diff --git a/config/components/images-by-tag/kustomization.yaml b/config/components/images-by-tag/kustomization.yaml new file mode 100644 index 0000000000..8cff89ff9f --- /dev/null +++ b/config/components/images-by-tag/kustomization.yaml @@ -0,0 +1,56 @@ +kind: Component +images: +- name: image-pgadmin + newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4 + newTag: ubi9-9.8-2550 +- name: image-pgbackrest + newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest + newTag: ubi9-2.56.0-2550 +- name: image-pgbouncer + newName: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer + newTag: ubi9-1.24-2550 +- name: image-postgres-exporter + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter + newTag: ubi9-0.18.1-2550 +- name: image-postgres-operator-6.0 + newName: registry.developers.crunchydata.com/crunchydata/postgres-operator + newTag: ubi9-6.0.0-0 +- name: image-postgres-operator-5.8 + newName: registry.developers.crunchydata.com/crunchydata/postgres-operator + newTag: ubi9-5.8.6-0 +- name: image-crunchy-postgres-15 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres + newTag: ubi9-15.15-2550 +- name: image-crunchy-postgres-16 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres + newTag: ubi9-16.11-2550 +- name: image-crunchy-postgres-17 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres + newTag: ubi9-17.7-2550 +- name: image-crunchy-postgres-18 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres + newTag: ubi9-18.1-2550 +- name: image-crunchy-upgrade + newName: registry.developers.crunchydata.com/crunchydata/crunchy-upgrade + newTag: ubi9-18.1-2550 +- name: image-crunchy-postgres-15-gis-3.3 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis + newTag: ubi9-15.15-3.3-2550 +- name: image-crunchy-postgres-16-gis-3.3 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis + newTag: ubi9-16.11-3.3-2550 +- name: image-crunchy-postgres-16-gis-3.4 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis + newTag: ubi9-16.11-3.4-2550 +- name: image-crunchy-postgres-17-gis-3.4 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis + newTag: ubi9-17.7-3.4-2550 +- name: image-crunchy-postgres-17-gis-3.5 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis + newTag: ubi9-17.7-3.5-2550 +- name: image-crunchy-postgres-17-gis-3.6 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis + newTag: ubi9-17.7-3.6-2550 +- name: image-crunchy-postgres-18-gis-3.6 + newName: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis + newTag: ubi9-18.1-3.6-2550 diff --git a/config/components/single-namespace/kustomization.yaml b/config/components/single-namespace/kustomization.yaml new file mode 100644 index 0000000000..f3947292cd --- /dev/null +++ b/config/components/single-namespace/kustomization.yaml @@ -0,0 +1,27 @@ +kind: Component + +patches: +- target: + kind: ClusterRole + patch: |- + - { op: replace, path: /kind, value: Role } +- target: + kind: ClusterRoleBinding + patch: |- + - { op: replace, path: /kind, value: RoleBinding } + - { op: replace, path: /roleRef/kind, value: Role } +- target: + kind: Deployment + patch: |- + kind: Deployment + metadata: { name: ignored } + spec: + template: + spec: + containers: + - name: operator + env: + - name: CPK_TARGET_NAMESPACE + valueFrom: { fieldRef: { apiVersion: v1, fieldPath: metadata.namespace } } + - name: PGO_TARGET_NAMESPACE + value: '$(CPK_TARGET_NAMESPACE)' diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 7001380693..40d2fd6b04 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,20 +1,37 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: postgres-operator labels: +- includeSelectors: false + includeTemplates: true + pairs: + app.kubernetes.io/name: pgo + app.kubernetes.io/version: 6.0.0 - includeSelectors: true + includeTemplates: true pairs: - # Note: this label differs from the label set in postgres-operator-examples postgres-operator.crunchydata.com/control-plane: postgres-operator resources: - ../crd -- ../rbac +- ../rbac/cluster - ../manager -images: -- name: postgres-operator - newName: registry.developers.crunchydata.com/crunchydata/postgres-operator - newTag: latest +components: +- ../components/images-by-tag + +patches: +- patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: pgo + spec: + template: + spec: + containers: + - name: operator + env: + - name: PGO_FEATURE_GATES + value: "" diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index dfce22e6c5..b581d4fc0c 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,5 +1,11 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +configurations: + - kustomize_related_images.yaml + resources: -- manager.yaml + - manager.yaml + +images: + - name: postgres-operator + newName: image-postgres-operator-6.0 diff --git a/config/manager/kustomize_related_images.yaml b/config/manager/kustomize_related_images.yaml new file mode 100644 index 0000000000..1f853b767f --- /dev/null +++ b/config/manager/kustomize_related_images.yaml @@ -0,0 +1,12 @@ +# This configures the built-in ImageTagTransformer to replace image identifiers +# in Deployment environment variables as well as image fields. +# +# See: https://kubectl.docs.kubernetes.io/references/kustomize/builtins/ + +images: +- group: apps + kind: Deployment + path: spec/template/spec/containers/env/value +- group: apps + kind: Deployment + path: spec/template/spec/containers/image diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index c1dae68fac..27b9a5fc16 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -8,6 +8,7 @@ spec: strategy: { type: Recreate } template: spec: + serviceAccountName: pgo containers: - name: operator image: postgres-operator @@ -15,46 +16,66 @@ spec: - name: PGO_INSTALLER value: kustomize - name: PGO_INSTALLER_ORIGIN - value: postgres-operator-repo + value: examples-repo + - name: PGO_CONTROLLER_LEASE_NAME + value: cpk-leader-election-lease - name: PGO_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + valueFrom: { fieldRef: { fieldPath: metadata.namespace } } - name: CRUNCHY_DEBUG value: "true" + - name: RELATED_IMAGE_POSTGRES_15 + value: image-crunchy-postgres-15 + - name: RELATED_IMAGE_POSTGRES_15_GIS_3.3 + value: image-crunchy-postgres-15-gis-3.3 - name: RELATED_IMAGE_POSTGRES_16 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-16.11-2547" + value: image-crunchy-postgres-16 - name: RELATED_IMAGE_POSTGRES_16_GIS_3.3 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.11-3.3-2547" + value: image-crunchy-postgres-16-gis-3.3 - name: RELATED_IMAGE_POSTGRES_16_GIS_3.4 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-16.11-3.4-2547" + value: image-crunchy-postgres-16-gis-3.4 - name: RELATED_IMAGE_POSTGRES_17 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-17.7-2547" + value: image-crunchy-postgres-17 - name: RELATED_IMAGE_POSTGRES_17_GIS_3.4 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.7-3.4-2547" + value: image-crunchy-postgres-17-gis-3.4 - name: RELATED_IMAGE_POSTGRES_17_GIS_3.5 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.7-3.5-2547" + value: image-crunchy-postgres-17-gis-3.5 - name: RELATED_IMAGE_POSTGRES_17_GIS_3.6 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-17.7-3.5-2547" + value: image-crunchy-postgres-17-gis-3.6 - name: RELATED_IMAGE_POSTGRES_18 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi9-18.1-2547" + value: image-crunchy-postgres-18 - name: RELATED_IMAGE_POSTGRES_18_GIS_3.6 - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi9-18.1-3.6-2547" + value: image-crunchy-postgres-18-gis-3.6 - name: RELATED_IMAGE_PGBACKREST - value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi9-2.56.0-2547" + value: image-pgbackrest - name: RELATED_IMAGE_PGBOUNCER - value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi9-1.24-2547" + value: image-pgbouncer - name: RELATED_IMAGE_PGEXPORTER - value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi9-0.18.1-2547" + value: image-postgres-exporter - name: RELATED_IMAGE_PGUPGRADE - value: "registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi9-18.1-2547" + value: image-crunchy-upgrade - name: RELATED_IMAGE_STANDALONE_PGADMIN - value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi9-9.8-2547" + value: image-pgadmin - name: RELATED_IMAGE_COLLECTOR - value: "registry.developers.crunchydata.com/crunchydata/postgres-operator:ubi9-5.8.5-0" + value: image-postgres-operator-6.0 securityContext: + seccompProfile: + type: RuntimeDefault allowPrivilegeEscalation: false capabilities: { drop: [ALL] } readOnlyRootFilesystem: true runAsNonRoot: true - serviceAccountName: pgo + ports: + - containerPort: 8443 + name: metrics + livenessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 diff --git a/config/namespace/kustomization.yaml b/config/namespace/kustomization.yaml index e06cce134a..bf20f4df68 100644 --- a/config/namespace/kustomization.yaml +++ b/config/namespace/kustomization.yaml @@ -1,5 +1,2 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - resources: - namespace.yaml diff --git a/config/rbac/cluster/kustomization.yaml b/config/rbac/cluster/kustomization.yaml new file mode 100644 index 0000000000..fea51ff73b --- /dev/null +++ b/config/rbac/cluster/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- role_binding.yaml +- role.yaml +- service_account.yaml diff --git a/config/rbac/cluster/role.yaml b/config/rbac/cluster/role.yaml new file mode 100644 index 0000000000..aa19cdacbf --- /dev/null +++ b/config/rbac/cluster/role.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: postgres-operator +rules: +- apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - endpoints/restricted + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - delete + - get + - list + - patch + - watch +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - postgres-operator.crunchydata.com + resources: + - crunchybridgeclusters + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - postgres-operator.crunchydata.com + resources: + - crunchybridgeclusters/finalizers + - crunchybridgeclusters/status + verbs: + - patch + - update +- apiGroups: + - postgres-operator.crunchydata.com + resources: + - pgadmins + - pgupgrades + verbs: + - get + - list + - watch +- apiGroups: + - postgres-operator.crunchydata.com + resources: + - pgadmins/finalizers + - pgupgrades/finalizers + - postgresclusters/finalizers + verbs: + - update +- apiGroups: + - postgres-operator.crunchydata.com + resources: + - pgadmins/status + - pgupgrades/status + - postgresclusters/status + verbs: + - patch +- apiGroups: + - postgres-operator.crunchydata.com + resources: + - postgresclusters + verbs: + - get + - list + - patch + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - watch diff --git a/config/rbac/cluster/role_binding.yaml b/config/rbac/cluster/role_binding.yaml new file mode 100644 index 0000000000..584ec1668c --- /dev/null +++ b/config/rbac/cluster/role_binding.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: postgres-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: postgres-operator +subjects: +- kind: ServiceAccount + name: pgo diff --git a/config/rbac/cluster/service_account.yaml b/config/rbac/cluster/service_account.yaml new file mode 100644 index 0000000000..364f797171 --- /dev/null +++ b/config/rbac/cluster/service_account.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pgo diff --git a/config/rbac/namespace/kustomization.yaml b/config/rbac/namespace/kustomization.yaml new file mode 100644 index 0000000000..0964e6ea11 --- /dev/null +++ b/config/rbac/namespace/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- ../cluster +components: +- ../../components/single-namespace diff --git a/config/singlenamespace/kustomization.yaml b/config/singlenamespace/kustomization.yaml new file mode 100644 index 0000000000..7771818fd3 --- /dev/null +++ b/config/singlenamespace/kustomization.yaml @@ -0,0 +1,23 @@ +kind: Kustomization + +namespace: postgres-operator + +labels: +- includeSelectors: false + includeTemplates: true + pairs: + app.kubernetes.io/name: pgo + app.kubernetes.io/version: 6.0.0 +- includeSelectors: true + includeTemplates: true + pairs: + postgres-operator.crunchydata.com/control-plane: postgres-operator + +resources: +- ../crd +- ../rbac/namespace +- ../manager + +components: +- ../components/images-by-tag +- ../components/single-namespace