From 10c6bd76790745443e30f83ccb3497f23a15064f Mon Sep 17 00:00:00 2001 From: Henry H Li Date: Wed, 1 May 2024 14:33:09 -0400 Subject: [PATCH] removed internal OperandRequest from edb-keycloak - for cloud-native-postgresql, which reduced performance added back EDB licensing job for edb-keycloak because internal OperandRequest is removed Signed-off-by: Henry H Li --- controllers/constant/odlm.go | 148 ++++++++++++++++++++++++++++++++--- 1 file changed, 139 insertions(+), 9 deletions(-) diff --git a/controllers/constant/odlm.go b/controllers/constant/odlm.go index cdd51fcb3..8d03f3f7c 100644 --- a/controllers/constant/odlm.go +++ b/controllers/constant/odlm.go @@ -796,17 +796,147 @@ spec: supportedLocales: [ "en", "de" , "es", "fr", "it", "ja", "ko", "pt_BR", "zh_CN", "zh_TW"] - name: edb-keycloak resources: - - apiVersion: operator.ibm.com/v1alpha1 + - apiVersion: batch/v1 + kind: Job + force: true + name: create-postgres-license-config + namespace: "{{ .OperatorNs }}" data: spec: - requests: - - operands: - - name: cloud-native-postgresql - registry: common-service - registryNamespace: {{ .ServicesNs }} - force: true - kind: OperandRequest - name: postgresql-operator-request + activeDeadlineSeconds: 600 + backoffLimit: 5 + template: + metadata: + annotations: + productID: 068a62892a1e4db39641342e592daa25 + productMetric: FREE + productName: IBM Cloud Platform Common Services + spec: + imagePullSecrets: + - name: ibm-entitlement-key + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + initContainers: + - command: + - bash + - -c + - | + cat << EOF | kubectl apply -f - + apiVersion: v1 + kind: Secret + type: Opaque + metadata: + name: postgresql-operator-controller-manager-config + data: + EDB_LICENSE_KEY: $(base64 /license_keys/edb/EDB_LICENSE_KEY | tr -d '\n') + EOF + image: + templatingValueFrom: + default: + required: true + defaultValue: cp.icr.io/cp/cpd/edb-postgres-license-provider@sha256:05f30f2117ff6e0e853487f17785024f6bb226f3631425eaf1498b9d3b753345 + configMapKeyRef: + name: cloud-native-postgresql-image-list + key: edb-postgres-license-provider-image + namespace: {{ .OperatorNs }} + name: edb-license + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + containers: + - command: + - bash + - '-c' + args: + - | + kubectl delete pods -l app.kubernetes.io/name=cloud-native-postgresql + kubectl annotate secret postgresql-operator-controller-manager-config ibm-license-key-applied="EDB Database with IBM License Key" + image: + templatingValueFrom: + default: + required: true + defaultValue: cp.icr.io/cp/cpd/edb-postgres-license-provider@sha256:05f30f2117ff6e0e853487f17785024f6bb226f3631425eaf1498b9d3b753345 + configMapKeyRef: + name: cloud-native-postgresql-image-list + key: edb-postgres-license-provider-image + namespace: {{ .OperatorNs }} + name: restart-edb-pod + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + hostIPC: false + hostNetwork: false + hostPID: false + restartPolicy: OnFailure + securityContext: + runAsNonRoot: true + serviceAccountName: edb-license-sa + - apiVersion: v1 + kind: ServiceAccount + name: edb-license-sa + namespace: "{{ .OperatorNs }}" + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + name: edb-license-role + namespace: "{{ .OperatorNs }}" + data: + rules: + - apiGroups: + - "" + resources: + - pods + - secrets + verbs: + - create + - update + - patch + - get + - list + - delete + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + name: edb-license-rolebinding + namespace: "{{ .OperatorNs }}" + data: + subjects: + - kind: ServiceAccount + name: edb-license-sa + roleRef: + kind: Role + name: edb-license-role + apiGroup: rbac.authorization.k8s.io - apiVersion: postgresql.k8s.enterprisedb.io/v1 data: spec: