Add config switch to share pg_socket in /var/run/postgresql via an emptyDir with the sidecar containers

Author: frittentheke

docs/reference/operator_parameters.md

@@ -337,6 +337,12 @@ configuration they are grouped under the `kubernetes` key.
   to run alongside Spilo on the same pod. Globally defined sidecars are always
   enabled. Default is true.
 
+* **share_pg_socket_with_sidecars**
+  global option to create an emptyDir volume named `postgresql-run`. This is
+  mounted by all containers at `/var/run/postgresql` sharing the unix socket of
+  PostgreSQL (`pg_socket`) with the sidecars this way.
+  Default is `false`.
+
 * **secret_name_template**
   a template for the name of the database user secrets generated by the
   operator. `{namespace}` is replaced with name of the namespace if

manifests/operatorconfiguration.crd.yaml

@@ -216,6 +216,9 @@ spec:
                     type: array
                     items:
                       type: string
+                  share_pg_socket_with_sidecars:
+                    type: boolean
+                    default: false
                   infrastructure_roles_secret_name:
                     type: string
                   infrastructure_roles_secrets:

pkg/apis/acid.zalan.do/v1/crds.go

@@ -1283,6 +1283,9 @@ var OperatorConfigCRDResourceValidation = apiextv1.CustomResourceValidation{
 									},
 								},
 							},
+							"share_pg_socket_with_sidecars": {
+								Type: "boolean",
+							},
 							"infrastructure_roles_secret_name": {
 								Type: "string",
 							},

pkg/apis/acid.zalan.do/v1/operator_configuration_type.go

@@ -72,6 +72,7 @@ type KubernetesMetaConfiguration struct {
 	StorageResizeMode                      string                       `json:"storage_resize_mode,omitempty"`
 	EnableInitContainers                   *bool                        `json:"enable_init_containers,omitempty"`
 	EnableSidecars                         *bool                        `json:"enable_sidecars,omitempty"`
+	SharePGSocketWithSidecars              *bool                        `json:"share_pgsocket_with_sidecars,omitempty"`
 	SecretNameTemplate                     config.StringTemplate        `json:"secret_name_template,omitempty"`
 	ClusterDomain                          string                       `json:"cluster_domain,omitempty"`
 	OAuthTokenSecretName                   spec.NamespacedName          `json:"oauth_token_secret_name,omitempty"`

pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go

@@ -674,6 +674,7 @@ func (c *Cluster) generatePodTemplate(
 	spiloContainer *v1.Container,
 	initContainers []v1.Container,
 	sidecarContainers []v1.Container,
+	sharePGSocketWithSidecars *bool,
 	tolerationsSpec *[]v1.Toleration,
 	spiloRunAsUser *int64,
 	spiloRunAsGroup *int64,
@@ -736,6 +737,10 @@ func (c *Cluster) generatePodTemplate(
 		podSpec.PriorityClassName = priorityClassName
 	}
 
+	if sharePGSocketWithSidecars != nil && *sharePGSocketWithSidecars {
+		addVarRunVolume(&podSpec)
+	}
+
 	if additionalSecretMount != "" {
 		addSecretVolume(&podSpec, additionalSecretMount, additionalSecretMountPath)
 	}
@@ -1317,6 +1322,7 @@ func (c *Cluster) generateStatefulSet(spec *acidv1.PostgresSpec) (*appsv1.Statef
 		spiloContainer,
 		initContainers,
 		sidecarContainers,
+		c.OpConfig.SharePGSocketWithSidecars,
 		&tolerationSpec,
 		effectiveRunAsUser,
 		effectiveRunAsGroup,
@@ -1510,6 +1516,28 @@ func addShmVolume(podSpec *v1.PodSpec) {
 	podSpec.Volumes = volumes
 }
 
+func addVarRunVolume(podSpec *v1.PodSpec) {
+	volumes := append(podSpec.Volumes, v1.Volume{
+		Name: "postgresql-run",
+		VolumeSource: v1.VolumeSource{
+			EmptyDir: &v1.EmptyDirVolumeSource{
+				Medium: "Memory",
+			},
+		},
+	})
+
+	for i := range podSpec.Containers {
+		mounts := append(podSpec.Containers[i].VolumeMounts,
+			v1.VolumeMount{
+				Name:      "postgresql-run",
+				MountPath: "/var/run/postgresql",
+			})
+		podSpec.Containers[i].VolumeMounts = mounts
+	}
+
+	podSpec.Volumes = volumes
+}
+
 func addSecretVolume(podSpec *v1.PodSpec, additionalSecretMount string, additionalSecretMountPath string) {
 	volumes := append(podSpec.Volumes, v1.Volume{
 		Name: additionalSecretMount,
@@ -2045,6 +2073,7 @@ func (c *Cluster) generateLogicalBackupJob() (*batchv1beta1.CronJob, error) {
 		logicalBackupContainer,
 		[]v1.Container{},
 		[]v1.Container{},
+		util.False(),
 		&[]v1.Toleration{},
 		nil,
 		nil,

pkg/cluster/k8sres.go

@@ -85,6 +85,7 @@ func (c *Controller) importConfigurationFromCRD(fromCRD *acidv1.OperatorConfigur
 	result.StorageResizeMode = util.Coalesce(fromCRD.Kubernetes.StorageResizeMode, "pvc")
 	result.EnableInitContainers = util.CoalesceBool(fromCRD.Kubernetes.EnableInitContainers, util.True())
 	result.EnableSidecars = util.CoalesceBool(fromCRD.Kubernetes.EnableSidecars, util.True())
+	result.SharePGSocketWithSidecars = util.CoalesceBool(fromCRD.Kubernetes.SharePGSocketWithSidecars, util.False())
 	result.SecretNameTemplate = fromCRD.Kubernetes.SecretNameTemplate
 	result.OAuthTokenSecretName = fromCRD.Kubernetes.OAuthTokenSecretName
 	result.EnableCrossNamespaceSecret = fromCRD.Kubernetes.EnableCrossNamespaceSecret

pkg/controller/operator_config.go

@@ -210,6 +210,7 @@ type Config struct {
 	EnablePodDisruptionBudget              *bool             `name:"enable_pod_disruption_budget" default:"true"`
 	EnableInitContainers                   *bool             `name:"enable_init_containers" default:"true"`
 	EnableSidecars                         *bool             `name:"enable_sidecars" default:"true"`
+	SharePGSocketWithSidecars              *bool             `name:"share_pg_socket_with_sidecars" default:"false"`
 	Workers                                uint32            `name:"workers" default:"8"`
 	APIPort                                int               `name:"api_port" default:"8080"`
 	RingLogLines                           int               `name:"ring_log_lines" default:"100"`