From a4587a15217224ca025b3a820c6906664a51be4f Mon Sep 17 00:00:00 2001 From: Ants Aasma Date: Fri, 21 Mar 2025 16:59:59 +0200 Subject: [PATCH 01/17] Be consistent about adding monitoring user to spec Ideally we should be using the same approach as other system users, but for a quick fix try just being consistent about how it is created. --- .../cpo.opensource.cybertec.at/v1/util.go | 8 ++++++ pkg/cluster/cluster.go | 25 +++---------------- 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/pkg/apis/cpo.opensource.cybertec.at/v1/util.go b/pkg/apis/cpo.opensource.cybertec.at/v1/util.go index 1de09f19d..89f65baad 100644 --- a/pkg/apis/cpo.opensource.cybertec.at/v1/util.go +++ b/pkg/apis/cpo.opensource.cybertec.at/v1/util.go @@ -2,6 +2,7 @@ package v1 import ( "fmt" + "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/constants" "regexp" "strings" "time" @@ -120,3 +121,10 @@ func (b *Backup) GetRestoreID() string { } return b.Pgbackrest.Restore.ID } + +func (p *Postgresql) AddMonitoringUser(monitorUsername string) { + if p.Spec.Users == nil { + p.Spec.Users = make(map[string]UserFlags) + } + p.Spec.Users[monitorUsername] = UserFlags{constants.RoleFlagLogin} +} diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 615df9d69..6a376ebfb 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -128,14 +128,7 @@ func New(cfg Config, kubeClient k8sutil.KubernetesClient, pgSpec cpov1.Postgresq passwordEncryption = "scram-sha-256" } if pgSpec.Spec.Monitoring != nil { - flg := cpov1.UserFlags{constants.RoleFlagLogin} - if pgSpec.Spec.Users != nil { - pgSpec.Spec.Users[monitorUsername] = flg - } else { - users := make(map[string]cpov1.UserFlags) - pgSpec.Spec.Users = users - pgSpec.Spec.Users[monitorUsername] = flg - } + pgSpec.AddMonitoringUser(monitorUsername) } cluster := &Cluster{ Config: cfg, @@ -961,22 +954,12 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error { updateFailed = true } } - //Add monitoring user if required - if newSpec.Spec.Monitoring != nil { - flags := []string{constants.RoleFlagLogin} - monitorUser := map[string]spec.PgUser{ - monitorUsername: { - Origin: spec.RoleOriginInfrastructure, - Name: monitorUsername, - Namespace: c.Namespace, - Flags: flags, - }, - } - c.pgUsers[monitorUsername] = monitorUser[monitorUsername] - } //Check if monitoring user is added in manifest if _, ok := newSpec.Spec.Users["cpo-exporter"]; ok { c.logger.Error("creating user of name cpo-exporter is not allowed as it is reserved for monitoring") + updateFailed = true + } else if newSpec.Spec.Monitoring != nil { + newSpec.AddMonitoringUser(monitorUsername) } // Users From bbe208902b15f830d7a17987421cb407918c49aa Mon Sep 17 00:00:00 2001 From: matthias Date: Sun, 23 Mar 2025 15:26:51 +0100 Subject: [PATCH 02/17] added monitoring-user to initSystemUsers() & added to update-func check for the need to create monitoring user --- pkg/cluster/cluster.go | 21 ++++++++++++++++++++- pkg/spec/types.go | 3 +++ pkg/util/constants/roles.go | 1 + 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 6a376ebfb..9a027a164 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -973,11 +973,14 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error { // only when disabled in oldSpec and enabled in newSpec needPoolerUser := c.needConnectionPoolerUser(&oldSpec.Spec, &newSpec.Spec) + // Check if Monitor-User needs to be created + needMonitoring := newSpec.Spec.Monitoring != nil && oldSpec.Spec.Monitoring == nil + // streams new replication user created who is initialized in initUsers // only when streams were not specified in oldSpec but in newSpec needStreamUser := len(oldSpec.Spec.Streams) == 0 && len(newSpec.Spec.Streams) > 0 - if !sameUsers || !sameRotatedUsers || needPoolerUser || needStreamUser { + if !sameUsers || !sameRotatedUsers || needPoolerUser || needMonitoring || needStreamUser { c.logger.Debugf("initialize users") if err := c.initUsers(); err != nil { c.logger.Errorf("could not init users - skipping sync of secrets and databases: %v", err) @@ -1443,6 +1446,22 @@ func (c *Cluster) initSystemUsers() error { } } + // if the monitor object has been created, a monitoring user is required. + if c.Spec.Monitoring != nil { + c.logger.Debugf("MONITOR: Create cpo_monitoring user") + connectionPoolerUser := spec.PgUser{ + Origin: spec.RoleMonitoring, + Name: constants.MonitoringUserKeyName, + Namespace: c.Namespace, + Flags: []string{constants.RoleFlagLogin}, + Password: util.RandomPassword(constants.PasswordLength), + } + + if _, exists := c.systemUsers[constants.MonitoringUserKeyName]; !exists { + c.systemUsers[constants.ConnectionPoolerUserKeyName] = connectionPoolerUser + } + } + // replication users for event streams are another exception // the operator will create one replication user for all streams if len(c.Spec.Streams) > 0 { diff --git a/pkg/spec/types.go b/pkg/spec/types.go index 023f9660f..2b48d2ed9 100644 --- a/pkg/spec/types.go +++ b/pkg/spec/types.go @@ -33,6 +33,7 @@ const ( RoleOriginSystem RoleOriginBootstrap RoleOriginConnectionPooler + RoleMonitoring RoleOriginStream ) @@ -198,6 +199,8 @@ func (r RoleOrigin) String() string { return "bootstrapped role" case RoleOriginConnectionPooler: return "connection pooler role" + case RoleMonitor: + return "Monitoring role" default: panic(fmt.Sprintf("bogus role origin value %d", r)) } diff --git a/pkg/util/constants/roles.go b/pkg/util/constants/roles.go index 34f1d0737..17c2355dc 100644 --- a/pkg/util/constants/roles.go +++ b/pkg/util/constants/roles.go @@ -6,6 +6,7 @@ const ( SuperuserKeyName = "superuser" ReplicationUserKeyName = "replication" ConnectionPoolerUserKeyName = "pooler" + MonitoringUserKeyName = "cpo_exporter" EventStreamUserKeyName = "streamer" RoleFlagSuperuser = "SUPERUSER" RoleFlagInherit = "INHERIT" From b018580c1bbe12f4aea3e7923abc36525e30258e Mon Sep 17 00:00:00 2001 From: matthias Date: Wed, 26 Mar 2025 12:32:02 +0100 Subject: [PATCH 03/17] modify cpo monitoring --- .../v1/zz_generated.deepcopy.go | 2 +- pkg/cluster/database.go | 45 +++++++++++++++++++ .../clientset/versioned/clientset.go | 2 +- pkg/generated/clientset/versioned/doc.go | 2 +- .../versioned/fake/clientset_generated.go | 2 +- pkg/generated/clientset/versioned/fake/doc.go | 2 +- .../clientset/versioned/fake/register.go | 2 +- .../clientset/versioned/scheme/doc.go | 2 +- .../clientset/versioned/scheme/register.go | 2 +- .../v1/cpo.opensource.cybertec.at_client.go | 2 +- .../cpo.opensource.cybertec.at/v1/doc.go | 2 +- .../cpo.opensource.cybertec.at/v1/fake/doc.go | 2 +- .../fake_cpo.opensource.cybertec.at_client.go | 2 +- .../v1/fake/fake_operatorconfiguration.go | 2 +- .../v1/fake/fake_postgresql.go | 2 +- .../v1/fake/fake_postgresteam.go | 2 +- .../v1/generated_expansion.go | 2 +- .../v1/operatorconfiguration.go | 2 +- .../v1/postgresql.go | 2 +- .../v1/postgresteam.go | 2 +- .../versioned/typed/zalando.org/v1/doc.go | 2 +- .../typed/zalando.org/v1/fabriceventstream.go | 2 +- .../typed/zalando.org/v1/fake/doc.go | 2 +- .../v1/fake/fake_fabriceventstream.go | 2 +- .../v1/fake/fake_zalando.org_client.go | 2 +- .../zalando.org/v1/generated_expansion.go | 2 +- .../zalando.org/v1/zalando.org_client.go | 2 +- .../cpo.opensource.cybertec.at/interface.go | 2 +- .../v1/interface.go | 2 +- .../v1/postgresql.go | 2 +- .../v1/postgresteam.go | 2 +- .../informers/externalversions/factory.go | 2 +- .../informers/externalversions/generic.go | 2 +- .../internalinterfaces/factory_interfaces.go | 2 +- .../externalversions/zalando.org/interface.go | 2 +- .../zalando.org/v1/fabriceventstream.go | 2 +- .../zalando.org/v1/interface.go | 2 +- .../v1/expansion_generated.go | 2 +- .../v1/postgresql.go | 2 +- .../v1/postgresteam.go | 2 +- .../zalando.org/v1/expansion_generated.go | 2 +- .../zalando.org/v1/fabriceventstream.go | 2 +- 42 files changed, 86 insertions(+), 41 deletions(-) diff --git a/pkg/apis/cpo.opensource.cybertec.at/v1/zz_generated.deepcopy.go b/pkg/apis/cpo.opensource.cybertec.at/v1/zz_generated.deepcopy.go index 8d5b34be0..9daa74e86 100644 --- a/pkg/apis/cpo.opensource.cybertec.at/v1/zz_generated.deepcopy.go +++ b/pkg/apis/cpo.opensource.cybertec.at/v1/zz_generated.deepcopy.go @@ -2,7 +2,7 @@ // +build !ignore_autogenerated /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/cluster/database.go b/pkg/cluster/database.go index 21fd23c60..9af97462a 100644 --- a/pkg/cluster/database.go +++ b/pkg/cluster/database.go @@ -106,6 +106,51 @@ const ( GRANT pg_execute_server_program TO cpo_exporter; + CREATE OR REPLACE FUNCTION exporter.update_pgbackrest_info() + RETURNS VOID AS $$ + DECLARE + last_entry_timestamp TIMESTAMP; + record_count INT; + BEGIN + SELECT COUNT(*) INTO record_count + FROM exporter.pgbackrestbackupinfo; + + IF record_count > 0 THEN + SELECT data_time INTO last_entry_timestamp + FROM exporter.pgbackrestbackupinfo + ORDER BY data_time DESC + LIMIT 1; + + IF last_entry_timestamp < NOW() - INTERVAL '5 minutes' THEN + DELETE FROM exporter.pgbackrestbackupinfo; + ELSE + RETURN; + END IF; + END IF; + + EXECUTE format( + 'COPY exporter.pgbackrestbackupinfo (data) FROM program ''pgbackrest info --output=json'' WITH (FORMAT text, DELIMITER ''|'')' + ); + END; + $$ LANGUAGE plpgsql; + ` + cpoMonitoring = ` + GRANT pg_monitor TO cpo_exporter; + GRANT SELECT ON TABLE pg_authid TO cpo_exporter; + + CREATE SCHEMA IF NOT EXISTS exporter; + ALTER SCHEMA exporter OWNER TO cpo_exporter; + CREATE EXTENSION IF NOT EXISTS pgnodemx with SCHEMA exporter; + alter extension pgnodemx UPDATE; + CREATE TABLE IF NOT EXISTS exporter.pgbackrestbackupinfo ( + data jsonb NOT NULL, + data_time timestamp with time zone DEFAULT now() NOT NULL + ) + WITH (autovacuum_analyze_scale_factor='0', autovacuum_vacuum_scale_factor='0', autovacuum_vacuum_threshold='2', autovacuum_analyze_threshold='2'); + ALTER TABLE exporter.pgbackrestbackupinfo OWNER TO cpo_exporter; + + GRANT pg_execute_server_program TO cpo_exporter; + CREATE OR REPLACE FUNCTION exporter.update_pgbackrest_info() RETURNS VOID AS $$ DECLARE diff --git a/pkg/generated/clientset/versioned/clientset.go b/pkg/generated/clientset/versioned/clientset.go index f7c645ed9..968093781 100644 --- a/pkg/generated/clientset/versioned/clientset.go +++ b/pkg/generated/clientset/versioned/clientset.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/doc.go b/pkg/generated/clientset/versioned/doc.go index 4c3683194..34b48f910 100644 --- a/pkg/generated/clientset/versioned/doc.go +++ b/pkg/generated/clientset/versioned/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/fake/clientset_generated.go b/pkg/generated/clientset/versioned/fake/clientset_generated.go index 53fdbcbf3..8849f8335 100644 --- a/pkg/generated/clientset/versioned/fake/clientset_generated.go +++ b/pkg/generated/clientset/versioned/fake/clientset_generated.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/fake/doc.go b/pkg/generated/clientset/versioned/fake/doc.go index 78f1ed834..7548400fa 100644 --- a/pkg/generated/clientset/versioned/fake/doc.go +++ b/pkg/generated/clientset/versioned/fake/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/fake/register.go b/pkg/generated/clientset/versioned/fake/register.go index 9ac0f6655..0fe8db883 100644 --- a/pkg/generated/clientset/versioned/fake/register.go +++ b/pkg/generated/clientset/versioned/fake/register.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/scheme/doc.go b/pkg/generated/clientset/versioned/scheme/doc.go index 1aa580cc1..1f79f0496 100644 --- a/pkg/generated/clientset/versioned/scheme/doc.go +++ b/pkg/generated/clientset/versioned/scheme/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/scheme/register.go b/pkg/generated/clientset/versioned/scheme/register.go index 99ebde680..f6e96ac83 100644 --- a/pkg/generated/clientset/versioned/scheme/register.go +++ b/pkg/generated/clientset/versioned/scheme/register.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/cpo.opensource.cybertec.at_client.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/cpo.opensource.cybertec.at_client.go index 1c4401eec..8d1b5ed76 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/cpo.opensource.cybertec.at_client.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/cpo.opensource.cybertec.at_client.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/doc.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/doc.go index 34e16f7ad..5c6f06565 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/doc.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/doc.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/doc.go index a5ceefe98..63b4b5b8f 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/doc.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_cpo.opensource.cybertec.at_client.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_cpo.opensource.cybertec.at_client.go index 3c4fccda3..c0fb5138f 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_cpo.opensource.cybertec.at_client.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_cpo.opensource.cybertec.at_client.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_operatorconfiguration.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_operatorconfiguration.go index 00e5cfcd0..b26cab5e4 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_operatorconfiguration.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_operatorconfiguration.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_postgresql.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_postgresql.go index 8b0ded47c..c7768f827 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_postgresql.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_postgresql.