Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 15:10:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/cloudnative-pg] feat!: 💥 Refactor and add barman (#34509)

Browse Source 
* [bitnami/cloudnative-pg] feat!: 💥  Refactor and add barman

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>

* chore: 🔧 Update tag

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>

* feat:  Add monitoring queries configmap

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* chore:  Revert change in redis

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* chore: 💡 Add origin for monitoring queries

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>

* fix: 🐛 Remove duplicate namespace

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

---------

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>
Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
Co-authored-by: Bitnami Bot <bitnami.bot@broadcom.com>
This commit is contained in:
Javier J. Salmerón García
2025-06-17 14:37:17 +02:00
committed by GitHub
parent 5ec9e65098
commit 0e71cda783
47 changed files with 4734 additions and 1275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.vib/cloudnative-pg/goss/goss.yaml
View File

@@ -2,26 +2,34 @@
# SPDX-License-Identifier: APACHE-2.0
http:
https://cnpg-webhook-service:{{ .Vars.service.ports.webhook }}/readyz:
https://cnpg-webhook-service:{{ .Vars.operator.service.ports.webhook }}/readyz:
status: 200
allow-insecure: true
http://cloudnative-pg-metrics:{{ .Vars.metrics.service.ports.metrics }}/metrics:
http://cloudnative-pg-operator-metrics:{{ .Vars.operator.metrics.service.ports.metrics }}/metrics:
status: 200
body:
- /controller_runtime_reconcile_time_seconds_bucket/
# Ports hardcoded in the operator
addr:
tcp://cloudnative-pg-plugin-barman-cloud:{{ .Vars.pluginBarmanCloud.service.ports.grpc }}:
reachable: true
# Ports hardcoded in the operator
tcp://vib-cluster-example-r:5432:
reachable: true
tcp://vib-cluster-example-rw:5432:
reachable: true
tcp://vib-cluster-example-ro:5432:
reachable: true
{{- $username := (index .Vars.extraDeploy 0).stringData.username }}
{{- $password := (index .Vars.extraDeploy 0).stringData.password }}
command:
check-auth-and-cluster-status:
exec: PGPASSWORD={{ $password }} psql -U {{ $username }} -d postgres -h vib-cluster-example-rw -c "SELECT client_addr, state FROM pg_stat_replication;"
# Check that the backup has the status succeeded
check-backup-status:
exec: PATH=/opt/bitnami/kubectl/bin:$PATH kubectl get backups
exit-status: 0
stdout:
- /2 rows/
- /backup-example.*completed/
# plugin-barman-cloud metrics endpoints uses RBAC for authorization, so we cannot use goss built-in "http" directive because we need the SA token present in the
# container filesystem. Instead, we use curl
check-plugin-barman-cloud-metrics:
exec: 'curl -k --header "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://cloudnative-pg-plugin-barman-cloud-metrics:{{ .Vars.pluginBarmanCloud.metrics.service.ports.metrics }}/metrics'
exit-status: 0
stdout:
- /objectstore/

312
.vib/cloudnative-pg/runtime-parameters.yaml
View File

@@ -1,5 +1,6 @@
extraDeploy:
# Taken from https://cloudnative-pg.io/documentation/1.25/declarative_role_management/
# 1) Deploy a PostgreSQL Cluster with the Barman Cloud Plugin enabled
- apiVersion: v1
kind: Secret
metadata:
@@ -20,6 +21,11 @@ extraDeploy:
instances: 3
storage:
size: 1Gi
plugins:
- name: barman-cloud.cloudnative-pg.io
isWALArchiver: true
parameters:
barmanObjectName: minio-store
managed:
roles:
- name: vib_user
@@ -29,8 +35,206 @@ extraDeploy:
superuser: true
passwordSecret:
name: vib-cluster-example-user
# We cannot run goss tests in the actual instances because it's ReadOnlyRootFilesystem and it is not configurable
# Instead we deploy a PostgreSQL client
# 2) Deploy a MinIO(TM) instance to be used as ObjectStore for backups
- |
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
labels:
app.kubernetes.io/instance: minio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: minio
app.kubernetes.io/version: 2025.5.24
helm.sh/chart: minio-17.0.3
app.kubernetes.io/component: minio
app.kubernetes.io/part-of: minio
spec:
selector:
matchLabels:
app.kubernetes.io/instance: minio
app.kubernetes.io/name: minio
app.kubernetes.io/component: minio
app.kubernetes.io/part-of: minio
strategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/instance: minio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: minio
app.kubernetes.io/version: 2025.5.24
helm.sh/chart: minio-17.0.3
app.kubernetes.io/component: minio
app.kubernetes.io/part-of: minio
spec:
securityContext:
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: []
sysctls: []
{{- if not (include "common.compatibility.isOpenshift" .) }}
fsGroup: 1001
{{- end }}
initContainers:
containers:
- name: minio
image: docker.io/bitnami/minio:2025.5.24-debian-12-r5
imagePullPolicy: "IfNotPresent"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions: {}
seccompProfile:
type: RuntimeDefault
{{- if not (include "common.compatibility.isOpenshift" .) }}
runAsGroup: 1001
runAsUser: 1001
{{- end }}
env:
- name: BITNAMI_DEBUG
value: "false"
- name: MINIO_DISTRIBUTED_MODE_ENABLED
value: "no"
- name: MINIO_SCHEME
value: "http"
- name: MINIO_FORCE_NEW_KEYS
value: "no"
- name: MINIO_DEFAULT_BUCKETS
value: postgrestest
- name: MINIO_ROOT_USER_FILE
value: /opt/bitnami/minio/secrets/root-user
- name: MINIO_ROOT_PASSWORD_FILE
value: /opt/bitnami/minio/secrets/root-password
- name: MINIO_SKIP_CLIENT
value: "yes"
- name: MINIO_API_PORT_NUMBER
value: "9000"
- name: MINIO_BROWSER
value: "off"
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
- name: MINIO_DATA_DIR
value: "/bitnami/minio/data"
ports:
- name: api
containerPort: 9000
livenessProbe:
httpGet:
path: /minio/health/live
port: api
scheme: "HTTP"
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
tcpSocket:
port: api
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /opt/bitnami/minio/tmp
subPath: app-tmp-dir
- name: empty-dir
mountPath: /.mc
subPath: app-mc-dir
- name: minio-credentials
mountPath: /opt/bitnami/minio/secrets/
- name: data
mountPath: /bitnami/minio/data
volumes:
- name: empty-dir
emptyDir: {}
- name: minio-credentials
secret:
secretName: minio
- name: data
emptyDir: {}
- apiVersion: v1
kind: Service
metadata:
name: minio
labels:
app.kubernetes.io/instance: minio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: minio
app.kubernetes.io/version: 2025.5.24
helm.sh/chart: minio-17.0.3
app.kubernetes.io/component: minio
app.kubernetes.io/part-of: minio
spec:
type: ClusterIP
ports:
- name: tcp-api
port: 9000
targetPort: api
nodePort: null
selector:
app.kubernetes.io/instance: minio
app.kubernetes.io/name: minio
app.kubernetes.io/component: minio
app.kubernetes.io/part-of: minio
- apiVersion: v1
kind: Secret
metadata:
name: minio
labels:
app.kubernetes.io/instance: minio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: minio
app.kubernetes.io/version: 2025.5.24
helm.sh/chart: minio-17.0.3
app.kubernetes.io/component: minio
app.kubernetes.io/part-of: minio
type: Opaque
stringData:
root-user: "root"
root-password: "bitnami1234"
- apiVersion: barmancloud.cnpg.io/v1
kind: ObjectStore
metadata:
name: minio-store
spec:
configuration:
destinationPath: s3://postgrestest/
endpointURL: http://minio:9000
s3Credentials:
accessKeyId:
name: minio
key: root-user
secretAccessKey:
name: minio
key: root-password
wal:
compression: gzip
# 3) Deploy a Backup object to perform a backup of the PostgreSQL cluster deployed in step 1
- apiVersion: postgresql.cnpg.io/v1
kind: Backup
metadata:
name: backup-example
spec:
cluster:
name: vib-cluster-example
method: plugin
pluginConfiguration:
name: barman-cloud.cloudnative-pg.io
# 4) Create a Deployment for our goss tests. We cannot run goss in the operators because they are scratch. We cannot run the test in the Cluster instances because it's ReadOnlyRootFilesystem and it is not configurable. The testing deployment is comprised as follows:
# - First an init container with the PostgreSQL client checks that the cluster has been formed
# - Then a kubectl container will be used for running the goss tests. With it we can verify that the backup succeeded
- apiVersion: apps/v1
kind: Deployment
metadata:
@@ -47,7 +251,9 @@ extraDeploy:
labels:
app: postgresql
spec:
containers:
serviceAccountName: '{{ template "cloudnative-pg.operator.serviceAccountName" . }}'
automountServiceAccountToken: true
initContainers:
- image: docker.io/bitnami/postgresql:latest
command:
- /bin/bash
@@ -58,7 +264,6 @@ extraDeploy:
# Wait until the cluster is formed
while true; do
if PGPASSWORD=$POSTGRES_PASSWORD psql -U $POSTGRES_USER -d postgres -h vib-cluster-example-rw -c "SELECT client_addr, state FROM pg_stat_replication;" | grep "2 rows"; then
echo 1 > /tmp/ready
echo "Connected to PostgreSQL"
break
else
@@ -66,7 +271,7 @@ extraDeploy:
sleep 10
fi
done
sleep infinity
exit 0
name: postgresql
env:
- name: POSTGRES_PASSWORD
@@ -79,22 +284,6 @@ extraDeploy:
secretKeyRef:
name: vib-cluster-example-user
key: username
startupProbe:
exec:
command:
- sh
- -c
- |
if [ $(cat /tmp/ready) = "1" ]; then
exit 0
else
exit 1
fi
initialDelaySeconds: 40
periodSeconds: 20
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
securityContext:
runAsNonRoot: true
privileged: false
@@ -106,15 +295,84 @@ extraDeploy:
volumeMounts:
- name: empty-dir
mountPath: /tmp
- name: copy-kubectl
command:
- /bin/bash
args:
- -ec
- |
cp /opt/bitnami/kubectl/bin/kubectl /out/kubectl
image: bitnami/kubectl
securityContext:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
volumeMounts:
- name: empty-dir
subPath: kubectl-bin
mountPath: /out
containers:
- name: kubectl
command:
- sleep
args:
- infinity
readinessProbe:
exec:
command:
- sh
- -c
- |
exit 0
# Providing extra time for the test runs to finish
initialDelaySeconds: 120
periodSeconds: 20
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
image: bitnami/os-shell:latest
securityContext:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
volumeMounts:
- name: empty-dir
mountPath: /tmp
- name: empty-dir
subPath: kubectl-bin
mountPath: /opt/bitnami/kubectl/bin
volumes:
- name: empty-dir
emptyDir: {}
service:
ports:
webhook: 443
type: LoadBalancer
metrics:
operator:
service:
ports:
webhook: 443
type: LoadBalancer
metrics:
enabled: true
service:
ports:
metrics: 2311
pluginBarmanCloud:
enabled: true
service:
ports:
metrics: 2311
grpc: 2218
metrics:
enabled: true
# Add the cloudnative-pg SA as allowed account because we need it for the goss tests
allowedServiceAccounts:
- name: '{{ include "cloudnative-pg.operator.serviceAccountName" $ }}'
namespace: '{{ include "common.names.namespace" $ }}'
service:
ports:
metrics: 8221

8
bitnami/cloudnative-pg/CHANGELOG.md
View File

@@ -1,8 +1,12 @@
# Changelog
## 0.1.24 (2025-06-13)
## 1.0.0 (2025-06-17)
* [bitnami/cloudnative-pg] :zap: :arrow_up: Update dependency references ([#34414](https://github.com/bitnami/charts/pull/34414))
* [bitnami/cloudnative-pg] feat!: :boom: :heavy_plus_sign: Refactor and add barman ([#34509](https://github.com/bitnami/charts/pull/34509))
## <small>0.1.24 (2025-06-13)</small>
* [bitnami/cloudnative-pg] :zap: :arrow_up: Update dependency references (#34414) ([a7ef45e](https://github.com/bitnami/charts/commit/a7ef45efd7132d83b947c02c49199447b0d24d7f)), closes [#34414](https://github.com/bitnami/charts/issues/34414)
## <small>0.1.23 (2025-06-12)</small>

7
bitnami/cloudnative-pg/Chart.yaml
View File

@@ -1,6 +1,5 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
annotations:
category: Infrastructure
images: |
@@ -8,6 +7,10 @@ annotations:
image: docker.io/bitnami/cloudnative-pg:1.26.0-debian-12-r4
- name: postgresql
image: docker.io/bitnami/postgresql:17.5.0-debian-12-r12
- name: plugin-barman-cloud
image: docker.io/bitnami/plugin-barman-cloud:0.5.0-debian-12-r0
- name: plugin-barman-cloud-sidecar
image: docker.io/bitnami/plugin-barman-cloud-sidecar:0.5.0-debian-12-r1
licenses: Apache-2.0
tanzuCategory: service
apiVersion: v2
@@ -32,4 +35,4 @@ maintainers:
name: cloudnative-pg
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cloudnative-pg
version: 0.1.24
version: 1.0.0

