Merge branch 'master' into update-postgres-exporter

.github/workflows/publish_ghcr_image.yaml

@@ -23,7 +23,7 @@ jobs:
 
       - uses: actions/setup-go@v2
         with:
-          go-version: "^1.22.5"
+          go-version: "^1.23.4"
 
       - name: Run unit tests
         run: make deps mocks test

.github/workflows/run_e2e.yaml

@@ -14,7 +14,7 @@ jobs:
     - uses: actions/checkout@v1
     - uses: actions/setup-go@v2
       with:
-          go-version: "^1.22.5"
+          go-version: "^1.23.4"
     - name: Make dependencies
       run: make deps mocks
     - name: Code generation

.github/workflows/run_tests.yaml

@@ -14,15 +14,15 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-          go-version: "^1.22.5"
+          go-version: "^1.23.4"
     - name: Make dependencies
       run: make deps mocks
     - name: Compile
       run: make linux
     - name: Run unit tests
       run: go test -race -covermode atomic -coverprofile=coverage.out ./...
     - name: Convert coverage to lcov
-      uses: jandelgado/gcov2lcov-action@v1.0.9
+      uses: jandelgado/gcov2lcov-action@v1.1.1
     - name: Coveralls
       uses: coverallsapp/github-action@master
       with:

.gitignore

@@ -104,3 +104,5 @@ e2e/tls
 mocks
 
 ui/.npm/
+
+.DS_Store

Makefile

@@ -69,7 +69,7 @@ docker: ${DOCKERDIR}/${DOCKERFILE}
 	docker build --rm -t "$(IMAGE):$(TAG)$(CDP_TAG)$(DEBUG_FRESH)$(DEBUG_POSTFIX)" -f "${DOCKERDIR}/${DOCKERFILE}" --build-arg VERSION="${VERSION}" .
 
 indocker-race:
-	docker run --rm -v "${GOPATH}":"${GOPATH}" -e GOPATH="${GOPATH}" -e RACE=1 -w ${PWD} golang:1.22.5 bash -c "make linux"
+	docker run --rm -v "${GOPATH}":"${GOPATH}" -e GOPATH="${GOPATH}" -e RACE=1 -w ${PWD} golang:1.23.4 bash -c "make linux"
 
 push:
 	docker push "$(IMAGE):$(TAG)$(CDP_TAG)"
@@ -78,7 +78,7 @@ mocks:
 	GO111MODULE=on go generate ./...
 
 tools:
-	GO111MODULE=on go get -d k8s.io/[email protected]
+	GO111MODULE=on go get k8s.io/[email protected]
 	GO111MODULE=on go install github.com/golang/mock/[email protected]
 	GO111MODULE=on go mod tidy
 

README.md

@@ -28,13 +28,13 @@ pipelines with no access to Kubernetes API directly, promoting infrastructure as
 
 ### PostgreSQL features
 
-* Supports PostgreSQL 16, starting from 12+
+* Supports PostgreSQL 17, starting from 13+
 * Streaming replication cluster via Patroni
 * Point-In-Time-Recovery with
-[pg_basebackup](https://www.postgresql.org/docs/16/app-pgbasebackup.html) /
+[pg_basebackup](https://www.postgresql.org/docs/17/app-pgbasebackup.html) /
 [WAL-E](https://github.com/wal-e/wal-e) via [Spilo](https://github.com/zalando/spilo)
 * Preload libraries: [bg_mon](https://github.com/CyberDem0n/bg_mon),
-[pg_stat_statements](https://www.postgresql.org/docs/16/pgstatstatements.html),
+[pg_stat_statements](https://www.postgresql.org/docs/17/pgstatstatements.html),
 [pgextwlist](https://github.com/dimitri/pgextwlist),
 [pg_auth_mon](https://github.com/RafiaSabih/pg_auth_mon)
 * Incl. popular Postgres extensions such as
@@ -57,12 +57,12 @@ production for over five years.
 
 | Release   | Postgres versions | K8s versions      | Golang  |
 | :-------- | :---------------: | :---------------: | :-----: |
+| v1.14.0   | 13 → 17      | 1.27+             | 1.23.4  |
 | v1.13.0   | 12 → 16      | 1.27+             | 1.22.5  |
 | v1.12.0   | 11 → 16      | 1.27+             | 1.22.3  |
 | v1.11.0   | 11 → 16      | 1.27+             | 1.21.7  |
 | v1.10.1   | 10 → 15      | 1.21+             | 1.19.8  |
 | v1.9.0    | 10 → 15      | 1.21+             | 1.18.9  |
-| v1.8.2    | 9.5 → 14     | 1.20 → 1.24  | 1.17.4  |
 
