This commit integrates the 'crunchy-postgres-ha'

andrewlecuyer · andrewlecuyer · commit db9480c12b8f · 2019-11-12T00:41:16.000-06:00
container into the PGO.  Now when clusters are
created, as well as when additional replicas are
added to existing clusters, the 'crunchy-postgres-ha'
container is utilized instead of the 'crunchy-postgres'
container.  This effectively introduces integrates Patroni
into the PGO architecture, which will be leveraged to
bootstrap, manage and ensure the availability of any
PG databases and clusters created by the PGO.

With the introduction of the 'crunchy-postgres-ha' container,
an additional service account named 'pgo-pg' is now created
and utilized by any PG deployments, with any permissions
required by Patroni to create and modify the various artifacts
in Kubernetes required to support the Patroni solution.  Also,
Patroni environment variables are utilized to configure the
'crunchy-postgres-ha' container, along with a Patroni
configuration file and applicable Kubernetes secrets.

Being that this change represents a major change to the
PGO architecture, this is considered a breaking change
that will not be backwards compatible with an PG clusters
previously created by the PGO.  Please note that this
commit also does not yet deprecate or update any failover
logic, as required to fully leverage the HA capabilities
provided by Patroni in the  'crunchy-postgres-ha' container
(these updates will be provided in a subsequent commit).
diff --git a/apiserver/clusterservice/clusterimpl.go b/apiserver/clusterservice/clusterimpl.go
@@ -859,7 +859,7 @@ func getClusterParams(request *msgs.CreateClusterRequest, name string, userLabel
 		spec.CCPImage = request.CCPImage
 		log.Debugf("user is overriding CCPImage from command line %s", request.CCPImage)
 	} else {
-		spec.CCPImage = "crunchy-postgres"
+		spec.CCPImage = "crunchy-postgres-ha"
 	}
 	spec.Namespace = ns
 	spec.Name = name
diff --git a/conf/postgres-operator/cluster-deployment.json b/conf/postgres-operator/cluster-deployment.json
@@ -27,7 +27,7 @@
             "spec": {
 
                 {{.SecurityContext }}
-
+                "serviceAccountName": "pgo-pg",
                 "containers": [
         
 
@@ -37,7 +37,7 @@
                     "readinessProbe": {
                         "exec": {
                             "command": [
-                                "/opt/cpm/bin/readiness.sh"
+                                "/opt/cpm/bin/readiness/readiness.sh"
                             ]
                         },
                         "initialDelaySeconds": 15,
@@ -47,39 +47,51 @@
             {{.ContainerResources }}
 
                     "env": [{
-                        "name": "PG_PRIMARY_PORT",
+                        "name": "PGHA_PG_PORT",
                         "value": "{{.Port}}"
                     }, {
-                        "name": "PG_MODE",
-                        "value": "{{.PgMode}}"
-                    }, {
-                        "name": "PG_USER",
+                        "name": "PGHA_USER",
                         "value": "postgres"
                     }, {
-                        "name": "PG_PRIMARY_HOST",
-                        "value": "{{.PrimaryHost}}"
-                    }, {
-                        "name": "LOG_STATEMENT",
-                        "value": "{{.LogStatement}}"
-                    }, {
-                        "name": "LOG_MIN_DURATION_STATEMENT",
-                        "value": "{{.LogMinDurationStatement}}"
-                    }, {
-                        "name": "PG_LOCALE",
-                        "value": "en_US.UTF8"
-                    }, {
-                        "name": "PGDATA_PATH_OVERRIDE",
-                        "value": "{{.DataPathOverride}}"
+                        "name": "PATRONI_POSTGRESQL_DATA_DIR",
+                        "value": "/pgdata/{{.Name}}"
                     }, {
 			{{.PgmonitorEnvVars}}
             {{.PgbackrestEnvVars}}
             {{.PgbackrestS3EnvVars}}
-                        "name": "PG_DATABASE",
+                        "name": "PGHA_DATABASE",
                         "value": "{{.Database}}"
-                    },{
-                        "name": "ARCHIVE_TIMEOUT",
-                        "value": "{{.ArchiveTimeout}}"
-                    },{
+                    }, {
+                        "name": "PATRONI_KUBERNETES_NAMESPACE",
+                        "valueFrom": {
+                            "fieldRef": {
+                                "fieldPath": "metadata.namespace"
+                            }
+                        }
+                    }, {
+                        "name": "PATRONI_NAME",
+                        "valueFrom": {
+                            "fieldRef": {
+                                "fieldPath": "metadata.name"
+                            }
+                        }
+                    }, {
+                        "name": "PATRONI_SCOPE",
+                        "valueFrom": {
+                            "fieldRef": {
+                                "fieldPath": "metadata.labels['pg-cluster']"
+                            }
+                        }
+                    }, {
+                        "name": "PATRONI_KUBERNETES_LABELS",
+                        "value": "{vendor: \"crunchydata\"}"
+                    }, {
+                        "name": "PATRONI_KUBERNETES_SCOPE_LABEL",
+                        "value": "{{.ScopeLabel}}"
+                    }, {
+                        "name": "PATRONI_LOG_LEVEL",
+                        "value": "INFO"
+                    }, {
                         "name": "PGHOST",
                         "value": "/tmp"
                     }],
@@ -93,13 +105,13 @@
                             "mountPath": "/backrestrepo",
                             "name": "backrestrepo"
                         }, {
-                            "mountPath": "/pguser",
+                            "mountPath": "/pgconf/pguser",
                             "name": "user-volume"
                         }, {
-                            "mountPath": "/pgprimary",
+                            "mountPath": "/pgconf/pgreplicator",
                             "name": "primary-volume"
                         }, {
-                            "mountPath": "/pgroot",
+                            "mountPath": "/pgconf/pgsuper",
                             "name": "root-volume"
                         }, {
                             "mountPath": "/pgwal",
@@ -115,7 +127,7 @@
                             "mountPath": "/recover",
                             "name": "recover-volume"
                         }
-
+                        
                     ],
 