604
bitnami/cloudnative-pg/README.md
View File

@@ -43,30 +43,40 @@ The command deploys CloudNativePG on the Kubernetes cluster in the default confi
### Operator configuration
The Bitnami CloudNativePG chart allows [configuring the operator](https://cloudnative-pg.io/documentation/current/operator_conf/#available-options) using ConfigMaps and Secrets. This is done using the `configuration` and `secretConfiguration` parameters. Both are values are compatible, and the configuration in the `secretConfiguration` section takes precedence over the `configuration` section. In the example below we add extra configuration parameters to the operator:
The Bitnami CloudNativePG chart allows [configuring the operator](https://cloudnative-pg.io/documentation/current/operator_conf/#available-options) using ConfigMaps and Secrets. This is done using the `operator.configuration` and `operator.secretConfiguration` parameters. Both are values are compatible, and the configuration in the `operator.secretConfiguration` section takes precedence over the `operator.configuration` section. In the example below we add extra configuration parameters to the operator:
```yaml
configuration:
EXPIRING_CHECK_THRESHOLD: 12
secretConfiguration:
CERTIFICATE_DURATION: 120
operator:
configuration:
EXPIRING_CHECK_THRESHOLD: 12
secretConfiguration:
CERTIFICATE_DURATION: 120
```
It is also possible to use existing ConfigMaps and Secrets using the `existingConfigMap` and `existingSecret` parameters (note that these are not compatible with the `configuration` and `secretConfiguration` parameters).
It is also possible to use existing ConfigMaps and Secrets using the `operator.existingConfigMap` and `operator.existingSecret` parameters (note that these are not compatible with the `operator.configuration` and `operator.secretConfiguration` parameters).
### Resource requests and limits
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `*.resources` (under the `operator` and `pluginBarmanCloud` sections) value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
To make this process easier, the chart contains the `*.resourcesPreset` (under the `operator` and `pluginBarmanCloud` sections) values, which automatically sets the `*.resources` (under the `operator` and `pluginBarmanCloud` sections) section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### Backup and restore
To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using [Velero](https://velero.io/), a Kubernetes backup/restore tool. Find the instructions for using Velero in [this guide](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-backup-restore-deployments-velero-index.html).
The Bitnami CloudNativePG chart includes the [plugin-barman-cloud](https://cloudnative-pg.io/plugin-barman-cloud/) for performing backup operations. This is enabled by setting `pluginBarmanCloud.enabled=true`:
```yaml
pluginBarmanCloud:
enabled: true
```
Check the upstream [plugin-barman-cloud](https://cloudnative-pg.io/plugin-barman-cloud/docs/intro/) on how to deploy `BarmanObjectStore` objects and enabling backup operations.
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to true. This will expose the cloudnative-pg native Prometheus endpoint in a `metrics` service, which can be configured under the `metrics.service` section. It will have the necessary annotations to be automatically scraped by Prometheus.
This chart can be integrated with Prometheus by setting `*.metrics.enabled` (under the `operator` and `pluginBarmanCloud` sections) to true. This will expose the cloudnative-pg native Prometheus endpoint in a `metrics` service, which can be configured under the `*.metrics.service` (under the `operator` and `pluginBarmanCloud` sections) section. It will have the necessary annotations to be automatically scraped by Prometheus.
For the PostgreSQL instances themselves, the chart deploys a monitoring queries ConfigMap or Secret with basic queries. These can be cofigured under the `operator.metrics.monitoringQueries` section.
#### Prometheus requirements
@@ -74,7 +84,7 @@ It is necessary to have a working installation of Prometheus or Prometheus Opera
#### Integration with Prometheus Operator
The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `metrics.serviceMonitor.enabled=true`. Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error:
The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `*.metrics.serviceMonitor.enabled=true` (under the `operator` and `pluginBarmanCloud` sections). Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error:
```text
no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
@@ -90,41 +100,44 @@ Bitnami will release a new chart updating its containers if a new version of the
### Additional environment variables
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property:
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property inside the `operator` and `pluginBarmanCloud` sections:
```yaml
extraEnvVars:
- name: LOG_LEVEL
value: error
operator:
extraEnvVars:
- name: LOG_LEVEL
value: error
```
Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values inside the `operator`, `apiserver` and `cluster` sections.
Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values inside the `operator` and `pluginBarmanCloud` sections.
### Sidecars
If additional containers are needed in the same pod as cloudnative-pg (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter:
If additional containers are needed in the same pod as cloudnative-pg (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter inside the `operator` and `pluginBarmanCloud` sections:
```yaml
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
operator:
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below:
If these sidecars export extra ports, extra port definitions can be added using the `*.service.extraPorts` parameter (where available), as shown in the example below:
```yaml
service:
extraPorts:
- name: extraPort
port: 11311
targetPort: 11311
operator:
service:
extraPorts:
- name: extraPort
port: 11311
targetPort: 11311
```
If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example:
If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter inside the `operator` and `pluginBarmanCloud` sections. Here is an example:
```yaml
initContainers:
@@ -177,9 +190,9 @@ Check the [CloudNativePG official documentation](https://cloudnative-pg.io/docum
### Pod affinity
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
This chart allows you to set your custom affinity using the `affinity` parameter inside the `operator` and `pluginBarmanCloud` sections. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters inside the `operator`, `apiserver` and `cluster` sections.
As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters inside the `operator` and `pluginBarmanCloud` sections.
## Parameters
@@ -195,177 +208,363 @@ As an alternative, use one of the preset configurations for pod affinity, pod an
### Common parameters
| Name | Description | Value |
| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| `kubeVersion` | Override Kubernetes version | `""` |
| `apiVersions` | Override Kubernetes API versions reported by .Capabilities | `[]` |
| `nameOverride` | String to partially override common.names.name | `""` |
| `fullnameOverride` | String to fully override common.names.fullname | `""` |
| `namespaceOverride` | String to fully override common.names.namespace | `""` |
| `commonLabels` | Labels to add to all deployed objects | `{}` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `image.registry` | cloudnative-pg Operator image registry | `REGISTRY_NAME` |
| `image.repository` | cloudnative-pg Operator image repository | `REPOSITORY_NAME/cloudnative-pg` |
| `image.digest` | cloudnative-pg Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
| `image.pullPolicy` | cloudnative-pg Operator image pull policy | `IfNotPresent` |
| `image.pullSecrets` | cloudnative-pg Operator image pull secrets | `[]` |
| `image.debug` | Enable cloudnative-pg Operator image debug mode | `false` |
| `postgresqlImage.registry` | PostgreSQL image registry | `REGISTRY_NAME` |
| `postgresqlImage.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` |
| `postgresqlImage.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `replicaCount` | Number of cloudnative-pg Operator replicas to deploy | `1` |
| `containerPorts.metrics` | cloudnative-pg Operator metrics container port | `8080` |
| `containerPorts.webhook` | cloudnative-pg Operator webhook container port | `9443` |
| `livenessProbe.enabled` | Enable livenessProbe on cloudnative-pg Operator containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe on cloudnative-pg Operator containers | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe on cloudnative-pg Operator containers | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `watchAllNamespaces` | Watch for cloudnative-pg resources in all namespaces | `true` |
| `watchNamespaces` | Watch for cloudnative-pg resources in the given namespaces | `[]` |
| `maxConcurrentReconciles` | Maximum concurrent reconciles in the operator | `10` |
| `configuration` | Add configuration settings to a configmap | `{}` |
| `secretConfiguration` | Add configuration settings to a secret | `{}` |
| `existingConfigMap` | Name of a ConfigMap containing the operator configuration | `""` |
| `existingSecret` | Name of a Secret containing the operator secret configuration | `""` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if operator.resources is set (operator.resources is recommended for production). | `nano` |
| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `podSecurityContext.enabled` | Enabled cloudnative-pg Operator pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set cloudnative-pg Operator pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `hostAliases` | cloudnative-pg Operator pods host aliases | `[]` |
| `podLabels` | Extra labels for cloudnative-pg Operator pods | `{}` |
| `podAnnotations` | Annotations for cloudnative-pg Operator pods | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `affinity` | Affinity for cloudnative-pg Operator pods assignment | `{}` |
| `nodeSelector` | Node labels for cloudnative-pg Operator pods assignment | `{}` |
| `tolerations` | Tolerations for cloudnative-pg Operator pods assignment | `[]` |
| `updateStrategy.type` | cloudnative-pg Operator statefulset strategy type | `RollingUpdate` |
| `priorityClassName` | cloudnative-pg Operator pods' priorityClassName | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `schedulerName` | Name of the k8s scheduler (other than default) for cloudnative-pg Operator pods | `""` |
| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
| `lifecycleHooks` | for the cloudnative-pg Operator container(s) to automate configuration before or after startup | `{}` |
| `extraEnvVars` | Array with extra environment variables to add to cloudnative-pg Operator nodes | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for cloudnative-pg Operator nodes | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for cloudnative-pg Operator nodes | `""` |
| `extraVolumes` | Optionally specify extra list of additional volumes for the cloudnative-pg Operator pod(s) | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the cloudnative-pg Operator container(s) | `[]` |
| `sidecars` | Add additional sidecar containers to the cloudnative-pg Operator pod(s) | `[]` |
| `initContainers` | Add additional init containers to the cloudnative-pg Operator pod(s) | `[]` |
| `webhook.validating.create` | Create ValidatingWebhookConfiguration | `true` |
| `webhook.validating.failurePolicy` | Set failure policy of the validating webhook | `Fail` |
| `webhook.mutating.create` | Create MutatingWebhookConfiguration | `true` |
| `webhook.mutating.failurePolicy` | Set failure policy of the mutating webhook | `Fail` |
| `autoscaling.vpa.enabled` | Enable VPA | `false` |
| `autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
| `autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
| `autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
| `autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
| `autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
| `autoscaling.hpa.enabled` | Enable autoscaling for operator | `false` |
| `autoscaling.hpa.minReplicas` | Minimum number of operator replicas | `""` |
| `autoscaling.hpa.maxReplicas` | Maximum number of operator replicas | `""` |
| `autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
| `autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
| Name | Description | Value |
| ------------------- | ---------------------------------------------------------- | --------------- |
| `kubeVersion` | Override Kubernetes version | `""` |
| `apiVersions` | Override Kubernetes API versions reported by .Capabilities | `[]` |
| `nameOverride` | String to partially override common.names.name | `""` |
| `fullnameOverride` | String to fully override common.names.fullname | `""` |
| `namespaceOverride` | String to fully override common.names.namespace | `""` |
| `commonLabels` | Labels to add to all deployed objects | `{}` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
### cloudnative-pg operator parameters
| Name | Description | Value |
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| `operator.image.registry` | cloudnative-pg Operator image registry | `REGISTRY_NAME` |
| `operator.image.repository` | cloudnative-pg Operator image repository | `REPOSITORY_NAME/cloudnative-pg` |
| `operator.image.digest` | cloudnative-pg Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
| `operator.image.pullPolicy` | cloudnative-pg Operator image pull policy | `IfNotPresent` |
| `operator.image.pullSecrets` | cloudnative-pg Operator image pull secrets | `[]` |
| `operator.image.debug` | Enable cloudnative-pg Operator image debug mode | `false` |
| `operator.postgresqlImage.registry` | PostgreSQL image registry | `REGISTRY_NAME` |
| `operator.postgresqlImage.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` |
| `operator.postgresqlImage.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `operator.replicaCount` | Number of cloudnative-pg Operator replicas to deploy | `1` |
| `operator.containerPorts.metrics` | cloudnative-pg Operator metrics container port | `8080` |
| `operator.containerPorts.webhook` | cloudnative-pg Operator webhook container port | `9443` |
| `operator.livenessProbe.enabled` | Enable livenessProbe on cloudnative-pg Operator containers | `true` |
| `operator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `operator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `operator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `operator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `operator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `operator.readinessProbe.enabled` | Enable readinessProbe on cloudnative-pg Operator containers | `true` |
| `operator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `operator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `operator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `operator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `operator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `operator.startupProbe.enabled` | Enable startupProbe on cloudnative-pg Operator containers | `false` |
| `operator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `operator.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `operator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `operator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
| `operator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `operator.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `operator.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `operator.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `operator.watchAllNamespaces` | Watch for cloudnative-pg resources in all namespaces | `true` |
| `operator.watchNamespaces` | Watch for cloudnative-pg resources in the given namespaces | `[]` |
| `operator.maxConcurrentReconciles` | Maximum concurrent reconciles in the operator | `10` |
| `operator.configuration` | Add configuration settings to a configmap | `{}` |
| `operator.secretConfiguration` | Add configuration settings to a secret | `{}` |
| `operator.existingConfigMap` | Name of a ConfigMap containing the operator configuration | `""` |
| `operator.existingSecret` | Name of a Secret containing the operator secret configuration | `""` |
| `operator.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if operator.resources is set (operator.resources is recommended for production). | `nano` |
| `operator.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `operator.podSecurityContext.enabled` | Enabled cloudnative-pg Operator pods' Security Context | `true` |
| `operator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `operator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `operator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `operator.podSecurityContext.fsGroup` | Set cloudnative-pg Operator pod's Security Context fsGroup | `1001` |
| `operator.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `operator.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `operator.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `operator.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `operator.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `operator.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `operator.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `operator.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `operator.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `operator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `operator.command` | Override default container command (useful when using custom images) | `[]` |
| `operator.args` | Override default container args (useful when using custom images) | `[]` |
| `operator.extraArgs` | Additional command line arguments to pass to default command | `[]` |
| `operator.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `operator.hostAliases` | cloudnative-pg Operator pods host aliases | `[]` |
| `operator.podLabels` | Extra labels for cloudnative-pg Operator pods | `{}` |
| `operator.podAnnotations` | Annotations for cloudnative-pg Operator pods | `{}` |
| `operator.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `operator.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `operator.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
| `operator.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
| `operator.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
| `operator.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `operator.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `operator.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `operator.affinity` | Affinity for cloudnative-pg Operator pods assignment | `{}` |
| `operator.nodeSelector` | Node labels for cloudnative-pg Operator pods assignment | `{}` |
| `operator.tolerations` | Tolerations for cloudnative-pg Operator pods assignment | `[]` |
| `operator.updateStrategy.type` | cloudnative-pg Operator statefulset strategy type | `RollingUpdate` |
| `operator.priorityClassName` | cloudnative-pg Operator pods' priorityClassName | `""` |
| `operator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `operator.schedulerName` | Name of the k8s scheduler (other than default) for cloudnative-pg Operator pods | `""` |
| `operator.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
| `operator.lifecycleHooks` | for the cloudnative-pg Operator container(s) to automate configuration before or after startup | `{}` |
| `operator.extraEnvVars` | Array with extra environment variables to add to cloudnative-pg Operator nodes | `[]` |
| `operator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for cloudnative-pg Operator nodes | `""` |
| `operator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for cloudnative-pg Operator nodes | `""` |
| `operator.extraVolumes` | Optionally specify extra list of additional volumes for the cloudnative-pg Operator pod(s) | `[]` |
| `operator.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the cloudnative-pg Operator container(s) | `[]` |
| `operator.sidecars` | Add additional sidecar containers to the cloudnative-pg Operator pod(s) | `[]` |
| `operator.initContainers` | Add additional init containers to the cloudnative-pg Operator pod(s) | `[]` |
| `operator.webhook.validating.create` | Create ValidatingWebhookConfiguration | `true` |
| `operator.webhook.validating.failurePolicy` | Set failure policy of the validating webhook | `Fail` |
| `operator.webhook.mutating.create` | Create MutatingWebhookConfiguration | `true` |
| `operator.webhook.mutating.failurePolicy` | Set failure policy of the mutating webhook | `Fail` |
| `operator.autoscaling.vpa.enabled` | Enable VPA | `false` |
| `operator.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
| `operator.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
| `operator.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
| `operator.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
| `operator.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
| `operator.autoscaling.hpa.enabled` | Enable autoscaling for operator | `false` |
| `operator.autoscaling.hpa.minReplicas` | Minimum number of operator replicas | `""` |
| `operator.autoscaling.hpa.maxReplicas` | Maximum number of operator replicas | `""` |
| `operator.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
| `operator.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
### cloudnative-pg Operator Traffic Exposure Parameters
| Name | Description | Value |
| --------------------------------------- | -------------------------------------------------------------------------------------------------- | ----------- |
| `service.type` | cloudnative-pg Operator service type | `ClusterIP` |
