From 0330febd794a90eb2a04138835e93fec7d582536 Mon Sep 17 00:00:00 2001 From: Tao Li Date: Mon, 25 Nov 2024 11:50:09 +0800 Subject: [PATCH] port the feat that align with CNPG (PR 173) Signed-off-by: Tao Li --- .../templates/deployment.yaml | 24 +++++++-- .../templates/podmonitor.yaml | 43 ++++++++++++++++ .../templates/rbac.yaml | 50 ++++++++++++++++++ .../templates/tests/test-connection.yaml | 29 ----------- .../values.schema.json | 51 ++++++++++++------- .../values.yaml | 44 ++++++++++++---- .../templates/deployment.yaml | 12 +++-- .../values.schema.json | 8 +++ .../values.yaml | 3 ++ 9 files changed, 198 insertions(+), 66 deletions(-) create mode 100644 charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/podmonitor.yaml delete mode 100644 charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/tests/test-connection.yaml diff --git a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/deployment.yaml b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/deployment.yaml index 59b2eee..4c8be70 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/deployment.yaml +++ b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/deployment.yaml @@ -30,24 +30,37 @@ spec: {{- include "edb-postgres-for-kubernetes-lts.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "edb-postgres-for-kubernetes-lts.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: {{ .Values.hostNetwork }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy }} + {{- end }} containers: - args: - controller - --leader-elect - {{- with .Values.config.name }} - - --config-map-name={{ . }} - - --secret-name={{ . }} + {{- if .Values.config.name }} + {{- if not .Values.config.secret }} + - --config-map-name={{ .Values.config.name }} + {{- else }} + - --secret-name={{ .Values.config.name }} + {{- end }} {{- end }} - --webhook-port={{ .Values.webhook.port }} {{- range .Values.additionalArgs }} @@ -64,6 +77,9 @@ spec: fieldPath: metadata.namespace - name: MONITORING_QUERIES_CONFIGMAP value: "{{ .Values.monitoringQueriesConfigMap.name }}" + {{- if .Values.additionalEnv }} + {{- tpl (.Values.additionalEnvVars | toYaml) . | nindent 8 }} + {{- end }} {{ if not .Values.config.clusterWide -}} - name: WATCH_NAMESPACE value: "{{ .Release.Namespace }}" diff --git a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/podmonitor.yaml b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/podmonitor.yaml new file mode 100644 index 0000000..9aad4b9 --- /dev/null +++ b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/podmonitor.yaml @@ -0,0 +1,43 @@ +# Copyright 2021 EnterpriseDB Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +{{- if .Values.monitoring.podMonitorEnabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "edb-postgres-for-kubernetes.fullname" . }} + labels: + {{- include "edb-postgres-for-kubernetes.labels" . | nindent 4 }} + {{- with .Values.monitoring.podMonitorAdditionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end}} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "edb-postgres-for-kubernetes.selectorLabels" . | nindent 6 }} + podMetricsEndpoints: + - port: metrics + {{- with .Values.monitoring.podMonitorMetricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.podMonitorRelabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/rbac.yaml b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/rbac.yaml index 48768b5..9921ba7 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/rbac.yaml +++ b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/rbac.yaml @@ -106,4 +106,54 @@ subjects: name: {{ include "edb-postgres-for-kubernetes-lts.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "edb-postgres-for-kubernetes-lts.fullname" . }}-view + labels: + {{- include "edb-postgres-for-kubernetes-lts.labels" . | nindent 4 }} + {{- if .Values.rbac.aggregateClusterRoles }} + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- end }} +rules: +- apiGroups: + - postgresql.k8s.enterprisedb.io + resources: + - backups + - clusters + - poolers + - scheduledbackups + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "edb-postgres-for-kubernetes-lts.fullname" . }}-edit + labels: + {{- include "edb-postgres-for-kubernetes-lts.labels" . | nindent 4 }} + {{- if .Values.rbac.aggregateClusterRoles }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- end }} +rules: +- apiGroups: + - postgresql.k8s.enterprisedb.io + resources: + - backups + - clusters + - poolers + - scheduledbackups + verbs: + - create + - delete + - deletecollection + - patch + - update +--- {{- end }} diff --git a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/tests/test-connection.yaml b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/tests/test-connection.yaml deleted file mode 100644 index 26efa2c..0000000 --- a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/tests/test-connection.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2021 EnterpriseDB Corporation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "edb-postgres-for-kubernetes-lts.fullname" . }}-test-connection" - labels: - {{- include "edb-postgres-for-kubernetes-lts.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: "{{ .Values.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - command: ['curl'] - args: ['-ki','https://{{ .Values.service.name }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/values.schema.json b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/values.schema.json index d11348e..fa09730 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/values.schema.json +++ b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/values.schema.json @@ -5,6 +5,9 @@ "additionalArgs": { "type": "array" }, + "additionalEnv": { + "type": "array" + }, "affinity": { "type": "object" }, @@ -80,9 +83,15 @@ } } }, + "dnsPolicy": { + "type": "string" + }, "fullnameOverride": { "type": "string" }, + "hostNetwork": { + "type": "boolean" + }, "image": { "type": "object", "properties": { @@ -128,6 +137,23 @@ } } }, + "monitoring": { + "type": "object", + "properties": { + "podMonitorAdditionalLabels": { + "type": "object" + }, + "podMonitorEnabled": { + "type": "boolean" + }, + "podMonitorMetricRelabelings": { + "type": "array" + }, + "podMonitorRelabelings": { + "type": "array" + } + } + }, "monitoringQueriesConfigMap": { "type": "object", "properties": { @@ -148,6 +174,9 @@ "podAnnotations": { "type": "object" }, + "podLabels": { + "type": "object" + }, "podSecurityContext": { "type": "object", "properties": { @@ -170,6 +199,9 @@ "rbac": { "type": "object", "properties": { + "aggregateClusterRoles": { + "type": "boolean" + }, "create": { "type": "boolean" } @@ -206,25 +238,6 @@ } } }, - "test": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - } - } - }, "tolerations": { "type": "array" }, diff --git a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/values.yaml b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/values.yaml index 1049835..d7c9472 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/values.yaml +++ b/charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/values.yaml @@ -34,12 +34,18 @@ image: imagePullSecrets: - name: edb-pull-secret + nameOverride: "" fullnameOverride: "" +hostNetwork: false +dnsPolicy: "" + crds: + # -- Specifies whether the CRDs should be created when installing the chart. create: true +# -- The webhook configuration. webhook: port: 9443 mutating: @@ -59,7 +65,7 @@ config: create: true # -- The name of the configmap/secret to use. name: postgresql-operator-controller-manager-config - # -- Specifies whether it should be stored in a secret, instead of a configmap + # -- Specifies whether it should be stored in a secret, instead of a configmap. secret: false # -- This option determines if the operator is responsible for observing # events across the entire Kubernetes cluster or if its focus should be @@ -75,9 +81,18 @@ config: # WATCH_NAMESPACE: namespace-a,namespace-b # EDB_LICENSE_KEY: + # -- Additional arguments to be added to the operator's args list additionalArgs: [] +# -- Array containing extra environment variables which can be templated. +# For example: +# - name: RELEASE_NAME +# value: "{{ .Release.Name }}" +# - name: MY_VAR +# value: "mySpecialKey" +additionalEnv: [] + serviceAccount: # -- Specifies whether the service account should be created create: true @@ -88,11 +103,16 @@ serviceAccount: rbac: # -- Specifies whether ClusterRole and ClusterRoleBinding should be created create: true + # -- Aggregate ClusterRoles to Kubernetes default user-facing roles. + # Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + aggregateClusterRoles: false -# -- Annotations to be added to the pod -podAnnotations: {} -# -- Annotations to be added to all other resources +# -- Annotations to be added to all other resources. commonAnnotations: {} +# -- Annotations to be added to the pod. +podAnnotations: {} +# -- Labels to be added to the pod. +podLabels: {} # -- Container Security Context containerSecurityContext: @@ -143,12 +163,16 @@ tolerations: [] # -- Affinity for the operator to be installed affinity: {} -# -- Test related configurations -test: - image: - repository: busybox - pullPolicy: IfNotPresent - tag: "latest" +monitoring: + + # -- Specifies whether the monitoring should be enabled. Requires Prometheus Operator CRDs. + podMonitorEnabled: false + # -- Metrics relabel configurations to apply to samples before ingestion. + podMonitorMetricRelabelings: [] + # -- Relabel configurations to apply to samples before scraping. + podMonitorRelabelings: [] + # -- Additional labels for the podMonitor + podMonitorAdditionalLabels: {} # Default monitoring queries monitoringQueriesConfigMap: diff --git a/charts/edb-postgres-distributed-for-kubernetes/templates/deployment.yaml b/charts/edb-postgres-distributed-for-kubernetes/templates/deployment.yaml index 168a7a3..46c5688 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/templates/deployment.yaml +++ b/charts/edb-postgres-distributed-for-kubernetes/templates/deployment.yaml @@ -32,9 +32,10 @@ spec: {{- include "edb-postgres-distributed-for-kubernetes.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: kubectl.kubernetes.io/default-container: manager + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: @@ -49,9 +50,12 @@ spec: - args: - controller - --leader-elect - {{- with .Values.config.name }} - - --config-map-name={{ . }} - - --secret-name={{ . }} + {{- if .Values.config.name }} + {{- if not .Values.config.secret }} + - --config-map-name={{ .Values.config.name }} + {{- else }} + - --secret-name={{ .Values.config.name }} + {{- end }} {{- end }} - --webhook-port={{ .Values.webhook.port }} {{- range .Values.additionalArgs }} diff --git a/charts/edb-postgres-distributed-for-kubernetes/values.schema.json b/charts/edb-postgres-distributed-for-kubernetes/values.schema.json index 68e6ef1..9e91915 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/values.schema.json +++ b/charts/edb-postgres-distributed-for-kubernetes/values.schema.json @@ -123,6 +123,14 @@ } } } + }, + "crd": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } } } }, diff --git a/charts/edb-postgres-distributed-for-kubernetes/values.yaml b/charts/edb-postgres-distributed-for-kubernetes/values.yaml index 804bc6c..24727d7 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/values.yaml +++ b/charts/edb-postgres-distributed-for-kubernetes/values.yaml @@ -168,3 +168,6 @@ edb-postgres-for-kubernetes-lts: config: data: PULL_SECRET_NAME: edb-pull-secret + crds: + # -- Specifies whether the CRDs should be created when installing the chart. + create: true