                     "ports": [{
@@ -172,7 +184,23 @@
             "emptyDir": { "medium": "Memory" }
                     }, {
                         "name": "pgconf-volume",
-            {{.ConfVolume}}
+                        "projected": {
+                            "sources": [
+                                {{if .ConfVolume}}
+                                {
+                                    "configMap": { 
+                                        "name": {{.ConfVolume}}
+                                    }
+                                },
+                                {{end}}
+                                {
+                                    "configMap": { 
+                                        "name": "pgo-pgha-default-config",
+                                        "optional": true
+                                    }
+                                }
+                            ]
+                         }
                     }
 
                 ],
diff --git a/conf/postgres-operator/pgbackrest-env-vars.json b/conf/postgres-operator/pgbackrest-env-vars.json
@@ -21,6 +21,9 @@
                     }, {
                         "name": "PGBACKREST_LOG_PATH",
                         "value": "/tmp"
+                    }, {
+                        "name": "PGBACKREST_PG1_SOCKET_PATH",
+                        "value": "/tmp"
                     }, {
                         "name": "PGBACKREST_PG1_PORT",
                         "value": "{{.PgbackrestPGPort}}"
diff --git a/conf/postgres-operator/pgo-backrest-repo-template.json b/conf/postgres-operator/pgo-backrest-repo-template.json
@@ -62,6 +62,9 @@
                     }, {
                         "name": "PGBACKREST_LOG_PATH",
                         "value": "/tmp"
+                    }, {
+                        "name": "PGBACKREST_PG1_SOCKET_PATH",
+                        "value": "/tmp"
                     }, {
                         "name": "PGBACKREST_DB_HOST",
                         "value": "{{.PGbackrestDBHost}}"
diff --git a/conf/postgres-operator/pgo-pg-role-binding.json b/conf/postgres-operator/pgo-pg-role-binding.json
@@ -0,0 +1,22 @@
+{
+   "apiVersion":"rbac.authorization.k8s.io/v1",
+   "kind":"RoleBinding",
+   "metadata":{
+      "name":"pgo-pg-role-binding",
+      "namespace":"{{.TargetNamespace}}",
+      "labels":{
+         "vendor":"crunchydata"
+      }
+   },
+   "roleRef":{
+      "apiGroup":"rbac.authorization.k8s.io",
+      "kind":"Role",
+      "name":"pgo-pg-role"
+   },
+   "subjects":[
+      {
+         "kind":"ServiceAccount",
+         "name":"pgo-pg"
+      }
+   ]
+}
diff --git a/conf/postgres-operator/pgo-pg-role.json b/conf/postgres-operator/pgo-pg-role.json
@@ -0,0 +1,46 @@
+{
+   "apiVersion":"rbac.authorization.k8s.io/v1",
+   "kind":"Role",
+   "metadata":{
+      "name":"pgo-pg-role",
+      "namespace":"{{.TargetNamespace}}",
+      "labels":{
+         "vendor":"crunchydata"
+      }
+   },
+   "rules":[
+      {
+         "apiGroups":[
+            ""
+         ],
+         "resources":[
+            "configmaps"
+         ],
+         "verbs":[
+            "create",
+            "get",
+            "list",
+            "patch",
+            "update",
+            "watch",
+            "delete",
+            "deletecollection"
+         ]
+      },
+      {
+         "apiGroups":[
+            ""
+         ],
+         "resources":[
+            "pods"
+         ],
+         "verbs":[
+            "get",
+            "list",
+            "patch",
+            "update",
+            "watch"
+         ]
+      }
+   ]
+}
diff --git a/conf/postgres-operator/pgo-pg-sa.json b/conf/postgres-operator/pgo-pg-sa.json
@@ -0,0 +1,11 @@
+{
+   "apiVersion":"v1",
+   "kind":"ServiceAccount",
+   "metadata":{
+      "name":"pgo-pg",
+      "namespace":"{{.TargetNamespace}}",
+      "labels":{
+         "vendor":"crunchydata"
+      }
+   }
+}
diff --git a/conf/postgres-operator/postgres-ha.yaml b/conf/postgres-operator/postgres-ha.yaml
@@ -0,0 +1,10 @@
+---
+bootstrap:
+  dcs:
+    postgresql:
+      parameters:
+        archive_timeout: {{.ArchiveTimeout}} 
+        log_min_duration_statement: {{.LogMinDurationStatement}}
+        log_statement: {{.LogStatement}}
+  initdb:
+  - encoding: UTF8
diff --git a/config/pgoconfig.go b/config/pgoconfig.go
@@ -61,6 +61,18 @@ var PgoTargetRoleTemplate *template.Template
 
