internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add postgres init container to resolve permissions for some k3s deployments (#1805)

Browse Source 
Add postgres init container if
postgres_data_volume_init is true

This is aimed to solve the issue where users may
need to chmod or chown the postgres
data volume for user 26, which is the user
that is running postgres in the sclorg image.

For example, one can now set the follow on the AWX spec:
spec:
  postgres_init_container_commands: |
    chown 26:0 /var/lib/pgsql/data
    chmod 700 /var/lib/pgsql/data

Deprecate postgres_init_container_resource_requirements param in favor
of postgres_resource_requirements param.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: craph <14820052+craph@users.noreply.github.com>
Co-authored-by: kurokobo <kuro664@gmail.com>
Co-authored-by: Christian M. Adams <chadams@redhat.com>
This commit is contained in:
Christian Adams
2024-04-03 10:19:57 -07:00
committed by GitHub
parent fcbf394272
commit a5211fe511
8 changed files with 84 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
config/crd/bases/awx.ansible.com_awxs.yaml
View File

@@ -1460,7 +1460,7 @@ spec:
type: object
type: object
postgres_init_container_resource_requirements:
description: Resource requirements for the postgres init container
description: (Deprecated, use postgres_resource_requirements parameter) Resource requirements for the postgres init container
properties:
requests:
properties:
@@ -1811,6 +1811,12 @@ spec:
type: array
items:
type: string
postgres_data_volume_init:
description: Sets permissions on the /var/lib/pgdata/data for postgres container using an init container (not Openshift)
type: boolean
postgres_init_container_commands:
description: Customize the postgres init container commands (Non Openshift)
type: string
postgres_extra_volumes:
description: Specify extra volumes to add to the application pod
type: string

15
config/manifests/bases/awx-operator.clusterserviceversion.yaml
View File

@@ -456,12 +456,21 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: The PostgreSQL init container is not used when an external DB
is configured
- description: Sets permissions on the /var/lib/pgsql/data for postgres container using an init container (not Openshift)
displayName: PostgreSQL initialize data volume
path: postgres_data_volume_init
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Customize the postgres init container commands (Non Openshift)
displayName: PostgreSQL Init Container Commands
path: postgres_init_container_commands
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: (Deprecated, use postgres_resource_requirements parameter instead)
displayName: PostgreSQL Init Container Resource Requirements
path: postgres_init_container_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Redis Container Resource Requirements
path: redis_resource_requirements

7
config/samples/awx_v1beta1_awx_resource_limits.yaml
View File

@@ -46,10 +46,3 @@ spec:
limits:
cpu: 1000m
memory: 2Gi
postgres_init_container_resource_requirements:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 1000m
memory: 2Gi

26
docs/user-guide/advanced-configuration/containers-resource-requirements.md
View File

