Add monitoring details

manifests/postgres-exp.yml

@@ -0,0 +1,35 @@
+apiVersion: cpo.opensource.cybertec.at/v1
+kind: postgresql
+metadata:
+  name: cluster-monitor
+spec:
+  monitor:
+    image: 'docker.io/cybertecpostgresql/cybertec-pg-container:exporter-16.1-1-dev-arm'
+  dockerImage: 'docker.io/cybertecpostgresql/cybertec-pg-container:postgres-16.1-5-dev-arm'
+  numberOfInstances: 1
+  postgresql:
+    version: '15'
+    parameters:
+      shared_preload_libraries: 'pg_stat_statements,pgnodemx'
+      password_encryption: "scram-sha-256"
+  # sidecars:
+  # - name: postgres-exporter
+  #   image: 'docker.io/cybertecpostgresql/cybertec-pg-container:exporter-16.1-1-dev-arm' 
+  #   ports:
+  #   - name: http
+  #     containerPort: 9187
+  #     protocol: TCP
+  #   users: 
+  #     cpo_exporter:
+  #     - login
+  resources:
+    limits:
+      cpu: 1500m
+      memory: 1500Mi
+    requests:
+      cpu: 1000m
+      memory: 1000Mi
+  teamId: acid
+  volume:
+    size: 5Gi
+    #storageClass: default-provisioner

pkg/apis/cpo.opensource.cybertec.at/v1/crds.go

@@ -1265,6 +1265,15 @@ var PostgresCRDResourceValidation = apiextv1.CustomResourceValidation{
 							},
 						},
 					},
+					"monitor": {
+						Type:     "object",
+						Nullable: true,
+						Properties: map[string]apiextv1.JSONSchemaProps{
+							"image": {
+								Type: "string",
+							},
+						},
+					},
 				},
 			},
 			"status": {

pkg/apis/cpo.opensource.cybertec.at/v1/postgresql_type.go

@@ -94,6 +94,7 @@ type PostgresSpec struct {
 	PodPriorityClassNameOld string         `json:"pod_priority_class_name,omitempty"`
 	Backup                  *Backup        `json:"backup,omitempty"`
 	TDE                     *TDE           `json:"tde,omitempty"`
+	Monitoring              *Monitoring    `json:"monitor,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -302,3 +303,8 @@ type Configuration struct {
 type TDE struct {
 	Enable bool `json:"enable"`
 }
+
+// Monitoring Sidecar defines a container to be run in the same pod as the Postgres container.
+type Monitoring struct {
+	Image string `json:"image,omitempty"`
+}

pkg/cluster/cluster.go

@@ -121,6 +121,16 @@ func New(cfg Config, kubeClient k8sutil.KubernetesClient, pgSpec acidv1.Postgres
 	if !ok {
 		passwordEncryption = "scram-sha-256"
 	}
+	if pgSpec.Spec.Monitoring != nil {
+		flg := acidv1.UserFlags{constants.RoleFlagLogin}
+		if pgSpec.Spec.Users != nil {
+			pgSpec.Spec.Users[monitorUsername] = flg
+		} else {
+			users := make(map[string]acidv1.UserFlags)
+			pgSpec.Spec.Users = users
+			pgSpec.Spec.Users[monitorUsername] = flg
+		}
+	}
 
 	cluster := &Cluster{
 		Config:         cfg,
@@ -342,6 +352,12 @@ func (c *Cluster) Create() (err error) {
 		}
 		c.logger.Info("a TDE secret was successfully created")
 	}
+	if c.Postgresql.Spec.Monitoring != nil {
+		if err := c.createMonitoringSecret(); err != nil {
+			return fmt.Errorf("could not create the monitoring secret: %v", err)
+		}
+		c.logger.Info("a monitoring secret was successfully created")
+	}
 
 	if c.Statefulset != nil {
 		return fmt.Errorf("statefulset already exists in the cluster")

pkg/cluster/k8sres.go

@@ -20,6 +20,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
+	acidzalando "github.com/cybertec-postgresql/CYBERTEC-pg-operator/tree/v0.7.0-rc5/pkg/apis/cpo.opensource.cybertec.at"
 	acidv1 "github.com/cybertec-postgresql/CYBERTEC-pg-operator/tree/v0.7.0-rc5/pkg/apis/cpo.opensource.cybertec.at/v1"
 	"github.com/cybertec-postgresql/CYBERTEC-pg-operator/tree/v0.7.0-rc5/pkg/spec"
 	"github.com/cybertec-postgresql/CYBERTEC-pg-operator/tree/v0.7.0-rc5/pkg/util"
@@ -44,6 +45,8 @@ const (
 	connectionPoolerContainer      = "connection-pooler"
 	pgPort                         = 5432
 	operatorPort                   = 8080
+	monitorPort                    = 9187
+	monitorUsername                = "cpo_exporter"
 )
 
 type pgUser struct {
@@ -872,6 +875,13 @@ func (c *Cluster) generatePodTemplate(
 	if additionalVolumes != nil {
 		c.addAdditionalVolumes(&podSpec, additionalVolumes)
 	}
+	if c.Postgresql.Spec.Monitoring != nil {
+		MonitoringLabels := c.labelsSet(false)
+
+		// TODO should be config values
+		MonitoringLabels["cpo_monitoring_stack"] = "true"
+		labels = MonitoringLabels
+	}
 
 	template := v1.PodTemplateSpec{
 		ObjectMeta: metav1.ObjectMeta{
@@ -995,6 +1005,9 @@ func (c *Cluster) generateSpiloPodEnvVars(
 		},
 		})
 	}
+	if spec.Monitoring != nil {
+		envVars = append(envVars, v1.EnvVar{Name: "cpo_monitoring_stack", Value: "true"})
+	}
 
 	if c.OpConfig.EnablePgVersionEnvVar {
 		envVars = append(envVars, v1.EnvVar{Name: "PGVERSION", Value: c.GetDesiredMajorVersion()})
@@ -2621,6 +2634,39 @@ func (c *Cluster) getTDESecretName() string {
 	return fmt.Sprintf("%s-tde", c.Name)
 }
 
+func (c *Cluster) getMonitoringSecretName() string {
+	return c.OpConfig.SecretNameTemplate.Format(
+		"username", "cpo-exporter",
+		"cluster", c.clusterName().Name,
+		"tprkind", acidv1.PostgresCRDResourceKind,
+		"tprgroup", acidzalando.GroupName)
+}
+
+func (c *Cluster) generateMonitoringEnvVars() []v1.EnvVar {
+	env := []v1.EnvVar{
+		{
+			Name:  "DATA_SOURCE_URI",
+			Value: "localhost:5432/postgres?sslmode=disable",
+		},
+		{
+			Name:  "DATA_SOURCE_USER",
+			Value: monitorUsername,
+		},
+		{
+			Name: "DATA_SOURCE_PASS",
+			ValueFrom: &v1.EnvVarSource{
+				SecretKeyRef: &v1.SecretKeySelector{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: c.getMonitoringSecretName(),
+					},
+					Key: "password",
+				},
+			},
+		},
+	}
+	return env
+}
+
 func (c *Cluster) getPgbackrestRestoreConfigmapName() (jobName string) {
 	return fmt.Sprintf("%s-pgbackrest-restore", c.Name)
 }

pkg/cluster/resources.go

@@ -13,6 +13,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
+	acidv1 "github.com/cybertec-postgresql/CYBERTEC-pg-operator/tree/v0.7.0-rc5/pkg/apis/cpo.opensource.cybertec.at/v1"
 	"github.com/cybertec-postgresql/CYBERTEC-pg-operator/tree/v0.7.0-rc5/pkg/util"
 	"github.com/cybertec-postgresql/CYBERTEC-pg-operator/tree/v0.7.0-rc5/pkg/util/k8sutil"
 	"github.com/cybertec-postgresql/CYBERTEC-pg-operator/tree/v0.7.0-rc5/pkg/util/retryutil"
@@ -79,6 +80,21 @@ func (c *Cluster) createStatefulSet() (*appsv1.StatefulSet, error) {
 		return nil, fmt.Errorf("sidecar containers specified but disabled in configuration")
 	}
 
