Conversation
pooknull
requested review from
egegunes,
eleo007,
gkech,
hors,
jvpasinatto,
nmarukovich and
valmiranogueira
as code owners
| if cluster.CompareVersion("2.9.0") >= 0 { | ||
| for _, p := range spec.SidecarPVCs { | ||
| instance.Spec.VolumeClaimTemplates = append(instance.Spec.VolumeClaimTemplates, corev1.PersistentVolumeClaim{ | ||
| ObjectMeta: metav1.ObjectMeta{Name: p.Name}, | ||
| Spec: p.Spec, | ||
| }) | ||
| } | ||
| } |
There was a problem hiding this comment.
does this mean that users can only add sidecar PVCs while creating clusters? i guess we had the same limitation in other operators.
percona/controller/pgcluster/pvc.go
Outdated
| if err := cl.Create(ctx, pvc); err != nil { | ||
| return errors.Wrapf(err, "create PVC %s", client.ObjectKeyFromObject(pvc).String()) | ||
| } |
There was a problem hiding this comment.
but if we are creating PVCs ourselves why don't we just add them into statefulset volumes so they can also be added after cluster creation?
There was a problem hiding this comment.
ok, i now realized we're doing this only for pgbouncer because it's a deployment. but if we do this for all, we'd overcome the limitation of adding sidecar pvcs after creation
pooknull
requested review from
bogdanjeler-ev,
mayankshah1607 and
oksana-grishchenko
as code owners
There was a problem hiding this comment.
i don't think we should downgrade
hack/tools/.gitignore
Outdated
percona/controller/pgcluster/pvc.go
Outdated
| pvc := new(corev1.PersistentVolumeClaim) | ||
| pvc.Name = sidecarPVC.Name | ||
| pvc.Namespace = namespace | ||
| pvc.Spec = sidecarPVC.Spec |
There was a problem hiding this comment.
should we have some sort of labels added here so that we know that these pvcs are created by the operator?
percona/controller/pgcluster/pvc.go
Outdated
| err := cl.Get(ctx, client.ObjectKeyFromObject(pvc), &corev1.PersistentVolumeClaim{}) | ||
| if err == nil { | ||
| // already exists | ||
| continue |
There was a problem hiding this comment.
What should happen if the pvcs are updated in terms of specs? should we update them of skip?
|
let's check also why unit tests are failing on this pr |
There was a problem hiding this comment.
Pull request overview
Adds support for configuring extra volumes and operator-managed PVCs for sidecar containers across instance pods, pgBouncer, and pgBackRest repoHost, along with the necessary API/plumbing, RBAC, and tests.
Changes:
- Extend CRDs/types with
sidecarVolumesandsidecarPVCsfor instances, pgBouncer, and pgBackRest repoHost. - Reconcile pod specs to mount the configured sidecar volumes/PVCs, and add a controller reconciler to create/update the defined PVCs.
- Update RBAC and sidecar-related unit/E2E tests to cover the new fields.
Reviewed changes
Copilot reviewed 20 out of 28 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/apis/postgres-operator.crunchydata.com/v1beta1/zz_generated.deepcopy.go | Deepcopy updates for new fields and new SidecarPVC type. |
| pkg/apis/postgres-operator.crunchydata.com/v1beta1/postgrescluster_types.go | Adds sidecarVolumes/sidecarPVCs to instance set spec + defines SidecarPVC. |
| pkg/apis/postgres-operator.crunchydata.com/v1beta1/pgbouncer_types.go | Adds sidecarVolumes/sidecarPVCs to pgBouncer pod spec. |
| pkg/apis/postgres-operator.crunchydata.com/v1beta1/pgbackrest_types.go | Adds sidecarVolumes/sidecarPVCs to pgBackRest repoHost spec. |
| pkg/apis/pgv2.percona.com/v2/zz_generated.deepcopy.go | Deepcopy updates for new Percona API fields. |
| pkg/apis/pgv2.percona.com/v2/perconapgcluster_types.go | Adds Percona-level fields and maps them through ToCrunchy(). |
| percona/controller/pgcluster/pvc.go | New reconciler to create/update PVCs declared via sidecarPVCs. |
| percona/controller/pgcluster/controller_test.go | Extends sidecar tests to assert volumes + PVC-backed volumes are present. |
| percona/controller/pgcluster/controller.go | Calls PVC reconciler and adds PVC RBAC marker. |
| internal/postgres/reconcile.go | Adds sidecarVolumes to instance pods (version-gated). |
| internal/pgbouncer/reconcile.go | Adds sidecarVolumes and PVC-backed volumes to pgBouncer pod spec (version-gated). |
| internal/controller/postgrescluster/pgbackrest.go | Adds sidecarVolumes and PVC-backed volumes to repoHost pod template (version-gated). |
| internal/controller/postgrescluster/instance.go | Adds PVC-backed volumes to instance StatefulSet pod template (version-gated). |
| e2e-tests/tests/sidecars/01-create-cluster.yaml | Sets sidecarVolumes/sidecarPVCs fields in the sidecars E2E test. |
| e2e-tests/tests/sidecars/01-assert.yaml | Adds assertions for PVC creation/binding in the sidecars E2E test. |
| deploy/rbac.yaml | Grants PVC verbs in deployment RBAC. |
| deploy/cw-rbac.yaml | Same RBAC updates for cw deployment. |
| config/rbac/namespace/role.yaml | Grants PVC verbs in generated namespace Role. |
| config/rbac/cluster/role.yaml | Grants PVC verbs in generated cluster Role. |
| Makefile | Minor formatting/line fix in after-release target. |
| // K8SPG-864 | ||
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | ||
| // K8SPG-864 |
There was a problem hiding this comment.
These new API fields are declared with omitempty but are missing the // +optional marker that is used throughout this API type for optional fields. Add // +optional so CRD generation/markers remain consistent with surrounding fields.
| // K8SPG-864 | |
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // K8SPG-864 | |
| // K8SPG-864 | |
| // +optional | |
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // K8SPG-864 | |
| // +optional |
|
|
||
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` |
There was a problem hiding this comment.
These newly added spec fields don't have the // +optional marker used for other optional fields in this API type. Add // +optional to keep CRD generation/markers consistent and make intent explicit.
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // +optional | |
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // +optional |
| if err := cl.Create(ctx, pvc); err != nil { | ||
| return errors.Wrap(err, "failed to create pvc") | ||
| } | ||
| return nil |
There was a problem hiding this comment.
ensureSidecarPVCs exits the whole function after creating the first missing PVC (return nil inside the loop). This prevents creation/update of any subsequent PVCs in the same pvcs slice during the same reconcile. Replace the early return with continue (or restructure) so the loop processes all entries and the function returns nil only after finishing.
| return nil | |
| continue |
| // K8SPG-864 | ||
| if cluster.CompareVersion("2.9.0") >= 0 { | ||
| for _, v := range spec.SidecarPVCs { | ||
| instance.Spec.Template.Spec.Volumes = append(instance.Spec.Template.Spec.Volumes, corev1.Volume{ | ||
| Name: v.Name, | ||
| VolumeSource: corev1.VolumeSource{ | ||
| PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ | ||
| ClaimName: v.Name, | ||
| }, | ||
| }, | ||
| }) | ||
| } | ||
| } |
There was a problem hiding this comment.
Instance SidecarPVC volumes are added based only on CR version, not the same feature gate used for instance sidecars (feature.InstanceSidecars) and not conditioned on sidecars actually being configured. Consider gating this block consistently (and/or only adding PVC volumes when sidecars are enabled) to avoid creating unused volumes and to match how SidecarVolumes are handled.
| // K8SPG-864 | ||
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | ||
| // K8SPG-864 |
There was a problem hiding this comment.
These new API fields are declared with omitempty but are missing the // +optional marker that is used throughout this API type for optional fields. Add // +optional so CRD generation/markers remain consistent with surrounding fields.
| // K8SPG-864 | |
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // K8SPG-864 | |
| // K8SPG-864 | |
| // +optional | |
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // K8SPG-864 | |
| // +optional |
|
|
||
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` |
There was a problem hiding this comment.
These newly added spec fields don't have the // +optional marker used for other optional fields in this API type. Add // +optional to keep CRD generation/markers consistent and make intent explicit.
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // +optional | |
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // +optional |
| return err | ||
| } | ||
| maps.Copy(pvc.Labels, ls) | ||
|
|
||
| // It's only allowed to update resources.requests and volumeAttributesClassName | ||
| pvc.Spec.Resources.Requests = sidecarPVC.Spec.Resources.Requests | ||
| pvc.Spec.VolumeAttributesClassName = sidecarPVC.Spec.VolumeAttributesClassName |
There was a problem hiding this comment.
maps.Copy(pvc.Labels, ls) will panic if pvc.Labels is nil (possible for existing PVCs created without labels or with labels cleared). Initialize pvc.Labels to an empty map before copying/merging labels.
| // +kubebuilder:rbac:groups=pgv2.percona.com,resources=perconapgclusters/finalizers,verbs=update | ||
| // +kubebuilder:rbac:groups=batch,resources=jobs,verbs=create;list;update | ||
| // +kubebuilder:rbac:groups="",resources="pods",verbs=create;delete | ||
| // +kubebuilder:rbac:groups="",resources="persistentvolumeclaims",verbs=create;update |
There was a problem hiding this comment.
The kubebuilder RBAC marker for PersistentVolumeClaims only grants create/update, but the reconciler also does Get (and controller-runtime typically needs list/watch for caching). Update the marker to include at least get;list;watch;create;update (and patch if used) so generated RBAC matches the controller behavior.
| // +kubebuilder:rbac:groups="",resources="persistentvolumeclaims",verbs=create;update | |
| // +kubebuilder:rbac:groups="",resources="persistentvolumeclaims",verbs=get;list;watch;create;update |
| postgres-operator.crunchydata.com/cluster: sidecars | ||
| postgres-operator.crunchydata.com/pgbackrest: "" | ||
| postgres-operator.crunchydata.com/pgbackrest-dedicated: "" | ||
| name: sidecar-repohost-claim-sidecars-repo-host-0 |
There was a problem hiding this comment.
The asserted PVC name here (sidecar-repohost-claim-sidecars-repo-host-0) does not match the PVC name configured in the test setup (sidecar-repohost-claim) nor the controller logic which creates/uses PVCs by the provided name. This is likely to make the e2e test flaky/failing; align the expected name with the actual PVC name that will be created/mounted.
| name: sidecar-repohost-claim-sidecars-repo-host-0 | |
| name: sidecar-repohost-claim |
| // K8SPG-864 | ||
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | ||
| // K8SPG-864 |
There was a problem hiding this comment.
These new API fields are declared with omitempty but are missing the // +optional marker that is used throughout this API type for optional fields. Add // +optional so CRD generation/markers remain consistent with surrounding fields.
| // K8SPG-864 | |
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // K8SPG-864 | |
| // K8SPG-864 | |
| // +optional | |
| SidecarVolumes []corev1.Volume `json:"sidecarVolumes,omitempty"` | |
| // K8SPG-864 | |
| // +optional |
commit: 608e287 |
5 participants
https://perconadev.atlassian.net/browse/K8SPG-864
DESCRIPTION
This PR adds the following fields to the
cr.yaml:.spec.instances[].sidecarPVCs.spec.instances[].sidecarVolumes.spec.proxy.pgBouncer.sidecarPVCs.spec.proxy.pgBouncer.sidecarVolumes.spec.backups.pgbackrest.repoHost.sidecarPVCs.spec.backups.pgbackrest.repoHost.sidecarVolumesThe
sidecarPVCsfield definesPersistentVolumeClaimsthat should be created and associated with a specific resource. Example:The
sidecarVolumesfield defines volumes that should be attached to a specific resource. Example:Helm PR: percona/percona-helm-charts#783
CHECKLIST
Jira
Needs Doc) and QA (Needs QA)?Tests
Config/Logging/Testability