owenthereal
diff --git a/‎docs/reference/cluster_manifest.md‎
Lines changed: 14 additions & 0 deletions b/‎docs/reference/cluster_manifest.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎pkg/apis/acid.zalan.do/v1/postgresql_type.go‎
Lines changed: 8 additions & 4 deletions b/‎pkg/apis/acid.zalan.do/v1/postgresql_type.go‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go‎
Lines changed: 14 additions & 0 deletions b/‎pkg/apis/acid.zalan.do/v1/zz_generated.deepcopy.go‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎pkg/cluster/cluster_test.go‎
Lines changed: 64 additions & 26 deletions b/‎pkg/cluster/cluster_test.go‎
Lines changed: 64 additions & 26 deletions
diff --git a/‎pkg/cluster/k8sres.go‎
Lines changed: 24 additions & 3 deletions b/‎pkg/cluster/k8sres.go‎
Lines changed: 24 additions & 3 deletions
@@ -173,6 +173,20 @@ These parameters are grouped directly under  the `spec` key in the manifest.
   [administrator docs](https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md#load-balancers-and-allowed-ip-ranges)
   for more information regarding default values and overwrite rules.
 
+* **masterServiceAnnotations**
+  A map of key value pairs that gets attached as [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+  to the master services created for the database cluster. Check the
+  [administrator docs](https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md#load-balancers-and-allowed-ip-ranges)
+  for more information regarding default values and overwrite rules.
+  This field takes precedence over `serviceAnnotations` for the master services if not empty.
+
+* **replicaServiceAnnotations**
+  A map of key value pairs that gets attached as [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
+  to the replica services created for the database cluster. Check the
+  [administrator docs](https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md#load-balancers-and-allowed-ip-ranges)
+  for more information regarding default values and overwrite rules.
+  This field takes precedence over `serviceAnnotations` for the replica services if not empty.
+
 * **enableShmVolume**
   Start a database pod without limitations on shm memory. By default Docker
   limit `/dev/shm` to `64M` (see e.g. the [docker
 
@@ -79,10 +79,14 @@ type PostgresSpec struct {
 	StandbyCluster        *StandbyDescription         `json:"standby,omitempty"`
 	PodAnnotations        map[string]string           `json:"podAnnotations,omitempty"`
 	ServiceAnnotations    map[string]string           `json:"serviceAnnotations,omitempty"`
-	TLS                   *TLSDescription             `json:"tls,omitempty"`
-	AdditionalVolumes     []AdditionalVolume          `json:"additionalVolumes,omitempty"`
-	Streams               []Stream                    `json:"streams,omitempty"`
-	Env                   []v1.EnvVar                 `json:"env,omitempty"`
+	// MasterServiceAnnotations takes precedence over ServiceAnnotations for master role if not empty
+	MasterServiceAnnotations map[string]string `json:"masterServiceAnnotations,omitempty"`
+	// ReplicaServiceAnnotations takes precedence over ServiceAnnotations for replica role if not empty
+	ReplicaServiceAnnotations map[string]string  `json:"replicaServiceAnnotations,omitempty"`
+	TLS                       *TLSDescription    `json:"tls,omitempty"`
+	AdditionalVolumes         []AdditionalVolume `json:"additionalVolumes,omitempty"`
+	Streams                   []Stream           `json:"streams,omitempty"`
+	Env                       []v1.EnvVar        `json:"env,omitempty"`
 
 	// deprecated json tags
 	InitContainersOld       []v1.Container `json:"init_containers,omitempty"`
 
@@ -524,7 +524,9 @@ func TestServiceAnnotations(t *testing.T) {
 		enableReplicaLoadBalancerOC   bool
 		enableTeamIdClusterPrefix     bool
 		operatorAnnotations           map[string]string
-		clusterAnnotations            map[string]string
+		serviceAnnotations            map[string]string
+		masterServiceAnnotations      map[string]string
+		replicaServiceAnnotations     map[string]string
 		expect                        map[string]string
 	}{
 		//MASTER
@@ -535,7 +537,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC:   false,
 			enableTeamIdClusterPrefix:    false,
 			operatorAnnotations:          make(map[string]string),
-			clusterAnnotations:           make(map[string]string),
+			serviceAnnotations:           make(map[string]string),
 			expect:                       make(map[string]string),
 		},
 		{
@@ -545,7 +547,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC:   false,
 			enableTeamIdClusterPrefix:    false,
 			operatorAnnotations:          make(map[string]string),
-			clusterAnnotations:           make(map[string]string),
+			serviceAnnotations:           make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test.test.db.example.com,test.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
@@ -558,7 +560,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC:   true,
 			enableTeamIdClusterPrefix:    false,
 			operatorAnnotations:          make(map[string]string),
-			clusterAnnotations:           make(map[string]string),
+			serviceAnnotations:           make(map[string]string),
 			expect:                       make(map[string]string),
 		},
 		{
@@ -567,7 +569,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:  false,
 			operatorAnnotations:        make(map[string]string),
-			clusterAnnotations:         make(map[string]string),
+			serviceAnnotations:         make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test.test.db.example.com,test.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
@@ -579,7 +581,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:  false,
 			operatorAnnotations:        make(map[string]string),
-			clusterAnnotations:         map[string]string{"foo": "bar"},
+			serviceAnnotations:         map[string]string{"foo": "bar"},
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test.test.db.example.com,test.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
@@ -593,7 +595,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC:   true,
 			enableTeamIdClusterPrefix:    false,
 			operatorAnnotations:          make(map[string]string),
-			clusterAnnotations:           map[string]string{"foo": "bar"},
+			serviceAnnotations:           map[string]string{"foo": "bar"},
 			expect:                       map[string]string{"foo": "bar"},
 		},
 		{
@@ -602,7 +604,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:  false,
 			operatorAnnotations:        map[string]string{"foo": "bar"},
-			clusterAnnotations:         make(map[string]string),
+			serviceAnnotations:         make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test.test.db.example.com,test.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
@@ -617,7 +619,7 @@ func TestServiceAnnotations(t *testing.T) {
 			operatorAnnotations: map[string]string{
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "1800",
 			},
-			clusterAnnotations: make(map[string]string),
+			serviceAnnotations: make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test.test.db.example.com,test.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "1800",
@@ -629,7 +631,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:  false,
 			operatorAnnotations:        make(map[string]string),
-			clusterAnnotations: map[string]string{
+			serviceAnnotations: map[string]string{
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "1800",
 			},
 			expect: map[string]string{
@@ -643,7 +645,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableMasterLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:  false,
 			operatorAnnotations:        make(map[string]string),
-			clusterAnnotations: map[string]string{
+			serviceAnnotations: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname": "wrong.external-dns-name.example.com",
 			},
 			expect: map[string]string{
@@ -656,13 +658,30 @@ func TestServiceAnnotations(t *testing.T) {
 			role:                       "master",
 			enableMasterLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:  true,
-			clusterAnnotations:         make(map[string]string),
+			serviceAnnotations:         make(map[string]string),
 			operatorAnnotations:        make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test.test.db.example.com,test.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
 			},
 		},
+		{
+			about:                      "Master with master service annotations override service annotations",
+			role:                       "master",
+			enableMasterLoadBalancerOC: true,
+			enableTeamIdClusterPrefix:  false,
+			operatorAnnotations:        make(map[string]string),
+			serviceAnnotations: map[string]string{
+				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "1800",
+			},
+			masterServiceAnnotations: map[string]string{
+				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "2000",
+			},
+			expect: map[string]string{
+				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test.test.db.example.com,test.acid.db.example.com",
+				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "2000",
+			},
+		},
 		// REPLICA
 		{
 			about:                         "Replica with no annotations and EnableReplicaLoadBalancer disabled on spec and OperatorConfig",
@@ -671,7 +690,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC:   false,
 			enableTeamIdClusterPrefix:     false,
 			operatorAnnotations:           make(map[string]string),
-			clusterAnnotations:            make(map[string]string),
+			serviceAnnotations:            make(map[string]string),
 			expect:                        make(map[string]string),
 		},
 		{
@@ -681,7 +700,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC:   false,
 			enableTeamIdClusterPrefix:     false,
 			operatorAnnotations:           make(map[string]string),
-			clusterAnnotations:            make(map[string]string),
+			serviceAnnotations:            make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test-repl.test.db.example.com,test-repl.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
@@ -694,7 +713,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC:   true,
 			enableTeamIdClusterPrefix:     false,
 			operatorAnnotations:           make(map[string]string),
-			clusterAnnotations:            make(map[string]string),
+			serviceAnnotations:            make(map[string]string),
 			expect:                        make(map[string]string),
 		},
 		{
@@ -703,7 +722,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:   false,
 			operatorAnnotations:         make(map[string]string),
-			clusterAnnotations:          make(map[string]string),
+			serviceAnnotations:          make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test-repl.test.db.example.com,test-repl.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
@@ -715,7 +734,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:   false,
 			operatorAnnotations:         make(map[string]string),
-			clusterAnnotations:          map[string]string{"foo": "bar"},
+			serviceAnnotations:          map[string]string{"foo": "bar"},
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test-repl.test.db.example.com,test-repl.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
@@ -729,7 +748,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC:   true,
 			enableTeamIdClusterPrefix:     false,
 			operatorAnnotations:           make(map[string]string),
-			clusterAnnotations:            map[string]string{"foo": "bar"},
+			serviceAnnotations:            map[string]string{"foo": "bar"},
 			expect:                        map[string]string{"foo": "bar"},
 		},
 		{
@@ -738,7 +757,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:   false,
 			operatorAnnotations:         map[string]string{"foo": "bar"},
-			clusterAnnotations:          make(map[string]string),
+			serviceAnnotations:          make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test-repl.test.db.example.com,test-repl.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
@@ -753,7 +772,7 @@ func TestServiceAnnotations(t *testing.T) {
 			operatorAnnotations: map[string]string{
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "1800",
 			},
-			clusterAnnotations: make(map[string]string),
+			serviceAnnotations: make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test-repl.test.db.example.com,test-repl.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "1800",
@@ -765,7 +784,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:   false,
 			operatorAnnotations:         make(map[string]string),
-			clusterAnnotations: map[string]string{
+			serviceAnnotations: map[string]string{
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "1800",
 			},
 			expect: map[string]string{
@@ -779,7 +798,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:   false,
 			operatorAnnotations:         make(map[string]string),
-			clusterAnnotations: map[string]string{
+			serviceAnnotations: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname": "wrong.external-dns-name.example.com",
 			},
 			expect: map[string]string{
@@ -792,21 +811,38 @@ func TestServiceAnnotations(t *testing.T) {
 			role:                        "replica",
 			enableReplicaLoadBalancerOC: true,
 			enableTeamIdClusterPrefix:   true,
-			clusterAnnotations:          make(map[string]string),
+			serviceAnnotations:          make(map[string]string),
 			operatorAnnotations:         make(map[string]string),
 			expect: map[string]string{
 				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test-repl.test.db.example.com,test-repl.acid.db.example.com",
 				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "3600",
 			},
 		},
+		{
+			about:                       "Replica with replica service annotations override service annotations",
+			role:                        "replica",
+			enableReplicaLoadBalancerOC: true,
+			enableTeamIdClusterPrefix:   false,
+			operatorAnnotations:         make(map[string]string),
+			serviceAnnotations: map[string]string{
+				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "1800",
+			},
+			replicaServiceAnnotations: map[string]string{
+				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "2000",
+			},
+			expect: map[string]string{
+				"external-dns.alpha.kubernetes.io/hostname":                            "acid-test-repl.test.db.example.com,test-repl.acid.db.example.com",
+				"service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout": "2000",
+			},
+		},
 		// COMMON
 		{
 			about:                       "cluster annotations append to operator annotations",
 			role:                        "replica",
 			enableReplicaLoadBalancerOC: false,
 			enableTeamIdClusterPrefix:   false,
 			operatorAnnotations:         map[string]string{"foo": "bar"},
-			clusterAnnotations:          map[string]string{"post": "gres"},
+			serviceAnnotations:          map[string]string{"post": "gres"},
 			expect:                      map[string]string{"foo": "bar", "post": "gres"},
 		},
 		{
@@ -815,7 +851,7 @@ func TestServiceAnnotations(t *testing.T) {
 			enableReplicaLoadBalancerOC: false,
 			enableTeamIdClusterPrefix:   false,
 			operatorAnnotations:         map[string]string{"foo": "bar", "post": "gres"},
-			clusterAnnotations:          map[string]string{"post": "greSQL"},
+			serviceAnnotations:          map[string]string{"post": "greSQL"},
 			expect:                      map[string]string{"foo": "bar", "post": "greSQL"},
 		},
 	}
@@ -833,7 +869,9 @@ func TestServiceAnnotations(t *testing.T) {
 
 			cl.Postgresql.Spec.ClusterName = ""
 			cl.Postgresql.Spec.TeamID = "acid"
-			cl.Postgresql.Spec.ServiceAnnotations = tt.clusterAnnotations
+			cl.Postgresql.Spec.ServiceAnnotations = tt.serviceAnnotations
+			cl.Postgresql.Spec.MasterServiceAnnotations = tt.masterServiceAnnotations
+			cl.Postgresql.Spec.ReplicaServiceAnnotations = tt.replicaServiceAnnotations
 			cl.Postgresql.Spec.EnableMasterLoadBalancer = tt.enableMasterLoadBalancerSpec
 			cl.Postgresql.Spec.EnableReplicaLoadBalancer = tt.enableReplicaLoadBalancerSpec
 
 
@@ -1905,12 +1905,33 @@ func (c *Cluster) generateServiceAnnotations(role PostgresRole, spec *acidv1.Pos
 	for k, v := range c.OpConfig.CustomServiceAnnotations {
 		annotations[k] = v
 	}
-	if spec != nil || spec.ServiceAnnotations != nil {
-		for k, v := range spec.ServiceAnnotations {
-			annotations[k] = v
+
+	var specServiceAnnotations map[string]string
+	if spec != nil {
+		switch role {
+		case Master:
+			// MasterServiceAnnotations take precedence over ServiceAnnotations if they are not empty
+			if len(spec.MasterServiceAnnotations) > 0 {
+				specServiceAnnotations = spec.MasterServiceAnnotations
+			} else {
+				specServiceAnnotations = spec.ServiceAnnotations
+			}
+		case Replica:
+			// ReplicaServiceAnnotations take precedence over ServiceAnnotations if they are not empty
+			if len(spec.ReplicaServiceAnnotations) > 0 {
+				specServiceAnnotations = spec.ReplicaServiceAnnotations
+			} else {
+				specServiceAnnotations = spec.ServiceAnnotations
+			}
+		default:
+			specServiceAnnotations = spec.ServiceAnnotations
 		}
 	}
 
+	for k, v := range specServiceAnnotations {
+		annotations[k] = v
+	}
+
 	if c.shouldCreateLoadBalancerForService(role, spec) {
 		dnsName := c.dnsName(role)