カテゴリ | 説明 |
|---|---|
CRD Name | FEPCluster |
Definition | apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: FEPClusters.fep.fujitsu.io
spec:
group: fep.fujitsu.io
names:
kind: FEPCluster
listKind: FEPClusterList
plural: fepclusters
singular: fepcluster
shortNames:
- fac
scope: Namespaced
conversion:
strategy: None
versions:
- name: v2
served: true
storage: true
schema:
openAPIV3Schema:
description: FEPCluster is the Schema for the fepclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the desired state of FEPCluster
type: object
x-kubernetes-preserve-unknown-fields: true
status:
description: Status defines the observed state of FEPCluster
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
subresources:
status: {} |
Operations | Create: kubectl create -f fepcluster.yaml |
FEPClusterカスタムリソースの例
apiVersion: fep.fujitsu.io/v2
kind: FEPCluster
metadata:
name: new-fep
namespace: new-fep
spec:
fep:
forceSsl: true
image:
image: 'quay.io/fujitsu/fujitsu-enterprisepostgres-14-server:ubi8-14-0.0'
pullPolicy: IfNotPresent
mcSpec:
limits:
cpu: 500m
memory: 700Mi
requests:
cpu: 200m
memory: 512Mi
podAntiAffinity: true
podDisruptionBudget: true
instances: '3'
servicePort: 27500
syncMode: 'on'
sysExtraLogging: false
replicationSlots: |
demo_subscription1:
type: logical
database: postgres
plugin: pgoutput
demo_subscription2:
type: logical
database: postgres
plugin: pgoutput
demo_subscription3:
type: logical
database: postgres
plugin: pgoutput
fepChildCrVal:
customCertificates:
- userName: my_cert_folder1
certificateName: my_cert1_secret
caName: my_ca_configmap
privateKeyPassword: my_cert1_key_secret
- userName: my_cert_folder2
certificateName: my_cert2_secret
caName: my_ca2_configmap
privateKeyPassword: my_cert2_key_secret
customPgAudit: |
# define pg audit custom params here to override defaults.
# if log volume is not defined, log_directory should be
# changed to '/database/userdata/data/log'
[output]
logger = 'auditlog'
log_directory = '/database/log/audit'
log_truncate_on_rotation = on
log_filename = 'pgaudit-%a.log'
log_rotation_age = 1d
log_rotation_size = 0
[rule]
customPgHba: |
# define pg_hba custom rules here to be merged with default rules.
# TYPE DATABASE USER ADDRESS METHOD
customPgParams: |+
# define custom postgresql.conf parameters below to override defaults.
# Current values are as per default FEP deployment
shared_preload_libraries='pgx_datamasking,pgaudit,pg_prewarm, pg_stat_statements'
session_preload_libraries='pg_prewarm'
max_prepared_transactions = 100
max_worker_processes = 30
max_connections = 100
work_mem = 1MB
maintenance_work_mem = 12MB
shared_buffers = 128MB
effective_cache_size = 384MB
checkpoint_completion_target = 0.8
pgx_global_metacache = 10MB
# tcp parameters
tcp_keepalives_idle = 30
tcp_keepalives_interval = 10
tcp_keepalives_count = 3
# logging parameters in default fep installation
# if log volume is not defined, log_directory should be
# changed to '/database/userdata/data/log'
log_directory = '/database/log'
log_filename = 'logfile-%a.log'
log_file_mode = 0600
log_truncate_on_rotation = on
log_rotation_age = 1d
log_rotation_size = 0
log_checkpoints = on
log_line_prefix = '%e %t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h'
log_lock_waits = on
log_autovacuum_min_duration = 60s
logging_collector = on
pgaudit.config_file='/opt/app-root/src/pgaudit-cfg/pgaudit.conf'
log_replication_commands = on
log_min_messages = WARNING
log_destination = stderr
# wal_archive parameters in default fep installation
archive_mode = on
archive_command = 'pgbackrest --stanza=backupstanza --config=/database/userdata/pgbackrest.conf archive-push %p'
wal_level = replica
max_wal_senders = 10
wal_keep_segments = 64
wal_sender_timeout = 60s
track_activities = on
track_counts = on
backup:
image:
image: 'quay.io/fujitsu/fujitsu-enterprisepostgres-14-backup:ubi8-14-0.0'
pullPolicy: IfNotPresent
mcSpec:
limits:
cpu: 200m
memory: 300Mi
requests:
