Documentation ¶
Index ¶
- Constants
- Variables
- func CreateBackrestRepoSecrets(clientset *kubernetes.Clientset, backrestRepoConfig BackrestRepoConfig) error
- func CreateSecret(clientset *kubernetes.Clientset, ...) error
- func CreateUserSecret(clientset *kubernetes.Clientset, ...) error
- func CurrentPrimaryUpdate(restclient *rest.RESTClient, cluster *crv1.Pgcluster, ...) error
- func ExecPolicy(clientset *kubernetes.Clientset, restclient *rest.RESTClient, ...) error
- func GeneratePassword(length int) (string, error)
- func GeneratePgBouncerSecretName(clusterName string) string
- func GeneratePgBouncerUsersFileBytes(hashedPassword string) []byte
- func GeneratePostgreSQLMD5Password(username, password string) string
- func GeneratedPasswordLength(configuredPasswordLength string) int
- func GeneratedPasswordValidUntilDays(configuredValidUntilDays string) int
- func GetLabels(name, clustername string, replica bool) string
- func GetPGBackRestRepoPath(cluster crv1.Pgcluster) string
- func GetPasswordFromSecret(clientset *kubernetes.Clientset, namespace, secretName string) (string, error)
- func GetPod(clientset *kubernetes.Clientset, deploymentName, namespace string) (*v1.Pod, error)
- func GetPodSecurityContext(supplementalGroups []int64) string
- func GetPolicySQL(restclient *rest.RESTClient, namespace, policyName string) (string, error)
- func GetPrimaryPod(clientset *kubernetes.Clientset, cluster *crv1.Pgcluster) (*v1.Pod, error)
- func GetSecretPassword(clientset *kubernetes.Clientset, db, suffix, Namespace string) (string, error)
- func GetValueOrDefault(value, defaultValue string) string
- func IsAutofailEnabled(cluster *crv1.Pgcluster) bool
- func IsPostgreSQLUserSystemAccount(username string) bool
- func IsStringOneOf(testVal string, acceptedVals ...string) bool
- func IsValidBackrestStorageType(storageType string) bool
- func Patch(restclient *rest.RESTClient, path string, value string, resource string, ...) error
- func PatchClusterCRD(restclient *rest.RESTClient, labelMap map[string]string, ...) error
- func RandStringBytesRmndr(n int) string
- func SQLQuoteIdentifier(identifier string) string
- func SQLQuoteLiteral(literal string) string
- func SetPostgreSQLPassword(clientset *kubernetes.Clientset, restconfig *rest.Config, pod *v1.Pod, ...) error
- func StopPostgreSQLInstance(clientset *kubernetes.Clientset, restconfig *rest.Config, pod *v1.Pod, ...) error
- func ToggleAutoFailover(clientset *kubernetes.Clientset, enable bool, pghaScope, namespace string) error
- func UpdatePolicyLabels(clientset *kubernetes.Clientset, clusterName string, namespace string, ...) error
- func UpdateUserSecret(clientset *kubernetes.Clientset, ...) error
- func ValidateBackrestStorageTypeOnBackupRestore(newBackRestStorageType, currentBackRestStorageType string, restore bool) error
- func ValidatePolicy(restclient *rest.RESTClient, namespace string, policyName string) error
- type AWSS3Secret
- type BackrestRepoConfig
- type CloneClusterSecrets
- type CloneTask
- type InstanceReplicationInfo
- type JSONPatchOperation
- type ReplicationStatusRequest
- type ReplicationStatusResponse
- type ThingSpec
Constants ¶
const ( BackrestRepoDeploymentName = "%s-backrest-shared-repo" BackrestRepoServiceName = "%s-backrest-shared-repo" BackrestRepoPVCName = "%s-pgbr-repo" )
const ( // CloneParameterBackrestPVCSize is the parameter name for the Backrest PVC // size parameter CloneParameterBackrestPVCSize = "backrestPVCSize" // CloneParameterEnableMetrics if set to true, enables metrics collection in // a newly created cluster CloneParameterEnableMetrics = "enableMetrics" // CloneParameterPVCSize is the parameter name for the PVC parameter for // primary and replicas CloneParameterPVCSize = "pvcSize" )
const ( // DefaultGeneratedPasswordLength is the length of what a generated password // is if it's not set in the pgo.yaml file, and to create some semblance of // consistency DefaultGeneratedPasswordLength = 24 // DefaultPasswordValidUntilDays is the number of days until a PostgreSQL user's // password expires. If it is not set in the pgo.yaml file, we will use a // default of "0" which means that a password will never expire DefaultPasswordValidUntilDays = 0 )
const ( // three of these are exported, as they are used to help add the information // into the templates. Say the last one 10 times fast BackRestRepoSecretKeyAWSS3KeyAWSS3CACert = "aws-s3-ca.crt" BackRestRepoSecretKeyAWSS3KeyAWSS3Key = "aws-s3-key" BackRestRepoSecretKeyAWSS3KeyAWSS3KeySecret = "aws-s3-key-secret" )
