From aad0f0c00a37100f9a9a6d7fc9ea252d5dddf099 Mon Sep 17 00:00:00 2001 From: jmckulk Date: Thu, 10 Oct 2024 16:48:51 -0400 Subject: [PATCH 1/3] Update pgAdmin example - add user management to pgAdmin example - Deploy with `internal` only auth by default --- kustomize/pgadmin/kustomization.yaml | 8 ++++++ kustomize/pgadmin/pgadmin.yaml | 43 ++++++++++++++++------------ 2 files changed, 33 insertions(+), 18 deletions(-) diff --git a/kustomize/pgadmin/kustomization.yaml b/kustomize/pgadmin/kustomization.yaml index d0724ecd..629978c1 100644 --- a/kustomize/pgadmin/kustomization.yaml +++ b/kustomize/pgadmin/kustomization.yaml @@ -6,3 +6,11 @@ namespace: postgres-operator resources: - pgadmin.yaml +secretGenerator: +- name: pgadmin-password-secret + literals: + - rhino-password=pgadmin + type: Opaque + +generatorOptions: + disableNameSuffixHash: true diff --git a/kustomize/pgadmin/pgadmin.yaml b/kustomize/pgadmin/pgadmin.yaml index 27f0a4b1..4357c4f2 100644 --- a/kustomize/pgadmin/pgadmin.yaml +++ b/kustomize/pgadmin/pgadmin.yaml @@ -2,8 +2,13 @@ apiVersion: postgres-operator.crunchydata.com/v1beta1 kind: PGAdmin metadata: name: rhino - namespace: postgres-operator spec: + users: + - username: rhino@example.com + role: Administrator + passwordRef: + name: pgadmin-password-secret + key: rhino-password dataVolumeClaimSpec: accessModes: - "ReadWriteOnce" @@ -16,20 +21,22 @@ spec: postgresClusterSelector: {} config: settings: - AUTHENTICATION_SOURCES: ['oauth2', 'internal'] - OAUTH2_CONFIG: - - OAUTH2_NAME: "google" - OAUTH2_DISPLAY_NAME: "Google" - OAUTH2_CLIENT_ID: "XXXXXXX" - OAUTH2_CLIENT_SECRET: "XXXXXXX" - OAUTH2_TOKEN_URL: "https://oauth2.googleapis.com/token" - OAUTH2_AUTHORIZATION_URL: "https://accounts.google.com/o/oauth2/auth" - OAUTH2_API_BASE_URL: "https://openidconnect.googleapis.com/v1/" - OAUTH2_SERVER_METADATA_URL: "https://accounts.google.com/.well-known/openid-configuration" - OAUTH2_SCOPE: "openid email profile" - OAUTH2_USERINFO_ENDPOINT: "userinfo" - OAUTH2_SSL_CERT_VERIFICATION: "False" # for testing purposes - OAUTH2_BUTTON_COLOR: "red" - OAUTH2_AUTO_CREATE_USER : "True" - DEBUG: "True" # for testing purposes - SERVER_MODE: "True" + AUTHENTICATION_SOURCES: ['internal'] + # Uncomment DEBUG to enable debug logging in pgAdmin + # DEBUG: "True" + # Configure OAUTH by setting the following *AND* adding + # `oauth` to AUTHENTICATION_SOURCES + #OAUTH2_CONFIG: + # - OAUTH2_NAME: "google" + # OAUTH2_DISPLAY_NAME: "Google" + # OAUTH2_CLIENT_ID: "XXXXXXX" + # OAUTH2_CLIENT_SECRET: "XXXXXXX" + # OAUTH2_TOKEN_URL: "https://oauth2.googleapis.com/token" + # OAUTH2_AUTHORIZATION_URL: "https://accounts.google.com/o/oauth2/auth" + # OAUTH2_API_BASE_URL: "https://openidconnect.googleapis.com/v1/" + # OAUTH2_SERVER_METADATA_URL: "https://accounts.google.com/.well-known/openid-configuration" + # OAUTH2_SCOPE: "openid email profile" + # OAUTH2_USERINFO_ENDPOINT: "userinfo" + # OAUTH2_SSL_CERT_VERIFICATION: "False" # for testing purposes + # OAUTH2_BUTTON_COLOR: "red" + #OAUTH2_AUTO_CREATE_USER : "True" From c9e6eda56c74b1c15f9cc77e2bc63c9a89de8b63 Mon Sep 17 00:00:00 2001 From: jmckulk Date: Thu, 10 Oct 2024 16:51:42 -0400 Subject: [PATCH 2/3] Define use in postgres example --- kustomize/postgres/postgres.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kustomize/postgres/postgres.yaml b/kustomize/postgres/postgres.yaml index 434b0e11..5f9bc67a 100644 --- a/kustomize/postgres/postgres.yaml +++ b/kustomize/postgres/postgres.yaml @@ -5,6 +5,10 @@ metadata: spec: image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 + users: + - name: rhino + databases: + - zoo instances: - name: instance1 dataVolumeClaimSpec: From 5af571086404a76a1f53ca39bc740fdd7629fa06 Mon Sep 17 00:00:00 2001 From: jmckulk Date: Thu, 10 Oct 2024 16:53:04 -0400 Subject: [PATCH 3/3] Remove Images from examples - Images are defined in the operator deployment as RELATED_IMAGES. We don't need to define them in two places. - Leave a commented image field in the postgres example --- kustomize/azure/postgres.yaml | 2 -- kustomize/certmanager/postgres/postgres.yaml | 2 -- kustomize/gcs/postgres.yaml | 2 -- kustomize/high-availability/ha-postgres.yaml | 3 --- kustomize/keycloak/postgres.yaml | 2 -- kustomize/multi-backup-repo/postgres.yaml | 2 -- kustomize/postgres/postgres.yaml | 2 -- kustomize/s3/postgres.yaml | 2 -- 8 files changed, 17 deletions(-) diff --git a/kustomize/azure/postgres.yaml b/kustomize/azure/postgres.yaml index 4fdd9868..c43e4723 100644 --- a/kustomize/azure/postgres.yaml +++ b/kustomize/azure/postgres.yaml @@ -3,7 +3,6 @@ kind: PostgresCluster metadata: name: hippo-azure spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 instances: - dataVolumeClaimSpec: @@ -14,7 +13,6 @@ spec: storage: 1Gi backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1 configuration: - secret: name: pgo-azure-creds diff --git a/kustomize/certmanager/postgres/postgres.yaml b/kustomize/certmanager/postgres/postgres.yaml index 2f335e9c..0db76082 100644 --- a/kustomize/certmanager/postgres/postgres.yaml +++ b/kustomize/certmanager/postgres/postgres.yaml @@ -3,7 +3,6 @@ kind: PostgresCluster metadata: name: hippo spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 customReplicationTLSSecret: name: hippo-repl-tls @@ -19,7 +18,6 @@ spec: storage: 1Gi backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1 repos: - name: repo1 volume: diff --git a/kustomize/gcs/postgres.yaml b/kustomize/gcs/postgres.yaml index df76c0e3..fa46e8d2 100644 --- a/kustomize/gcs/postgres.yaml +++ b/kustomize/gcs/postgres.yaml @@ -3,7 +3,6 @@ kind: PostgresCluster metadata: name: hippo-gcs spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 instances: - dataVolumeClaimSpec: @@ -14,7 +13,6 @@ spec: storage: 1Gi backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1 configuration: - secret: name: pgo-gcs-creds diff --git a/kustomize/high-availability/ha-postgres.yaml b/kustomize/high-availability/ha-postgres.yaml index 857bd9b7..db69d156 100644 --- a/kustomize/high-availability/ha-postgres.yaml +++ b/kustomize/high-availability/ha-postgres.yaml @@ -3,7 +3,6 @@ kind: PostgresCluster metadata: name: hippo-ha spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 instances: - name: pgha1 @@ -26,7 +25,6 @@ spec: postgres-operator.crunchydata.com/instance-set: pgha1 backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1 repos: - name: repo1 volume: @@ -38,7 +36,6 @@ spec: storage: 1Gi proxy: pgBouncer: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.22-1 replicas: 2 affinity: podAntiAffinity: diff --git a/kustomize/keycloak/postgres.yaml b/kustomize/keycloak/postgres.yaml index 41a443c7..221ecde2 100644 --- a/kustomize/keycloak/postgres.yaml +++ b/kustomize/keycloak/postgres.yaml @@ -3,7 +3,6 @@ kind: PostgresCluster metadata: name: keycloakdb spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 instances: - replicas: 2 @@ -25,7 +24,6 @@ spec: postgres-operator.crunchydata.com/instance-set: "00" backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1 repos: - name: repo1 volume: diff --git a/kustomize/multi-backup-repo/postgres.yaml b/kustomize/multi-backup-repo/postgres.yaml index c1ddfa1e..d78f7dd6 100644 --- a/kustomize/multi-backup-repo/postgres.yaml +++ b/kustomize/multi-backup-repo/postgres.yaml @@ -3,7 +3,6 @@ kind: PostgresCluster metadata: name: hippo-multi-repo spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 instances: - dataVolumeClaimSpec: @@ -14,7 +13,6 @@ spec: storage: 1Gi backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1 configuration: - secret: name: pgo-multi-repo-creds diff --git a/kustomize/postgres/postgres.yaml b/kustomize/postgres/postgres.yaml index 5f9bc67a..91186b13 100644 --- a/kustomize/postgres/postgres.yaml +++ b/kustomize/postgres/postgres.yaml @@ -3,7 +3,6 @@ kind: PostgresCluster metadata: name: hippo spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 users: - name: rhino @@ -19,7 +18,6 @@ spec: storage: 1Gi backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1 repos: - name: repo1 volume: diff --git a/kustomize/s3/postgres.yaml b/kustomize/s3/postgres.yaml index 63b4d5f9..233e1352 100644 --- a/kustomize/s3/postgres.yaml +++ b/kustomize/s3/postgres.yaml @@ -3,7 +3,6 @@ kind: PostgresCluster metadata: name: hippo-s3 spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.3-1 postgresVersion: 16 instances: - dataVolumeClaimSpec: @@ -14,7 +13,6 @@ spec: storage: 1Gi backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.51-1 configuration: - secret: name: pgo-s3-creds