cpu: 100m
memory: 200Mi
pgbackrestParams: |
# define custom pgbackrest.conf parameters below to override defaults.
[global]
repo1-retention-full = 30
repo1-retention-full-type = time
preScript: " "
postScript: " "
schedule:
num: 2
schedule1:
schedule: "15 0 * * 0"
type: "full"
schedule2:
schedule: "15 0 * * 1-6"
type: "incr"
schedule3:
schedule: " "
type: " "
schedule4:
schedule: " "
type: " "
schedule5:
schedule: " "
type: " "
storage:
dataVol:
size: 2Gi
tablespaceVol:
size: 512Mi
walVol:
size: 1200Mi
archivewalVol:
size: 1Gi
backupVol:
size: 2Gi
logVol:
size: 1Gi
sysUsers:
pgAdminPassword: admin-password
pgdb: mydb
pgpassword: mydbpassword
pguser: mydbuser
pgrepluser: repluser
pgreplpassword: repluserpwd
tdepassphrase: tde-passphrase
systemCertificates:
key: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvhL4D/01Lmm/RY3nu+jgLOdLYEEg0wqMxhsyPRb43paWSFlp
gX1CNAPzlEtns4LVGSd6n7TqV73MfZ4lNHpuVtjWVTS6wtf7dQj7bbKeWQCDF5bK
QpekP5HAv/5uQ4Bx154FppJvmMX6CtUBm9ici8X7M1GrPQ5uir7kj8SrUkSpXdKp
wqyuEufvbenaYCI8KapBcTAsRIMjWufWngriln4b8ZYiVh0mcHLrX8HWTmQJvqBh
9laEwgn/KItpWQVp8dcZli1t+H6gBECd6n4q0/v1x0J2MoVK63Q+zZ7Y3ox5qSNN
+/Kgacht916AcEzIoJ52pA4vneLwErKX6kJMRwIDAQABAoIBAF2vH9FRrlq4CGyR
6vw1Zfj776z7rOAYPRaP5Q0zO2sKsfvrBhOq12yn3fDj0bMq8zm4ubnqA+9HP3lS
72eUSLpJmirZGIxcxDYFPVfuSBn6JKMF0Z9M+snSXzzCfTqMHpB19LcLSjH0sq+Q
GYDlHRPPe2bqBArOCDIesK0j9IVRNItWOzZCarjlzjlyNSS4vPaEjAySW/XxuRzi
A5smx2zXVm55+FjJpc2+H4Q+Rd+0AdLKrRAOyGCLMG3X5iYgwBTjzRKmdHJoIsnI
em+kJYxChSaJFK+2uzJ1+L1W9d+7CtEDxIyMKxvlTaF79agzJI7MvotGGvnvLaTP
KTTODAECgYEA6h5h/OP9oB+1WM4xhQAmtnpwWOhQPKjMAYI0XZfzWMKBrzEKKk8p
k1bZIM24xUzMSb/hKvcqcraxYN2lIUmGCDspbu0xMG6vNzqjAH0TtK8HhYOihhKl
hGVYV3vToTeJns3SL39lIedhCOgVx1bPkHDS6lV97Hdd9WIanp/8RwECgYEAz9bC
A+aMbe3+lxLaoQ2j+54QaE/TbP+bbuP6Rc1H8OP1C1ZEPT1p3I4+mAlTyMq8Reit
4CmSvvpHWXpONnNVCyhHerWCySxyV5Mcp33RARX5xNl09TTJEgqoH2daTieM/KY6
rakqerh7cwSGX0IXcB+N0OApBs7BJph2g3FNm0cCgYEAjneot2TiLTO+fmkTd1UN
