Skip to content

feat: add operator-aware resizing with examples and automation #348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jmealo wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add operator-aware resizing with examples and automation #348

jmealo wants to merge 1 commit into from

Conversation

@jmealo
Copy link

@jmealo jmealo commented Dec 11, 2025
edited
Loading

Add operator-aware resizing feature that enables pvc-autoresizer to work harmoniously with Kubernetes operators by patching Custom Resources instead of directly modifying PVCs. Includes comprehensive examples, automation, and documentation for CloudNativePG and RabbitMQ operators.

Core Feature:
- CR patching: Patch operator CR fields instead of direct PVC modification
- Security: RBAC validation + JSONPath restricted to /spec/* only
- Metrics: CR patch success/failure counters with operator labels
- Events: Kubernetes events for CR operations (ResizedCR, ResizeCRFailed)

New files:

  • internal/runners/cr_patcher.go: Core CR patching logic with validation
  • internal/runners/cr_patcher_test.go: Unit tests including JSONPath validation
  • docs/operator-aware-resizing.md: Complete documentation with security model, configuration, monitoring, troubleshooting, and supported operators
  • examples/kyverno-cnpg-autoresizer.yaml: Production-ready Kyverno policy for automatic CNPG PVC annotation based on role (data, WAL, tablespaces)
  • examples/annotate-pvcs.sh: Tested kubectl commands for CloudNativePG, RabbitMQ, and Strimzi Kafka operators
  • examples/README.md: Complete testing guide with step-by-step procedures and verified timelines

Testing:
All examples tested and verified on live clusters on Azure AKS:

  • CloudNativePG: Data, WAL, and tablespace volumes working end-to-end
  • RabbitMQ: Persistence volumes with no reconciliation conflicts
  • Kyverno policy: Automatic annotation with dynamic label extraction
  • Unit tests: JSONPath validation and security enforcement

Key features:

  • Solves reconciliation conflicts with operator-managed PVCs
  • Automatic PVC role detection via operator labels (cnpg.io/pvcRole)
  • Dynamic tablespace name extraction for JSONPath filters
  • Both manual (kubectl) and automated (Kyverno) workflows
  • Production-ready configurations with namespace selectors
  • Defense-in-depth security (RBAC + code-enforced path validation)

Implements: #346

@jmealo
feat: add operator-aware resizing with examples and automation
fac6872 
Add operator-aware resizing feature that enables pvc-autoresizer to work
harmoniously with Kubernetes operators by patching Custom Resources instead
of directly modifying PVCs. Includes comprehensive examples, automation, and
documentation for CloudNativePG and RabbitMQ operators.

**Core Feature:**
- CR patching: Patch operator CR fields instead of direct PVC modification
- Security: RBAC validation + JSONPath restricted to /spec/* only
- Metrics: CR patch success/failure counters with operator labels
- Events: Kubernetes events for CR operations (ResizedCR, ResizeCRFailed)

**New files:**
- internal/runners/cr_patcher.go: Core CR patching logic with validation
- internal/runners/cr_patcher_test.go: Unit tests including JSONPath validation
- docs/operator-aware-resizing.md: Complete documentation with security model,
  configuration, monitoring, troubleshooting, and supported operators
- examples/kyverno-cnpg-autoresizer.yaml: Production-ready Kyverno policy
  for automatic CNPG PVC annotation based on role (data, WAL, tablespaces)
- examples/annotate-pvcs.sh: Tested kubectl commands for CloudNativePG,
  RabbitMQ, and Strimzi Kafka operators
- examples/README.md: Complete testing guide with step-by-step procedures
  and verified timelines

**Testing:**
All examples tested and verified on live clusters:
- CloudNativePG: Data, WAL, and tablespace volumes working end-to-end
- RabbitMQ: Persistence volumes with no reconciliation conflicts
- Kyverno policy: Automatic annotation with dynamic label extraction
- Unit tests: JSONPath validation and security enforcement

**Key features:**
- Solves reconciliation conflicts with operator-managed PVCs
- Automatic PVC role detection via operator labels (cnpg.io/pvcRole)
- Dynamic tablespace name extraction for JSONPath filters
- Both manual (kubectl) and automated (Kyverno) workflows
- Production-ready configurations with namespace selectors
- Defense-in-depth security (RBAC + code-enforced path validation)

Related to: topolvm#346

Signed-off-by: Jeff Mealo <[email protected]>
@jmealo jmealo requested a review from a team as a code owner December 11, 2025 20:17
@jmealo
Copy link
Author

jmealo commented Jan 9, 2026
edited
Loading

@llamerada-jp Happy New Year! Hello, wanted to follow up on this. I've been using this in my clusters and it's been working well for me with CNPG on Azure AKS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@llamerada-jp llamerada-jp Awaiting requested review from llamerada-jp llamerada-jp is a code owner automatically assigned from topolvm/reviewers

@cupnes cupnes Awaiting requested review from cupnes cupnes is a code owner automatically assigned from topolvm/reviewers

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmealo