From 3384237c4b0f7fb36f126cc9b3071548d75a74e7 Mon Sep 17 00:00:00 2001 From: Robert Grimm Date: Thu, 19 Sep 2024 23:26:08 -0500 Subject: [PATCH 1/3] Add Apicurio Registry; enhance Crunchy Postgres Aggregate Apicurio Registry uses Postgres database from Crunchy Postgres To make Crunchy-deployed database work for Apicurio Registry, feature gate needs to be enabled. --- apicurio-registry-operator/.editorconfig | 8 +++ apicurio-registry-operator/README.md | 44 ++++++++++++++ .../apicurio-registry-sql/kustomization.yaml | 57 +++++++++++++++++++ .../patch-dbuser-credentials.yaml | 21 +++++++ .../patch-postgres-cluster.yaml | 21 +++++++ .../instance/base/apicurio-registry.yaml | 19 +++++++ .../instance/base/kustomization.yaml | 5 ++ .../components/https-ingress/ingress.yaml | 23 ++++++++ .../https-ingress/kustomization.yaml | 5 ++ .../apicurio-registry-cert.yaml | 24 ++++++++ .../kustomization.yaml | 33 +++++++++++ .../overlays/postgresql/kustomization.yaml | 13 +++++ .../postgresql/patch-apicurio-registry.yaml | 11 ++++ .../operator/base/kustomization.yaml | 7 +++ .../operator/base/namespace.yaml | 8 +++ .../operator/base/operator-group.yaml | 6 ++ .../operator/base/subscription.yaml | 11 ++++ .../operator/overlays/2.x/kustomization.yaml | 11 ++++ .../overlays/2.x/patch-subscription.yaml | 3 + crunchy-postgres-operator/.editorconfig | 8 +++ crunchy-postgres-operator/README.md | 4 ++ .../instance/base/kustomization.yaml | 5 ++ .../instance/base/postgres-cluster.yaml | 30 ++++++++++ .../auto-create-user-schema/README.md | 11 ++++ .../kustomization.yaml | 10 ++++ ...ch-auto-create-user-schema-annotation.yaml | 3 + .../predefined-user-pass-and-db/README.md | 4 ++ .../default-pguser-dbuser.yaml | 13 +++++ .../kustomization.yaml | 14 +++++ .../patch-add-user-and-database.yaml | 6 ++ .../operator/base/subscription.yaml | 2 + .../components/feature-gates/README.md | 21 +++++++ .../feature-gates/kustomization.yaml | 10 ++++ .../feature-gates/patch-subscription.yaml | 5 ++ .../components/separate-namespace/README.md | 21 +++++++ .../separate-namespace/kustomization.yaml | 14 +++++ .../separate-namespace/namespace.yaml | 11 ++++ .../separate-namespace/operator-group.yaml | 6 ++ .../patch-subscription.yaml | 3 + 39 files changed, 531 insertions(+) create mode 100644 apicurio-registry-operator/.editorconfig create mode 100644 apicurio-registry-operator/README.md create mode 100644 apicurio-registry-operator/aggregate/apicurio-registry-sql/kustomization.yaml create mode 100644 apicurio-registry-operator/aggregate/apicurio-registry-sql/patch-dbuser-credentials.yaml create mode 100644 apicurio-registry-operator/aggregate/apicurio-registry-sql/patch-postgres-cluster.yaml create mode 100644 apicurio-registry-operator/instance/base/apicurio-registry.yaml create mode 100644 apicurio-registry-operator/instance/base/kustomization.yaml create mode 100644 apicurio-registry-operator/instance/components/https-ingress/ingress.yaml create mode 100644 apicurio-registry-operator/instance/components/https-ingress/kustomization.yaml create mode 100644 apicurio-registry-operator/instance/overlays/postgresql-tls-letsencrypt/apicurio-registry-cert.yaml create mode 100644 apicurio-registry-operator/instance/overlays/postgresql-tls-letsencrypt/kustomization.yaml create mode 100644 apicurio-registry-operator/instance/overlays/postgresql/kustomization.yaml create mode 100644 apicurio-registry-operator/instance/overlays/postgresql/patch-apicurio-registry.yaml create mode 100644 apicurio-registry-operator/operator/base/kustomization.yaml create mode 100644 apicurio-registry-operator/operator/base/namespace.yaml create mode 100644 apicurio-registry-operator/operator/base/operator-group.yaml create mode 100644 apicurio-registry-operator/operator/base/subscription.yaml create mode 100644 apicurio-registry-operator/operator/overlays/2.x/kustomization.yaml create mode 100644 apicurio-registry-operator/operator/overlays/2.x/patch-subscription.yaml create mode 100644 crunchy-postgres-operator/.editorconfig create mode 100644 crunchy-postgres-operator/instance/base/kustomization.yaml create mode 100644 crunchy-postgres-operator/instance/base/postgres-cluster.yaml create mode 100644 crunchy-postgres-operator/instance/components/auto-create-user-schema/README.md create mode 100644 crunchy-postgres-operator/instance/components/auto-create-user-schema/kustomization.yaml create mode 100644 crunchy-postgres-operator/instance/components/auto-create-user-schema/patch-auto-create-user-schema-annotation.yaml create mode 100644 crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/README.md create mode 100644 crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/default-pguser-dbuser.yaml create mode 100644 crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/kustomization.yaml create mode 100644 crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/patch-add-user-and-database.yaml create mode 100644 crunchy-postgres-operator/operator/components/feature-gates/README.md create mode 100644 crunchy-postgres-operator/operator/components/feature-gates/kustomization.yaml create mode 100644 crunchy-postgres-operator/operator/components/feature-gates/patch-subscription.yaml create mode 100644 crunchy-postgres-operator/operator/components/separate-namespace/README.md create mode 100644 crunchy-postgres-operator/operator/components/separate-namespace/kustomization.yaml create mode 100644 crunchy-postgres-operator/operator/components/separate-namespace/namespace.yaml create mode 100644 crunchy-postgres-operator/operator/components/separate-namespace/operator-group.yaml create mode 100644 crunchy-postgres-operator/operator/components/separate-namespace/patch-subscription.yaml diff --git a/apicurio-registry-operator/.editorconfig b/apicurio-registry-operator/.editorconfig new file mode 100644 index 00000000..563638c4 --- /dev/null +++ b/apicurio-registry-operator/.editorconfig @@ -0,0 +1,8 @@ +# Apicurio Registry Operator EditorConfig File + +[*] +end_of_line = lf +indent_style = space +indent_size = 2 +insert_final_newline = true +trim_trailing_whitespace = true diff --git a/apicurio-registry-operator/README.md b/apicurio-registry-operator/README.md new file mode 100644 index 00000000..5eb9bb84 --- /dev/null +++ b/apicurio-registry-operator/README.md @@ -0,0 +1,44 @@ +# Apicurio Registry Operator + +Install Apicurio Registry Operator. + +Do not use the `base` directory directly, as you will need to patch the `channel` based on the intended version of Apicurio Registry. + +the current *overlays* available are for the following channels: + +* [2.x](operator/overlays/2.x) + +## Usage + +If you have cloned the `gitops-catalog` repository, you can install Apicurio Registry Operator based on the overlay of your choice by running from the root (`gitops-catalog`) directory. + +``` +oc apply -k apicurio-registry-operator/operator/overlays/ +``` + +Or, without cloning: + +``` +oc apply -k https://github.com/redhat-cop/gitops-catalog/apicurio-registry-operator/operator/overlays/ +``` + +As part of a different overlay in your own GitOps repo: + +``` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - https://github.com/redhat-cop/gitops-catalog/apicurio-registry-operator/operator/overlays/?ref=main +``` + +## Deploying Apicurio Registry + +If you would like to deploy Apicurio Registry, you can try one of the samples in the `instance/overlays` directory. + +## All-in-One + +If you would like to deploy the operator *and* Apicurio Registry and a backing store all in one line, use one of the `aggregate` directories, for example: + +``` +oc apply -k https://github.com/redhat-cop/gitops-catalog/apicurio-registry-operator/aggregate/apicurio-registry-sql?ref=main +``` diff --git a/apicurio-registry-operator/aggregate/apicurio-registry-sql/kustomization.yaml b/apicurio-registry-operator/aggregate/apicurio-registry-sql/kustomization.yaml new file mode 100644 index 00000000..e8828761 --- /dev/null +++ b/apicurio-registry-operator/aggregate/apicurio-registry-sql/kustomization.yaml @@ -0,0 +1,57 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../crunchy-postgres-operator/operator/overlays/v5 + - ../../../crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db + - ../../operator/overlays/2.x + - ../../instance/overlays/postgresql + +components: + - ../../../crunchy-postgres-operator/operator/components/separate-namespace + - ../../../crunchy-postgres-operator/operator/components/feature-gates + - ../../../crunchy-postgres-operator/instance/components/auto-create-user-schema + +patches: + - target: + group: postgres-operator.crunchydata.com + version: v1beta1 + kind: PostgresCluster + name: default + path: patch-postgres-cluster.yaml + - target: + group: '' + version: v1 + kind: Secret + name: default-pguser-dbuser + path: patch-dbuser-credentials.yaml + +replacements: + - source: + group: '' + version: v1 + kind: Secret + name: apicurio-registry-db-pguser-apicurio + fieldPath: metadata.labels.postgres-operator\.crunchydata\.com/pguser + targets: + - select: + group: registry.apicur.io + version: v1 + kind: ApicurioRegistry + name: default + fieldPaths: + - spec.configuration.sql.dataSource.userName + - source: + group: '' + version: v1 + kind: Secret + name: apicurio-registry-db-pguser-apicurio + fieldPath: stringData.password + targets: + - select: + group: registry.apicur.io + version: v1 + kind: ApicurioRegistry + name: default + fieldPaths: + - spec.configuration.sql.dataSource.password diff --git a/apicurio-registry-operator/aggregate/apicurio-registry-sql/patch-dbuser-credentials.yaml b/apicurio-registry-operator/aggregate/apicurio-registry-sql/patch-dbuser-credentials.yaml new file mode 100644 index 00000000..c3dcd187 --- /dev/null +++ b/apicurio-registry-operator/aggregate/apicurio-registry-sql/patch-dbuser-credentials.yaml @@ -0,0 +1,21 @@ +# Validate expectations before making changes +- op: test + path: /metadata/name + value: default-pguser-dbuser +- op: test + path: /metadata/labels/postgres-operator.crunchydata.com~1cluster + value: default +- op: test + path: /metadata/labels/postgres-operator.crunchydata.com~1pguser + value: dbuser + +# Customize for Apicurio Registry +- op: replace + path: /metadata/name + value: apicurio-registry-db-pguser-apicurio +- op: replace + path: /metadata/labels/postgres-operator.crunchydata.com~1cluster + value: apicurio-registry-db +- op: replace + path: /metadata/labels/postgres-operator.crunchydata.com~1pguser + value: apicurio diff --git a/apicurio-registry-operator/aggregate/apicurio-registry-sql/patch-postgres-cluster.yaml b/apicurio-registry-operator/aggregate/apicurio-registry-sql/patch-postgres-cluster.yaml new file mode 100644 index 00000000..1ac4c3fd --- /dev/null +++ b/apicurio-registry-operator/aggregate/apicurio-registry-sql/patch-postgres-cluster.yaml @@ -0,0 +1,21 @@ +# Validate expectations before making changes +- op: test + path: /metadata/name + value: default +- op: test + path: /spec/users/0/name + value: dbuser +- op: test + path: /spec/users/0/databases/0 + value: db + +# Update postgrescluster for use by Apicurio Registry +- op: replace + path: /metadata/name + value: apicurio-registry-db +- op: replace + path: /spec/users/0/name + value: apicurio +- op: replace + path: /spec/users/0/databases/0 + value: registry diff --git a/apicurio-registry-operator/instance/base/apicurio-registry.yaml b/apicurio-registry-operator/instance/base/apicurio-registry.yaml new file mode 100644 index 00000000..f7a46551 --- /dev/null +++ b/apicurio-registry-operator/instance/base/apicurio-registry.yaml @@ -0,0 +1,19 @@ +apiVersion: registry.apicur.io/v1 +kind: ApicurioRegistry +metadata: + name: default +spec: + deployment: + host: apicurio-registry + managedResources: + disableIngress: true + configuration: + persistence: sql + security: { } + # Too many bugs with Apicurio Registry handling SSL itself right now, so just disable Ingress and do it manually + # See https://issues.redhat.com/browse/IPT-1159 + # Then the above issue is worked around, the pathing/redirects are then broken, so Apicurio Registry still isn't + # usable. When it's all fixed, maybe re-enable the following: + # https: + # disableHttp: true + # secretName: apicurio-registry-cert diff --git a/apicurio-registry-operator/instance/base/kustomization.yaml