| `service.ports.webhook` | cloudnative-pg Operator service webhook port | `443` |
| `service.nodePorts.webhook` | Node port for webhook | `""` |
| `service.clusterIP` | cloudnative-pg Operator service Cluster IP | `""` |
| `service.loadBalancerIP` | cloudnative-pg Operator service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | cloudnative-pg Operator service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | cloudnative-pg Operator service external traffic policy | `Cluster` |
| `service.labels` | Labels for the service | `{}` |
| `service.annotations` | Additional custom annotations for cloudnative-pg Operator service | `{}` |
| `service.extraPorts` | Extra ports to expose in cloudnative-pg Operator service (normally used with the `sidecars` value) | `[]` |
| `service.sessionAffinity` | Control where web requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` |
| `networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| ------------------------------------------------ | -------------------------------------------------------------------------------------------------- | ----------- |
| `operator.service.type` | cloudnative-pg Operator service type | `ClusterIP` |
| `operator.service.ports.webhook` | cloudnative-pg Operator service webhook port | `443` |
| `operator.service.nodePorts.webhook` | Node port for webhook | `""` |
| `operator.service.clusterIP` | cloudnative-pg Operator service Cluster IP | `""` |
| `operator.service.loadBalancerIP` | cloudnative-pg Operator service Load Balancer IP | `""` |
| `operator.service.loadBalancerSourceRanges` | cloudnative-pg Operator service Load Balancer sources | `[]` |
| `operator.service.externalTrafficPolicy` | cloudnative-pg Operator service external traffic policy | `Cluster` |
| `operator.service.labels` | Labels for the service | `{}` |
| `operator.service.annotations` | Additional custom annotations for cloudnative-pg Operator service | `{}` |
| `operator.service.extraPorts` | Extra ports to expose in cloudnative-pg Operator service (normally used with the `sidecars` value) | `[]` |
| `operator.service.sessionAffinity` | Control where web requests go, to the same pod or round-robin | `None` |
| `operator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `operator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `operator.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` |
| `operator.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `operator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `operator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `operator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `operator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `operator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### cloudnative-pg Operator RBAC Parameters
| Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------- | ------- |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.rules` | Custom RBAC rules to set | `[]` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` |
| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
| Name | Description | Value |
| ------------------------------------------------------ | ---------------------------------------------------------------- | ------- |
| `operator.rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `operator.rbac.rules` | Custom RBAC rules to set | `[]` |
| `operator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `operator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `operator.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` |
| `operator.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
### cloudnative-pg Operator Metrics Parameters
| Name | Description | Value |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------ | ------- |
| `metrics.enabled` | Enable the export of Prometheus metrics | `false` |
| `metrics.service.ports.metrics` | Meetrics service port | `80` |
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `metrics.service.labels` | Labels for the metrics service | `{}` |
| `metrics.service.annotations` | Annotations for the metrics service | `{}` |
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
| `metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| Name | Description | Value |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- |
| `operator.metrics.enabled` | Enable the export of Prometheus metrics | `false` |
| `operator.metrics.monitoringQueries.useSecret` | Use secret for the monitoring queries. Will use a ConfigMap if false | `false` |
| `operator.metrics.monitoringQueries.overrideConfiguration` | Override sections of the default monitoring queries configuration | `{}` |
| `operator.metrics.monitoringQueries.existingQueries` | Name of a ConfigMap or Secret with existing monitoring queries | `""` |
| `operator.metrics.service.ports.metrics` | Meetrics service port | `80` |
| `operator.metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `operator.metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `operator.metrics.service.labels` | Labels for the metrics service | `{}` |
| `operator.metrics.service.annotations` | Annotations for the metrics service | `{}` |
| `operator.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
| `operator.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
| `operator.metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` |
| `operator.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `operator.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` |
| `operator.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `operator.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `operator.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `operator.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
| `operator.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
| `operator.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
### plugin-barman-cloud parameters
| Name | Description | Value |
| --------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
| `pluginBarmanCloud.enabled` | Enable the plugin for Barman Cloud | `true` |
| `pluginBarmanCloud.image.registry` | plugin-barman-cloud image registry | `REGISTRY_NAME` |
| `pluginBarmanCloud.image.repository` | plugin-barman-cloud image repository | `REPOSITORY_NAME/plugin-barman-cloud` |
| `pluginBarmanCloud.image.digest` | plugin-barman-cloud image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
| `pluginBarmanCloud.image.pullPolicy` | plugin-barman-cloud image pull policy | `IfNotPresent` |
| `pluginBarmanCloud.image.pullSecrets` | plugin-barman-cloud image pull secrets | `[]` |
| `pluginBarmanCloud.image.debug` | Enable plugin-barman-cloud image debug mode | `false` |
| `pluginBarmanCloud.sidecarImage.registry` | plugin-barman-cloud-sidecar image registry | `REGISTRY_NAME` |
| `pluginBarmanCloud.sidecarImage.repository` | plugin-barman-cloud-sidecar image repository | `REPOSITORY_NAME/plugin-barman-cloud-sidecar` |
| `pluginBarmanCloud.sidecarImage.digest` | plugin-barman-cloud-sidecar image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `pluginBarmanCloud.replicaCount` | Number of plugin-barman-cloud replicas to deploy | `1` |
| `pluginBarmanCloud.containerPorts.metrics` | plugin-barman-cloud metrics container port | `8080` |
| `pluginBarmanCloud.containerPorts.grpc` | plugin-barman-cloud grpc container port | `9443` |
| `pluginBarmanCloud.containerPorts.health` | plugin-barman-cloud health container port | `8921` |
| `pluginBarmanCloud.livenessProbe.enabled` | Enable livenessProbe on plugin-barman-cloud containers | `true` |
| `pluginBarmanCloud.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `pluginBarmanCloud.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `pluginBarmanCloud.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `pluginBarmanCloud.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `pluginBarmanCloud.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `pluginBarmanCloud.readinessProbe.enabled` | Enable readinessProbe on plugin-barman-cloud containers | `true` |
| `pluginBarmanCloud.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `pluginBarmanCloud.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `pluginBarmanCloud.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `pluginBarmanCloud.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `pluginBarmanCloud.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `pluginBarmanCloud.startupProbe.enabled` | Enable startupProbe on plugin-barman-cloud containers | `false` |
| `pluginBarmanCloud.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `pluginBarmanCloud.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `pluginBarmanCloud.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `pluginBarmanCloud.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
| `pluginBarmanCloud.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `pluginBarmanCloud.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `pluginBarmanCloud.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `pluginBarmanCloud.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `pluginBarmanCloud.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if.resources is set (operator.resources is recommended for production). | `nano` |
| `pluginBarmanCloud.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `pluginBarmanCloud.podSecurityContext.enabled` | Enabled plugin-barman-cloud pods' Security Context | `true` |
| `pluginBarmanCloud.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `pluginBarmanCloud.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `pluginBarmanCloud.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `pluginBarmanCloud.podSecurityContext.fsGroup` | Set plugin-barman-cloud pod's Security Context fsGroup | `1001` |
| `pluginBarmanCloud.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `pluginBarmanCloud.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `pluginBarmanCloud.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `pluginBarmanCloud.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `pluginBarmanCloud.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `pluginBarmanCloud.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `pluginBarmanCloud.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `pluginBarmanCloud.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `pluginBarmanCloud.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `pluginBarmanCloud.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `pluginBarmanCloud.command` | Override default container command (useful when using custom images) | `[]` |
| `pluginBarmanCloud.args` | Override default container args (useful when using custom images) | `[]` |
| `pluginBarmanCloud.extraArgs` | Additional command line arguments to pass to default command | `[]` |
| `pluginBarmanCloud.automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `pluginBarmanCloud.hostAliases` | plugin-barman-cloud pods host aliases | `[]` |
| `pluginBarmanCloud.podLabels` | Extra labels for plugin-barman-cloud pods | `{}` |
| `pluginBarmanCloud.podAnnotations` | Annotations for plugin-barman-cloud pods | `{}` |
| `pluginBarmanCloud.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `pluginBarmanCloud.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `pluginBarmanCloud.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
| `pluginBarmanCloud.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
| `pluginBarmanCloud.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
| `pluginBarmanCloud.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `pluginBarmanCloud.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `pluginBarmanCloud.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `pluginBarmanCloud.affinity` | Affinity for plugin-barman-cloud pods assignment | `{}` |
| `pluginBarmanCloud.nodeSelector` | Node labels for plugin-barman-cloud pods assignment | `{}` |
| `pluginBarmanCloud.tolerations` | Tolerations for plugin-barman-cloud pods assignment | `[]` |
| `pluginBarmanCloud.updateStrategy.type` | plugin-barman-cloud statefulset strategy type | `RollingUpdate` |
| `pluginBarmanCloud.priorityClassName` | plugin-barman-cloud pods' priorityClassName | `""` |
| `pluginBarmanCloud.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `pluginBarmanCloud.schedulerName` | Name of the k8s scheduler (other than default) for plugin-barman-cloud pods | `""` |
| `pluginBarmanCloud.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
| `pluginBarmanCloud.lifecycleHooks` | for the plugin-barman-cloud container(s) to automate configuration before or after startup | `{}` |
| `pluginBarmanCloud.extraEnvVars` | Array with extra environment variables to add to plugin-barman-cloud nodes | `[]` |
| `pluginBarmanCloud.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for plugin-barman-cloud nodes | `""` |
| `pluginBarmanCloud.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for plugin-barman-cloud nodes | `""` |
| `pluginBarmanCloud.extraVolumes` | Optionally specify extra list of additional volumes for the plugin-barman-cloud pod(s) | `[]` |
| `pluginBarmanCloud.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the plugin-barman-cloud container(s) | `[]` |
| `pluginBarmanCloud.sidecars` | Add additional sidecar containers to the plugin-barman-cloud pod(s) | `[]` |
| `pluginBarmanCloud.initContainers` | Add additional init containers to the plugin-barman-cloud pod(s) | `[]` |
### TLS/SSL parameters
| Name | Description | Value |
| -------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `pluginBarmanCloud.tls.server.existingSecret` | Existing secret that contains TLS certificates for the server | `""` |
| `pluginBarmanCloud.tls.server.cert` | TLS certificate. Ignored if `pluginBarmanCloud.tls.server.existingSecret` is set | `""` |
| `pluginBarmanCloud.tls.server.key` | TLS key. Ignored if `pluginBarmanCloud.tls.server.existingSecret` is set | `""` |
| `pluginBarmanCloud.tls.client.existingSecret` | Existing secret that contains TLS certificates for the client | `""` |
| `pluginBarmanCloud.tls.client.cert` | TLS certificate. Ignored if `pluginBarmanCloud.tls.client.existingSecret` is set | `""` |
| `pluginBarmanCloud.tls.client.key` | TLS key. Ignored if `pluginBarmanCloud.tls.client.existingSecret` is set | `""` |
| `pluginBarmanCloud.tls.autoGenerated.enabled` | Enable automatic generation of certificates for TLS | `true` |
| `pluginBarmanCloud.tls.autoGenerated.engine` | Mechanism to generate the certificates (allowed values: helm, cert-manager) | `helm` |
| `pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuer` | The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine) | `""` |
| `pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuerKind` | Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine) | `""` |
| `pluginBarmanCloud.tls.autoGenerated.certManager.keyAlgorithm` | Key algorithm for the certificates (only for `cert-manager` engine) | `RSA` |
| `pluginBarmanCloud.tls.autoGenerated.certManager.keySize` | Key size for the certificates (only for `cert-manager` engine) | `2048` |
| `pluginBarmanCloud.tls.autoGenerated.certManager.duration` | Duration for the certificates (only for `cert-manager` engine) | `2160h` |
| `pluginBarmanCloud.tls.autoGenerated.certManager.renewBefore` | Renewal period for the certificates (only for `cert-manager` engine) | `360h` |
| `pluginBarmanCloud.autoscaling.vpa.enabled` | Enable VPA | `false` |
| `pluginBarmanCloud.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
| `pluginBarmanCloud.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
| `pluginBarmanCloud.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
| `pluginBarmanCloud.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
| `pluginBarmanCloud.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
| `pluginBarmanCloud.autoscaling.hpa.enabled` | Enable autoscaling for | `false` |
| `pluginBarmanCloud.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` |
| `pluginBarmanCloud.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` |
| `pluginBarmanCloud.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
| `pluginBarmanCloud.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
### plugin-barman-cloud Traffic Exposure Parameters
| Name | Description | Value |
| --------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ----------- |
| `pluginBarmanCloud.service.type` | plugin-barman-cloud service type | `ClusterIP` |
| `pluginBarmanCloud.service.ports.grpc` | plugin-barman-cloud service webhook port | `9090` |
| `pluginBarmanCloud.service.nodePorts.grpc` | Node port for webhook | `""` |
| `pluginBarmanCloud.service.clusterIP` | plugin-barman-cloud service Cluster IP | `""` |
| `pluginBarmanCloud.service.loadBalancerIP` | plugin-barman-cloud service Load Balancer IP | `""` |
| `pluginBarmanCloud.service.loadBalancerSourceRanges` | plugin-barman-cloud service Load Balancer sources | `[]` |
| `pluginBarmanCloud.service.externalTrafficPolicy` | plugin-barman-cloud service external traffic policy | `Cluster` |
| `pluginBarmanCloud.service.labels` | Labels for the service | `{}` |
| `pluginBarmanCloud.service.annotations` | Additional custom annotations for plugin-barman-cloud service | `{}` |
| `pluginBarmanCloud.service.extraPorts` | Extra ports to expose in plugin-barman-cloud service (normally used with the `sidecars` value) | `[]` |
| `pluginBarmanCloud.service.sessionAffinity` | Control where web requests go, to the same pod or round-robin | `None` |
| `pluginBarmanCloud.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `pluginBarmanCloud.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `pluginBarmanCloud.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` |
| `pluginBarmanCloud.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `pluginBarmanCloud.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `pluginBarmanCloud.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `pluginBarmanCloud.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `pluginBarmanCloud.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `pluginBarmanCloud.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### plugin-barman-cloud RBAC Parameters
| Name | Description | Value |
| --------------------------------------------------------------- | ---------------------------------------------------------------- | ------- |
| `pluginBarmanCloud.rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `pluginBarmanCloud.rbac.rules` | Custom RBAC rules to set | `[]` |
| `pluginBarmanCloud.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `pluginBarmanCloud.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `pluginBarmanCloud.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` |
| `pluginBarmanCloud.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
### plugin-barman-cloud Metrics Parameters
| Name | Description | Value |
| ------------------------------------------------------------ | --------------------------------------------------------------------------------------------- | ------- |
| `pluginBarmanCloud.metrics.enabled` | Enable the export of Prometheus metrics | `false` |
| `pluginBarmanCloud.metrics.allowedServiceAccounts` | Configure the allowed ServiceAccounts (with their namespace) to access the metrics endpoint | `[]` |
| `pluginBarmanCloud.metrics.service.ports.metrics` | Meetrics service port | `80` |
| `pluginBarmanCloud.metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `pluginBarmanCloud.metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `pluginBarmanCloud.metrics.service.labels` | Labels for the metrics service | `{}` |
| `pluginBarmanCloud.metrics.service.annotations` | Annotations for the metrics service | `{}` |
| `pluginBarmanCloud.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
| `pluginBarmanCloud.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
| `pluginBarmanCloud.metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` |
| `pluginBarmanCloud.metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `pluginBarmanCloud.metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` |
| `pluginBarmanCloud.metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `pluginBarmanCloud.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `pluginBarmanCloud.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `pluginBarmanCloud.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
| `pluginBarmanCloud.metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
| `pluginBarmanCloud.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
The above parameters map to the env variables defined in [bitnami/cloudnative-pg](https://github.com/bitnami/containers/tree/main/bitnami/cloudnative-pg). For more information please refer to the [bitnami/cloudnative-pg](https://github.com/bitnami/containers/tree/main/bitnami/cloudnative-pg) image documentation.
@@ -373,11 +572,11 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
helm install my-release \
--set apiserver.enabled=true \
--set pluginBarmanCloud.enabled=true \
REGISTRY_NAME/REPOSITORY_NAME/cloudnative-pg
```
The above command enables the cloudnative-pg API Server.
The above command enables the Barman Cloud Plugin.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
@@ -390,6 +589,17 @@ helm install my-release -f values.yaml REGISTRY_NAME/REPOSITORY_NAME/cloudnative
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/cloudnative-pg/values.yaml)
## Upgrading
### To 1.0.0
This version performs a major refactor of the chart values to include the `plugin-barman-cloud` component:
- All the CloudNativePG settings have been moved to the `operator.*` section.
- It includes a section `pluginBarmanCloud.*` section with all the parameters for the `plugin-barman-cloud` deployment. It is enabled by default.
No major issues are expected during upgrades, assuming that the all the parameter references have been migrated to the new structure.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).

631
bitnami/cloudnative-pg/crds/barmancloud.cnpg.io_objectstores.yaml Normal file
View File

@@ -0,0 +1,631 @@
# Source: https://raw.githubusercontent.com/cloudnative-pg/plugin-barman-cloud/refs/tags/v{version}/config/crd/bases/barmancloud.cnpg.io_objectstores.yaml
# Version: 0.5.0
# VersionOf: plugin-barman-cloud
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.18.0
name: objectstores.barmancloud.cnpg.io
spec:
group: barmancloud.cnpg.io
names:
kind: ObjectStore
listKind: ObjectStoreList
plural: objectstores
singular: objectstore
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ObjectStore is the Schema for the objectstores API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of the desired behavior of the ObjectStore.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
configuration:
description: The configuration for the barman-cloud tool suite
properties:
azureCredentials:
description: The credentials to use to upload data to Azure Blob
Storage
properties:
connectionString:
description: The connection string to be used
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromAzureAD:
description: Use the Azure AD based authentication without
providing explicitly the keys.
type: boolean
storageAccount:
description: The storage account where to upload data
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageKey:
description: |-
The storage account key to be used in conjunction
with the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageSasToken:
description: |-
A shared-access-signature to be used in conjunction with
the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
data:
description: |-
The configuration to be used to backup the data files
When not defined, base backups files will be stored uncompressed and may
be unencrypted in the object store, according to the bucket default
policy.
properties:
additionalCommandArgs:
description: |-
AdditionalCommandArgs represents additional arguments that can be appended
to the 'barman-cloud-backup' command-line invocation. These arguments
provide flexibility to customize the backup process further according to
specific requirements or configurations.
Example:
In a scenario where specialized backup options are required, such as setting
a specific timeout or defining custom behavior, users can use this field
to specify additional command arguments.
Note:
It's essential to ensure that the provided arguments are valid and supported
by the 'barman-cloud-backup' command, to avoid potential errors or unintended
behavior during execution.
items:
type: string
type: array
compression:
description: |-
Compress a backup file (a tar file per tablespace) while streaming it
to the object store. Available options are empty string (no
compression, default), `gzip`, `bzip2`, and `snappy`.
enum:
- bzip2
- gzip
- snappy
type: string
encryption:
description: |-
Whenever to force the encryption of files (if the bucket is
not already configured for that).
Allowed options are empty string (use the bucket policy, default),
`AES256` and `aws:kms`
enum:
- AES256
- aws:kms
type: string
immediateCheckpoint:
description: |-
Control whether the I/O workload for the backup initial checkpoint will
be limited, according to the `checkpoint_completion_target` setting on
the PostgreSQL server. If set to true, an immediate checkpoint will be
used, meaning PostgreSQL will complete the checkpoint as soon as
possible. `false` by default.
type: boolean
jobs:
description: |-
The number of parallel jobs to be used to upload the backup, defaults
to 2
format: int32
minimum: 1
type: integer
type: object
destinationPath:
description: |-
The path where to store the backup (i.e. s3://bucket/path/to/folder)
this path, with different destination folders, will be used for WALs
and for data
minLength: 1
type: string
endpointCA:
description: |-
EndpointCA store the CA bundle of the barman endpoint.
Useful when using self-signed certificates to avoid
errors with certificate issuer and barman-cloud-wal-archive
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
endpointURL:
description: |-
Endpoint to be used to upload data to the cloud,
overriding the automatic endpoint discovery
type: string
googleCredentials:
description: The credentials to use to upload data to Google Cloud
Storage
properties:
applicationCredentials:
description: The secret containing the Google Cloud Storage
JSON file with the credentials
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
gkeEnvironment:
description: |-
If set to true, will presume that it's running inside a GKE environment,
default to false.
type: boolean
type: object
historyTags:
additionalProperties:
type: string
description: |-
HistoryTags is a list of key value pairs that will be passed to the
Barman --history-tags option.
type: object
s3Credentials:
description: The credentials to use to upload data to S3
properties:
accessKeyId:
description: The reference to the access key id
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromIAMRole:
description: Use the role based authentication without providing
explicitly the keys.
type: boolean
region:
description: The reference to the secret containing the region
name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
secretAccessKey:
description: The reference to the secret access key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
sessionToken:
description: The references to the session key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
serverName:
description: |-
The server name on S3, the cluster name is used if this
parameter is omitted
type: string
tags:
additionalProperties:
type: string
description: |-
Tags is a list of key value pairs that will be passed to the
Barman --tags option.
type: object
wal:
description: |-
The configuration for the backup of the WAL stream.
When not defined, WAL files will be stored uncompressed and may be
unencrypted in the object store, according to the bucket default policy.
properties:
archiveAdditionalCommandArgs:
description: |-
Additional arguments that can be appended to the 'barman-cloud-wal-archive'
command-line invocation. These arguments provide flexibility to customize
the WAL archive process further, according to specific requirements or configurations.
Example:
In a scenario where specialized backup options are required, such as setting
a specific timeout or defining custom behavior, users can use this field
to specify additional command arguments.
Note:
It's essential to ensure that the provided arguments are valid and supported
by the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended
behavior during execution.
items:
type: string
type: array
compression:
description: |-
Compress a WAL file before sending it to the object store. Available
options are empty string (no compression, default), `gzip`, `bzip2`,
`lz4`, `snappy`, `xz`, and `zstd`.
enum:
- bzip2
- gzip
- lz4
- snappy
- xz
- zstd
type: string
encryption:
description: |-
Whenever to force the encryption of files (if the bucket is
not already configured for that).
Allowed options are empty string (use the bucket policy, default),
`AES256` and `aws:kms`
enum:
- AES256
- aws:kms
type: string
maxParallel:
description: |-
Number of WAL files to be either archived in parallel (when the
PostgreSQL instance is archiving to a backup object store) or
restored in parallel (when a PostgreSQL standby is fetching WAL
files from a recovery object store). If not specified, WAL files
will be processed one at a time. It accepts a positive integer as a
value - with 1 being the minimum accepted value.
minimum: 1
type: integer
restoreAdditionalCommandArgs:
description: |-
Additional arguments that can be appended to the 'barman-cloud-wal-restore'
command-line invocation. These arguments provide flexibility to customize
the WAL restore process further, according to specific requirements or configurations.
Example:
In a scenario where specialized backup options are required, such as setting
a specific timeout or defining custom behavior, users can use this field
to specify additional command arguments.
Note:
It's essential to ensure that the provided arguments are valid and supported
by the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended
behavior during execution.
items:
type: string
type: array
type: object
required:
- destinationPath
type: object
x-kubernetes-validations:
- fieldPath: .serverName
message: use the 'serverName' plugin parameter in the Cluster resource
reason: FieldValueForbidden
rule: '!has(self.serverName)'
instanceSidecarConfiguration:
description: The configuration for the sidecar that runs in the instance
pods
properties:
env:
description: The environment to be explicitly passed to the sidecar
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
resources:
description: Resources define cpu/memory requests and limits for
the sidecar that runs in the instance pods.
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
request:
description: |-
Request is the name chosen for a request in the referenced claim.
If empty, everything from the claim is made available, otherwise
only the result of this request.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
retentionPolicyIntervalSeconds:
default: 1800
description: |-
The retentionCheckInterval defines the frequency at which the
system checks and enforces retention policies.
type: integer
type: object
retentionPolicy:
description: |-
RetentionPolicy is the retention policy to be used for backups
and WALs (i.e. '60d'). The retention policy is expressed in the form
of `XXu` where `XX` is a positive integer and `u` is in `[dwm]` -
days, weeks, months.
pattern: ^[1-9][0-9]*[dwm]$
type: string
required:
- configuration
type: object
status:
description: |-
Most recently observed status of the ObjectStore. This data may not be up to
date. Populated by the system. Read-only.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
serverRecoveryWindow:
additionalProperties:
description: |-
RecoveryWindow represents the time span between the first
recoverability point and the last successful backup of a PostgreSQL
server, defining the period during which data can be restored.
properties:
firstRecoverabilityPoint:
description: |-
The first recoverability point in a PostgreSQL server refers to
the earliest point in time to which the database can be
restored.
format: date-time
type: string
lastSuccussfulBackupTime:
description: The last successful backup time
format: date-time
type: string
type: object
description: ServerRecoveryWindow maps each server to its recovery
window
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

18
bitnami/cloudnative-pg/templates/NOTES.txt
View File

@@ -14,15 +14,15 @@ Check the cloudnative-pg documentation for instructions on how to deploy Cluster
https://cloudnative-pg.io/docs/
{{- if .Values.rbac.create }}
{{- if .Values.watchAllNamespaces }}
{{- if .Values.operator.rbac.create }}
{{- if .Values.operator.watchAllNamespaces }}
WARNING: CloudNative-PG can access all secrets in the cluster. This could pose a security risk if the application gets compromised.
You can limit allowed namespaces by setting watchAllNamespaces = false and configuring watchNamespaces
{{- else }}
CloudNative-PG can ONLY access resources in the following namespaces:
{{ $namespaces := .Values.watchNamespaces | default (list (include "common.names.namespace" .)) }}
{{ $namespaces := .Values.operator.watchNamespaces | default (list (include "common.names.namespace" .)) }}
{{- range $namespace := $namespaces }}
- {{ $namespace }}
{{- end }}
@@ -32,9 +32,11 @@ CloudNative-PG won't be able to access resources in other namespaces. You can co
{{- end }}
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.postgresqlImage }}
{{- include "common.warnings.rollingTag" .Values.operator.image }}
{{- include "common.warnings.rollingTag" .Values.operator.postgresqlImage }}
{{- include "common.warnings.rollingTag" .Values.pluginBarmanCloud.image }}
{{- include "common.warnings.rollingTag" .Values.pluginBarmanCloud.sidecarImage }}
{{- include "cloudnative-pg.validateValues" . }}
{{- include "common.warnings.resources" (dict "sections" (list "") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.postgresqlImage .Values.image) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.postgresqlImage .Values.image) "context" $) }}
{{- include "common.warnings.resources" (dict "sections" (list "operator" "pluginBarmanCloud") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.operator.postgresqlImage .Values.operator.image .Values.pluginBarmanCloud.image .Values.pluginBarmanCloud.sidecarImage) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.operator.postgresqlImage .Values.operator.image .Values.pluginBarmanCloud.image .Values.pluginBarmanCloud.sidecarImage) "context" $) }}

130
bitnami/cloudnative-pg/templates/_helpers.tpl
View File

@@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "cloudnative-pg.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.postgresqlImage ) "global" .Values.global) -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.operator.image .Values.operator.postgresqlImage .Values.pluginBarmanCloud.image .Values.pluginBarmanCloud.sidecarImage ) "global" .Values.global) -}}
{{- end -}}
{{/*
@@ -15,7 +15,7 @@ Return the proper Docker Image Registry Secret Name for the env var PULL_SECRET_
Note: This env var only allows one pull secret, so we will use the first one returned by common.images.pullSecrets
*/}}
{{- define "cloudnative-pg.operator.imagePullSecret" -}}
{{- $pullSecretsYaml := include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) | fromYaml -}}
{{- $pullSecretsYaml := include "common.images.pullSecrets" (dict "images" (list .Values.operator.image) "global" .Values.global) | fromYaml -}}
{{- if $pullSecretsYaml }}
{{- print (index $pullSecretsYaml.imagePullSecrets 0).name }}
{{- end -}}
@@ -25,32 +25,46 @@ Note: This env var only allows one pull secret, so we will use the first one ret
Return the proper cloudnative-pg Operator image name
*/}}
{{- define "cloudnative-pg.operator.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{ include "common.images.image" (dict "imageRoot" .Values.operator.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper PostgreSQL image name
*/}}
{{- define "cloudnative-pg.postgresql.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.postgresqlImage "global" .Values.global) }}
{{ include "common.images.image" (dict "imageRoot" .Values.operator.postgresqlImage "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Operator fullname
*/}}
{{- define "cloudnative-pg.operator.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "operator" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper Operator fullname with namespace
*/}}
{{- define "cloudnative-pg.operator.fullname.namespace" -}}
{{- printf "%s-%s" (include "common.names.fullname.namespace" .) "operator" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use (cloudnative-pg Operator)
*/}}
{{- define "cloudnative-pg.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- define "cloudnative-pg.operator.serviceAccountName" -}}
{{- if .Values.operator.serviceAccount.create -}}
{{ default (include "cloudnative-pg.operator.fullname" .) .Values.operator.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{ default "default" .Values.operator.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use (cloudnative-pg Operator)
*/}}
{{- define "cloudnative-pg.useConfigMap" -}}
{{- if or .Values.configuration .Values.existingConfigMap -}}
{{- define "cloudnative-pg.operator.useConfigMap" -}}
{{- if or .Values.operator.configuration .Values.operator.existingConfigMap -}}
{{- true -}}
{{- end -}}
{{- end -}}
@@ -58,8 +72,8 @@ Create the name of the service account to use (cloudnative-pg Operator)
{{/*
Create the name of the service account to use (cloudnative-pg Operator)
*/}}
{{- define "cloudnative-pg.useSecret" -}}
{{- if or .Values.secretConfiguration .Values.existingSecret -}}
{{- define "cloudnative-pg.operator.useSecret" -}}
{{- if or .Values.operator.secretConfiguration .Values.operator.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}
@@ -67,22 +81,94 @@ Create the name of the service account to use (cloudnative-pg Operator)
{{/*
Get the configuration secret.
*/}}
{{- define "cloudnative-pg.secretName" -}}
{{- if .Values.existingSecret -}}
{{- tpl .Values.existingSecret $ -}}
{{- define "cloudnative-pg.operator.secretName" -}}
{{- if .Values.operator.existingSecret -}}
{{- tpl .Values.operator.existingSecret $ -}}
{{- else }}
{{- include "common.names.fullname" . -}}
{{- include "cloudnative-pg.operator.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Get the monitoring queries secret or configmap.
*/}}
{{- define "cloudnative-pg.operator.monitoringQueriesName" -}}
{{- if .Values.operator.metrics.monitoringQueries.existingQueries -}}
{{- tpl .Values.operator.metrics.monitoringQueries.existingQueries $ -}}
{{- else }}
{{- printf "%s-monitoring-queries" (include "cloudnative-pg.operator.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Get the configuration configmap.
*/}}
{{- define "cloudnative-pg.configmapName" -}}
{{- if .Values.existingConfigMap -}}
{{- tpl .Values.existingConfigMap $ -}}
{{- define "cloudnative-pg.operator.configmapName" -}}
{{- if .Values.operator.existingConfigMap -}}
{{- tpl .Values.operator.existingConfigMap $ -}}
{{- else }}
{{- include "common.names.fullname" . -}}
{{- include "cloudnative-pg.operator.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Plugin Barman Cloud fullname
*/}}
{{- define "cloudnative-pg.plugin-barman-cloud.fullname" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) "plugin-barman-cloud" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper cloudnative-pg Operator image name
*/}}
{{- define "cloudnative-pg.plugin-barman-cloud.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.pluginBarmanCloud.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper PostgreSQL image name
*/}}
{{- define "cloudnative-pg.plugin-barman-cloud.sidecar.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.pluginBarmanCloud.sidecarImage "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Plugin Barman Cloud fullname with namespace
*/}}
{{- define "cloudnative-pg.plugin-barman-cloud.fullname.namespace" -}}
{{- printf "%s-%s" (include "common.names.fullname.namespace" .) "plugin-barman-cloud" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper Plugin Barman Cloud client secret
*/}}
{{- define "cloudnative-pg.plugin-barman-cloud.tlsClientSecretName" -}}
{{- if .Values.pluginBarmanCloud.tls.client.existingSecret -}}
{{- tpl .Values.pluginBarmanCloud.tls.client.existingSecret $ -}}
{{- else -}}
{{- printf "%s-client-crt" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Plugin Barman Cloud server secret
*/}}
{{- define "cloudnative-pg.plugin-barman-cloud.tlsServerSecretName" -}}
{{- if .Values.pluginBarmanCloud.tls.server.existingSecret -}}
{{- tpl .Values.pluginBarmanCloud.tls.server.existingSecret $ -}}
{{- else -}}
{{- printf "%s-server-crt" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use (cloudnative-pg Plugin Barman Cloud)
*/}}
{{- define "cloudnative-pg.plugin-barman-cloud.serviceAccountName" -}}
{{- if .Values.pluginBarmanCloud.serviceAccount.create -}}
{{ default (include "cloudnative-pg.plugin-barman-cloud.fullname" .) .Values.pluginBarmanCloud.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.pluginBarmanCloud.serviceAccount.name }}
{{- end -}}
{{- end -}}
@@ -104,7 +190,7 @@ Validate values for cloudnative-pg.
Function to validate the configmap settings
*/}}
{{- define "cloudnative-pg.validateValues.configmap" -}}
{{- if and .Values.configuration .Values.existingConfigMap -}}
{{- if and .Values.operator.configuration .Values.operator.existingConfigMap -}}
cloudnative-pg: Cannot specify configuration and existingConfigMap at the same time
{{- end -}}
{{- end -}}
@@ -113,7 +199,7 @@ cloudnative-pg: Cannot specify configuration and existingConfigMap at the same t
Function to validate the secret settings
*/}}
{{- define "cloudnative-pg.validateValues.secret" -}}
{{- if and .Values.secretConfiguration .Values.existingSecret -}}
{{- if and .Values.operator.secretConfiguration .Values.operator.existingSecret -}}
cloudnative-pg: Cannot specify secretConfiguration and existingSecret at the same time
{{- end -}}
{{- end -}}

210
bitnami/cloudnative-pg/templates/deployment.yaml
View File

@@ -1,210 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.autoscaling.hpa.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
template:
metadata:
{{- if or .Values.podAnnotations (include "cloudnative-pg.useConfigMap" .) (include "cloudnative-pg.useSecret" .) }}
annotations:
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if (include "cloudnative-pg.useConfigMap" .) }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if (include "cloudnative-pg.useSecret" .)}}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
spec:
serviceAccountName: {{ template "cloudnative-pg.serviceAccountName" . }}
{{- include "cloudnative-pg.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "operator" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "operator" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.initContainers }}
initContainers:
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: cloudnative-pg
image: {{ template "cloudnative-pg.operator.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- else }}
args:
- controller
- --leader-elect
- --max-concurrent-reconciles={{ .Values.maxConcurrentReconciles }}
{{- if (include "cloudnative-pg.useConfigMap" .) }}
- --config-map-name= {{ include "cloudnative-pg.configmapName" .}}
{{- end }}
{{- if (include "cloudnative-pg.useSecret" .) }}
- --secret-name= {{ include "cloudnative-pg.secretName" .}}
{{- end }}
- --webhook-port={{ .Values.containerPorts.webhook }}
- --metrics-bind-address=:{{ .Values.containerPorts.metrics }}
{{- if .Values.image.debug }}
- --log-level=debug
{{- end }}
{{- end }}
env:
- name: OPERATOR_IMAGE_NAME
value: {{ include "cloudnative-pg.operator.image" . | quote }}
- name: POSTGRES_IMAGE_NAME
value: {{ include "cloudnative-pg.postgresql.image" . }}
{{- if (include "cloudnative-pg.operator.imagePullSecret" .) }}
- name: PULL_SECRET_NAME
value: {{ include "cloudnative-pg.operator.imagePullSecret" . | quote }}
{{- end }}
{{- if not .Values.watchAllNamespaces }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.watchNamespaces }}
- name: WATCH_NAMESPACE
value: {{ join "," $watchNamespaces | quote }}
{{- end }}
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.containerPorts.metrics }}
- name: http-webhook
containerPort: {{ .Values.containerPorts.webhook }}
{{- if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
{{- /* Not using http-webhook because it adds noise in the logs */}}
port: http-metrics
{{- end }}
{{- if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: http-webhook
scheme: HTTPS
{{- end }}
{{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: http-webhook
scheme: HTTPS
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
# Paths hardcoded in source code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
- name: empty-dir
mountPath: /controller
subPath: tmp-dir
- mountPath: /run/secrets/cnpg.io/webhook
name: webhook-certificates
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
# Hardcoded in source code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
- name: webhook-certificates
secret:
defaultMode: 420
optional: true
secretName: cnpg-webhook-cert
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}

8
bitnami/cloudnative-pg/templates/clusterrolebinding.yaml → bitnami/cloudnative-pg/templates/operator/clusterrolebinding.yaml
View File

@@ -3,11 +3,11 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.rbac.create }}
{{- if .Values.operator.rbac.create }}
kind: ClusterRoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ include "common.names.fullname.namespace" . }}
name: {{ include "cloudnative-pg.operator.fullname.namespace" . }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
@@ -17,9 +17,9 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "common.names.fullname.namespace" . }}
name: {{ include "cloudnative-pg.operator.fullname.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ template "cloudnative-pg.serviceAccountName" . }}
name: {{ template "cloudnative-pg.operator.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end }}

10
bitnami/cloudnative-pg/templates/clusterroles.yaml → bitnami/cloudnative-pg/templates/operator/clusterroles.yaml
View File

@@ -3,11 +3,11 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.rbac.create }}
{{- if .Values.operator.rbac.create }}
kind: ClusterRole
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ include "common.names.fullname.namespace" . }}
name: {{ include "cloudnative-pg.operator.fullname.namespace" . }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
@@ -39,7 +39,7 @@ rules:
- get
- list
- watch
{{- if .Values.watchAllNamespaces }}
{{- if .Values.operator.watchAllNamespaces }}
- apiGroups:
- ""
resources:
@@ -232,7 +232,7 @@ rules:
- patch
- watch
{{- end }}
{{- if .Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
{{- if .Values.operator.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.operator.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}
{{- end }}

6
bitnami/cloudnative-pg/templates/configmap.yaml → bitnami/cloudnative-pg/templates/operator/configmap.yaml
View File

@@ -3,11 +3,11 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.configuration (not .Values.existingConfigMap) }}
{{- if and .Values.operator.configuration (not .Values.operator.existingConfigMap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
name: {{ include "cloudnative-pg.operator.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
@@ -15,5 +15,5 @@ metadata:
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data: {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 2 }}
data: {{- include "common.tplvalues.render" (dict "value" .Values.operator.configuration "context" $) | nindent 2 }}
{{- end }}

220
bitnami/cloudnative-pg/templates/operator/deployment.yaml Normal file
View File

@@ -0,0 +1,220 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "cloudnative-pg.operator.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.operator.autoscaling.hpa.enabled }}
replicas: {{ .Values.operator.replicaCount }}
{{- end }}
{{- if .Values.operator.updateStrategy }}
strategy: {{- toYaml .Values.operator.updateStrategy | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.podLabels .Values.commonLabels) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
template:
metadata:
{{- if or .Values.operator.podAnnotations (include "cloudnative-pg.operator.useConfigMap" .) (include "cloudnative-pg.operator.useSecret" .) }}
annotations:
{{- if .Values.operator.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.operator.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if (include "cloudnative-pg.operator.useConfigMap" .) }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if (include "cloudnative-pg.operator.useSecret" .)}}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
spec:
serviceAccountName: {{ template "cloudnative-pg.operator.serviceAccountName" . }}
{{- include "cloudnative-pg.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.operator.automountServiceAccountToken }}
{{- if .Values.operator.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.operator.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.operator.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.operator.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.operator.podAffinityPreset "component" "operator" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.operator.podAntiAffinityPreset "component" "operator" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.operator.nodeAffinityPreset.type "key" .Values.operator.nodeAffinityPreset.key "values" .Values.operator.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.operator.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.operator.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.operator.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.operator.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.operator.priorityClassName }}
priorityClassName: {{ .Values.operator.priorityClassName | quote }}
{{- end }}
{{- if .Values.operator.schedulerName }}
schedulerName: {{ .Values.operator.schedulerName | quote }}
{{- end }}
{{- if .Values.operator.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.operator.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.operator.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.operator.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.operator.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.operator.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.operator.initContainers }}
initContainers:
{{- include "common.tplvalues.render" (dict "value" .Values.operator.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: cloudnative-pg
image: {{ template "cloudnative-pg.operator.image" . }}
imagePullPolicy: {{ .Values.operator.image.pullPolicy }}
{{- if .Values.operator.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.operator.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.operator.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.operator.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.operator.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.operator.args "context" $) | nindent 12 }}
{{- else }}
args:
- controller
- --leader-elect
- --max-concurrent-reconciles={{ .Values.operator.maxConcurrentReconciles }}
{{- if (include "cloudnative-pg.operator.useConfigMap" .) }}
- --config-map-name={{ include "cloudnative-pg.operator.configmapName" .}}
{{- end }}
{{- if (include "cloudnative-pg.operator.useSecret" .) }}
- --secret-name={{ include "cloudnative-pg.operator.secretName" .}}
{{- end }}
- --webhook-port={{ .Values.operator.containerPorts.webhook }}
- --metrics-bind-address=:{{ .Values.operator.containerPorts.metrics }}
{{- if .Values.operator.image.debug }}
- --log-level=trace
{{- end }}
{{- if .Values.operator.extraArgs }}
{{- include "common.tplvalues.render" (dict "value" .Values.operator.extraArgs "context" $) | nindent 12 }}
{{- end }}
{{- end }}
env:
- name: OPERATOR_IMAGE_NAME
value: {{ include "cloudnative-pg.operator.image" . | quote }}
- name: POSTGRES_IMAGE_NAME
value: {{ include "cloudnative-pg.postgresql.image" . }}
{{- if (include "cloudnative-pg.operator.imagePullSecret" .) }}
- name: PULL_SECRET_NAME
value: {{ include "cloudnative-pg.operator.imagePullSecret" . | quote }}
{{- end }}
{{- if .Values.operator.metrics.enabled }}
- name: {{ ternary "MONITORING_QUERIES_SECRET" "MONITORING_QUERIES_CONFIGMAP" .Values.operator.metrics.monitoringQueries.useSecret }}
value: {{ include "cloudnative-pg.operator.monitoringQueriesName" . | quote }}
{{- end }}
{{- if not .Values.operator.watchAllNamespaces }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.operator.watchNamespaces }}
- name: WATCH_NAMESPACE
value: {{ join "," $watchNamespaces | quote }}
{{- end }}
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.operator.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.operator.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.operator.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.operator.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.operator.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.operator.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.operator.resources }}
resources: {{- toYaml .Values.operator.resources | nindent 12 }}
{{- else if ne .Values.operator.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.operator.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.operator.containerPorts.metrics }}
- name: http-webhook
containerPort: {{ .Values.operator.containerPorts.webhook }}
{{- if .Values.operator.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.operator.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.operator.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.operator.livenessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
{{- /* Not using http-webhook because it adds noise in the logs */}}
port: http-metrics
{{- end }}
{{- if .Values.operator.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.operator.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.operator.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.operator.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: http-webhook
scheme: HTTPS
{{- end }}
{{- if .Values.operator.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.operator.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.operator.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.operator.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: http-webhook
scheme: HTTPS
{{- end }}
{{- if .Values.operator.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.operator.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
# Paths hardcoded in source code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
- name: empty-dir
mountPath: /controller
subPath: tmp-dir
- name: empty-dir
mountPath: /plugins
subPath: plugins-dir
- mountPath: /run/secrets/cnpg.io/webhook
name: webhook-certificates
{{- if .Values.operator.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.operator.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.operator.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.operator.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
# Hardcoded in source code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
- name: webhook-certificates
secret:
defaultMode: 420
optional: true
secretName: cnpg-webhook-cert
{{- if .Values.operator.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.operator.extraVolumes "context" $) | nindent 8 }}
{{- end }}

17
bitnami/cloudnative-pg/templates/hpa.yaml → bitnami/cloudnative-pg/templates/operator/hpa.yaml
View File

@@ -3,12 +3,11 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.autoscaling.hpa.enabled }}
{{- if .Values.operator.autoscaling.hpa.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -17,24 +16,24 @@ spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ template "common.names.fullname" . }}
minReplicas: {{ .Values.autoscaling.hpa.minReplicas }}
maxReplicas: {{ .Values.autoscaling.hpa.maxReplicas }}
name: {{ template "cloudnative-pg.operator.fullname" . }}
minReplicas: {{ .Values.operator.autoscaling.hpa.minReplicas }}
maxReplicas: {{ .Values.operator.autoscaling.hpa.maxReplicas }}
metrics:
{{- if .Values.autoscaling.hpa.targetCPU }}
{{- if .Values.operator.autoscaling.hpa.targetCPU }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.hpa.targetCPU }}
averageUtilization: {{ .Values.operator.autoscaling.hpa.targetCPU }}
{{- end }}
{{- if .Values.autoscaling.hpa.targetMemory }}
{{- if .Values.operator.autoscaling.hpa.targetMemory }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.hpa.targetMemory }}
averageUtilization: {{ .Values.operator.autoscaling.hpa.targetMemory }}
{{- end }}
{{- end }}

18
bitnami/cloudnative-pg/templates/metrics-service.yaml → bitnami/cloudnative-pg/templates/operator/metrics-service.yaml
View File

@@ -3,28 +3,28 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.metrics.enabled }}
{{- if .Values.operator.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
name: {{ printf "%s-metrics" (include "cloudnative-pg.operator.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels .Values.metrics.service.labels) "context" . ) }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels .Values.operator.metrics.service.labels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- $defaultAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" (.Values.metrics.service.ports.metrics | quote) "prometheus.io/path" "/metrics" }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list $defaultAnnotations .Values.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
{{- $defaultAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" (.Values.operator.metrics.service.ports.metrics | quote) "prometheus.io/path" "/metrics" }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list $defaultAnnotations .Values.operator.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}
{{- if .Values.metrics.service.clusterIP }}
clusterIP: {{ .Values.metrics.service.clusterIP }}
sessionAffinity: {{ .Values.operator.metrics.service.sessionAffinity }}
{{- if .Values.operator.metrics.service.clusterIP }}
clusterIP: {{ .Values.operator.metrics.service.clusterIP }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.metrics.service.ports.metrics }}
port: {{ .Values.operator.metrics.service.ports.metrics }}
protocol: TCP
targetPort: http-metrics
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}

509
bitnami/cloudnative-pg/templates/operator/monitoring-queries.yaml Normal file
View File

@@ -0,0 +1,509 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* Adding the helper here for better readability */}}
{{/* Rules taken from https://github.com/cloudnative-pg/cloudnative-pg/blob/main/config/manager/default-monitoring.yaml#L2 */}}
{{- define "cloudnative-pg.operator.defaultMonitoringQueries" -}}
backends:
query: |
SELECT sa.datname
, sa.usename
, sa.application_name
, states.state
, COALESCE(sa.count, 0) AS total
, COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds
FROM ( VALUES ('active')
, ('idle')
, ('idle in transaction')
, ('idle in transaction (aborted)')
, ('fastpath function call')
, ('disabled')
) AS states(state)
LEFT JOIN (
SELECT datname
, state
, usename
, COALESCE(application_name, '') AS application_name
, COUNT(*)
, COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
FROM pg_catalog.pg_stat_activity
GROUP BY datname, state, usename, application_name
) sa ON states.state = sa.state
WHERE sa.usename IS NOT NULL
metrics:
- datname:
usage: "LABEL"
description: "Name of the database"
- usename:
usage: "LABEL"
description: "Name of the user"
- application_name:
usage: "LABEL"
description: "Name of the application"
- state:
usage: "LABEL"
description: "State of the backend"
- total:
usage: "GAUGE"
description: "Number of backends"
- max_tx_duration_seconds:
usage: "GAUGE"
description: "Maximum duration of a transaction in seconds"
backends_waiting:
query: |
SELECT count(*) AS total
FROM pg_catalog.pg_locks blocked_locks
JOIN pg_catalog.pg_locks blocking_locks
ON blocking_locks.locktype = blocked_locks.locktype
AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page
AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple
AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid
AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid
AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid
AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
AND blocking_locks.pid != blocked_locks.pid
JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
WHERE NOT blocked_locks.granted
metrics:
- total:
usage: "GAUGE"
description: "Total number of backends that are currently waiting on other queries"
pg_database:
query: |
SELECT datname
, pg_catalog.pg_database_size(datname) AS size_bytes
, pg_catalog.age(datfrozenxid) AS xid_age
, pg_catalog.mxid_age(datminmxid) AS mxid_age
FROM pg_catalog.pg_database
WHERE datallowconn
metrics:
- datname:
usage: "LABEL"
description: "Name of the database"
- size_bytes:
usage: "GAUGE"
description: "Disk space used by the database"
- xid_age:
usage: "GAUGE"
description: "Number of transactions from the frozen XID to the current one"
- mxid_age:
usage: "GAUGE"
description: "Number of multiple transactions (Multixact) from the frozen XID to the current one"
pg_postmaster:
query: |
SELECT EXTRACT(EPOCH FROM pg_postmaster_start_time) AS start_time
FROM pg_catalog.pg_postmaster_start_time()
metrics:
- start_time:
usage: "GAUGE"
description: "Time at which postgres started (based on epoch)"
pg_replication:
query: "SELECT CASE WHEN (
NOT pg_catalog.pg_is_in_recovery()
OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())
THEN 0
ELSE GREATEST (0,
EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
END AS lag,
pg_catalog.pg_is_in_recovery() AS in_recovery,
EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
(SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas"
metrics:
- lag:
usage: "GAUGE"
description: "Replication lag behind primary in seconds"
- in_recovery:
usage: "GAUGE"
description: "Whether the instance is in recovery"
- is_wal_receiver_up:
usage: "GAUGE"
description: "Whether the instance wal_receiver is up"
- streaming_replicas:
usage: "GAUGE"
description: "Number of streaming replicas connected to the instance"
pg_replication_slots:
query: |
SELECT slot_name,
slot_type,
database,
active,
(CASE pg_catalog.pg_is_in_recovery()
WHEN TRUE THEN pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_last_wal_receive_lsn(), restart_lsn)
ELSE pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn)
END) as pg_wal_lsn_diff
FROM pg_catalog.pg_replication_slots
WHERE NOT temporary
metrics:
- slot_name:
usage: "LABEL"
description: "Name of the replication slot"
- slot_type:
usage: "LABEL"
description: "Type of the replication slot"
- database:
usage: "LABEL"
description: "Name of the database"
- active:
usage: "GAUGE"
description: "Flag indicating whether the slot is active"
- pg_wal_lsn_diff:
usage: "GAUGE"
description: "Replication lag in bytes"
pg_stat_archiver:
query: |
SELECT archived_count
, failed_count
, COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival
, COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure
, COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time
, COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time
, COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
, COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
, EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
FROM pg_catalog.pg_stat_archiver
metrics:
- archived_count:
usage: "COUNTER"
description: "Number of WAL files that have been successfully archived"
- failed_count:
usage: "COUNTER"
description: "Number of failed attempts for archiving WAL files"
- seconds_since_last_archival:
usage: "GAUGE"
description: "Seconds since the last successful archival operation"
- seconds_since_last_failure:
usage: "GAUGE"
description: "Seconds since the last failed archival operation"
- last_archived_time:
usage: "GAUGE"
description: "Epoch of the last time WAL archiving succeeded"
- last_failed_time:
usage: "GAUGE"
description: "Epoch of the last time WAL archiving failed"
- last_archived_wal_start_lsn:
usage: "GAUGE"
description: "Archived WAL start LSN"
- last_failed_wal_start_lsn:
usage: "GAUGE"
description: "Last failed WAL LSN"
- stats_reset_time:
usage: "GAUGE"
description: "Time at which these statistics were last reset"
pg_stat_bgwriter:
runonserver: "<17.0.0"
query: |
SELECT checkpoints_timed
, checkpoints_req
, checkpoint_write_time
, checkpoint_sync_time
, buffers_checkpoint
, buffers_clean
, maxwritten_clean
, buffers_backend
, buffers_backend_fsync
, buffers_alloc
FROM pg_catalog.pg_stat_bgwriter
metrics:
- checkpoints_timed:
usage: "COUNTER"
description: "Number of scheduled checkpoints that have been performed"
- checkpoints_req:
usage: "COUNTER"
description: "Number of requested checkpoints that have been performed"
- checkpoint_write_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds"
- checkpoint_sync_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds"
- buffers_checkpoint:
usage: "COUNTER"
description: "Number of buffers written during checkpoints"
- buffers_clean:
usage: "COUNTER"
description: "Number of buffers written by the background writer"
- maxwritten_clean:
usage: "COUNTER"
description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers"
- buffers_backend:
usage: "COUNTER"
description: "Number of buffers written directly by a backend"
- buffers_backend_fsync:
usage: "COUNTER"
description: "Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)"
- buffers_alloc:
usage: "COUNTER"
description: "Number of buffers allocated"
pg_stat_bgwriter_17:
runonserver: ">=17.0.0"
name: pg_stat_bgwriter
query: |
SELECT buffers_clean
, maxwritten_clean
, buffers_alloc
, EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
FROM pg_catalog.pg_stat_bgwriter
metrics:
- buffers_clean:
usage: "COUNTER"
description: "Number of buffers written by the background writer"
- maxwritten_clean:
usage: "COUNTER"
description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers"
- buffers_alloc:
usage: "COUNTER"
description: "Number of buffers allocated"
- stats_reset_time:
usage: "GAUGE"
description: "Time at which these statistics were last reset"
pg_stat_checkpointer:
runonserver: ">=17.0.0"
query: |
SELECT num_timed AS checkpoints_timed
, num_requested AS checkpoints_req
, restartpoints_timed
, restartpoints_req
, restartpoints_done
, write_time
, sync_time
, buffers_written
, EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
FROM pg_catalog.pg_stat_checkpointer
metrics:
- checkpoints_timed:
usage: "COUNTER"
description: "Number of scheduled checkpoints that have been performed"
- checkpoints_req:
usage: "COUNTER"
description: "Number of requested checkpoints that have been performed"
- restartpoints_timed:
usage: "COUNTER"
description: "Number of scheduled restartpoints due to timeout or after a failed attempt to perform it"
- restartpoints_req:
usage: "COUNTER"
description: "Number of requested restartpoints that have been performed"
- restartpoints_done:
usage: "COUNTER"
description: "Number of restartpoints that have been performed"
- write_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are written to disk, in milliseconds"
- sync_time:
usage: "COUNTER"
description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are synchronized to disk, in milliseconds"
- buffers_written:
usage: "COUNTER"
description: "Number of buffers written during checkpoints and restartpoints"
- stats_reset_time:
usage: "GAUGE"
description: "Time at which these statistics were last reset"
pg_stat_database:
query: |
SELECT datname
, xact_commit
, xact_rollback
, blks_read
, blks_hit
, tup_returned
, tup_fetched
, tup_inserted
, tup_updated
, tup_deleted
, conflicts
, temp_files
, temp_bytes
, deadlocks
, blk_read_time
, blk_write_time
FROM pg_catalog.pg_stat_database
metrics:
- datname:
usage: "LABEL"
description: "Name of this database"
- xact_commit:
usage: "COUNTER"
description: "Number of transactions in this database that have been committed"
- xact_rollback:
usage: "COUNTER"
description: "Number of transactions in this database that have been rolled back"
- blks_read:
usage: "COUNTER"
description: "Number of disk blocks read in this database"
- blks_hit:
usage: "COUNTER"
description: "Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache)"
- tup_returned:
usage: "COUNTER"
description: "Number of rows returned by queries in this database"
- tup_fetched:
usage: "COUNTER"
description: "Number of rows fetched by queries in this database"
- tup_inserted:
usage: "COUNTER"
description: "Number of rows inserted by queries in this database"
- tup_updated:
usage: "COUNTER"
description: "Number of rows updated by queries in this database"
- tup_deleted:
usage: "COUNTER"
description: "Number of rows deleted by queries in this database"
- conflicts:
usage: "COUNTER"
description: "Number of queries canceled due to conflicts with recovery in this database"
- temp_files:
usage: "COUNTER"
description: "Number of temporary files created by queries in this database"
- temp_bytes:
usage: "COUNTER"
description: "Total amount of data written to temporary files by queries in this database"
- deadlocks:
usage: "COUNTER"
description: "Number of deadlocks detected in this database"
- blk_read_time:
usage: "COUNTER"
description: "Time spent reading data file blocks by backends in this database, in milliseconds"
- blk_write_time:
usage: "COUNTER"
description: "Time spent writing data file blocks by backends in this database, in milliseconds"
pg_stat_replication:
primary: true
query: |
SELECT usename
, COALESCE(application_name, '') AS application_name
, COALESCE(client_addr::text, '') AS client_addr
, COALESCE(client_port::text, '') AS client_port
, EXTRACT(EPOCH FROM backend_start) AS backend_start
, COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes
, pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes
, COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes
, COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds
, COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds
, COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds
FROM pg_catalog.pg_stat_replication
metrics:
- usename:
usage: "LABEL"
description: "Name of the replication user"
- application_name:
usage: "LABEL"
description: "Name of the application"
- client_addr:
usage: "LABEL"
description: "Client IP address"
- client_port:
usage: "LABEL"
description: "Client TCP port"
- backend_start:
usage: "COUNTER"
description: "Time when this process was started"
- backend_xmin_age:
usage: "COUNTER"
description: "The age of this standby's xmin horizon"
- sent_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location sent on this connection"
- write_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location written to disk by this standby server"
- flush_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location flushed to disk by this standby server"
- replay_diff_bytes:
usage: "GAUGE"
description: "Difference in bytes from the last write-ahead log location replayed into the database on this standby server"
- write_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written it"
- flush_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it"
- replay_lag_seconds:
usage: "GAUGE"
description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written, flushed and applied it"
pg_settings:
query: |
SELECT name,
CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END AS setting
FROM pg_catalog.pg_settings
WHERE vartype IN ('integer', 'real', 'bool')
ORDER BY 1
metrics:
- name:
usage: "LABEL"
description: "Name of the setting"
- setting:
usage: "GAUGE"
description: "Setting value"
pg_extensions:
query: |
SELECT
current_database() as datname,
name as extname,
default_version,
installed_version,
CASE
WHEN default_version = installed_version THEN 0
ELSE 1
END AS update_available
FROM pg_catalog.pg_available_extensions
WHERE installed_version IS NOT NULL
metrics:
- datname:
usage: "LABEL"
description: "Name of the database"
- extname:
usage: "LABEL"
description: "Extension name"
- default_version:
usage: "LABEL"
description: "Default version"
- installed_version:
usage: "LABEL"
description: "Installed version"
- update_available:
usage: "GAUGE"
description: "An update is available"
target_databases:
- '*'
{{- end }}
{{- if and .Values.operator.metrics.enabled (not .Values.operator.metrics.monitoringQueries.existingQueries) }}
apiVersion: v1
kind: {{ ternary "Secret" "ConfigMap" .Values.operator.metrics.monitoringQueries.useSecret }}
metadata:
name: {{ printf "%s-monitoring-queries" (include "cloudnative-pg.operator.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- /* Convert the default configuration and extra overrides */ -}}
{{- $defaultConfiguration := include "cloudnative-pg.operator.defaultMonitoringQueries" . | fromYaml -}}
{{- $overrideConfiguration := include "common.tplvalues.render" (dict "value" .Values.operator.metrics.monitoringQueries.overrideConfiguration "context" $) | fromYaml }}
{{ ternary "stringData" "data" .Values.operator.metrics.monitoringQueries.useSecret }}:
{{- /* Merge both maps and render the configuration */}}
queries: |
{{- mergeOverwrite $defaultConfiguration $overrideConfiguration | toYaml | nindent 4 }}
{{- end }}

14
bitnami/cloudnative-pg/templates/mutatingwebhookconfiguration.yaml → bitnami/cloudnative-pg/templates/operator/mutatingwebhookconfiguration.yaml
View File

@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.webhook.mutating.create }}
{{- if .Values.operator.webhook.mutating.create }}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
@@ -24,8 +24,8 @@ webhooks:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /mutate-postgresql-cnpg-io-v1-backup
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
port: {{ .Values.operator.service.ports.webhook }}
failurePolicy: {{ .Values.operator.webhook.mutating.failurePolicy }}
name: mbackup.cnpg.io
rules:
- apiGroups:
@@ -45,8 +45,8 @@ webhooks:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /mutate-postgresql-cnpg-io-v1-cluster
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
port: {{ .Values.operator.service.ports.webhook }}
failurePolicy: {{ .Values.operator.webhook.mutating.failurePolicy }}
name: mcluster.cnpg.io
rules:
- apiGroups:
@@ -66,8 +66,8 @@ webhooks:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /mutate-postgresql-cnpg-io-v1-scheduledbackup
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
port: {{ .Values.operator.service.ports.webhook }}
failurePolicy: {{ .Values.operator.webhook.mutating.failurePolicy }}
name: mscheduledbackup.cnpg.io
rules:
- apiGroups:

40
bitnami/cloudnative-pg/templates/networkpolicy.yaml → bitnami/cloudnative-pg/templates/operator/networkpolicy.yaml
View File

@@ -3,11 +3,11 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.networkPolicy.enabled }}
{{- if .Values.operator.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "common.names.fullname" . }}
name: {{ template "cloudnative-pg.operator.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: operator
@@ -16,7 +16,7 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
@@ -24,7 +24,7 @@ spec:
policyTypes:
- Ingress
- Egress
{{- if .Values.networkPolicy.allowExternalEgress }}
{{- if .Values.operator.networkPolicy.allowExternalEgress }}
egress:
- {}
{{- else }}
@@ -36,7 +36,7 @@ spec:
- port: 53
protocol: TCP
# Allow access to kube-apiserver
{{- range $port := .Values.networkPolicy.kubeAPIServerPorts }}
{{- range $port := .Values.operator.networkPolicy.kubeAPIServerPorts }}
- port: {{ $port }}
{{- end }}
# PostgreSQL instances have the label cnpg.io/podRole: "instance"
@@ -44,8 +44,8 @@ spec:
- podSelector:
matchLabels:
cnpg.io/podRole: "instance"
{{- if not .Values.watchAllNamespaces }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.watchNamespaces }}
{{- if not .Values.operator.watchAllNamespaces }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.operator.watchNamespaces }}
namespaceSelector:
matchExpressions:
- key: namespace
@@ -55,40 +55,40 @@ spec:
- {{ $namespace }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- if .Values.operator.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.operator.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.containerPorts.webhook }}
{{- if .Values.metrics.enabled }}
- port: {{ .Values.containerPorts.metrics }}
- port: {{ .Values.operator.containerPorts.webhook }}
{{- if .Values.operator.metrics.enabled }}
- port: {{ .Values.operator.containerPorts.metrics }}
{{- end }}
{{- if not .Values.networkPolicy.allowExternal }}
{{- if not .Values.operator.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: cloudnative-pg
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
{{ template "cloudnative-pg.operator.fullname" . }}-client: "true"
{{- if .Values.operator.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
{{- range $key, $value := .Values.operator.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
{{- if .Values.operator.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
{{- range $key, $value := .Values.operator.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- if .Values.operator.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.operator.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

14
bitnami/cloudnative-pg/templates/pdb.yaml → bitnami/cloudnative-pg/templates/operator/pdb.yaml
View File

@@ -3,11 +3,11 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.pdb.create }}
{{- if .Values.operator.pdb.create }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "common.names.fullname" . }}
name: {{ template "cloudnative-pg.operator.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
@@ -16,13 +16,13 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pdb.minAvailable }}
minAvailable: {{ .Values.pdb.minAvailable }}
{{- if .Values.operator.pdb.minAvailable }}
minAvailable: {{ .Values.operator.pdb.minAvailable }}
{{- end }}
{{- if or .Values.pdb.maxUnavailable ( not .Values.pdb.minAvailable ) }}
maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }}
{{- if or .Values.operator.pdb.maxUnavailable ( not .Values.operator.pdb.minAvailable ) }}
maxUnavailable: {{ .Values.operator.pdb.maxUnavailable | default 1 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg

10
bitnami/cloudnative-pg/templates/role.yaml → bitnami/cloudnative-pg/templates/operator/role.yaml
View File

@@ -3,14 +3,14 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.rbac.create (not .Values.watchAllNamespaces) }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.watchNamespaces }}
{{- if and .Values.operator.rbac.create (not .Values.operator.watchAllNamespaces) }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.operator.watchNamespaces }}
{{- range $namespace := $watchNamespaces }}
---
kind: Role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }}
metadata:
name: {{ include "common.names.fullname" $ | trunc 63 | trimSuffix "-" }}
name: {{ include "cloudnative-pg.operator.fullname" $ | trunc 63 | trimSuffix "-" }}
namespace: {{ $namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
@@ -210,8 +210,8 @@ rules:
- list
- patch
- watch
{{- if $.Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.rbac.rules "context" $ ) | nindent 2 }}
{{- if $.Values.operator.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.operator.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

