From 09d1c1941b64614980b92ab327d5377b99ba66b6 Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Thu, 18 Apr 2024 09:56:56 +0200 Subject: [PATCH 1/9] fix pg_stat_statement query: add queryid to make it unique --- charts/postgreslet/Chart.yaml | 4 ++-- charts/postgreslet/values.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/postgreslet/Chart.yaml b/charts/postgreslet/Chart.yaml index 816bfe5..78a0c06 100644 --- a/charts/postgreslet/Chart.yaml +++ b/charts/postgreslet/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.0 +version: 0.11.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.13.1" \ No newline at end of file +appVersion: "v0.13.1" diff --git a/charts/postgreslet/values.yaml b/charts/postgreslet/values.yaml index e45203c..e2c7da1 100644 --- a/charts/postgreslet/values.yaml +++ b/charts/postgreslet/values.yaml @@ -422,6 +422,7 @@ sidecars: query: "SELECT pg_get_userbyid(userid) as user, pg_database.datname, + pg_stat_statements.queryid, pg_stat_statements.query, pg_stat_statements.calls, pg_stat_statements.total_exec_time as time_milliseconds, From aae075a86ee7ed15abbd25f9641bddaa8db25598 Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Thu, 18 Apr 2024 10:33:03 +0200 Subject: [PATCH 2/9] added metric queryid + distinct just to be sure to have uniq metrics --- charts/postgreslet/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/postgreslet/values.yaml b/charts/postgreslet/values.yaml index e2c7da1..63505ff 100644 --- a/charts/postgreslet/values.yaml +++ b/charts/postgreslet/values.yaml @@ -420,6 +420,7 @@ sidecars: pg_stat_statements: # user, datname, query, calls, total_exec_time, rows. query: "SELECT + distinct pg_get_userbyid(userid) as user, pg_database.datname, pg_stat_statements.queryid, @@ -438,6 +439,9 @@ sidecars: - datname: usage: "LABEL" description: "The database in which the statement was executed" + - queryid: + usage: "LABEL" + description: "Query ID" - query: usage: "LABEL" description: "Processed query" From 9d9b7abd527ccd640565172247dc9cf8495ec2d2 Mon Sep 17 00:00:00 2001 From: eberlep Date: Wed, 26 Jun 2024 10:34:41 +0200 Subject: [PATCH 3/9] Next Postgreslet Release (#92) * Bump version * Add config option * * Update postgreslet * Add new config options * Bump version * Bump appVersion * Update value description * Fix typo --- charts/postgreslet/Chart.yaml | 4 ++-- charts/postgreslet/templates/configmap.yaml | 2 ++ charts/postgreslet/values.yaml | 6 +++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/postgreslet/Chart.yaml b/charts/postgreslet/Chart.yaml index 816bfe5..5659934 100644 --- a/charts/postgreslet/Chart.yaml +++ b/charts/postgreslet/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.0 +version: 0.12.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.13.1" \ No newline at end of file +appVersion: "v0.14.0" \ No newline at end of file diff --git a/charts/postgreslet/templates/configmap.yaml b/charts/postgreslet/templates/configmap.yaml index a2a2a88..bc8e381 100644 --- a/charts/postgreslet/templates/configmap.yaml +++ b/charts/postgreslet/templates/configmap.yaml @@ -52,6 +52,8 @@ data: STANDBY_CLUSTERS_SOURCE_RANGES: {{ .Values.postgreslet.standbyClustersSourceRanges | quote }} STORAGE_CLASS: {{ .Values.postgreslet.storageClass | quote }} TENANT: {{ .Values.postgreslet.tenant | quote }} + TLS_CLUSTER_ISSUER: {{ .Values.postgreslet.tlsClusterIssuer | quote }} + TLS_SUB_DOMAIN: {{ .Values.postgreslet.tlsSubDomain | quote }} kind: ConfigMap metadata: name: {{ include "postgreslet.fullname" . }} diff --git a/charts/postgreslet/values.yaml b/charts/postgreslet/values.yaml index e45203c..d4b62d9 100644 --- a/charts/postgreslet/values.yaml +++ b/charts/postgreslet/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: repository: r.metal-stack.io/postgreslet pullPolicy: IfNotPresent - tag: "v0.13.1" + tag: "v0.14.0" imagePullSecrets: [] nameOverride: "" @@ -129,6 +129,10 @@ postgreslet: enableRandomStorageEncrytionSecret: false # enableBootsrtapStandbyFromS3 enables the bootstrapping of remote standby clusters via S3 instead of pgbasebackup enableBootsrtapStandbyFromS3: true + # tlsClusterIssuer An existing cert-manager Cluster Issuer to use when requesting TLS certificates per database instance. The startup of the postgres pod will fail if an issuer is configured but not working. + tlsClusterIssuer: "" + # tlsSubDomain when enabled, uses the given subdomain (in combination with the postgres instance's UUID) as common name when requesting the certificate + tlsSubDomain: "" # addRandomLabel adds a random label each time the deployment.yaml is rendered, forcing k8s to update that deployment. # In combination with image.PullPolicy=Always, this effetifely forces a reload of the pod, even if the image tag stays the same. From e53be03894c47112e0ce7802bec52f90d21a4375 Mon Sep 17 00:00:00 2001 From: eberlep Date: Fri, 28 Jun 2024 13:33:59 +0200 Subject: [PATCH 4/9] Next Postgreslet Release (#91) --- charts/postgreslet/Chart.yaml | 4 +- charts/postgreslet/crds/postgresql.yaml | 1 + .../templates/configmap-sidecars.yaml | 17 ++++++++ charts/postgreslet/templates/configmap.yaml | 2 + .../templates/podsecuritypolicy.yaml | 4 +- charts/postgreslet/values.yaml | 39 ++++++++++++------- 6 files changed, 50 insertions(+), 17 deletions(-) diff --git a/charts/postgreslet/Chart.yaml b/charts/postgreslet/Chart.yaml index 5659934..fe560b8 100644 --- a/charts/postgreslet/Chart.yaml +++ b/charts/postgreslet/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.12.0 +version: 0.13.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.14.0" \ No newline at end of file +appVersion: "v0.15.0" \ No newline at end of file diff --git a/charts/postgreslet/crds/postgresql.yaml b/charts/postgreslet/crds/postgresql.yaml index f475393..5023ebf 100644 --- a/charts/postgreslet/crds/postgresql.yaml +++ b/charts/postgreslet/crds/postgresql.yaml @@ -364,6 +364,7 @@ spec: - "13" - "14" - "15" + - "16" parameters: type: object additionalProperties: diff --git a/charts/postgreslet/templates/configmap-sidecars.yaml b/charts/postgreslet/templates/configmap-sidecars.yaml index d44dece..5823592 100644 --- a/charts/postgreslet/templates/configmap-sidecars.yaml +++ b/charts/postgreslet/templates/configmap-sidecars.yaml @@ -26,6 +26,15 @@ data: limits: cpu: {{ .Values.sidecars.exporter.resources.limits.cpu }} memory: {{ .Values.sidecars.exporter.resources.limits.memory }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault env: - name: DATA_SOURCE_URI value: 127.0.0.1:5432/postgres?sslmode=disable @@ -52,6 +61,14 @@ data: limits: cpu: {{ .Values.sidecars.fluentbit.resources.limits.cpu }} memory: {{ .Values.sidecars.fluentbit.resources.limits.memory }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault additional-volumes: | - name: empty mountPath: /opt/empty diff --git a/charts/postgreslet/templates/configmap.yaml b/charts/postgreslet/templates/configmap.yaml index bc8e381..831ff01 100644 --- a/charts/postgreslet/templates/configmap.yaml +++ b/charts/postgreslet/templates/configmap.yaml @@ -4,6 +4,7 @@ data: DEPLOY_ETCD: {{ .Values.postgreslet.deployEtcd | quote }} ENABLE_BOOTSRTAP_STANDBY_FROM_S3: {{ .Values.postgreslet.enableBootsrtapStandbyFromS3 | quote }} ENABLE_CRD_VALIDATION: {{ .Values.postgreslet.enableCrdValidation | quote }} + ENABLE_FORCE_SHARED_IP: {{ .Values.postgreslet.enableForceSharedIP | quote }} ENABLE_LB_SOURCE_RANGES: {{ .Values.postgreslet.enableLBSourceRanges | quote }} ENABLE_LEADER_ELECTION: {{ .Values.postgreslet.enableLeaderElection | quote }} ENABLE_LEGACY_STANDBY_SELECTOR: {{ .Values.postgreslet.enableLegacyStandbySelector | quote }} @@ -11,6 +12,7 @@ data: ENABLE_POD_ANTIAFFINITY: {{ .Values.postgreslet.enablePodAntiaffinity | quote }} ENABLE_RANDOM_STORAGE_ENCRYPTION_SECRET: {{ .Values.postgreslet.enableRandomStorageEncrytionSecret | quote }} ENABLE_STANDBY_LEADER_SELECTOR: {{ .Values.postgreslet.enableStandbyLeaderSelector | quote }} + ENABLE_SUPERUSER_FOR_DBO: {{ .Values.postgreslet.enableSuperuserforDBO | quote }} ENABLE_WALG_ENCRYPTION: {{ .Values.postgreslet.enableWalGEncryption | quote }} ETCD_BACKUP_SECRET_NAME: {{ .Values.postgreslet.etcdBackupSecretName | quote }} {{- if .Values.postgreslet.etcdBackupSidecarImage }} diff --git a/charts/postgreslet/templates/podsecuritypolicy.yaml b/charts/postgreslet/templates/podsecuritypolicy.yaml index b491059..0961eed 100644 --- a/charts/postgreslet/templates/podsecuritypolicy.yaml +++ b/charts/postgreslet/templates/podsecuritypolicy.yaml @@ -1,3 +1,4 @@ +{{- if .Values.rbac.pspEnabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: @@ -17,4 +18,5 @@ spec: - secret - persistentVolumeClaim - configMap - - emptyDir \ No newline at end of file + - emptyDir +{{- end }} \ No newline at end of file diff --git a/charts/postgreslet/values.yaml b/charts/postgreslet/values.yaml index d4b62d9..7e44e39 100644 --- a/charts/postgreslet/values.yaml +++ b/charts/postgreslet/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: repository: r.metal-stack.io/postgreslet pullPolicy: IfNotPresent - tag: "v0.14.0" + tag: "v0.15.0" imagePullSecrets: [] nameOverride: "" @@ -27,16 +27,23 @@ serviceAccount: podAnnotations: {} +rbac: + # pspEnabled If true, a PSP for postgreslet will be created + pspEnabled: false + podSecurityContext: {} # fsGroup: 2000 -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65532 # nonroot + seccompProfile: + type: RuntimeDefault resources: limits: @@ -80,11 +87,11 @@ postgreslet: # operatorImageRepository operatorImageRepository: "docker.io/ermajn/postgres-operator" # operatorImageTag - operatorImageTag: "v1.7.0-1-g711648b-dirty" + operatorImageTag: "v1.11.0" # postgresImageRepository postgresImageRepository: "docker.io/cybertecpostgresql/spilo" # postgresImageTag - postgresImageTag: "3.0-p1_de-sync-standby-cluster_0.3.3_c52da81" + postgresImageTag: "3.2-p3_de-sync-standby-cluster_0.4_2024-06-04" # etcdHost The connection string for Patroni defined as host:port. Not required when native Kubernetes support is used. The default is empty (use Kubernetes-native DCS). etcdHost: "" # enableCrdValidation toggles if the operator will create or update CRDs with OpenAPI v3 schema validation @@ -114,11 +121,11 @@ postgreslet: # etcdImageRepository The etcd image repository to use etcdImageRepository: "quay.io/coreos/etcd" # etcdImageTag The etcd image tag to use - etcdImageTag: "v3.5.6" + etcdImageTag: "v3.5.13" # etcdBackupSidecarImageRepository The sidecar image repository to use etcdBackupSidecarImageRepository: "ghcr.io/metal-stack/backup-restore-sidecar" # etcdBackupSidecarImageTag The sidecar image tag to use - etcdBackupSidecarImageTag: "v0.6.4" + etcdBackupSidecarImageTag: "v0.10.2" # etcdBackupSecretName The name of the K8s secret containing the s3 credentials used for backup and restore etcdBackupSecretName: pgaas-etcd-s3-credentials # etcdPspName The name of a custom PSP to use for etcd @@ -129,6 +136,10 @@ postgreslet: enableRandomStorageEncrytionSecret: false # enableBootsrtapStandbyFromS3 enables the bootstrapping of remote standby clusters via S3 instead of pgbasebackup enableBootsrtapStandbyFromS3: true + # enableForceSharedIP When enabled, a shared load balancer for each database will be created, even when using the dedicated IP fesature + enableForceSharedIP: true + # enableSuperuserforDBO When enabled, the dbo user will have superuser permissions by default. DISABLING THIS WILL NOT REMOVE THE SUPERUSER PERMISSIONS FOR EXISTING USERS. + enableSuperuserforDBO: false # tlsClusterIssuer An existing cert-manager Cluster Issuer to use when requesting TLS certificates per database instance. The startup of the postgres pod will fail if an issuer is configured but not working. tlsClusterIssuer: "" # tlsSubDomain when enabled, uses the given subdomain (in combination with the postgres instance's UUID) as common name when requesting the certificate @@ -141,7 +152,7 @@ addRandomLabel: false sidecars: fluentbit: imageRepository: "cr.fluentbit.io/fluent/fluent-bit" - imageTag: "2.1.2" + imageTag: "3.0.7" resources: requests: cpu: "100m" @@ -173,7 +184,7 @@ sidecars: exporter: imageRepository: "docker.io/prometheuscommunity/postgres-exporter" - imageTag: "v0.12.1" + imageTag: "v0.15.0" containerPort: 9187 servicePort: 9187 resources: From 1a7c5f6e3f495e7d6ca60b89d30c828c9e427e69 Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Wed, 3 Jul 2024 13:53:34 +0200 Subject: [PATCH 5/9] Migrate to ipam grpc service (#40) --- charts/metal-control-plane/Chart.yaml | 2 +- .../metal-control-plane/templates/ipam.yaml | 73 +++++++++++++++++++ .../templates/metal-api.yaml | 24 +----- charts/metal-control-plane/values.yaml | 28 +++++-- 4 files changed, 101 insertions(+), 26 deletions(-) create mode 100644 charts/metal-control-plane/templates/ipam.yaml diff --git a/charts/metal-control-plane/Chart.yaml b/charts/metal-control-plane/Chart.yaml index 81d7398..10fe0c3 100644 --- a/charts/metal-control-plane/Chart.yaml +++ b/charts/metal-control-plane/Chart.yaml @@ -3,4 +3,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for deploying the metal control plane in K8s name: metal-control-plane -version: 0.4.1 +version: 0.4.2 diff --git a/charts/metal-control-plane/templates/ipam.yaml b/charts/metal-control-plane/templates/ipam.yaml new file mode 100644 index 0000000..69a16d5 --- /dev/null +++ b/charts/metal-control-plane/templates/ipam.yaml @@ -0,0 +1,73 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ipam +spec: + selector: + matchLabels: + app: ipam + template: + metadata: + labels: + app: ipam + annotations: + prometheus.io/scrape: 'true' + prometheus.io/path: /metrics + prometheus.io/port: '2112' + spec: + containers: + - name: ipam + args: + - postgres + image: {{ .Values.images.ipam.image }}:{{ .Values.images.ipam.tag }} + imagePullPolicy: {{ .Values.images.ipam.imagePullPolicy }} + env: + - name: GOIPAM_GRPC_SERVER_ENDPOINT + value: {{ .Values.ipam.grpc_server_endpoint }} + - name: GOIPAM_PG_HOST + value: {{ .Values.ipam.db_host }} + - name: GOIPAM_PG_PORT + value: "{{ .Values.ipam.db_port }}" + - name: GOIPAM_PG_DBNAME + value: {{ .Values.ipam.db_name }} + - name: GOIPAM_PG_PASSWORD + value: {{ .Values.ipam.db_password }} + - name: GOIPAM_PG_USER + value: {{ .Values.ipam.db_user }} + - name: GOIPAM_LOG_LEVEL + value: "{{ .Values.ipam.log_level }}" +{{- if .Values.set_resource_limits }} + resources: +{{ toYaml .Values.resources.ipam | indent 10 }} +{{- end }} + ports: + - containerPort: 2112 + protocol: TCP + - containerPort: 9090 + readinessProbe: + exec: + command: ["/bin/grpc_health_probe", "-addr=:9090"] + initialDelaySeconds: 5 + livenessProbe: + exec: + command: ["/bin/grpc_health_probe", "-addr=:9090"] + initialDelaySeconds: 10 +--- +apiVersion: v1 +kind: Service +metadata: + name: ipam + labels: + app: ipam +spec: + type: ClusterIP + ports: + - name: "{{ .Values.ports.ipam }}" + port: {{ .Values.ports.ipam }} + targetPort: 9090 + - name: "{{ .Values.ports.ipam_metrics }}" + port: {{ .Values.ports.ipam_metrics }} + targetPort: 2112 + selector: + app: ipam diff --git a/charts/metal-control-plane/templates/metal-api.yaml b/charts/metal-control-plane/templates/metal-api.yaml index e7c905e..d8d73ac 100644 --- a/charts/metal-control-plane/templates/metal-api.yaml +++ b/charts/metal-control-plane/templates/metal-api.yaml @@ -115,16 +115,8 @@ spec: secretKeyRef: name: metal-api key: admin_key - - name: METAL_API_IPAM_DB_ADDR - value: {{ .Values.metal_api.ipam_db_address }} - - name: METAL_API_IPAM_DB_PORT - value: "{{ .Values.metal_api.ipam_db_port }}" - - name: METAL_API_IPAM_DB_NAME - value: {{ .Values.metal_api.ipam_db_name }} - - name: METAL_API_IPAM_DB_PASSWORD - value: {{ .Values.metal_api.ipam_db_password }} - - name: METAL_API_IPAM_DB_USER - value: {{ .Values.metal_api.ipam_db_user }} + - name: METAL_API_IPAM_GRPC_SERVER_ENDPOINT + value: {{ .Values.metal_api.ipam_grpc_server_endpoint }} - name: METAL_API_PROVIDER_TENANT value: "{{ .Values.masterdata_api.provider_tenant }}" - name: METAL_API_NSQLOOKUPD_ADDR @@ -551,16 +543,8 @@ spec: value: {{ .Values.metal_api.db_address }} - name: METAL_API_DB_PASSWORD value: {{ .Values.metal_api.db_password }} - - name: METAL_API_IPAM_DB_ADDR - value: {{ .Values.metal_api.ipam_db_address }} - - name: METAL_API_IPAM_DB_PORT - value: "{{ .Values.metal_api.ipam_db_port }}" - - name: METAL_API_IPAM_DB_NAME - value: {{ .Values.metal_api.ipam_db_name }} - - name: METAL_API_IPAM_DB_PASSWORD - value: {{ .Values.metal_api.ipam_db_password }} - - name: METAL_API_IPAM_DB_USER - value: {{ .Values.metal_api.ipam_db_user }} + - name: METAL_API_IPAM_GRPC_SERVER_ENDPOINT + value: {{ .Values.metal_api.ipam_grpc_server_endpoint }} - name: METAL_API_NSQLOOKUPD_ADDR value: {{ .Values.metal_api.nsq.lookupd_address }} - name: METAL_API_NSQD_TCP_ADDR diff --git a/charts/metal-control-plane/values.yaml b/charts/metal-control-plane/values.yaml index 2f3bb6b..3210e46 100644 --- a/charts/metal-control-plane/values.yaml +++ b/charts/metal-control-plane/values.yaml @@ -13,6 +13,10 @@ images: image: ghcr.io/metal-stack/masterdata-api imagePullPolicy: IfNotPresent tag: latest + ipam: + image: ghcr.io/metal-stack/go-ipam + imagePullPolicy: IfNotPresent + tag: latest metalctl: image: ghcr.io/metal-stack/metalctl imagePullPolicy: IfNotPresent @@ -37,6 +41,13 @@ resources: limits: memory: "64Mi" cpu: "200m" + ipam: + requests: + memory: "32Mi" + cpu: "50m" + limits: + memory: "64Mi" + cpu: "200m" metal_console: requests: memory: "64Mi" @@ -59,6 +70,8 @@ ports: masterdata_api: 8443 masterdata_api_metrics: 2113 metal_console: 10001 + ipam: 9090 + ipam_metrics: 2112 metal_api: replicas: 3 @@ -66,11 +79,7 @@ metal_api: log_level: info db_address: "" db_password: "" - ipam_db_address: "" - ipam_db_port: 5432 - ipam_db_name: "" - ipam_db_user: "" - ipam_db_password: "" + ipam_grpc_server_endpoint: "" dex_address: "" dex_clientid: "" view_key: "" @@ -115,6 +124,15 @@ metal_api: control_plane_address: "" minimum_client_version: "" +ipam: + grpc_server_endpoint: "0.0.0.0:9090" + log_level: "info" + db_host: "" + db_port: 5432 + db_name: "" + db_user: "" + db_password: "" + masterdata_api: provider_tenant: "" db_address: "" From 3e48349f233d01b10fcf83c97bb26fb2e9b9a57d Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Fri, 5 Jul 2024 11:28:25 +0200 Subject: [PATCH 6/9] bump version --- charts/postgreslet/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/postgreslet/Chart.yaml b/charts/postgreslet/Chart.yaml index 78a0c06..ac1d507 100644 --- a/charts/postgreslet/Chart.yaml +++ b/charts/postgreslet/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.11.1 +version: 0.13.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.13.1" +appVersion: "v0.15.0" From c25ae102ce7494bf299753a6a17ea69a4f25f719 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Tue, 9 Jul 2024 10:58:47 +0200 Subject: [PATCH 7/9] Allow providing a metal-api release version. (#93) --- charts/metal-control-plane/Chart.yaml | 2 +- charts/metal-control-plane/templates/metal-api.yaml | 4 ++++ charts/metal-control-plane/values.yaml | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/metal-control-plane/Chart.yaml b/charts/metal-control-plane/Chart.yaml index 10fe0c3..871c2fd 100644 --- a/charts/metal-control-plane/Chart.yaml +++ b/charts/metal-control-plane/Chart.yaml @@ -3,4 +3,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for deploying the metal control plane in K8s name: metal-control-plane -version: 0.4.2 +version: 0.4.3 diff --git a/charts/metal-control-plane/templates/metal-api.yaml b/charts/metal-control-plane/templates/metal-api.yaml index d8d73ac..228234e 100644 --- a/charts/metal-control-plane/templates/metal-api.yaml +++ b/charts/metal-control-plane/templates/metal-api.yaml @@ -189,6 +189,10 @@ spec: value: /certs/masterdata-api/client-key.pem - name: METAL_API_PASSWORD_REASON_MINLENGTH value: "{{ .Values.metal_api.password_reason_minlength }}" +{{- if .Values.metal_api.release_version }} + - name: METAL_API_RELEASE_VERSION + value: "{{ .Values.metal_api.release_version }}" +{{- end }} - name: METAL_API_MINIMUM_CLIENT_VERSION value: "{{ .Values.metal_api.minimum_client_version }}" {{- if .Values.auditing.enabled }} diff --git a/charts/metal-control-plane/values.yaml b/charts/metal-control-plane/values.yaml index 3210e46..09d6682 100644 --- a/charts/metal-control-plane/values.yaml +++ b/charts/metal-control-plane/values.yaml @@ -123,6 +123,7 @@ metal_api: internal_api_address: "" control_plane_address: "" minimum_client_version: "" + release_version: "" ipam: grpc_server_endpoint: "0.0.0.0:9090" From 361e904d727d8347410dbcd97e86269f1085e67b Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Wed, 10 Jul 2024 12:29:12 +0200 Subject: [PATCH 8/9] fix pg_stat_statement query: add queryid to make it unique --- charts/postgreslet/Chart.yaml | 2 +- charts/postgreslet/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/postgreslet/Chart.yaml b/charts/postgreslet/Chart.yaml index fe560b8..4eff2b5 100644 --- a/charts/postgreslet/Chart.yaml +++ b/charts/postgreslet/Chart.yaml @@ -21,4 +21,4 @@ version: 0.13.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.15.0" \ No newline at end of file +appVersion: "v0.15.0" diff --git a/charts/postgreslet/values.yaml b/charts/postgreslet/values.yaml index 7e44e39..f64e40a 100644 --- a/charts/postgreslet/values.yaml +++ b/charts/postgreslet/values.yaml @@ -437,6 +437,7 @@ sidecars: query: "SELECT pg_get_userbyid(userid) as user, pg_database.datname, + pg_stat_statements.queryid, pg_stat_statements.query, pg_stat_statements.calls, pg_stat_statements.total_exec_time as time_milliseconds, From a5e2dcffa078d4cb4d1703e587a37a3a2569738e Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Thu, 18 Apr 2024 10:33:03 +0200 Subject: [PATCH 9/9] added metric queryid + distinct just to be sure to have uniq metrics --- charts/postgreslet/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/postgreslet/values.yaml b/charts/postgreslet/values.yaml index f64e40a..a52726b 100644 --- a/charts/postgreslet/values.yaml +++ b/charts/postgreslet/values.yaml @@ -435,6 +435,7 @@ sidecars: pg_stat_statements: # user, datname, query, calls, total_exec_time, rows. query: "SELECT + distinct pg_get_userbyid(userid) as user, pg_database.datname, pg_stat_statements.queryid, @@ -453,6 +454,9 @@ sidecars: - datname: usage: "LABEL" description: "The database in which the statement was executed" + - queryid: + usage: "LABEL" + description: "Query ID" - query: usage: "LABEL" description: "Processed query"