b/apicurio-registry-operator/instance/base/kustomization.yaml new file mode 100644 index 00000000..de94ac4d --- /dev/null +++ b/apicurio-registry-operator/instance/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - apicurio-registry.yaml diff --git a/apicurio-registry-operator/instance/components/https-ingress/ingress.yaml b/apicurio-registry-operator/instance/components/https-ingress/ingress.yaml new file mode 100644 index 00000000..c6d4c708 --- /dev/null +++ b/apicurio-registry-operator/instance/components/https-ingress/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: apicurio-registry + annotations: + route.openshift.io/termination: edge +spec: + ingressClassName: openshift-default + tls: + - secretName: apicurio-registry-cert + hosts: + - apicurio-registry.apps.cluster.example.com + rules: + - host: apicurio-registry.apps.cluster.example.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: default-service + port: + name: http diff --git a/apicurio-registry-operator/instance/components/https-ingress/kustomization.yaml b/apicurio-registry-operator/instance/components/https-ingress/kustomization.yaml new file mode 100644 index 00000000..52215a22 --- /dev/null +++ b/apicurio-registry-operator/instance/components/https-ingress/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - ingress.yaml diff --git a/apicurio-registry-operator/instance/overlays/postgresql-tls-letsencrypt/apicurio-registry-cert.yaml b/apicurio-registry-operator/instance/overlays/postgresql-tls-letsencrypt/apicurio-registry-cert.yaml new file mode 100644 index 00000000..7ef0e91e --- /dev/null +++ b/apicurio-registry-operator/instance/overlays/postgresql-tls-letsencrypt/apicurio-registry-cert.yaml @@ -0,0 +1,24 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: apicurio-registry-cert + annotations: + acme.cert-manager.io/http01-override-ingress-name: apicurio-registry + cert-manager.io/issue-temporary-certificate: 'true' +spec: + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: letsencrypt-prod + secretName: apicurio-registry-cert + dnsNames: + # These should be replaced in a kustomize overlay, according to intended hostnames + - apicurio-registry.apps.cluster.example.com + usages: + - digital signature + - key encipherment + secretTemplate: + annotations: + kubernetes.io/description: >- + Secret issued via cert-manager which will be referenced and used by Apicurio Registry for securing + HTTPS traffic diff --git a/apicurio-registry-operator/instance/overlays/postgresql-tls-letsencrypt/kustomization.yaml b/apicurio-registry-operator/instance/overlays/postgresql-tls-letsencrypt/kustomization.yaml new file mode 100644 index 00000000..8567e378 --- /dev/null +++ b/apicurio-registry-operator/instance/overlays/postgresql-tls-letsencrypt/kustomization.yaml @@ -0,0 +1,33 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../postgresql + - apicurio-registry-cert.yaml + +components: + - ../../components/https-ingress + +replacements: + - source: + group: registry.apicur.io + version: v1 + kind: ApicurioRegistry + name: default + fieldPath: spec.deployment.host + targets: + - select: + group: cert-manager.io + version: v1 + kind: Certificate + name: apicurio-registry-cert + fieldPaths: + - spec.dnsNames.0 + - select: + group: networking.k8s.io + version: v1 + kind: Ingress + name: apicurio-registry + fieldPaths: + - spec.tls.0.hosts.0 + - spec.rules.0.host diff --git a/apicurio-registry-operator/instance/overlays/postgresql/kustomization.yaml b/apicurio-registry-operator/instance/overlays/postgresql/kustomization.yaml new file mode 100644 index 00000000..ab728b50 --- /dev/null +++ b/apicurio-registry-operator/instance/overlays/postgresql/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + group: registry.apicur.io + version: v1 + kind: ApicurioRegistry + name: default + path: patch-apicurio-registry.yaml diff --git a/apicurio-registry-operator/instance/overlays/postgresql/patch-apicurio-registry.yaml b/apicurio-registry-operator/instance/overlays/postgresql/patch-apicurio-registry.yaml new file mode 100644 index 00000000..c190a32f --- /dev/null +++ b/apicurio-registry-operator/instance/overlays/postgresql/patch-apicurio-registry.yaml @@ -0,0 +1,11 @@ +- op: replace + path: /spec/configuration/persistence + value: sql + +- op: add + path: /spec/configuration/sql + value: + dataSource: + url: jdbc:postgresql://apicurio-registry-db-primary:5432/registry + userName: registry-user + password: registry-password diff --git a/apicurio-registry-operator/operator/base/kustomization.yaml b/apicurio-registry-operator/operator/base/kustomization.yaml new file mode 100644 index 00000000..1e66bd5f --- /dev/null +++ b/apicurio-registry-operator/operator/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - operator-group.yaml + - subscription.yaml diff --git a/apicurio-registry-operator/operator/base/namespace.yaml b/apicurio-registry-operator/operator/base/namespace.yaml new file mode 100644 index 00000000..f77ea103 --- /dev/null +++ b/apicurio-registry-operator/operator/base/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: apicurio-registry-operator + annotations: + openshift.io/display-name: Red Hat build of Apicurio Registry Operator + labels: + openshift.io/cluster-monitoring: 'true' diff --git a/apicurio-registry-operator/operator/base/operator-group.yaml b/apicurio-registry-operator/operator/base/operator-group.yaml new file mode 100644 index 00000000..fcdc39c4 --- /dev/null +++ b/apicurio-registry-operator/operator/base/operator-group.yaml @@ -0,0 +1,6 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: apicurio-registry-operator + namespace: apicurio-registry-operator +spec: diff --git a/apicurio-registry-operator/operator/base/subscription.yaml b/apicurio-registry-operator/operator/base/subscription.yaml new file mode 100644 index 00000000..b61cd937 --- /dev/null +++ b/apicurio-registry-operator/operator/base/subscription.yaml @@ -0,0 +1,11 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: service-registry-operator + namespace: apicurio-registry-operator +spec: + channel: patch-me-see-overlays-dir + installPlanApproval: Automatic + name: service-registry-operator + source: redhat-operators + sourceNamespace: openshift-marketplace diff --git a/apicurio-registry-operator/operator/overlays/2.x/kustomization.yaml b/apicurio-registry-operator/operator/overlays/2.x/kustomization.yaml new file mode 100644 index 00000000..1ed88e9b --- /dev/null +++ b/apicurio-registry-operator/operator/overlays/2.x/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: service-registry-operator + path: patch-subscription.yaml diff --git a/apicurio-registry-operator/operator/overlays/2.x/patch-subscription.yaml b/apicurio-registry-operator/operator/overlays/2.x/patch-subscription.yaml new file mode 100644 index 00000000..2ec56b96 --- /dev/null +++ b/apicurio-registry-operator/operator/overlays/2.x/patch-subscription.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: 2.x diff --git a/crunchy-postgres-operator/.editorconfig b/crunchy-postgres-operator/.editorconfig new file mode 100644 index 00000000..e1c886d1 --- /dev/null +++ b/crunchy-postgres-operator/.editorconfig @@ -0,0 +1,8 @@ +# Crunchy Postgres Operator EditorConfig File + +[*] +end_of_line = lf +indent_style = space +indent_size = 2 +insert_final_newline = true +trim_trailing_whitespace = true diff --git a/crunchy-postgres-operator/README.md b/crunchy-postgres-operator/README.md index 39c54e57..432e7ba5 100644 --- a/crunchy-postgres-operator/README.md +++ b/crunchy-postgres-operator/README.md @@ -30,3 +30,7 @@ kind: Kustomization resources: - https://github.com/redhat-cop/gitops-catalog/crunchy-postgres-operator/operator/overlays/?ref=main ``` + +## Deploying Databases + +If you would like to deploy a database, you can try one of the sample databases in the `instance/overlays` directory. diff --git a/crunchy-postgres-operator/instance/base/kustomization.yaml b/crunchy-postgres-operator/instance/base/kustomization.yaml new file mode 100644 index 00000000..6098d9e0 --- /dev/null +++ b/crunchy-postgres-operator/instance/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - postgres-cluster.yaml diff --git