diff --git a/charts/postgres-operator/templates/configmap.yaml b/charts/postgres-operator/templates/configmap.yaml
index 4785a7758054c5cfc8b86ab86c634531dccb611c..e9cec32bedcd86f70a3ecdefb00ee5e7da849cc1 100644
--- a/charts/postgres-operator/templates/configmap.yaml
+++ b/charts/postgres-operator/templates/configmap.yaml
@@ -18,6 +18,7 @@ data:
docker_image: {{ .Values.docker_image }}
debug_logging: "{{ .Values.configDebug.debug_logging }}"
enable_database_access: "{{ .Values.configDebug.enable_database_access }}"
+ enable_shm_volume: "{{ .Values.enable_shm_volume }}"
repair_period: {{ .Values.repair_period }}
resync_period: {{ .Values.resync_period }}
ring_log_lines: "{{ .Values.configLoggingRestApi.ring_log_lines }}"
diff --git a/charts/postgres-operator/templates/operatorconfiguration.yaml b/charts/postgres-operator/templates/operatorconfiguration.yaml
index 9510d454da371ddfa3c400a34a65738ace68b71e..00ce894568e81f1d911ec94a89b86252dbc917c3 100644
--- a/charts/postgres-operator/templates/operatorconfiguration.yaml
+++ b/charts/postgres-operator/templates/operatorconfiguration.yaml
@@ -9,6 +9,7 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
configuration:
docker_image: {{ .Values.docker_image }}
+ enable_shm_volume: {{ .Values.enable_shm_volume }}
repair_period: {{ .Values.repair_period }}
resync_period: {{ .Values.resync_period }}
workers: {{ .Values.workers }}
diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml
index 2d8c1122d384cf831efca91051eee3601591256c..1e753ad2d3bfb3b132abc73fae373097995979cb 100644
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@@ -15,6 +15,7 @@ podLabels: {}
# config shared from ConfigMap and CRD
docker_image: registry.opensource.zalan.do/acid/spilo-11:1.5-p7
+enable_shm_volume: true
repair_period: 5m
resync_period: 5m
spilo_privileged: false
diff --git a/docs/index.md b/docs/index.md
index 5b8479a912842735f9ca7034ab213131fb015b11..576a850e1a2d4efbd68e3097b4bc4814399a59e4 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -51,10 +51,12 @@ Please, report any issues discovered to https://github.com/zalando/postgres-oper
## Talks
-1. "PostgreSQL and Kubernetes: DBaaS without a vendor-lock" talk by Oleksii Kliukin, PostgreSQL Sessions 2018: [video](https://www.youtube.com/watch?v=q26U2rQcqMw) | [slides](https://speakerdeck.com/alexeyklyukin/postgresql-and-kubernetes-dbaas-without-a-vendor-lock)
+1. "Building your own PostgreSQL-as-a-Service on Kubernetes" talk by Alexander Kukushkin, KubeCon NA 2018: [video](https://www.youtube.com/watch?v=G8MnpkbhClc) | [slides](https://static.sched.com/hosted_files/kccna18/1d/Building%20your%20own%20PostgreSQL-as-a-Service%20on%20Kubernetes.pdf)
-2. "PostgreSQL High Availability on Kubernetes with Patroni" talk by Oleksii Kliukin, Atmosphere 2018: [video](https://www.youtube.com/watch?v=cFlwQOPPkeg) | [slides](https://speakerdeck.com/alexeyklyukin/postgresql-high-availability-on-kubernetes-with-patroni)
+2. "PostgreSQL and Kubernetes: DBaaS without a vendor-lock" talk by Oleksii Kliukin, PostgreSQL Sessions 2018: [video](https://www.youtube.com/watch?v=q26U2rQcqMw) | [slides](https://speakerdeck.com/alexeyklyukin/postgresql-and-kubernetes-dbaas-without-a-vendor-lock)
-2. "Blue elephant on-demand: Postgres + Kubernetes" talk by Oleksii Kliukin and Jan Mussler, FOSDEM 2018: [video](https://fosdem.org/2018/schedule/event/blue_elephant_on_demand_postgres_kubernetes/) | [slides (pdf)](https://www.postgresql.eu/events/fosdem2018/sessions/session/1735/slides/59/FOSDEM%202018_%20Blue_Elephant_On_Demand.pdf)
+3. "PostgreSQL High Availability on Kubernetes with Patroni" talk by Oleksii Kliukin, Atmosphere 2018: [video](https://www.youtube.com/watch?v=cFlwQOPPkeg) | [slides](https://speakerdeck.com/alexeyklyukin/postgresql-high-availability-on-kubernetes-with-patroni)
+
+4. "Blue elephant on-demand: Postgres + Kubernetes" talk by Oleksii Kliukin and Jan Mussler, FOSDEM 2018: [video](https://fosdem.org/2018/schedule/event/blue_elephant_on_demand_postgres_kubernetes/) | [slides (pdf)](https://www.postgresql.eu/events/fosdem2018/sessions/session/1735/slides/59/FOSDEM%202018_%20Blue_Elephant_On_Demand.pdf)
3. "Kube-Native Postgres" talk by Josh Berkus, KubeCon 2017: [video](https://www.youtube.com/watch?v=Zn1vd7sQ_bc)
diff --git a/docs/reference/operator_parameters.md b/docs/reference/operator_parameters.md
index fcd0b2623b86031925c74e0f97382bb2d4667d7c..731cce4e33d2fa08a2c444b30e98f6cd6f48d29d 100644
--- a/docs/reference/operator_parameters.md
+++ b/docs/reference/operator_parameters.md
@@ -85,6 +85,14 @@ Those are top-level keys, containing both leaf keys and groups.
Spilo. In case of the name conflict with the definition in the cluster
manifest the cluster-specific one is preferred.
+* **enable_shm_volume**
+ Instruct operator to start any new database pod without limitations on shm
+ memory. If this option is enabled, to the target database pod will be mounted
+ a new tmpfs volume to remove shm memory limitation (see e.g. the
+ [docker issue](https://github.com/docker-library/postgres/issues/416)).
+ This option is global for an operator object, and can be overwritten by
+ `enableShmVolume` parameter from Postgres manifest. The default is `true`.
+
* **workers**
number of working routines the operator spawns to process requests to
create/update/delete/sync clusters concurrently. The default is `4`.
@@ -298,14 +306,6 @@ CRD-based configuration.
container, change the [operator deployment manually](https://github.com/zalando/postgres-operator/blob/master/manifests/postgres-operator.yaml#L13).
The default is `false`.
-* **enable_shm_volume**
- Instruct operator to start any new database pod without limitations on shm
- memory. If this option is enabled, to the target database pod will be mounted
- a new tmpfs volume to remove shm memory limitation (see e.g. the [docker
- issue](https://github.com/docker-library/postgres/issues/416)). This option
- is global for an operator object, and can be overwritten by `enableShmVolume`
- parameter from Postgres manifest. The default is `true`
-
## Operator timeouts
This set of parameters define various timeouts related to some operator
@@ -405,7 +405,7 @@ yet officially supported.
empty.
* **aws_region**
- AWS region used to store ESB volumes. The default is `eu-central-1`.
+ AWS region used to store EBS volumes. The default is `eu-central-1`.
* **additional_secret_mount**
Additional Secret (aws or gcp credentials) to mount in the pod. The default is empty.
diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml
index 3a04d3156f23a1c58ec3911383873008c16f6999..071b7ced30538cbb9c5fc9d91c7f774aef6f9e25 100644
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@@ -17,6 +17,7 @@ data:
super_username: postgres
enable_teams_api: "false"
spilo_privileged: "false"
+ # enable_shm_volume: "true"
# custom_service_annotations:
# "keyx:valuez,keya:valuea"
# set_memory_request_to_limit: "true"
diff --git a/manifests/postgresql-operator-default-configuration.yaml b/manifests/postgresql-operator-default-configuration.yaml
index e9c46dd8bcf7acbc3a8fca9cd51ab3d134609c2e..cad4391fab049c79067aae922d89bbf706c0f7aa 100644
--- a/manifests/postgresql-operator-default-configuration.yaml
+++ b/manifests/postgresql-operator-default-configuration.yaml
@@ -10,6 +10,7 @@ configuration:
max_instances: -1
resync_period: 30m
repair_period: 5m
+ # enable_shm_volume: true
#sidecar_docker_images:
# example: "exampleimage:exampletag"
diff --git a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
index f69737c374ee3483c822904c277446103235efe5..bf1cbf22335022d63df0d3b70ce13fe49e65c6ea 100644
--- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
+++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
@@ -155,6 +155,7 @@ type OperatorConfigurationData struct {
MaxInstances int32 `json:"max_instances,omitempty"`
ResyncPeriod Duration `json:"resync_period,omitempty"`
RepairPeriod Duration `json:"repair_period,omitempty"`
+ ShmVolume *bool `json:"enable_shm_volume,omitempty"`
Sidecars map[string]string `json:"sidecar_docker_images,omitempty"`
PostgresUsersConfiguration PostgresUsersConfiguration `json:"users"`
Kubernetes KubernetesMetaConfiguration `json:"kubernetes"`
diff --git a/pkg/apis/acid.zalan.do/v1/util_test.go b/pkg/apis/acid.zalan.do/v1/util_test.go
index 1736688d87f27d4ada8f962797c08248705ba5ca..6c1b63ece64e6eb5b6361ebc87e2c0fb230b1887 100644
--- a/pkg/apis/acid.zalan.do/v1/util_test.go
+++ b/pkg/apis/acid.zalan.do/v1/util_test.go
@@ -8,6 +8,7 @@ import (
"testing"
"time"
+ "github.com/zalando/postgres-operator/pkg/util"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@@ -217,6 +218,7 @@ var unmarshalCluster = []struct {
"clone" : {
"cluster": "acid-batman"
},
+ "enableShmVolume": false,
"patroni": {
"initdb": {
"encoding": "UTF8",
@@ -269,6 +271,7 @@ var unmarshalCluster = []struct {
StorageClass: "SSD",
SubPath: "subdir",
},
+ ShmVolume: util.False(),
Patroni: Patroni{
InitDB: map[string]string{
"encoding": "UTF8",
@@ -316,7 +319,7 @@ var unmarshalCluster = []struct {
},
Error: "",
},
- marshal: []byte(`{"kind":"Postgresql","apiVersion":"acid.zalan.do/v1","metadata":{"name":"acid-testcluster1","creationTimestamp":null},"spec":{"postgresql":{"version":"9.6","parameters":{"log_statement":"all","max_connections":"10","shared_buffers":"32MB"}},"pod_priority_class_name":"spilo-pod-priority","volume":{"size":"5Gi","storageClass":"SSD", "subPath": "subdir"},"patroni":{"initdb":{"data-checksums":"true","encoding":"UTF8","locale":"en_US.UTF-8"},"pg_hba":["hostssl all all 0.0.0.0/0 md5","host all all 0.0.0.0/0 md5"],"ttl":30,"loop_wait":10,"retry_timeout":10,"maximum_lag_on_failover":33554432,"slots":{"permanent_logical_1":{"database":"foo","plugin":"pgoutput","type":"logical"}}},"resources":{"requests":{"cpu":"10m","memory":"50Mi"},"limits":{"cpu":"300m","memory":"3000Mi"}},"teamId":"ACID","allowedSourceRanges":["127.0.0.1/32"],"numberOfInstances":2,"users":{"zalando":["superuser","createdb"]},"maintenanceWindows":["Mon:01:00-06:00","Sat:00:00-04:00","05:00-05:15"],"clone":{"cluster":"acid-batman"}},"status":{"PostgresClusterStatus":""}}`),
+ marshal: []byte(`{"kind":"Postgresql","apiVersion":"acid.zalan.do/v1","metadata":{"name":"acid-testcluster1","creationTimestamp":null},"spec":{"postgresql":{"version":"9.6","parameters":{"log_statement":"all","max_connections":"10","shared_buffers":"32MB"}},"pod_priority_class_name":"spilo-pod-priority","volume":{"size":"5Gi","storageClass":"SSD", "subPath": "subdir"},"enableShmVolume":false,"patroni":{"initdb":{"data-checksums":"true","encoding":"UTF8","locale":"en_US.UTF-8"},"pg_hba":["hostssl all all 0.0.0.0/0 md5","host all all 0.0.0.0/0 md5"],"ttl":30,"loop_wait":10,"retry_timeout":10,"maximum_lag_on_failover":33554432,"slots":{"permanent_logical_1":{"database":"foo","plugin":"pgoutput","type":"logical"}}},"resources":{"requests":{"cpu":"10m","memory":"50Mi"},"limits":{"cpu":"300m","memory":"3000Mi"}},"teamId":"ACID","allowedSourceRanges":["127.0.0.1/32"],"numberOfInstances":2,"users":{"zalando":["superuser","createdb"]},"maintenanceWindows":["Mon:01:00-06:00","Sat:00:00-04:00","05:00-05:15"],"clone":{"cluster":"acid-batman"}},"status":{"PostgresClusterStatus":""}}`),
err: nil},
// example with teamId set in input
{
diff --git a/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go b/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
index 58900a490af418dc1060bd989dcf5925a7549dc8..92b2c870489f46966ca811c14e34db2b6c33bcd6 100644
--- a/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go
@@ -209,6 +209,11 @@ func (in *OperatorConfiguration) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OperatorConfigurationData) DeepCopyInto(out *OperatorConfigurationData) {
*out = *in
+ if in.ShmVolume != nil {
+ in, out := &in.ShmVolume, &out.ShmVolume
+ *out = new(bool)
+ **out = **in
+ }
if in.Sidecars != nil {
in, out := &in.Sidecars, &out.Sidecars
*out = make(map[string]string, len(*in))
diff --git a/pkg/cluster/k8sres.go b/pkg/cluster/k8sres.go
index aa5f47880124fe586c3b9c93c0823ff67e6579e7..54b123a1894393d9d2064c69afda4b65e2de750f 100644
--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@@ -360,8 +360,6 @@ func generateContainer(
volumeMounts []v1.VolumeMount,
privilegedMode bool,
) *v1.Container {
- falseBool := false
-
return &v1.Container{
Name: name,
Image: *dockerImage,
@@ -385,7 +383,7 @@ func generateContainer(
Env: envVars,
SecurityContext: &v1.SecurityContext{
Privileged: &privilegedMode,
- ReadOnlyRootFilesystem: &falseBool,
+ ReadOnlyRootFilesystem: util.False(),
},
}
}
@@ -421,9 +419,9 @@ func generateSidecarContainers(sidecars []acidv1.Sidecar,
// Check whether or not we're requested to mount an shm volume,
// taking into account that PostgreSQL manifest has precedence.
-func mountShmVolumeNeeded(opConfig config.Config, pgSpec *acidv1.PostgresSpec) bool {
- if pgSpec.ShmVolume != nil {
- return *pgSpec.ShmVolume
+func mountShmVolumeNeeded(opConfig config.Config, pgSpec *acidv1.PostgresSpec) *bool {
+ if pgSpec.ShmVolume != nil && *pgSpec.ShmVolume {
+ return pgSpec.ShmVolume
}
return opConfig.ShmVolume
@@ -442,7 +440,7 @@ func generatePodTemplate(
podServiceAccountName string,
kubeIAMRole string,
priorityClassName string,
- shmVolume bool,
+ shmVolume *bool,
podAntiAffinity bool,
podAntiAffinityTopologyKey string,
additionalSecretMount string,
@@ -467,7 +465,7 @@ func generatePodTemplate(
SecurityContext: &securityContext,
}
- if shmVolume {
+ if shmVolume != nil && *shmVolume {
addShmVolume(&podSpec)
}
@@ -1478,7 +1476,7 @@ func (c *Cluster) generateLogicalBackupJob() (*batchv1beta1.CronJob, error) {
c.OpConfig.PodServiceAccountName,
c.OpConfig.KubeIAMRole,
"",
- false,
+ util.False(),
false,
"",
"",
diff --git a/pkg/cluster/k8sres_test.go b/pkg/cluster/k8sres_test.go
index 3980bb4c4856b7d30ba201a79e2263a35c821055..5b206f7600176c8dd9f0f332c9894d1f4f03b50e 100644
--- a/pkg/cluster/k8sres_test.go
+++ b/pkg/cluster/k8sres_test.go
@@ -8,6 +8,7 @@ import (
"testing"
acidv1 "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
+ "github.com/zalando/postgres-operator/pkg/util"
"github.com/zalando/postgres-operator/pkg/util/config"
"github.com/zalando/postgres-operator/pkg/util/constants"
"github.com/zalando/postgres-operator/pkg/util/k8sutil"
@@ -17,16 +18,6 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)
-func True() *bool {
- b := true
- return &b
-}
-
-func False() *bool {
- b := false
- return &b
-}
-
func toIntStr(val int) *intstr.IntOrString {
b := intstr.FromInt(val)
return &b
@@ -118,14 +109,14 @@ func TestCreateLoadBalancerLogic(t *testing.T) {
{
subtest: "new format, load balancer is enabled for replica",
role: Replica,
- spec: &acidv1.PostgresSpec{EnableReplicaLoadBalancer: True()},
+ spec: &acidv1.PostgresSpec{EnableReplicaLoadBalancer: util.True()},
opConfig: config.Config{},
result: true,
},
{
subtest: "new format, load balancer is disabled for replica",
role: Replica,
- spec: &acidv1.PostgresSpec{EnableReplicaLoadBalancer: False()},
+ spec: &acidv1.PostgresSpec{EnableReplicaLoadBalancer: util.False()},
opConfig: config.Config{},
result: false,
},
@@ -208,7 +199,7 @@ func TestGeneratePodDisruptionBudget(t *testing.T) {
// With PodDisruptionBudget disabled.
