Add CRD configuration to Helm chart values.yaml (zalando#559)

* add templates for CRDs incl. crd-install hooks
* support both config styles in values.yaml
* fix ServiceAccount naming in values.yaml

Author: FxKu

charts/postgres-operator/Chart.yaml

@@ -1,13 +1,18 @@
 apiVersion: v1
 name: postgres-operator
-version: 0.1.0
-appVersion: 1.1.0
+version: 1.2.0
+appVersion: 1.2.0
 home: https://github.com/zalando/postgres-operator
 description: Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
 keywords:
 - postgres
 - operator
+- cloud-native
+- patroni
+- spilo
 maintainers:
+- name: Zalando
+  email: [email protected]
 - name: kimxogus
   email: [email protected]
 sources:

charts/postgres-operator/templates/clusterrole.yaml

@@ -2,7 +2,11 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
   labels:
     app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
     helm.sh/chart: {{ template "postgres-operator.chart" . }}
@@ -140,7 +144,11 @@ rules:
   verbs:
   - bind
   resourceNames:
-  - {{ template "postgres-operator.fullname" . }}
+  - {{- if eq .Values.serviceAccount.name "" }}
+      {{ template "postgres-operator.fullname" . }}
+    {{- else }}
+      {{ .Values.serviceAccount.name }}
+    {{- end }}
 - apiGroups:
   - batch
   resources:

charts/postgres-operator/templates/clusterrolebinding.yaml

@@ -2,7 +2,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
   labels:
     app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
     helm.sh/chart: {{ template "postgres-operator.chart" . }}
@@ -11,11 +15,19 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
 subjects:
 - kind: ServiceAccount
 # note: the cluster role binding needs to be defined
 # for every namespace the operator service account lives in.
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
   namespace: {{ .Release.Namespace }}
 {{ end }}

charts/postgres-operator/templates/configmap.yaml

@@ -8,5 +8,25 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
 data:
-  pod_service_account_name: {{ template "postgres-operator.fullname" . }}
-{{ toYaml .Values.config | indent 2 }}
+  pod_service_account_name: {{- if eq .Values.serviceAccount.name "" }}
+                                {{ template "postgres-operator.fullname" . }}
+                            {{- else }}
+                                {{ .Values.serviceAccount.name }}
+                            {{- end }}
+  api_port: "{{ .Values.configLoggingRestApi.api_port }}"
+  cluster_history_entries: "{{ .Values.configLoggingRestApi.cluster_history_entries }}"
+  docker_image: {{ .Values.docker_image }}
+  debug_logging: "{{ .Values.configDebug.debug_logging }}"
+  enable_database_access: "{{ .Values.configDebug.enable_database_access }}"
+  repair_period: {{ .Values.repair_period }}
+  resync_period: {{ .Values.resync_period }}
+  ring_log_lines: "{{ .Values.configLoggingRestApi.ring_log_lines }}"
+  spilo_privileged: "{{ .Values.spilo_privileged }}"
+  workers: "{{ .Values.workers }}"
+{{ toYaml .Values.configMap | indent 2 }}
+{{ toYaml .Values.configUsers | indent 2 }}
+{{ toYaml .Values.configKubernetes | indent 2 }}
+{{ toYaml .Values.configTimeouts | indent 2 }}
+{{ toYaml .Values.configLoadBalancer | indent 2 }}
+{{ toYaml .Values.configAwsOrGcp | indent 2 }}
+{{ toYaml .Values.configTeamsApi | indent 2 }}

charts/postgres-operator/templates/customrresourcedefinition.yaml

@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: postgresqls.acid.zalan.do
+  annotations:
+    "helm.sh/hook": crd-install
+spec:
+  group: acid.zalan.do
+  names:
+    kind: postgresql
+    listKind: postgresqlList
+    plural: postgresqls
+    singular: postgresql
+    shortNames:
+    - pg
+  scope: Namespaced
+  subresources:
+    status: {}
+  version: v1
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: operatorconfigurations.acid.zalan.do
+  annotations:
+    "helm.sh/hook": crd-install
+spec:
+  group: acid.zalan.do
+  names:
+    kind: OperatorConfiguration
+    listKind: OperatorConfigurationList
+    plural: operatorconfigurations
+    singular: operatorconfiguration
+    shortNames:
+    - pgc
+  scope: Namespaced
+  subresources:
+    status: {}
+  version: v1

