Skip to content

feat: Grant additional access for Groups & Recocile logic for masterRole Changes & Metrics Support #253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 43 commits into
base: master
Choose a base branch
from
Open

feat: Grant additional access for Groups & Recocile logic for masterRole Changes & Metrics Support #253

wants to merge 43 commits into from

Conversation

@tkcontiant
Copy link
Contributor

@tkcontiant tkcontiant commented Sep 17, 2025
edited
Loading

I notice we are missing sequences and functions access.

  • Owner-Group user should have Grant ALL, as it will most likely be used for Flyway migrations, etc.
ownerPrivs          = "ALL"
ownerFunctionPrivs  = "ALL"
ownerSequencePrivs  = "ALL"

The Second Writer-Group should have limited access to Sequences and execute the Functions.

writerSequencePrivs = "USAGE,SELECT"
writerFunctionPrivs = "EXECUTE"

Reader-Group remains the same

Update Owner-Group if the masterRole was renamed or changed

  • I assume the operator needs to keep the state always, as defined in the CRD

Re-assign the user group membership

  • My user was a reader, and I needed to be part of a writer or owner group.

Leader election

  • Enable Leader election for the operator, allowing the organizations to run the operator in HA mode
  • Update the RBAC so Operator can access the correct privileges to acquire the leader lock
  • Enable the Prometheus metrics endpoint

PodMonitor

Added for Prometheus Operator Discovery
PodMonitor

Enable Metrics

  • Useful metrics are already available
# TYPE controller_runtime_reconcile_total counter
controller_runtime_reconcile_total{controller="postgres",result="error"} 0
controller_runtime_reconcile_total{controller="postgres",result="requeue"} 0
controller_runtime_reconcile_total{controller="postgres",result="requeue_after"} 0
controller_runtime_reconcile_total{controller="postgres",result="success"} 0
controller_runtime_reconcile_total{controller="postgresuser",result="error"} 0
controller_runtime_reconcile_total{controller="postgresuser",result="requeue"} 0
controller_runtime_reconcile_total{controller="postgresuser",result="requeue_after"} 0
controller_runtime_reconcile_total{controller="postgresuser",result="success"} 0

@tkcontiant tkcontiant marked this pull request as draft September 18, 2025 09:24
@tkcontiant tkcontiant marked this pull request as ready for review September 19, 2025 12:33
@tkcontiant tkcontiant changed the title feat: Grant additional access for Sequences and Functions feat: Grant additional access for Groups & Provide Recocile logic for masterRole Change & Metrics Support Sep 19, 2025
@tkcontiant tkcontiant changed the title feat: Grant additional access for Groups & Provide Recocile logic for masterRole Change & Metrics Support feat: Grant additional access for Groups & Provide Recocile logic for masterRole Changes & Metrics Support Sep 19, 2025
@tkcontiant tkcontiant changed the title feat: Grant additional access for Groups & Provide Recocile logic for masterRole Changes & Metrics Support feat: Grant additional access for Groups & Recocile logic for masterRole Changes & Metrics Support Sep 19, 2025
@tkcontiant tkcontiant marked this pull request as draft September 19, 2025 13:12
@tkcontiant tkcontiant marked this pull request as ready for review September 19, 2025 15:48
@tkcontiant tkcontiant force-pushed the feat/support-sequences-and-functions branch from c680836 to 6b789fe Compare September 19, 2025 15:50
pcallewaert
pcallewaert reviewed Sep 22, 2025
View reviewed changes
Copy link
Contributor

@pcallewaert pcallewaert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I like all these improvements. Some feedback added.

@tkcontiant tkcontiant force-pushed the feat/support-sequences-and-functions branch from 1469980 to 738f725 Compare September 25, 2025 15:35
@tkcontiant tkcontiant force-pushed the feat/support-sequences-and-functions branch from 2216b8c to d590544 Compare September 25, 2025 16:31
@tkcontiant
Copy link
Contributor Author

tkcontiant commented Sep 25, 2025

Thanks, I like all these improvements. Some feedback added.

Thanks for the review. I believe we are ready.

@itek09
Copy link

itek09 commented Nov 7, 2025

Nice PR, I'm affected by the same

@tkcontiant
Copy link
Contributor Author

tkcontiant commented Nov 8, 2025
edited
Loading

Nice PR, I'm affected by the same

I am looking forward to being approved and merged. You can take the PR Source Code and do a local Docker build.

docker build . -t postgres-operator:v1

The next topic on the horizon is the monitoring role. I am still clarifying how is going to look like on my end.
I hope I am able to have a fully compatible postgres-exporter and pgwatch monitoring role managed by the operator at some point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcallewaert pcallewaert Awaiting requested review from pcallewaert

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tkcontiant @itek09 @pcallewaert