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_postgresteam.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_postgresteam.go index e076f587f..53f02592d 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_postgresteam.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/fake/fake_postgresteam.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/generated_expansion.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/generated_expansion.go index ba0d6503a..8a5e126d7 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/generated_expansion.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/generated_expansion.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/operatorconfiguration.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/operatorconfiguration.go index a825221bc..c594c76a1 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/operatorconfiguration.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/operatorconfiguration.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/postgresql.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/postgresql.go index bb13bf7f3..b1b23e627 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/postgresql.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/postgresql.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/postgresteam.go b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/postgresteam.go index b0c0c0ba4..97336ef60 100644 --- a/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/postgresteam.go +++ b/pkg/generated/clientset/versioned/typed/cpo.opensource.cybertec.at/v1/postgresteam.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/zalando.org/v1/doc.go b/pkg/generated/clientset/versioned/typed/zalando.org/v1/doc.go index 34e16f7ad..5c6f06565 100644 --- a/pkg/generated/clientset/versioned/typed/zalando.org/v1/doc.go +++ b/pkg/generated/clientset/versioned/typed/zalando.org/v1/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/zalando.org/v1/fabriceventstream.go b/pkg/generated/clientset/versioned/typed/zalando.org/v1/fabriceventstream.go index df925d241..1005b846d 100644 --- a/pkg/generated/clientset/versioned/typed/zalando.org/v1/fabriceventstream.go +++ b/pkg/generated/clientset/versioned/typed/zalando.org/v1/fabriceventstream.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/doc.go b/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/doc.go index a5ceefe98..63b4b5b8f 100644 --- a/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/doc.go +++ b/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/doc.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/fake_fabriceventstream.go b/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/fake_fabriceventstream.go index fe32cfd20..1b6d5b823 100644 --- a/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/fake_fabriceventstream.go +++ b/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/fake_fabriceventstream.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/fake_zalando.org_client.go b/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/fake_zalando.org_client.go index 09daf52b2..93aee67cd 100644 --- a/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/fake_zalando.org_client.go +++ b/pkg/generated/clientset/versioned/typed/zalando.org/v1/fake/fake_zalando.org_client.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/zalando.org/v1/generated_expansion.go b/pkg/generated/clientset/versioned/typed/zalando.org/v1/generated_expansion.go index 8d52d5161..4d1d3e37e 100644 --- a/pkg/generated/clientset/versioned/typed/zalando.org/v1/generated_expansion.go +++ b/pkg/generated/clientset/versioned/typed/zalando.org/v1/generated_expansion.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/clientset/versioned/typed/zalando.org/v1/zalando.org_client.go b/pkg/generated/clientset/versioned/typed/zalando.org/v1/zalando.org_client.go index 7ba687058..e51ce2001 100644 --- a/pkg/generated/clientset/versioned/typed/zalando.org/v1/zalando.org_client.go +++ b/pkg/generated/clientset/versioned/typed/zalando.org/v1/zalando.org_client.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/interface.go b/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/interface.go index f914a49c7..df73137c1 100644 --- a/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/interface.go +++ b/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/interface.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/interface.go b/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/interface.go index b0c18ad53..6ba0dd635 100644 --- a/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/interface.go +++ b/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/interface.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/postgresql.go b/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/postgresql.go index ca662e540..e7cdaac3d 100644 --- a/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/postgresql.go +++ b/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/postgresql.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/postgresteam.go b/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/postgresteam.go index 24ad8df01..f06f5858f 100644 --- a/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/postgresteam.go +++ b/pkg/generated/informers/externalversions/cpo.opensource.cybertec.at/v1/postgresteam.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/factory.go b/pkg/generated/informers/externalversions/factory.go index 8ca28a7ef..e12eab80b 100644 --- a/pkg/generated/informers/externalversions/factory.go +++ b/pkg/generated/informers/externalversions/factory.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/generic.go b/pkg/generated/informers/externalversions/generic.go index c607ad6e0..087d4cf5c 100644 --- a/pkg/generated/informers/externalversions/generic.go +++ b/pkg/generated/informers/externalversions/generic.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/internalinterfaces/factory_interfaces.go b/pkg/generated/informers/externalversions/internalinterfaces/factory_interfaces.go index 4dabc58a6..a735e8a32 100644 --- a/pkg/generated/informers/externalversions/internalinterfaces/factory_interfaces.go +++ b/pkg/generated/informers/externalversions/internalinterfaces/factory_interfaces.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/zalando.org/interface.go b/pkg/generated/informers/externalversions/zalando.org/interface.go index f63e0f5e6..3f1f1f8c4 100644 --- a/pkg/generated/informers/externalversions/zalando.org/interface.go +++ b/pkg/generated/informers/externalversions/zalando.org/interface.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/zalando.org/v1/fabriceventstream.go b/pkg/generated/informers/externalversions/zalando.org/v1/fabriceventstream.go index dd450ef30..c6c7d2e52 100644 --- a/pkg/generated/informers/externalversions/zalando.org/v1/fabriceventstream.go +++ b/pkg/generated/informers/externalversions/zalando.org/v1/fabriceventstream.