values for the keys used to access the pgBackRest repository Secret
const ( // SQLValidUntilAlways uses a special PostgreSQL value to ensure a password // is always valid SQLValidUntilAlways = "infinity" // SQLValidUntilNever uses a special PostgreSQL value to ensure a password // is never valid. This is exportable and used in other places SQLValidUntilNever = "-infinity" )
const UserSecretFormat = "%s-%s" + crv1.UserSecretSuffix
UserSecretFormat follows the pattern of how the user information is stored, which is "<clusteRName>-<userName>-secret"
Variables ¶
var ( // ErrMissingConfigAnnotation represents an error thrown when the 'config' annotation is found // to be missing from the 'config' configMap created to store cluster-wide configuration ErrMissingConfigAnnotation error = errors.New("'config' annotation missing from cluster " + "configutation") )
Functions ¶
func CreateBackrestRepoSecrets ¶
func CreateBackrestRepoSecrets(clientset *kubernetes.Clientset, backrestRepoConfig BackrestRepoConfig) error
CreateBackrestRepoSecrets creates the secrets required to manage the pgBackRest repo container
func CreateSecret ¶
func CreateSecret(clientset *kubernetes.Clientset, db, secretName, username, password, namespace string) error
CreateSecret create the secret, user, and primary secrets
func CreateUserSecret ¶
func CreateUserSecret(clientset *kubernetes.Clientset, clustername, username, password, namespace string) error
CreateUserSecret will create a new secret holding a user credential
func CurrentPrimaryUpdate ¶
func CurrentPrimaryUpdate(restclient *rest.RESTClient, cluster *crv1.Pgcluster, currentPrimary, namespace string) error
CurrentPrimaryUpdate prepares the needed data structures with the correct current primary value before passing them along to be patched into the current pgcluster CRD's annotations
func ExecPolicy ¶
func ExecPolicy(clientset *kubernetes.Clientset, restclient *rest.RESTClient, restconfig *rest.Config, namespace, policyName, serviceName, port string) error
ExecPolicy execute a sql policy against a cluster
func GeneratePassword ¶
GeneratePassword generates a password of a given length out of the acceptable ASCII characters suitable for a password
func GeneratePgBouncerSecretName ¶
GeneratePgBouncerSecretName returns the name of the secret that contains information around a pgBouncer deployment
func GeneratePgBouncerUsersFileBytes ¶
GeneratePgBouncerUsersFileBytes generates the byte string that is used by the pgBouncer secret to authenticate a user into pgBouncer that is acting as the pgBouncer "service user" (aka PgBouncerUser).
The format of this file is `"username "hashed-password"`
where "hashed-password" is a MD5 or SCRAM hashed password
This is ultimately moutned by the pgBouncer Pod via the secret
func GeneratePostgreSQLMD5Password ¶
GeneratePostgreSQLMD5Password takes a username and a plaintext password and returns the PostgreSQL formatted MD5 password, which is: "md5" + md5(password+username)
func GeneratedPasswordLength ¶
GeneratedPasswordLength returns the value for what the length of a randomly generated password should be. It first determines if the user provided this value via a configuration file, and if not and/or the value is invalid, uses the default value
func GeneratedPasswordValidUntilDays ¶
GeneratedPasswordValidUntilDays returns the value for the number of days that a password is valid for, which is used as part of PostgreSQL's VALID UNTIL directive on a user. It first determines if the user provided this value via a configuration file, and if not and/or the value is invalid, uses the default value
func GetPGBackRestRepoPath ¶
GetPGBackRestRepoPath is responsible for determining the repo path setting (i.e. 'repo1-path' flag) for use by pgBackRest. If a specific repo path has been defined in the pgcluster CR, then that path will be returned. Otherwise a default path will be returned, which is generated using the 'defaultBackrestRepoPath' constant and the cluster name.
func GetPasswordFromSecret ¶
func GetPasswordFromSecret(clientset *kubernetes.Clientset, namespace, secretName string) (string, error)
GetPasswordFromSecret will fetch the password from a user secret
func GetPodSecurityContext ¶
GetPodSecurityContext will generate the security context required for a Deployment by incorporating the standard fsGroup for the user that runs the container (typically the "postgres" user), and adds any supplemental groups that may need to be added, e.g. for NFS storage.
Following the legacy method, this returns a JSON string, which will be modified in the future. Mainly this is transitioning from the legacy function by adding the expected types
func GetPolicySQL ¶
func GetPolicySQL(restclient *rest.RESTClient, namespace, policyName string) (string, error)
GetPolicySQL returns the SQL string from a policy
func GetPrimaryPod ¶
GetPrimaryPod gets the Pod of the primary PostgreSQL instance. If somehow the query gets multiple pods, then the first one in the list is returned
func GetSecretPassword ¶
func GetSecretPassword(clientset *kubernetes.Clientset, db, suffix, Namespace string) (string, error)
GetSecretPassword ...
func GetValueOrDefault ¶
GetValueOrDefault checks whether the first value given is set. If it is, that value is returned. If not, the second, default value is returned instead
func IsAutofailEnabled ¶
IsAutofailEnabled - returns true if autofail label is set to true, false if not.
func IsPostgreSQLUserSystemAccount ¶
IsPostgreSQLUserSystemAccount determines whether or not this is a system PostgreSQL user account, as if this returns true, one likely may not want to allow a user to directly access the account Normalizes the lookup by downcasing it
func IsStringOneOf ¶
IsStringOneOf tests to see string testVal is included in the list of strings provided using acceptedVals
func IsValidBackrestStorageType ¶
IsValidBackrestStorageType determines if the storage source string contains valid pgBackRest storage type values
func Patch ¶
func Patch(restclient *rest.RESTClient, path string, value string, resource string, name string, namespace string) error
Patch will patch a particular resource
func PatchClusterCRD ¶
func PatchClusterCRD(restclient *rest.RESTClient, labelMap map[string]string, oldCrd *crv1.Pgcluster, currentPrimary, namespace string) error
PatchClusterCRD patches the pgcluster CRD with any updated labels, or an updated current primary annotation value. As this uses a JSON merge patch, it will only updates those values that are different between the old and new CRD values.
func SQLQuoteIdentifier ¶
SQLQuoteIdentifier quotes an "identifier" (e.g. a table or a column name) to be used as part of an SQL statement.
Any double quotes in name will be escaped. The quoted identifier will be case sensitive when used in a query. If the input string contains a zero byte, the result will be truncated immediately before it.
Implementation borrowed from lib/pq: https://github.com/lib/pq which is licensed under the MIT License
func SQLQuoteLiteral ¶
SQLQuoteLiteral quotes a 'literal' (e.g. a parameter, often used to pass literal to DDL and other statements that do not accept parameters) to be used as part of an SQL statement.
Any single quotes in name will be escaped. Any backslashes (i.e. "\") will be replaced by two backslashes (i.e. "\\") and the C-style escape identifier that PostgreSQL provides ('E') will be prepended to the string.
Implementation borrowed from lib/pq: https://github.com/lib/pq which is licensed under the MIT License. Curiously, @jkatz and @cbandy were the ones who worked on the patch to add this, prior to being at Crunchy Data
func SetPostgreSQLPassword ¶
func SetPostgreSQLPassword(clientset *kubernetes.Clientset, restconfig *rest.Config, pod *v1.Pod, port, username, password, sqlCustom string) error
SetPostgreSQLPassword updates the password for a PostgreSQL role in the PostgreSQL cluster by executing into the primary Pod and changing it
Note: it is recommended to pre-hash the password (e.g. md5, SCRAM) so that way the plaintext password is not logged anywhere. This also avoids potential SQL injections
func StopPostgreSQLInstance ¶
func StopPostgreSQLInstance(clientset *kubernetes.Clientset, restconfig *rest.Config, pod *v1.Pod, instanceName string) error
StopPostgreSQLInstance issues a "fast" shutdown command to the PostgreSQL instance. This will immediately terminate any connections and safely shut down PostgreSQL so it does not have to start up in crash recovery mode
func ToggleAutoFailover ¶
func ToggleAutoFailover(clientset *kubernetes.Clientset, enable bool, pghaScope, namespace string) error
ToggleAutoFailover enables or disables autofailover for a cluster. Disabling autofailover means "pausing" Patroni, which will result in Patroni stepping aside from managing the cluster. This will effectively cause Patroni to stop responding to failures or other database activities, e.g. it will not attempt to start the database when stopped to perform maintenance
func UpdatePolicyLabels ¶
func UpdatePolicyLabels(clientset *kubernetes.Clientset, clusterName string, namespace string, newLabels map[string]string) error
UpdatePolicyLabels ...
func UpdateUserSecret ¶
func UpdateUserSecret(clientset *kubernetes.Clientset, clustername, username, password, namespace string) error
UpdateUserSecret updates a user secret with a new password. It follows the following method:
1. If the Secret exists, it updates the value of the Secret 2. If the Secret does not exist, it creates the secret
func ValidateBackrestStorageTypeOnBackupRestore ¶
func ValidateBackrestStorageTypeOnBackupRestore(newBackRestStorageType, currentBackRestStorageType string, restore bool) error
ValidateBackrestStorageTypeOnBackupRestore checks to see if the pgbackrest storage type provided when performing either pgbackrest backup or restore is valid. This includes ensuring the value provided is a valid storage type (e.g. "s3" and/or "local"). This also includes ensuring the storage type specified (e.g. "s3" or "local") is enabled in the current cluster. And finally, validation is ocurring for a restore, the ensure only one storage type is selected.
func ValidatePolicy ¶
func ValidatePolicy(restclient *rest.RESTClient, namespace string, policyName string) error
ValidatePolicy tests to see if a policy exists
Types ¶
type AWSS3Secret ¶
AWSS3Secret is a structured representation for providing an AWS S3 key and key secret
func GetS3CredsFromBackrestRepoSecret ¶
func GetS3CredsFromBackrestRepoSecret(clientset *kubernetes.Clientset, namespace, clusterName string) (AWSS3Secret, error)
GetS3CredsFromBackrestRepoSecret retrieves the AWS S3 credentials, i.e. the key and key secret, from a specific cluster's backrest repo secret
type BackrestRepoConfig ¶
type BackrestRepoConfig struct { // BackrestS3CA is the byte string value of the CA that should be used for the // S3 inerfacd pgBackRest repository BackrestS3CA []byte BackrestS3Key string BackrestS3KeySecret string ClusterName string ClusterNamespace string OperatorNamespace string }
BackrestRepoConfig represents the configuration required to created backrest repo secrets
type CloneClusterSecrets ¶
type CloneClusterSecrets struct { // any additional selectors that can be added to the query that is made AdditionalSelectors []string // The Kubernetes Clientset used to make API calls to Kubernetes` ClientSet *kubernetes.Clientset // The Namespace that the clusters are in Namespace string // The name of the PostgreSQL cluster that the secrets are originating from SourceClusterName string // The name of the PostgreSQL cluster that we are copying the secrets to TargetClusterName string }
CloneClusterSecrets will copy the secrets from a cluster into the secrets of another cluster
func (CloneClusterSecrets) Clone ¶
func (cs CloneClusterSecrets) Clone() error
Clone performs the actual clone of the secrets between PostgreSQL clusters
type CloneTask ¶
type CloneTask struct { BackrestPVCSize string BackrestStorageSource string EnableMetrics bool PGOUser string PVCSize string SourceClusterName string TargetClusterName string TaskStepLabel string TaskType string Timestamp time.Time WorkflowID string }
CloneTask allows you to create a Pgtask CRD with the appropriate options
type InstanceReplicationInfo ¶
type InstanceReplicationInfo struct { Name string Node string ReplicationLag int Status string Timeline int }
InstanceReplicationInfo is the user friendly information for the current status of key replication metrics for a PostgreSQL instance
type JSONPatchOperation ¶
type JSONPatchOperation struct { Op string `json:"op"` Path string `json:"path"` Value interface{} `json:"value"` }
JSONPatchOperation represents the structure for a JSON patch operation
type ReplicationStatusResponse ¶
type ReplicationStatusResponse struct {
Instances []InstanceReplicationInfo
}
func ReplicationStatus ¶
func ReplicationStatus(request ReplicationStatusRequest) (ReplicationStatusResponse, error)
ReplicationStatus is responsible for retrieving and returning the replication information about the status of the replicas in a PostgreSQL cluster. It executes into a single replica pod and leverages the functionality of Patroni for getting the key metrics that are appropriate to help the user understand the current state of their replicas.
Statistics include: the current node the replica is on, if it is up, the replication lag, etc.