cloudnative-pg
cloudnative-pg copied to clipboard
cloudnative-pg
[Feature]: Labels inherited from pooler to the pods
Is there an existing issue already for this bug?
- [X] I have searched for an existing issue, and could not find anything. I believe this is a new bug.
I have read the troubleshooting guide
- [X] I have read the troubleshooting guide and I think this is a new bug.
I am running a supported version of CloudNativePG
- [X] I have read the troubleshooting guide and I think this is a new bug.
Contact Details
Version
1.23.2
What version of Kubernetes are you using?
1.28
What is your Kubernetes environment?
Cloud: Other
How did you install the operator?
YAML manifest
What happened?
When deploying Pooler components using the cluster helm template, the INHERITED_LABELS from the operator is never deployed to the following components of the pooler:
- Pooler
- Deployment
- Pods
We are using the following Operator deployment:
replicaCount: 3
crds:
create: true
podLabels:
vks.local/tenant: "o11y"
vks.local/finance-id: "CF_UID_0012"
config:
data:
INHERITED_LABELS: environment, workload, app, vks.local/tenant, vks.local/finance-id
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
monitoring:
podMonitorEnabled: true
grafanaDashboard:
create: false
namespace: "insights-ui"
Cluster resource
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"postgresql.cnpg.io/v1","kind":"Cluster","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"insights-ui","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"cnpg-postgresql-cluster","app.kubernetes.io/part-of":"cloudnative-pg","argocd.argoproj.io/instance":"o11y-azweu-stg-insights-ui","helm.sh/chart":"cluster-0.0.9","vks.local/finance-id":"CF_UID_0012","vks.local/tenant":"o11y"},"name":"cnpg-postgresql-cluster","namespace":"insights-ui"},"spec":{"affinity":{"topologyKey":"topology.kubernetes.io/zone"},"bootstrap":{"initdb":{"database":"grafana","owner":"grafana","postInitApplicationSQL":null,"secret":{"name":"insights-ui-cnpg-app-credentials-grafana"}}},"enableSuperuserAccess":true,"imageName":"ghcr.io/cloudnative-pg/postgresql:15.2","imagePullPolicy":"IfNotPresent","instances":3,"logLevel":"info","managed":null,"monitoring":{"enablePodMonitor":true},"postgresGID":26,"postgresUID":26,"postgresql":{"shared_preload_libraries":null},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":null,"resources":{"limits":{"memory":"4Gi"},"requests":{"cpu":"600m","memory":"4Gi"}},"storage":{"size":"5Gi","storageClass":"managed-csi-premium"},"superuserSecret":{"name":"insights-ui-cnpg-superuser"}}}
creationTimestamp: "2024-08-19T07:06:44Z"
generation: 1
labels:
app.kubernetes.io/instance: insights-ui
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cnpg-postgresql-cluster
app.kubernetes.io/part-of: cloudnative-pg
argocd.argoproj.io/instance: o11y-azweu-stg-insights-ui
helm.sh/chart: cluster-0.0.9
vks.local/finance-id: CF_UID_0012
vks.local/tenant: o11y
name: cnpg-postgresql-cluster
namespace: insights-ui
resourceVersion: "479713565"
uid: e62d306c-e5be-42ea-b484-2c34d4758657
spec:
affinity:
podAntiAffinityType: preferred
topologyKey: topology.kubernetes.io/zone
bootstrap:
initdb:
database: grafana
encoding: UTF8
localeCType: C
localeCollate: C
owner: grafana
secret:
name: insights-ui-cnpg-app-credentials-grafana
enablePDB: true
enableSuperuserAccess: true
failoverDelay: 0
imageName: ghcr.io/cloudnative-pg/postgresql:15.2
imagePullPolicy: IfNotPresent
instances: 3
logLevel: info
maxSyncReplicas: 0
minSyncReplicas: 0
monitoring:
customQueriesConfigMap:
- key: queries
name: cnpg-default-monitoring
disableDefaultQueries: false
enablePodMonitor: true
postgresGID: 26
postgresUID: 26
postgresql:
parameters:
archive_mode: "on"
archive_timeout: 5min
dynamic_shared_memory_type: posix
log_destination: csvlog
log_directory: /controller/log
log_filename: postgres
log_rotation_age: "0"
log_rotation_size: "0"
log_truncate_on_rotation: "false"
logging_collector: "on"
max_parallel_workers: "32"
max_replication_slots: "32"
max_worker_processes: "32"
shared_memory_type: mmap
shared_preload_libraries: ""
ssl_max_protocol_version: TLSv1.3
ssl_min_protocol_version: TLSv1.3
wal_keep_size: 512MB
wal_level: logical
wal_log_hints: "on"
wal_receiver_timeout: 5s
wal_sender_timeout: 5s
syncReplicaElectionConstraint:
enabled: false