a/crunchy-postgres-operator/instance/base/postgres-cluster.yaml b/crunchy-postgres-operator/instance/base/postgres-cluster.yaml new file mode 100644 index 00000000..a149c204 --- /dev/null +++ b/crunchy-postgres-operator/instance/base/postgres-cluster.yaml @@ -0,0 +1,30 @@ +apiVersion: postgres-operator.crunchydata.com/v1beta1 +kind: PostgresCluster +metadata: + name: default + annotations: {} +spec: + postgresVersion: 16 + instances: + - name: instance1 + dataVolumeClaimSpec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + backups: + pgbackrest: + repos: + - name: repo1 + volume: + volumeClaimSpec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + restore: + repoName: repo1 + enabled: false + users: [] diff --git a/crunchy-postgres-operator/instance/components/auto-create-user-schema/README.md b/crunchy-postgres-operator/instance/components/auto-create-user-schema/README.md new file mode 100644 index 00000000..ca29c749 --- /dev/null +++ b/crunchy-postgres-operator/instance/components/auto-create-user-schema/README.md @@ -0,0 +1,11 @@ +# Auto-Create User Schemas + +This component will signal the Crunchy Postgres Operator to automatically create a schema for each user it creates. + +With Postgres 15, the default permissions of the "public" schema were reduced. Many applications assume that they have +permissions to create tables, which is no longer the case with the new permissions. Instead, the schema search order +is changed to "$user","public" -- this means that a schema with the username will be searched before the public schema. +By asking the operator to auto-create user schemas, applications may again operate without explicitly changing schema. + +The "AutoCreateUserSchemas" feature flag must be enabled on the operator for this component to take effect on deployed +databases. diff --git a/crunchy-postgres-operator/instance/components/auto-create-user-schema/kustomization.yaml b/crunchy-postgres-operator/instance/components/auto-create-user-schema/kustomization.yaml new file mode 100644 index 00000000..ab01ae03 --- /dev/null +++ b/crunchy-postgres-operator/instance/components/auto-create-user-schema/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +patches: + - target: + group: postgres-operator.crunchydata.com + version: v1beta1 + kind: PostgresCluster + name: default + path: patch-auto-create-user-schema-annotation.yaml diff --git a/crunchy-postgres-operator/instance/components/auto-create-user-schema/patch-auto-create-user-schema-annotation.yaml b/crunchy-postgres-operator/instance/components/auto-create-user-schema/patch-auto-create-user-schema-annotation.yaml new file mode 100644 index 00000000..0b9dd672 --- /dev/null +++ b/crunchy-postgres-operator/instance/components/auto-create-user-schema/patch-auto-create-user-schema-annotation.yaml @@ -0,0 +1,3 @@ +- op: add + path: /metadata/annotations/postgres-operator.crunchydata.com~1autoCreateUserSchema + value: 'true' diff --git a/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/README.md b/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/README.md new file mode 100644 index 00000000..ce81534d --- /dev/null +++ b/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/README.md @@ -0,0 +1,4 @@ +# Postgresql Database with Pre-defined User, Password, and Database + +This overlay introduces a user with pre-defined password and database. This may be useful when applications or +operators do not have functionality to load passwords from Secrets and need to have the password set in advance. diff --git a/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/default-pguser-dbuser.yaml b/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/default-pguser-dbuser.yaml new file mode 100644 index 00000000..56040762 --- /dev/null +++ b/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/default-pguser-dbuser.