diff --git a/cluster-tutorials/clone_with_pvc/postgres.yaml b/cluster-tutorials/clone_with_pvc/postgres.yaml index 19fb7cb..28a5e50 100644 --- a/cluster-tutorials/clone_with_pvc/postgres.yaml +++ b/cluster-tutorials/clone_with_pvc/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1-clone spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' @@ -24,7 +24,7 @@ spec: global: repo1-retention-full: '7' repo1-retention-full-type: count - image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-1' + image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-2' repos: - name: repo1 schedule: diff --git a/cluster-tutorials/clone_with_s3/postgres.yaml b/cluster-tutorials/clone_with_s3/postgres.yaml index 4f864ba..9189000 100644 --- a/cluster-tutorials/clone_with_s3/postgres.yaml +++ b/cluster-tutorials/clone_with_s3/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1-clone spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' @@ -25,7 +25,8 @@ spec: repo1-path: /YOUR_PATH_INSIDE_THE_BUCKET/repo1/ repo1-retention-full: '7' repo1-retention-full-type: count - image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-1' + #repo1-s3-uri-style: path # If you need path-style for your s3-storage + image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-2' repos: - endpoint: YOUR_S3_ENDPOINT name: repo1 diff --git a/cluster-tutorials/configure_users_and_databases/postgres.yaml b/cluster-tutorials/configure_users_and_databases/postgres.yaml index 0666dc8..2f7902a 100644 --- a/cluster-tutorials/configure_users_and_databases/postgres.yaml +++ b/cluster-tutorials/configure_users_and_databases/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' diff --git a/cluster-tutorials/high-availability-cluster/ha-postgres.yaml b/cluster-tutorials/high-availability-cluster/ha-postgres.yaml index 2e2af33..5f76d20 100644 --- a/cluster-tutorials/high-availability-cluster/ha-postgres.yaml +++ b/cluster-tutorials/high-availability-cluster/ha-postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: ha-cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 2 postgresql: version: '18' diff --git a/cluster-tutorials/loadbalancer-cluster/lb-postgres.yaml b/cluster-tutorials/loadbalancer-cluster/lb-postgres.yaml index 3228e8b..e0b1361 100644 --- a/cluster-tutorials/loadbalancer-cluster/lb-postgres.yaml +++ b/cluster-tutorials/loadbalancer-cluster/lb-postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: ha-cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' @@ -15,7 +15,7 @@ spec: cpu: 500m memory: 500Mi connectionPooler: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/pgbouncer:rocky9-1.25.0-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/pgbouncer:rocky9-1.25.0-2' mode: transaction numberOfInstances: 2 resources: diff --git a/cluster-tutorials/monitored_cluster/postgres.yaml b/cluster-tutorials/monitored_cluster/postgres.yaml index 2978d46..4dc1ca1 100644 --- a/cluster-tutorials/monitored_cluster/postgres.yaml +++ b/cluster-tutorials/monitored_cluster/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' @@ -19,4 +19,4 @@ spec: size: 5Gi #storageClass: default-provisioner monitor: - image: 'containers.cybertec.at/cybertec-pg-container/exporter:rocky9-18.1-1' + image: 'containers.cybertec.at/cybertec-pg-container/exporter:rocky9-18.1-2' diff --git a/cluster-tutorials/multisite/postgres.yaml b/cluster-tutorials/multisite/postgres.yaml index 5be027c..d343612 100644 --- a/cluster-tutorials/multisite/postgres.yaml +++ b/cluster-tutorials/multisite/postgres.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/name: postgres-cluster app.kubernetes.io/instance: multisite-cluster spec: - dockerImage: containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' diff --git a/cluster-tutorials/pgbackrest_with_gcs/postgres.yaml b/cluster-tutorials/pgbackrest_with_gcs/postgres.yaml index c99a56e..ebac723 100644 --- a/cluster-tutorials/pgbackrest_with_gcs/postgres.yaml +++ b/cluster-tutorials/pgbackrest_with_gcs/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' @@ -25,7 +25,7 @@ spec: repo1-path: /YOUR_PATH_INSIDE_THE_BUCKET/repo1/ repo1-retention-full: '7' repo1-retention-full-type: count - image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-1' + image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-2' repos: - name: repo1 resource: cpo-bucket-1 diff --git a/cluster-tutorials/pgbackrest_with_pvc/postgres.yaml b/cluster-tutorials/pgbackrest_with_pvc/postgres.yaml index 