+	if c.Spec.Monitoring != nil {
+		monitor := c.Spec.Monitoring
+		sidecar := &acidv1.Sidecar{
+			Name:        "postgres-exporter",
+			DockerImage: monitor.Image,
+			Ports: []v1.ContainerPort{
+				{
+					ContainerPort: monitorPort,
+					Protocol:      v1.ProtocolTCP,
+				},
+			},
+			Env: c.generateMonitoringEnvVars(),
+		}
+		c.Spec.Sidecars = append(c.Spec.Sidecars, *sidecar) //populate the sidecar spec so that the sidecar is automatically created
+	}
 	statefulSetSpec, err := c.generateStatefulSet(&c.Spec)
 	if err != nil {
 		return nil, fmt.Errorf("could not generate statefulset: %v", err)

pkg/cluster/sync.go

@@ -309,7 +309,21 @@ func (c *Cluster) syncStatefulSet() error {
 	if err != nil {
 		c.logger.Warnf("could not list pods of the statefulset: %v", err)
 	}
-
+	if c.Spec.Monitoring != nil {
+		monitor := c.Spec.Monitoring
+		sidecar := &acidv1.Sidecar{
+			Name:        "postgres-exporter",
+			DockerImage: monitor.Image,
+			Ports: []v1.ContainerPort{
+				{
+					ContainerPort: monitorPort,
+					Protocol:      v1.ProtocolTCP,
+				},
+			},
+			Env: c.generateMonitoringEnvVars(),
+		}
+		c.Spec.Sidecars = append(c.Spec.Sidecars, *sidecar) //populate the sidecar spec so that the sidecar is automatically created
+	}
 	// NB: Be careful to consider the codepath that acts on podsRollingUpdateRequired before returning early.
 	sset, err := c.KubeClient.StatefulSets(c.Namespace).Get(context.TODO(), c.statefulSetName(), metav1.GetOptions{})
 	if err != nil {
@@ -997,6 +1011,17 @@ func (c *Cluster) syncRoles() (err error) {
 	deletedUsers := map[string]string{}
 	newUsers = make(map[string]spec.PgUser)
 
+	if c.Spec.Monitoring != nil {
+		flg := acidv1.UserFlags{constants.RoleFlagLogin}
+		if c.Spec.Users != nil {
+			c.Spec.Users[monitorUsername] = flg
+		} else {
+			users := make(map[string]acidv1.UserFlags)
+			c.Spec.Users = users
+			c.Spec.Users[monitorUsername] = flg
+		}
+	}
+
 	// create list of database roles to query
 	for _, u := range c.pgUsers {
 		pgRole := u.Name
@@ -1415,3 +1440,33 @@ func (c *Cluster) createTDESecret() error {
 
 	return nil
 }
+
+func (c *Cluster) createMonitoringSecret() error {
+	c.logger.Info("creating Monitoring secret")
+	c.setProcessName("creating Monitoring secret")
+	generatedKey := make([]byte, 16)
+	rand.Read(generatedKey)
+
+	generatedSecret := v1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      c.getMonitoringSecretName(),
+			Namespace: c.Namespace,
+			Labels:    c.labelsSet(true),
+		},
+		Type: v1.SecretTypeOpaque,
+		Data: map[string][]byte{
+			"key": []byte(fmt.Sprintf("%x", generatedKey)),
+		},
+	}
+	secret, err := c.KubeClient.Secrets(generatedSecret.Namespace).Create(context.TODO(), &generatedSecret, metav1.CreateOptions{})
+	if err == nil {
+		c.Secrets[secret.UID] = secret
+		c.logger.Debugf("created new secret %s, namespace: %s, uid: %s", util.NameFromMeta(secret.ObjectMeta), generatedSecret.Namespace, secret.UID)
+	} else {
+		if !k8sutil.ResourceAlreadyExists(err) {
+			return fmt.Errorf("could not create secret for Monitoring %s: in namespace %s: %v", util.NameFromMeta(secret.ObjectMeta), generatedSecret.Namespace, err)
+		}
+	}
+
+	return nil
+}