CrunchyData
Drop Container Capabilities
As far as I see there is no reason to keep all the capabilities and we can drop all of them in Container Security Context:
capabilities:
drop:
- ALL
What do you think about? Please tell me if there is a specific need, otherwise I am happy to create a PR as a follow up of https://github.com/CrunchyData/postgres-operator-examples/pull/55
@alex1989hu Yup, I think that is the direction we want to head in. We have not thoroughly tested doing so across all the containers yet. That said, I do agree with the change in principle.
Have you tested dropping the capabilities?
@alex1989hu Yup, I think that is the direction we want to head in. We have not thoroughly tested doing so across all the containers yet. That said, I do agree with the change in principle.
Have you tested dropping the capabilities?
Yes, here is the Operator output with dropped capabilities:
time="2021-11-19T11:52:38Z" level=debug msg="debug flag set to true" file="cmd/postgres-operator/main.go:62" func=main.main version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="metrics server is starting to listen" addr=":8080" file="sigs.k8s.io/[email protected]/pkg/log/deleg.go:130" func="log.(*DelegatingLogger).Info" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="starting controller runtime manager and will wait for signal to exit" file="cmd/postgres-operator/main.go:83" func=main.main version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="starting metrics server" file="sigs.k8s.io/[email protected]/pkg/manager/internal.go:385" func="manager.(*controllerManager).serveMetrics.func2" path=/metrics version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:38Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:39Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:39Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:39Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:39Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:39Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:39Z" level=info msg="Starting EventSource" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:165" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster source="kind source: /, Kind=" version=5.0.3-0 time="2021-11-19T11:52:39Z" level=info msg="Starting Controller" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:173" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:52:39Z" level=info msg="Starting workers" file="sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:211" func="controller.(*Controller).Start.func1" reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 worker count=2 time="2021-11-19T11:55:45Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg=Normal file="sigs.k8s.io/[email protected]/pkg/internal/recorder/recorder.go:98" func="recorder.(*Provider).getBroadcaster.func1.1" message="created pgBackRest repository host StatefulSet/foo-repo-host" object="{PostgresCluster alex foo 77e90c43-5db8-428e-a67d-11d93b4af348 postgres-operator.crunchydata.com/v1beta1 10307 }" reason=RepoHostCreated version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="patched cluster status" file="internal/controller/postgrescluster/controller.go:171" func="postgrescluster.(*Reconciler).Reconcile.func2" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:45Z" level=debug msg="patched cluster status" file="internal/controller/postgrescluster/controller.go:171" func="postgrescluster.(*Reconciler).Reconcile.func2" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:46Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:46Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:46Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:46Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:46Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:49Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:50Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="patched cluster status" file="internal/controller/postgrescluster/controller.go:171" func="postgrescluster.(*Reconciler).Reconcile.func2" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="patched cluster status" file="internal/controller/postgrescluster/controller.go:171" func="postgrescluster.(*Reconciler).Reconcile.func2" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:51Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:56Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:55:56Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:56Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:56Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:56Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:56Z" level=debug msg="enabled pgAudit" file="internal/pgaudit/postgres.go:58" func=pgaudit.EnableInPostgreSQL name=foo namespace=alex pod=foo-postgres-ckk6-0 reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=86957996b stderr= stdout= version=5.0.3-0 time="2021-11-19T11:55:57Z" level=debug msg="created PostgreSQL databases" file="internal/postgres/databases.go:80" func=postgres.CreateDatabasesInPostgreSQL name=foo namespace=alex pod=foo-postgres-ckk6-0 reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=86957996b stderr= stdout= version=5.0.3-0 time="2021-11-19T11:55:57Z" level=debug msg="wrote PostgreSQL users" file="internal/postgres/users.go:131" func=postgres.WriteUsersInPostgreSQL name=foo namespace=alex pod=foo-postgres-ckk6-0 reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=6d5fb668d9 stderr= stdout= version=5.0.3-0 time="2021-11-19T11:55:58Z" level=error msg="unable to create stanza" error="command terminated with exit code 125: ERROR: [125]: remote-0 process on 'foo-repo-host-0.foo-pods.alex.svc.cluster.local.' terminated unexpectedly [255]: ssh: Could not resolve hostname foo-repo-host-0.foo-pods.alex.svc.cluster.local.: Name or service not known\n" file="internal/controller/postgrescluster/pgbackrest.go:2308" func="postgrescluster.(*Reconciler).reconcileStanzaCreate" name=foo namespace=alex reconciler=pgBackRest reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:58Z" level=debug msg=Warning file="sigs.k8s.io/[email protected]/pkg/internal/recorder/recorder.go:98" func="recorder.(*Provider).getBroadcaster.func1.1" message="command terminated with exit code 125: ERROR: [125]: remote-0 process on 'foo-repo-host-0.foo-pods.alex.svc.cluster.local.' terminated unexpectedly [255]: ssh: Could not resolve hostname foo-repo-host-0.foo-pods.alex.svc.cluster.local.: Name or service not known\n" object="{PostgresCluster alex foo 77e90c43-5db8-428e-a67d-11d93b4af348 postgres-operator.crunchydata.com/v1beta1 10481 }" reason=UnableToCreateStanzas version=5.0.3-0 time="2021-11-19T11:55:58Z" level=debug msg="removed PgBouncer objects" file="internal/pgbouncer/postgres.go:110" func=pgbouncer.DisableInPostgreSQL name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=5c9966f6bc stderr= stdout= version=5.0.3-0 time="2021-11-19T11:55:58Z" level=debug msg="removed PgBouncer user" file="internal/pgbouncer/postgres.go:124" func=pgbouncer.DisableInPostgreSQL name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=5c9966f6bc stderr= stdout= version=5.0.3-0 time="2021-11-19T11:55:58Z" level=debug msg="monitoring user disabled" file="internal/pgmonitor/postgres.go:81" func=pgmonitor.DisableExporterInPostgreSQL name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=559c4c97d6 stderr= stdout= version=5.0.3-0 time="2021-11-19T11:55:58Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:58Z" level=debug msg="patched cluster status" file="internal/controller/postgrescluster/controller.go:171" func="postgrescluster.(*Reconciler).Reconcile.func2" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:59Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:55:59Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:59Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:59Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:59Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:55:59Z" level=debug msg="enabled pgAudit" file="internal/pgaudit/postgres.go:58" func=pgaudit.EnableInPostgreSQL name=foo namespace=alex pod=foo-postgres-ckk6-0 reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=86957996b stderr= stdout= version=5.0.3-0 time="2021-11-19T11:55:59Z" level=debug msg="created PostgreSQL databases" file="internal/postgres/databases.go:80" func=postgres.CreateDatabasesInPostgreSQL name=foo namespace=alex pod=foo-postgres-ckk6-0 reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=86957996b stderr= stdout= version=5.0.3-0 time="2021-11-19T11:55:59Z" level=debug msg="wrote PostgreSQL users" file="internal/postgres/users.go:131" func=postgres.WriteUsersInPostgreSQL name=foo namespace=alex pod=foo-postgres-ckk6-0 reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=6d5fb668d9 stderr= stdout= version=5.0.3-0 time="2021-11-19T11:56:00Z" level=error msg="unable to create stanza" error="command terminated with exit code 125: ERROR: [125]: remote-0 process on 'foo-repo-host-0.foo-pods.alex.svc.cluster.local.' terminated unexpectedly [255]: ssh: Could not resolve hostname foo-repo-host-0.foo-pods.alex.svc.cluster.local.: Name or service not known\n" file="internal/controller/postgrescluster/pgbackrest.go:2308" func="postgrescluster.(*Reconciler).reconcileStanzaCreate" name=foo namespace=alex reconciler=pgBackRest reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:00Z" level=debug msg=Warning file="sigs.k8s.io/[email protected]/pkg/internal/recorder/recorder.go:98" func="recorder.(*Provider).getBroadcaster.func1.1" message="command terminated with exit code 125: ERROR: [125]: remote-0 process on 'foo-repo-host-0.foo-pods.alex.svc.cluster.local.' terminated unexpectedly [255]: ssh: Could not resolve hostname foo-repo-host-0.foo-pods.alex.svc.cluster.local.: Name or service not known\n" object="{PostgresCluster alex foo 77e90c43-5db8-428e-a67d-11d93b4af348 postgres-operator.crunchydata.com/v1beta1 10481 }" reason=UnableToCreateStanzas version=5.0.3-0 time="2021-11-19T11:56:00Z" level=debug msg="removed PgBouncer objects" file="internal/pgbouncer/postgres.go:110" func=pgbouncer.DisableInPostgreSQL name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=5c9966f6bc stderr= stdout= version=5.0.3-0 time="2021-11-19T11:56:00Z" level=debug msg="removed PgBouncer user" file="internal/pgbouncer/postgres.go:124" func=pgbouncer.DisableInPostgreSQL name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=5c9966f6bc stderr= stdout= version=5.0.3-0 time="2021-11-19T11:56:00Z" level=debug msg="monitoring user disabled" file="internal/pgmonitor/postgres.go:81" func=pgmonitor.DisableExporterInPostgreSQL name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster revision=559c4c97d6 stderr= stdout= version=5.0.3-0 time="2021-11-19T11:56:00Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:00Z" level=debug msg="patched cluster status" file="internal/controller/postgrescluster/controller.go:171" func="postgrescluster.(*Reconciler).Reconcile.func2" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:01Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:56:01Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:01Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:01Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:01Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg=Normal file="sigs.k8s.io/[email protected]/pkg/internal/recorder/recorder.go:98" func="recorder.(*Provider).getBroadcaster.func1.1" message="pgBackRest stanza creation completed successfully" object="{PostgresCluster alex foo 77e90c43-5db8-428e-a67d-11d93b4af348 postgres-operator.crunchydata.com/v1beta1 10625 }" reason=StanzasCreated version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg="patched cluster status" file="internal/controller/postgrescluster/controller.go:171" func="postgrescluster.(*Reconciler).Reconcile.func2" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:02Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:03Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:56:03Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:03Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:03Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:03Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:03Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:08Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:56:08Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:09Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:09Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:09Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:09Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:21Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:56:21Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:21Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:21Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:21Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:21Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:21Z" level=debug msg="patched cluster status" file="internal/controller/postgrescluster/controller.go:171" func="postgrescluster.(*Reconciler).Reconcile.func2" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:22Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:56:22Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:22Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:22Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:22Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:22Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:22Z" level=debug msg="replaced configuration" file="internal/patroni/api.go:86" func=patroni.Executor.ReplaceConfiguration name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster stderr= stdout="Not changed\n" version=5.0.3-0 time="2021-11-19T11:56:22Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-ckk6 name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:23Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-xjcs name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:23Z" level=debug msg="reconciled instance" file="internal/controller/postgrescluster/instance.go:1094" func="postgrescluster.(*Reconciler).reconcileInstance" instance=foo-postgres-8q7g name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:23Z" level=debug msg="reconciled instance set" file="internal/controller/postgrescluster/instance.go:988" func="postgrescluster.(*Reconciler).scaleUpInstances" instance-set=postgres name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0 time="2021-11-19T11:56:23Z" level=debug msg="reconciled cluster" file="internal/controller/postgrescluster/controller.go:299" func="postgrescluster.(*Reconciler).Reconcile" name=foo namespace=alex reconciler group=postgres-operator.crunchydata.com reconciler kind=PostgresCluster version=5.0.3-0
I was able to create a Postgres Cluster:
kubectl -n alex describe postgresclusters.postgres-operator.crunchydata.com foo
Name: foo
Namespace: alex
Labels: <none>
Annotations: <none>
API Version: postgres-operator.crunchydata.com/v1beta1
Kind: PostgresCluster
Metadata:
Creation Timestamp: 2021-11-19T11:55:45Z
Finalizers:
postgres-operator.crunchydata.com/finalizer
