Skip to content

Commit b499528

Browse files
committed
Labels and Annotations for Individual Services
This update adds support for labeling and annotating the Postgres, pgAdmin and pgBouncer services individually. This allows these services reconciled by PGO to have certain labels and/or annotations configured that are not set on any other PGO objects. Issue: [sc-14916] resolves: #3265
1 parent 74aa69c commit b499528

File tree

11 files changed

+339
-32
lines changed

11 files changed

+339
-32
lines changed

config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml

Lines changed: 41 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10426,6 +10426,19 @@ spec:
1042610426
service:
1042710427
description: Specification of the service that exposes PgBouncer.
1042810428
properties:
10429+
metadata:
10430+
description: Metadata contains metadata for PostgresCluster
10431+
resources
10432+
properties:
10433+
annotations:
10434+
additionalProperties:
10435+
type: string
10436+
type: object
10437+
labels:
10438+
additionalProperties:
10439+
type: string
10440+
type: object
10441+
type: object
1042910442
nodePort:
1043010443
description: The port on which this service is exposed
1043110444
when type is NodePort or LoadBalancer. Value must be
@@ -10435,14 +10448,13 @@ spec:
1043510448
format: int32
1043610449
type: integer
1043710450
type:
10451+
default: ClusterIP
1043810452
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
1043910453
enum:
1044010454
- ClusterIP
1044110455
- NodePort
1044210456
- LoadBalancer
1044310457
type: string
10444-
required:
10445-
- type
1044610458
type: object
1044710459
sidecars:
1044810460
description: Configuration for pgBouncer sidecar containers
@@ -10641,6 +10653,18 @@ spec:
1064110653
description: Specification of the service that exposes the PostgreSQL
1064210654
primary instance.
1064310655
properties:
10656+
metadata:
10657+
description: Metadata contains metadata for PostgresCluster resources
10658+
properties:
10659+
annotations:
10660+
additionalProperties:
10661+
type: string
10662+
type: object
10663+
labels:
10664+
additionalProperties:
10665+
type: string
10666+
type: object
10667+
type: object
1064410668
nodePort:
1064510669
description: The port on which this service is exposed when type
1064610670
is NodePort or LoadBalancer. Value must be in-range and not
@@ -10649,14 +10673,13 @@ spec:
1064910673
format: int32
1065010674
type: integer
1065110675
type:
10676+
default: ClusterIP
1065210677
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
1065310678
enum:
1065410679
- ClusterIP
1065510680
- NodePort
1065610681
- LoadBalancer
1065710682
type: string
10658-
required:
10659-
- type
1066010683
type: object
1066110684
shutdown:
1066210685
description: Whether or not the PostgreSQL cluster should be stopped.
@@ -11810,6 +11833,19 @@ spec:
1181011833
service:
1181111834
description: Specification of the service that exposes pgAdmin.
1181211835
properties:
11836+
metadata:
11837+
description: Metadata contains metadata for PostgresCluster
11838+
resources
11839+
properties:
11840+
annotations:
11841+
additionalProperties:
11842+
type: string
11843+
type: object
11844+
labels:
11845+
additionalProperties:
11846+
type: string
11847+
type: object
11848+
type: object
1181311849
nodePort:
1181411850
description: The port on which this service is exposed
1181511851
when type is NodePort or LoadBalancer. Value must be
@@ -11819,14 +11855,13 @@ spec:
1181911855
format: int32
1182011856
type: integer
1182111857
type:
11858+
default: ClusterIP
1182211859
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
1182311860
enum:
1182411861
- ClusterIP
1182511862
- NodePort
1182611863
- LoadBalancer
1182711864
type: string
11828-
required:
11829-
- type
1183011865
type: object
1183111866
tolerations:
1183211867
description: 'Tolerations of a pgAdmin pod. Changing this

docs/content/references/crd.md

Lines changed: 123 additions & 12 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/content/tutorial/connect-cluster.md

Lines changed: 32 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ When your Postgres cluster is initialized, PGO will bootstrap a database and Pos
4040