{
New(
- Config{OpConfig: config.Config{Resources: config.Resources{ClusterNameLabel: "cluster-name", PodRoleLabel: "spilo-role"}, PDBNameFormat: "postgres-{cluster}-pdb", EnablePodDisruptionBudget: False()}},
+ Config{OpConfig: config.Config{Resources: config.Resources{ClusterNameLabel: "cluster-name", PodRoleLabel: "spilo-role"}, PDBNameFormat: "postgres-{cluster}-pdb", EnablePodDisruptionBudget: util.False()}},
k8sutil.KubernetesClient{},
acidv1.Postgresql{
ObjectMeta: metav1.ObjectMeta{Name: "myapp-database", Namespace: "myapp"},
@@ -231,7 +222,7 @@ func TestGeneratePodDisruptionBudget(t *testing.T) {
// With non-default PDBNameFormat and PodDisruptionBudget explicitly enabled.
{
New(
- Config{OpConfig: config.Config{Resources: config.Resources{ClusterNameLabel: "cluster-name", PodRoleLabel: "spilo-role"}, PDBNameFormat: "postgres-{cluster}-databass-budget", EnablePodDisruptionBudget: True()}},
+ Config{OpConfig: config.Config{Resources: config.Resources{ClusterNameLabel: "cluster-name", PodRoleLabel: "spilo-role"}, PDBNameFormat: "postgres-{cluster}-databass-budget", EnablePodDisruptionBudget: util.True()}},
k8sutil.KubernetesClient{},
acidv1.Postgresql{
ObjectMeta: metav1.ObjectMeta{Name: "myapp-database", Namespace: "myapp"},
diff --git a/pkg/controller/operator_config.go b/pkg/controller/operator_config.go
index c74de896088e0b53e2aabadda8d9d9a2b03f5721..9b71a086673ca5008f854ad79c31a9c6ff440f10 100644
--- a/pkg/controller/operator_config.go
+++ b/pkg/controller/operator_config.go
@@ -31,6 +31,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
result.MaxInstances = fromCRD.MaxInstances
result.ResyncPeriod = time.Duration(fromCRD.ResyncPeriod)
result.RepairPeriod = time.Duration(fromCRD.RepairPeriod)
+ result.ShmVolume = fromCRD.ShmVolume
result.Sidecars = fromCRD.Sidecars
result.SuperUsername = fromCRD.PostgresUsersConfiguration.SuperUsername
diff --git a/pkg/util/config/config.go b/pkg/util/config/config.go
index 661574368cfdc4d5be8c59f7f235401d2566884e..d071d8a4bde97786b95fa9509d5f0a873760a313 100644
--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@@ -42,7 +42,7 @@ type Resources struct {
NodeReadinessLabel map[string]string `name:"node_readiness_label" default:""`
MaxInstances int32 `name:"max_instances" default:"-1"`
MinInstances int32 `name:"min_instances" default:"-1"`
- ShmVolume bool `name:"enable_shm_volume" default:"true"`
+ ShmVolume *bool `name:"enable_shm_volume" default:"true"`
}
// Auth describes authentication specific configuration parameters
diff --git a/pkg/util/util.go b/pkg/util/util.go
index 20e1951f64e1c533b42c3b7d2ba909750ddb82f9..a8ef460db26c3065da541218b1f9681af209a01a 100644
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@@ -26,6 +26,17 @@ func init() {
rand.Seed(time.Now().Unix())
}
+// helper function to get bool pointers
+func True() *bool {
+ b := true
+ return &b
+}
+
+func False() *bool {
+ b := false
+ return &b
+}
+
// RandomPassword generates random alphanumeric password of a given length.
func RandomPassword(n int) string {
b := make([]byte, n)