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/informers/externalversions/zalando.org/v1/interface.go b/pkg/generated/informers/externalversions/zalando.org/v1/interface.go index 290809a9b..771de4a42 100644 --- a/pkg/generated/informers/externalversions/zalando.org/v1/interface.go +++ b/pkg/generated/informers/externalversions/zalando.org/v1/interface.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/listers/cpo.opensource.cybertec.at/v1/expansion_generated.go b/pkg/generated/listers/cpo.opensource.cybertec.at/v1/expansion_generated.go index e7eefa957..dff5ce3f1 100644 --- a/pkg/generated/listers/cpo.opensource.cybertec.at/v1/expansion_generated.go +++ b/pkg/generated/listers/cpo.opensource.cybertec.at/v1/expansion_generated.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/listers/cpo.opensource.cybertec.at/v1/postgresql.go b/pkg/generated/listers/cpo.opensource.cybertec.at/v1/postgresql.go index c3ed09335..9db4a5959 100644 --- a/pkg/generated/listers/cpo.opensource.cybertec.at/v1/postgresql.go +++ b/pkg/generated/listers/cpo.opensource.cybertec.at/v1/postgresql.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/listers/cpo.opensource.cybertec.at/v1/postgresteam.go b/pkg/generated/listers/cpo.opensource.cybertec.at/v1/postgresteam.go index 959f6c808..0002f702d 100644 --- a/pkg/generated/listers/cpo.opensource.cybertec.at/v1/postgresteam.go +++ b/pkg/generated/listers/cpo.opensource.cybertec.at/v1/postgresteam.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/listers/zalando.org/v1/expansion_generated.go b/pkg/generated/listers/zalando.org/v1/expansion_generated.go index ea9d331ff..201fa4ecf 100644 --- a/pkg/generated/listers/zalando.org/v1/expansion_generated.go +++ b/pkg/generated/listers/zalando.org/v1/expansion_generated.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/pkg/generated/listers/zalando.org/v1/fabriceventstream.go b/pkg/generated/listers/zalando.org/v1/fabriceventstream.go index 5d65d0aa6..3667f82b7 100644 --- a/pkg/generated/listers/zalando.org/v1/fabriceventstream.go +++ b/pkg/generated/listers/zalando.org/v1/fabriceventstream.go @@ -1,5 +1,5 @@ /* -Copyright 2024 Compose, Zalando SE +Copyright 2025 Compose, Zalando SE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From e2694fe895ed593a9c63b0c35fe7652f66d9a796 Mon Sep 17 00:00:00 2001 From: matthias Date: Wed, 26 Mar 2025 14:08:02 +0100 Subject: [PATCH 04/17] Implementation addMonitoringPermissions via own func in database.go. Added for create and update. old code commented out before it is removed. --- pkg/cluster/cluster.go | 69 +++++++++++++++++++++++------------------ pkg/cluster/database.go | 24 ++++++++++++++ 2 files changed, 63 insertions(+), 30 deletions(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 9a027a164..5aa69881c 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -127,9 +127,9 @@ func New(cfg Config, kubeClient k8sutil.KubernetesClient, pgSpec cpov1.Postgresq if !ok { passwordEncryption = "scram-sha-256" } - if pgSpec.Spec.Monitoring != nil { - pgSpec.AddMonitoringUser(monitorUsername) - } + // if pgSpec.Spec.Monitoring != nil { + // pgSpec.AddMonitoringUser(monitorUsername) + // } cluster := &Cluster{ Config: cfg, Postgresql: pgSpec, @@ -352,12 +352,12 @@ func (c *Cluster) Create() (err error) { } c.logger.Info("a TDE secret was successfully created") } - if c.Postgresql.Spec.Monitoring != nil { - if err := c.createMonitoringSecret(); err != nil { - return fmt.Errorf("could not create the monitoring secret: %v", err) - } - c.logger.Info("a monitoring secret was successfully created") - } + // if c.Postgresql.Spec.Monitoring != nil { + // if err := c.createMonitoringSecret(); err != nil { + // return fmt.Errorf("could not create the monitoring secret: %v", err) + // } + // c.logger.Info("a monitoring secret was successfully created") + // } if specHasPgbackrestClone(&c.Postgresql.Spec) { if err := c.createPgbackrestCloneConfig(); err != nil { @@ -433,29 +433,33 @@ func (c *Cluster) Create() (err error) { // something fails, report warning c.createConnectionPooler(c.installLookupFunction) - //Setup cpo monitoring related sql statements - if c.Spec.Monitoring != nil { - c.logger.Info("setting up CPO monitoring") - - // Open a new connection to the postgres db tp setup monitoring struc and permissions - if err := c.initDbConnWithName("postgres"); err != nil { - return fmt.Errorf("could not init database connection") - } - defer func() { - if c.connectionIsClosed() { - return - } - - if err := c.closeDbConn(); err != nil { - c.logger.Errorf("could not close database connection: %v", err) - } - }() - _, err := c.pgDb.Exec(CPOmonitoring) - if err != nil { - return fmt.Errorf("CPO monitoring could not be setup: %v", err) - } + if c.Spec.Monitoring != nil { #Hinzufügen und in database.go die function von pooler nachbauen und dann den unteren teil (alt) komplett entfernen + c.addMonitoringPermissions() } + //Setup cpo monitoring related sql statements + // if c.Spec.Monitoring != nil { + // c.logger.Info("setting up CPO monitoring") + + // // Open a new connection to the postgres db tp setup monitoring struc and permissions + // if err := c.initDbConnWithName("postgres"); err != nil { + // return fmt.Errorf("could not init database connection") + // } + // defer func() { + // if c.connectionIsClosed() { + // return + // } + + // if err := c.closeDbConn(); err != nil { + // c.logger.Errorf("could not close database connection: %v", err) + // } + // }() + // _, err := c.pgDb.Exec(CPOmonitoring) + // if err != nil { + // return fmt.Errorf("CPO monitoring could not be setup: %v", err) + // } + // } + // remember slots to detect deletion from manifest for slotName, desiredSlot := range c.Spec.Patroni.Slots { c.replicationSlots[slotName] = desiredSlot @@ -1199,6 +1203,11 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error { updateFailed = true } + // Check if we need to call addMonitoringPermissions-func + if c.Spec.Monitoring != nil && needMonitoring){ + c.addMonitoringPermissions() + } + // streams if len(newSpec.Spec.Streams) > 0 { if err := c.syncStreams(); err != nil { diff --git a/pkg/cluster/database.go b/pkg/cluster/database.go index 9af97462a..8121de4be 100644 --- a/pkg/cluster/database.go +++ b/pkg/cluster/database.go @@ -838,3 +838,27 @@ func (c *Cluster) installLookupFunction(poolerSchema, poolerUser string) error { return nil } + +// Creates the needes structure and grant needed permissions for the Monitoring +func (c *Cluster) addMonitoringPermissions() error { + c.logger.Info("setting up CPO monitoring") + + // Open a new connection to the postgres db tp setup monitoring struc and permissions + if err := c.initDbConnWithName("postgres"); err != nil { + return fmt.Errorf("could not init database connection") + } + defer func() { + if c.connectionIsClosed() { + return + } + + if err := c.closeDbConn(); err != nil { + c.logger.Errorf("could not close database connection: %v", err) + } + }() + _, err := c.pgDb.Exec(cpoMonitoring) + if err != nil { + return fmt.Errorf("CPO monitoring could not be setup: %v", err) + } + return nil +} From ddba56a348804f375aeb6a6d1ab81f0b6fa66f4d Mon Sep 17 00:00:00 2001 From: matthias Date: Wed, 26 Mar 2025 14:09:17 +0100 Subject: [PATCH 05/17] CPOmonitoring renamed to cpoMonitoring (only commented out for now) --- pkg/cluster/database.go | 90 ++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/pkg/cluster/database.go b/pkg/cluster/database.go index 8121de4be..79ad4509c 100644 --- a/pkg/cluster/database.go +++ b/pkg/cluster/database.go @@ -89,51 +89,51 @@ const ( TO {{.pooler_user}}; GRANT USAGE ON SCHEMA {{.pooler_schema}} TO {{.pooler_user}}; ` - CPOmonitoring = ` - GRANT pg_monitor TO cpo_exporter; - GRANT SELECT ON TABLE pg_authid TO cpo_exporter; - - CREATE SCHEMA IF NOT EXISTS exporter; - ALTER SCHEMA exporter OWNER TO cpo_exporter; - CREATE EXTENSION IF NOT EXISTS pgnodemx with SCHEMA exporter; - alter extension pgnodemx UPDATE; - CREATE TABLE IF NOT EXISTS exporter.pgbackrestbackupinfo ( - data jsonb NOT NULL, - data_time timestamp with time zone DEFAULT now() NOT NULL - ) - WITH (autovacuum_analyze_scale_factor='0', autovacuum_vacuum_scale_factor='0', autovacuum_vacuum_threshold='2', autovacuum_analyze_threshold='2'); - ALTER TABLE exporter.pgbackrestbackupinfo OWNER TO cpo_exporter; - - GRANT pg_execute_server_program TO cpo_exporter; - - CREATE OR REPLACE FUNCTION exporter.update_pgbackrest_info() - RETURNS VOID AS $$ - DECLARE - last_entry_timestamp TIMESTAMP; - record_count INT; - BEGIN - SELECT COUNT(*) INTO record_count - FROM exporter.pgbackrestbackupinfo; - - IF record_count > 0 THEN - SELECT data_time INTO last_entry_timestamp - FROM exporter.pgbackrestbackupinfo - ORDER BY data_time DESC - LIMIT 1; - - IF last_entry_timestamp < NOW() - INTERVAL '5 minutes' THEN - DELETE FROM exporter.pgbackrestbackupinfo; - ELSE - RETURN; - END IF; - END IF; - - EXECUTE format( - 'COPY exporter.pgbackrestbackupinfo (data) FROM program ''pgbackrest info --output=json'' WITH (FORMAT text, DELIMITER ''|'')' - ); - END; - $$ LANGUAGE plpgsql; - ` + // CPOmonitoring = ` + // GRANT pg_monitor TO cpo_exporter; + // GRANT SELECT ON TABLE pg_authid TO cpo_exporter; + + // CREATE SCHEMA IF NOT EXISTS exporter; + // ALTER SCHEMA exporter OWNER TO cpo_exporter; + // CREATE EXTENSION IF NOT EXISTS pgnodemx with SCHEMA exporter; + // alter extension pgnodemx UPDATE; + // CREATE TABLE IF NOT EXISTS exporter.pgbackrestbackupinfo ( + // data jsonb NOT NULL, + // data_time timestamp with time zone DEFAULT now() NOT NULL + // ) + // WITH (autovacuum_analyze_scale_factor='0', autovacuum_vacuum_scale_factor='0', autovacuum_vacuum_threshold='2', autovacuum_analyze_threshold='2'); + // ALTER TABLE exporter.pgbackrestbackupinfo OWNER TO cpo_exporter; + + // GRANT pg_execute_server_program TO cpo_exporter; + + // CREATE OR REPLACE FUNCTION exporter.update_pgbackrest_info() + // RETURNS VOID AS $$ + // DECLARE + // last_entry_timestamp TIMESTAMP; + // record_count INT; + // BEGIN + // SELECT COUNT(*) INTO record_count + // FROM exporter.pgbackrestbackupinfo; + + // IF record_count > 0 THEN + // SELECT data_time INTO last_entry_timestamp + // FROM exporter.pgbackrestbackupinfo + // ORDER BY data_time DESC + // LIMIT 1; + + // IF last_entry_timestamp < NOW() - INTERVAL '5 minutes' THEN + // DELETE FROM exporter.pgbackrestbackupinfo; + // ELSE + // RETURN; + // END IF; + // END IF; + + // EXECUTE format( + // 'COPY exporter.pgbackrestbackupinfo (data) FROM program ''pgbackrest info --output=json'' WITH (FORMAT text, DELIMITER ''|'')' + // ); + // END; + // $$ LANGUAGE plpgsql; + // ` cpoMonitoring = ` GRANT pg_monitor TO cpo_exporter; GRANT SELECT ON TABLE pg_authid TO cpo_exporter; From 1d2f49d6a4abe5ea76bf0754683e634a82432d36 Mon Sep 17 00:00:00 2001 From: matthias Date: Wed, 26 Mar 2025 14:25:41 +0100 Subject: [PATCH 06/17] removed text and fix if --- pkg/cluster/cluster.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 5aa69881c..6c81cf2ab 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -433,7 +433,7 @@ func (c *Cluster) Create() (err error) { // something fails, report warning c.createConnectionPooler(c.installLookupFunction) - if c.Spec.Monitoring != nil { #Hinzufügen und in database.go die function von pooler nachbauen und dann den unteren teil (alt) komplett entfernen + if c.Spec.Monitoring != nil { c.addMonitoringPermissions() } @@ -1203,8 +1203,8 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error { updateFailed = true } - // Check if we need to call addMonitoringPermissions-func - if c.Spec.Monitoring != nil && needMonitoring){ + // Check if we need to call addMonitoringPermissions-func + if c.Spec.Monitoring != nil && newSpec.Spec.Monitoring != nil && oldSpec.Spec.Monitoring == nil { c.addMonitoringPermissions() } From ddc91753646e9deecae418ab3b3aa0cdc02296df Mon Sep 17 00:00:00 2001 From: matthias Date: Wed, 26 Mar 2025 14:30:14 +0100 Subject: [PATCH 07/17] fix RoleOrigin type RoleMonitoring --- pkg/spec/types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/spec/types.go b/pkg/spec/types.go index 2b48d2ed9..3d6973c7a 100644 --- a/pkg/spec/types.go +++ b/pkg/spec/types.go @@ -199,7 +199,7 @@ func (r RoleOrigin) String() string { return "bootstrapped role" case RoleOriginConnectionPooler: return "connection pooler role" - case RoleMonitor: + case RoleMonitoring: return "Monitoring role" default: panic(fmt.Sprintf("bogus role origin value %d", r)) From 475a770131bd5eadc907772affa635eaf3bc7f45 Mon Sep 17 00:00:00 2001 From: matthias Date: Wed, 26 Mar 2025 14:59:38 +0100 Subject: [PATCH 08/17] remove user creation (duplicate) --- pkg/cluster/cluster.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 6c81cf2ab..bf5fe05bc 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -962,8 +962,6 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error { if _, ok := newSpec.Spec.Users["cpo-exporter"]; ok { c.logger.Error("creating user of name cpo-exporter is not allowed as it is reserved for monitoring") updateFailed = true - } else if newSpec.Spec.Monitoring != nil { - newSpec.AddMonitoringUser(monitorUsername) } // Users From 82e7976c83ef2fc37c81ec0a61bd99080633f6a4 Mon Sep 17 00:00:00 2001 From: matthias Date: Wed, 26 Mar 2025 16:19:16 +0100 Subject: [PATCH 09/17] small fix for user-creation cpo_exporter --- pkg/cluster/cluster.