@@ -22,16 +22,15 @@ spec:
The resource requirements for both, the task and the web containers are configurable - both the lower end (requests) and the upper end (limits).
| Name | Description | Default |
| -------------------------- | ------------------------------------------------ | ------------------------------------ |
| web_resource_requirements | Web container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| task_resource_requirements | Task container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| ee_resource_requirements | EE control plane container resource requirements | requests: {cpu: 50m, memory: 64Mi} |
| redis_resource_requirements | Redis container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| postgres_resource_requirements | Postgres container resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| rsyslog_resource_requirements | Rsyslog container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| init_container_resource_requirements | Init Container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| postgres_init_container_resource_requirements | Postgres Init Container resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| Name | Description | Default |
| ------------------------------------ | ------------------------------------------------------------ | ------------------------------------ |
| web_resource_requirements | Web container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| task_resource_requirements | Task container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| ee_resource_requirements | EE control plane container resource requirements | requests: {cpu: 50m, memory: 64Mi} |
| redis_resource_requirements | Redis container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| postgres_resource_requirements | Postgres container (and initContainer) resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| rsyslog_resource_requirements | Rsyslog container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| init_container_resource_requirements | Init Container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
Example of customization could be:
@@ -85,13 +84,6 @@ spec:
limits:
cpu: 1000m
memory: 2Gi
postgres_init_container_resource_requirements:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 1000m
memory: 2Gi
```

36
docs/user-guide/database-configuration.md
View File

@@ -56,15 +56,14 @@ If you don't have access to an external PostgreSQL service, the AWX operator can
The following variables are customizable for the managed PostgreSQL service
| Name | Description | Default |
| --------------------------------------------- | --------------------------------------------- | --------------------------------------- |
| postgres_image | Path of the image to pull | quay.io/sclorg/postgresql-15-c9s |
| postgres_image_version | Image version to pull | latest |
| postgres_init_container_resource_requirements | Database init container resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| postgres_resource_requirements | PostgreSQL container resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} |
| postgres_storage_class | PostgreSQL PV storage class | Empty string |
| postgres_priority_class | Priority class used for PostgreSQL pod | Empty string |
| Name | Description | Default |
| --------------------------------------------- | --------------------------------------------------------------- | --------------------------------------- |
| postgres_image | Path of the image to pull | quay.io/sclorg/postgresql-15-c9s |
| postgres_image_version | Image version to pull | latest |
| postgres_resource_requirements | PostgreSQL container (and initContainer) resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} |
| postgres_storage_class | PostgreSQL PV storage class | Empty string |
| postgres_priority_class | Priority class used for PostgreSQL pod | Empty string |
Example of customization could be:
@@ -99,3 +98,22 @@ We recommend you use the default image sclorg image. If you are coming from a de
You can no longer configure a custom `postgres_data_path` because it is hardcoded in the quay.io/sclorg/postgresql-15-c9s image.
If you override the postgres image to use a custom postgres image like postgres:15 for example, the default data directory path may be different. These images cannot be used interchangeably.
#### Initialize Postgres data volume
When using a hostPath backed PVC and some other storage classes like longhorn storagfe, the postgres data directory needs to be accessible by the user in the postgres pod (UID 26).
To initialize this directory with the correct permissions, configure the following setting, which will use an init container to set the permissions in the postgres volume.
```yaml
spec:
postgres_data_volume_init: true
```
Should you need to modify the init container commands, there is an example below.
```yaml
postgres_init_container_commands: |
chown 26:0 /var/lib/pgsql/data
chmod 700 /var/lib/pgsql/data
```

3
molecule/default/templates/awx_cr_molecule.yml.j2
View File

@@ -32,11 +32,10 @@ spec:
memory: 16M
no_log: false
postgres_resource_requirements: {}
postgres_init_container_resource_requirements: {}
redis_resource_requirements: {}
additional_labels:
- my/team
- my/service
{% if additional_fields is defined %}
{{ additional_fields | to_nice_yaml | indent(2) }}
{% endif %}
{% endif %}

10
roles/installer/defaults/main.yml
View File

@@ -395,10 +395,7 @@ postgres_resource_requirements:
requests:
cpu: 10m
memory: 64Mi
postgres_init_container_resource_requirements:
requests:
cpu: 10m
memory: 64Mi
# Assign a preexisting priority class to the postgres pod
postgres_priority_class: ''
@@ -412,6 +409,11 @@ projects_existing_claim: ''
# Define postgres configuration arguments to use
postgres_extra_args: ''
postgres_data_volume_init: false
postgres_init_container_commands: |
chown 26:0 /var/lib/pgsql/data
chmod 700 /var/lib/pgsql/data
# Configure postgres connection keepalive
postgres_keepalives: true
postgres_keepalives_idle: 5

23
roles/installer/templates/statefulsets/postgres.yaml.j2
View File

@@ -46,6 +46,27 @@ spec:
{% endif %}
{% if postgres_priority_class is defined %}
priorityClassName: '{{ postgres_priority_class }}'
{% endif %}
{% if postgres_data_volume_init and not is_openshift %}
initContainers:
- name: init
image: '{{ _postgres_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
securityContext:
runAsUser: 0
command:
- /bin/sh
- -c
- |
{{ postgres_init_container_commands | indent(width=14) }}
resources: {{ postgres_init_container_resource_requirements | default(postgres_resource_requirements) }}
volumeMounts:
- name: postgres-{{ supported_pg_version }}
mountPath: '{{ _postgres_data_path | dirname }}'
subPath: '{{ _postgres_data_path | dirname | basename }}'
{% if postgres_extra_volume_mounts %}
{{ postgres_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
{% endif %}
containers:
- image: '{{ _postgres_image }}'
@@ -113,7 +134,7 @@ spec:
- name: postgres-{{ supported_pg_version }}
mountPath: '{{ _postgres_data_path | dirname }}'
subPath: '{{ _postgres_data_path | dirname | basename }}'
{% if postgres_extra_volume_mounts -%}
{% if postgres_extra_volume_mounts %}
{{ postgres_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
resources: {{ postgres_resource_requirements }}