4141
All connections are over TLS. PGO provides its own certificate authority (CA) to allow you to securely connect your applications to your Postgres clusters. This allows you to use the [`verify-full` "SSL mode"](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) of Postgres, which provides eavesdropping protection and prevents MITM attacks. You can also choose to bring your own CA, which is described later in this tutorial in the [Customize Cluster]({{< relref "./customize-cluster.md" >}}) section.
4242

43-
### Modifying Service Type
43+
### Modifying Service Type, NodePort Value and Metadata
4444

4545
By default, PGO deploys Services with the `ClusterIP` Service type. Based on how you want to expose your database,
4646
you may want to modify the Services to use a different
@@ -53,17 +53,23 @@ You can modify the Services that PGO manages from the following attributes:
5353
- `spec.proxy.pgBouncer.service` - this manages the Service for connecting to the PgBouncer connection pooler.
5454
- `spec.userInterface.pgAdmin.service` - this manages the Service for connecting to the pgAdmin management tool.
5555

56-
For example, to set the Postgres primary to use a `NodePort` service and specific `nodePort` value, you would add the
57-
following to your manifest:
56+
For example, say you want to set the Postgres primary to use a `NodePort` service, a specific `nodePort` value, and set
57+
a specific annotation and label, you would add the following to your manifest:
5858

5959
```yaml
6060
spec:
6161
service:
62+
metadata:
63+
annotations:
64+
my-annotation: value1
65+
labels:
66+
my-label: value2
6267
type: NodePort
6368
nodePort: 32000
6469
```
6570
66-
For our `hippo` cluster, you would see the Service type and nodePort modification. For example:
71+
For our `hippo` cluster, you would see the Service type and nodePort modification as well as the annotation and label.
72+
For example:
6773

6874
```
6975
kubectl -n postgres-operator get svc --selector=postgres-operator.crunchydata.com/cluster=hippo
@@ -80,8 +86,28 @@ hippo-primary ClusterIP None <none> 5432/TCP 48s
8086
hippo-replicas ClusterIP 10.106.18.99 <none> 5432/TCP 48s
8187
```
8288

83-
Note that setting the `nodePort` value is not allowed when using the `ClusterIP` type, and it must be in-range and
84-
not otherwise in use or the operation will fail. Also, if you are exposing your Services externally and are relying on TLS
89+
and the top of the output from running
90+
91+
```
92+
kubectl -n postgres-operator describe svc hippo-ha
93+
```
94+
95+
will show our custom annotation and label have been added:
96+
97+
```
98+
Name: hippo-ha
99+
Namespace: postgres-operator
100+
Labels: my-label=value2
101+
postgres-operator.crunchydata.com/cluster=hippo
102+
postgres-operator.crunchydata.com/patroni=hippo-ha
103+
Annotations: my-annotation: value1
104+
```
105+
106+
Note that setting the `nodePort` value is not allowed when using the (default) `ClusterIP` type, and it must be in-range
107+
and not otherwise in use or the operation will fail. Additionally, be aware that any annotations or labels provided here
108+
will win in case of conflicts with any annotations or labels a user configures elsewhere.
109+
110+
Finally, if you are exposing your Services externally and are relying on TLS
85111
verification, you will need to use the [custom TLS]({{< relref "tutorial/customize-cluster.md" >}}#customize-tls)
86112
features of PGO).
87113

internal/controller/postgrescluster/patroni.go

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -237,7 +237,17 @@ func (r *Reconciler) generatePatroniLeaderLeaseService(
237237
service.Annotations = naming.Merge(
238238
cluster.Spec.Metadata.GetAnnotationsOrNil())
239239
service.Labels = naming.Merge(
240-
cluster.Spec.Metadata.GetLabelsOrNil(),
240+
cluster.Spec.Metadata.GetLabelsOrNil())
241+
242+
if spec := cluster.Spec.Service; spec != nil {
243+
service.Annotations = naming.Merge(service.Annotations,
244+
spec.Metadata.GetAnnotationsOrNil())
245+
service.Labels = naming.Merge(service.Labels,
246+
spec.Metadata.GetLabelsOrNil())
247+
}
248+
249+
// add our labels last so they aren't overwritten
250+
service.Labels = naming.Merge(service.Labels,
241251
map[string]string{
242252
naming.LabelCluster: cluster.Name,
243253
naming.LabelPatroni: naming.PatroniScope(cluster),

0 commit comments

Comments
 (0)