From 395b659d475c1804c00c689b3c1b66a657fbe13d Mon Sep 17 00:00:00 2001 From: Dan T <96055340+Dan0x54@users.noreply.github.com> Date: Tue, 6 May 2025 18:47:48 +0100 Subject: [PATCH 1/6] Added Helm support for Affinity and Tolerations (#304) * Added support for tolerations / affinity to Helm chart with consistent flow control --- helm/install/templates/manager.yaml | 8 ++++++++ helm/install/values.yaml | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/helm/install/templates/manager.yaml b/helm/install/templates/manager.yaml index 8bae42ba..7e7066fc 100644 --- a/helm/install/templates/manager.yaml +++ b/helm/install/templates/manager.yaml @@ -64,3 +64,11 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 + {{- if .Values.tolerations }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + {{- end }} diff --git a/helm/install/values.yaml b/helm/install/values.yaml index f38b0920..a66d1efd 100644 --- a/helm/install/values.yaml +++ b/helm/install/values.yaml @@ -87,3 +87,9 @@ resources: # envOverride: # - name: PG_DEBUG # value: "true" + +# tolerations allows you to define pod tolerations for the operator pods. +tolerations: [] + +# affinity allows you to define pod affinity and anti-affinity rules for the operator pods. +affinity: {} \ No newline at end of file From 37732f45fbbdc09aa8302b0972277a2dc4085169 Mon Sep 17 00:00:00 2001 From: jmckulk Date: Thu, 15 May 2025 15:38:42 -0400 Subject: [PATCH 2/6] update for release --- helm/install/Chart.yaml | 4 +-- ...crunchydata.com_crunchybridgeclusters.yaml | 2 +- ...res-operator.crunchydata.com_pgadmins.yaml | 2 +- ...s-operator.crunchydata.com_pgupgrades.yaml | 2 +- ...ator.crunchydata.com_postgresclusters.yaml | 30 +++++++++++++++---- helm/install/templates/manager.yaml | 2 +- helm/install/values.yaml | 30 +++++++++---------- .../images-by-tag/kustomization.yaml | 24 +++++++-------- ...crunchydata.com_crunchybridgeclusters.yaml | 2 +- ...res-operator.crunchydata.com_pgadmins.yaml | 2 +- ...s-operator.crunchydata.com_pgupgrades.yaml | 2 +- ...ator.crunchydata.com_postgresclusters.yaml | 30 +++++++++++++++---- kustomize/install/default/kustomization.yaml | 2 +- .../singlenamespace/kustomization.yaml | 2 +- 14 files changed, 86 insertions(+), 50 deletions(-) diff --git a/helm/install/Chart.yaml b/helm/install/Chart.yaml index 9834cf9e..48285eed 100644 --- a/helm/install/Chart.yaml +++ b/helm/install/Chart.yaml @@ -4,5 +4,5 @@ description: Installer for PGO, the open source Postgres Operator from Crunchy D type: application # The version below should match the version on the PostgresCluster CRD -version: 5.8.1 -appVersion: 5.8.1 +version: 5.8.2 +appVersion: 5.8.2 diff --git a/helm/install/crds/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml b/helm/install/crds/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml index 8f401bdd..d9111933 100644 --- a/helm/install/crds/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml +++ b/helm/install/crds/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: crunchybridgeclusters.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 spec: group: postgres-operator.crunchydata.com names: diff --git a/helm/install/crds/postgres-operator.crunchydata.com_pgadmins.yaml b/helm/install/crds/postgres-operator.crunchydata.com_pgadmins.yaml index 1b922e86..349adf16 100644 --- a/helm/install/crds/postgres-operator.crunchydata.com_pgadmins.yaml +++ b/helm/install/crds/postgres-operator.crunchydata.com_pgadmins.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: pgadmins.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 spec: group: postgres-operator.crunchydata.com names: diff --git a/helm/install/crds/postgres-operator.crunchydata.com_pgupgrades.yaml b/helm/install/crds/postgres-operator.crunchydata.com_pgupgrades.yaml index 115309c6..fc1bb6b2 100644 --- a/helm/install/crds/postgres-operator.crunchydata.com_pgupgrades.yaml +++ b/helm/install/crds/postgres-operator.crunchydata.com_pgupgrades.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: pgupgrades.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 spec: group: postgres-operator.crunchydata.com names: diff --git a/helm/install/crds/postgres-operator.crunchydata.com_postgresclusters.yaml b/helm/install/crds/postgres-operator.crunchydata.com_postgresclusters.yaml index b015af2d..df686ff6 100644 --- a/helm/install/crds/postgres-operator.crunchydata.com_postgresclusters.yaml +++ b/helm/install/crds/postgres-operator.crunchydata.com_postgresclusters.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: postgresclusters.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 spec: group: postgres-operator.crunchydata.com names: @@ -41,9 +41,19 @@ spec: description: PostgresClusterSpec defines the desired state of PostgresCluster properties: authentication: + description: Authentication settings for the PostgreSQL server properties: rules: - description: 'More info: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html' + description: |- + Postgres compares every new connection to these rules in the order they are + defined. The first rule that matches determines if and how the connection + must then authenticate. Connections that match no rules are disconnected. + + When this is omitted or empty, Postgres accepts encrypted connections to any + database from users that have a password. To refuse all network connections, + set this to one rule that matches "host" connections to the "reject" method. + + More info: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html items: properties: connection: @@ -78,6 +88,7 @@ spec: description: |- The authentication method to use when a connection matches this rule. The special value "reject" refuses connections that match this rule. + More info: https://www.postgresql.org/docs/current/auth-methods.html maxLength: 20 minLength: 1 @@ -92,6 +103,7 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + description: Additional settings for this rule or its authentication