Adds the 'crunchy-admin' container as a sidecar

andrewlecuyer · andrewlecuyer · commit 3cb26771ac5a · 2019-11-12T00:41:16.000-06:00
container for all PG primary and replica pods.  This
administrative container is configured with an
account called 'crunchyadm' that can authenticate
into the database using peer authentication
(specifically using a unix socket shared between both
containers via an 'emptyDir' volume).  This container
allows administrative actions to be performed against
the database using the 'crunchyadm' user, instead of
relying on the superuser account.
diff --git a/conf/postgres-operator/cluster-deployment.json b/conf/postgres-operator/cluster-deployment.json
@@ -142,6 +142,9 @@
                         }, {
                             "mountPath": "/recover",
                             "name": "recover-volume"
+                        }, {
+                            "mountPath": "/crunchyadm",
+                            "name": "crunchyadm"
                         }
                         
                     ],
@@ -155,6 +158,38 @@
                     }],
                     "resources": {},
                     "imagePullPolicy": "IfNotPresent"
+                },
+                {
+                    "name": "crunchyadm",
+                    "image": "{{.CCPImagePrefix}}/crunchy-admin:{{.CCPImageTag}}",
+                    "securityContext": {
+                        "runAsUser": 17
+                    },
+                    "readinessProbe": {
+                        "exec": {
+                            "command": [
+                                "/bin/bash",
+                                "-c",
+                                "[[ -f '/crunchyadm/pgha_initialized' ]]",
+                                "&& pg_isready -h /crunchyadm -U crunchyready"
+                             ]
+                        },
+                        "initialDelaySeconds": 15,
+                        "timeoutSeconds": 8
+                    },
+                    "env": [
+                        {
+                            "name": "PGHOST",
+                            "value": "/crunchyadm"
+                        }
+                    ],
+                    "volumeMounts": [
+                        {
+                            "mountPath": "/crunchyadm",
+                            "name": "crunchyadm"
+                        }
+                    ],
+                    "imagePullPolicy": "IfNotPresent"
                 }
 
                 {{.CollectAddon }}
@@ -201,6 +236,9 @@
                     }, {
                         "name": "backrestrepo",
             "emptyDir": { "medium": "Memory" }
+                    }, {
+                        "name": "crunchyadm",
+            "emptyDir": {}
                     }, {
                         "name": "pgconf-volume",
                         "projected": {