Generation: 1
Managed Fields:
API Version: postgres-operator.crunchydata.com/v1beta1
Fields Type: FieldsV1
fieldsV1:
f:spec:
.:
f:backups:
.:
f:pgbackrest:
.:
f:repos:
.:
k:{"name":"repo1"}:
.:
f:name:
f:volume:
.:
f:volumeClaimSpec:
.:
f:accessModes:
f:resources:
.:
f:requests:
.:
f:storage:
f:instances:
.:
k:{"name":"postgres"}:
.:
f:affinity:
.:
f:podAntiAffinity:
.:
f:requiredDuringSchedulingIgnoredDuringExecution:
f:dataVolumeClaimSpec:
.:
f:accessModes:
f:resources:
.:
f:requests:
.:
f:storage:
f:metadata:
.:
f:annotations:
.:
f:co.elastic.logs/enabled:
f:name:
f:replicas:
f:port:
f:postgresVersion:
Manager: kubectl-create
Operation: Update
Time: 2021-11-19T11:55:45Z
API Version: postgres-operator.crunchydata.com/v1beta1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
.:
v:"postgres-operator.crunchydata.com/finalizer":
Manager: postgrescluster-controller
Operation: Update
Time: 2021-11-19T11:55:45Z
API Version: postgres-operator.crunchydata.com/v1beta1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
.:
k:{"type":"PGBackRestReplicaCreate"}:
.:
f:lastTransitionTime:
f:message:
f:observedGeneration:
f:reason:
f:status:
f:type:
k:{"type":"PGBackRestReplicaRepoReady"}:
.:
f:lastTransitionTime:
f:message:
f:observedGeneration:
f:reason:
f:status:
f:type:
k:{"type":"PGBackRestRepoHostReady"}:
.:
f:lastTransitionTime:
f:message:
f:observedGeneration:
f:reason:
f:status:
f:type:
f:databaseRevision:
f:instances:
.:
k:{"name":"postgres"}:
.:
f:name:
f:readyReplicas:
f:replicas:
f:updatedReplicas:
f:monitoring:
.:
f:exporterConfiguration:
f:observedGeneration:
f:patroni:
.:
f:systemIdentifier:
f:pgbackrest:
.:
f:repoHost:
.:
f:apiVersion:
f:kind:
f:ready:
f:repos:
.:
k:{"name":"repo1"}:
.:
f:bound:
f:name:
f:replicaCreateBackupComplete:
f:stanzaCreated:
f:volume:
f:proxy:
.:
f:pgBouncer:
.:
f:postgresRevision:
f:usersRevision:
Manager: postgrescluster-controller
Operation: Update
Subresource: status
Time: 2021-11-19T11:56:21Z
Resource Version: 10705
UID: 77e90c43-5db8-428e-a67d-11d93b4af348
Spec:
Backups:
Pgbackrest:
Repos:
Name: repo1
Volume:
Volume Claim Spec:
Access Modes:
ReadWriteOnce
Resources:
Requests:
Storage: 1Gi
Instances:
Affinity:
Pod Anti Affinity:
Required During Scheduling Ignored During Execution:
Label Selector:
Match Labels:
postgres-operator.crunchydata.com/cluster: foo
postgres-operator.crunchydata.com/instance-set: postgres
Topology Key: kubernetes.io/hostname
Data Volume Claim Spec:
Access Modes:
ReadWriteOnce
Resources:
Requests:
Storage: 500Mi
Metadata:
Annotations:
co.elastic.logs/enabled: true
Name: postgres
Replicas: 3
Port: 5432
Postgres Version: 13
Status:
Conditions:
Last Transition Time: 2021-11-19T11:55:59Z
Message: pgBackRest dedicated repository host is ready
Observed Generation: 1
Reason: RepoHostReady
Status: True
Type: PGBackRestRepoHostReady
Last Transition Time: 2021-11-19T11:56:02Z
Message: pgBackRest replica create repo is ready for backups
Observed Generation: 1
Reason: StanzaCreated
Status: True
Type: PGBackRestReplicaRepoReady
Last Transition Time: 2021-11-19T11:56:21Z
Message: pgBackRest replica creation is now possible
Observed Generation: 1
Reason: RepoBackupComplete
Status: True
Type: PGBackRestReplicaCreate
Database Revision: 86957996b
Instances:
Name: postgres
Ready Replicas: 3
Replicas: 3
Updated Replicas: 3
Monitoring:
Exporter Configuration: 559c4c97d6
Observed Generation: 1
Patroni:
System Identifier: 7032248538980384877
Pgbackrest:
Repo Host:
API Version: apps/v1
Kind: StatefulSet
Ready: true
Repos:
Bound: true
Name: repo1
Replica Create Backup Complete: true
Stanza Created: true
Volume: pvc-677d110f-eda4-4f6f-8987-a605415fb26b
Proxy:
Pg Bouncer:
Postgres Revision: 5c9966f6bc
Users Revision: 6d5fb668d9
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal RepoHostCreated 3m2s postgrescluster-controller created pgBackRest repository host StatefulSet/foo-repo-host
Warning UnableToCreateStanzas 2m47s (x2 over 2m49s) postgrescluster-controller command terminated with exit code 125: ERROR: [125]: remote-0 process on 'foo-repo-host-0.foo-pods.alex.svc.cluster.local.' terminated unexpectedly [255]: ssh: Could not resolve hostname foo-repo-host-0.foo-pods.alex.svc.cluster.local.: Name or service not known
Normal StanzasCreated 2m45s postgrescluster-controller pgBackRest stanza creation completed successfully
Yeah, I think it's safe to do this on the Operator container itself. I'd like to put it into our e2e pipeline to ensure all the other various functionalities still work.
That said, I think we can try to target adding that directive for the v5.1 release.
The following securityContext is required by
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: v1.23
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]
For the operator I can configure through the kustomize files. But for the database I had to change manually the deployment/statefulsets . Can we make this configurable somehow?
I'll confess interest in having this along with having this pass the Trivy security scanner for all configuration values.