method. maxProperties: 20 type: object x-kubernetes-map-type: atomic @@ -108,9 +120,15 @@ spec: x-kubernetes-map-type: atomic x-kubernetes-validations: - message: '"hba" cannot be combined with other fields' - rule: 'has(self.hba) ? !has(self.connection) && !has(self.databases) && !has(self.method) && !has(self.options) && !has(self.users) : true' + rule: '[has(self.hba), has(self.connection) || has(self.databases) || has(self.method) || has(self.options) || has(self.users)].exists_one(b,b)' - message: '"connection" and "method" are required' - rule: 'has(self.hba) ? true : has(self.connection) && has(self.method)' + rule: has(self.hba) || (has(self.connection) && has(self.method)) + - message: the "ldap" method requires an "ldapbasedn", "ldapprefix", or "ldapsuffix" option + rule: has(self.hba) || self.method != "ldap" || (has(self.options) && ["ldapbasedn","ldapprefix","ldapsuffix"].exists(k, k in self.options)) + - message: cannot use "ldapbasedn", "ldapbinddn", "ldapbindpasswd", "ldapsearchattribute", or "ldapsearchfilter" options with "ldapprefix" or "ldapsuffix" options + rule: has(self.hba) || self.method != "ldap" || !has(self.options) || [["ldapprefix","ldapsuffix"], ["ldapbasedn","ldapbinddn","ldapbindpasswd","ldapsearchattribute","ldapsearchfilter"]].exists_one(a, a.exists(k, k in self.options)) + - message: the "radius" method requires "radiusservers" and "radiussecrets" options + rule: has(self.hba) || self.method != "radius" || (has(self.options) && ["radiusservers","radiussecrets"].all(k, k in self.options)) maxItems: 10 type: array x-kubernetes-list-type: atomic @@ -4211,6 +4229,7 @@ spec: type: object type: object config: + description: General configuration of the PostgreSQL server properties: files: description: Files to mount under "/etc/postgres". @@ -6291,8 +6310,7 @@ spec: - stanza type: object x-kubernetes-validations: - - fieldPath: .repo - message: Only S3, GCS or Azure repos can be used as a pgBackRest data source. + - message: Only S3, GCS or Azure repos can be used as a pgBackRest data source. rule: '!has(self.repo.volume)' postgresCluster: description: |- diff --git a/helm/install/templates/manager.yaml b/helm/install/templates/manager.yaml index 7e7066fc..fa04aa40 100644 --- a/helm/install/templates/manager.yaml +++ b/helm/install/templates/manager.yaml @@ -71,4 +71,4 @@ spec: {{- if .Values.affinity }} affinity: {{- toYaml .Values.affinity | nindent 8 }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/helm/install/values.yaml b/helm/install/values.yaml index a66d1efd..07fd34fb 100644 --- a/helm/install/values.yaml +++ b/helm/install/values.yaml @@ -2,34 +2,34 @@ # controllerImages are used to run the operator's controllers. # The cluster image defined below runs the PostgresCluster and PGUpgrade controllers. controllerImages: - cluster: registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.1-0 + cluster: registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.2-0 # relatedImages are used when an image is omitted from PostgresCluster, PGAdmin or PGUpgrade specs. relatedImages: postgres_17: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-17.4-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-17.5-2520 postgres_17_gis_3.5: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.4-3.5-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.5-3.5-2520 postgres_17_gis_3.4: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.4-3.4-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.5-3.4-2520 postgres_16: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-16.8-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-16.9-2520 postgres_16_gis_3.4: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.8-3.4-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.9-3.4-2520 postgres_16_gis_3.3: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.8-3.3-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.9-3.3-2520 pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi9-2.54.2-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi9-2.54.2-2520 pgbouncer: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi9-1.24-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi9-1.24-2520 pgexporter: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi9-0.17.1-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi9-0.17.1-2520 pgupgrade: - image: registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi9-17.4-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi9-17.5-2520 standalone_pgadmin: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi9-9.2-2516 + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi9-9.2-2520 collector: - image: registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.1-0 + image: registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.2-0 # singleNamespace controls where PGO watches for PostgresClusters. When false, # PGO watches for and responds to PostgresClusters in all namespaces. When true, @@ -89,7 +89,7 @@ resources: # value: "true" # tolerations allows you to define pod tolerations for the operator pods. -tolerations: [] +# tolerations: [] # affinity allows you to define pod affinity and anti-affinity rules for the operator pods. -affinity: {} \ No newline at end of file +# affinity: {} diff --git a/kustomize/install/components/images-by-tag/kustomization.yaml b/kustomize/install/components/images-by-tag/kustomization.yaml index 4affeac2..6855d30f 100644 --- a/kustomize/install/components/images-by-tag/kustomization.yaml +++ b/kustomize/install/components/images-by-tag/kustomization.yaml @@ -2,37 +2,37 @@ kind: Component images: - name: image-pgadmin newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4 - newTag: ubi9-9.2-2516 + newTag: ubi9-9.2-2520 - name: image-pgbackrest newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest - newTag: ubi9-2.54.2-2516 + newTag: ubi9-2.54.2-2520 - name: image-pgbouncer newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer - newTag: ubi9-1.24-2516 + newTag: ubi9-1.24-2520 - name: image-postgres-exporter newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter - newTag: ubi9-0.17.1-2516 + newTag: ubi9-0.17.1-2520 - name: image-postgres-operator-5.8 newName: registry.developers.crunchydata.com/crunchydata/postgres-operator - newTag: ubi9-5.8.1-0 + newTag: ubi9-5.8.2-0 - name: image-crunchy-postgres-16 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres - newTag: ubi9-16.8-2516 + newTag: ubi9-16.9-2520 - name: image-crunchy-postgres-17 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres - newTag: ubi9-17.4-2516 + newTag: ubi9-17.5-2520 - name: image-crunchy-upgrade newName: registry.developers.crunchydata.com/crunchydata/crunchy-upgrade - newTag: ubi9-17.4-2516 + newTag: ubi9-17.5-2520 - name: image-crunchy-postgres-16-gis-3.3 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis - newTag: ubi9-16.8-3.3-2516 + newTag: ubi9-16.9-3.3-2520 - name: image-crunchy-postgres-16-gis-3.4 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis - newTag: ubi9-16.8-3.4-2516 + newTag: ubi9-16.9-3.4-2520 - name: image-crunchy-postgres-17-gis-3.4 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis - newTag: ubi9-17.4-3.4-2516 + newTag: ubi9-17.5-3.4-2520 - name: image-crunchy-postgres-17-gis-3.5 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis - newTag: ubi9-17.4-3.5-2516 + newTag: ubi9-17.5-3.5-2520 diff --git a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml index 8f401bdd..d9111933 100644 --- a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml +++ b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: crunchybridgeclusters.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 spec: group: postgres-operator.crunchydata.com names: diff --git a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml index 1b922e86..349adf16 100644 --- a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml +++ b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: pgadmins.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 spec: group: postgres-operator.crunchydata.com names: diff --git a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml index 115309c6..fc1bb6b2 100644 --- a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml +++ b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: pgupgrades.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 spec: group: postgres-operator.crunchydata.com names: diff --git a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml index b015af2d..df686ff6 100644 --- a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml +++ b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: postgresclusters.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 spec: group: postgres-operator.crunchydata.com names: @@ -41,9 +41,19 @@ spec: description: PostgresClusterSpec defines the desired state of PostgresCluster properties: authentication: + description: Authentication settings for the PostgreSQL server properties: rules: - description: 'More info: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html' + description: |- + Postgres compares every new connection to these rules in the order they are + defined. The first rule that matches determines if and how the connection + must then authenticate. Connections that match no rules are disconnected. + + When this is omitted or empty, Postgres accepts encrypted connections to any + database from users that have a password. To refuse all network connections, + set this to one rule that matches "host" connections to the "reject" method. + + More info: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html items: properties: connection: @@ -78,6 +88,7 @@ spec: description: |- The authentication method to use when a connection matches this rule. The special value "reject" refuses connections that match this rule. + More info: https://www.postgresql.org/docs/current/auth-methods.html maxLength: 20 minLength: 1 @@ -92,6 +103,7 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + description: Additional settings for this rule or its authentication method. maxProperties: 20 type: object x-kubernetes-map-type: atomic @@ -108,9 +120,15 @@ spec: x-kubernetes-map-type: atomic x-kubernetes-validations: - message: '"hba" cannot be combined with other fields' - rule: 'has(self.hba) ? !has(self.connection) && !has(self.databases) && !has(self.method) && !has(self.options) && !has(self.users) : true' + rule: '[has(self.hba), has(self.connection) || has(self.databases) || has(self.method) || has(self.options) || has(self.users)].exists_one(b,b)' - message: '"connection" and "method" are required' - rule: 'has(self.hba) ? true : has(self.connection) && has(self.method)' + rule: has(self.hba) || (has(self.connection) && has(self.method)) + - message: the "ldap" method requires an "ldapbasedn", "ldapprefix", or "ldapsuffix" option + rule: has(self.hba) || self.method != "ldap" || (has(self.options) && ["ldapbasedn","ldapprefix","ldapsuffix"].exists(k, k in self.options)) + - message: cannot use "ldapbasedn", "ldapbinddn", "ldapbindpasswd", "ldapsearchattribute", or "ldapsearchfilter" options with "ldapprefix" or "ldapsuffix" options + rule: has(self.hba) || self.method != "ldap" || !has(self.options) || [["ldapprefix","ldapsuffix"], ["ldapbasedn","ldapbinddn","ldapbindpasswd","ldapsearchattribute","ldapsearchfilter"]].exists_one(a, a.exists(k, k in self.options)) + - message: the "radius" method requires "radiusservers" and "radiussecrets" options + rule: has(self.hba) || self.method != "radius" || (has(self.options) && ["radiusservers","radiussecrets"].all(k, k in self.options)) maxItems: 10 type: array x-kubernetes-list-type: atomic @@ -4211,6 +4229,7 @@ spec: type: object type: object config: + description: General configuration of the PostgreSQL server properties: files: description: Files to mount under "/etc/postgres". @@ -6291,8 +6310,7 @@ spec: - stanza type: object