 const PGOTargetRolePath = "pgo-target-role.json"
 
+var PgoPgServiceAccountTemplate *template.Template
+
+const PGOPgServiceAccountPath = "pgo-pg-sa.json"
+
+var PgoPgRoleTemplate *template.Template
+
+const PGOPgRolePath = "pgo-pg-role.json"
+
+var PgoPgRoleBindingTemplate *template.Template
+
+const PGOPgRoleBindingPath = "pgo-pg-role-binding.json"
+
 var BenchmarkJobTemplate *template.Template
 
 const benchmarkJobPath = "pgbench-job.json"
@@ -193,6 +205,10 @@ var DeploymentTemplate *template.Template
 
 const deploymentTemplatePath = "cluster-deployment.json"
 
+var PostgresHaTemplate *template.Template
+
+const PostgresHaTemplatePath = "postgres-ha.yaml"
+
 type ClusterStruct struct {
 	CCPImagePrefix          string `yaml:"CCPImagePrefix"`
 	CCPImageTag             string `yaml:"CCPImageTag"`
@@ -635,6 +651,18 @@ func (c *PgoConfig) GetConfig(clientset *kubernetes.Clientset, namespace string)
 	if err != nil {
 		return err
 	}
+	PgoPgServiceAccountTemplate, err = c.LoadTemplate(cMap, rootPath, PGOPgServiceAccountPath)
+	if err != nil {
+		return err
+	}
+	PgoPgRoleTemplate, err = c.LoadTemplate(cMap, rootPath, PGOPgRolePath)
+	if err != nil {
+		return err
+	}
+	PgoPgRoleBindingTemplate, err = c.LoadTemplate(cMap, rootPath, PGOPgRoleBindingPath)
+	if err != nil {
+		return err
+	}
 
 	BenchmarkJobTemplate, err = c.LoadTemplate(cMap, rootPath, benchmarkJobPath)
 	if err != nil {
@@ -802,7 +830,16 @@ func (c *PgoConfig) GetConfig(clientset *kubernetes.Clientset, namespace string)
 	}
 
 	DeploymentTemplate, err = c.LoadTemplate(cMap, rootPath, deploymentTemplatePath)
-	return err
+	if err != nil {
+		return err
+	}
+
+	PostgresHaTemplate, err = c.LoadTemplate(cMap, rootPath, PostgresHaTemplatePath)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func getRootPath(clientset *kubernetes.Clientset, namespace string) (*v1.ConfigMap, string) {
diff --git a/ns/nslogic.go b/ns/nslogic.go
diff --git a/operator/backrest/restore.go b/operator/backrest/restore.go
diff --git a/operator/cluster/clusterlogic.go b/operator/cluster/clusterlogic.go
diff --git a/operator/clusterutilities.go b/operator/clusterutilities.go

Original file line number	Diff line number	Diff line change
`@@ -859,7 +859,7 @@ func getClusterParams(request *msgs.CreateClusterRequest, name string, userLabel`
`859`	`859`	`spec.CCPImage = request.CCPImage`
`860`	`860`	`log.Debugf("user is overriding CCPImage from command line %s", request.CCPImage)`
`861`	`861`	`} else {`
`862`		`- spec.CCPImage = "crunchy-postgres"`
	`862`	`+ spec.CCPImage = "crunchy-postgres-ha"`
`863`	`863`	`}`
`864`	`864`	`spec.Namespace = ns`
`865`	`865`	`spec.Name = name`