postgres-operator icon indicating copy to clipboard operation
postgres-operator copied to clipboard

Published 20 hours ago verified publisher icon zalando

Infrastructure roles via zalando/postgres-operator do not create the required roles as per the documentation.

Open Sudeepta92 opened this issue 3 years ago • 4 comments

Firstly, is there anyone who can provide a working step by step instruction for this topic?

Also, there is a similar issue raised previously in #1618

I have tried creating infrastructure roles in both ways mentioned in the document and none seem to ahve worked.

  1. With the infrastructure roles secret only
  2. With both the the secret and the infrastructure role ConfigMap.

Method 1-The manifests used:

Secret:

apiVersion: v1
kind: Secret
metadata:
  name: postgresbackup-infrastructure-roles
  namespace: zalando
data:
  user1: YmFja3VwX3VzZXI=
  password1: c2VjcmV0
  inrole1: b3BlcmF0b3I=`

Operatorconfiguration:

apiVersion: "acid.zalan.do/v1"
kind: OperatorConfiguration
metadata:
  name: postgresql-operator-configuration
  namespace: zalando
configuration:
  kubernetes:
    infrastructure_roles_secrets:
    - secretname: "postgresbackup-infrastructure-roles"
      userkey: "user1"
      passwordkey: "password1"
      rolekey: "inrole1"

Method 2-The manifests used:

Secret:

apiVersion: v1
data:
  user1: cm9ib3Rfem1vbl9hY2lkX21vbml0b3Jpbmc=
  password1: Zm9vYmFy
  inrole1: cm9ib3Rfem1vbg==
  user2: dGVzdHVzZXI=
  password2: dGVzdHBhc3N3b3Jk
  batman: anVzdGljZQ==
kind: Secret
metadata:
  name: postgresql-infrastructure-roles
  namespace: default
type: Opaque

Configmap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: postgresql-infrastructure-roles
data:
  batman: |
    inrole: [admin]  # following roles will be assigned to the new user
    user_flags:
      - createdb
    db_parameters:  # db parameters, applied for this particular user
      log_statement: all

I also created pacthes for both methods- for operatorconfiguration and configmap so as to set the pod envrionment, like:

apiVersion: v1
kind: ConfigMap
metadata:
  name: postgres-operator
data:
  pod_environment_configmap: "zalando/postgresql-infrastructure-roles"

Sudeepta92 avatar Jan 31 '22 10:01 Sudeepta92

Could you please provide a valid example on how to create an infrastructure role with the combination of Secret, ConfigMap and OperatorConfiguration?

Thanks

JuanRamino avatar Aug 18 '22 08:08 JuanRamino

I had same problem. And this works for me only in old style like: CRD:

kind: OperatorConfiguration
metadata:
  name: postgresql-operator-default-configuration
configuration:
...
    infrastructure_roles_secret_name: "postgresql-infrastructure-roles"
...

Secret:

stringData:
  user1: monuser
  password1: pass
  inrole1: pg_monitor
kind: Secret
metadata:
  name: postgresql-infrastructure-roles
  namespace: test
type: Opaque

FactorT avatar Oct 18 '22 08:10 FactorT

Is this issue still being fixed? it passed over a year since the last comment here. I'm facing the same issue and these configs @FactorT don't work for me.

Also I've noticed that you have the OperatorConfiguration in default namespace but the secret is in test namespace. From the k8s api the OperatorConfiguration is namespaced, how does it work for you then?

rotarur avatar Dec 06 '23 09:12 rotarur

I have the same issue. For me only old method works - specifying infrastructure role through CRD config by infrastructure_roles_secret_name parameter.

apiVersion: "acid.zalan.do/v1"
kind: OperatorConfiguration
metadata:
  name: postgresql-operator-configuration
configuration:
  kubernetes:
    infrastructure_roles_secret_name: "postgresql-infrastructure-roles"
...

tolikkostin avatar Jan 05 '24 13:01 tolikkostin