Skip to content

Commit fea1ff7

Browse files
author
Jeff McCormick
committed
final password secret restructuring
1 parent 41998a8 commit fea1ff7

File tree

8 files changed

+144
-123
lines changed

8 files changed

+144
-123
lines changed

Makefile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
RELTMPDIR=/tmp/release.$(CO_VERSION)
33
RELFILE=/tmp/postgres-operator.$(CO_VERSION).tar.gz
44

5+
run:
6+
cd examples/operator && ./run.sh
57
pgo:
68
cd client && go build -o $(GOBIN)/pgo pgo.go
79
clean:

conf/postgres-operator/cluster/1/cluster-deployment-1.json

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -38,27 +38,12 @@
3838
}, {
3939
"name": "PGDATA_PATH_OVERRIDE",
4040
"value": "{{.PGDATA_PATH_OVERRIDE}}"
41-
}, {
42-
"name": "PG_MASTER_USER",
43-
"value": "{{.PG_MASTER_USER}}"
44-
}, {
45-
"name": "PG_MASTER_PASSWORD",
46-
"value": "{{.PG_MASTER_PASSWORD}}"
4741
}, {
4842
"name": "BACKUP_PATH",
4943
"value": "{{.BACKUP_PATH}}"
50-
}, {
51-
"name": "PG_USER",
52-
"value": "{{.PG_USER}}"
53-
}, {
54-
"name": "PG_PASSWORD",
55-
"value": "{{.PG_PASSWORD}}"
5644
}, {
5745
"name": "PG_DATABASE",
5846
"value": "{{.PG_DATABASE}}"
59-
}, {
60-
"name": "PG_ROOT_PASSWORD",
61-
"value": "{{.PG_ROOT_PASSWORD}}"
6247
}, {
6348
"name": "PGHOST",
6449
"value": "/tmp"

conf/postgres-operator/cluster/1/cluster-replica-deployment-1.json

Lines changed: 32 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -38,33 +38,29 @@
3838
}, {
3939
"name": "PG_MODE",
4040
"value": "slave"
41-
}, {
42-
"name": "PG_MASTER_USER",
43-
"value": "{{.PG_MASTER_USER}}"
44-
}, {
45-
"name": "PG_MASTER_PASSWORD",
46-
"value": "{{.PG_MASTER_PASSWORD}}"
47-
}, {
48-
"name": "PG_USER",
49-
"value": "{{.PG_USER}}"
50-
}, {
51-
"name": "PG_PASSWORD",
52-
"value": "{{.PG_PASSWORD}}"
5341
}, {
5442
"name": "PG_DATABASE",
5543
"value": "{{.PG_DATABASE}}"
56-
}, {
57-
"name": "PG_ROOT_PASSWORD",
58-
"value": "{{.PG_ROOT_PASSWORD}}"
5944
}, {
6045
"name": "PGHOST",
6146
"value": "/tmp"
6247
}],
63-
"volumeMounts": [{
48+
"volumeMounts": [
49+
{
6450
"mountPath": "/pgdata",
6551
"name": "pgdata",
6652
"readOnly": false
67-
}],
53+
}, {
54+
"mountPath": "/pguser",
55+
"name": "pguser-volume"
56+
}, {
57+
"mountPath": "/pgmaster",
58+
"name": "pgmaster-volume"
59+
}, {
60+
"mountPath": "/pgroot",
61+
"name": "pgroot-volume"
62+
}
63+
],
6864

6965
"ports": [{
7066
"containerPort": 5432,
@@ -73,12 +69,29 @@
7369
"resources": {},
7470
"imagePullPolicy": "IfNotPresent"
7571
}],
76-
"volumes": [{
72+
"volumes": [
73+
{
7774
"name": "pgdata",
7875
"persistentVolumeClaim": {
7976
"claimName": "{{.PVC_NAME}}"
8077
}
81-
}],
78+
}, {
79+
"name": "pguser-volume",
80+
"secret": {
81+
"secretName": "{{.PGUSER_SECRET_NAME}}"
82+
}
83+
}, {
84+
"name": "pgmaster-volume",
85+
"secret": {
86+
"secretName": "{{.PGMASTER_SECRET_NAME}}"
87+
}
88+
}, {
89+
"name": "pgroot-volume",
90+
"secret": {
91+
"secretName": "{{.PGROOT_SECRET_NAME}}"
92+
}
93+
}
94+
],
8295

8396
"restartPolicy": "Always",
8497
"dnsPolicy": "ClusterFirst"

docs/design.asciidoc

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,3 +100,12 @@ You can view the TPR Endpoints as follows:
100100
----
101101
curl https//192.168.42.30:8443/apis/crunchydata.com/v1/pgclusters --insecure
102102
----
103+
104+
== Persistent Volumes
105+
106+
Currently the operator does not delete persistent volumes, it will
107+
delete the claims on the volumes. The cleanup and allocation of
108+
PV (persistent volumes) is up to the administrator and insures that
109+
no data is deleted by the operator.
110+
111+

examples/operator/create-pv.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
1717

1818
echo "create the test PV and PVC using the HostPath dir"
19-
for i in {1..15}
19+
for i in {16..20}
2020
do
2121
echo "creating PV crunchy-pv-$i"
2222
export COUNTER=$i

operator/cluster/cluster.go

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -48,16 +48,16 @@ type ServiceTemplateFields struct {
4848
}
4949

5050
type DeploymentTemplateFields struct {
51-
Name string
52-
ClusterName string
53-
Port string
54-
CCP_IMAGE_TAG string
55-
PG_MASTER_USER string
56-
PG_MASTER_PASSWORD string
57-
PG_USER string
58-
PG_PASSWORD string
59-
PG_DATABASE string
60-
PG_ROOT_PASSWORD string
51+
Name string
52+
ClusterName string
53+
Port string
54+
CCP_IMAGE_TAG string
55+
// PG_MASTER_USER string
56+
// PG_MASTER_PASSWORD string
57+
// PG_USER string
58+
// PG_PASSWORD string
59+
PG_DATABASE string
60+
// PG_ROOT_PASSWORD string
6161
PGDATA_PATH_OVERRIDE string
6262
PVC_NAME string
6363
BACKUP_PVC_NAME string

operator/cluster/cluster_strategy_1.go

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -119,20 +119,20 @@ func (r ClusterStrategy1) AddCluster(clientset *kubernetes.Clientset, client *re
119119

120120
//create the master deployment
121121
deploymentFields := DeploymentTemplateFields{
122-
Name: cl.Spec.Name,
123-
ClusterName: cl.Spec.Name,
124-
Port: cl.Spec.Port,
125-
CCP_IMAGE_TAG: cl.Spec.CCP_IMAGE_TAG,
126-
PVC_NAME: cl.Spec.PVC_NAME,
127-
BACKUP_PVC_NAME: cl.Spec.BACKUP_PVC_NAME,
128-
BACKUP_PATH: cl.Spec.BACKUP_PATH,
129-
PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
130-
PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
122+
Name: cl.Spec.Name,
123+
ClusterName: cl.Spec.Name,
124+
Port: cl.Spec.Port,
125+
CCP_IMAGE_TAG: cl.Spec.CCP_IMAGE_TAG,
126+
PVC_NAME: cl.Spec.PVC_NAME,
127+
BACKUP_PVC_NAME: cl.Spec.BACKUP_PVC_NAME,
128+
BACKUP_PATH: cl.Spec.BACKUP_PATH,
129+
//PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
130+
//PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
131131
PGDATA_PATH_OVERRIDE: cl.Spec.Name,
132-
PG_USER: cl.Spec.PG_USER,
133-
PG_PASSWORD: cl.Spec.PG_PASSWORD,
134-
PG_DATABASE: cl.Spec.PG_DATABASE,
135-
PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
132+
//PG_USER: cl.Spec.PG_USER,
133+
//PG_PASSWORD: cl.Spec.PG_PASSWORD,
134+
PG_DATABASE: cl.Spec.PG_DATABASE,
135+
//PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
136136
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
137137
PGROOT_SECRET_NAME: cl.Spec.PGROOT_SECRET_NAME,
138138
PGMASTER_SECRET_NAME: cl.Spec.PGMASTER_SECRET_NAME,
@@ -163,18 +163,18 @@ func (r ClusterStrategy1) AddCluster(clientset *kubernetes.Clientset, client *re
163163

164164
//create the replica deployment
165165
replicaDeploymentFields := DeploymentTemplateFields{
166-
Name: cl.Spec.Name + REPLICA_SUFFIX,
167-
ClusterName: cl.Spec.Name,
168-
Port: cl.Spec.Port,
169-
CCP_IMAGE_TAG: cl.Spec.CCP_IMAGE_TAG,
170-
PVC_NAME: cl.Spec.PVC_NAME,
171-
PG_MASTER_HOST: cl.Spec.PG_MASTER_HOST,
172-
PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
173-
PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
174-
PG_USER: cl.Spec.PG_USER,
175-
PG_PASSWORD: cl.Spec.PG_PASSWORD,
176-
PG_DATABASE: cl.Spec.PG_DATABASE,
177-
PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
166+
Name: cl.Spec.Name + REPLICA_SUFFIX,
167+
ClusterName: cl.Spec.Name,
168+
Port: cl.Spec.Port,
169+
CCP_IMAGE_TAG: cl.Spec.CCP_IMAGE_TAG,
170+
PVC_NAME: cl.Spec.PVC_NAME,
171+
PG_MASTER_HOST: cl.Spec.PG_MASTER_HOST,
172+
//PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
173+
//PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
174+
//PG_USER: cl.Spec.PG_USER,
175+
//PG_PASSWORD: cl.Spec.PG_PASSWORD,
176+
PG_DATABASE: cl.Spec.PG_DATABASE,
177+
//PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
178178
REPLICAS: cl.Spec.REPLICAS,
179179
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
180180
PGROOT_SECRET_NAME: cl.Spec.PGROOT_SECRET_NAME,

