Add global option to enable/disable init containers and sidecars

charts/postgres-operator/crds/operatorconfigurations.yaml

@@ -107,10 +107,14 @@ spec:
                   type: object
                   additionalProperties:
                     type: string
+                enable_init_containers:
+                  type: boolean
                 enable_pod_antiaffinity:
                   type: boolean
                 enable_pod_disruption_budget:
                   type: boolean
+                enable_sidecars:
+                  type: boolean
                 infrastructure_roles_secret_name:
                   type: string
                 inherited_labels:

charts/postgres-operator/values-crd.yaml

@@ -63,10 +63,14 @@ configKubernetes:
   #   keya: valuea
   #   keyb: valueb
 
+  # enables initContainers to run actions before Spilo is started
+  enable_init_containers: true
   # toggles pod anti affinity on the Postgres pods
   enable_pod_antiaffinity: false
   # toggles PDB to set to MinAvailabe 0 or 1
   enable_pod_disruption_budget: true
+  # enables sidecar containers to run alongside Spilo in the same pod
+  enable_sidecars: true
   # name of the secret containing infrastructure roles names and passwords
   # infrastructure_roles_secret_name: postgresql-infrastructure-roles
 

charts/postgres-operator/values.yaml

@@ -57,12 +57,16 @@ configKubernetes:
   # label assigned to Kubernetes objects created by the operator
   cluster_name_label: version
   # annotations attached to each database pod
-  # custom_pod_annotations: keya:valuea,keyb:valueb
+  # custom_pod_annotations: "keya:valuea,keyb:valueb"
 
+  # enables initContainers to run actions before Spilo is started
+  enable_init_containers: "true"
   # toggles pod anti affinity on the Postgres pods
   enable_pod_antiaffinity: "false"
   # toggles PDB to set to MinAvailabe 0 or 1
   enable_pod_disruption_budget: "true"
+  # enables sidecar containers to run alongside Spilo in the same pod
+  enable_sidecars: "true"
   # name of the secret containing infrastructure roles names and passwords
   # infrastructure_roles_secret_name: postgresql-infrastructure-roles
 

docs/reference/operator_parameters.md

@@ -87,9 +87,9 @@ Those are top-level keys, containing both leaf keys and groups.
   repository](https://github.com/zalando/spilo).
 
 * **sidecar_docker_images**
-  a map of sidecar names to docker images for the containers to run alongside
-  Spilo. In case of the name conflict with the definition in the cluster
-  manifest the cluster-specific one is preferred.
+  a map of sidecar names to docker images to run with Spilo. In case of the name
+  conflict with the definition in the cluster manifest the cluster-specific one
+  is preferred.
 
 * **enable_shm_volume**
   Instruct operator to start any new database pod without limitations on shm
@@ -196,6 +196,14 @@ configuration they are grouped under the `kubernetes` key.
   [admin docs](../administrator.md#pod-disruption-budget) for more information.
   Default is true.
 
+* **enable_init_containers**
+  global option to allow for creating init containers to run actions before
+  Spilo is started. Default is true.
+
+* **enable_sidecars**
+  global option to allow for creating sidecar containers to run alongside Spilo
+  on the same pod. Default is true.
+
 * **secret_name_template**
   a template for the name of the database user secrets generated by the
   operator. `{username}` is replaced with name of the secret, `{cluster}` with

docs/user.md

@@ -350,6 +350,10 @@ variables are always passed to sidecars:
 The PostgreSQL volume is shared with sidecars and is mounted at
 `/home/postgres/pgdata`.
 
+**Note**: The operator will not create a cluster if sidecar containers are
+specified but globally disabled in the configuration. The `enable_sidecars`
+option must be set to `true`.
+
 ## InitContainers Support
 
 Each cluster can specify arbitrary init containers to run. These containers can
@@ -374,6 +378,10 @@ spec:
 
 `initContainers` accepts full `v1.Container` definition.
 
+**Note**: The operator will not create a cluster if `initContainers` are
+specified but globally disabled in the configuration. The
+`enable_init_containers` option must be set to `true`.
+
 ## Increase volume size
 
 PostgreSQL operator supports statefulset volume resize if you're using the

e2e/tests/test_e2e.py

@@ -182,17 +182,12 @@ def test_logical_backup_cron_job(self):
 
         # update the cluster-wide image of the logical backup pod
         image = "test-image-name"
-        config_map_patch = {
+        patch_logical_backup_image = {
             "data": {
                "logical_backup_docker_image": image,
             }
         }
-        k8s.api.core_v1.patch_namespaced_config_map("postgres-operator", "default", config_map_patch)
-
-        operator_pod = k8s.api.core_v1.list_namespaced_pod(
-            'default', label_selector="name=postgres-operator").items[0].metadata.name
-        k8s.api.core_v1.delete_namespaced_pod(operator_pod, "default")  # restart reloads the conf
-        k8s.wait_for_operator_pod_start()
+        k8s.update_config(patch_logical_backup_image)
 
         jobs = k8s.get_logical_backup_job().items
         actual_image = jobs[0].spec.job_template.spec.template.spec.containers[0].image
@@ -319,6 +314,14 @@ def wait_for_logical_backup_job_deletion(self):
     def wait_for_logical_backup_job_creation(self):
         self.wait_for_logical_backup_job(expected_num_of_jobs=1)
 
+    def update_config(self, config_map_patch):
+        self.api.core_v1.patch_namespaced_config_map("postgres-operator", "default", config_map_patch)
+
+        operator_pod = self.api.core_v1.list_namespaced_pod(
+            'default', label_selector="name=postgres-operator").items[0].metadata.name
+        self.api.core_v1.delete_namespaced_pod(operator_pod, "default")  # restart reloads the conf
+        self.wait_for_operator_pod_start()
+
     def create_with_kubectl(self, path):
         subprocess.run(["kubectl", "create", "-f", path])
 

go.mod

@@ -3,23 +3,21 @@ module github.com/zalando/postgres-operator
 go 1.12
 
 require (
-	github.com/aws/aws-sdk-go v1.25.1
-	github.com/emicklei/go-restful v2.9.6+incompatible // indirect
-	github.com/evanphx/json-patch v4.5.0+incompatible // indirect
-	github.com/googleapis/gnostic v0.3.0 // indirect
-	github.com/imdario/mergo v0.3.7 // indirect
+	github.com/aws/aws-sdk-go v1.25.44
+	github.com/imdario/mergo v0.3.8 // indirect
 	github.com/lib/pq v1.2.0
 	github.com/motomux/pretty v0.0.0-20161209205251-b2aad2c9a95d
 	github.com/sirupsen/logrus v1.4.2
-	golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c // indirect
+	golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e // indirect
 	golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 // indirect
 	golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 // indirect
-	golang.org/x/tools v0.0.0-20191127201027-ecd32218bd7f // indirect
+	golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
-	gopkg.in/yaml.v2 v2.2.5
+	gopkg.in/yaml.v2 v2.2.4
 	k8s.io/api v0.0.0-20191121015604-11707872ac1c
 	k8s.io/apiextensions-apiserver v0.0.0-20191121021419-88daf26ec3b8
 	k8s.io/apimachinery v0.0.0-20191121015412-41065c7a8c2a
 	k8s.io/client-go v11.0.0+incompatible
 	k8s.io/code-generator v0.0.0-20191121015212-c4c8f8345c7e
+	sigs.k8s.io/kind v0.5.1 // indirect
 )