 ## Getting started
 

charts/postgres-operator-ui/templates/deployment.yaml

@@ -9,7 +9,7 @@ metadata:
   name: {{ template "postgres-operator-ui.fullname" . }}
   namespace: {{ .Release.Namespace }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ template "postgres-operator-ui.name" . }}
@@ -84,11 +84,11 @@ spec:
                   "limit_iops": 16000,
                   "limit_throughput": 1000,
                   "postgresql_versions": [
+                    "17",
                     "16",
                     "15",
                     "14",
-                    "13",
-                    "12"
+                    "13"
                   ]
                 }
             {{- if .Values.extraEnvs }}
@@ -102,4 +102,4 @@ spec:
 {{ toYaml .Values.tolerations | indent 8 }}
     {{- if .Values.priorityClassName }}
       priorityClassName: {{ .Values.priorityClassName }}
-    {{- end }}
+    {{- end }}

charts/postgres-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-operator
-version: 1.13.0
+version: 1.14.0
 appVersion: 1.13.0
 home: https://github.com/zalando/postgres-operator
 description: Postgres Operator creates and manages PostgreSQL clusters running in Kubernetes

charts/postgres-operator/crds/operatorconfigurations.yaml

@@ -68,7 +68,7 @@ spec:
                   type: string
               docker_image:
                 type: string
-                default: "ghcr.io/zalando/spilo-16:3.3-p1"
+                default: "ghcr.io/zalando/spilo-17:4.0-p2"
               enable_crd_registration:
                 type: boolean
                 default: true
@@ -167,10 +167,10 @@ spec:
                       type: string
                   minimal_major_version:
                     type: string
-                    default: "12"
+                    default: "13"
                   target_major_version:
                     type: string
-                    default: "16"
+                    default: "17"
               kubernetes:
                 type: object
                 properties:
@@ -376,28 +376,28 @@ spec:
                 properties:
                   default_cpu_limit:
                     type: string
-                    pattern: '^(\d+m|\d+(\.\d{1,3})?)$'
+                    pattern: '^(\d+m|\d+(\.\d{1,3})?)$|^$'
                   default_cpu_request:
                     type: string
-                    pattern: '^(\d+m|\d+(\.\d{1,3})?)$'
+                    pattern: '^(\d+m|\d+(\.\d{1,3})?)$|^$'
                   default_memory_limit:
                     type: string
-                    pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$'
+                    pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$|^$'
                   default_memory_request:
                     type: string
-                    pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$'
+                    pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$|^$'
                   max_cpu_request:
                     type: string
-                    pattern: '^(\d+m|\d+(\.\d{1,3})?)$'
+                    pattern: '^(\d+m|\d+(\.\d{1,3})?)$|^$'
                   max_memory_request:
                     type: string
-                    pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$'
+                    pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$|^$'
                   min_cpu_limit:
                     type: string
-                    pattern: '^(\d+m|\d+(\.\d{1,3})?)$'
+                    pattern: '^(\d+m|\d+(\.\d{1,3})?)$|^$'
                   min_memory_limit:
                     type: string
-                    pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$'
+                    pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$|^$'
               timeouts:
                 type: object
                 properties:

charts/postgres-operator/crds/postgresqls.yaml

@@ -375,11 +375,11 @@ spec:
                   version:
                     type: string
                     enum:
-                      - "12"
                       - "13"
                       - "14"
                       - "15"
                       - "16"
+                      - "17"
                   parameters:
                     type: object
                     additionalProperties:
@@ -514,6 +514,9 @@ spec:
                       type: string
                     batchSize:
                       type: integer
+                    cpu:
+                      type: string
+                      pattern: '^(\d+m|\d+(\.\d{1,3})?)$'
                     database:
                       type: string
                     enableRecovery:
@@ -522,6 +525,9 @@ spec:
                       type: object
                       additionalProperties:
                         type: string
+                    memory:
+                      type: string
+                      pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$'
                     tables:
                       type: object
                       additionalProperties:
@@ -533,6 +539,8 @@ spec:
                             type: string
                           idColumn:
                             type: string
+                          ignoreRecovery:
+                            type: boolean
                           payloadColumn:
                             type: string
                           recoveryEventType:

