Merge pull request #11 from jianxiaoguo/main

feat(postgres): use patroni

Author: duanhongyi

Dockerfile

@@ -1,46 +1,34 @@
 FROM registry.drycc.cc/drycc/base:bullseye
 
-COPY rootfs/bin /bin/
-COPY rootfs/docker-entrypoint-initdb.d /docker-entrypoint-initdb.d/
-COPY rootfs/docker-entrypoint.sh /docker-entrypoint.sh
-ENV JQ_VERSION="1.6" \
-  GOSU_VERSION="1.14" \
-  MC_VERSION="2022.04.01.23.44.48" \
-  WAL_G_VERSION="1.1" \
-  PYTHON_VERSION="3.10.4" \
+COPY rootfs/usr /usr/
+COPY rootfs/entrypoint.sh /entrypoint.sh
+ENV PYTHON_VERSION="3.10.4" \
   PG_MAJOR=14 \
   POSTGRESQL_VERSION="14.2"
 
-
 ENV PGDATA /data/${PG_MAJOR}
-ENV WALG_ENVDIR /etc/wal-g.d/env
 
-RUN mkdir -p $WALG_ENVDIR \
-  && install-stack jq $JQ_VERSION \
-  && install-stack gosu $GOSU_VERSION \
-  && install-stack mc $MC_VERSION \
-  && install-stack wal-g $WAL_G_VERSION \
-  && install-stack python $PYTHON_VERSION \
+RUN install-stack python $PYTHON_VERSION \
   && install-stack postgresql $POSTGRESQL_VERSION && . init-stack \
   && rm -rf \
-      /usr/share/doc \
-      /usr/share/man \
-      /usr/share/info \
-      /usr/share/locale \
-      /var/lib/apt/lists/* \
-      /var/log/* \
-      /var/cache/debconf/* \
-      /etc/systemd \
-      /lib/lsb \
-      /lib/udev \
-      /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \
-      /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \
+    /usr/share/doc \
+    /usr/share/man \
+    /usr/share/info \
+    /usr/share/locale \
+    /var/lib/apt/lists/* \
+    /var/log/* \
+    /var/cache/debconf/* \
+    /etc/systemd \
+    /lib/lsb \
+    /lib/udev \
+    /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/IBM* \
+    /usr/lib/`echo $(uname -m)`-linux-gnu/gconv/EBC* \
   && mkdir -p /usr/share/man/man{1..8} \
-  && mkdir -p /run/postgresql $PGDATA \
+  && mkdir -p $PGDATA \
   && groupadd postgres && useradd -g postgres postgres \
-  && chown -R postgres:postgres /run/postgresql $PGDATA \
-  && set -eux; pip3 install --disable-pip-version-check --no-cache-dir envdir 2>/dev/null
+  && chown -R postgres:postgres /data \
+  && set -eux; pip3 install --disable-pip-version-check --no-cache-dir psycopg[binary] patroni[kubernetes] 2>/dev/null
 
-ENTRYPOINT ["init-stack", "/docker-entrypoint.sh"]
-CMD ["postgres"]
-EXPOSE 5432
+USER postgres
+ENTRYPOINT ["init-stack", "/entrypoint.sh"]
+EXPOSE 5432 8008

Makefile

@@ -9,7 +9,7 @@ PLATFORM ?= linux/amd64,linux/arm64
 
 include versioning.mk
 
-SHELL_SCRIPTS = $(wildcard _scripts/*.sh contrib/ci/*.sh rootfs/bin/*)
+SHELL_SCRIPTS = $(wildcard rootfs/usr/share/scripts/patroni/*)
 
 # The following variables describe the containerized development environment
 # and other build options
@@ -29,14 +29,9 @@ docker-build:
 docker-buildx:
 	docker buildx build --platform ${PLATFORM} -t ${IMAGE} . --push
 
-test: test-style test-functional
+test: test-style
 
 test-style:
 	${DEV_ENV_CMD} shellcheck $(SHELL_SCRIPTS)
 
-test-functional: test-functional-storage
-
-test-functional-storage:
-	contrib/ci/test-storage.sh ${IMAGE}
-
 .PHONY: all docker-build docker-push test

charts/database/templates/_helper.tpl

@@ -2,48 +2,77 @@
 env:
 - name: DATABASE_STORAGE
   value: "{{.Values.global.storage}}"
+{{- if eq .Values.debug "true" }}
+- name: PATRONI_LOG_LEVEL
+  value: DEBUG
+- name: PATRONI_LOG_TRACEBACK_LEVEL
+  value: DEBUG
+{{- end }}
 - name: PGCTLTIMEOUT
   value: "{{.Values.timeout}}"
-- name: "DRYCC_DATABASE_USER"
+- name: PATRONI_KUBERNETES_POD_IP
   valueFrom:
-    secretKeyRef:
-      name: database-creds
-      key: user
-- name: "DRYCC_DATABASE_PASSWORD"
+    fieldRef:
+      fieldPath: status.podIP
+- name: PATRONI_KUBERNETES_NAMESPACE
+  valueFrom:
+    fieldRef:
+      fieldPath: metadata.namespace
+- name: PATRONI_KUBERNETES_BYPASS_API_SERVICE
+  value: 'true'
+- name: PATRONI_KUBERNETES_USE_ENDPOINTS
+  value: 'true'
+- name: PATRONI_KUBERNETES_LABELS
+  value: '{app: drycc-database, cluster-name: drycc-database}'
+- name: PATRONI_SCOPE
+  value: drycc-database
+- name: PATRONI_NAME
+  valueFrom:
+    fieldRef:
+      fieldPath: metadata.name
+- name: PATRONI_POSTGRESQL_PGPASS
+  value: /tmp/pgpass
+- name: PATRONI_POSTGRESQL_LISTEN
+  value: '0.0.0.0:5432'
+- name: PATRONI_RESTAPI_LISTEN
+  value: '0.0.0.0:8008'
+- name: DRYCC_DATABASE_SUPERUSER
   valueFrom:
     secretKeyRef:
       name: database-creds
-      key: password
-- name: "DRYCC_STORAGE_LOOKUP"
+      key: superuser
+- name: DRYCC_DATABASE_SUPERUSER_PASSWORD
   valueFrom:
     secretKeyRef:
-      name: storage-creds
-      key: lookup
-- name: "DRYCC_STORAGE_HEALTH"
+      name: database-creds
+      key: superuser-password
+- name: DRYCC_DATABASE_REPLICATOR
   valueFrom:
     secretKeyRef:
-      name: storage-creds
-      key: health
-- name: "DRYCC_STORAGE_BUCKET"
+      name: database-creds
+      key: replicator
+- name: DRYCC_DATABASE_REPLICATOR_PASSWORD
   valueFrom:
     secretKeyRef:
-      name: storage-creds
-      key: database-bucket
-- name: "DRYCC_STORAGE_ENDPOINT"
+      name: database-creds
+      key: replicator-password
+- name: "DRYCC_DATABASE_USER"
   valueFrom:
     secretKeyRef:
-      name: storage-creds
-      key: endpoint
-- name: "DRYCC_STORAGE_ACCESSKEY"
+      name: database-creds
+      key: user
+- name: "DRYCC_DATABASE_PASSWORD"
   valueFrom:
     secretKeyRef:
-      name: storage-creds
-      key: accesskey
-- name: "DRYCC_STORAGE_SECRETKEY"
+      name: database-creds
+      key: password
+{{- if eq .Values.global.storageLocation "on-cluster" }}
+- name: "DRYCC_STORAGE_HEALTH"
   valueFrom:
     secretKeyRef:
       name: storage-creds
-      key: secretkey
+      key: health
+{{- end }}
 {{- end }}
 
 {{/* Generate database deployment limits */}}
@@ -64,4 +93,4 @@ resources:
     hugepages-1Gi: {{.Values.limitsHugepages1Gi}}
     {{- end }}
 {{- end }}
-{{- end }}
+{{- end }}

charts/database/templates/database-clusterrole.yaml

@@ -0,0 +1,15 @@
+{{- if eq .Values.global.databaseLocation "on-cluster" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: drycc-database
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  resourceNames:
+  - kubernetes
+  verbs:
+  - get
+{{- end }}

charts/database/templates/database-clusterrolebinding.yaml

@@ -0,0 +1,14 @@
+{{- if eq .Values.global.databaseLocation "on-cluster" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: drycc-database
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: drycc-database
+subjects:
+- kind: ServiceAccount
+  name: drycc-database
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/database/templates/database-pvc.yaml

@@ -0,0 +1,13 @@
+{{- if eq .Values.global.databaseLocation "on-cluster" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: drycc-database
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: drycc-database
+subjects:
+- kind: ServiceAccount
+  name: drycc-database
+{{- end }}

charts/database/templates/database-role-binding.yaml

@@ -0,0 +1,56 @@
+{{- if eq .Values.global.databaseLocation "on-cluster" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: drycc-database
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
+  - watch
+  # delete and deletecollection are required only for 'patronictl remove'
+  - delete
+  - deletecollection
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - get
+  - patch
+  - update
+  # the following three privileges are necessary only when using endpoints
+  - create
+  - list
+  - watch
+  # delete and deletecollection are required only for for 'patronictl remove'
+  - delete
+  - deletecollection
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+# The following privilege is only necessary for creation of headless service
+# for drycc-database-config endpoint, in order to prevent cleaning it up by the
+# k8s master. You can avoid giving this privilege by explicitly creating the
+# service like it is done in this manifest (lines 2..10)
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+{{- end }}

charts/database/templates/database-role.yaml

@@ -9,6 +9,10 @@ metadata:
   annotations:
     "helm.sh/hook": pre-install
 data:
-  user: {{ if .Values.user | default "" | ne "" }}{{ .Values.user | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }}
+  superuser: {{ if .Values.superuser | default "" | ne "" }}{{ .Values.superuser | b64enc }}{{ else }}{{ randAlpha 32 | b64enc }}{{ end }}
+  superuser-password: {{ if .Values.superuserPassword | default "" | ne "" }}{{ .Values.superuserPassword | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }}
+  replicator: {{ if .Values.replicator | default "" | ne "" }}{{ .Values.replicator | b64enc }}{{ else }}{{ randAlpha 32 | b64enc }}{{ end }}
+  replicator-password: {{ if .Values.replicatorPassword | default "" | ne "" }}{{ .Values.replicatorPassword | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }}
+  user: {{ if .Values.user | default "" | ne "" }}{{ .Values.user | b64enc }}{{ else }}{{ randAlpha 32 | b64enc }}{{ end }}
   password: {{ if .Values.password | default "" | ne "" }}{{ .Values.password | b64enc }}{{ else }}{{ randAlphaNum 32 | b64enc }}{{ end }}
 {{- end }}

charts/database/templates/database-secret-creds.yaml

@@ -0,0 +1,23 @@
+{{- if eq .Values.global.databaseLocation "on-cluster" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: drycc-database-replica
+  annotations:
+    {{- with .Values.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    heritage: drycc
+    app: drycc-database
+    role: replica
+spec:
+  type: ClusterIP
+  ports:
+    - name: postgres
+      port: 5432
+      targetPort: 5432
+  selector:
+    app: drycc-database
+    role: replica
+{{- end }}