x-kubernetes-validations: - - fieldPath: .repo - message: Only S3, GCS or Azure repos can be used as a pgBackRest data source. + - message: Only S3, GCS or Azure repos can be used as a pgBackRest data source. rule: '!has(self.repo.volume)' postgresCluster: description: |- diff --git a/kustomize/install/default/kustomization.yaml b/kustomize/install/default/kustomization.yaml index 7c0d7111..e7ba6cea 100644 --- a/kustomize/install/default/kustomization.yaml +++ b/kustomize/install/default/kustomization.yaml @@ -7,7 +7,7 @@ labels: includeTemplates: true pairs: app.kubernetes.io/name: pgo - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 - includeSelectors: true includeTemplates: true pairs: diff --git a/kustomize/install/singlenamespace/kustomization.yaml b/kustomize/install/singlenamespace/kustomization.yaml index fc190a64..a4a9c565 100644 --- a/kustomize/install/singlenamespace/kustomization.yaml +++ b/kustomize/install/singlenamespace/kustomization.yaml @@ -7,7 +7,7 @@ labels: includeTemplates: true pairs: app.kubernetes.io/name: pgo - app.kubernetes.io/version: 5.8.1 + app.kubernetes.io/version: 5.8.2 - includeSelectors: true includeTemplates: true pairs: From edaf5c2e59a2df70b25a2e121aa8b16a874121ea Mon Sep 17 00:00:00 2001 From: jmckulk Date: Thu, 15 May 2025 15:46:49 -0400 Subject: [PATCH 3/6] fix whitespace --- helm/install/templates/manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/install/templates/manager.yaml b/helm/install/templates/manager.yaml index fa04aa40..7e7066fc 100644 --- a/helm/install/templates/manager.yaml +++ b/helm/install/templates/manager.yaml @@ -71,4 +71,4 @@ spec: {{- if .Values.affinity }} affinity: {{- toYaml .Values.affinity | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }} From 4f8d0d9413b34f18ea098856dd90e58a76a344d6 Mon Sep 17 00:00:00 2001 From: andrewlecuyer Date: Thu, 22 May 2025 14:30:57 +0000 Subject: [PATCH 4/6] Update Examples for the Latest Version of Keycloak The Keycloak example now works with the latest version of Keycloak. This includes using the new env vars and settings that are now available in the latest version of Keycloak. The PostgresCluster's created for the Keycloak examples (which includes any PostgresCluster's created for use with Keycloak in the Crunchy Postgres for Kubernetes documentation) have also been updated to set the "autoCreateUserSchema" annotation to "true". Without this setting, Keycloak will crash on startup when attempting to use the public schema. --- kustomize/keycloak/keycloak.yaml | 20 ++++++++++---------- kustomize/keycloak/postgres.yaml | 2 ++ kustomize/postgres/postgres.yaml | 4 +++- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/kustomize/keycloak/keycloak.yaml b/kustomize/keycloak/keycloak.yaml index bfa66376..c6306b72 100644 --- a/kustomize/keycloak/keycloak.yaml +++ b/kustomize/keycloak/keycloak.yaml @@ -19,24 +19,24 @@ spec: args: ["start-dev"] name: keycloak env: - - name: DB_VENDOR + - name: KC_DB value: "postgres" - - name: DB_ADDR + - name: KC_DB_URL_HOST valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: host } } - - name: DB_PORT + - name: KC_DB_URL_PORT valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: port } } - - name: DB_DATABASE + - name: KC_DB_URL_DATABASE valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: dbname } } - - name: DB_USER + - name: KC_DB_USERNAME valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: user } } - - name: DB_PASSWORD + - name: KC_DB_PASSWORD valueFrom: { secretKeyRef: { name: keycloakdb-pguser-keycloakdb, key: password } } - - name: KEYCLOAK_ADMIN + - name: KC_BOOTSTRAP_ADMIN_USERNAME value: "admin" - - name: KEYCLOAK_ADMIN_PASSWORD + - name: KC_BOOTSTRAP_ADMIN_PASSWORD value: "admin" - - name: KC_PROXY - value: "edge" + - name: KC_PROXY_HEADERS + value: "xforwarded" ports: - name: http containerPort: 8080 diff --git a/kustomize/keycloak/postgres.yaml b/kustomize/keycloak/postgres.yaml index 67624313..e2b8c0d9 100644 --- a/kustomize/keycloak/postgres.yaml +++ b/kustomize/keycloak/postgres.yaml @@ -2,6 +2,8 @@ apiVersion: postgres-operator.crunchydata.com/v1beta1 kind: PostgresCluster metadata: name: keycloakdb + annotations: + postgres-operator.crunchydata.com/autoCreateUserSchema: "true" spec: postgresVersion: 17 instances: diff --git a/kustomize/postgres/postgres.yaml b/kustomize/postgres/postgres.yaml index a832aa5a..53328559 100644 --- a/kustomize/postgres/postgres.yaml +++ b/kustomize/postgres/postgres.yaml @@ -2,10 +2,12 @@ apiVersion: postgres-operator.crunchydata.com/v1beta1 kind: PostgresCluster metadata: name: hippo + annotations: + postgres-operator.crunchydata.com/autoCreateUserSchema: "true" spec: postgresVersion: 17 users: - - name: rhino + - name: hippo databases: - zoo instances: From 89a07af45ff01fe200f6176be110b53ac6b2b029 Mon Sep 17 00:00:00 2001 From: Benjamin Blattberg Date: Fri, 29 Aug 2025 18:12:30 -0500 Subject: [PATCH 5/6] patching Kustomize monitoring installer (#311) --- .../monitoring/alertmanager/deployment.yaml | 2 +- .../grafana/dashboards/pgbouncer_direct.json | 4 +-- .../dashboards/postgresql_details.json | 16 ++++++------ .../dashboards/postgresql_overview.json | 2 +- .../grafana/dashboards/prometheus_alerts.json | 6 ++--- kustomize/monitoring/grafana/deployment.yaml | 2 +- .../config/crunchy-alert-rules-pg.yml | 26 ++++++++++++++++--- 7 files changed, 39 insertions(+), 19 deletions(-) diff --git a/kustomize/monitoring/alertmanager/deployment.yaml b/kustomize/monitoring/alertmanager/deployment.yaml index 8844a6e6..5453205f 100644 --- a/kustomize/monitoring/alertmanager/deployment.yaml +++ b/kustomize/monitoring/alertmanager/deployment.yaml @@ -8,7 +8,7 @@ spec: spec: containers: - name: alertmanager - image: prom/alertmanager:v0.27.0 + image: prom/alertmanager:v0.28.1 args: - --config.file=/etc/alertmanager/alertmanager.yml - --storage.path=/alertmanager diff --git a/kustomize/monitoring/grafana/dashboards/pgbouncer_direct.json b/kustomize/monitoring/grafana/dashboards/pgbouncer_direct.json index 68c23793..a70694f5 100644 --- a/kustomize/monitoring/grafana/dashboards/pgbouncer_direct.json +++ b/kustomize/monitoring/grafana/dashboards/pgbouncer_direct.json @@ -28,7 +28,7 @@ "name": "Prometheus", "version": "1.0.0" } - ], + ], "annotations": { "list": [ { @@ -660,7 +660,7 @@ ], "value": [ "$__all" - ] + ] }, "datasource": "PROMETHEUS", "definition": "label_values(ccp_pgbouncer_databases_pool_size{cluster_name=\"[[cluster_name]]\", pod=\"[[pgbnode]]\"},name)", diff --git a/kustomize/monitoring/grafana/dashboards/postgresql_details.json b/kustomize/monitoring/grafana/dashboards/postgresql_details.json index 90866777..d38cf826 100644 --- a/kustomize/monitoring/grafana/dashboards/postgresql_details.json +++ b/kustomize/monitoring/grafana/dashboards/postgresql_details.json @@ -151,7 +151,7 @@ "pluginVersion": "7.4.5", "targets": [ { - "expr": "min(ccp_backrest_last_incr_backup_time_since_completion_seconds{pg_cluster=\"[[cluster]]\"} < ccp_backrest_last_diff_backup_time_since_completion_seconds{pg_cluster=\"[[cluster]]\"} or ccp_backrest_last_incr_backup_time_since_completion_seconds{pg_cluster=\"[[cluster]]\"} < ccp_backrest_last_full_backup_time_since_completion_seconds{pg_cluster=\"[[cluster]]\"} or ccp_backrest_last_incr_backup_time_since_completion_seconds{pg_cluster=\"[[cluster]]\"}) ", + "expr": "min(ccp_backrest_last_incr_backup_time_since_completion_seconds{pg_cluster=\"[[cluster]]\"} or ccp_backrest_last_diff_backup_time_since_completion_seconds{pg_cluster=\"[[cluster]]\"} or ccp_backrest_last_full_backup_time_since_completion_seconds{pg_cluster=\"[[cluster]]\"}) ", "format": "time_series", "interval": "", "intervalFactor": 1, @@ -1701,29 +1701,29 @@ "step": 2 }, { - "expr": "sum(ccp_stat_bgwriter_buffers_backend{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"})", + "expr": "sum(ccp_stat_io_bgwriter_writes{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"}) or sum(ccp_stat_bgwriter_buffers_backend{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"})", "format": "time_series", "intervalFactor": 2, - "legendFormat": "Backend", - "metric": "ccp_stat_bgwriter_buffers_backend", + "legendFormat": "Writes", + "metric": "ccp_stat_io_bgwriter_writes", "refId": "B", "step": 2 }, { - "expr": "sum(ccp_stat_bgwriter_buffers_backend_fsync{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"})", + "expr": "sum(ccp_stat_io_bgwriter_fsyncs{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"}) or sum(ccp_stat_bgwriter_buffers_backend_fsync{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "FSync", - "metric": "ccp_stat_bgwriter_buffers_backend_fsync", + "metric": "ccp_stat_io_bgwriter_fsyncs", "refId": "C", "step": 2 }, { - "expr": "sum(ccp_stat_bgwriter_buffers_checkpoint{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"})", + "expr": "sum(ccp_stat_checkpointer_buffers_written{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"}) or sum(ccp_stat_bgwriter_buffers_checkpoint{pg_cluster=\"[[cluster]]\",pod=~\"[[pod]]\"})", "format": "time_series", "intervalFactor": 2, "legendFormat": "CheckPoint", - "metric": "ccp_stat_bgwriter_buffers_checkpoint", + "metric": "ccp_stat_checkpointer_buffers_written", "refId": "D", "step": 2 }, diff --git a/kustomize/monitoring/grafana/dashboards/postgresql_overview.json b/kustomize/monitoring/grafana/dashboards/postgresql_overview.json index b965463f..f9bf2e94 100644 --- a/kustomize/monitoring/grafana/dashboards/postgresql_overview.json +++ b/kustomize/monitoring/grafana/dashboards/postgresql_overview.json @@ -163,7 +163,7 @@ "targets": [ { "$hashKey": "object:243", - "expr": "sum(pg_up{pg_cluster=~\"$cluster\"})*100+sum(ccp_is_in_recovery_status{pg_cluster=~\"$cluster\"}) or sum(up{pg_cluster=~\"$cluster\"})*100+sum(ccp_is_in_recovery_status{pg_cluster=~\"$cluster\"})", + "expr": "sum(pg_up{pg_cluster=~\"$cluster\"})*100+sum(ccp_is_in_recovery_status{pg_cluster=~\"$cluster\"}) or sum(patroni_postgres_running{pg_cluster=~\"$cluster\"})*100+sum(ccp_is_in_recovery_status{pg_cluster=~\"$cluster\"})", "format": "time_series", "interval": "", "intervalFactor": 1, diff --git a/kustomize/monitoring/grafana/dashboards/prometheus_alerts.json b/kustomize/monitoring/grafana/dashboards/prometheus_alerts.json index f41aa481..e0090cf8 100644 --- a/kustomize/monitoring/grafana/dashboards/prometheus_alerts.json +++ b/kustomize/monitoring/grafana/dashboards/prometheus_alerts.json @@ -136,7 +136,7 @@ "pluginVersion": "7.4.5", "targets": [ { - "expr": "count(count by (kubernetes_namespace) (pg_up)) or count(count by (kubernetes_namespace) (up))", + "expr": "sum(count by (kubernetes_namespace) (pg_up{pg_cluster!=''})) + sum(count by (kubernetes_namespace) (patroni_postgres_running{pg_cluster!=''}))", "format": "time_series", "instant": true, "interval": "", @@ -208,7 +208,7 @@ "pluginVersion": "7.4.5", "targets": [ { - "expr": "count(count by (pg_cluster) (pg_up)) or count(count by (pg_cluster) (up))", + "expr": "sum(count by (pg_cluster) (pg_up{pg_cluster!=''})) + sum(count by (pg_cluster) (patroni_postgres_running{pg_cluster!=''}))", "format": "time_series", "instant": true, "interval": "", @@ -280,7 +280,7 @@ "pluginVersion": "7.4.5", "targets": [ { - "expr": "count(pg_up) or count(up)", + "expr": "sum(count(pg_up{pg_cluster!=''})) + sum(count(patroni_postgres_running{pg_cluster!=''}))", "format": "time_series", "instant": true, "interval": "", diff --git a/kustomize/monitoring/grafana/deployment.yaml b/kustomize/monitoring/grafana/deployment.yaml index ddfea378..67d60d8b 100644 --- a/kustomize/monitoring/grafana/deployment.yaml +++ b/kustomize/monitoring/grafana/deployment.yaml @@ -8,7 +8,7 @@ spec: spec: containers: - name: grafana - image: grafana/grafana:11.1.5 + image: grafana/grafana:11.1.13 ports: - containerPort: 3000 env: diff --git a/kustomize/monitoring/prometheus/config/crunchy-alert-rules-pg.yml b/kustomize/monitoring/prometheus/config/crunchy-alert-rules-pg.yml index 83f666e4..b68a197e 100644 --- a/kustomize/monitoring/prometheus/config/crunchy-alert-rules-pg.yml +++ b/kustomize/monitoring/prometheus/config/crunchy-alert-rules-pg.yml @@ -22,7 +22,7 @@ groups: ########## SYSTEM RULES ########## - alert: ExporterDown - expr: avg_over_time(up[5m]) < 0.5 + expr: avg_over_time(up{job=~"crunchy-otel-collector|crunchy-postgres-exporter",exported_job!="patroni"}[5m]) < 0.5 for: 10s labels: service: system @@ -35,15 +35,35 @@ groups: ########## POSTGRESQL RULES ########## - alert: PGIsUp - expr: "pg_up < 1 or up < 1" + expr: "pg_up < 1 or patroni_postgres_running < 1" for: 60s labels: service: postgresql severity: critical severity_num: 300 annotations: - summary: 'postgres_exporter running on {{ $labels.job }} is unable to communicate with the configured database' + summary: 'Metrics exporter running on {{ $labels.job }} is unable to communicate with the configured database' + - alert: PGNoPrimary + expr: max by (cluster_name) (ccp_is_in_recovery_status) < 2 + for: 30s + labels: + service: postgresql + severity: critical + severity_num: 300 + annotations: + summary: 'cluster {{ $labels.cluster_name }} does not have a primary instance' + +# Alert on missing or absent replicas +# - alert: PGNoReplica +# expr: min by (cluster_name) (ccp_is_in_recovery_status) > 1 +# for: 30s +# labels: +# service: postgresql +# severity: critical +# severity_num: 300 +# annotations: +# summary: 'cluster {{ $labels.cluster_name }} does not have a replica instance' # Example to check for current version of PostgreSQL. Metric returns the version that the exporter is running on, so you can set a rule to check for the minimum version you'd like all systems to be on. Number returned is the 6 digit integer representation contained in the setting "server_version_num". # From 6b9bb005f171690d228bf49ca19f8f4caff95451 Mon Sep 17 00:00:00 2001 From: Valerie Clarkson Date: Tue, 2 Sep 2025 15:26:45 -0400 Subject: [PATCH 6/6] release updates PGO-2649 --- helm/install/Chart.yaml | 4 +- ...crunchydata.com_crunchybridgeclusters.yaml | 2 +- ...res-operator.crunchydata.com_pgadmins.yaml | 137 +++++++++++++++++- ...s-operator.crunchydata.com_pgupgrades.yaml | 2 +- ...ator.crunchydata.com_postgresclusters.yaml | 137 +++++++++++++++++- helm/install/values.yaml | 26 ++-- .../images-by-tag/kustomization.yaml | 24 +-- ...crunchydata.com_crunchybridgeclusters.yaml | 2 +- ...res-operator.crunchydata.com_pgadmins.yaml | 137 +++++++++++++++++- ...s-operator.crunchydata.com_pgupgrades.yaml | 2 +- ...ator.crunchydata.com_postgresclusters.yaml | 137 +++++++++++++++++- kustomize/install/default/kustomization.yaml | 2 +- .../singlenamespace/kustomization.yaml | 2 +- 13 files changed, 577 insertions(+), 37 deletions(-) diff --git a/helm/install/Chart.yaml b/helm/install/Chart.yaml index 48285eed..42207888 100644 --- a/helm/install/Chart.yaml +++ b/helm/install/Chart.yaml @@ -4,5 +4,5 @@ description: Installer for PGO, the open source Postgres Operator from Crunchy D type: application # The version below should match the version on the PostgresCluster CRD -version: 5.8.2 -appVersion: 5.8.2 +version: 5.8.3 +appVersion: 5.8.3 diff --git a/helm/install/crds/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml b/helm/install/crds/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml index d9111933..794d8248 100644 --- a/helm/install/crds/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml +++ b/helm/install/crds/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: crunchybridgeclusters.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 spec: group: postgres-operator.crunchydata.com names: diff --git a/helm/install/crds/postgres-operator.crunchydata.com_pgadmins.yaml b/helm/install/crds/postgres-operator.crunchydata.com_pgadmins.yaml index 349adf16..0124eb15 100644 --- a/helm/install/crds/postgres-operator.crunchydata.com_pgadmins.yaml +++ b/helm/install/crds/postgres-operator.crunchydata.com_pgadmins.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: pgadmins.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 spec: group: postgres-operator.crunchydata.com names: @@ -1623,6 +1623,122 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + environmentVariables: + description: |- + EnvironmentVariables allows the user to add environment variables to the + collector container. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: Cannot overwrite environment variables set by operator + rule: self.name != 'K8S_POD_NAMESPACE' && self.name != 'K8S_POD_NAME' && self.name != 'PGPASSWORD' + minItems: 1 + type: array + x-kubernetes-list-type: atomic exporters: description: |- Exporters allows users to configure OpenTelemetry exporters that exist @@ -2019,6 +2135,13 @@ spec: type: string x-kubernetes-validations: - rule: duration("0") <= self && self <= duration("60m") + databases: + description: |- + The databases to target with added custom queries. + Default behavior is to target `postgres`. + items: + type: string + type: array name: description: |- The name of this batch of queries, which will be used in naming the OTel @@ -2062,6 +2185,18 @@ spec: type: string type: array type: object + exporters: + description: The names of exporters that should send metrics. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + perDBMetricTargets: + description: User defined databases to target for default per-db metrics + items: + type: string + type: array type: object resources: description: Resources holds the resource requirements for the collector container. diff --git a/helm/install/crds/postgres-operator.crunchydata.com_pgupgrades.yaml b/helm/install/crds/postgres-operator.crunchydata.com_pgupgrades.yaml index fc1bb6b2..476b1ef1 100644 --- a/helm/install/crds/postgres-operator.crunchydata.com_pgupgrades.yaml +++ b/helm/install/crds/postgres-operator.crunchydata.com_pgupgrades.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: pgupgrades.