": "^7.23.0", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.0", + "@babel/types": "^7.23.0", "debug": "^4.1.0", "globals": "^11.1.0" }, @@ -341,17 +348,61 @@ } }, "node_modules/@babel/types": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.16.0.tgz", - "integrity": "sha512-PJgg/k3SdLsGb3hhisFvtLOw5ts113klrpLuIPtCJIU+BB24fqq6lf8RWqKJEjzqXR9AEH1rIb5XTqwBHB+kQg==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", + "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", "dependencies": { - "@babel/helper-validator-identifier": "^7.15.7", + "@babel/helper-string-parser": "^7.22.5", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" }, "engines": { "node": ">=6.9.0" } }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz", + "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==", + "dependencies": { + "@jridgewell/set-array": "^1.0.1", + "@jridgewell/sourcemap-codec": "^1.4.10", + "@jridgewell/trace-mapping": "^0.3.9" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz", + "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/set-array": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz", + "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.4.15", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.19", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz", + "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, "node_modules/@mdx-js/util": { "version": "1.6.22", "resolved": "https://registry.npmjs.org/@mdx-js/util/-/util-1.6.22.tgz", @@ -541,7 +592,7 @@ "node_modules/color-name": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" }, "node_modules/comma-separated-tokens": { "version": "1.0.8", @@ -590,7 +641,7 @@ "node_modules/escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", "engines": { "node": ">=0.8.0" } @@ -719,7 +770,7 @@ "node_modules/has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", "engines": { "node": ">=4" } @@ -1306,9 +1357,9 @@ "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, "node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", "bin": { "semver": "bin/semver" } @@ -1578,11 +1629,12 @@ }, "dependencies": { "@babel/code-frame": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.0.tgz", - "integrity": "sha512-IF4EOMEV+bfYwOmNxGzSnjR2EmQod7f1UXOpZM3l4i4o4QNwzjtJAu/HxdjHq0aYBvdqMuQEY1eg0nqW9ZPORA==", + "version": "7.22.13", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", + "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", "requires": { - "@babel/highlight": "^7.16.0" + "@babel/highlight": "^7.22.13", + "chalk": "^2.4.2" } }, "@babel/core": { @@ -1609,39 +1661,36 @@ } }, "@babel/generator": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.16.0.tgz", - "integrity": "sha512-RR8hUCfRQn9j9RPKEVXo9LiwoxLPYn6hNZlvUOR8tSnaxlD0p0+la00ZP9/SnRt6HchKr+X0fO2r8vrETiJGew==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", + "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", "requires": { - "@babel/types": "^7.16.0", - "jsesc": "^2.5.1", - "source-map": "^0.5.0" + "@babel/types": "^7.23.0", + "@jridgewell/gen-mapping": "^0.3.2", + "@jridgewell/trace-mapping": "^0.3.17", + "jsesc": "^2.5.1" } }, - "@babel/helper-function-name": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.16.0.tgz", - "integrity": "sha512-BZh4mEk1xi2h4HFjWUXRQX5AEx4rvaZxHgax9gcjdLWdkjsY7MKt5p0otjsg5noXw+pB+clMCjw+aEVYADMjog==", - "requires": { - "@babel/helper-get-function-arity": "^7.16.0", - "@babel/template": "^7.16.0", - "@babel/types": "^7.16.0" - } + "@babel/helper-environment-visitor": { + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==" }, - "@babel/helper-get-function-arity": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.16.0.tgz", - "integrity": "sha512-ASCquNcywC1NkYh/z7Cgp3w31YW8aojjYIlNg4VeJiHkqyP4AzIvr4qx7pYDb4/s8YcsZWqqOSxgkvjUz1kpDQ==", + "@babel/helper-function-name": { + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "requires": { - "@babel/types": "^7.16.0" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" } }, "@babel/helper-hoist-variables": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.16.0.tgz", - "integrity": "sha512-1AZlpazjUR0EQZQv3sgRNfM9mEVWPK3M6vlalczA+EECcPz3XPh6VplbErL5UoMpChhSck5wAJHthlj1bYpcmg==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "requires": { - "@babel/types": "^7.16.0" + "@babel/types": "^7.22.5" } }, "@babel/helper-member-expression-to-functions": { @@ -1708,17 +1757,22 @@ } }, "@babel/helper-split-export-declaration": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.16.0.tgz", - "integrity": "sha512-0YMMRpuDFNGTHNRiiqJX19GjNXA4H0E8jZ2ibccfSxaCogbm3am5WN/2nQNj0YnQwGWM1J06GOcQ2qnh3+0paw==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "requires": { - "@babel/types": "^7.16.0" + "@babel/types": "^7.22.5" } }, + "@babel/helper-string-parser": { + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", + "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==" + }, "@babel/helper-validator-identifier": { - "version": "7.15.7", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.15.7.tgz", - "integrity": "sha512-K4JvCtQqad9OY2+yTU8w+E82ywk/fe+ELNlt1G8z3bVGlZfn/hOcQQsUhGhW/N+tb3fxK800wLtKOE/aM0m72w==" + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==" }, "@babel/helpers": { "version": "7.16.3", @@ -1731,19 +1785,19 @@ } }, "@babel/highlight": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.16.0.tgz", - "integrity": "sha512-t8MH41kUQylBtu2+4IQA3atqevA2lRgqA2wyVB/YiWmsDSuylZZuXOUy9ric30hfzauEFfdsuk/eXTRrGrfd0g==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", + "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", "requires": { - "@babel/helper-validator-identifier": "^7.15.7", - "chalk": "^2.0.0", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" } }, "@babel/parser": { - "version": "7.16.3", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.16.3.tgz", - "integrity": "sha512-dcNwU1O4sx57ClvLBVFbEgx0UZWfd0JQX5X6fxFRCLHelFBGXFfSz6Y0FAq2PEwUqlqLkdVjVr4VASEOuUnLJw==" + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", + "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==" }, "@babel/plugin-proposal-object-rest-spread": { "version": "7.12.1", @@ -1787,40 +1841,76 @@ } }, "@babel/template": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.16.0.tgz", - "integrity": "sha512-MnZdpFD/ZdYhXwiunMqqgyZyucaYsbL0IrjoGjaVhGilz+x8YB++kRfygSOIj1yOtWKPlx7NBp+9I1RQSgsd5A==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "requires": { - "@babel/code-frame": "^7.16.0", - "@babel/parser": "^7.16.0", - "@babel/types": "^7.16.0" + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" } }, "@babel/traverse": { - "version": "7.16.3", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.16.3.tgz", - "integrity": "sha512-eolumr1vVMjqevCpwVO99yN/LoGL0EyHiLO5I043aYQvwOJ9eR5UsZSClHVCzfhBduMAsSzgA/6AyqPjNayJag==", - "requires": { - "@babel/code-frame": "^7.16.0", - "@babel/generator": "^7.16.0", - "@babel/helper-function-name": "^7.16.0", - "@babel/helper-hoist-variables": "^7.16.0", - "@babel/helper-split-export-declaration": "^7.16.0", - "@babel/parser": "^7.16.3", - "@babel/types": "^7.16.0", + "version": "7.23.2", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", + "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", + "requires": { + "@babel/code-frame": "^7.22.13", + "@babel/generator": "^7.23.0", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.0", + "@babel/types": "^7.23.0", "debug": "^4.1.0", "globals": "^11.1.0" } }, "@babel/types": { - "version": "7.16.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.16.0.tgz", - "integrity": "sha512-PJgg/k3SdLsGb3hhisFvtLOw5ts113klrpLuIPtCJIU+BB24fqq6lf8RWqKJEjzqXR9AEH1rIb5XTqwBHB+kQg==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", + "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", "requires": { - "@babel/helper-validator-identifier": "^7.15.7", + "@babel/helper-string-parser": "^7.22.5", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" } }, + "@jridgewell/gen-mapping": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz", + "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==", + "requires": { + "@jridgewell/set-array": "^1.0.1", + "@jridgewell/sourcemap-codec": "^1.4.10", + "@jridgewell/trace-mapping": "^0.3.9" + } + }, + "@jridgewell/resolve-uri": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz", + "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==" + }, + "@jridgewell/set-array": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz", + "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==" + }, + "@jridgewell/sourcemap-codec": { + "version": "1.4.15", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" + }, + "@jridgewell/trace-mapping": { + "version": "0.3.19", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz", + "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==", + "requires": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, "@mdx-js/util": { "version": "1.6.22", "resolved": "https://registry.npmjs.org/@mdx-js/util/-/util-1.6.22.tgz", @@ -1954,7 +2044,7 @@ "color-name": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" }, "comma-separated-tokens": { "version": "1.0.8", @@ -1988,7 +2078,7 @@ "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=" + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==" }, "extend": { "version": "3.0.2", @@ -2083,7 +2173,7 @@ "has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=" + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==" }, "hast-util-from-parse5": { "version": "6.0.1", @@ -2463,9 +2553,9 @@ "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" }, "slash": { "version": "4.0.0", diff --git a/scripts/fileProcessor/processors/cnp/flatten-appendices.mjs b/scripts/fileProcessor/processors/cnp/flatten-appendices.mjs new file mode 100644 index 00000000000..9eaed2e81ad --- /dev/null +++ b/scripts/fileProcessor/processors/cnp/flatten-appendices.mjs @@ -0,0 +1,8 @@ +export const process = (filename, content) => { + if (filename.includes("/appendixes/")) + return { + newFilename: filename.replace(/\/appendixes\//, "/"), + newContent: content, + }; + return {newFilename: filename, newContent: content}; +}; diff --git a/scripts/fileProcessor/processors/cnp/rewrite-mdextra-anchors.mjs b/scripts/fileProcessor/processors/cnp/rewrite-mdextra-anchors.mjs new file mode 100644 index 00000000000..c88a709a18c --- /dev/null +++ b/scripts/fileProcessor/processors/cnp/rewrite-mdextra-anchors.mjs @@ -0,0 +1,65 @@ +// Rewrites MDExtra headings with embedded fragment identifiers, e.g. +// ## A heading {#with-an-identifier-not-based-on-title} +// into something slightly more compatible with GFM / MDX: +//
+// ## A heading + +import toVFile from "to-vfile"; +import remarkParse from "remark-parse"; +import mdx from "remark-mdx"; +import unified from "unified"; +import remarkFrontmatter from "remark-frontmatter"; +import remarkStringify from "remark-stringify"; +import admonitions from "remark-admonitions"; +import visit from "unist-util-visit"; +import mdast2string from "mdast-util-to-string"; + +export const process = async (filename, content) => { + const processor = unified() + .use(remarkParse) + .use(remarkStringify, { emphasis: "*", bullet: "-", fences: true }) + .use(admonitions, { + tag: "!!!", + icons: "none", + infima: true, + customTypes: { + seealso: "note", + hint: "tip", + interactive: "interactive", + }, + }) + .use(remarkFrontmatter) + .use(mdx) + .use(headingRewriter); + + const output = await processor.process( + toVFile({ path: filename, contents: content }), + ); + + return { + newFilename: filename, + newContent: output.contents.toString(), + }; +}; + +function headingRewriter() { + const anchorRE = /{#([^}]+)}/; + return (tree) => { + // link rewriter: + // - update links to supported_releases.md to point to /resources/platform-compatibility#pgk8s + visit(tree, "heading", (node, index, parent) => { + let text = mdast2string(node); + let anchor = text.match(anchorRE); + if (!anchor) return; + + // remove the anchor syntax from this heading + text = text.replace(anchorRE, ""); + node.children = [{ type: "text", value: text }]; + + // ...and insert it as an HTML (JSX) literal + anchor = { type: "jsx", value: `