primaryUpdateMethod: switchover
primaryUpdateStrategy: unsupervised
replicationSlots:
highAvailability:
enabled: true
slotPrefix: _cnpg_
synchronizeReplicas:
enabled: true
updateInterval: 30
resources:
limits:
memory: 4Gi
requests:
cpu: 600m
memory: 4Gi
smartShutdownTimeout: 180
startDelay: 3600
stopDelay: 1800
storage:
resizeInUseVolumes: true
size: 5Gi
storageClass: managed-csi-premium
superuserSecret:
name: insights-ui-cnpg-superuser
switchoverDelay: 3600
status:
availableArchitectures:
- goArch: amd64
hash: 144e71b00bdcfc5edafa10055fb0cc4a6efa9f467a8e66826d5e7bb2b254b706
- goArch: arm64
hash: 0027f50a9d35e24040cfc2f27cea04cbdf4375c226ac7b42764b5bb91f9beca4
certificates:
clientCASecret: cnpg-postgresql-cluster-ca
expirations:
cnpg-postgresql-cluster-ca: 2024-11-17 07:01:44 +0000 UTC
cnpg-postgresql-cluster-replication: 2024-11-17 07:01:44 +0000 UTC
cnpg-postgresql-cluster-server: 2024-11-17 07:01:44 +0000 UTC
replicationTLSSecret: cnpg-postgresql-cluster-replication
serverAltDNSNames:
- cnpg-postgresql-cluster-rw
- cnpg-postgresql-cluster-rw.insights-ui
- cnpg-postgresql-cluster-rw.insights-ui.svc
- cnpg-postgresql-cluster-r
- cnpg-postgresql-cluster-r.insights-ui
- cnpg-postgresql-cluster-r.insights-ui.svc
- cnpg-postgresql-cluster-ro
- cnpg-postgresql-cluster-ro.insights-ui
- cnpg-postgresql-cluster-ro.insights-ui.svc
serverCASecret: cnpg-postgresql-cluster-ca
serverTLSSecret: cnpg-postgresql-cluster-server
cloudNativePGCommitHash: 2b489ad6
cloudNativePGOperatorHash: 144e71b00bdcfc5edafa10055fb0cc4a6efa9f467a8e66826d5e7bb2b254b706
conditions:
- lastTransitionTime: "2024-08-19T07:26:36Z"
message: Cluster is Ready
reason: ClusterIsReady
status: "True"
type: Ready
- lastTransitionTime: "2024-08-19T07:10:43Z"
message: Continuous archiving is working
reason: ContinuousArchivingSuccess
status: "True"
type: ContinuousArchiving
configMapResourceVersion:
metrics:
cnpg-default-monitoring: "479605130"
currentPrimary: cnpg-postgresql-cluster-1
currentPrimaryTimestamp: "2024-08-19T07:10:43.374717Z"
healthyPVC:
- cnpg-postgresql-cluster-1
- cnpg-postgresql-cluster-2
- cnpg-postgresql-cluster-3
image: ghcr.io/cloudnative-pg/postgresql:15.2
instanceNames:
- cnpg-postgresql-cluster-1
- cnpg-postgresql-cluster-2
- cnpg-postgresql-cluster-3
instances: 3
instancesReportedState:
cnpg-postgresql-cluster-1:
isPrimary: true
timeLineID: 1
cnpg-postgresql-cluster-2:
isPrimary: false
timeLineID: 1
cnpg-postgresql-cluster-3:
isPrimary: false
timeLineID: 1
instancesStatus:
healthy:
- cnpg-postgresql-cluster-1
- cnpg-postgresql-cluster-2
- cnpg-postgresql-cluster-3
latestGeneratedNode: 3
managedRolesStatus: {}
phase: Cluster in healthy state
poolerIntegrations:
pgBouncerIntegration:
secrets:
- cnpg-postgresql-cluster-pooler
pvcCount: 3
readService: cnpg-postgresql-cluster-r
readyInstances: 3
secretsResourceVersion:
applicationSecretVersion: "479713560"
clientCaSecretVersion: "479605102"
replicationSecretVersion: "479605104"
serverCaSecretVersion: "479605102"
serverSecretVersion: "479605103"
superuserSecretVersion: "479713561"
switchReplicaClusterStatus: {}
targetPrimary: cnpg-postgresql-cluster-1
targetPrimaryTimestamp: "2024-08-19T07:10:17.321994Z"
timelineID: 1
topology:
instances:
cnpg-postgresql-cluster-1: {}
cnpg-postgresql-cluster-2: {}
cnpg-postgresql-cluster-3: {}
nodesUsed: 3
successfullyExtracted: true
writeService: cnpg-postgresql-cluster-rw
The pooler resource:
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"postgresql.cnpg.io/v1","kind":"Pooler","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"o11y-azweu-stg-insights-ui"},"name":"cnpg-postgresql-cluster-pooler-rw","namespace":"insights-ui"},"spec":{"cluster":{"name":"cnpg-postgresql-cluster"},"instances":3,"monitoring":{"enablePodMonitor":true},"pgbouncer":{"parameters":{"default_pool_size":"25","max_client_conn":"1000"},"poolMode":"session"},"type":"rw"}}
creationTimestamp: "2024-08-19T09:02:16Z"
generation: 1
labels:
argocd.argoproj.io/instance: o11y-azweu-stg-insights-ui
name: cnpg-postgresql-cluster-pooler-rw
namespace: insights-ui
resourceVersion: "479714049"
uid: abfa604d-54e2-430a-a65d-e59af4b9ba11
spec:
cluster:
name: cnpg-postgresql-cluster
instances: 3
monitoring:
enablePodMonitor: true
pgbouncer:
parameters:
default_pool_size: "25"
max_client_conn: "1000"
paused: false