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 spec: group: postgres-operator.crunchydata.com names: diff --git a/helm/install/crds/postgres-operator.crunchydata.com_postgresclusters.yaml b/helm/install/crds/postgres-operator.crunchydata.com_postgresclusters.yaml index df686ff6..fd078c2a 100644 --- a/helm/install/crds/postgres-operator.crunchydata.com_postgresclusters.yaml +++ b/helm/install/crds/postgres-operator.crunchydata.com_postgresclusters.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: postgresclusters.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 spec: group: postgres-operator.crunchydata.com names: @@ -10970,6 +10970,122 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + environmentVariables: + description: |- + EnvironmentVariables allows the user to add environment variables to the + collector container. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: Cannot overwrite environment variables set by operator + rule: self.name != 'K8S_POD_NAMESPACE' && self.name != 'K8S_POD_NAME' && self.name != 'PGPASSWORD' + minItems: 1 + type: array + x-kubernetes-list-type: atomic exporters: description: |- Exporters allows users to configure OpenTelemetry exporters that exist @@ -11366,6 +11482,13 @@ spec: type: string x-kubernetes-validations: - rule: duration("0") <= self && self <= duration("60m") + databases: + description: |- + The databases to target with added custom queries. + Default behavior is to target `postgres`. + items: + type: string + type: array name: description: |- The name of this batch of queries, which will be used in naming the OTel @@ -11409,6 +11532,18 @@ spec: type: string type: array type: object + exporters: + description: The names of exporters that should send metrics. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + perDBMetricTargets: + description: User defined databases to target for default per-db metrics + items: + type: string + type: array type: object resources: description: Resources holds the resource requirements for the collector container. diff --git a/helm/install/values.yaml b/helm/install/values.yaml index 07fd34fb..9018ccbd 100644 --- a/helm/install/values.yaml +++ b/helm/install/values.yaml @@ -2,34 +2,34 @@ # controllerImages are used to run the operator's controllers. # The cluster image defined below runs the PostgresCluster and PGUpgrade controllers. controllerImages: - cluster: registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.2-0 + cluster: registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.3-0 # relatedImages are used when an image is omitted from PostgresCluster, PGAdmin or PGUpgrade specs. relatedImages: postgres_17: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-17.5-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-17.6-2534 postgres_17_gis_3.5: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.5-3.5-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.6-3.5-2534 postgres_17_gis_3.4: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.5-3.4-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.6-3.4-2534 postgres_16: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-16.9-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-16.10-2534 postgres_16_gis_3.4: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.9-3.4-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.10-3.4-2534 postgres_16_gis_3.3: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.9-3.3-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.10-3.3-2534 pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi9-2.54.2-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi9-2.56.0-2534 pgbouncer: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi9-1.24-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi9-1.24-2534 pgexporter: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi9-0.17.1-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi9-0.17.1-2534 pgupgrade: - image: registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi9-17.5-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi9-17.6-2534 standalone_pgadmin: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi9-9.2-2520 + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi9-9.2-2534 collector: - image: registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.2-0 + image: registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.3-0 # singleNamespace controls where PGO watches for PostgresClusters. When false, # PGO watches for and responds to PostgresClusters in all namespaces. When true, diff --git a/kustomize/install/components/images-by-tag/kustomization.yaml b/kustomize/install/components/images-by-tag/kustomization.yaml index 6855d30f..327ec16f 100644 --- a/kustomize/install/components/images-by-tag/kustomization.yaml +++ b/kustomize/install/components/images-by-tag/kustomization.yaml @@ -2,37 +2,37 @@ kind: Component images: - name: image-pgadmin newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4 - newTag: ubi9-9.2-2520 + newTag: ubi9-9.2-2534 - name: image-pgbackrest newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest - newTag: ubi9-2.54.2-2520 + newTag: ubi9-2.56.0-2534 - name: image-pgbouncer newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer - newTag: ubi9-1.24-2520 + newTag: ubi9-1.24-2534 - name: image-postgres-exporter newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter - newTag: ubi9-0.17.1-2520 + newTag: ubi9-0.17.1-2534 - name: image-postgres-operator-5.8 newName: registry.developers.crunchydata.com/crunchydata/postgres-operator - newTag: ubi9-5.8.2-0 + newTag: ubi9-5.8.3-0 - name: image-crunchy-postgres-16 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres - newTag: ubi9-16.9-2520 + newTag: ubi9-16.10-2534 - name: image-crunchy-postgres-17 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres - newTag: ubi9-17.5-2520 + newTag: ubi9-17.6-2534 - name: image-crunchy-upgrade newName: registry.developers.crunchydata.com/crunchydata/crunchy-upgrade - newTag: ubi9-17.5-2520 + newTag: ubi9-17.6-2534 - name: image-crunchy-postgres-16-gis-3.3 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis - newTag: ubi9-16.9-3.3-2520 + newTag: ubi9-16.10-3.3-2534 - name: image-crunchy-postgres-16-gis-3.4 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis - newTag: ubi9-16.9-3.4-2520 + newTag: ubi9-16.10-3.4-2534 - name: image-crunchy-postgres-17-gis-3.4 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis - newTag: ubi9-17.5-3.4-2520 + newTag: ubi9-17.6-3.4-2534 - name: image-crunchy-postgres-17-gis-3.5 newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis - newTag: ubi9-17.5-3.5-2520 + newTag: ubi9-17.6-3.5-2534 diff --git a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml index d9111933..794d8248 100644 --- a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml +++ b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_crunchybridgeclusters.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: crunchybridgeclusters.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 spec: group: postgres-operator.crunchydata.com names: diff --git a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml index 349adf16..0124eb15 100644 --- a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml +++ b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: pgadmins.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 spec: group: postgres-operator.crunchydata.com names: @@ -1623,6 +1623,122 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + environmentVariables: + description: |- + EnvironmentVariables allows the user to add environment variables to the + collector container. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: Cannot overwrite environment variables set by operator + rule: self.name != 'K8S_POD_NAMESPACE' && self.name != 'K8S_POD_NAME' && self.name != 'PGPASSWORD' + minItems: 1 + type: array + x-kubernetes-list-type: atomic exporters: description: |- Exporters allows users to configure OpenTelemetry exporters that exist @@ -2019,6 +2135,13 @@ spec: type: string x-kubernetes-validations: - rule: duration("0") <= self && self <= duration("60m") + databases: + description: |- + The databases to target with added custom queries. + Default behavior is to target `postgres`. + items: + type: string + type: array name: description: |- The name of this batch of queries, which will be used in naming the OTel @@ -2062,6 +2185,18 @@ spec: type: string type: array type: object + exporters: + description: The names of exporters that should send metrics. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + perDBMetricTargets: + description: User defined databases to target for default per-db metrics + items: + type: string + type: array type: object resources: description: Resources holds the resource requirements for the collector container. diff --git a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml index fc1bb6b2..476b1ef1 100644 --- a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml +++ b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: pgupgrades.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 spec: group: postgres-operator.crunchydata.com names: diff --git a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml index df686ff6..fd078c2a 100644 --- a/kustomize/install/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml +++ b/kustomize/install/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.17.2 name: postgresclusters.postgres-operator.crunchydata.com labels: - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 spec: group: postgres-operator.crunchydata.com names: @@ -10970,6 +10970,122 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + environmentVariables: + description: |- + EnvironmentVariables allows the user to add environment variables to the + collector container. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: Cannot overwrite environment variables set by operator + rule: self.name != 'K8S_POD_NAMESPACE' && self.name != 'K8S_POD_NAME' && self.name != 'PGPASSWORD' + minItems: 1 + type: array + x-kubernetes-list-type: atomic exporters: description: |- Exporters allows users to configure OpenTelemetry exporters that exist @@ -11366,6 +11482,13 @@ spec: type: string x-kubernetes-validations: - rule: duration("0") <= self && self <= duration("60m") + databases: + description: |- + The databases to target with added custom queries. + Default behavior is to target `postgres`. + items: + type: string + type: array name: description: |- The name of this batch of queries, which will be used in naming the OTel @@ -11409,6 +11532,18 @@ spec: type: string type: array type: object + exporters: + description: The names of exporters that should send metrics. + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + perDBMetricTargets: + description: User defined databases to target for default per-db metrics + items: + type: string + type: array type: object resources: description: Resources holds the resource requirements for the collector container. diff --git a/kustomize/install/default/kustomization.yaml b/kustomize/install/default/kustomization.yaml index e7ba6cea..e7a0ea52 100644 --- a/kustomize/install/default/kustomization.yaml +++ b/kustomize/install/default/kustomization.yaml @@ -7,7 +7,7 @@ labels: includeTemplates: true pairs: app.kubernetes.io/name: pgo - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 - includeSelectors: true includeTemplates: true pairs: diff --git a/kustomize/install/singlenamespace/kustomization.yaml b/kustomize/install/singlenamespace/kustomization.yaml index a4a9c565..73f990c0 100644 --- a/kustomize/install/singlenamespace/kustomization.yaml +++ b/kustomize/install/singlenamespace/kustomization.yaml @@ -7,7 +7,7 @@ labels: includeTemplates: true pairs: app.kubernetes.io/name: pgo - app.kubernetes.io/version: 5.8.2 + app.kubernetes.io/version: 5.8.3 - includeSelectors: true includeTemplates: true pairs: