Использование внешних модулей на примере Postgres Operator
Скачать нужный образ:
console
$ podman pull --tls-verify=false ghcr.io/zalando/postgres-operator:v1.14.0 && \
$ curl http://localhost:5002/v2/_catalog | jq && \
$ curl http://localhost:5002/v2/ghcr.io/zalando/postgres-operator/tags/list | jq && \
$ podman pull --tls-verify=false localhost:5002/ghcr.io/zalando/postgres-operator:v1.14.0Добавить зеркало для ghcr.io:
text
[
{
"op": "add",
"path": "/machine/registries/mirrors/ghcr.io",
"value": {
"endpoints": [
"http://192.168.1.1:5002"
]
}
},
{
"op": "add",
"path": "/machine/registries/config/ghcr.io",
"value": {
"tls": {
"insecureSkipVerify": true
}
}
}
]console
$ talosctl -n 192.168.1.2 patch machineconfig -p '[{"op":"add","path":"/machine/registries/mirrors/ghcr.io","value":{"endpoints":["http://192.168.1.1:5002"]}},{"op":"add","path":"/machine/registries/config/ghcr.io","value":{"tls":{"insecureSkipVerify":true}}}]' && \
$ talosctl -n 192.168.1.3 patch machineconfig -p '[{"op":"add","path":"/machine/registries/mirrors/ghcr.io","value":{"endpoints":["http://192.168.1.1:5002"]}},{"op":"add","path":"/machine/registries/config/ghcr.io","value":{"tls":{"insecureSkipVerify":true}}}]' && \
$ talosctl -n 192.168.1.4 patch machineconfig -p '[{"op":"add","path":"/machine/registries/mirrors/ghcr.io","value":{"endpoints":["http://192.168.1.1:5002"]}},{"op":"add","path":"/machine/registries/config/ghcr.io","value":{"tls":{"insecureSkipVerify":true}}}]' && \
$ talosctl -n 192.168.1.5 patch machineconfig -p '[{"op":"add","path":"/machine/registries/mirrors/ghcr.io","value":{"endpoints":["http://192.168.1.1:5002"]}},{"op":"add","path":"/machine/registries/config/ghcr.io","value":{"tls":{"insecureSkipVerify":true}}}]' && \
$ talosctl -n 192.168.1.6 patch machineconfig -p '[{"op":"add","path":"/machine/registries/mirrors/ghcr.io","value":{"endpoints":["http://192.168.1.1:5002"]}},{"op":"add","path":"/machine/registries/config/ghcr.io","value":{"tls":{"insecureSkipVerify":true}}}]' && \
$ talosctl -n 192.168.1.7 patch machineconfig -p '[{"op":"add","path":"/machine/registries/mirrors/ghcr.io","value":{"endpoints":["http://192.168.1.1:5002"]}},{"op":"add","path":"/machine/registries/config/ghcr.io","value":{"tls":{"insecureSkipVerify":true}}}]' && \
$ talosctl -n 192.168.1.8 patch machineconfig -p '[{"op":"add","path":"/machine/registries/mirrors/ghcr.io","value":{"endpoints":["http://192.168.1.1:5002"]}},{"op":"add","path":"/machine/registries/config/ghcr.io","value":{"tls":{"insecureSkipVerify":true}}}]'Настройка Postgres Operator
Склонировать репозиторий и применить манифесты:
console
$ git clone https://github.com/zalando/postgres-operator.git && \
$ cd postgres-operator && \
$ kubectl create -f manifests/configmap.yaml && \
$ kubectl create -f manifests/operator-service-account-rbac.yaml && \
$ kubectl create -f manifests/postgres-operator.yaml && \
$ kubectl create -f manifests/api-service.yamltext
configmap/postgres-operator created
serviceaccount/postgres-operator created
clusterrole.rbac.authorization.k8s.io/postgres-operator created
clusterrolebinding.rbac.authorization.k8s.io/postgres-operator created
clusterrole.rbac.authorization.k8s.io/postgres-pod created
Warning: would violate PodSecurity "restricted:latest": unrestricted capabilities (container "postgres-operator" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or container "postgres-operator" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/postgres-operator created
service/postgres-operator createdПроверка работы Postgres Operator
Убедиться, что под запущен:
console
$ kubectl get pod -l name=postgres-operatorВывод:
text
NAME READY STATUS RESTARTS AGE
postgres-operator-849bdbdbd8-sqj7n 1/1 Running 1 (6m44s ago) 2d21hПроверить логи Operator:
console
$ kubectl logs "$(kubectl get pod -l name=postgres-operator --output='name')"
. . . . .