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index bf5fe05bc..da91f907b 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -1455,8 +1455,7 @@ func (c *Cluster) initSystemUsers() error { // if the monitor object has been created, a monitoring user is required. if c.Spec.Monitoring != nil { - c.logger.Debugf("MONITOR: Create cpo_monitoring user") - connectionPoolerUser := spec.PgUser{ + MonitoringUser := spec.PgUser{ Origin: spec.RoleMonitoring, Name: constants.MonitoringUserKeyName, Namespace: c.Namespace, @@ -1465,7 +1464,7 @@ func (c *Cluster) initSystemUsers() error { } if _, exists := c.systemUsers[constants.MonitoringUserKeyName]; !exists { - c.systemUsers[constants.ConnectionPoolerUserKeyName] = connectionPoolerUser + c.systemUsers[constants.MonitoringUserKeyName] = MonitoringUser } } From a9b62913bd5168a47b92759defeb5921b9be5124 Mon Sep 17 00:00:00 2001 From: matthias Date: Thu, 27 Mar 2025 12:53:21 +0100 Subject: [PATCH 10/17] add sync rule and debug to cluster.go. also adding monitoring to test check --- pkg/cluster/cluster.go | 3 +++ pkg/cluster/cluster_test.go | 12 ++++++++---- pkg/cluster/sync.go | 7 +++++++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index da91f907b..5406bc441 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -1455,6 +1455,7 @@ func (c *Cluster) initSystemUsers() error { // if the monitor object has been created, a monitoring user is required. if c.Spec.Monitoring != nil { + MonitoringUser := spec.PgUser{ Origin: spec.RoleMonitoring, Name: constants.MonitoringUserKeyName, @@ -1462,6 +1463,8 @@ func (c *Cluster) initSystemUsers() error { Flags: []string{constants.RoleFlagLogin}, Password: util.RandomPassword(constants.PasswordLength), } + c.logger.Debugf("Create cpo_monitoring user with password: %s", + MonitoringUser.Password) if _, exists := c.systemUsers[constants.MonitoringUserKeyName]; !exists { c.systemUsers[constants.MonitoringUserKeyName] = MonitoringUser diff --git a/pkg/cluster/cluster_test.go b/pkg/cluster/cluster_test.go index afcbd393d..1f5f74c41 100644 --- a/pkg/cluster/cluster_test.go +++ b/pkg/cluster/cluster_test.go @@ -7,8 +7,6 @@ import ( "strings" "testing" - "github.com/sirupsen/logrus" - "github.com/stretchr/testify/assert" cpov1 "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/apis/cpo.opensource.cybertec.at/v1" fakecpov1 "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/generated/clientset/versioned/fake" "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/spec" @@ -17,6 +15,8 @@ import ( "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/constants" "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/k8sutil" "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/teams" + "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" @@ -944,16 +944,20 @@ func TestServiceAnnotations(t *testing.T) { } func TestInitSystemUsers(t *testing.T) { - // reset system users, pooler and stream section + // reset system users, pooler, monitoring and stream section cl.systemUsers = make(map[string]spec.PgUser) cl.Spec.EnableConnectionPooler = boolToPointer(false) + cl.Spec.Monitoring = nil cl.Spec.Streams = []cpov1.Stream{} - // default cluster without connection pooler and event streams + // default cluster without connection pooler, monitoring and event streams cl.initSystemUsers() if _, exist := cl.systemUsers[constants.ConnectionPoolerUserKeyName]; exist { t.Errorf("%s, connection pooler user is present", t.Name()) } + if _, exist := cl.systemUsers[constants.MonitoringUserKeyName]; exist { + t.Errorf("%s, Monitoring user is present", t.Name()) + } if _, exist := cl.systemUsers[constants.EventStreamUserKeyName]; exist { t.Errorf("%s, stream user is present", t.Name()) } diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index 084accfbc..2fa2d593e 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -1032,6 +1032,13 @@ func (c *Cluster) updateSecret( userMap = c.systemUsers } } + // use system user when Monitoring is enabled and Monitoring user is specfied in manifest + if _, exists := c.systemUsers[constants.MonitoringUserKeyName]; exists { + if secretUsername == c.systemUsers[constants.MonitoringUserKeyName].Name { + userKey = constants.MonitoringUserKeyName + userMap = c.systemUsers + } + } // use system user when streams are defined and fes_user is specfied in manifest if _, exists := c.systemUsers[constants.EventStreamUserKeyName]; exists { if secretUsername == c.systemUsers[constants.EventStreamUserKeyName].Name { From da9d2a6c9cb5215dda625c9d3b2fdd0f1ac0d348 Mon Sep 17 00:00:00 2001 From: matthias Date: Fri, 28 Mar 2025 13:59:05 +0100 Subject: [PATCH 11/17] cleanup --- pkg/cluster/cluster.go | 12 ------- pkg/cluster/database.go | 46 +----------------------- pkg/cluster/resources.go | 19 +++++----- pkg/cluster/sync.go | 77 ---------------------------------------- 4 files changed, 10 insertions(+), 144 deletions(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 5406bc441..1b10ce026 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -352,12 +352,6 @@ func (c *Cluster) Create() (err error) { } c.logger.Info("a TDE secret was successfully created") } - // if c.Postgresql.Spec.Monitoring != nil { - // if err := c.createMonitoringSecret(); err != nil { - // return fmt.Errorf("could not create the monitoring secret: %v", err) - // } - // c.logger.Info("a monitoring secret was successfully created") - // } if specHasPgbackrestClone(&c.Postgresql.Spec) { if err := c.createPgbackrestCloneConfig(); err != nil { @@ -1012,12 +1006,6 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error { syncStatefulSet = true } - //sync monitoring container - if !reflect.DeepEqual(oldSpec.Spec.Monitoring, newSpec.Spec.Monitoring) { - syncStatefulSet = true - c.syncMonitoringSecret(oldSpec, newSpec) - } - //sync sts when there is a change in the pgbackrest secret, since we need to mount this if newSpec.Spec.Backup != nil && oldSpec.Spec.Backup != nil && newSpec.Spec.Backup.Pgbackrest != nil && oldSpec.Spec.Backup.Pgbackrest != nil && diff --git a/pkg/cluster/database.go b/pkg/cluster/database.go index 79ad4509c..36c681755 100644 --- a/pkg/cluster/database.go +++ b/pkg/cluster/database.go @@ -89,51 +89,7 @@ const ( TO {{.pooler_user}}; GRANT USAGE ON SCHEMA {{.pooler_schema}} TO {{.pooler_user}}; ` - // CPOmonitoring = ` - // GRANT pg_monitor TO cpo_exporter; - // GRANT SELECT ON TABLE pg_authid TO cpo_exporter; - - // CREATE SCHEMA IF NOT EXISTS exporter; - // ALTER SCHEMA exporter OWNER TO cpo_exporter; - // CREATE EXTENSION IF NOT EXISTS pgnodemx with SCHEMA exporter; - // alter extension pgnodemx UPDATE; - // CREATE TABLE IF NOT EXISTS exporter.pgbackrestbackupinfo ( - // data jsonb NOT NULL, - // data_time timestamp with time zone DEFAULT now() NOT NULL - // ) - // WITH (autovacuum_analyze_scale_factor='0', autovacuum_vacuum_scale_factor='0', autovacuum_vacuum_threshold='2', autovacuum_analyze_threshold='2'); - // ALTER TABLE exporter.pgbackrestbackupinfo OWNER TO