` }; + parent.children.splice(index, 0, anchor); + }); + }; +} + diff --git a/scripts/fileProcessor/processors/cnp/strip-html-comments.mjs b/scripts/fileProcessor/processors/cnp/strip-html-comments.mjs new file mode 100644 index 00000000000..41f0ddd6113 --- /dev/null +++ b/scripts/fileProcessor/processors/cnp/strip-html-comments.mjs @@ -0,0 +1,51 @@ +// HTML comments () are not valid in MDX +// strip them out completely + +import toVFile from "to-vfile"; +import remarkParse from "remark-parse"; +import mdx from "remark-mdx"; +import unified from "unified"; +import remarkFrontmatter from "remark-frontmatter"; +import remarkStringify from "remark-stringify"; +import admonitions from "remark-admonitions"; +import visit from "unist-util-visit"; + +export const process = async (filename, content) => { + const processor = unified() + .use(remarkParse) + .use(remarkStringify, { emphasis: "*", bullet: "-", fences: true }) + .use(admonitions, { + tag: "!!!", + icons: "none", + infima: true, + customTypes: { + seealso: "note", + hint: "tip", + interactive: "interactive", + }, + }) + .use(remarkFrontmatter) + .use(mdx) + .use(stripComments); + + const output = await processor.process( + toVFile({ path: filename, contents: content }), + ); + + return { + newFilename: filename, + newContent: output.contents.toString(), + }; +}; + +function stripComments() { + return (tree) => { + visit(tree, "jsx", (node) => { + // todo: use HAST parser here - this is not reliable + + // strip (potentially NON-EMPTY) HTML comments - these are not valid in JSX + node.value = node.value.replace(/(?=/g, ""); + }); + }; +} + diff --git a/scripts/fileProcessor/processors/cnp/update-links.mjs b/scripts/fileProcessor/processors/cnp/update-links.mjs index 17c8fb3455c..36ef8e0336c 100644 --- a/scripts/fileProcessor/processors/cnp/update-links.mjs +++ b/scripts/fileProcessor/processors/cnp/update-links.mjs @@ -6,7 +6,7 @@ import remarkFrontmatter from "remark-frontmatter"; import remarkStringify from "remark-stringify"; import admonitions from "remark-admonitions"; import visit from "unist-util-visit"; -import isAbsoluteUrl from "is-absolute-url"; +import yaml from "js-yaml"; export const process = async (filename, content) => { const processor = unified() @@ -38,12 +38,29 @@ export const process = async (filename, content) => { function linkRewriter() { return (tree) => { + let fileMetadata = {}; // link rewriter: // - update links to supported_releases.md to point to /resources/platform-compatibility#pgk8s - visit(tree, "link", (node) => { - if (node.url === "supported_releases.md") + // - update links to release_notes to rel_notes + // - update links to appendixes/* to /* + // - update links *from* appendixes/* to /* + visit(tree, ["link", "yaml"], (node) => { + if (node.type === "yaml") + { + fileMetadata = yaml.load(node.value); + return; + } + + if (fileMetadata.originalFilePath?.startsWith("src/appendixes")) + node.url = node.url.replace(/^\.\.\//, ""); + + if (node.url.startsWith("appendixes")) + node.url = node.url.replace("appendixes/", ""); + else if (node.url === "supported_releases.md") node.url = "/resources/platform-compatibility#pgk8s"; - else if (node.url === "release_nodes.md") + else if (node.url === "release_notes.md") + node.url = "rel_notes"; + else if (node.url === "release_notes.md") node.url = "rel_notes"; }); }; diff --git a/scripts/fileProcessor/processors/cnp/update-yaml-links.mjs b/scripts/fileProcessor/processors/cnp/update-yaml-links.mjs index f307fb71989..582513f4d08 100644 --- a/scripts/fileProcessor/processors/cnp/update-yaml-links.mjs +++ b/scripts/fileProcessor/processors/cnp/update-yaml-links.mjs @@ -39,12 +39,11 @@ export const process = async (filename, content) => { function linkRewriter() { return (tree) => { // link rewriter: - // - only links to .yaml files in samples dir // - make relative to parent (because gatsby URL paths are always directories) visit(tree, "link", (node) => { if (isAbsoluteUrl(node.url) || node.url[0] === "/") return; if (!node.url.includes(".yaml")) return; - node.url = node.url.replace(/^(?:\.\/)?samples\//, "../samples/"); + node.url = node.url.replace(/^\/?/, "../"); }); }; } diff --git a/scripts/pdf/package-lock.json b/scripts/pdf/package-lock.json index d4a898252e6..9cfc5384ee4 100644 --- a/scripts/pdf/package-lock.json +++ b/scripts/pdf/package-lock.json @@ -35,11 +35,12 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.18.6.tgz", - "integrity": "sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==", + "version": "7.22.13", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", + "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", "dependencies": { - "@babel/highlight": "^7.18.6" + "@babel/highlight": "^7.22.13", + "chalk": "^2.4.2" }, "engines": { "node": ">=6.9.0" @@ -76,12 +77,13 @@ } }, "node_modules/@babel/generator": { - "version": "7.19.