poolMode: session
type: rw
status:
instances: 3
secrets:
clientCA:
name: cnpg-postgresql-cluster-ca
version: "479605102"
pgBouncerSecrets:
authQuery:
name: cnpg-postgresql-cluster-pooler
version: "479605141"
serverCA:
name: cnpg-postgresql-cluster-ca
version: "479605102"
serverTLS:
name: cnpg-postgresql-cluster-server
version: "479605103"
Relevant log output
N/A
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
The expected behavior is the same as with the Cluster When configuring the INHERITED_LABELS: environment, workload, app, vks.local/tenant, vks.local/finance-id on the operator it should also add these to the pooler components:
- Pooler
- Deployment
- Pods
The Cluster components has the following labels attached to them:
kubectl get cluster cnpg-postgresql-cluster --show-labels
NAME AGE INSTANCES READY STATUS PRIMARY LABELS
cnpg-postgresql-cluster 24h 3 3 Cluster in healthy state cnpg-postgresql-cluster-1 app.kubernetes.io/instance=insights-ui,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=cnpg-postgresql-cluster,app.kubernetes.io/part-of=cloudnative-pg,argocd.argoproj.io/instance=o11y-azweu-stg-insights-ui,helm.sh/chart=cluster-0.0.9,vks.vestas.com/finance-id=CF_UID_0012,vks.vestas.com/tenant=o11y
kubectl get pods cnpg-postgresql-cluster-1 --show-labels
NAME READY STATUS RESTARTS AGE LABELS
cnpg-postgresql-cluster-1 1/1 Running 0 24h cnpg.io/cluster=cnpg-postgresql-cluster,cnpg.io/instanceName=cnpg-postgresql-cluster-1,cnpg.io/instanceRole=primary,cnpg.io/podRole=instance,role=primary,vks.vestas.com/finance-id=CF_UID_0012,vks.vestas.com/tenant=o11y
Currently none is deployed:
kubectl get pooler cnpg-postgresql-cluster-pooler-rw --show-labels
NAME AGE CLUSTER TYPE LABELS
cnpg-postgresql-cluster-pooler-rw 22h cnpg-postgresql-cluster rw argocd.argoproj.io/instance=o11y-azweu-stg-insights-ui
kubectl get deployment cnpg-postgresql-cluster-pooler-rw --show-labels
NAME READY UP-TO-DATE AVAILABLE AGE LABELS
cnpg-postgresql-cluster-pooler-rw 3/3 3 3 22h cnpg.io/cluster=cnpg-postgresql-cluster,cnpg.io/podRole=pooler,cnpg.io/poolerName=cnpg-postgresql-cluster-pooler-rw
kubectl get pods cnpg-postgresql-cluster-pooler-rw-655f6b9554-9wgz6 --show-labels
NAME READY STATUS RESTARTS AGE LABELS
cnpg-postgresql-cluster-pooler-rw-655f6b9554-9wgz6 1/1 Running 0 22h cnpg.io/cluster=cnpg-postgresql-cluster,cnpg.io/podRole=pooler,cnpg.io/poolerName=cnpg-postgresql-cluster-pooler-rw,pod-template-hash=655f6b9554
Both the Cluster object and Pooler Object are both deployed using the Helm Chart cluster-0.0.9
The Cluster component supports adding extra labels by configuring
additionalLabels:
vks.local/tenant: "o11y"
vks.local/finance-id: "CF_UID_0012"
Same kind of option should be available for the Pooler configuration in the Helm chart. For the Objects deployed by the operator for the pooler:
- Deployment
- Pods
The labels should be deployed via the INHERITED_LABELS option on the operator :)
Best regards Jan P. Madsen
Ok, so this is a feature request.
Just a clarification: the pooler object is not owned by the Cluster resource, so the Pooler should have its labels that, in the case of matching the INHERITED_LABELS of the operator, are replicated to the owned objects (deployment, replicaset, pods, and service). Is this what you would expect?
Same thing for annotations.
Yes that's all correct. And yes same thing for annotations. I have changed the headline to be Feature :)
Yes it should also match the behavior of .spec.inheritedMetadata
But currently that is not supported in the cluster-0.0.9 helm chart at the moment as I can see.
This is why we are using the INHERITED_LABELS from the operator for now.
Would this be possible to get implemented. We are currently a bit stucked by using Kyverno policies on the pod deployed by the operator of CNPG due to the needed labels are not added to the poolers !
This issue is stale because it has been open for 60 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Milestone keeps getting pushed, but this is very much still relevant when using cnpg together with kyverno and we have policies that we can't meet, and deployments gets blocked !
This issue is stale because it has been open for 60 days with no activity.
This issue was closed because it has been inactive for 14 days since being marked as stale.