3def122..54dfa61 100644 --- a/cluster-tutorials/pgbackrest_with_pvc/postgres.yaml +++ b/cluster-tutorials/pgbackrest_with_pvc/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-pvc-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' @@ -24,7 +24,7 @@ spec: global: repo1-retention-full: '7' repo1-retention-full-type: count - image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-1' + image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-2' repos: - name: repo1 schedule: diff --git a/cluster-tutorials/pgbackrest_with_s3/postgres.yaml b/cluster-tutorials/pgbackrest_with_s3/postgres.yaml index 23ef8cc..0f78e87 100644 --- a/cluster-tutorials/pgbackrest_with_s3/postgres.yaml +++ b/cluster-tutorials/pgbackrest_with_s3/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' @@ -25,7 +25,8 @@ spec: repo1-path: /YOUR_PATH_INSIDE_THE_BUCKET/repo1/ repo1-retention-full: '7' repo1-retention-full-type: count - image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-1' + #repo1-s3-uri-style: path # If you need path-style for your s3-storage + image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-2' repos: - endpoint: YOUR_S3_ENDPOINT name: repo1 diff --git a/cluster-tutorials/postgis-cluster/postgres.yaml b/cluster-tutorials/postgis-cluster/postgres.yaml index a93765a..9778ccb 100644 --- a/cluster-tutorials/postgis-cluster/postgres.yaml +++ b/cluster-tutorials/postgis-cluster/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres-gis:rocky9-18.1-35-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres-gis:rocky9-18.1-36-2' numberOfInstances: 1 postgresql: version: '17' diff --git a/cluster-tutorials/prepared_databases/postgres.yaml b/cluster-tutorials/prepared_databases/postgres.yaml index 6cefc1f..8de5fb6 100644 --- a/cluster-tutorials/prepared_databases/postgres.yaml +++ b/cluster-tutorials/prepared_databases/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' diff --git a/cluster-tutorials/restore/postgres.yaml b/cluster-tutorials/restore/postgres.yaml index bb971e4..2c8d39f 100644 --- a/cluster-tutorials/restore/postgres.yaml +++ b/cluster-tutorials/restore/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' @@ -24,7 +24,7 @@ spec: global: repo1-retention-full: '7' repo1-retention-full-type: count - image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-1' + image: 'containers.cybertec.at/cybertec-pg-container/pgbackrest:rocky9-18.1-2' repos: - name: repo1 schedule: diff --git a/cluster-tutorials/single-cluster/postgres.yaml b/cluster-tutorials/single-cluster/postgres.yaml index 73a688e..98b98d5 100644 --- a/cluster-tutorials/single-cluster/postgres.yaml +++ b/cluster-tutorials/single-cluster/postgres.yaml @@ -3,7 +3,7 @@ kind: postgresql metadata: name: cluster-1 spec: - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' diff --git a/cluster-tutorials/standby-cluster/postgres.yaml b/cluster-tutorials/standby-cluster/postgres.yaml index b0534c9..5408493 100644 --- a/cluster-tutorials/standby-cluster/postgres.yaml +++ b/cluster-tutorials/standby-cluster/postgres.yaml @@ -6,7 +6,7 @@ spec: standby: standby_host: "cluster-1.cpo" standby_port: "5432" - dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' + dockerImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' numberOfInstances: 1 postgresql: version: '18' diff --git a/docs/index.yaml b/docs/index.yaml index 62ddb70..0c8f519 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -3,7 +3,7 @@ entries: postgres-operator: - apiVersion: v2 appVersion: 0.9.0 - created: "2025-12-03T19:52:48.441697621+01:00" + created: "2025-12-15T20:43:44.552251792+01:00" description: Helm-Chart for setting up an instance of CYBERTEC's Postgres operator (CPO). digest: 0f4b04aafe7c4bea40082510fb15e712b0f5438653c20f0d811436f8b7e6c1a9 @@ -12,9 +12,20 @@ entries: urls: - https://cybertec-postgresql.github.io/CYBERTEC-operator-tutorials/postgres-operator-0.9.0.tgz version: 0.9.0 + - apiVersion: v2 + appVersion: 0.9.0-1 + created: "2025-12-15T20:43:44.551906839+01:00" + description: Helm-Chart for setting up an instance of CYBERTEC's Postgres operator + (CPO). + digest: aea9683bed5c03bc6fa2c02c22756709b1148e9de768cbd0a527615030cd00fd + name: postgres-operator + type: application + urls: + - https://cybertec-postgresql.github.io/CYBERTEC-operator-tutorials/postgres-operator-0.9.0-1.tgz + version: 0.9.0-1 - apiVersion: v2 appVersion: 0.8.3 - created: "2025-12-03T19:52:48.44126257+01:00" + created: "2025-12-15T20:43:44.551513204+01:00" description: Helm-Chart for setting up an instance of CYBERTEC's Postgres operator (CPO). digest: c63960331058590711189c1a4487aca03c1ba0cec9e162e485b8646fce5d5392 @@ -25,7 +36,7 @@ entries: version: 0.8.3 - apiVersion: v2 appVersion: 0.8.2 - created: "2025-12-03T19:52:48.440869914+01:00" + created: "2025-12-15T20:43:44.548656632+01:00" description: Helm-Chart for setting up an instance of CYBERTEC's Postgres operator (CPO). digest: 403e5e1156250f663064db02ccf09e74be0dccc025556a02e502e349222c1a92 @@ -34,4 +45,4 @@ entries: urls: - https://cybertec-postgresql.github.io/CYBERTEC-operator-tutorials/postgres-operator-0.8.2.tgz version: 0.8.2 -generated: "2025-12-03T19:52:48.440329121+01:00" +generated: "2025-12-15T20:43:44.548080359+01:00" diff --git a/docs/postgres-operator-0.9.0-1.tgz b/docs/postgres-operator-0.9.0-1.tgz new file mode 100644 index 0000000..acc6fbe Binary files /dev/null and b/docs/postgres-operator-0.9.0-1.tgz differ diff --git a/setup/helm/operator/Chart.yaml b/setup/helm/operator/Chart.yaml index 2fc26d8..47d6304 100644 --- a/setup/helm/operator/Chart.yaml +++ b/setup/helm/operator/Chart.yaml @@ -3,6 +3,6 @@ type: application name: postgres-operator description: Helm-Chart for setting up an instance of CYBERTEC's Postgres operator (CPO). -appVersion: 0.9.0 -version: 0.9.0 +appVersion: 0.9.0-1 +version: 0.9.0-1 # Note: Make sure you have defined the correct version, based on the crd used \ No newline at end of file diff --git a/setup/helm/operator/crds/postgresql.crd.yaml b/setup/helm/operator/crds/postgresql.crd.yaml index a51a4b2..d286e04 100644 --- a/setup/helm/operator/crds/postgresql.crd.yaml +++ b/setup/helm/operator/crds/postgresql.crd.yaml @@ -657,11 +657,19 @@ spec: type: object type: array tde: + type: object nullable: true properties: enable: type: boolean - type: object + keybits: + type: integer + format: int32 + default: 128 + enum: + - 128 + - 192 + - 256 teamId: type: string tls: diff --git a/setup/helm/operator/templates/operator-service-account-rbac-openshift.yaml b/setup/helm/operator/templates/operator-service-account-rbac-openshift.yaml index b1b7136..5ad846e 100644 --- a/setup/helm/operator/templates/operator-service-account-rbac-openshift.yaml +++ b/setup/helm/operator/templates/operator-service-account-rbac-openshift.yaml @@ -4,279 +4,279 @@ metadata: name: cpo-operator namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cpo-operator -rules: -# all verbs allowed for custom operator resources -- apiGroups: - - cpo.opensource.cybertec.at - resources: - - postgresqls - - postgresqls/status - - operatorconfigurations - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -# operator only reads PostgresTeams -- apiGroups: - - cpo.opensource.cybertec.at - resources: - - postgresteams - verbs: - - get - - list - - watch -# to create or get/update CRDs when starting up -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - get - - patch - - update -# to read configuration and manage ConfigMaps used by Patroni -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -# to send events to the CRs -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - update - - watch -# to CRUD secrets for database access -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - update -# to check nodes for node readiness label -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -# to read or delete existing PVCs. Creation via StatefulSet -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - delete - - get - - list - - patch - - update - # to read existing PVs. Creation should be done via dynamic provisioning -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - update # only for resizing AWS volumes -# to watch Spilo pods and do rolling updates. Creation via StatefulSet -- apiGroups: - - "" - resources: - - pods - verbs: - - delete - - get - - list - - patch - - update - - watch -# to resize the filesystem in Spilo pods when increasing volume size -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create -# to CRUD services to point to Postgres cluster instances -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - patch - - update -# to CRUD the StatefulSet which controls the Postgres cluster instances -- apiGroups: - - apps - resources: - - statefulsets - - deployments - verbs: - - create - - delete - - get - - list - - patch -# to CRUD cron jobs for logical backups -- apiGroups: - - batch - resources: - - cronjobs - verbs: - - create - - delete - - get - - list - - patch - - update -# to get namespaces operator resources can run in -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -# to define PDBs. Update happens via delete/create -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get -# to create ServiceAccounts in each namespace the operator watches -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - create -# to create role bindings to the cpo-pod service account -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - get - - create -# to grant privilege to run privileged pods (not needed by default) -#- apiGroups: -# - extensions -# resources: -# - podsecuritypolicies -# resourceNames: -# - privileged -# verbs: -# - use +# --- +# apiVersion: rbac.authorization.k8s.io/v1 +# kind: ClusterRole +# metadata: +# name: cpo-operator +# rules: +# # all verbs allowed for custom operator resources +# - apiGroups: +# - cpo.opensource.cybertec.at +# resources: +# - postgresqls +# - postgresqls/status +# - operatorconfigurations +# verbs: +# - create +# - delete +# - deletecollection +# - get +# - list +# - patch +# - update +# - watch +# # operator only reads PostgresTeams +# - apiGroups: +# - cpo.opensource.cybertec.at +# resources: +# - postgresteams +# verbs: +# - get +# - list +# - watch +# # to create or get/update CRDs when starting up +# - apiGroups: +# - apiextensions.k8s.io +# resources: +# - customresourcedefinitions +# verbs: +# - create +# - get +# - patch +# - update +# # to read configuration and manage ConfigMaps used by Patroni +# - apiGroups: +# - "" +# resources: +# - configmaps +# verbs: +# - create +# - delete +# - deletecollection +# - get +# - list +# - patch +# - update +# - watch +# # to send events to the CRs +# - apiGroups: +# - "" +# resources: +# - events +# verbs: +# - create +# - get +# - list +# - patch +# - update +# - watch +# # to CRUD secrets for database access +# - apiGroups: +# - "" +# resources: +# - secrets +# verbs: +# - create +# - delete +# - get +# - update +# # to check nodes for node readiness label +# - apiGroups: +# - "" +# resources: +# - nodes +# verbs: +# - get +# - list +# - watch +# # to read or delete existing PVCs. Creation via StatefulSet +# - apiGroups: +# - "" +# resources: +# - persistentvolumeclaims +# verbs: +# - delete +# - get +# - list +# - patch +# - update +# # to read existing PVs. Creation should be done via dynamic provisioning +# - apiGroups: +# - "" +# resources: +# - persistentvolumes +# verbs: +# - get +# - list +# - update # only for resizing AWS volumes +# # to watch Spilo pods and do rolling updates. Creation via StatefulSet +# - apiGroups: +# - "" +# resources: +# - pods +# verbs: +# - delete +# - get +# - list +# - patch +# - update +# - watch +# # to resize the filesystem in Spilo pods when increasing volume size +# - apiGroups: +# - "" +# resources: +# - pods/exec +# verbs: +# - create +# # to CRUD services to point to Postgres cluster instances +# - apiGroups: +# - "" +# resources: +# - services +# verbs: +# - create +# - delete +# - get +# - patch +# - update +# # to CRUD the StatefulSet which controls the Postgres cluster instances +# - apiGroups: +# - apps +# resources: +# - statefulsets +# - deployments +# verbs: +# - create +# - delete +# - get +# - list +# - patch +# # to CRUD cron jobs for logical backups +# - apiGroups: +# - batch +# resources: +# - cronjobs +# verbs: +# - create +# - delete +# - get +# - list +# - patch +# - update +# # to get namespaces operator resources can run in +# - apiGroups: +# - "" +# resources: +# - namespaces +# verbs: +# - get +# # to define PDBs. Update happens via delete/create +# - apiGroups: +# - policy +# resources: +# - poddisruptionbudgets +# verbs: +# - create +# - delete +# - get +# # to create ServiceAccounts in each namespace the operator watches +# - apiGroups: +# - "" +# resources: +# - serviceaccounts +# verbs: +# - get +# - create +# # to create role bindings to the cpo-pod service account +# - apiGroups: +# - rbac.authorization.k8s.io +# resources: +# - rolebindings +# verbs: +# - get +# - create +# # to grant privilege to run privileged pods (not needed by default) +# #- apiGroups: +# # - extensions +# # resources: +# # - podsecuritypolicies +# # resourceNames: +# # - privileged +# # verbs: +# # - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cpo-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cpo-operator -subjects: -- kind: ServiceAccount - name: cpo-operator - namespace: {{ .Release.Namespace }} +# --- +# apiVersion: rbac.authorization.k8s.io/v1 +# kind: ClusterRoleBinding +# metadata: +# name: cpo-operator +# roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: cpo-operator +# subjects: +# - kind: ServiceAccount +# name: cpo-operator +# namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cpo-pod -rules: -# Patroni needs to watch and manage config maps -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -# Patroni needs to watch pods -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create -# to let Patroni create a headless service -- apiGroups: - - "" - resources: - - services - verbs: - - create -# For Backups -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create -# to grant privilege to run privileged pods (not needed by default) -#- apiGroups: -# - extensions -# resources: -# - podsecuritypolicies -# resourceNames: -# - privileged -# verbs: -# - use \ No newline at end of file +# --- +# apiVersion: rbac.authorization.k8s.io/v1 +# kind: ClusterRole +# metadata: +# name: cpo-pod +# rules: +# # Patroni needs to watch and manage config maps +# - apiGroups: +# - "" +# resources: +# - configmaps +# verbs: +# - create +# - delete +# - deletecollection +# - get +# - list +# - patch +# - update +# - watch +# # Patroni needs to watch pods +# - apiGroups: +# - "" +# resources: +# - pods +# verbs: +# - get +# - list +# - patch +# - update +# - watch +# - apiGroups: +# - "" +# resources: +# - pods/exec +# verbs: +# - create +# # to let Patroni create a headless service +# - apiGroups: +# - "" +# resources: +# - services +# verbs: +# - create +# # For Backups +# - apiGroups: +# - "" +# resources: +# - pods/exec +# verbs: +# - create +# # to grant privilege to run privileged pods (not needed by default) +# #- apiGroups: +# # - extensions +# # resources: +# # - podsecuritypolicies +# # resourceNames: +# # - privileged +# # verbs: +# # - use \ No newline at end of file diff --git a/setup/helm/operator/templates/postgres-operator.yaml b/setup/helm/operator/templates/postgres-operator.yaml index 1226cb5..dc07147 100644 --- a/setup/helm/operator/templates/postgres-operator.yaml +++ b/setup/helm/operator/templates/postgres-operator.yaml @@ -18,6 +18,10 @@ spec: cpo.cybertec.at/pod-type: postgres-operator spec: serviceAccountName: cpo-operator + {{- with .Values.imagePullSecretNames }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: postgres-operator image: {{ .Values.operatorSettings.operatorImage }} diff --git a/setup/helm/operator/templates/postgresql-operator-configuration.yaml b/setup/helm/operator/templates/postgresql-operator-configuration.yaml index 2cf7bcd..d3c77c2 100644 --- a/setup/helm/operator/templates/postgresql-operator-configuration.yaml +++ b/setup/helm/operator/templates/postgresql-operator-configuration.yaml @@ -96,8 +96,19 @@ configuration: pod_management_policy: "ordered_ready" # pod_priority_class_name: "postgres-pod-priority" pod_role_label: member.cpo.opensource.cybertec.at/role - # pod_service_account_definition: "" pod_service_account_name: cpo-pod + {{- if .Values.imagePullSecretNames }} + pod_service_account_definition: ' + { + "apiVersion": "v1", + "kind": "ServiceAccount", + "metadata": { + "name": "cpo-pod" + }, + "imagePullSecrets": {{ .Values.imagePullSecretNames | toJson }} + } + ' + {{- end }} # pod_service_account_role_binding_definition: "" pod_terminate_grace_period: 5m secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" diff --git a/setup/helm/operator/values.yaml b/setup/helm/operator/values.yaml index 3fae66b..b551ef0 100644 --- a/setup/helm/operator/values.yaml +++ b/setup/helm/operator/values.yaml @@ -11,13 +11,13 @@ debug: true # imagePullSecretNames is a list of secret names to use for pulling controller images. # More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod imagePullSecretNames: [] - + # - name: my-pull-secret # Define the operator settings to add to the configmap operatorSettings: operatorImage: 'docker.io/cybertecpostgresql/cybertec-pg-operator:v0.9.0-1' - postgresImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-1' - poolerImage: 'containers.cybertec.at/cybertec-pg-container/pgbouncer:rocky9-1.25.0-1' + postgresImage: 'containers.cybertec.at/cybertec-pg-container/postgres:rocky9-18.1-2' + poolerImage: 'containers.cybertec.at/cybertec-pg-container/pgbouncer:rocky9-1.25.0-2' watched_namespace: '*' enable_pod_antiaffinity: 'true'