OdQuU9wjH5a0dmKOjTnvat8KXdrgzbhYm4GpJa4qt12xn1t1oVjBawdDz6dxWl1M
g+vEne0XFtr0Iw66rIxwlm5AjH37Q81LDdNCPBJtSVjrlUi4lBDZMRWFVg8tWZ25
N7OAlfsqYuCMu8tUWZ0PvwECgYA7xefGd2erteaiTCnUZ7fhhXPyjAKiNmDdY3N2
37Lw9J5kxEqb0i2/4Kjf0M7n0GaVNHXNIieyBQjAEwyrXD/5FXx5LfqPINlBlm2H
Pgf95/QNSPz6CFRLfAUeAvtVvsotXyFBEIXHBYd7bLG4c6mJ9YkzqUQjURL7pp1u
8AcBwQKBgQCi149QxQsbnakltQsYG5e+vo49GBjrpA7HeZDGq5ojGShAIMqOJSuv
t+dwgfloxAw65jkBH6hNqVLF4xdZPV6Ka2bHNCPGK7b0rwqQVyvjp1Ml4dgIhPN6
tNZgz3cDtHwb3VCHN3APGLcIZDazZbjOMqLWBq/euhdcLnyuB9jBww==
-----END RSA PRIVATE KEY-----
crt: |-
-----BEGIN CERTIFICATE-----
MIIEHjCCAwagAwIBAgIJANroZLqsw8hNMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
BAMMCzEwLjEzMS4wLjk5MB4XDTIwMTEwODE0MzUyNloXDTQ4MDMyNjE0MzUyNlow
aDELMAkGA1UEBhMCOTExFDASBgNVBAgMC01haGFyYXNodHJhMQ0wCwYDVQQHDARQ
dW5lMRAwDgYDVQQKDAdGdWppdHN1MQwwCgYDVQQLDANDT0UxFDASBgNVBAMMCzEw
LjEzMS4wLjk5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhL4D/01
Lmm/RY3nu+jgLOdLYEEg0wqMxhsyPRb43paWSFlpgX1CNAPzlEtns4LVGSd6n7Tq
V73MfZ4lNHpuVtjWVTS6wtf7dQj7bbKeWQCDF5bKQpekP5HAv/5uQ4Bx154FppJv
mMX6CtUBm9ici8X7M1GrPQ5uir7kj8SrUkSpXdKpwqyuEufvbenaYCI8KapBcTAs
RIMjWufWngriln4b8ZYiVh0mcHLrX8HWTmQJvqBh9laEwgn/KItpWQVp8dcZli1t
+H6gBECd6n4q0/v1x0J2MoVK63Q+zZ7Y3ox5qSNN+/Kgacht916AcEzIoJ52pA4v
neLwErKX6kJMRwIDAQABo4IBGzCCARcwRgYDVR0jBD8wPYAUtx0d+PZMXgb1RMKW
4eoagmIUrjGhGqQYMBYxFDASBgNVBAMMCzEwLjEzMS4wLjk5ggkAtVepKtIe4D4w
CQYDVR0TBAIwADALBgNVHQ8EBAMCBDAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMIGVBgNVHREEgY0wgYqCCmt1YmVybmV0ZXOCEmt1YmVybmV0ZXMuZGVm
YXVsdIIWa3ViZXJuZXRlcy5kZWZhdWx0LnN2Y4Iea3ViZXJuZXRlcy5kZWZhdWx0
LnN2Yy5jbHVzdGVygiRrdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9j
YWyHBAqDAGOHBKweVVkwDQYJKoZIhvcNAQELBQADggEBADBIpMWGoidMAriPoFE/
f3Iwq2VMwr/NBg8ZgQd8l7+IIHooMP+1/nj2juy7enyrlFPiqRvhXADBkvZIhro2
4c+1bDbEbW0HqdwUnRWwwBEei1lXq4m6voWXXIA+At7fdiK7Dr7fo2OX5nDgW1Tw
btxCoqdUee/m9EgvHLmOLhuI3E1654zP6FVB2rlXN/oXeEzefPE18VqSvk7eZ/hR