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + # Secret name takes the form of -pguser- + name: default-pguser-dbuser + labels: + postgres-operator.crunchydata.com/cluster: default + postgres-operator.crunchydata.com/pguser: dbuser +type: Opaque +stringData: + password: "pre-set-password" + # Empty string verifier signals to Crunchy Postgres Operator that the password key is not pre-hashed + verifier: "" diff --git a/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/kustomization.yaml b/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/kustomization.yaml new file mode 100644 index 00000000..789153d8 --- /dev/null +++ b/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + - default-pguser-dbuser.yaml + +patches: + - target: + group: postgres-operator.crunchydata.com + version: v1beta1 + kind: PostgresCluster + name: default + path: patch-add-user-and-database.yaml diff --git a/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/patch-add-user-and-database.yaml b/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/patch-add-user-and-database.yaml new file mode 100644 index 00000000..e8db8175 --- /dev/null +++ b/crunchy-postgres-operator/instance/overlays/predefined-user-pass-and-db/patch-add-user-and-database.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/users/- + value: + name: dbuser + databases: + - db diff --git a/crunchy-postgres-operator/operator/base/subscription.yaml b/crunchy-postgres-operator/operator/base/subscription.yaml index fa4e1ba0..cb404d58 100644 --- a/crunchy-postgres-operator/operator/base/subscription.yaml +++ b/crunchy-postgres-operator/operator/base/subscription.yaml @@ -9,3 +9,5 @@ spec: name: crunchy-postgres-operator source: certified-operators sourceNamespace: openshift-marketplace + config: + env: [] diff --git a/crunchy-postgres-operator/operator/components/feature-gates/README.md b/crunchy-postgres-operator/operator/components/feature-gates/README.md new file mode 100644 index 00000000..1751a99d --- /dev/null +++ b/crunchy-postgres-operator/operator/components/feature-gates/README.md @@ -0,0 +1,21 @@ +# feature-gates + +## Purpose + +This component is designed facilitate enabling of feature gates with the Crunchy Postgres Operator, such as the +"AutoCreateUserSchema" feature gate. + +## Usage + +This component can be added to a base by adding the `components` section to your overlay `kustomization.yaml` file: + +``` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +components: + - ../../components/feature-gates +``` diff --git a/crunchy-postgres-operator/operator/components/feature-gates/kustomization.yaml b/crunchy-postgres-operator/operator/components/feature-gates/kustomization.yaml new file mode 100644 index 00000000..84d68fb0 --- /dev/null +++ b/crunchy-postgres-operator/operator/components/feature-gates/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +patches: + - target: + group: operators.coreos.com + version: v1alpha1 + kind: Subscription + name: crunchy-postgres-operator + path: patch-subscription.yaml diff --git a/crunchy-postgres-operator/operator/components/feature-gates/patch-subscription.yaml b/crunchy-postgres-operator/operator/components/feature-gates/patch-subscription.yaml new file mode 100644 index 00000000..32c73ea8 --- /dev/null +++ b/crunchy-postgres-operator/operator/components/feature-gates/patch-subscription.yaml @@ -0,0 +1,5 @@ +- op: add + path: /spec/config/env/- + value: + name: PGO_FEATURE_GATES + value: AutoCreateUserSchema=true diff --git a/crunchy-postgres-operator/operator/components/separate-namespace/README.md b/crunchy-postgres-operator/operator/components/separate-namespace/README.md new file mode 100644 index 00000000..1a7ca57b --- /dev/null +++ b/crunchy-postgres-operator/operator/components/separate-namespace/README.md @@ -0,0 +1,21 @@ +# separate-namespace + +## Purpose + +This component is designed move installation of the Crunchy Postgres Operator into its own namespace. This facilitates +better control of upgrade approval for this operator without impacting other operators. + +## Usage + +This component can be added to a base by adding the `components` section to your overlay `kustomization.yaml` file: + +``` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +components: + - ../../components/separate-namespace +``` diff --git a/crunchy-postgres-operator/operator/components/separate-namespace/kustomization.yaml