From d58ed1c51c7afc0408f031f21123328097b5db7d Mon Sep 17 00:00:00 2001 From: DJ Gregor Date: Thu, 7 Sep 2023 15:13:21 -0400 Subject: [PATCH 1/4] Support multi-arch images for the Zalando Postgres Operator --- scripts/start-dependencies.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/start-dependencies.sh b/scripts/start-dependencies.sh index ffa012c..6dff0aa 100755 --- a/scripts/start-dependencies.sh +++ b/scripts/start-dependencies.sh @@ -81,9 +81,13 @@ fi # Install PostgreSQL if [ "$INSTALL_POSTGRESQL" == "true" ]; then - kubectl apply -f https://raw.githubusercontent.com/zalando/postgres-operator/master/manifests/postgresql.crd.yaml - kubectl wait --for condition=established crd postgresqls.acid.zalan.do --timeout=10s - kubectl apply -k github.com/zalando/postgres-operator/manifests + helm repo add postgres-operator-charts https://opensource.zalando.com/postgres-operator/charts/postgres-operator + # The default image repo at registry.opensource.zalan.do doesn't support multi-arch images yet, + # so use the ghcr repo which has multi-arch images for the operator. + helm upgrade --install \ + --set image.registry=ghcr.io \ + --set image.repository=zalando/postgres-operator \ + postgres-operator postgres-operator-charts/postgres-operator kubectl create secret generic $PG_USER.onms-db.credentials.postgresql.acid.zalan.do --from-literal="username=$PG_USER" --from-literal="password=$PG_PASSWORD" -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - kubectl create secret generic $PG_ONMS_USER.onms-db.credentials.postgresql.acid.zalan.do --from-literal="username=$PG_ONMS_USER" --from-literal="password=$PG_ONMS_PASSWORD" -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - kubectl apply -f dependencies/postgresql.yaml -n $NAMESPACE From a11e97ee2b9410ce03bc3eba155df8e3fd85b7af Mon Sep 17 00:00:00 2001 From: DJ Gregor Date: Thu, 7 Sep 2023 15:13:47 -0400 Subject: [PATCH 2/4] Don't patch ingress-nginx for passthrough unless using Kafka --- scripts/start-dependencies.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/start-dependencies.sh b/scripts/start-dependencies.sh index 6dff0aa..4d8de39 100755 --- a/scripts/start-dependencies.sh +++ b/scripts/start-dependencies.sh @@ -38,8 +38,10 @@ TRUSTSTORE_PASSWORD="0p3nNM5" # Must match dependencies.kafka.truststore.passwor CLUSTER_NAME="onms" # Must match the name of the cluster inside dependencies/kafka.yaml and dependencies/elasticsearch.yaml # Patch NGinx to allow SSL Passthrough for Strimzi -kubectl patch deployment ingress-nginx-controller -n ingress-nginx --type json -p \ - '[{"op":"add","path":"/spec/template/spec/containers/0/args/-","value":"--enable-ssl-passthrough"}]' +if [ "$INSTALL_KAFKA" == "true" ]; then + kubectl patch deployment ingress-nginx-controller -n ingress-nginx --type json -p \ + '[{"op":"add","path":"/spec/template/spec/containers/0/args/-","value":"--enable-ssl-passthrough"}]' +fi # Update Helm Repositories helm repo add jetstack https://charts.jetstack.io From 0fff897fe95cea36e61540a10ed855b9a456aca6 Mon Sep 17 00:00:00 2001 From: DJ Gregor Date: Thu, 7 Sep 2023 19:47:34 +0000 Subject: [PATCH 3/4] Quote the "do" to keep vim happy --- scripts/start-dependencies.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/start-dependencies.sh b/scripts/start-dependencies.sh index 4d8de39..74cd98e 100755 --- a/scripts/start-dependencies.sh +++ b/scripts/start-dependencies.sh @@ -90,8 +90,8 @@ if [ "$INSTALL_POSTGRESQL" == "true" ]; then --set image.registry=ghcr.io \ --set image.repository=zalando/postgres-operator \ postgres-operator postgres-operator-charts/postgres-operator - kubectl create secret generic $PG_USER.onms-db.credentials.postgresql.acid.zalan.do --from-literal="username=$PG_USER" --from-literal="password=$PG_PASSWORD" -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - - kubectl create secret generic $PG_ONMS_USER.onms-db.credentials.postgresql.acid.zalan.do --from-literal="username=$PG_ONMS_USER" --from-literal="password=$PG_ONMS_PASSWORD" -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - + kubectl create secret generic "$PG_USER.onms-db.credentials.postgresql.acid.zalan.do" --from-literal="username=$PG_USER" --from-literal="password=$PG_PASSWORD" -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - + kubectl create secret generic "$PG_ONMS_USER.onms-db.credentials.postgresql.acid.zalan.do" --from-literal="username=$PG_ONMS_USER" --from-literal="password=$PG_ONMS_PASSWORD" -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - kubectl apply -f dependencies/postgresql.yaml -n $NAMESPACE fi From 8d8837fcfa2023cb3b8613cbd91a6c88afa81df1 Mon Sep 17 00:00:00 2001 From: DJ Gregor Date: Thu, 7 Sep 2023 20:18:26 +0000 Subject: [PATCH 4/4] Prevent elasticsearch ready check race condition The previous 'kubectl wait pod' check will fail if the operator hasn't created the pod yet. Checking the status phase on the elasticsearch object seems to accomplish the same thing and doesn't have side effects depending on the operator not being yet or not having created the elasticsearch pod yet. --- scripts/start-dependencies.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/start-dependencies.sh b/scripts/start-dependencies.sh index 74cd98e..aede790 100755 --- a/scripts/start-dependencies.sh +++ b/scripts/start-dependencies.sh @@ -125,7 +125,7 @@ if [ "$INSTALL_KAFKA" == "true" ]; then kubectl wait kafka/$CLUSTER_NAME --for=condition=Ready --timeout=300s -n $NAMESPACE fi if [ "$INSTALL_ELASTIC" == "true" ]; then - kubectl wait pod -l elasticsearch.k8s.elastic.co/cluster-name=$CLUSTER_NAME --for=condition=Ready --timeout=300s -n $NAMESPACE + kubectl wait elasticsearch/$CLUSTER_NAME --for='jsonpath={.status.phase}=Ready' --timeout=300s -n $NAMESPACE fi # Prepare target directory for the Truststores