Documentation ¶
Index ¶
- Constants
- Variables
- func CreateBackrestRepoSecrets(clientset kubernetes.Interface, backrestRepoConfig BackrestRepoConfig) error
- func CreateSecret(clientset kubernetes.Interface, ...) error
- func CreateUserSecret(clientset kubernetes.Interface, ...) error
- func CurrentPrimaryUpdate(clientset pgo.Interface, cluster *crv1.Pgcluster, ...) error
- func ExecPolicy(clientset kubeapi.Interface, restconfig *rest.Config, ...) error
- func GeneratePassword(length int) (string, error)
- func GeneratePgBouncerConfigMapName(clusterName string) string
- func GeneratePgBouncerSecretName(clusterName string) string
- func GeneratePgBouncerUsersFileBytes(hashedPassword string) []byte
- func GeneratedPasswordLength(configuredPasswordLength string) int
- func GeneratedPasswordValidUntilDays(configuredValidUntilDays string) int
- func GetLabels(name, clustername string, replica bool) string
- func GetPGBackRestRepoPath(cluster crv1.Pgcluster) string
- func GetPasswordFromSecret(clientset kubernetes.Interface, namespace, secretName string) (string, error)
- func GetPod(clientset kubernetes.Interface, deploymentName, namespace string) (*v1.Pod, error)
- func GetPolicySQL(clientset pgo.Interface, namespace, policyName string) (string, error)
- func GetPrimaryPod(clientset kubernetes.Interface, cluster *crv1.Pgcluster) (*v1.Pod, error)
- func GetSecretPassword(clientset kubernetes.Interface, db, suffix, Namespace string) (string, error)
- func GetStandardImageTag(imageName, imageTag string) string
- func GetValueOrDefault(value, defaultValue string) string
- func IsAutofailEnabled(cluster *crv1.Pgcluster) bool
- func IsPostgreSQLUserSystemAccount(username string) bool
- func IsStringOneOf(testVal string, acceptedVals ...string) bool
- func IsValidBackrestStorageType(storageType string) bool
- func Patch(restclient rest.Interface, path string, value string, resource string, ...) error
- func PatchClusterCRD(clientset pgo.Interface, labelMap map[string]string, oldCrd *crv1.Pgcluster, ...) error
- func RandStringBytesRmndr(n int) string
- func SQLQuoteIdentifier(identifier string) string
- func SQLQuoteLiteral(literal string) string
- func SetPostgreSQLPassword(clientset kubernetes.Interface, restconfig *rest.Config, pod *v1.Pod, ...) error
- func StopPostgreSQLInstance(clientset kubernetes.Interface, restconfig *rest.Config, pod *v1.Pod, ...) error
- func ToggleAutoFailover(clientset kubernetes.Interface, enable bool, pghaScope, namespace string) error
- func UpdatePolicyLabels(clientset kubernetes.Interface, clusterName string, namespace string, ...) error
- func UpdateUserSecret(clientset kubernetes.Interface, ...) error
- func ValidateBackrestStorageTypeOnBackupRestore(newBackRestStorageType, currentBackRestStorageType string, restore bool) error
- func ValidatePolicy(clientset pgo.Interface, namespace string, policyName string) error
- type AWSS3Secret
- type BackrestRepoConfig
- type CloneClusterSecrets
- type CloneTask
- type InstanceReplicationInfo
- type JSONPatchOperation
- type ReplicationStatusRequest
- type ReplicationStatusResponse
- type SSHKey
- type ThingSpec
Constants ¶
const ( BackrestRepoDeploymentName = "%s-backrest-shared-repo" BackrestRepoServiceName = "%s-backrest-shared-repo" BackrestRepoPVCName = "%s-pgbr-repo" BackrestRepoSecretName = "%s-backrest-repo-config" )
const ( // CloneParameterBackrestPVCSize is the parameter name for the Backrest PVC // size parameter CloneParameterBackrestPVCSize = "backrestPVCSize" // CloneParameterEnableMetrics if set to true, enables metrics collection in // a newly created cluster CloneParameterEnableMetrics = "enableMetrics" // CloneParameterPVCSize is the parameter name for the PVC parameter for // primary and replicas CloneParameterPVCSize = "pvcSize" )
const ( // DefaultGeneratedPasswordLength is the length of what a generated password // is if it's not set in the pgo.yaml file, and to create some semblance of // consistency DefaultGeneratedPasswordLength = 24 // DefaultPasswordValidUntilDays is the number of days until a PostgreSQL user's // password expires. If it is not set in the pgo.yaml file, we will use a // default of "0" which means that a password will never expire DefaultPasswordValidUntilDays = 0 )
const ( // three of these are exported, as they are used to help add the information // into the templates. Say the last one 10 times fast BackRestRepoSecretKeyAWSS3KeyAWSS3CACert = "aws-s3-ca.crt" BackRestRepoSecretKeyAWSS3KeyAWSS3Key = "aws-s3-key" BackRestRepoSecretKeyAWSS3KeyAWSS3KeySecret = "aws-s3-key-secret" )
values for the keys used to access the pgBackRest repository Secret
const ( // SQLValidUntilAlways uses a special PostgreSQL value to ensure a password // is always valid SQLValidUntilAlways = "infinity" // SQLValidUntilNever uses a special PostgreSQL value to ensure a password // is never valid. This is exportable and used in other places SQLValidUntilNever = "-infinity" )
const UserSecretFormat = "%s-%s" + crv1.UserSecretSuffix
UserSecretFormat follows the pattern of how the user information is stored, which is "<clusteRName>-<userName>-secret"
Variables ¶
var ( // ErrMissingConfigAnnotation represents an error thrown when the 'config' annotation is found // to be missing from the 'config' configMap created to store cluster-wide configuration ErrMissingConfigAnnotation error = errors.New("'config' annotation missing from cluster " + "configutation") )
Functions ¶
func CreateBackrestRepoSecrets ¶
func CreateBackrestRepoSecrets(clientset kubernetes.Interface, backrestRepoConfig BackrestRepoConfig) error
CreateBackrestRepoSecrets creates the secrets required to manage the pgBackRest repo container
func CreateSecret ¶
func CreateSecret(clientset kubernetes.Interface, db, secretName, username, password, namespace string) error
CreateSecret create the secret, user, and primary secrets
func CreateUserSecret ¶
func CreateUserSecret(clientset kubernetes.Interface, clustername, username, password, namespace string) error
CreateUserSecret will create a new secret holding a user credential
func CurrentPrimaryUpdate ¶
func CurrentPrimaryUpdate(clientset pgo.Interface, cluster *crv1.Pgcluster, currentPrimary, namespace string) error
CurrentPrimaryUpdate prepares the needed data structures with the correct current primary value before passing them along to be patched into the current pgcluster CRD's annotations
func ExecPolicy ¶
func ExecPolicy(clientset kubeapi.Interface, restconfig *rest.Config, namespace, policyName, clusterName, port string) error
ExecPolicy execute a sql policy against a cluster
func GeneratePassword ¶
GeneratePassword generates a password of a given length out of the acceptable ASCII characters suitable for a password
func GeneratePgBouncerConfigMapName ¶
GeneratePgBouncerConfigMapName generates the name of the configmap file associated with the pgBouncer Deployment
func GeneratePgBouncerSecretName ¶
GeneratePgBouncerSecretName returns the name of the secret that contains information around a pgBouncer deployment
func GeneratePgBouncerUsersFileBytes ¶
GeneratePgBouncerUsersFileBytes generates the byte string that is used by the pgBouncer secret to authenticate a user into pgBouncer that is acting as the pgBouncer "service user" (aka PgBouncerUser).
The format of this file is `"username "hashed-password"`
where "hashed-password" is a MD5 or SCRAM hashed password
This is ultimately moutned by the pgBouncer Pod via the secret
func GeneratedPasswordLength ¶
GeneratedPasswordLength returns the value for what the length of a randomly generated password should be. It first determines if the user provided this value via a configuration file, and if not and/or the value is invalid, uses the default value
func GeneratedPasswordValidUntilDays ¶
GeneratedPasswordValidUntilDays returns the value for the number of days that a password is valid for, which is used as part of PostgreSQL's VALID UNTIL directive on a user. It first determines if the user provided this value via a configuration file, and if not and/or the value is invalid, uses the default value
func GetPGBackRestRepoPath ¶
GetPGBackRestRepoPath is responsible for determining the repo path setting (i.e. 'repo1-path' flag) for use by pgBackRest. If a specific repo path has been defined in the pgcluster CR, then that path will be returned. Otherwise a default path will be returned, which is generated using the 'defaultBackrestRepoPath' constant and the cluster name.
func GetPasswordFromSecret ¶
func GetPasswordFromSecret(clientset kubernetes.Interface, namespace, secretName string) (string, error)
GetPasswordFromSecret will fetch the password from a user secret
func GetPolicySQL ¶
GetPolicySQL returns the SQL string from a policy
func GetPrimaryPod ¶
GetPrimaryPod gets the Pod of the primary PostgreSQL instance. If somehow the query gets multiple pods, then the first one in the list is returned
func GetSecretPassword ¶
func GetSecretPassword(clientset kubernetes.Interface, db, suffix, Namespace string) (string, error)
GetSecretPassword ...
func GetStandardImageTag ¶
GetStandardImageTag takes the current image name and the image tag value stored in the pgcluster CRD and, if the image being used is the crunchy-postgres-gis-ha container with the corresponding tag, it returns the tag without the addition of the GIS version. This tag value can then be used when provisioning containers using the standard containers tag.
func GetValueOrDefault ¶
GetValueOrDefault checks whether the first value given is set. If it is, that value is returned. If not, the second, default value is returned instead
func IsAutofailEnabled ¶
IsAutofailEnabled - returns true if autofail label is set to true, false if not.
func IsPostgreSQLUserSystemAccount ¶
IsPostgreSQLUserSystemAccount determines whether or not this is a system PostgreSQL user account, as if this returns true, one likely may not want to allow a user to directly access the account Normalizes the lookup by downcasing it
func IsStringOneOf ¶
IsStringOneOf tests to see string testVal is included in the list of strings provided using acceptedVals
func IsValidBackrestStorageType ¶
IsValidBackrestStorageType determines if the storage source string contains valid pgBackRest storage type values
func Patch ¶
func Patch(restclient rest.Interface, path string, value string, resource string, name string, namespace string) error
Patch will patch a particular resource
func PatchClusterCRD ¶
func PatchClusterCRD(clientset pgo.Interface, labelMap map[string]string, oldCrd *crv1.Pgcluster, currentPrimary, namespace string) error
PatchClusterCRD patches the pgcluster CRD with any updated labels, or an updated current primary annotation value. As this uses a JSON merge patch, it will only updates those values that are different between the old and new CRD values.
func SQLQuoteIdentifier ¶
SQLQuoteIdentifier quotes an "identifier" (e.g. a table or a column name) to be used as part of an SQL statement.
Any double quotes in name will be escaped. The quoted identifier will be case sensitive when used in a query. If the input string contains a zero byte, the result will be truncated immediately before it.
Implementation borrowed from lib/pq: https://github.com/lib/pq which is licensed under the MIT License
func SQLQuoteLiteral ¶
SQLQuoteLiteral quotes a 'literal' (e.g. a parameter, often used to pass literal to DDL and other statements that do not accept parameters) to be used as part of an SQL statement.
Any single quotes in name will be escaped. Any backslashes (i.e. "\") will be replaced by two backslashes (i.e. "\\") and the C-style escape identifier that PostgreSQL provides ('E') will be prepended to the string.
Implementation borrowed from lib/pq: https://github.com/lib/pq which is licensed under the MIT License. Curiously, @jkatz and @cbandy were the ones who worked on the patch to add this, prior to being at Crunchy Data
func SetPostgreSQLPassword ¶
func SetPostgreSQLPassword(clientset kubernetes.Interface, restconfig *rest.Config, pod *v1.Pod, port, username, password, sqlCustom string) error
SetPostgreSQLPassword updates the password for a PostgreSQL role in the PostgreSQL cluster by executing into the primary Pod and changing it
Note: it is recommended to pre-hash the password (e.g. md5, SCRAM) so that way the plaintext password is not logged anywhere. This also avoids potential SQL injections
func StopPostgreSQLInstance ¶
func StopPostgreSQLInstance(clientset kubernetes.Interface, restconfig *rest.Config, pod *v1.Pod, instanceName string) error
StopPostgreSQLInstance issues a "fast" shutdown command to the PostgreSQL instance. This will immediately terminate any connections and safely shut down PostgreSQL so it does not have to start up in crash recovery mode
func ToggleAutoFailover ¶
func ToggleAutoFailover(clientset kubernetes.Interface, enable bool, pghaScope, namespace string) error
ToggleAutoFailover enables or disables autofailover for a cluster. Disabling autofailover means "pausing" Patroni, which will result in Patroni stepping aside from managing the cluster. This will effectively cause Patroni to stop responding to failures or other database activities, e.g. it will not attempt to start the database when stopped to perform maintenance
func UpdatePolicyLabels ¶
func UpdatePolicyLabels(clientset kubernetes.Interface, clusterName string, namespace string, newLabels map[string]string) error
UpdatePolicyLabels ...
func UpdateUserSecret ¶
func UpdateUserSecret(clientset kubernetes.Interface, clustername, username, password, namespace string) error
UpdateUserSecret updates a user secret with a new password. It follows the following method:
1. If the Secret exists, it updates the value of the Secret 2. If the Secret does not exist, it creates the secret
func ValidateBackrestStorageTypeOnBackupRestore ¶
func ValidateBackrestStorageTypeOnBackupRestore(newBackRestStorageType, currentBackRestStorageType string, restore bool) error
ValidateBackrestStorageTypeOnBackupRestore checks to see if the pgbackrest storage type provided when performing either pgbackrest backup or restore is valid. This includes ensuring the value provided is a valid storage type (e.g. "s3" and/or "local"). This also includes ensuring the storage type specified (e.g. "s3" or "local") is enabled in the current cluster. And finally, validation is ocurring for a restore, the ensure only one storage type is selected.
Types ¶
type AWSS3Secret ¶
AWSS3Secret is a structured representation for providing an AWS S3 key and key secret
func GetS3CredsFromBackrestRepoSecret ¶
func GetS3CredsFromBackrestRepoSecret(clientset kubernetes.Interface, namespace, clusterName string) (AWSS3Secret, error)
GetS3CredsFromBackrestRepoSecret retrieves the AWS S3 credentials, i.e. the key and key secret, from a specific cluster's backrest repo secret
type BackrestRepoConfig ¶
type BackrestRepoConfig struct { // BackrestS3CA is the byte string value of the CA that should be used for the // S3 inerfacd pgBackRest repository BackrestS3CA []byte BackrestS3Key string BackrestS3KeySecret string ClusterName string ClusterNamespace string OperatorNamespace string }
BackrestRepoConfig represents the configuration required to created backrest repo secrets
type CloneClusterSecrets ¶
type CloneClusterSecrets struct { // any additional selectors that can be added to the query that is made AdditionalSelectors []string // The Kubernetes Clientset used to make API calls to Kubernetes` ClientSet kubernetes.Interface // The Namespace that the clusters are in Namespace string // The name of the PostgreSQL cluster that the secrets are originating from SourceClusterName string // The name of the PostgreSQL cluster that we are copying the secrets to TargetClusterName string }
CloneClusterSecrets will copy the secrets from a cluster into the secrets of another cluster
func (CloneClusterSecrets) Clone ¶
func (cs CloneClusterSecrets) Clone() error
Clone performs the actual clone of the secrets between PostgreSQL clusters
type CloneTask ¶
type CloneTask struct { BackrestPVCSize string BackrestStorageSource string EnableMetrics bool PGOUser string PVCSize string SourceClusterName string TargetClusterName string TaskStepLabel string TaskType string Timestamp time.Time WorkflowID string }
CloneTask allows you to create a Pgtask CRD with the appropriate options
type InstanceReplicationInfo ¶
type InstanceReplicationInfo struct { Name string Node string ReplicationLag int Status string Timeline int PendingRestart bool Role string }
InstanceReplicationInfo is the user friendly information for the current status of key replication metrics for a PostgreSQL instance
type JSONPatchOperation ¶
type JSONPatchOperation struct { Op string `json:"op"` Path string `json:"path"` Value interface{} `json:"value"` }
JSONPatchOperation represents the structure for a JSON patch operation
type ReplicationStatusResponse ¶
type ReplicationStatusResponse struct {
Instances []InstanceReplicationInfo
}
func ReplicationStatus ¶
func ReplicationStatus(request ReplicationStatusRequest, includePrimary, includeBusted bool) (ReplicationStatusResponse, error)
ReplicationStatus is responsible for retrieving and returning the replication information about the status of the replicas in a PostgreSQL cluster. It executes into a single replica pod and leverages the functionality of Patroni for getting the key metrics that are appropriate to help the user understand the current state of their replicas.
Statistics include: the current node the replica is on, if it is up, the replication lag, etc.
By default information is only returned for replicas within the cluster. However, if primary information is also needed, the inlcudePrimary flag can set set to true and primary information will will also be included in the ReplicationStatusResponse.
Also by default we do not include any "busted" Pods, e.g. a Pod that is not in a happy phase. That Pod may be lacking a "role" label. From there, we zero out the statistics and apply an error
type SSHKey ¶
SSHKey stores byte slices that represent private and public ssh keys
func NewPrivatePublicKeyPair ¶
NewPrivatePublicKeyPair generates a an ed25519 ssh private and public key