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.19.0.tgz", - "integrity": "sha512-S1ahxf1gZ2dpoiFgA+ohK9DIpz50bJ0CWs7Zlzb54Z4sG8qmdIrGrVqmy1sAtTVRb+9CU6U8VqT9L0Zj7hxHVg==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", + "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", "dependencies": { - "@babel/types": "^7.19.0", + "@babel/types": "^7.23.0", "@jridgewell/gen-mapping": "^0.3.2", + "@jridgewell/trace-mapping": "^0.3.17", "jsesc": "^2.5.1" }, "engines": { @@ -89,31 +91,31 @@ } }, "node_modules/@babel/helper-environment-visitor": { - "version": "7.18.9", - "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.18.9.tgz", - "integrity": "sha512-3r/aACDJ3fhQ/EVgFy0hpj8oHyHpQc+LPtJoY9SzTThAsStm4Ptegq92vqKoE3vD706ZVFWITnMnxucw+S9Ipg==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-function-name": { - "version": "7.19.0", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.19.0.tgz", - "integrity": "sha512-WAwHBINyrpqywkUH0nTnNgI5ina5TFn85HKS0pbPDfxFfhyR/aNQEn4hGi1P1JyT//I0t4OgXUlofzWILRvS5w==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "dependencies": { - "@babel/template": "^7.18.10", - "@babel/types": "^7.19.0" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-hoist-variables": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz", - "integrity": "sha512-UlJQPkFqFULIcyW5sbzgbkxn2FKRgwWiRexcuaR8RNJRy8+LLveqPjwZV/bwrLZCN0eUHD/x8D0heK1ozuoo6Q==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "dependencies": { - "@babel/types": "^7.18.6" + "@babel/types": "^7.22.5" }, "engines": { "node": ">=6.9.0" @@ -165,28 +167,28 @@ } }, "node_modules/@babel/helper-split-export-declaration": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.18.6.tgz", - "integrity": "sha512-bde1etTx6ZyTmobl9LLMMQsaizFVZrquTEHOqKeQESMKo4PlObf+8+JA25ZsIpZhT/WEd39+vOdLXAFG/nELpA==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "dependencies": { - "@babel/types": "^7.18.6" + "@babel/types": "^7.22.5" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-string-parser": { - "version": "7.18.10", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.18.10.tgz", - "integrity": "sha512-XtIfWmeNY3i4t7t4D2t02q50HvqHybPqW2ki1kosnvWCwuCMeo81Jf0gwr85jy/neUdg5XDdeFE/80DXiO+njw==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", + "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.19.1", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz", - "integrity": "sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", "engines": { "node": ">=6.9.0" } @@ -205,12 +207,12 @@ } }, "node_modules/@babel/highlight": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.18.6.tgz", - "integrity": "sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", + "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", "dependencies": { - "@babel/helper-validator-identifier": "^7.18.6", - "chalk": "^2.0.0", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" }, "engines": { @@ -218,9 +220,9 @@ } }, "node_modules/@babel/parser": { - "version": "7.19.1", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.19.1.tgz", - "integrity": "sha512-h7RCSorm1DdTVGJf3P2Mhj3kdnkmF/EiysUkzS2TdgAYqyjFdMQJbVuXOBej2SBJaXan/lIVtT6KkGbyyq753A==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", + "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==", "bin": { "parser": "bin/babel-parser.js" }, @@ -286,31 +288,31 @@ } }, "node_modules/@babel/template": { - "version": "7.18.10", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.18.10.tgz", - "integrity": "sha512-TI+rCtooWHr3QJ27kJxfjutghu44DLnasDMwpDqCXVTal9RLp3RSYNh4NdBrRP2cQAoG9A8juOQl6P6oZG4JxA==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "dependencies": { - "@babel/code-frame": "^7.18.6", - "@babel/parser": "^7.18.10", - "@babel/types": "^7.18.10" + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.19.1", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.19.1.tgz", - "integrity": "sha512-0j/ZfZMxKukDaag2PtOPDbwuELqIar6lLskVPPJDjXMXjfLb1Obo/1yjxIGqqAJrmfaTIY3z2wFLAQ7qSkLsuA==", - "dependencies": { - "@babel/code-frame": "^7.18.6", - "@babel/generator": "^7.19.0", - "@babel/helper-environment-visitor": "^7.18.9", - "@babel/helper-function-name": "^7.19.0", - "@babel/helper-hoist-variables": "^7.18.6", - "@babel/helper-split-export-declaration": "^7.18.6", - "@babel/parser": "^7.19.1", - "@babel/types": "^7.19.0", + "version": "7.23.2", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", + "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", + "dependencies": { + "@babel/code-frame": "^7.22.13", + "@babel/generator": "^7.23.0", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.0", + "@babel/types": "^7.23.0", "debug": "^4.1.0", "globals": "^11.1.0" }, @@ -319,12 +321,12 @@ } }, "node_modules/@babel/types": { - "version": "7.19.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.19.0.tgz", - "integrity": "sha512-YuGopBq3ke25BVSiS6fgF49Ul9gH1x70Bcr6bqRLjWCkcX8Hre1/5+z+IiWOIerRMSSEfGZVB9z9kyq7wVs9YA==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", + "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", "dependencies": { - "@babel/helper-string-parser": "^7.18.10", - "@babel/helper-validator-identifier": "^7.18.6", + "@babel/helper-string-parser": "^7.22.5", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" }, "engines": { @@ -366,12 +368,12 @@ "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==" }, "node_modules/@jridgewell/trace-mapping": { - "version": "0.3.15", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.15.tgz", - "integrity": "sha512-oWZNOULl+UbhsgB51uuZzglikfIKSUBO/M9W2OfEjn7cmqoAiCgmv9lyACTUacZwBz0ITnJ2NqjU8Tx0DHL88g==", + "version": "0.3.19", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz", + "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==", "dependencies": { - "@jridgewell/resolve-uri": "^3.0.3", - "@jridgewell/sourcemap-codec": "^1.4.10" + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" } }, "node_modules/@mdx-js/util": { @@ -1473,9 +1475,9 @@ "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, "node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", "bin": { "semver": "bin/semver" } @@ -1805,11 +1807,12 @@ }, "dependencies": { "@babel/code-frame": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.18.6.tgz", - "integrity": "sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==", + "version": "7.22.13", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", + "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", "requires": { - "@babel/highlight": "^7.18.6" + "@babel/highlight": "^7.22.13", + "chalk": "^2.4.2" } }, "@babel/core": { @@ -1836,35 +1839,36 @@ } }, "@babel/generator": { - "version": "7.19.