Merge pull request #507 from galaxyproject/switch_to_cloudnativepg

Switch to cloudnativepg

README.md

@@ -32,11 +32,11 @@ helm upgrade --install ingress-nginx ingress-nginx \
 ## Dependency charts
 
 This chart relies on the features of other charts for common functionality:
-- [postgres-operator](https://github.com/zalando/postgres-operator) for the
+- [postgres-operator](https://cloudnative-pg.io/documentation/current/) for the
   database;
 - [galaxy-cvmfs-csi](https://github.com/CloudVE/galaxy-cvmfs-csi-helm) for linking the
   reference data to Galaxy and jobs based on CVMFS (default).
-- [csi-s3](https://github.com/ctrox/csi-s3/pull/75/) for linking
+- [csi-s3](https://github.com/yandex-cloud/k8s-csi-s3/tree/master/deploy/helm/csi-s3) for linking
   reference data to Galaxy and jobs based on S3FS (optional/alternative to CVMFS).
 - [rabbitmq-cluster-operator](https://github.com/rabbitmq/cluster-operator) for deploying
   the message queue.
@@ -511,12 +511,22 @@ See the `example` cron job included in the `values.yaml` file for a full example
 
 ## From v5 to v6
 
-* v6 splits all global dependencies such as the postgres and rabbitbq operators into a separate `galaxy-deps` chart, in contrast to v5, which
-  had all dependencies bundled in for convenience. This bundling caused problems during uninstallation in particular, because for example,
-  the postgres operator could be uninstalled before postgres itself was uninstalled, leaving various artefacts behind. This made reinstallation
-  particularly tricky, as all such left-over resources had to be cleaned up manually. Therefore, our production installation notes specified
-  installing these dependencies separately anyway. v6 makes this separation explicit by specifically debundling these dependencies into a separate
-  chart.
+### Breaking changes
+
+* v6 replaces the zalando postgres operator with cloudnative-pg. This decision was made because cloudnative-pg is meant to be a CNCF project,
+  has increasing popularity and the avoidance of StatefulSets makes management easier. However, there is no direct upgrade path from zalando
+  to cloudnative-pg. Therefore, simply upgrading the helm chart could result in your existing database being deleted and possible data loss.
+
+  Therefore, we recommend first creating a [logical backup](https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md#logical-backups)
+  of the existing database, and then reimporting that backup to the new database following instructions
+  [here](https://cloudnative-pg.io/documentation/1.16/database_import/).
+
+* v6 splits all global dependencies such as the postgres and rabbitbq operators into a separate `galaxy-deps` chart. This is in contrast to v5,
+  which had all dependencies bundled in for convenience. This bundling caused problems during uninstallation in particular, because the postgres
+  operator could be uninstalled before postgres itself was uninstalled, leaving various artefacts behind. This made reinstallation
+  particularly tricky, as all such left-over resources had to be cleaned up manually. Therefore, our production installation notes already contained
+  a recommendation that these dependencies be installed separately. v6 makes this separation explicit by specifically debundling the dependencies into
+  a separate chart.
 
   If upgrading in production scenarios, you may simply omit installing the `galaxy-deps` chart and continue as usual. If upgrading in development
   scenarios, there is no straightforward upgrade path. The galaxy chart will have to be uninstalled, the `galaxy-deps` chart installed, and subsequently,

galaxy/templates/_helpers.tpl

@@ -61,29 +61,30 @@ Create the name of the service account to use
 {{- end }}
 {{- end }}
 
-{{/*
-Define TeamID for the postgresql name
-*/}}
-{{- define "galaxy-postgresql.teamId" -}}
-{{- printf "%s" .Chart.Name -}}
-{{- end }}
-
 {{/*
 Return the postgresql database name to use
 */}}
 {{- define "galaxy-postgresql.fullname" -}}
 {{- if .Values.postgresql.existingDatabase -}}
 {{- printf "%s" .Values.postgresql.existingDatabase -}}
 {{- else -}}
-{{- printf "%s-%s-%s" (include "galaxy-postgresql.teamId" .) .Release.Name .Values.postgresql.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s-%s" .Release.Name .Values.postgresql.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "galaxy-postgresql.servicename" -}}
+{{- if .Values.postgresql.existingDatabase -}}
+{{- printf "%s" .Values.postgresql.existingDatabase -}}
+{{- else -}}
+{{- printf "%s-rw" (include "galaxy-postgresql.fullname" .) -}}
 {{- end -}}
 {{- end -}}
 
 {{/*
 Generate the connection string needed to connect to a Postres database
 */}}
 {{- define "galaxy-postgresql.connection-string" -}}
-{{- printf "postgresql://%s:%s@%s/galaxy%s" .Values.postgresql.galaxyDatabaseUser (include "galaxy.galaxyDbPassword" .) (include "galaxy-postgresql.fullname" .) .Values.postgresql.galaxyConnectionParams -}}
+{{- printf "postgresql://%s:%s@%s/galaxy%s" .Values.postgresql.galaxyDatabaseUser (include "galaxy.galaxyDbPassword" .) (include "galaxy-postgresql.servicename" .) .Values.postgresql.galaxyConnectionParams -}}
 {{- end -}}
 
 {{/*
@@ -121,7 +122,7 @@ Return which PVC to use
 
 
 {{- define "galaxy.operatorUserSecretName" -}}
-{{- printf "%s.%s.credentials.postgresql.acid.zalan.do" .Values.postgresql.galaxyDatabaseUser (include "galaxy-postgresql.fullname" .) -}}
+{{- printf "%s.%s.credentials.postgresql.cnpg.io" .Values.postgresql.galaxyDatabaseUser (include "galaxy-postgresql.fullname" .) -}}
 {{- end -}}
 
 {{- define "galaxy.galaxyDbSecretName" -}}
@@ -237,7 +238,7 @@ Define pod env vars
                   name: '{{ include "galaxy.galaxyDbSecretName" . }}'
                   key: '{{ include "galaxy.galaxyDbSecretKey" . }}'
             - name: GALAXY_CONFIG_OVERRIDE_DATABASE_CONNECTION
-              value: postgresql://{{ .Values.postgresql.galaxyDatabaseUser }}:$(GALAXY_DB_USER_PASSWORD)@{{ template "galaxy-postgresql.fullname" . }}/galaxy{{- .Values.postgresql.galaxyConnectionParams }}
+              value: postgresql://{{ .Values.postgresql.galaxyDatabaseUser }}:$(GALAXY_DB_USER_PASSWORD)@{{ template "galaxy-postgresql.servicename" . }}/galaxy{{- .Values.postgresql.galaxyConnectionParams }}
             - name: GALAXY_CONFIG_OVERRIDE_ID_SECRET
               valueFrom:
                 secretKeyRef:

galaxy/templates/deployment-metrics.yaml

@@ -44,7 +44,7 @@ spec:
         imagePullPolicy: {{ .Values.metrics.image.pullPolicy }}
         env:
           - name: PGHOST
-            value: {{ include "galaxy-postgresql.fullname" . }}
+            value: {{ include "galaxy-postgresql.servicename" . }}
           - name: PGDATABASE
             value: galaxy
           - name: PGUSER

galaxy/templates/hapostgres/pgcluster.yaml

@@ -1,23 +1,23 @@
 {{- if and .Values.postgresql.enabled (not .Values.postgresql.existingDatabase) }}
-apiVersion: acid.zalan.do/v1
-kind: postgresql
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
 metadata:
   labels:
     {{- include "galaxy.labels" . | nindent 4 }}
-    team: galaxy
   name: {{ include "galaxy-postgresql.fullname" . }}
   namespace: {{ .Release.Namespace }}
 spec:
-  allowedSourceRanges: []
-  databases:
-    galaxy: {{ .Values.postgresql.galaxyDatabaseUser }}
-  numberOfInstances: 1
-  teamId: {{ include "galaxy-postgresql.teamId" . }}
-  users:
-    {{ .Values.postgresql.galaxyDatabaseUser }}: [ ]
-  postgresql:
-    version: '13'
-  volume:
+  instances: {{ default "1" .Values.postgresql.instances }}
+  bootstrap:
+    initdb:
+      database: galaxy
+      owner: {{ .Values.postgresql.galaxyDatabaseUser }}
+      secret:
+        name: '{{ include "galaxy.galaxyDbSecretName" . }}'
+  enableSuperuserAccess: true
+  superuserSecret:
+    name: 'postgres.{{ include "galaxy-postgresql.fullname" . }}.credentials.postgresql.cnpg.io'
+  storage:
     size: {{ default "10Gi" .Values.postgresql.persistence.size }}
     {{- if .Values.postgresql.persistence.storageClass }}
     storageClass: {{ .Values.postgresql.persistence.storageClass }}

galaxy/templates/hapostgres/secret-pgcluster-galaxy-user.yaml

@@ -1,9 +1,9 @@
 {{- if and .Values.postgresql.enabled (not .Values.postgresql.existingDatabase) }}
 apiVersion: v1
 kind: Secret
-type: Opaque
+type: kubernetes.io/basic-auth
 metadata:
-  name: {{ .Values.postgresql.galaxyDatabaseUser }}.{{ include "galaxy-postgresql.fullname" . }}.credentials.postgresql.acid.zalan.do
+  name: {{ .Values.postgresql.galaxyDatabaseUser }}.{{ include "galaxy-postgresql.fullname" . }}.credentials.postgresql.cnpg.io
   labels:
     {{- include "galaxy.labels" . | nindent 4 }}
 data:

galaxy/templates/hapostgres/secret-pgcluster-postgres.yaml

@@ -1,9 +1,9 @@
 {{- if and .Values.postgresql.enabled (not .Values.postgresql.existingDatabase) }}
 apiVersion: v1
 kind: Secret
-type: Opaque
+type: kubernetes.io/basic-auth
 metadata:
-  name: postgres.{{ include "galaxy-postgresql.fullname" . }}.credentials.postgresql.acid.zalan.do
+  name: postgres.{{ include "galaxy-postgresql.fullname" . }}.credentials.postgresql.cnpg.io
   labels:
     {{- include "galaxy.labels" . | nindent 4 }}
 data:

galaxy/templates/jobs-init.yaml

@@ -29,7 +29,7 @@ spec:
         - name: {{ .Chart.Name }}-wait-postgres
           image: {{ .Values.jobs.init.image.repository }}:{{ .Values.jobs.init.image.tag }}
           imagePullPolicy: {{ .Values.jobs.init.image.pullPolicy }}
-          command: ['sh', '-c', 'echo Chown mount path; chown 101:101 {{ .Values.persistence.mountPath }}; echo Begin waiting for postgres; until nc -z -w3 {{ template "galaxy-postgresql.fullname" . }} 5432; do echo waiting for galaxy-postgres service; sleep 1; done; echo done;']
+          command: ['sh', '-c', 'echo Chown mount path; chown 101:101 {{ .Values.persistence.mountPath }}; echo Begin waiting for postgres; until nc -z -w3 {{ template "galaxy-postgresql.servicename" . }} 5432; do echo waiting for galaxy-postgres service; sleep 1; done; echo done;']
           volumeMounts:
             - name: galaxy-data
               mountPath: {{ .Values.persistence.mountPath }}