operator/cluster/upgrade_strategy_1.go

Lines changed: 65 additions & 53 deletions
Original file line numberDiff line numberDiff line change
@@ -72,20 +72,23 @@ func (r ClusterStrategy1) MinorUpgrade(clientset *kubernetes.Clientset, tprclien
7272
//create the master deployment
7373

7474
deploymentFields := DeploymentTemplateFields{
75-
Name: cl.Spec.Name,
76-
ClusterName: cl.Spec.Name,
77-
Port: cl.Spec.Port,
78-
CCP_IMAGE_TAG: upgrade.Spec.CCP_IMAGE_TAG,
79-
PVC_NAME: cl.Spec.PVC_NAME,
80-
BACKUP_PVC_NAME: cl.Spec.BACKUP_PVC_NAME,
81-
PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
82-
PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
75+
Name: cl.Spec.Name,
76+
ClusterName: cl.Spec.Name,
77+
Port: cl.Spec.Port,
78+
CCP_IMAGE_TAG: upgrade.Spec.CCP_IMAGE_TAG,
79+
PVC_NAME: cl.Spec.PVC_NAME,
80+
BACKUP_PVC_NAME: cl.Spec.BACKUP_PVC_NAME,
81+
//PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
82+
//PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
8383
PGDATA_PATH_OVERRIDE: cl.Spec.Name,
84-
PG_USER: cl.Spec.PG_USER,
85-
PG_PASSWORD: cl.Spec.PG_PASSWORD,
86-
PG_DATABASE: cl.Spec.PG_DATABASE,
87-
PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
88-
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
84+
//PG_USER: cl.Spec.PG_USER,
85+
PGROOT_SECRET_NAME: cl.Spec.PGROOT_SECRET_NAME,
86+
PGUSER_SECRET_NAME: cl.Spec.PGUSER_SECRET_NAME,
87+
PGMASTER_SECRET_NAME: cl.Spec.PGMASTER_SECRET_NAME,
88+
//PG_PASSWORD: cl.Spec.PG_PASSWORD,
89+
PG_DATABASE: cl.Spec.PG_DATABASE,
90+
//PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
91+
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
8992
}
9093

9194
err = DeploymentTemplate1.Execute(&masterDoc, deploymentFields)
@@ -112,20 +115,23 @@ func (r ClusterStrategy1) MinorUpgrade(clientset *kubernetes.Clientset, tprclien
112115

113116
//create the replica deployment
114117
replicaDeploymentFields := DeploymentTemplateFields{
115-
Name: replicaName,
116-
ClusterName: cl.Spec.Name,
117-
Port: cl.Spec.Port,
118-
CCP_IMAGE_TAG: upgrade.Spec.CCP_IMAGE_TAG,
119-
PVC_NAME: cl.Spec.PVC_NAME,
120-
PG_MASTER_HOST: cl.Spec.PG_MASTER_HOST,
121-
PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
122-
PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
123-
PG_USER: cl.Spec.PG_USER,
124-
PG_PASSWORD: cl.Spec.PG_PASSWORD,
125-
PG_DATABASE: cl.Spec.PG_DATABASE,
126-
PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
127-
REPLICAS: cl.Spec.REPLICAS,
128-
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
118+
Name: replicaName,
119+
ClusterName: cl.Spec.Name,
120+
Port: cl.Spec.Port,
121+
CCP_IMAGE_TAG: upgrade.Spec.CCP_IMAGE_TAG,
122+
PVC_NAME: cl.Spec.PVC_NAME,
123+
PG_MASTER_HOST: cl.Spec.PG_MASTER_HOST,
124+
//PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
125+
//PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
126+
//PG_USER: cl.Spec.PG_USER,
127+
//PG_PASSWORD: cl.Spec.PG_PASSWORD,
128+
PG_DATABASE: cl.Spec.PG_DATABASE,
129+
PGROOT_SECRET_NAME: cl.Spec.PGROOT_SECRET_NAME,
130+
PGUSER_SECRET_NAME: cl.Spec.PGUSER_SECRET_NAME,
131+
PGMASTER_SECRET_NAME: cl.Spec.PGMASTER_SECRET_NAME,
132+
//PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
133+
REPLICAS: cl.Spec.REPLICAS,
134+
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
129135
}
130136

