feat( cluster ): Add support for console stateful set (#782)

Signed-off-by: Philippe Noël <philippemnoel@gmail.com>
Signed-off-by: Itay Grudev <itay@verito.digital>
Co-authored-by: Itay Grudev <itay@verito.digital>

Author: philippemnoel

charts/cluster/README.md

@@ -153,6 +153,7 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | cluster.affinity | object | `{"topologyKey":"topology.kubernetes.io/zone"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.annotations | object | `{}` |  |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
+| cluster.console.enabled | bool | `false` | Deploys a console StatefulSet to run long-running commands against the cluster (e.g. `CREATE INDEX`). |
 | cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
 | cluster.enableSuperuserAccess | bool | `true` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
 | cluster.env | list | `[]` | Env follows the Env format to pass environment variables to the pods created in the cluster |

charts/cluster/docs/Console.md

@@ -0,0 +1,62 @@
+# Executing Long-running Tasks
+
+By setting `cluster.console.enabled=true`, the chart deploys a StatefulSet with a console pod for executing long-running tasks. This is useful for tasks that need to run in the background or for batch processing, such as `CREATE INDEX`. The intent is to use this console pod to run commands in the background without maintaining a persistent client connection. Because the console pod is on the cluster, it is less susceptible to network issues.
+
+> [!NOTE]
+> We don't provision a PodDisruption Budget (PDB) for the console StatefulSet. Node maintenance or other disruptions may cause the console pod to be evicted, killing your session.
+>
+> The console pod has `root` access so that you can use `apt install` to install any additional tools you may need. Keep in mind that while the root user home folder (`/root`) is persisted, any tools you install will not be persisted if the pod restarts.
+>
+> All the utilities in the pod are installed during the pod startup, so it may take a few seconds before they become available, after the pod has restarted.
+
+## Connecting to the Console Pod
+
+To use the console pod, you can run the following command:
+
+```bash
+kubectl --namespace <namespace> exec --stdin --tty statefulset/<cluster-name>-console -- bash
+```
+
+## Database credentials
+
+We provide the database credentials as environment variables in the console pod. You can access them using:
+
+* `$DB_APP_URI` - Connection URI for the default application user.
+* `$DB_SUPERUSER_URI` - Connection URI for the `postgres` superuser.
+
+## Executing queries
+
+To run a command in the background you can use the `nohup` command. For example, to create an index in the background:
+
+```bash
+nohup psql "$DB_SUPERUSER_URI/<db-name>" -c "CREATE INDEX orders_idx ON orders USING bm25 (order_id, customer_name) WITH (key_field='order_id');" 2>&1 > command.log &
+```
+
+To check on the status of the command, you can use the `tail` command:
+
+```bash
+tail -f command.log
+```
+
+## Advanced usage with `screen`
+
+You can also use the `screen` utility to run commands in the background and keep them running even if you disconnect from the console pod. Here are some basic commands to get you started:
+
+* Start a new screen session
+
+```bash
+screen -S mysession
+```
+
+* List all screen sessions
+
+```bash
+screen -list
+```
+
+* To detach from a screen session without stopping it, press `Ctrl + A`, then `D`.
+* You can reattach to a screen session with:
+
+```bash
+screen -r mysession
+```

charts/cluster/templates/NOTES.txt

@@ -34,6 +34,11 @@ Get a list of all base backups:
 Connect to the cluster's primary instance:
 {{ include "cluster.color-info" (printf "kubectl --namespace %s exec --stdin --tty services/%s-rw -- bash" .Release.Namespace (include "cluster.fullname" .)) }}
 
+{{ if .Values.cluster.console.enabled -}}
+Connect to the console pod for executing long-running tasks (e.g. `CREATE INDEX`):
+{{ include "cluster.color-info" (printf "kubectl --namespace %s exec --stdin --tty statefulsets/%s-console -- bash" .Release.Namespace (include "cluster.fullname" .)) }}
+{{- end }}
+
 Configuration
 -------------
 

charts/cluster/templates/console-statefulset.yaml

@@ -0,0 +1,96 @@
+{{- if .Values.cluster.console.enabled }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "cluster.fullname" $ }}-console
+  namespace: {{ include "cluster.namespace" $ }}
+  {{- with .Values.cluster.annotations }}
+  annotations:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+    {{- with .Values.cluster.additionalLabels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    app.kubernetes.io/component: console
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "cluster.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: console
+  serviceName: console
+  volumeClaimTemplates:
+    - metadata:
+        name: console-home
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: 1Gi
+  template:
+    metadata:
+      {{- with .Values.cluster.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "cluster.labels" . | nindent 8 }}
+        {{- with .Values.cluster.additionalLabels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        app.kubernetes.io/component: console
+    spec:
+      terminationGracePeriodSeconds: 2
+      containers:
+        - name: console
+          image: ubuntu:latest
+          command: [ "sh" ]
+          args:
+            - "-c"
+            - |
+              apt update
+              apt install -y postgresql-client
+              apt install -y screen curl wget jq unzip gzip nano vim util-linux less htop
+              cat <<EOF > /root/.bashrc
+              echo -e "\nHere are some examples for connecting and running queries on the cluster:"
+              echo '  nohup psql \$DB_SUPERUSER_URI"/DB_NAME" -c "SELECT 1;" 2>&1 > command.log &'
+              echo -e "\nTo check up on the command, use:"
+              echo "  tail -f command.log"
+              echo -e "\nYou can also use 'screen' for an interactive session. See https://github.com/paradedb/charts/blob/dev/charts/paradedb/docs/long-running-tasks.md for examples."
+              echo -e "\n"
+              EOF
+              sleep infinity
+          env:
+            - name: DB_APP_URI
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "cluster.fullname" $ }}-app
+                  key: uri
+            - name: DB_SUPERUSER_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "cluster.fullname" $ }}-superuser
+                  key: host
+            - name: DB_SUPERUSER_PORT
+              valueFrom:
+                  secretKeyRef:
+                    name: {{ include "cluster.fullname" $ }}-superuser
+                    key: port
+            - name: DB_SUPERUSER_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "cluster.fullname" $ }}-superuser
+                  key: user
+            - name: DB_SUPERUSER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "cluster.fullname" $ }}-superuser
+                  key: password
+            - name: DB_SUPERUSER_URI
+              value: "postgresql://$(DB_SUPERUSER_USER):$(DB_SUPERUSER_PASSWORD)@$(DB_SUPERUSER_HOST):$(DB_SUPERUSER_PORT)"
+          volumeMounts:
+            - name: console-home
+              mountPath: /root
+{{- end }}

charts/cluster/test/console-statefulset/01-console_test_cluster-assert.yaml

@@ -0,0 +1,9 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: console-test-cluster
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: console-test-cluster-console

charts/cluster/test/console-statefulset/01-console_test_cluster.yaml

@@ -0,0 +1,8 @@
+type: postgresql
+mode: standalone
+cluster:
+  instances: 1
+  console:
+    enabled: true
+backups:
+  enabled: false

charts/cluster/test/console-statefulset/chainsaw-test.yaml

@@ -0,0 +1,40 @@
+##
+# Tests the correct deployment of the console StatefulSet
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: console-statefulset
+spec:
+  timeouts:
+    apply: 1s
+    assert: 10s
+    cleanup: 1m
+    exec: 2m
+  steps:
+    - name: Install a cluster with a console enabled
+      try:
+        - script:
+            content: |
+              helm upgrade \
+                --install \
+                --namespace $NAMESPACE \
+                --values ./01-console_test_cluster.yaml \
+                --wait \
+                console-test ../../
+        - assert:
+            file: ./01-console_test_cluster-assert.yaml
+        - script:
+            content: |
+              kubectl --namespace $NAMESPACE wait --for=condition=ready clusters.postgresql.cnpg.io/console-test-cluster --timeout=60s
+              kubectl --namespace $NAMESPACE wait --for=condition=ready pod/console-test-cluster-console-0 --timeout=60s
+              kubectl --namespace $NAMESPACE exec pod/console-test-cluster-console-0 -- bash -c 'while true; do command -v psql && break || sleep 2; done'
+              echo 'nohup psql $DB_SUPERUSER_URI -c "SELECT PG_SLEEP(120);" 2>&1 > command.log &' | kubectl --namespace $NAMESPACE exec --stdin pod/console-test-cluster-console-0 -- bash &
+              sleep 60
+              PSQL_RUNNING=$(kubectl --namespace $NAMESPACE exec statefulsets/console-test-cluster-console -- bash -c 'ps -ef | grep psql | wc -l')
+              echo "PSQL_RUNNING: $PSQL_RUNNING"
+              [ $PSQL_RUNNING -gt 3 ] || exit 1
+    - name: Cleanup
+      try:
+        - script:
+            content: |
+              helm uninstall --namespace $NAMESPACE console-test

charts/cluster/values.schema.json

@@ -187,6 +187,14 @@
                 "certificates": {
                     "type": "object"
                 },
+                "console": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
                 "enablePDB": {
                     "type": "boolean"
                 },

charts/cluster/values.yaml

@@ -406,6 +406,9 @@ cluster:
   additionalLabels: {}
   annotations: {}
 
+  console:
+    # -- Deploys a console StatefulSet to run long-running commands against the cluster (e.g. `CREATE INDEX`).
+    enabled: false
 
 backups:
   # -- You need to configure backups manually, so backups are disabled by default.