time="2025-10-13T15:46:56Z" level=info msg="listening on :8080" pkg=apiserver
time="2025-10-13T15:46:56Z" level=debug msg="new node has been added: /alt-orchestra-3xh-ru8 ()" pkg=controller
time="2025-10-13T15:46:56Z" level=debug msg="new node has been added: /alt-orchestra-joa-l4h ()" pkg=controller
time="2025-10-13T15:46:56Z" level=debug msg="new node has been added: /alt-orchestra-o2z-cg5 ()" pkg=controller
time="2025-10-13T15:46:56Z" level=debug msg="new node has been added: /alt-orchestra-p31-6dg ()" pkg=controller
time="2025-10-13T15:46:56Z" level=debug msg="new node has been added: /alt-orchestra-v6d-bmi ()" pkg=controller
time="2025-10-13T15:46:56Z" level=debug msg="new node has been added: /alt-orchestra-xwg-xyk ()" pkg=controller
time="2025-10-13T15:46:56Z" level=debug msg="new node has been added: /alt-orchestra-yuq-xes ()" pkg=controllerУбедиться, что работа остальных подов не нарушена:
console
$ kubectl get all -AВсе поды в состоянии Running (могут присутствовать Completed / ContainerStatusUnknown для cilium-operator):
text
NAMESPACE NAME READY STATUS RESTARTS AGE
default pod/postgres-operator-849bdbdbd8-2x7dz 1/1 Running 1 (2m2s ago) 2m8s
kube-system pod/cilium-bxkrm 1/1 Running 0 11m
kube-system pod/cilium-envoy-5v7mx 1/1 Running 0 20m
kube-system pod/cilium-envoy-fr7cf 1/1 Running 0 16m
kube-system pod/cilium-envoy-gzmbs 1/1 Running 0 17m
kube-system pod/cilium-envoy-hvc8n 1/1 Running 0 14m
kube-system pod/cilium-envoy-jss2x 1/1 Running 0 21m
kube-system pod/cilium-envoy-kbpcc 1/1 Running 0 11m
kube-system pod/cilium-envoy-rcg2f 1/1 Running 0 15m
kube-system pod/cilium-f8kdg 1/1 Running 0 21m
kube-system pod/cilium-j2flj 1/1 Running 0 17m
kube-system pod/cilium-n67xg 1/1 Running 0 14m
kube-system pod/cilium-operator-67f4b4f5fd-297rd 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-69v9t 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-9t2h4 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-b7q8n 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-czhmb 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-dqgvl 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-dtfql 1/1 Running 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-fwczt 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-j52jt 1/1 Running 0 15m
kube-system pod/cilium-operator-67f4b4f5fd-j6cn7 0/1 Completed 0 56m
kube-system pod/cilium-operator-67f4b4f5fd-jdj82 0/1 Completed 1 61m
kube-system pod/cilium-operator-67f4b4f5fd-kd9gj 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-lk77m 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-lpv5m 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-mhllb 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-mnkbm 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-njzjm 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-qk5mx 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-rxqmw 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-ssmn4 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-operator-67f4b4f5fd-zk8x7 0/1 ContainerStatusUnknown 0 21m
kube-system pod/cilium-qbftx 1/1 Running 0 15m
kube-system pod/cilium-r9gzl 1/1 Running 0 19m
kube-system pod/cilium-wrkfx 1/1 Running 0 16m
kube-system pod/coredns-5966c6bdcd-5h78q 1/1 Running 1 (17m ago) 61m
kube-system pod/coredns-5966c6bdcd-l7fxt 1/1 Running 1 (17m ago) 61m
kube-system pod/kube-apiserver-alt-orchestra-7qy-gfl 1/1 Running 0 19m
kube-system pod/kube-apiserver-alt-orchestra-aof-0ft 1/1 Running 0 13m
kube-system pod/kube-apiserver-alt-orchestra-h5e-87r 1/1 Running 0 20m
kube-system pod/kube-apiserver-alt-orchestra-kga-8vb 1/1 Running 0 16m
kube-system pod/kube-apiserver-alt-orchestra-ldr-kwj 1/1 Running 0 10m
kube-system pod/kube-controller-manager-alt-orchestra-7qy-gfl 1/1 Running 0 19m
kube-system pod/kube-controller-manager-alt-orchestra-aof-0ft 1/1 Running 0 13m
kube-system pod/kube-controller-manager-alt-orchestra-h5e-87r 1/1 Running 0 20m
kube-system pod/kube-controller-manager-alt-orchestra-kga-8vb 1/1 Running 0 16m
kube-system pod/kube-controller-manager-alt-orchestra-ldr-kwj 1/1 Running 0 10m
kube-system pod/kube-scheduler-alt-orchestra-7qy-gfl 1/1 Running 0 19m
kube-system pod/kube-scheduler-alt-orchestra-aof-0ft 1/1 Running 0 13m
kube-system pod/kube-scheduler-alt-orchestra-h5e-87r 1/1 Running 0 20m
kube-system pod/kube-scheduler-alt-orchestra-kga-8vb 1/1 Running 0 16m
kube-system pod/kube-scheduler-alt-orchestra-ldr-kwj 1/1 Running 0 10m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 62m
default service/postgres-operator ClusterIP 10.96.67.158 <none> 8080/TCP 2m8s
kube-system service/cilium-envoy ClusterIP None <none> 9964/TCP 62m
kube-system service/hubble-peer ClusterIP 10.98.164.175 <none> 443/TCP 62m
kube-system service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 61m
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/cilium 7 7 7 7 7 kubernetes.io/os=linux 62m
kube-system daemonset.apps/cilium-envoy 7 7 7 7 7 kubernetes.io/os=linux 62m
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
default deployment.apps/postgres-operator 1/1 1 1 2m8s
kube-system deployment.apps/cilium-operator 2/2 2 2 62m
kube-system deployment.apps/coredns 2/2 2 2 61m
NAMESPACE NAME DESIRED CURRENT READY AGE
default replicaset.apps/postgres-operator-849bdbdbd8 1 1 1 2m8s
kube-system replicaset.apps/cilium-operator-67f4b4f5fd 2 2 2 61m
kube-system replicaset.apps/coredns-5966c6bdcd 2 2 2 61m