charts/postgres-operator/templates/deployment.yaml

@@ -17,6 +17,8 @@ spec:
     metadata:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        # In order to use the checksum of CRD OperatorConfiguration instead, use the following line instead
+        # {{ include (print $.Template.BasePath "/operatorconfiguration.yaml") . | sha256sum }}
     {{- if .Values.podAnnotations }}
 {{ toYaml .Values.podAnnotations | indent 8 }}
     {{- end }}
@@ -27,14 +29,21 @@ spec:
 {{ toYaml .Values.podLabels | indent 8 }}
       {{- end }}
     spec:
-      serviceAccountName: {{ template "postgres-operator.fullname" . }}
+      serviceAccountName: {{- if eq .Values.serviceAccount.name "" }}
+                            {{ template "postgres-operator.fullname" . }}
+                          {{- else }}
+                            {{ .Values.serviceAccount.name }}
+                          {{- end }}
       containers:
       - name: {{ .Chart.Name }}
         image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         env:
         - name: CONFIG_MAP_NAME
           value: {{ template "postgres-operator.fullname" . }}
+        # In order to use the CRD OperatorConfiguration instead, uncomment these lines and comment out the two lines above
+        # - name: POSTGRES_OPERATOR_CONFIGURATION_OBJECT
+        #  value: {{ template "postgres-operator.fullname" . }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}
       {{- if .Values.imagePullSecrets }}

charts/postgres-operator/templates/operatorconfiguration.yaml

@@ -0,0 +1,41 @@
+apiVersion: "acid.zalan.do/v1"
+kind: OperatorConfiguration
+metadata:
+  name: {{ template "postgres-operator.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
+    helm.sh/chart: {{ template "postgres-operator.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+configuration:
+  docker_image: {{ .Values.docker_image }}
+  repair_period: {{ .Values.repair_period }}
+  resync_period: {{ .Values.resync_period }}
+  workers: {{ .Values.workers }}
+{{ toYaml .Values.configCRD | indent 2 }}
+  users:
+{{ toYaml .Values.configUsers | indent 4 }}
+  kubernetes:
+    oauth_token_secret_name: {{ template "postgres-operator.fullname" . }}
+    pod_service_account_name: operator
+    spilo_privileged: {{ .Values.spilo_privileged }}
+{{ toYaml .Values.configKubernetes | indent 4 }}
+{{ toYaml .Values.configKubernetesCRD | indent 4 }}
+  postgres_pod_resources:
+{{ toYaml .Values.configPostgresPodResources | indent 4 }}
+  timeouts:
+{{ toYaml .Values.configTimeouts | indent 4 }}
+  load_balancer:
+{{ toYaml .Values.configLoadBalancerCRD | indent 4 }}
+  aws_or_gcp:
+{{ toYaml .Values.configAwsOrGcp | indent 4 }}
+  logical_backup:
+{{ toYaml .Values.configLogicalBackup | indent 4 }}
+  debug:
+{{ toYaml .Values.configDebug | indent 4 }}
+  teams_api:
+{{ toYaml .Values.configTeamsApiCRD | indent 4 }}
+  logging_rest_api:
+{{ toYaml .Values.configLoggingRestApi | indent 4 }}
+  scalyr:
+{{ toYaml .Values.configScalyr | indent 4 }}

charts/postgres-operator/templates/serviceaccount.yaml

@@ -2,7 +2,11 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "postgres-operator.fullname" . }}
+  name: {{- if eq .Values.serviceAccount.name "" }}
+            {{ template "postgres-operator.fullname" . }}
+        {{- else }}
+            {{ .Values.serviceAccount.name }}
+        {{- end }}
   labels:
     app.kubernetes.io/name: {{ template "postgres-operator.name" . }}
     helm.sh/chart: {{ template "postgres-operator.chart" . }}