postgres-operator icon indicating copy to clipboard operation
postgres-operator copied to clipboard

Published 20 hours ago verified publisher icon zalando

Setting - allowedSourceRanges: [] does not work

Open thpang opened this issue 2 years ago • 1 comments

Please, answer some short questions which should help us to understand your problem / question better?

  • Which image of the operator are you using? registry.opensource.zalan.do/acid/postgres-operator:v1.9.0
  • Where do you run it - cloud or metal? Kubernetes or OpenShift? metal - OSS Upstream Kubernetes
  • Are you running Postgres Operator in production? no
  • Type of issue? Bug report

The services being created to not honor the empty list when assigned to allowedSourceRanges

This causes issues on bare metal systems that do not handle the loadBalancerSourceRanges entry in the service manifest.

If I set the following:

allowedSourceRanges: []

It is always replaced by:

  loadBalancerSourceRanges:
    - 127.0.0.1/32

in the service for the database

Here is the yaml being applied:

apiVersion: acid.zalan.do/v1
kind: postgresql
metadata:
  namespace: "zalando-cluster-default"
  name: "zalando-cluster-default-db"
spec:
  teamId: "sas"
  enableMasterLoadBalancer: True
  enableReplicaLoadBalancer: False
  enableConnectionPooler: False
  enableReplicaConnectionPooler: False
  enableMasterPoolerLoadBalancer: False
  enableReplicaPoolerLoadBalancer: False
  numberOfInstances: 1
  allowedSourceRanges: []
  postgresql:
    version: "15"
    parameters:  # Expert section
      max_prepared_transactions: "1024"
      max_connections: "1024"
      log_statement: "all"
  volume:
    size: "50Gi"
    storageClass: "default"

Some general remarks when posting a bug report:

  • Please, check the operator, pod (Patroni) and postgresql logs first. When copy-pasting many log lines please do it in a separate GitHub gist together with your Postgres CRD and configuration manifest.
  • If you feel this issue might be more related to the Spilo docker image or Patroni, consider opening issues in the respective repos.

thpang avatar Jul 28 '23 20:07 thpang

By describe service (k8s): ... Events: Type Reason Age From Message

Normal DeletedLoadBalancer 12s service-controller Deleted load balancer Normal Type 7s service-controller ClusterIP -> LoadBalancer Normal Type 7s service-controller ClusterIP -> LoadBalancer Normal EnsuringLoadBalancer 0s (x2 over 7s) service-controller Ensuring load balancer Warning SyncLoadBalancerFailed 0s (x2 over 7s) service-controller Error syncing load balancer: failed to ensure load balancer: incorrect loadbalancer specification: loadbalancerSourceRanges are unsupported

AUMakarov avatar Jan 23 '24 07:01 AUMakarov