adqpK3yt3lLeFVQzqfXzcoxOCM7Bt0txVNN4a9NwBoF8abaHxVoKI3rZlxQFpkn+
RCHx6QtaVDnLJ8jlykXCv8i7Qz+3Nwh0zszl3aM8Rt3Pd+PRjc9VGg5kXBMoRZi2
xuo=
-----END CERTIFICATE-----
cacrt: |-
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIJALVXqSrSHuA+MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
BAMMCzEwLjEzMS4wLjk5MB4XDTIwMTEwODE0MjUyOVoXDTQ4MDMyNjE0MjUyOVow
FjEUMBIGA1UEAwwLMTAuMTMxLjAuOTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDL7FlI69s5QY+NaZMEHVw4cksMdmxsNerSdBpZaHaTVLSGod5SeqK8
EGL0NPua2KccjZRitDLdYx8FlTrPqTiE9N7QlEDoiLi2AMrP8DEykGA3O4JtOXzs
yGGwmodgdqJORhcwmYEfiKej6483Ahy3bXORG4WbmouId1Ou7CmrH6VXTcP8sgmc
OLEEc9n33C/Ymw1lggJk6fM/ysZKSIc2wiePFPVo86tXJ5k8pRpGJZfqfGJ8OIdx
EEyW1r7GRnNm1ZQVD7A4meNarA14Bc/6b/uBtL+WySW7wvqUIua+e4Sp1X4mMbj8
IqZLEzsgvaKpDFT02+jQiVqMCD8OG2jHAgMBAAGjUDBOMB0GA1UdDgQWBBS3HR34
9kxeBvVEwpbh6hqCYhSuMTAfBgNVHSMEGDAWgBS3HR349kxeBvVEwpbh6hqCYhSu
MTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAiXOC/idXXeygT8UzH
k3biEs3iRWajDAlWVONOpnj8q75F4zIaGhCKvU/kfdOg9cwVy3GJq5+1LhR8qtcC
5o5iOHtS+XqyDXiv52Xe+GyY6GVtVUMd/KSHSInF2xgPUdInWdgqnFHC5bwNF2r8
yxHuNzUzEuu9xVzaqi7Wxk8t+uiktS4GgtcK94Zk8EkAxfnQe5PGa2ijcOF90whX
OCmhcT1CBXu4jgO3kfnuJ8E3A3gaN5I+VnqvvnPxpbg3GOmMhxr3pruTuCObGqFM
CUDBZqNBD5wezjJImdnvS50LGx1CKgelrxP2NAmzb1gMAmS7XZfKxa51Tszaeqna
wuC4
-----END CERTIFICATE-----すべてのパスワード/パスフレーズおよび証明書は、カスタムリソースの作成後にマスクされることに注意してください。これには、次のものが含まれます。
最初のpgAdminPassword : admin-password
pgpassword : mydbpassword
pgreplpassword : repluserpwd
tdepassphrase : tde-passphrase
pgRewindPassword : rewind_passoword (定義されている場合はオプション)
pgMetricsPassword : metrics_password (定義されている場合はオプション)
certificate.key
certificate.crt
certificate.cacrt
クラスタの初期展開時の子カスタムリソースの値は、サーバ証明書、FEPの設定、ユーザー詳細などについて、fepChildCrValsの下のFEPClusterに格納されます。
FEPClusterカスタムリソースおよびその子カスタムリソースのすべてのフィールドは、FEPClusterカスタムリソースのみで管理する必要があります。演算子は、処理されるそれぞれの子カスタムリソースへの変更を反映します。変更できないフィールドは、親カスタムリソースから子カスタムリソースに反映されないため、影響はありません。