From b0fcbcb9fdaa9d3bb9342e2d95530e5796dbdd57 Mon Sep 17 00:00:00 2001
From: PedroCapdevila <pedro.capdevila@hotmail.com>
Date: Wed, 10 Jul 2024 17:31:56 -0300
Subject: [PATCH 1/2] Allow to change cluster domain in KUBE_API_URL

---
 ENVIRONMENT.rst                               | 1 +
 postgres-appliance/scripts/callback_role.py   | 3 ++-
 postgres-appliance/scripts/configure_spilo.py | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ENVIRONMENT.rst b/ENVIRONMENT.rst
index 6875fa68b..bcabbde87 100644
--- a/ENVIRONMENT.rst
+++ b/ENVIRONMENT.rst
@@ -102,6 +102,7 @@ Environment Configuration Settings
 - **KUBERNETES_ROLE_LABEL**: name of the label containing Postgres role when running on Kubernetens. Default is 'spilo-role'.
 - **KUBERNETES_SCOPE_LABEL**: name of the label containing cluster name. Default is 'version'.
 - **KUBERNETES_LABELS**: a JSON describing names and values of other labels used by Patroni on Kubernetes to locate its metadata. Default is '{"application": "spilo"}'.
+- **KUBERNETES_CLUSTER_DOMAIN**: DNS domain for the kubernetes cluster. Default is 'cluster.local'.
 - **INITDB_LOCALE**: database cluster's default UTF-8 locale (en_US by default)
 - **ENABLE_WAL_PATH_COMPAT**: old Spilo images were generating wal path in the backup store using the following template ``/spilo/{WAL_BUCKET_SCOPE_PREFIX}{SCOPE}{WAL_BUCKET_SCOPE_SUFFIX}/wal/``, while new images adding one additional directory (``{PGVERSION}``) to the end. In order to avoid (unlikely) issues with restoring WALs (from S3/GC/and so on) when switching to ``spilo-13`` please set the ``ENABLE_WAL_PATH_COMPAT=true`` when deploying old cluster with ``spilo-13`` for the first time. After that the environment variable could be removed. Change of the WAL path also mean that backups stored in the old location will not be cleaned up automatically.
 - **WALE_DISABLE_S3_SSE**, **WALG_DISABLE_S3_SSE**: by default wal-e/wal-g are configured to encrypt files uploaded to S3. In order to disable it you can set this environment variable to ``true``.
diff --git a/postgres-appliance/scripts/callback_role.py b/postgres-appliance/scripts/callback_role.py
index 393b069ce..a40e40cd0 100755
--- a/postgres-appliance/scripts/callback_role.py
+++ b/postgres-appliance/scripts/callback_role.py
@@ -13,8 +13,9 @@
 KUBE_NAMESPACE_FILENAME = KUBE_SERVICE_DIR + 'namespace'
 KUBE_TOKEN_FILENAME = KUBE_SERVICE_DIR + 'token'
 KUBE_CA_CERT = KUBE_SERVICE_DIR + 'ca.crt'
+KUBE_CLUSTER_DOMAIN = os.environ.get("KUBERNETES_CLUSTER_DOMAIN", 'cluster.local')
 
-KUBE_API_URL = 'https://kubernetes.default.svc.cluster.local/api/v1/namespaces'
+KUBE_API_URL = 'https://kubernetes.default.svc.' + KUBE_CLUSTER_DOMAIN + '/api/v1/namespaces'
 
 logger = logging.getLogger(__name__)
 
diff --git a/postgres-appliance/scripts/configure_spilo.py b/postgres-appliance/scripts/configure_spilo.py
index 3195327fb..c4b6dc965 100755
--- a/postgres-appliance/scripts/configure_spilo.py
+++ b/postgres-appliance/scripts/configure_spilo.py
@@ -567,6 +567,7 @@ def get_placeholders(provider):
     placeholders.setdefault('PAM_OAUTH2', '')
     placeholders.setdefault('CALLBACK_SCRIPT', '')
     placeholders.setdefault('DCS_ENABLE_KUBERNETES_API', '')
+    placeholders.setdefault('KUBERNETES_CLUSTER_DOMAIN', 'cluster.local')
     placeholders.setdefault('KUBERNETES_ROLE_LABEL', 'spilo-role')
     placeholders.setdefault('KUBERNETES_SCOPE_LABEL', 'version')
     placeholders.setdefault('KUBERNETES_LABELS', KUBERNETES_DEFAULT_LABELS)

From 69b314feec1646b32d7deb1516a2dd5cd172b451 Mon Sep 17 00:00:00 2001
From: PedroCapdevila <pedro.capdevila@hotmail.com>
Date: Thu, 25 Jul 2024 17:48:15 -0300
Subject: [PATCH 2/2] Allow KUBERNETES_CLUSTER_DOMAIN in patroni

---
 postgres-appliance/runit/patroni/run | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postgres-appliance/runit/patroni/run b/postgres-appliance/runit/patroni/run
index c92fe9708..56126b7c1 100755
--- a/postgres-appliance/runit/patroni/run
+++ b/postgres-appliance/runit/patroni/run
@@ -24,7 +24,7 @@ then
 fi
 
 # Only small subset of environment variables is allowed. We don't want accidentally disclose sensitive information
-for E in $(printenv -0 | tr '\n' ' ' | sed 's/\x00/\n/g' | grep -vE '^(KUBERNETES_(SERVICE|PORT|ROLE)[_=]|((POD_(IP|NAMESPACE))|HOSTNAME|PATH|PGHOME|LC_ALL|ENABLE_PG_MON)=)' | sed 's/=.*//g'); do
+for E in $(printenv -0 | tr '\n' ' ' | sed 's/\x00/\n/g' | grep -vE '^(KUBERNETES_(SERVICE|PORT|ROLE|CLUSTER)[_=]|((POD_(IP|NAMESPACE))|HOSTNAME|PATH|PGHOME|LC_ALL|ENABLE_PG_MON)=)' | sed 's/=.*//g'); do
     unset $E
 done