b/crunchy-postgres-operator/operator/components/separate-namespace/kustomization.yaml new file mode 100644 index 00000000..5d9b3724 --- /dev/null +++ b/crunchy-postgres-operator/operator/components/separate-namespace/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - namespace.yaml + - operator-group.yaml + +patches: + - target: + group: operators.coreos.com + version: v1alpha1 + kind: Subscription + name: crunchy-postgres-operator + path: patch-subscription.yaml diff --git a/crunchy-postgres-operator/operator/components/separate-namespace/namespace.yaml b/crunchy-postgres-operator/operator/components/separate-namespace/namespace.yaml new file mode 100644 index 00000000..225b240b --- /dev/null +++ b/crunchy-postgres-operator/operator/components/separate-namespace/namespace.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: crunchy-postgres-operator + annotations: + openshift.io/display-name: Crunchy Postgres Operator + openshift.io/description: >- + A project to host the Crunchy Postgres Operator so that it may be managed and upgraded separately from other + operators. + labels: + openshift.io/cluster-monitoring: 'true' diff --git a/crunchy-postgres-operator/operator/components/separate-namespace/operator-group.yaml b/crunchy-postgres-operator/operator/components/separate-namespace/operator-group.yaml new file mode 100644 index 00000000..dd8da69b --- /dev/null +++ b/crunchy-postgres-operator/operator/components/separate-namespace/operator-group.yaml @@ -0,0 +1,6 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: crnucby-postgres-operator + namespace: crunchy-postgres-operator +spec: diff --git a/crunchy-postgres-operator/operator/components/separate-namespace/patch-subscription.yaml b/crunchy-postgres-operator/operator/components/separate-namespace/patch-subscription.yaml new file mode 100644 index 00000000..5d0216e2 --- /dev/null +++ b/crunchy-postgres-operator/operator/components/separate-namespace/patch-subscription.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/namespace + value: crunchy-postgres-operator From ff797f5ab9a3b5482e1fe56cce20a961d3f39392 Mon Sep 17 00:00:00 2001 From: Robert Grimm Date: Thu, 19 Sep 2024 23:30:33 -0500 Subject: [PATCH 2/3] Add words to .wordlist-md --- .wordlist-md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.wordlist-md b/.wordlist-md index af5077a9..12d58bda 100644 --- a/.wordlist-md +++ b/.wordlist-md @@ -9,9 +9,11 @@ Alertmanager AmazonS AmazonSageMakerFullAccess Ansible +Apicurio ArgoCD ArgoCD's Authorino +AutoCreateUserSchema Bitnami CICD CRD @@ -95,6 +97,7 @@ SDKs SNO SSO Sagemaker +Schemas SecretManager SecureCluster ServiceMesh @@ -226,6 +229,7 @@ operatorGroups patchesJson performant postgres +postgresql pre prem prometheus @@ -241,6 +245,7 @@ runtime sagemaker sandboxed scalable +schemas secretGenerator seldon selectable From 26def7ab29ebcaf686f3ce2c6ed057e807dd875c Mon Sep 17 00:00:00 2001 From: Robert Grimm Date: Thu, 19 Sep 2024 23:32:13 -0500 Subject: [PATCH 3/3] Fix typo in feature gate name --- .../instance/components/auto-create-user-schema/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crunchy-postgres-operator/instance/components/auto-create-user-schema/README.md b/crunchy-postgres-operator/instance/components/auto-create-user-schema/README.md index ca29c749..1acae4d6 100644 --- a/crunchy-postgres-operator/instance/components/auto-create-user-schema/README.md +++ b/crunchy-postgres-operator/instance/components/auto-create-user-schema/README.md @@ -7,5 +7,5 @@ permissions to create tables, which is no longer the case with the new permissio is changed to "$user","public" -- this means that a schema with the username will be searched before the public schema. By asking the operator to auto-create user schemas, applications may again operate without explicitly changing schema. -The "AutoCreateUserSchemas" feature flag must be enabled on the operator for this component to take effect on deployed +The "AutoCreateUserSchema" feature flag must be enabled on the operator for this component to take effect on deployed databases.