cpo_exporter; - - // GRANT pg_execute_server_program TO cpo_exporter; - - // CREATE OR REPLACE FUNCTION exporter.update_pgbackrest_info() - // RETURNS VOID AS $$ - // DECLARE - // last_entry_timestamp TIMESTAMP; - // record_count INT; - // BEGIN - // SELECT COUNT(*) INTO record_count - // FROM exporter.pgbackrestbackupinfo; - - // IF record_count > 0 THEN - // SELECT data_time INTO last_entry_timestamp - // FROM exporter.pgbackrestbackupinfo - // ORDER BY data_time DESC - // LIMIT 1; - - // IF last_entry_timestamp < NOW() - INTERVAL '5 minutes' THEN - // DELETE FROM exporter.pgbackrestbackupinfo; - // ELSE - // RETURN; - // END IF; - // END IF; - - // EXECUTE format( - // 'COPY exporter.pgbackrestbackupinfo (data) FROM program ''pgbackrest info --output=json'' WITH (FORMAT text, DELIMITER ''|'')' - // ); - // END; - // $$ LANGUAGE plpgsql; - // ` + cpoMonitoring = ` GRANT pg_monitor TO cpo_exporter; GRANT SELECT ON TABLE pg_authid TO cpo_exporter; diff --git a/pkg/cluster/resources.go b/pkg/cluster/resources.go index b40e35daa..89a6f2fc4 100644 --- a/pkg/cluster/resources.go +++ b/pkg/cluster/resources.go @@ -15,7 +15,6 @@ import ( cpov1 "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/apis/cpo.opensource.cybertec.at/v1" "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util" - "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/constants" "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/k8sutil" "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/retryutil" ) @@ -96,15 +95,15 @@ func (c *Cluster) createStatefulSet() (*appsv1.StatefulSet, error) { } c.Spec.Sidecars = append(c.Spec.Sidecars, *sidecar) //populate the sidecar spec so that the sidecar is automatically created - //Add monitoring user - flg := cpov1.UserFlags{constants.RoleFlagLogin} - if c.Spec.Users != nil { - c.Spec.Users[monitorUsername] = flg - } else { - users := make(map[string]cpov1.UserFlags) - c.Spec.Users = users - c.Spec.Users[monitorUsername] = flg - } + // //Add monitoring user + // flg := cpov1.UserFlags{constants.RoleFlagLogin} + // if c.Spec.Users != nil { + // c.Spec.Users[monitorUsername] = flg + // } else { + // users := make(map[string]cpov1.UserFlags) + // c.Spec.Users = users + // c.Spec.Users[monitorUsername] = flg + // } } statefulSetSpec, err := c.generateStatefulSet(&c.Spec) diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index 2fa2d593e..a12117d97 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -192,11 +192,6 @@ func (c *Cluster) Sync(newSpec *cpov1.Postgresql) error { return fmt.Errorf("error refreshing restore configmap: %v", err) } - // sync monitoring - if err = c.syncMonitoringSecret(&oldSpec, newSpec); err != nil { - return fmt.Errorf("could not sync monitoring: %v", err) - } - if err = c.initUsers(); err != nil { err = fmt.Errorf("could not init users: %v", err) return err @@ -1689,37 +1684,6 @@ func (c *Cluster) createTDESecret() error { return nil } -func (c *Cluster) createMonitoringSecret() error { - c.logger.Info("creating Monitoring secret") - c.setProcessName("creating Monitoring secret") - generatedKey := make([]byte, 16) - rand.Read(generatedKey) - - generatedSecret := v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: c.getMonitoringSecretName(), - Namespace: c.Namespace, - Labels: c.labelsSet(true), - }, - Type: v1.SecretTypeOpaque, - Data: map[string][]byte{ - "username": []byte(monitorUsername), - "password": []byte(fmt.Sprintf("%x", generatedKey)), - }, - } - secret, err := c.KubeClient.Secrets(generatedSecret.Namespace).Create(context.TODO(), &generatedSecret, metav1.CreateOptions{}) - if err == nil { - c.Secrets[secret.UID] = secret - c.logger.Debugf("created new secret %s, namespace: %s, uid: %s", util.NameFromMeta(secret.ObjectMeta), generatedSecret.Namespace, secret.UID) - } else { - if !k8sutil.ResourceAlreadyExists(err) { - return fmt.Errorf("could not create secret for Monitoring %s: in namespace %s: %v", util.NameFromMeta(secret.ObjectMeta), generatedSecret.Namespace, err) - } - } - - return nil -} - // delete monitoring secret func (c *Cluster) deleteMonitoringSecret() (err error) { // Repeat the same for the secret object @@ -1739,47 +1703,6 @@ func (c *Cluster) deleteMonitoringSecret() (err error) { return nil } -// Sync monitoring -// In case of monitoring is added/deleted, we need to -// 1. Update sts to in/exclude the exporter contianer -// 2. Add/Delete the respective user -// 3. Add/Delete the respective secret -func (c *Cluster) syncMonitoringSecret(oldSpec, newSpec *cpov1.Postgresql) error { - c.logger.Info("syncing Monitoring secret") - c.setProcessName("syncing Monitoring secret") - - if newSpec.Spec.Monitoring != nil && oldSpec.Spec.Monitoring == nil { - // Create monitoring secret - if err := c.createMonitoringSecret(); err != nil { - return fmt.Errorf("could not create the monitoring secret: %v", err) - } else { - flags := []string{constants.RoleFlagLogin} - monitorUser := map[string]spec.PgUser{ - monitorUsername: { - Origin: spec.RoleOriginInfrastructure, - Name: monitorUsername, - Namespace: c.Namespace, - Flags: flags, - }, - } - c.pgUsers[monitorUsername] = monitorUser[monitorUsername] - } - c.logger.Info("monitoring secret was successfully created") - } else if newSpec.Spec.Monitoring == nil && oldSpec.Spec.Monitoring != nil { - // Delete the monitoring secret - if err := c.deleteMonitoringSecret(); err != nil { - return fmt.Errorf("could not delete the monitoring secret: %v", err) - } else { - // Delete the monitoring user - monitorUser := c.pgUsers[monitorUsername] - monitorUser.Deleted = true - c.pgUsers[monitorUsername] = monitorUser - } - c.logger.Info("monitoring secret was successfully deleted") - } - return nil -} - func generateRootCertificate( privateKey *ecdsa.PrivateKey, serialNumber *big.Int, ) (*x509.Certificate, error) { From 300c73f3a4617515b9968190e9621a466dd9e5f7 Mon Sep 17 00:00:00 2001 From: matthias Date: Fri, 28 Mar 2025 13:59:58 +0100 Subject: [PATCH 12/17] remove unneeded secret delete func for monioring user --- pkg/cluster/sync.go | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index a12117d97..0e6db0bce 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -1684,25 +1684,6 @@ func (c *Cluster) createTDESecret() error { return nil } -// delete monitoring secret -func (c *Cluster) deleteMonitoringSecret() (err error) { - // Repeat the same for the secret object - secretName := c.getMonitoringSecretName() - - secret, err := c.KubeClient. - Secrets(c.Namespace). - Get(context.TODO(), secretName, metav1.GetOptions{}) - - if err != nil { - c.logger.Debugf("could not get monitoring secret %s: %v", secretName, err) - } else { - if err = c.deleteSecret(secret.UID, *secret); err != nil { - return fmt.Errorf("could not delete monitoring secret: %v", err) - } - } - return nil -} - func generateRootCertificate( privateKey *ecdsa.PrivateKey, serialNumber *big.Int, ) (*x509.Certificate, error) { From a4186fdb80bb9c8b72f91992c1cbcd1a88624390 Mon Sep 17 00:00:00 2001 From: matthias Date: Fri, 28 Mar 2025 14:12:26 +0100 Subject: [PATCH 13/17] more cleanup --- .../cpo.opensource.cybertec.at/v1/util.go | 8 ------ pkg/cluster/cluster.go | 27 +------------------ pkg/cluster/resources.go | 10 ------- 3 files changed, 1 insertion(+), 44 deletions(-) diff --git a/pkg/apis/cpo.opensource.cybertec.at/v1/util.go b/pkg/apis/cpo.opensource.cybertec.at/v1/util.go index 89f65baad..1de09f19d 100644 --- a/pkg/apis/cpo.opensource.cybertec.at/v1/util.go +++ b/pkg/apis/cpo.opensource.cybertec.at/v1/util.go @@ -2,7 +2,6 @@ package v1 import ( "fmt" - "github.com/cybertec-postgresql/cybertec-pg-operator/pkg/util/constants" "regexp" "strings" "time" @@ -121,10 +120,3 @@ func (b *Backup) GetRestoreID() string { } return b.Pgbackrest.Restore.ID } - -func (p *Postgresql) AddMonitoringUser(monitorUsername string) { - if p.Spec.Users == nil { - p.Spec.Users = make(map[string]UserFlags) - } - p.Spec.Users[monitorUsername] = UserFlags{constants.RoleFlagLogin} -} diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 1b10ce026..1c1bfc8ce 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -127,9 +127,7 @@ func New(cfg Config, kubeClient k8sutil.KubernetesClient, pgSpec cpov1.Postgresq if !ok { passwordEncryption = "scram-sha-256" } - // if pgSpec.Spec.Monitoring != nil { - // pgSpec.AddMonitoringUser(monitorUsername) - // } + cluster := &Cluster{ Config: cfg, Postgresql: pgSpec, @@ -431,29 +429,6 @@ func (c *Cluster) Create() (err error) { c.addMonitoringPermissions() } - //Setup cpo monitoring related sql statements - // if c.Spec.Monitoring != nil { - // c.logger.Info("setting up CPO monitoring") - - // // Open a new connection to the postgres db tp setup monitoring struc and permissions - // if err := c.initDbConnWithName("postgres"); err != nil { - // return fmt.Errorf("could not init database connection") - // } - // defer func() { - // if c.connectionIsClosed() { - // return - // } - - // if err := c.closeDbConn(); err != nil { - // c.logger.Errorf("could not close database connection: %v", err) - // } - // }() - // _, err := c.pgDb.Exec(CPOmonitoring) - // if err != nil { - // return fmt.Errorf("CPO monitoring could not be setup: %v", err) - // } - // } - // remember slots to detect deletion from manifest for slotName, desiredSlot := range c.Spec.Patroni.Slots { c.replicationSlots[slotName] = desiredSlot diff --git a/pkg/cluster/resources.go b/pkg/cluster/resources.go index 89a6f2fc4..9a3361217 100644 --- a/pkg/cluster/resources.go +++ b/pkg/cluster/resources.go @@ -94,16 +94,6 @@ func (c *Cluster) createStatefulSet() (*appsv1.StatefulSet, error) { Env: c.generateMonitoringEnvVars(), } c.Spec.Sidecars = append(c.Spec.Sidecars, *sidecar) //populate the sidecar spec so that the sidecar is automatically created - - // //Add monitoring user - // flg := cpov1.UserFlags{constants.RoleFlagLogin} - // if c.Spec.Users != nil { - // c.Spec.Users[monitorUsername] = flg - // } else { - // users := make(map[string]cpov1.UserFlags) - // c.Spec.Users = users - // c.Spec.Users[monitorUsername] = flg - // } } statefulSetSpec, err := c.generateStatefulSet(&c.Spec) From 230e55356e82b2a9c1654aa597b09ae7c7358845 Mon Sep 17 00:00:00 2001 From: matthias Date: Fri, 28 Mar 2025 14:34:25 +0100 Subject: [PATCH 14/17] add delete monitoring secret again --- pkg/cluster/sync.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index 0e6db0bce..a12117d97 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -1684,6 +1684,25 @@ func (c *Cluster) createTDESecret() error { return nil } +// delete monitoring secret +func (c *Cluster) deleteMonitoringSecret() (err error) { + // Repeat the same for the secret object + secretName := c.getMonitoringSecretName() + + secret, err := c.KubeClient. + Secrets(c.Namespace). + Get(context.TODO(), secretName, metav1.GetOptions{}) + + if err != nil { + c.logger.Debugf("could not get monitoring secret %s: %v", secretName, err) + } else { + if err = c.deleteSecret(secret.UID, *secret); err != nil { + return fmt.Errorf("could not delete monitoring secret: %v", err) + } + } + return nil +} + func generateRootCertificate( privateKey *ecdsa.PrivateKey, serialNumber *big.Int, ) (*x509.Certificate, error) { From ccf267db939f17047029fe59d93ba78098a7716a Mon Sep 17 00:00:00 2001 From: matthias Date: Fri, 28 Mar 2025 14:44:31 +0100 Subject: [PATCH 15/17] add check if monitoring secret needs to be deleted --- pkg/cluster/cluster.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 1c1bfc8ce..067b9be96 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -1168,6 +1168,12 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error { if c.Spec.Monitoring != nil && newSpec.Spec.Monitoring != nil && oldSpec.Spec.Monitoring == nil { c.addMonitoringPermissions() } + // Check if Monitoring-Secret needs to be removed + if c.Spec.Monitoring != nil && newSpec.Spec.Monitoring == nil && oldSpec.Spec.Monitoring != nil { + if err := c.deleteMonitoringSecret(); err != nil { + return fmt.Errorf("could not remove the Monitoring secret: %v", err) + } + } // streams if len(newSpec.Spec.Streams) > 0 { From f80b9e625aa180f5651bc82a94be132b543335cf Mon Sep 17 00:00:00 2001 From: matthias Date: Fri, 28 Mar 2025 14:45:48 +0100 Subject: [PATCH 16/17] add check if monitoring secret needs to be deleted --- pkg/cluster/cluster.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index 067b9be96..a3f684919 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -1169,7 +1169,7 @@ func (c *Cluster) Update(oldSpec, newSpec *cpov1.Postgresql) error { c.addMonitoringPermissions() } // Check if Monitoring-Secret needs to be removed - if c.Spec.Monitoring != nil && newSpec.Spec.Monitoring == nil && oldSpec.Spec.Monitoring != nil { + if newSpec.Spec.Monitoring == nil && oldSpec.Spec.Monitoring != nil { if err := c.deleteMonitoringSecret(); err != nil { return fmt.Errorf("could not remove the Monitoring secret: %v", err) } From 65d272c40b442282315967d75bc068bc206987c6 Mon Sep 17 00:00:00 2001 From: matthias Date: Tue, 1 Apr 2025 15:11:51 +0200 Subject: [PATCH 17/17] Remove DEBUG-Output --- pkg/cluster/cluster.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go index a3f684919..f97611a1d 100644 --- a/pkg/cluster/cluster.go +++ b/pkg/cluster/cluster.go @@ -1432,8 +1432,6 @@ func (c *Cluster) initSystemUsers() error { Flags: []string{constants.RoleFlagLogin}, Password: util.RandomPassword(constants.PasswordLength), } - c.logger.Debugf("Create cpo_monitoring user with password: %s", - MonitoringUser.Password) if _, exists := c.systemUsers[constants.MonitoringUserKeyName]; !exists { c.systemUsers[constants.MonitoringUserKeyName] = MonitoringUser