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.19.0.tgz", - "integrity": "sha512-S1ahxf1gZ2dpoiFgA+ohK9DIpz50bJ0CWs7Zlzb54Z4sG8qmdIrGrVqmy1sAtTVRb+9CU6U8VqT9L0Zj7hxHVg==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", + "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", "requires": { - "@babel/types": "^7.19.0", + "@babel/types": "^7.23.0", "@jridgewell/gen-mapping": "^0.3.2", + "@jridgewell/trace-mapping": "^0.3.17", "jsesc": "^2.5.1" } }, "@babel/helper-environment-visitor": { - "version": "7.18.9", - "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.18.9.tgz", - "integrity": "sha512-3r/aACDJ3fhQ/EVgFy0hpj8oHyHpQc+LPtJoY9SzTThAsStm4Ptegq92vqKoE3vD706ZVFWITnMnxucw+S9Ipg==" + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==" }, "@babel/helper-function-name": { - "version": "7.19.0", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.19.0.tgz", - "integrity": "sha512-WAwHBINyrpqywkUH0nTnNgI5ina5TFn85HKS0pbPDfxFfhyR/aNQEn4hGi1P1JyT//I0t4OgXUlofzWILRvS5w==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "requires": { - "@babel/template": "^7.18.10", - "@babel/types": "^7.19.0" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" } }, "@babel/helper-hoist-variables": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz", - "integrity": "sha512-UlJQPkFqFULIcyW5sbzgbkxn2FKRgwWiRexcuaR8RNJRy8+LLveqPjwZV/bwrLZCN0eUHD/x8D0heK1ozuoo6Q==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "requires": { - "@babel/types": "^7.18.6" + "@babel/types": "^7.22.5" } }, "@babel/helper-module-imports": { @@ -1904,22 +1908,22 @@ } }, "@babel/helper-split-export-declaration": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.18.6.tgz", - "integrity": "sha512-bde1etTx6ZyTmobl9LLMMQsaizFVZrquTEHOqKeQESMKo4PlObf+8+JA25ZsIpZhT/WEd39+vOdLXAFG/nELpA==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "requires": { - "@babel/types": "^7.18.6" + "@babel/types": "^7.22.5" } }, "@babel/helper-string-parser": { - "version": "7.18.10", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.18.10.tgz", - "integrity": "sha512-XtIfWmeNY3i4t7t4D2t02q50HvqHybPqW2ki1kosnvWCwuCMeo81Jf0gwr85jy/neUdg5XDdeFE/80DXiO+njw==" + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", + "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==" }, "@babel/helper-validator-identifier": { - "version": "7.19.1", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz", - "integrity": "sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==" + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==" }, "@babel/helpers": { "version": "7.19.0", @@ -1932,19 +1936,19 @@ } }, "@babel/highlight": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.18.6.tgz", - "integrity": "sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", + "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", "requires": { - "@babel/helper-validator-identifier": "^7.18.6", - "chalk": "^2.0.0", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" } }, "@babel/parser": { - "version": "7.19.1", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.19.1.tgz", - "integrity": "sha512-h7RCSorm1DdTVGJf3P2Mhj3kdnkmF/EiysUkzS2TdgAYqyjFdMQJbVuXOBej2SBJaXan/lIVtT6KkGbyyq753A==" + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", + "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==" }, "@babel/plugin-proposal-object-rest-spread": { "version": "7.12.1", @@ -1988,39 +1992,39 @@ } }, "@babel/template": { - "version": "7.18.10", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.18.10.tgz", - "integrity": "sha512-TI+rCtooWHr3QJ27kJxfjutghu44DLnasDMwpDqCXVTal9RLp3RSYNh4NdBrRP2cQAoG9A8juOQl6P6oZG4JxA==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "requires": { - "@babel/code-frame": "^7.18.6", - "@babel/parser": "^7.18.10", - "@babel/types": "^7.18.10" + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" } }, "@babel/traverse": { - "version": "7.19.1", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.19.1.tgz", - "integrity": "sha512-0j/ZfZMxKukDaag2PtOPDbwuELqIar6lLskVPPJDjXMXjfLb1Obo/1yjxIGqqAJrmfaTIY3z2wFLAQ7qSkLsuA==", - "requires": { - "@babel/code-frame": "^7.18.6", - "@babel/generator": "^7.19.0", - "@babel/helper-environment-visitor": "^7.18.9", - "@babel/helper-function-name": "^7.19.0", - "@babel/helper-hoist-variables": "^7.18.6", - "@babel/helper-split-export-declaration": "^7.18.6", - "@babel/parser": "^7.19.1", - "@babel/types": "^7.19.0", + "version": "7.23.2", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", + "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", + "requires": { + "@babel/code-frame": "^7.22.13", + "@babel/generator": "^7.23.0", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.0", + "@babel/types": "^7.23.0", "debug": "^4.1.0", "globals": "^11.1.0" } }, "@babel/types": { - "version": "7.19.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.19.0.tgz", - "integrity": "sha512-YuGopBq3ke25BVSiS6fgF49Ul9gH1x70Bcr6bqRLjWCkcX8Hre1/5+z+IiWOIerRMSSEfGZVB9z9kyq7wVs9YA==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", + "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", "requires": { - "@babel/helper-string-parser": "^7.18.10", - "@babel/helper-validator-identifier": "^7.18.6", + "@babel/helper-string-parser": "^7.22.5", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" } }, @@ -2050,12 +2054,12 @@ "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==" }, "@jridgewell/trace-mapping": { - "version": "0.3.15", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.15.tgz", - "integrity": "sha512-oWZNOULl+UbhsgB51uuZzglikfIKSUBO/M9W2OfEjn7cmqoAiCgmv9lyACTUacZwBz0ITnJ2NqjU8Tx0DHL88g==", + "version": "0.3.19", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz", + "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==", "requires": { - "@jridgewell/resolve-uri": "^3.0.3", - "@jridgewell/sourcemap-codec": "^1.4.10" + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" } }, "@mdx-js/util": { @@ -2807,9 +2811,9 @@ "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" }, "slash": { "version": "4.0.0", diff --git a/scripts/source/dispatch_product.py b/scripts/source/dispatch_product.py index 