charts/postgres-operator/templates/clusterrole.yaml

@@ -140,8 +140,8 @@ rules:
   - delete
   - get
   - list
-{{- if toString .Values.configKubernetes.storage_resize_mode | eq "pvc" }}
   - patch
+{{- if or (toString .Values.configKubernetes.storage_resize_mode | eq "pvc") (toString .Values.configKubernetes.storage_resize_mode | eq "mixed") }}
   - update
 {{- end }}
  # to read existing PVs. Creation should be done via dynamic provisioning

charts/postgres-operator/templates/deployment.yaml

@@ -54,7 +54,7 @@ spec:
           value: {{ template "postgres-operator.controllerID" . }}
       {{- end }}
       {{- if .Values.extraEnvs }}
-      {{- .Values.extraEnvs | toYaml | nindent 12 }}
+{{ toYaml .Values.extraEnvs | indent 8 }}
       {{- end }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}

charts/postgres-operator/values.yaml

@@ -38,7 +38,7 @@ configGeneral:
   # etcd connection string for Patroni. Empty uses K8s-native DCS.
   etcd_host: ""
   # Spilo docker image
-  docker_image: ghcr.io/zalando/spilo-16:3.3-p1
+  docker_image: ghcr.io/zalando/spilo-17:4.0-p2
 
   # key name for annotation to ignore globally configured instance limits
   # ignore_instance_limits_annotation_key: ""
@@ -89,9 +89,9 @@ configMajorVersionUpgrade:
   # - acid
 
   # minimal Postgres major version that will not automatically be upgraded
-  minimal_major_version: "12"
+  minimal_major_version: "13"
   # target Postgres major version when upgrading clusters automatically
-  target_major_version: "16"
+  target_major_version: "17"
 
 configKubernetes:
   # list of additional capabilities for postgres container

cmd/main.go

@@ -35,6 +35,8 @@ func init() {
 	flag.BoolVar(&outOfCluster, "outofcluster", false, "Whether the operator runs in- our outside of the Kubernetes cluster.")
 	flag.BoolVar(&config.NoDatabaseAccess, "nodatabaseaccess", false, "Disable all access to the database from the operator side.")
 	flag.BoolVar(&config.NoTeamsAPI, "noteamsapi", false, "Disable all access to the teams API")
+	flag.IntVar(&config.KubeQPS, "kubeqps", 10, "Kubernetes api requests per second.")
+	flag.IntVar(&config.KubeBurst, "kubeburst", 20, "Kubernetes api requests burst limit.")
 	flag.Parse()
 
 	config.EnableJsonLogging = os.Getenv("ENABLE_JSON_LOGGING") == "true"
@@ -83,6 +85,9 @@ func main() {
 		log.Fatalf("couldn't get REST config: %v", err)
 	}
 
+	config.RestConfig.QPS = float32(config.KubeQPS)
+	config.RestConfig.Burst = config.KubeBurst
+
 	c := controller.NewController(&config, "")
 
 	c.Run(stop, wg)

docker/DebugDockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.22-alpine
+FROM golang:1.23-alpine
 LABEL maintainer="Team ACID @ Zalando <[email protected]>"
 
 # We need root certificates to deal with teams api over https

docker/Dockerfile

@@ -1,5 +1,5 @@
 ARG BASE_IMAGE=registry.opensource.zalan.do/library/alpine-3:latest
-FROM golang:1.22-alpine AS builder
+FROM golang:1.23-alpine AS builder
 ARG VERSION=latest
 
 COPY  . /go/src/github.com/zalando/postgres-operator

docker/build_operator.sh

@@ -13,7 +13,7 @@ apt-get install -y wget
 
 (
     cd /tmp
-    wget -q "https://storage.googleapis.com/golang/go1.22.5.linux-${arch}.tar.gz" -O go.tar.gz
+    wget -q "https://storage.googleapis.com/golang/go1.23.4.linux-${arch}.tar.gz" -O go.tar.gz
     tar -xf go.tar.gz
     mv go /usr/local
     ln -s /usr/local/go/bin/go /usr/bin/go

docs/administrator.md

@@ -63,14 +63,17 @@ the `PGVERSION` environment variable is set for the database pods. Since
 `v1.6.0` the related option `enable_pgversion_env_var` is enabled by default.
 
 In-place major version upgrades can be configured to be executed by the
-operator with the `major_version_upgrade_mode` option. By default it is set
-to `off` which means the cluster version will not change when increased in
-the manifest. Still, a rolling update would be triggered updating the
-`PGVERSION` variable. But Spilo's [`configure_spilo`](https://github.com/zalando/spilo/blob/master/postgres-appliance/scripts/configure_spilo.py)
-script will notice the version mismatch and start the old version again.
-
-In this scenario the major version could then be run by a user from within the
-primary pod. Exec into the container and run:
+operator with the `major_version_upgrade_mode` option. By default, it is
+enabled (mode: `manual`). In any case, altering the version in the manifest
+will trigger a rolling update of pods to update the `PGVERSION` env variable.
+Spilo's [`configure_spilo`](https://github.com/zalando/spilo/blob/master/postgres-appliance/scripts/configure_spilo.py)
+script will notice the version mismatch but start the current version again.
+
+Next, the operator would call an updage script inside Spilo. When automatic
+upgrades are disabled (mode: `off`) the upgrade could still be run by a user
+from within the primary pod. This gives you full control about the point in
+time when the upgrade can be started (check also maintenance windows below).
+Exec into the container and run:
 ```bash
 python3 /scripts/inplace_upgrade.py N
 ```
@@ -79,17 +82,32 @@ The upgrade is usually fast, well under one minute for most DBs. Note, that
 changes become irrevertible once `pg_upgrade` is called. To understand the
 upgrade procedure, refer to the [corresponding PR in Spilo](https://github.com/zalando/spilo/pull/488).
 
-When `major_version_upgrade_mode` is set to `manual` the operator will run
-the upgrade script for you after the manifest is updated and pods are rotated.
-It is also possible to define `maintenanceWindows` in the Postgres manifest to
-better control when such automated upgrades should take place after increasing
-the version.
+When `major_version_upgrade_mode` is set to `full` the operator will compare
+the version in the manifest with the configured `minimal_major_version`. If it
+is lower the operator would start an automatic upgrade as described above. The
+configured `major_target_version` will be used as the new version. This option
+can be useful if you have to get rid of outdated major versions in your fleet.
+Please note, that the operator does not patch the version in the manifest.
+Thus, the `full` mode can create drift between desired and actual state.
+
+### Upgrade during maintenance windows
+
+When `maintenanceWindows` are defined in the Postgres manifest the operator
+will trigger a major version upgrade only during these periods. Make sure they
+are at least twice as long as your configured `resync_period` to guarantee
+that operator actions can be triggered.
 
 ### Upgrade annotations
 
-When an upgrade is executed, the operator sets an annotation in the PostgreSQL resource, either `last-major-upgrade-success` if the upgrade succeeds, or `last-major-upgrade-failure` if it fails. The value of the annotation is a timestamp indicating when the upgrade occurred.
+When an upgrade is executed, the operator sets an annotation in the PostgreSQL
+resource, either `last-major-upgrade-success` if the upgrade succeeds, or
+`last-major-upgrade-failure` if it fails. The value of the annotation is a
+timestamp indicating when the upgrade occurred.
 
-If a PostgreSQL resource contains a failure annotation, the operator will not attempt to retry the upgrade during a sync event. To remove the failure annotation, you can revert the PostgreSQL version back to the current version. This action will trigger the removal of the failure annotation.
+If a PostgreSQL resource contains a failure annotation, the operator will not
+attempt to retry the upgrade during a sync event. To remove the failure
+annotation, you can revert the PostgreSQL version back to the current version.
+This action will trigger the removal of the failure annotation.
 
 ## Non-default cluster domain
 
@@ -1279,7 +1297,7 @@ aws_or_gcp:
 
 If cluster members have to be (re)initialized restoring physical backups
 happens automatically either from the backup location or by running
-[pg_basebackup](https://www.postgresql.org/docs/16/app-pgbasebackup.html)
+[pg_basebackup](https://www.postgresql.org/docs/17/app-pgbasebackup.html)
 on one of the other running instances (preferably replicas if they do not lag
 behind). You can test restoring backups by [cloning](user.md#how-to-clone-an-existing-postgresql-cluster)
 clusters.
@@ -1387,6 +1405,10 @@ configuration:
     volumeMounts:
     - mountPath: /custom-pgdata-mountpoint
       name: pgdata
+    env:
+      - name: "ENV_VAR_NAME"
+        value: "any-k8s-env-things"
+    command: ['sh', '-c', 'echo "logging" > /opt/logs.txt']
   - ...
 ```