polish global config about sharing postgresql-run socket (zalando#2155)

* polish global config about sharing postgresql-run socket

Author: FxKu

charts/postgres-operator/crds/operatorconfigurations.yaml

@@ -314,6 +314,9 @@ spec:
                   secret_name_template:
                     type: string
                     default: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
+                  share_pgsocket_with_sidecars:
+                    type: boolean
+                    default: false
                   spilo_allow_privilege_escalation:
                     type: boolean
                     default: true

charts/postgres-operator/values.yaml

@@ -191,9 +191,12 @@ configKubernetes:
   # if the user is in different namespace than cluster and cross namespace secrets
   # are enabled via `enable_cross_namespace_secret` flag in the configuration.
   secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
+  # sharing unix socket of PostgreSQL (`pg_socket`) with the sidecars
+  share_pgsocket_with_sidecars: false
   # set user and group for the spilo container (required to run Spilo as non-root process)
   # spilo_runasuser: 101
   # spilo_runasgroup: 103
+
   # group ID with write-access to volumes (required to run Spilo as non-root process)
   # spilo_fsgroup: 103
 

docs/reference/operator_parameters.md

@@ -344,7 +344,7 @@ configuration they are grouped under the `kubernetes` key.
   to run alongside Spilo on the same pod. Globally defined sidecars are always
   enabled. Default is true.
 
-* **share_pg_socket_with_sidecars**
+* **share_pgsocket_with_sidecars**
   global option to create an emptyDir volume named `postgresql-run`. This is
   mounted by all containers at `/var/run/postgresql` sharing the unix socket of
   PostgreSQL (`pg_socket`) with the sidecars this way.

docs/user.md

@@ -1008,11 +1008,39 @@ If you want to add a sidecar to every cluster managed by the operator, you can s
 
 ### Accessing the PostgreSQL socket from sidecars
 
-If enabled by the `share_pg_socket_with_sidecars` option in the operator
-configuration the PostgreSQL socket is placed in a volume of type
-`emptyDir` named `postgresql-run`.
-To allow access to the socket from any sidecar container simply add a
-VolumeMount to this volume to your sidecar spec.
+If enabled by the `share_pgsocket_with_sidecars` option in the operator
+configuration the PostgreSQL socket is placed in a volume of type `emptyDir`
+named `postgresql-run`. To allow access to the socket from any sidecar
+container simply add a VolumeMount to this volume to your sidecar spec.
+
+```yaml
+  - name: "container-name"
+    image: "company/image:tag"
+    volumeMounts:
+    - mountPath: /var/run
+      name: postgresql-run
+```
+
+If you do not want to globally enable this feature and only use it for single
+Postgres clusters, specify an `EmptyDir` volume under `additionalVolumes` in
+the manifest:
+
+```yaml
+spec:
+  additionalVolumes:
+  - name: postgresql-run
+    mountPath: /var/run/postgresql
+    targetContainers:
+    - all
+    volumeSource:
+      emptyDir: {}
+  sidecars: 
+  - name: "container-name"
+    image: "company/image:tag"
+    volumeMounts:
+    - mountPath: /var/run
+      name: postgresql-run
+```
 
 ## InitContainers Support
 

manifests/configmap.yaml

@@ -134,6 +134,7 @@ data:
   ring_log_lines: "100"
   role_deletion_suffix: "_deleted"
   secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
+  share_pgsocket_with_sidecars: "false"
   # sidecar_docker_images: ""
   # set_memory_request_to_limit: "false"
   spilo_allow_privilege_escalation: "true"

manifests/operatorconfiguration.crd.yaml

@@ -222,9 +222,6 @@ spec:
                     type: array
                     items:
                       type: string
-                  share_pg_socket_with_sidecars:
-                    type: boolean
-                    default: false
                   infrastructure_roles_secret_name:
                     type: string
                   infrastructure_roles_secrets:
@@ -312,6 +309,9 @@ spec:
                   secret_name_template:
                     type: string
                     default: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
+                  share_pgsocket_with_sidecars:
+                    type: boolean
+                    default: false
                   spilo_allow_privilege_escalation:
                     type: boolean
                     default: true

pkg/apis/acid.zalan.do/v1/crds.go

@@ -1289,9 +1289,6 @@ var OperatorConfigCRDResourceValidation = apiextv1.CustomResourceValidation{
 									},
 								},
 							},
-							"share_pg_socket_with_sidecars": {
-								Type: "boolean",
-							},
 							"infrastructure_roles_secret_name": {
 								Type: "string",
 							},
@@ -1419,6 +1416,9 @@ var OperatorConfigCRDResourceValidation = apiextv1.CustomResourceValidation{
 							"secret_name_template": {
 								Type: "string",
 							},
+							"share_pgsocket_with_sidecars": {
+								Type: "boolean",
+							},
 							"spilo_runasuser": {
 								Type: "integer",
 							},

pkg/apis/acid.zalan.do/v1/operator_configuration_type.go

@@ -72,7 +72,7 @@ type KubernetesMetaConfiguration struct {
 	StorageResizeMode                      string                       `json:"storage_resize_mode,omitempty"`
 	EnableInitContainers                   *bool                        `json:"enable_init_containers,omitempty"`
 	EnableSidecars                         *bool                        `json:"enable_sidecars,omitempty"`
-	SharePGSocketWithSidecars              *bool                        `json:"share_pgsocket_with_sidecars,omitempty"`
+	SharePgSocketWithSidecars              *bool                        `json:"share_pgsocket_with_sidecars,omitempty"`
 	SecretNameTemplate                     config.StringTemplate        `json:"secret_name_template,omitempty"`
 	ClusterDomain                          string                       `json:"cluster_domain,omitempty"`
 	OAuthTokenSecretName                   spec.NamespacedName          `json:"oauth_token_secret_name,omitempty"`

pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go

@@ -723,7 +723,7 @@ func (c *Cluster) generatePodTemplate(
 	spiloContainer *v1.Container,
 	initContainers []v1.Container,
 	sidecarContainers []v1.Container,
-	sharePGSocketWithSidecars *bool,
+	sharePgSocketWithSidecars *bool,
 	tolerationsSpec *[]v1.Toleration,
 	spiloRunAsUser *int64,
 	spiloRunAsGroup *int64,
@@ -792,7 +792,7 @@ func (c *Cluster) generatePodTemplate(
 		podSpec.PriorityClassName = priorityClassName
 	}
 
-	if sharePGSocketWithSidecars != nil && *sharePGSocketWithSidecars {
+	if sharePgSocketWithSidecars != nil && *sharePgSocketWithSidecars {
 		addVarRunVolume(&podSpec)
 	}
 
@@ -1378,7 +1378,7 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
 		spiloContainer,
 		initContainers,
 		sidecarContainers,
-		c.OpConfig.SharePGSocketWithSidecars,
+		c.OpConfig.SharePgSocketWithSidecars,
 		&tolerationSpec,
 		effectiveRunAsUser,
 		effectiveRunAsGroup,
@@ -1586,8 +1586,8 @@ func addVarRunVolume(podSpec *v1.PodSpec) {
 	for i := range podSpec.Containers {
 		mounts := append(podSpec.Containers[i].VolumeMounts,
 			v1.VolumeMount{
-				Name:      "postgresql-run",
-				MountPath: "/var/run/postgresql",
+				Name:      constants.RunVolumeName,
+				MountPath: constants.RunVolumePath,
 			})
 		podSpec.Containers[i].VolumeMounts = mounts
 	}