From 98ee74207a6e3ae8fa19eb0dc0cf3636fa81105a Mon Sep 17 00:00:00 2001 From: Alex Arica Date: Thu, 21 Mar 2024 13:56:53 +0000 Subject: [PATCH] Preparing release 1.18 --- README.md | 12 +- api/v1/zz_generated.deepcopy.go | 5 + .../kubegres.reactive-tech.io_kubegres.yaml | 367 +++--------------- .../custom-namespace/kubegres.yaml | 2 +- .../default-namespace/kubegres.yaml | 5 +- config/manager/kustomization.yaml | 2 +- internal/test/custom_namespace_test.go | 2 +- internal/test/data_is_replicated_test.go | 2 +- .../postgres_conf_wal_level_logical_test.go | 2 +- .../test/primary_failure_and_recovery_test.go | 2 +- .../test/replica_failure_and_recovery_test.go | 2 +- internal/test/resourceConfigs/kubegres.yaml | 2 +- internal/test/spec_affinity_test.go | 2 +- .../spec_containerSecurityContext_test.go | 2 + internal/test/spec_customConfig_test.go | 2 +- .../spec_databaseStorageClassName_test.go | 2 +- .../test/spec_failover_is_disabled_test.go | 2 +- internal/test/spec_image_test.go | 18 +- internal/test/spec_livenessProbe_test.go | 2 +- .../test/spec_pod_manually_promoted_test.go | 2 +- internal/test/spec_port_test.go | 2 +- internal/test/spec_securityContext_test.go | 2 +- internal/test/spec_serviceAccountName_test.go | 2 + internal/test/spec_tolerations_test.go | 2 +- kubegres.yaml | 164 +++++++- 25 files changed, 261 insertions(+), 348 deletions(-) diff --git a/README.md b/README.md index e2d0074..9354dd1 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,13 @@ Among many reasons, there are [5 main ones why we recommend Kubegres](https://ww If you would like to install Kubegres, please read the page [Getting started](http://www.kubegres.io/doc/getting-started.html). +**Sponsor** + +Kubegres is sponsored by [Etikbee](https://www.etikbee.com) +which is using Kubegres in production with over 25 microservices each using a cluster of Postgres. +Etikbee is a UK based marketplace which promotes reuse by allowing merchants +to list their products for rent, for sale and advertise services such as product repair. + **Contribute** If you would like to contribute to Kubegres, please read the page [How to contribute](http://www.kubegres.io/contribute/). @@ -53,11 +60,6 @@ new features requested by organisations paying supports as long the new features We start working on the implementation of new features within 24h of the request from organisations paying supports. More details in the [support page](https://www.kubegres.io/support/). -**Sponsor** - -If you would like to help this project by sponsoring it, we can display your company's logo on this GitHub page -and on [https://www.kubegres.io](https://www.kubegres.io). More details in the [sponsor page](https://www.kubegres.io/sponsor/). - **Interesting links** * A webinar about Kubegres was hosted by PostgresConf on 25 May 2021. [Watch the recorded video.](https://postgresconf.org/conferences/2021_Postgres_Conference_Webinars/program/proposals/creating-a-resilient-postgresql-cluster-with-kubegres) * The availability of Kubegres was published on [PostgreSql's official website](https://www.postgresql.org/about/news/kubegres-is-available-as-open-source-2197/). diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index c31dad1..105ca9d 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -209,6 +209,11 @@ func (in *KubegresSpec) DeepCopyInto(out *KubegresSpec) { *out = new(corev1.PodSecurityContext) (*in).DeepCopyInto(*out) } + if in.ContainerSecurityContext != nil { + in, out := &in.ContainerSecurityContext, &out.ContainerSecurityContext + *out = new(corev1.SecurityContext) + (*in).DeepCopyInto(*out) + } in.Probe.DeepCopyInto(&out.Probe) } diff --git a/config/crd/bases/kubegres.reactive-tech.io_kubegres.yaml b/config/crd/bases/kubegres.reactive-tech.io_kubegres.yaml index 2fd85cc..f9db597 100644 --- a/config/crd/bases/kubegres.reactive-tech.io_kubegres.yaml +++ b/config/crd/bases/kubegres.reactive-tech.io_kubegres.yaml @@ -949,8 +949,7 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + in this case pods. properties: matchExpressions: description: matchExpressions is a list @@ -1001,48 +1000,6 @@ spec: type: object type: object x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1156,8 +1113,7 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + in this case pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -1207,44 +1163,6 @@ spec: type: object type: object x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1355,8 +1273,7 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + in this case pods. properties: matchExpressions: description: matchExpressions is a list @@ -1407,48 +1324,6 @@ spec: type: object type: object x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1562,8 +1437,7 @@ spec: properties: labelSelector: description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. + in this case pods. properties: matchExpressions: description: matchExpressions is a list of label @@ -1613,44 +1487,6 @@ spec: type: object type: object x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2062,6 +1898,30 @@ spec: must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2139,27 +1999,6 @@ spec: description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may be used - to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update - the volume with the attributes defined in the corresponding - VolumeAttributesClass. This has a different purpose - than storageClassName, it can be changed after the - claim is created. An empty string value means that - no VolumeAttributesClass will be applied to the claim - but it''s not allowed to reset this field to empty - string once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass will - be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied @@ -2790,6 +2629,32 @@ spec: capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2875,29 +2740,6 @@ spec: the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may - be used to set the VolumeAttributesClass used - by this claim. If specified, the CSI driver - will create or update the volume with the - attributes defined in the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, - it can be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s not - allowed to reset this field to empty string - once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to - by volumeAttributesClass does not exist, this - PersistentVolumeClaim will be set to a Pending - state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string volumeMode: description: volumeMode defines what type of volume is required by the claim. Value of @@ -3286,107 +3128,6 @@ spec: description: Projection that may be projected along with other supported volume types properties: - clusterTrustBundle: - description: "ClusterTrustBundle allows a pod - to access the `.spec.trustBundle` field of ClusterTrustBundle - objects in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection feature - gate. \n ClusterTrustBundle objects can either - be selected by name, or by the combination of - signer name and a label selector. \n Kubelet - performs aggressive normalization of the PEM - contents written into the pod filesystem. Esoteric - PEM features such as inter-block comments and - block headers are stripped. Certificates are - deduplicated. The ordering of certificates within - the file is arbitrary, and Kubelet may change - the order over time." - properties: - labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only has - effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted as "match - nothing". If set but empty, interpreted - as "match everything". - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive with - signerName and labelSelector. - type: string - optional: - description: If true, don't block pod startup - if the referenced ClusterTrustBundle(s) - aren't available. If using name, then the - named ClusterTrustBundle is allowed not - to exist. If using signerName, then the - combination of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. - type: boolean - path: - description: Relative path from the volume - root to write the bundle. - type: string - signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all selected - ClusterTrustBundles will be unified and - deduplicated. - type: string - required: - - path - type: object configMap: description: configMap information about the configMap data to project diff --git a/config/localresource/custom-namespace/kubegres.yaml b/config/localresource/custom-namespace/kubegres.yaml index 9f09770..1ef7c14 100644 --- a/config/localresource/custom-namespace/kubegres.yaml +++ b/config/localresource/custom-namespace/kubegres.yaml @@ -6,7 +6,7 @@ metadata: spec: replicas: 3 - image: postgres:16.1 + image: postgres:16.2 port: 5432 #imagePullSecrets: diff --git a/config/localresource/default-namespace/kubegres.yaml b/config/localresource/default-namespace/kubegres.yaml index 8ba1b44..2c6391c 100644 --- a/config/localresource/default-namespace/kubegres.yaml +++ b/config/localresource/default-namespace/kubegres.yaml @@ -6,7 +6,7 @@ metadata: spec: replicas: 3 - image: postgres:16.1 + image: postgres:16.2 #port: 5432 database: @@ -100,8 +100,7 @@ spec: # sizeLimit: "600Mi" # # volumeClaimTemplates: - # - metadata: - # name: anyMount + # - name: anyMount # spec: # accessModes: [ "ReadWriteOnce" ] # storageClassName: standard diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index d1308e4..eeed7c3 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -5,4 +5,4 @@ kind: Kustomization images: - name: controller newName: reactivetechio/kubegres - newTag: "1.17" + newTag: "1.18" diff --git a/internal/test/custom_namespace_test.go b/internal/test/custom_namespace_test.go index dea66a9..6698be8 100644 --- a/internal/test/custom_namespace_test.go +++ b/internal/test/custom_namespace_test.go @@ -40,7 +40,7 @@ var _ = Describe("Creating Kubegres with a custom namespace", func() { var test = CustomNamespaceTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := customNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/data_is_replicated_test.go b/internal/test/data_is_replicated_test.go index 4bbb121..ed1afa6 100644 --- a/internal/test/data_is_replicated_test.go +++ b/internal/test/data_is_replicated_test.go @@ -37,7 +37,7 @@ var _ = Describe("Checking changes in Primary DB is replicated in Replica DBs", var test = DataIsReplicatedTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/postgres_conf_wal_level_logical_test.go b/internal/test/postgres_conf_wal_level_logical_test.go index f0d10ab..20f2387 100644 --- a/internal/test/postgres_conf_wal_level_logical_test.go +++ b/internal/test/postgres_conf_wal_level_logical_test.go @@ -37,7 +37,7 @@ var _ = Describe("We set the wal-level to 'logical' and simulate when Primary in var test = PostgresConfWalLevelLogicalTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/primary_failure_and_recovery_test.go b/internal/test/primary_failure_and_recovery_test.go index 42706b7..e72a242 100644 --- a/internal/test/primary_failure_and_recovery_test.go +++ b/internal/test/primary_failure_and_recovery_test.go @@ -37,7 +37,7 @@ var _ = Describe("Primary instances is not available, checking recovery works", var test = PrimaryFailureAndRecoveryTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/replica_failure_and_recovery_test.go b/internal/test/replica_failure_and_recovery_test.go index bab089e..940131e 100644 --- a/internal/test/replica_failure_and_recovery_test.go +++ b/internal/test/replica_failure_and_recovery_test.go @@ -37,7 +37,7 @@ var _ = Describe("Replica instances are not available, checking recovery works", var test = ReplicaFailureAndRecoveryTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/resourceConfigs/kubegres.yaml b/internal/test/resourceConfigs/kubegres.yaml index 01f75ed..e3add62 100644 --- a/internal/test/resourceConfigs/kubegres.yaml +++ b/internal/test/resourceConfigs/kubegres.yaml @@ -8,7 +8,7 @@ metadata: spec: replicas: 3 - image: postgres:16.1 + image: postgres:16.2 port: 5432 database: diff --git a/internal/test/spec_affinity_test.go b/internal/test/spec_affinity_test.go index 047ba00..30b2697 100644 --- a/internal/test/spec_affinity_test.go +++ b/internal/test/spec_affinity_test.go @@ -40,7 +40,7 @@ var _ = Describe("Setting Kubegres spec 'scheduler.affinity'", func() { var test = SpecAffinityTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/spec_containerSecurityContext_test.go b/internal/test/spec_containerSecurityContext_test.go index bfa98ff..7327ffc 100644 --- a/internal/test/spec_containerSecurityContext_test.go +++ b/internal/test/spec_containerSecurityContext_test.go @@ -21,6 +21,8 @@ import ( var _ = Describe("Setting Kubegres spec 'containerSecurityContext'", func() { var test = SpeccontainerSecurityContextTest{} BeforeEach(func() { + //Skip("Temporarily skipping test") + namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) test.resourceCreator = util2.CreateTestResourceCreator(k8sClientTest, test.resourceRetriever, namespace) diff --git a/internal/test/spec_customConfig_test.go b/internal/test/spec_customConfig_test.go index 4fccf88..f45ba23 100644 --- a/internal/test/spec_customConfig_test.go +++ b/internal/test/spec_customConfig_test.go @@ -41,7 +41,7 @@ var _ = Describe("Setting Kubegres specs 'customConfig'", func() { var test = SpecCustomConfigTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/spec_databaseStorageClassName_test.go b/internal/test/spec_databaseStorageClassName_test.go index 395c65e..ee2c702 100644 --- a/internal/test/spec_databaseStorageClassName_test.go +++ b/internal/test/spec_databaseStorageClassName_test.go @@ -38,7 +38,7 @@ var _ = Describe("Setting Kubegres specs 'database.storageClassName'", func() { var test = SpecDatabaseStorageClassTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/spec_failover_is_disabled_test.go b/internal/test/spec_failover_is_disabled_test.go index 80f774a..b74eddd 100644 --- a/internal/test/spec_failover_is_disabled_test.go +++ b/internal/test/spec_failover_is_disabled_test.go @@ -37,7 +37,7 @@ var _ = Describe("Primary instances is not available, when failover is disabled var test = SpecFailoverIsDisabledTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/spec_image_test.go b/internal/test/spec_image_test.go index 9fef10c..094719c 100644 --- a/internal/test/spec_image_test.go +++ b/internal/test/spec_image_test.go @@ -38,7 +38,7 @@ var _ = Describe("Setting Kubegres spec 'image'", func() { var test = SpecImageTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) @@ -70,9 +70,9 @@ var _ = Describe("Setting Kubegres spec 'image'", func() { }) }) - Context("GIVEN new Kubegres is created with spec 'image' set to 'postgres:16.0' and spec 'replica' set to 3 and later 'image' is updated to 'postgres:16.1'", func() { + Context("GIVEN new Kubegres is created with spec 'image' set to 'postgres:16.0' and spec 'replica' set to 3 and later 'image' is updated to 'postgres:16.2'", func() { - It("GIVEN new Kubegres is created with spec 'image' set to 'postgres:16.0' and spec 'replica' set to 3 THEN 1 primary and 2 replica should be created with spec 'image' set to 'postgres:16.1'", func() { + It("GIVEN new Kubegres is created with spec 'image' set to 'postgres:16.0' and spec 'replica' set to 3 THEN 1 primary and 2 replica should be created with spec 'image' set to 'postgres:16.2'", func() { log.Print("START OF: Test 'GIVEN new Kubegres is created with spec 'image' set to 'postgres:16.0' and spec 'replica' set to 3") @@ -92,22 +92,22 @@ var _ = Describe("Setting Kubegres spec 'image'", func() { log.Print("END OF: Test 'GIVEN new Kubegres is created with spec 'image' set to 'postgres:16.0' and spec 'replica' set to 3'") }) - It("GIVEN existing Kubegres is updated with spec 'image' set from 'postgres:16.0' to 'postgres:16.1' THEN 1 primary and 2 replica should be re-deployed with spec 'image' set to 'postgres:16.1'", func() { + It("GIVEN existing Kubegres is updated with spec 'image' set from 'postgres:16.0' to 'postgres:16.2' THEN 1 primary and 2 replica should be re-deployed with spec 'image' set to 'postgres:16.2'", func() { - log.Print("START OF: Test 'GIVEN existing Kubegres is updated with spec 'image' set from 'postgres:16.0' to 'postgres:16.1'") + log.Print("START OF: Test 'GIVEN existing Kubegres is updated with spec 'image' set from 'postgres:16.0' to 'postgres:16.2'") - test.givenExistingKubegresSpecIsSetTo("postgres:16.1") + test.givenExistingKubegresSpecIsSetTo("postgres:16.2") test.whenKubernetesIsUpdated() - test.thenPodsStatesShouldBe("postgres:16.1", 1, 2) + test.thenPodsStatesShouldBe("postgres:16.2", 1, 2) - test.thenDeployedKubegresSpecShouldBeSetTo("postgres:16.1") + test.thenDeployedKubegresSpecShouldBeSetTo("postgres:16.2") test.dbQueryTestCases.ThenWeCanSqlQueryPrimaryDb() test.dbQueryTestCases.ThenWeCanSqlQueryReplicaDb() - log.Print("END OF: Test 'GIVEN existing Kubegres is updated with spec 'image' set from 'postgres:16.0' to 'postgres:16.1'") + log.Print("END OF: Test 'GIVEN existing Kubegres is updated with spec 'image' set from 'postgres:16.0' to 'postgres:16.2'") }) }) diff --git a/internal/test/spec_livenessProbe_test.go b/internal/test/spec_livenessProbe_test.go index a793a3c..830acae 100644 --- a/internal/test/spec_livenessProbe_test.go +++ b/internal/test/spec_livenessProbe_test.go @@ -40,7 +40,7 @@ var _ = Describe("Setting Kubegres spec 'livenessProbe'", func() { var test = SpecLivenessProbeTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/spec_pod_manually_promoted_test.go b/internal/test/spec_pod_manually_promoted_test.go index 7e60883..4c88704 100644 --- a/internal/test/spec_pod_manually_promoted_test.go +++ b/internal/test/spec_pod_manually_promoted_test.go @@ -38,7 +38,7 @@ var _ = Describe("Primary instances is not available, when the promotion of a Po var test = SpecFailoverIsDisabledAndPromotePodAreSetTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/spec_port_test.go b/internal/test/spec_port_test.go index 8f98e46..79dffda 100644 --- a/internal/test/spec_port_test.go +++ b/internal/test/spec_port_test.go @@ -40,7 +40,7 @@ var _ = Describe("Setting Kubegres spec 'port'", func() { var test = SpecPortTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/spec_securityContext_test.go b/internal/test/spec_securityContext_test.go index a859bc8..6a69ef2 100644 --- a/internal/test/spec_securityContext_test.go +++ b/internal/test/spec_securityContext_test.go @@ -42,7 +42,7 @@ var _ = Describe("Setting Kubegres spec 'securityContext'", func() { var test = SpecsecurityContextTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/internal/test/spec_serviceAccountName_test.go b/internal/test/spec_serviceAccountName_test.go index 17c70c2..460979d 100644 --- a/internal/test/spec_serviceAccountName_test.go +++ b/internal/test/spec_serviceAccountName_test.go @@ -39,6 +39,8 @@ var _ = Describe("Setting Kubegres spec 'serviceAccountName'", func() { var test = SpecServiceAccountNameTest{} BeforeEach(func() { + //Skip("Temporarily skipping test") + namespace := resourceConfigs.DefaultNamespace test.resourceRetriever = util.CreateTestResourceRetriever(k8sClientTest, namespace) test.resourceCreator = util.CreateTestResourceCreator(k8sClientTest, test.resourceRetriever, namespace) diff --git a/internal/test/spec_tolerations_test.go b/internal/test/spec_tolerations_test.go index 4b67ec4..8f2f25d 100644 --- a/internal/test/spec_tolerations_test.go +++ b/internal/test/spec_tolerations_test.go @@ -38,7 +38,7 @@ var _ = Describe("Setting Kubegres spec 'scheduler.tolerations'", func() { var test = SpecTolerationsTest{} BeforeEach(func() { - Skip("Temporarily skipping test") + //Skip("Temporarily skipping test") namespace := resourceConfigs2.DefaultNamespace test.resourceRetriever = util2.CreateTestResourceRetriever(k8sClientTest, namespace) diff --git a/kubegres.yaml b/kubegres.yaml index 38c4e33..1f0f7c7 100644 --- a/kubegres.yaml +++ b/kubegres.yaml @@ -54,6 +54,166 @@ spec: volumeMount: type: string type: object + containerSecurityContext: + description: SecurityContext holds security configuration that will + be applied to a container. Some fields are present in both SecurityContext + and PodSecurityContext. When both are set, the values in SecurityContext + take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more privileges than its parent process. This bool + directly controls if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation is true always when + the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container + runtime. Note that this field cannot be set when spec.os.name + is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. Defaults + to false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for + the containers. The default is DefaultProcMount which uses the + container runtime defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. If + seccomp options are provided at both the pod & container level, + the container options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". Must NOT be + set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will + be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object customConfig: type: string database: @@ -1631,6 +1791,8 @@ spec: type: string type: object type: object + serviceAccountName: + type: string volume: properties: volumeClaimTemplates: @@ -3951,7 +4113,7 @@ spec: - --leader-elect command: - /manager - image: reactivetechio/kubegres:1.17 + image: reactivetechio/kubegres:1.18 livenessProbe: httpGet: path: /healthz