131137
err = ReplicaDeploymentTemplate1.Execute(&replicaDoc, replicaDeploymentFields)
@@ -234,20 +240,23 @@ func (r ClusterStrategy1) MajorUpgradeFinalize(clientset *kubernetes.Clientset,
234240

235241
//start the master deployment
236242
deploymentFields := DeploymentTemplateFields{
237-
Name: cl.Spec.Name,
238-
ClusterName: cl.Spec.Name,
239-
Port: cl.Spec.Port,
240-
CCP_IMAGE_TAG: upgrade.Spec.CCP_IMAGE_TAG,
241-
PVC_NAME: upgrade.Spec.NEW_PVC_NAME,
242-
BACKUP_PVC_NAME: upgrade.Spec.BACKUP_PVC_NAME,
243-
PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
244-
PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
243+
Name: cl.Spec.Name,
244+
ClusterName: cl.Spec.Name,
245+
Port: cl.Spec.Port,
246+
CCP_IMAGE_TAG: upgrade.Spec.CCP_IMAGE_TAG,
247+
PVC_NAME: upgrade.Spec.NEW_PVC_NAME,
248+
BACKUP_PVC_NAME: upgrade.Spec.BACKUP_PVC_NAME,
249+
//PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
250+
//PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
245251
PGDATA_PATH_OVERRIDE: upgrade.Spec.NEW_DATABASE_NAME,
246-
PG_USER: cl.Spec.PG_USER,
247-
PG_PASSWORD: cl.Spec.PG_PASSWORD,
252+
//PG_USER: cl.Spec.PG_USER,
253+
//PG_PASSWORD: cl.Spec.PG_PASSWORD,
248254
PG_DATABASE: cl.Spec.PG_DATABASE,
249-
PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
250-
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
255+
PGROOT_SECRET_NAME: cl.Spec.PGROOT_SECRET_NAME,
256+
PGUSER_SECRET_NAME: cl.Spec.PGUSER_SECRET_NAME,
257+
PGMASTER_SECRET_NAME: cl.Spec.PGMASTER_SECRET_NAME,
258+
//PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
259+
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
251260
}
252261

253262
err = DeploymentTemplate1.Execute(&masterDoc, deploymentFields)
@@ -275,20 +284,23 @@ func (r ClusterStrategy1) MajorUpgradeFinalize(clientset *kubernetes.Clientset,
275284
//start the replica deployment
276285

277286
replicaDeploymentFields := DeploymentTemplateFields{
278-
Name: cl.Spec.Name + REPLICA_SUFFIX,
279-
ClusterName: cl.Spec.Name,
280-
Port: cl.Spec.Port,
281-
CCP_IMAGE_TAG: upgrade.Spec.CCP_IMAGE_TAG,
282-
PVC_NAME: cl.Spec.PVC_NAME,
283-
PG_MASTER_HOST: cl.Spec.PG_MASTER_HOST,
284-
PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
285-
PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
286-
PG_USER: cl.Spec.PG_USER,
287-
PG_PASSWORD: cl.Spec.PG_PASSWORD,
288-
PG_DATABASE: cl.Spec.PG_DATABASE,
289-
PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
290-
REPLICAS: cl.Spec.REPLICAS,
291-
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
287+
Name: cl.Spec.Name + REPLICA_SUFFIX,
288+
ClusterName: cl.Spec.Name,
289+
Port: cl.Spec.Port,
290+
CCP_IMAGE_TAG: upgrade.Spec.CCP_IMAGE_TAG,
291+
PVC_NAME: cl.Spec.PVC_NAME,
292+
PG_MASTER_HOST: cl.Spec.PG_MASTER_HOST,
293+
//PG_MASTER_USER: cl.Spec.PG_MASTER_USER,
294+
//PG_MASTER_PASSWORD: cl.Spec.PG_MASTER_PASSWORD,
295+
//PG_USER: cl.Spec.PG_USER,
296+
//PG_PASSWORD: cl.Spec.PG_PASSWORD,
297+
PG_DATABASE: cl.Spec.PG_DATABASE,
298+
PGROOT_SECRET_NAME: cl.Spec.PGROOT_SECRET_NAME,
299+
PGUSER_SECRET_NAME: cl.Spec.PGUSER_SECRET_NAME,
300+
PGMASTER_SECRET_NAME: cl.Spec.PGMASTER_SECRET_NAME,
301+
//PG_ROOT_PASSWORD: cl.Spec.PG_ROOT_PASSWORD,
302+
REPLICAS: cl.Spec.REPLICAS,
303+
SECURITY_CONTEXT: util.CreateSecContext(cl.Spec.FS_GROUP, cl.Spec.SUPPLEMENTAL_GROUPS),
292304
}
293305

294306
err = ReplicaDeploymentTemplate1.Execute(&replicaDoc, replicaDeploymentFields)

0 commit comments

Comments
 (0)