9f374788903..3874bdb67ff 100755 --- a/scripts/source/dispatch_product.py +++ b/scripts/source/dispatch_product.py @@ -23,7 +23,7 @@ ret = os.system( f"cd {args.workspace}/destination/scripts/source && \ - npm install --production" + npm ci" ) if ret != 0: diff --git a/scripts/source/package-lock.json b/scripts/source/package-lock.json index 43917129155..0b6eb5a5e6d 100644 --- a/scripts/source/package-lock.json +++ b/scripts/source/package-lock.json @@ -32,11 +32,12 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.7.tgz", - "integrity": "sha512-iAXqUn8IIeBTNd72xsFlgaXHkMBMt6y4HJp1tIaK465CWLT/fG1aqB7ykr95gHHmlBdGbFeWWfyB4NJJ0nmeIg==", + "version": "7.22.13", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", + "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", "dependencies": { - "@babel/highlight": "^7.16.7" + "@babel/highlight": "^7.22.13", + "chalk": "^2.4.2" }, "engines": { "node": ">=6.9.0" @@ -73,59 +74,45 @@ } }, "node_modules/@babel/generator": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.17.0.tgz", - "integrity": "sha512-I3Omiv6FGOC29dtlZhkfXO6pgkmukJSlT26QjVvS1DGZe/NzSVCPG41X0tS21oZkJYlovfj9qDWgKP+Cn4bXxw==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", + "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", "dependencies": { - "@babel/types": "^7.17.0", - "jsesc": "^2.5.1", - "source-map": "^0.5.0" + "@babel/types": "^7.23.0", + "@jridgewell/gen-mapping": "^0.3.2", + "@jridgewell/trace-mapping": "^0.3.17", + "jsesc": "^2.5.1" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-environment-visitor": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.16.7.tgz", - "integrity": "sha512-SLLb0AAn6PkUeAfKJCCOl9e1R53pQlGAfc4y4XuMRZfqeMYLE0dM1LMhqbGAlGQY0lfw5/ohoYWAe9V1yibRag==", - "dependencies": { - "@babel/types": "^7.16.7" - }, + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-function-name": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.16.7.tgz", - "integrity": "sha512-QfDfEnIUyyBSR3HtrtGECuZ6DAyCkYFp7GHl75vFtTnn6pjKeK0T1DB5lLkFvBea8MdaiUABx3osbgLyInoejA==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "dependencies": { - "@babel/helper-get-function-arity": "^7.16.7", - "@babel/template": "^7.16.7", - "@babel/types": "^7.16.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-get-function-arity": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.16.7.tgz", - "integrity": "sha512-flc+RLSOBXzNzVhcLu6ujeHUrD6tANAOU5ojrRx/as+tbzf8+stUCj7+IfRRoAbEZqj/ahXEMsjhOhgeZsrnTw==", - "dependencies": { - "@babel/types": "^7.16.7" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-hoist-variables": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.16.7.tgz", - "integrity": "sha512-m04d/0Op34H5v7pbZw6pSKP7weA6lsMvfiIAMeIvkY/R4xQtBSMFEigu9QTZ2qB/9l22vsxtM8a+Q8CzD255fg==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "dependencies": { - "@babel/types": "^7.16.7" + "@babel/types": "^7.22.5" }, "engines": { "node": ">=6.9.0" @@ -177,20 +164,28 @@ } }, "node_modules/@babel/helper-split-export-declaration": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.16.7.tgz", - "integrity": "sha512-xbWoy/PFoxSWazIToT9Sif+jJTlrMcndIsaOKvTA6u7QEo7ilkRZpjew18/W3c7nm8fXdUDXh02VXTbZ0pGDNw==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "dependencies": { - "@babel/types": "^7.16.7" + "@babel/types": "^7.22.5" }, "engines": { "node": ">=6.9.0" } }, + "node_modules/@babel/helper-string-parser": { + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", + "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==", + "engines": { + "node": ">=6.9.0" + } + }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.16.7.tgz", - "integrity": "sha512-hsEnFemeiW4D08A5gUAZxLBTXpZ39P+a+DGDsHw1yxqyQ/jzFEnxf5uTEGp+3bzAbNOxU1paTgYS4ECU/IgfDw==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", "engines": { "node": ">=6.9.0" } @@ -209,12 +204,12 @@ } }, "node_modules/@babel/highlight": { - "version": "7.16.10", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.16.10.tgz", - "integrity": "sha512-5FnTQLSLswEj6IkgVw5KusNUUFY9ZGqe/TRFnP/BKYHYgfh7tc+C7mwiy95/yNP7Dh9x580Vv8r7u7ZfTBFxdw==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", + "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", "dependencies": { - "@babel/helper-validator-identifier": "^7.16.7", - "chalk": "^2.0.0", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" }, "engines": { @@ -222,9 +217,9 @@ } }, "node_modules/@babel/parser": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.17.0.tgz", - "integrity": "sha512-VKXSCQx5D8S04ej+Dqsr1CzYvvWgf20jIw2D+YhQCrIlr2UZGaDds23Y0xg75/skOxpLCRpUZvk/1EAVkGoDOw==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", + "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==", "bin": { "parser": "bin/babel-parser.js" }, @@ -290,31 +285,31 @@ } }, "node_modules/@babel/template": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.16.7.tgz", - "integrity": "sha512-I8j/x8kHUrbYRTUxXrrMbfCa7jxkE7tZre39x3kjr9hvI82cK1FfqLygotcWN5kdPGWcLdWMHpSBavse5tWw3w==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "dependencies": { - "@babel/code-frame": "^7.16.7", - "@babel/parser": "^7.16.7", - "@babel/types": "^7.16.7" + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.17.0.tgz", - "integrity": "sha512-fpFIXvqD6kC7c7PUNnZ0Z8cQXlarCLtCUpt2S1Dx7PjoRtCFffvOkHHSom+m5HIxMZn5bIBVb71lhabcmjEsqg==", - "dependencies": { - "@babel/code-frame": "^7.16.7", - "@babel/generator": "^7.17.0", - "@babel/helper-environment-visitor": "^7.16.7", - "@babel/helper-function-name": "^7.16.7", - "@babel/helper-hoist-variables": "^7.16.7", - "@babel/helper-split-export-declaration": "^7.16.7", - "@babel/parser": "^7.17.0", - "@babel/types": "^7.17.0", + "version": "7.23.2", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", + "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", + "dependencies": { + "@babel/code-frame": "^7.22.13", + "@babel/generator": "^7.23.0", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.0", + "@babel/types": "^7.23.0", "debug": "^4.1.0", "globals": "^11.1.0" }, @@ -323,17 +318,61 @@ } }, "node_modules/@babel/types": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.17.0.tgz", - "integrity": "sha512-TmKSNO4D5rzhL5bjWFcVHHLETzfQ/AmbKpKPOSjlP0WoHZ6L911fgoOKY4Alp/emzG4cHJdyN49zpgkbXFEHHw==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", + "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", "dependencies": { - "@babel/helper-validator-identifier": "^7.16.7", + "@babel/helper-string-parser": "^7.22.5", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" }, "engines": { "node": ">=6.9.0" } }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz", + "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==", + "dependencies": { + "@jridgewell/set-array": "^1.0.1", + "@jridgewell/sourcemap-codec": "^1.4.10", + "@jridgewell/trace-mapping": "^0.3.9" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz", + "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/set-array": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz", + "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.4.15", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.19", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz", + "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, "node_modules/@mdx-js/util": { "version": "1.6.22", "resolved": "https://registry.npmjs.org/@mdx-js/util/-/util-1.6.22.tgz", @@ -586,7 +625,7 @@ "node_modules/color-name": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" }, "node_modules/comma-separated-tokens": { "version": "1.0.8", @@ -643,7 +682,7 @@ "node_modules/escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", "engines": { "node": ">=0.8.0" } @@ -890,7 +929,7 @@ "node_modules/has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", "engines": { "node": ">=4" } @@ -1745,9 +1784,9 @@ "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, "node_modules/semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", "bin": { "semver": "bin/semver" } @@ -2078,11 +2117,12 @@ }, "dependencies": { "@babel/code-frame": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.7.tgz", - "integrity": "sha512-iAXqUn8IIeBTNd72xsFlgaXHkMBMt6y4HJp1tIaK465CWLT/fG1aqB7ykr95gHHmlBdGbFeWWfyB4NJJ0nmeIg==", + "version": "7.22.13", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz", + "integrity": "sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==", "requires": { - "@babel/highlight": "^7.16.7" + "@babel/highlight": "^7.22.13", + "chalk": "^2.4.2" } }, "@babel/core": { @@ -2109,47 +2149,36 @@ } }, "@babel/generator": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.17.0.tgz", - "integrity": "sha512-I3Omiv6FGOC29dtlZhkfXO6pgkmukJSlT26QjVvS1DGZe/NzSVCPG41X0tS21oZkJYlovfj9qDWgKP+Cn4bXxw==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz", + "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==", "requires": { - "@babel/types": "^7.17.0", - "jsesc": "^2.5.1", - "source-map": "^0.5.0" + "@babel/types": "^7.23.0", + "@jridgewell/gen-mapping": "^0.3.2", + "@jridgewell/trace-mapping": "^0.3.17", + "jsesc": "^2.5.1" } }, "@babel/helper-environment-visitor": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.16.7.tgz", - "integrity": "sha512-SLLb0AAn6PkUeAfKJCCOl9e1R53pQlGAfc4y4XuMRZfqeMYLE0dM1LMhqbGAlGQY0lfw5/ohoYWAe9V1yibRag==", - "requires": { - "@babel/types": "^7.16.7" - } + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "integrity": "sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA==" }, "@babel/helper-function-name": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.16.7.tgz", - "integrity": "sha512-QfDfEnIUyyBSR3HtrtGECuZ6DAyCkYFp7GHl75vFtTnn6pjKeK0T1DB5lLkFvBea8MdaiUABx3osbgLyInoejA==", - "requires": { - "@babel/helper-get-function-arity": "^7.16.7", - "@babel/template": "^7.16.7", - "@babel/types": "^7.16.7" - } - }, - "@babel/helper-get-function-arity": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.16.7.tgz", - "integrity": "sha512-flc+RLSOBXzNzVhcLu6ujeHUrD6tANAOU5ojrRx/as+tbzf8+stUCj7+IfRRoAbEZqj/ahXEMsjhOhgeZsrnTw==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "integrity": "sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw==", "requires": { - "@babel/types": "^7.16.7" + "@babel/template": "^7.22.15", + "@babel/types": "^7.23.0" } }, "@babel/helper-hoist-variables": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.16.7.tgz", - "integrity": "sha512-m04d/0Op34H5v7pbZw6pSKP7weA6lsMvfiIAMeIvkY/R4xQtBSMFEigu9QTZ2qB/9l22vsxtM8a+Q8CzD255fg==", + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==", "requires": { - "@babel/types": "^7.16.7" + "@babel/types": "^7.22.5" } }, "@babel/helper-module-imports": { @@ -2189,17 +2218,22 @@ } }, "@babel/helper-split-export-declaration": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.16.7.tgz", - "integrity": "sha512-xbWoy/PFoxSWazIToT9Sif+jJTlrMcndIsaOKvTA6u7QEo7ilkRZpjew18/W3c7nm8fXdUDXh02VXTbZ0pGDNw==", + "version": "7.22.6", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", "requires": { - "@babel/types": "^7.16.7" + "@babel/types": "^7.22.5" } }, + "@babel/helper-string-parser": { + "version": "7.22.5", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz", + "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==" + }, "@babel/helper-validator-identifier": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.16.7.tgz", - "integrity": "sha512-hsEnFemeiW4D08A5gUAZxLBTXpZ39P+a+DGDsHw1yxqyQ/jzFEnxf5uTEGp+3bzAbNOxU1paTgYS4ECU/IgfDw==" + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==" }, "@babel/helpers": { "version": "7.17.0", @@ -2212,19 +2246,19 @@ } }, "@babel/highlight": { - "version": "7.16.10", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.16.10.tgz", - "integrity": "sha512-5FnTQLSLswEj6IkgVw5KusNUUFY9ZGqe/TRFnP/BKYHYgfh7tc+C7mwiy95/yNP7Dh9x580Vv8r7u7ZfTBFxdw==", + "version": "7.22.20", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz", + "integrity": "sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==", "requires": { - "@babel/helper-validator-identifier": "^7.16.7", - "chalk": "^2.0.0", + "@babel/helper-validator-identifier": "^7.22.20", + "chalk": "^2.4.2", "js-tokens": "^4.0.0" } }, "@babel/parser": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.17.0.tgz", - "integrity": "sha512-VKXSCQx5D8S04ej+Dqsr1CzYvvWgf20jIw2D+YhQCrIlr2UZGaDds23Y0xg75/skOxpLCRpUZvk/1EAVkGoDOw==" + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz", + "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==" }, "@babel/plugin-proposal-object-rest-spread": { "version": "7.12.1", @@ -2268,41 +2302,76 @@ } }, "@babel/template": { - "version": "7.16.7", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.16.7.tgz", - "integrity": "sha512-I8j/x8kHUrbYRTUxXrrMbfCa7jxkE7tZre39x3kjr9hvI82cK1FfqLygotcWN5kdPGWcLdWMHpSBavse5tWw3w==", + "version": "7.22.15", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", + "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", "requires": { - "@babel/code-frame": "^7.16.7", - "@babel/parser": "^7.16.7", - "@babel/types": "^7.16.7" + "@babel/code-frame": "^7.22.13", + "@babel/parser": "^7.22.15", + "@babel/types": "^7.22.15" } }, "@babel/traverse": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.17.0.tgz", - "integrity": "sha512-fpFIXvqD6kC7c7PUNnZ0Z8cQXlarCLtCUpt2S1Dx7PjoRtCFffvOkHHSom+m5HIxMZn5bIBVb71lhabcmjEsqg==", - "requires": { - "@babel/code-frame": "^7.16.7", - "@babel/generator": "^7.17.0", - "@babel/helper-environment-visitor": "^7.16.7", - "@babel/helper-function-name": "^7.16.7", - "@babel/helper-hoist-variables": "^7.16.7", - "@babel/helper-split-export-declaration": "^7.16.7", - "@babel/parser": "^7.17.0", - "@babel/types": "^7.17.0", + "version": "7.23.2", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.2.tgz", + "integrity": "sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw==", + "requires": { + "@babel/code-frame": "^7.22.13", + "@babel/generator": "^7.23.0", + "@babel/helper-environment-visitor": "^7.22.20", + "@babel/helper-function-name": "^7.23.0", + "@babel/helper-hoist-variables": "^7.22.5", + "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/parser": "^7.23.0", + "@babel/types": "^7.23.0", "debug": "^4.1.0", "globals": "^11.1.0" } }, "@babel/types": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.17.0.tgz", - "integrity": "sha512-TmKSNO4D5rzhL5bjWFcVHHLETzfQ/AmbKpKPOSjlP0WoHZ6L911fgoOKY4Alp/emzG4cHJdyN49zpgkbXFEHHw==", + "version": "7.23.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz", + "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==", "requires": { - "@babel/helper-validator-identifier": "^7.16.7", + "@babel/helper-string-parser": "^7.22.5", + "@babel/helper-validator-identifier": "^7.22.20", "to-fast-properties": "^2.0.0" } }, + "@jridgewell/gen-mapping": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz", + "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==", + "requires": { + "@jridgewell/set-array": "^1.0.1", + "@jridgewell/sourcemap-codec": "^1.4.10", + "@jridgewell/trace-mapping": "^0.3.9" + } + }, + "@jridgewell/resolve-uri": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz", + "integrity": "sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA==" + }, + "@jridgewell/set-array": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz", + "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==" + }, + "@jridgewell/sourcemap-codec": { + "version": "1.4.15", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" + }, + "@jridgewell/trace-mapping": { + "version": "0.3.19", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.19.tgz", + "integrity": "sha512-kf37QtfW+Hwx/buWGMPcR60iF9ziHa6r/CZJIHbmcm4+0qrXiVdxegAH0F6yddEVQ7zdkjcGCgCzUu+BcbhQxw==", + "requires": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, "@mdx-js/util": { "version": "1.6.22", "resolved": "https://registry.npmjs.org/@mdx-js/util/-/util-1.6.22.tgz", @@ -2473,7 +2542,7 @@ "color-name": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=" + "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==" }, "comma-separated-tokens": { "version": "1.0.8", @@ -2515,7 +2584,7 @@ "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=" + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==" }, "extend": { "version": "3.0.2", @@ -2701,7 +2770,7 @@ "has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=" + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==" }, "has-symbols": { "version": "1.0.3", @@ -3263,9 +3332,9 @@ "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" }, "side-channel": { "version": "1.0.4", diff --git a/scripts/source/process-cnp-docs.sh b/scripts/source/process-cnp-docs.sh index b5df0948b2e..02403e0407b 100755 --- a/scripts/source/process-cnp-docs.sh +++ b/scripts/source/process-cnp-docs.sh @@ -11,7 +11,7 @@ SOURCE_CHECKOUT=`cd $1 && pwd` DESTINATION_CHECKOUT=`cd $2 && pwd` cd $DESTINATION_CHECKOUT/scripts/fileProcessor -npm install --production +npm ci cd $DESTINATION_CHECKOUT/product_docs/docs/postgres_for_kubernetes/1/ node $DESTINATION_CHECKOUT/scripts/source/files-to-ignore.mjs \ @@ -29,9 +29,13 @@ node $DESTINATION_CHECKOUT/scripts/fileProcessor/main.mjs \ node $DESTINATION_CHECKOUT/scripts/fileProcessor/main.mjs \ -f "src/**/*.md" \ + -p "cnp/add-frontmatters" \ + -p "cnp/flatten-appendices" \ -p "cnp/replace-github-urls" \ + -p "cnp/update-links" \ -p "cnp/update-yaml-links" \ - -p "cnp/add-frontmatters" \ + -p "cnp/rewrite-mdextra-anchors" \ + -p "cnp/strip-html-comments" \ -p "cnp/rename-to-mdx" node $DESTINATION_CHECKOUT/scripts/source/merge-indexes.mjs \ diff --git a/src/components/link.js b/src/components/link.js index c1d071d7270..239e9c479c3 100644 --- a/src/components/link.js +++ b/src/components/link.js @@ -21,7 +21,7 @@ const stripPathPrefix = (path, pathPrefix) => { }; const stripMarkdownExtension = (path) => { - return path.replace(/\.mdx?(?=$|\?|#)/, ""); + return path.replace(/\.mdx?\/?(?=$|\?|#)/, ""); }; const isAbsoluteOrProtocolRelativeUrl = (url) => {