K8SPG 741

Makefile

@@ -349,6 +349,11 @@ generate-cw-manager:
 	cd ./config/manager/cluster && $(KUSTOMIZE) edit set image postgres-operator=$(IMAGE)
 	$(KUSTOMIZE) build ./config/manager/cluster/ > ./deploy/cw-operator.yaml
 
+CONTROLLER ?= hack/tools/controller-gen
+tools: tools/controller-gen
+tools/controller-gen:
+	$(call go-get-tool,$(CONTROLLER),sigs.k8s.io/controller-tools/cmd/[email protected])
+
 generate-cw-bundle:
 	cd ./config/cw-bundle/ && $(KUSTOMIZE) edit set image postgres-operator=$(IMAGE)
 	$(KUSTOMIZE) build ./config/cw-bundle/ > ./deploy/cw-bundle.yaml

config/manager/manager.yaml

@@ -18,28 +18,28 @@ spec:
               fieldPath: metadata.namespace
         - name: CRUNCHY_DEBUG
           value: "true"
-        - name: RELATED_IMAGE_POSTGRES_15
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.7-1"
-        - name: RELATED_IMAGE_POSTGRES_15_GIS_3.3
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-15.7-3.3-1"
         - name: RELATED_IMAGE_POSTGRES_16
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.4-2"
         - name: RELATED_IMAGE_POSTGRES_16_GIS_3.3
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.3-3.3-1"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.4-3.3-2"
         - name: RELATED_IMAGE_POSTGRES_16_GIS_3.4
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.3-3.4-1"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.4-3.4-2"
+        - name: RELATED_IMAGE_POSTGRES_17
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-17.0-0"
+        - name: RELATED_IMAGE_POSTGRES_17_GIS_3.4
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-17.0-3.4-0"
         - name: RELATED_IMAGE_PGADMIN
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-26"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-31"
         - name: RELATED_IMAGE_PGBACKREST
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.53.1-0"
         - name: RELATED_IMAGE_PGBOUNCER
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.22-1"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-0"
         - name: RELATED_IMAGE_PGEXPORTER
           value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:latest"
         - name: RELATED_IMAGE_PGUPGRADE
           value: "registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:latest"
         - name: RELATED_IMAGE_STANDALONE_PGADMIN
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-8.6-1"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-8.12-0"
         securityContext:
           allowPrivilegeEscalation: false
           capabilities: { drop: [ALL] }

examples/postgrescluster/postgrescluster.yaml

@@ -3,7 +3,6 @@ kind: PostgresCluster
 metadata:
   name: hippo
 spec:
-  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1
   postgresVersion: 16
   instances:
     - name: instance1
@@ -15,7 +14,6 @@ spec:
             storage: 1Gi
   backups:
     pgbackrest:
-      image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1
       repos:
       - name: repo1
         volume:
@@ -34,5 +32,4 @@ spec:
               requests:
                 storage: 1Gi
   proxy:
-    pgBouncer:
-      image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.22-1
+    pgBouncer: {}

internal/controller/postgrescluster/pgbackrest.go

@@ -552,8 +552,9 @@ func (r *Reconciler) setScheduledJobStatus(ctx context.Context,
 	for _, job := range jobList.Items {
 		// we only care about the scheduled backup Jobs created by the
 		// associated CronJobs
-		sbs := v1beta1.PGBackRestScheduledBackupStatus{}
 		if job.GetLabels()[naming.LabelPGBackRestCronJob] != "" {
+			sbs := v1beta1.PGBackRestScheduledBackupStatus{}
+
 			if len(job.OwnerReferences) > 0 {
 				sbs.CronJobName = job.OwnerReferences[0].Name
 			}

internal/patroni/config_test.go

@@ -708,24 +708,6 @@ func TestDynamicConfiguration(t *testing.T) {
 				},
 			},
 		},
-		{
-			name: "pg version 10",
-			cluster: &v1beta1.PostgresCluster{
-				Spec: v1beta1.PostgresClusterSpec{
-					PostgresVersion: 10,
-				},
-			},
-			expected: map[string]any{
-				"loop_wait": int32(10),
-				"ttl":       int32(30),
-				"postgresql": map[string]any{
-					"parameters":    map[string]any{},
-					"pg_hba":        []string{},
-					"use_pg_rewind": false,
-					"use_slots":     false,
-				},
-			},
-		},
 		{
 			name: "tde enabled",
 			cluster: &v1beta1.PostgresCluster{

internal/patroni/rbac.go

@@ -12,25 +12,25 @@ import (
 )
 
 // "list", "patch", and "watch" are required. Include "get" for good measure.
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="pods",verbs={get}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="pods",verbs={list,watch}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="pods",verbs={patch}
+// +kubebuilder:rbac:groups="",resources="pods",verbs={get}
+// +kubebuilder:rbac:groups="",resources="pods",verbs={list,watch}
+// +kubebuilder:rbac:groups="",resources="pods",verbs={patch}
 
 // TODO(cbandy): Separate these so that one can choose ConfigMap over Endpoints.
 
 // When using Endpoints for DCS, "create", "list", "patch", and "watch" are
 // required. Include "get" for good measure. The `patronictl scaffold` and
 // `patronictl remove` commands require "deletecollection".
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints",verbs={get}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints",verbs={create,deletecollection}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints",verbs={list,watch}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints",verbs={patch}
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="services",verbs={create}
+// +kubebuilder:rbac:groups="",resources="endpoints",verbs={get}
+// +kubebuilder:rbac:groups="",resources="endpoints",verbs={create,deletecollection}
+// +kubebuilder:rbac:groups="",resources="endpoints",verbs={list,watch}
+// +kubebuilder:rbac:groups="",resources="endpoints",verbs={patch}
+// +kubebuilder:rbac:groups="",resources="services",verbs={create}
 
 // The OpenShift RestrictedEndpointsAdmission plugin requires special
 // authorization to create Endpoints that contain Pod IPs.
 // - https://github.com/openshift/origin/pull/9383
-// +kubebuilder:rbac:namespace=patroni,groups="",resources="endpoints/restricted",verbs={create}
+// +kubebuilder:rbac:groups="",resources="endpoints/restricted",verbs={create}
 
 // Permissions returns the RBAC rules Patroni needs for cluster.
 func Permissions(cluster *v1beta1.PostgresCluster) []rbacv1.PolicyRule {

internal/pgbackrest/rbac.go

@@ -11,8 +11,8 @@ import (
 	"github.com/percona/percona-postgresql-operator/pkg/apis/postgres-operator.crunchydata.com/v1beta1"
 )
 
-// +kubebuilder:rbac:namespace=pgbackrest,groups="",resources="pods",verbs={list}
-// +kubebuilder:rbac:namespace=pgbackrest,groups="",resources="pods/exec",verbs={create}
+// +kubebuilder:rbac:groups="",resources="pods",verbs={list}
+// +kubebuilder:rbac:groups="",resources="pods/exec",verbs={create}
 
 // Permissions returns the RBAC rules pgBackRest needs for a cluster.
 func Permissions(cluster *v1beta1.PostgresCluster) []rbacv1.PolicyRule {

pkg/apis/postgres-operator.crunchydata.com/v1beta1/crunchy_bridgecluster_types.go

@@ -26,7 +26,7 @@ type CrunchyBridgeClusterSpec struct {
 
 	// Whether the cluster is protected. Protected clusters can't be destroyed until
 	// their protected flag is removed
-	// +optional
+	// +kubebuilder:validation:Optional
 	IsProtected bool `json:"isProtected,omitempty"`
 
 	// The name of the cluster
@@ -68,14 +68,14 @@ type CrunchyBridgeClusterSpec struct {
 	// are retrieved from the Bridge API. An empty list creates no role secrets.
 	// Removing a role from this list does NOT drop the role nor revoke their
 	// access, but it will delete that role's secret from the kube cluster.
+	// +kubebuilder:validation:Optional
 	// +listType=map
 	// +listMapKey=name
-	// +optional
 	Roles []*CrunchyBridgeClusterRoleSpec `json:"roles,omitempty"`
 
 	// The name of the secret containing the API key and team id
 	// +kubebuilder:validation:Required
-	Secret string `json:"secret,omitempty"`
+	Secret string `json:"secret"`
 
 	// The amount of storage available to the cluster in gigabytes.
 	// The amount must be an integer, followed by Gi (gibibytes) or G (gigabytes) to match Kubernetes conventions.
@@ -89,9 +89,11 @@ type CrunchyBridgeClusterSpec struct {
 type CrunchyBridgeClusterRoleSpec struct {
 	// Name of the role within Crunchy Bridge.
 	// More info: https://docs.crunchybridge.com/concepts/users
+	// +kubebuilder:validation:Required
 	Name string `json:"name"`
 
 	// The name of the Secret that will hold the role credentials.
+	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
 	// +kubebuilder:validation:MaxLength=253
 	// +kubebuilder:validation:Type=string

pkg/apis/postgres-operator.crunchydata.com/v1beta1/pgbackrest_types.go

@@ -49,15 +49,15 @@ type PGBackRestJobStatus struct {
 type PGBackRestScheduledBackupStatus struct {
 
 	// The name of the associated pgBackRest scheduled backup CronJob
-	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Optional
 	CronJobName string `json:"cronJobName,omitempty"`
 
 	// The name of the associated pgBackRest repository
-	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Optional
 	RepoName string `json:"repo,omitempty"`
 
 	// The pgBackRest backup type for this Job
-	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Optional
 	Type string `json:"type,omitempty"`
 
 	// Represents the time the manual backup Job was acknowledged by the Job controller.