10
bitnami/cloudnative-pg/templates/rolebinding.yaml → bitnami/cloudnative-pg/templates/operator/rolebinding.yaml
View File

@@ -3,14 +3,14 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (not .Values.watchAllNamespaces) }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.watchNamespaces }}
{{- if and (not .Values.operator.watchAllNamespaces) }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.operator.watchNamespaces }}
{{- range $namespace := $watchNamespaces }}
---
kind: RoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }}
metadata:
name: {{ include "common.names.fullname" $ | trunc 63 | trimSuffix "-" }}
name: {{ include "cloudnative-pg.operator.fullname" $ | trunc 63 | trimSuffix "-" }}
namespace: {{ $namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
@@ -21,10 +21,10 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "common.names.fullname" $ | trunc 63 | trimSuffix "-" }}
name: {{ include "cloudnative-pg.operator.fullname" $ | trunc 63 | trimSuffix "-" }}
subjects:
- kind: ServiceAccount
name: {{ template "cloudnative-pg.serviceAccountName" $ }}
name: {{ template "cloudnative-pg.operator.serviceAccountName" $ }}
namespace: {{ include "common.names.namespace" $ | quote }}
{{- end }}
{{- end }}

6
bitnami/cloudnative-pg/templates/secret.yaml → bitnami/cloudnative-pg/templates/operator/secret.yaml
View File

@@ -3,11 +3,11 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.secretConfiguration (not .Values.existingSecret) }}
{{- if and .Values.operator.secretConfiguration (not .Values.operator.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
name: {{ include "cloudnative-pg.operator.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
@@ -15,5 +15,5 @@ metadata:
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
stringData: {{- include "common.tplvalues.render" (dict "value" .Values.secretConfiguration "context" $) | nindent 2 }}
stringData: {{- include "common.tplvalues.render" (dict "value" .Values.operator.secretConfiguration "context" $) | nindent 2 }}
{{- end }}

18
bitnami/cloudnative-pg/templates/operator/service-account.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.operator.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "cloudnative-pg.operator.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.operator.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.operator.serviceAccount.automountServiceAccountToken }}
{{- end }}

50
bitnami/cloudnative-pg/templates/operator/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.operator.metrics.enabled .Values.operator.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "cloudnative-pg.operator.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.operator.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- if or .Values.operator.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.operator.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- if .Values.operator.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.operator.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: http-metrics
path: "/metrics"
{{- if .Values.operator.metrics.serviceMonitor.interval }}
interval: {{ .Values.operator.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.operator.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.operator.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.operator.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.operator.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.operator.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.operator.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.operator.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.operator.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

18
bitnami/cloudnative-pg/templates/validatingwebhookconfiguration.yaml → bitnami/cloudnative-pg/templates/operator/validatingwebhookconfiguration.yaml
View File

@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.webhook.validating.create }}
{{- if .Values.operator.webhook.validating.create }}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
@@ -24,8 +24,8 @@ webhooks:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /validate-postgresql-cnpg-io-v1-backup
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
port: {{ .Values.operator.service.ports.webhook }}
failurePolicy: {{ .Values.operator.webhook.validating.failurePolicy }}
name: vbackup.cnpg.io
rules:
- apiGroups:
@@ -45,8 +45,8 @@ webhooks:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /validate-postgresql-cnpg-io-v1-cluster
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
port: {{ .Values.operator.service.ports.webhook }}
failurePolicy: {{ .Values.operator.webhook.validating.failurePolicy }}
name: vcluster.cnpg.io
rules:
- apiGroups:
@@ -66,8 +66,8 @@ webhooks:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /validate-postgresql-cnpg-io-v1-scheduledbackup
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
port: {{ .Values.operator.service.ports.webhook }}
failurePolicy: {{ .Values.operator.webhook.validating.failurePolicy }}
name: vscheduledbackup.cnpg.io
rules:
- apiGroups:
@@ -87,8 +87,8 @@ webhooks:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /validate-postgresql-cnpg-io-v1-pooler
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
port: {{ .Values.operator.service.ports.webhook }}
failurePolicy: {{ .Values.operator.webhook.validating.failurePolicy }}
name: vpooler.cnpg.io
rules:
- apiGroups:

20
bitnami/cloudnative-pg/templates/vpa.yaml → bitnami/cloudnative-pg/templates/operator/vpa.yaml
View File

@@ -3,42 +3,42 @@ Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.autoscaling.vpa.enabled }}
{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.operator.autoscaling.vpa.enabled }}
apiVersion: {{ include "common.capabilities.vpa.apiVersion" . }}
kind: VerticalPodAutoscaler
metadata:
name: {{ include "common.names.fullname" . }}
name: {{ include "cloudnative-pg.operator.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if or .Values.autoscaling.vpa.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }}
{{- if or .Values.operator.autoscaling.vpa.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
resourcePolicy:
containerPolicies:
- containerName: cloudnative-pg
{{- with .Values.autoscaling.vpa.controlledResources }}
{{- with .Values.operator.autoscaling.vpa.controlledResources }}
controlledResources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.autoscaling.vpa.maxAllowed }}
{{- with .Values.operator.autoscaling.vpa.maxAllowed }}
maxAllowed:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.autoscaling.vpa.minAllowed }}
{{- with .Values.operator.autoscaling.vpa.minAllowed }}
minAllowed:
{{- toYaml . | nindent 8 }}
{{- end }}
targetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ include "common.names.fullname" . }}
{{- if .Values.autoscaling.vpa.updatePolicy }}
name: {{ include "cloudnative-pg.operator.fullname" . }}
{{- if .Values.operator.autoscaling.vpa.updatePolicy }}
updatePolicy:
{{- with .Values.autoscaling.vpa.updatePolicy.updateMode }}
{{- with .Values.operator.autoscaling.vpa.updatePolicy.updateMode }}
updateMode: {{ . }}
{{- end }}
{{- end }}

60
bitnami/cloudnative-pg/templates/operator/webhook-service.yaml Normal file
View File

@@ -0,0 +1,60 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
# Service name hardcoded in cloudnative-pg code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels .Values.operator.service.labels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if or .Values.operator.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.service.annotations .Values.commonAnnotations ) "context" . ) }}
annotations:
{{- if or .Values.operator.service.annotations .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.operator.service.type }}
{{- if and .Values.operator.service.clusterIP (eq .Values.operator.service.type "ClusterIP") }}
clusterIP: {{ .Values.operator.service.clusterIP }}
{{- end }}
{{- if .Values.operator.service.sessionAffinity }}
sessionAffinity: {{ .Values.operator.service.sessionAffinity }}
{{- end }}
{{- if .Values.operator.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.operator.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.operator.service.type "LoadBalancer") (eq .Values.operator.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.operator.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.operator.service.type "LoadBalancer") (not (empty .Values.operator.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.operator.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.operator.service.type "LoadBalancer") (not (empty .Values.operator.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.operator.service.loadBalancerIP }}
{{- end }}
ports:
- name: http-webhook
port: {{ .Values.operator.service.ports.webhook }}
protocol: TCP
{{- if and (or (eq .Values.operator.service.type "NodePort") (eq .Values.operator.service.type "LoadBalancer")) (not (empty .Values.operator.service.nodePorts.webhook)) }}
nodePort: {{ .Values.operator.service.nodePorts.webhook }}
{{- else if eq .Values.operator.service.type "ClusterIP" }}
nodePort: null
{{- end }}
targetPort: http-webhook
{{- if .Values.operator.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.operator.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.operator.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator

65
bitnami/cloudnative-pg/templates/plugin-barman-cloud/ca-cert.yaml Normal file
View File

@@ -0,0 +1,65 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.pluginBarmanCloud.tls.autoGenerated.enabled (eq .Values.pluginBarmanCloud.tls.autoGenerated.engine "cert-manager") }}
{{- if empty .Values.pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuer }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ printf "%s-clusterissuer" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
selfSigned: {}
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ printf "%s-ca-tls" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
secretName: {{ printf "%s-ca-tls" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) }}
commonName: {{ include "cloudnative-pg.plugin-barman-cloud.fullname" . }}
isCA: true
issuerRef:
name: {{ default (printf "%s-clusterissuer" (include "cloudnative-pg.plugin-barman-cloud.fullname" .)) .Values.pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuer }}
kind: {{ default "Issuer" .Values.pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuerKind }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ printf "%s-ca-issuer" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
ca:
secretName: {{ printf "%s-ca-tls" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) }}
{{- end }}

55
bitnami/cloudnative-pg/templates/plugin-barman-cloud/certs.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.pluginBarmanCloud.tls.autoGenerated.enabled (eq .Values.pluginBarmanCloud.tls.autoGenerated.engine "cert-manager") }}
{{/* We create two certs, one for the client and another for the server. Depending on whether these are provided or not */}}
{{- $secrets := list }}
{{- if not .Values.pluginBarmanCloud.tls.server.existingSecret }}
{{- $secrets = append $secrets (printf "%s-server-crt" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-") }}
{{- end }}
{{- if not .Values.pluginBarmanCloud.tls.client.existingSecret }}
{{- $secrets = append $secrets (printf "%s-client-crt" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-") }}
{{- end }}
{{- range $secret := $secrets }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ $secret }}
namespace: {{ include "common.names.namespace" $ | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels $.Values.commonLabels) "context" $ ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
secretName: {{ $secret }}
commonName: {{ printf "%s.%s.svc.%s" (include "cloudnative-pg.plugin-barman-cloud.fullname" $) (include "common.names.namespace" $) $.Values.clusterDomain }}
issuerRef:
name: {{ default (printf "%s-clusterissuer" (include "cloudnative-pg.plugin-barman-cloud.fullname" $)) $.Values.pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuer }}
kind: {{ default "Issuer" $.Values.pluginBarmanCloud.tls.autoGenerated.certManager.existingIssuerKind }}
subject:
organizations:
- "Barman Cloud Plugin"
dnsNames:
- '{{ include "cloudnative-pg.plugin-barman-cloud.fullname" $ }}'
- '*.{{ include "common.names.namespace" $ }}'
- '*.{{ include "common.names.namespace" $ }}.svc'
- '*.{{ include "common.names.namespace" $ }}.svc.{{ $.Values.clusterDomain }}'
- '*.{{ include "cloudnative-pg.plugin-barman-cloud.fullname" $ }}'
- '*.{{ include "cloudnative-pg.plugin-barman-cloud.fullname" $ }}.{{ include "common.names.namespace" $ }}'
- '*.{{ include "cloudnative-pg.plugin-barman-cloud.fullname" $ }}.{{ include "common.names.namespace" $ }}.svc'
- '*.{{ include "cloudnative-pg.plugin-barman-cloud.fullname" $ }}.{{ include "common.names.namespace" $ }}.svc.{{ $.Values.clusterDomain }}'
privateKey:
algorithm: {{ $.Values.pluginBarmanCloud.tls.autoGenerated.certManager.keyAlgorithm }}
size: {{ int $.Values.pluginBarmanCloud.tls.autoGenerated.certManager.keySize }}
duration: {{ $.Values.pluginBarmanCloud.tls.autoGenerated.certManager.duration }}
renewBefore: {{ $.Values.pluginBarmanCloud.tls.autoGenerated.certManager.renewBefore }}
{{- end }}
{{- end }}

100
bitnami/cloudnative-pg/templates/plugin-barman-cloud/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,100 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.pluginBarmanCloud.enabled .Values.pluginBarmanCloud.rbac.create }}
kind: ClusterRoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" . }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ template "cloudnative-pg.plugin-barman-cloud.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
---
kind: ClusterRoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ printf "%s-metrics-auth" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" .) | trunc 64 | trimSuffix "-" }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ printf "%s-metrics-auth" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" .) | trunc 64 | trimSuffix "-" }}
subjects:
- kind: ServiceAccount
name: {{ template "cloudnative-pg.plugin-barman-cloud.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
---
kind: ClusterRoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ printf "%s-objectstore-editor" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" .) | trunc 64 | trimSuffix "-" }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ printf "%s-objectstore-editor" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" .) | trunc 64 | trimSuffix "-" }}
subjects:
- kind: ServiceAccount
name: {{ template "cloudnative-pg.plugin-barman-cloud.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- if and .Values.pluginBarmanCloud.metrics.enabled .Values.pluginBarmanCloud.metrics.allowedServiceAccounts }}
{{- range $sa := .Values.pluginBarmanCloud.metrics.allowedServiceAccounts }}
---
{{- $saName := tpl $sa.name $ }}
{{- $saNamespace := tpl $sa.namespace $ }}
kind: ClusterRoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }}
metadata:
name: {{ printf "%s-%s-metrics-read" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" $) $saName | trunc 64 | trimSuffix "-" }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels $.Values.commonLabels) "context" $ ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ printf "%s-metrics-reader" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" $) | trunc 64 | trimSuffix "-" }}
subjects:
- kind: ServiceAccount
name: {{ $saName }}
namespace: {{ $saNamespace | quote }}
{{- end }}
{{- end }}
{{- end }}

159
bitnami/cloudnative-pg/templates/plugin-barman-cloud/clusterroles.yaml Normal file
View File

@@ -0,0 +1,159 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.pluginBarmanCloud.enabled .Values.pluginBarmanCloud.rbac.create }}
kind: ClusterRole
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" . }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- barmancloud.cnpg.io
resources:
- objectstores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- barmancloud.cnpg.io
resources:
- objectstores/finalizers
verbs:
- update
- apiGroups:
- barmancloud.cnpg.io
resources:
- objectstores/status
verbs:
- get
- patch
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- backups
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- get
- list
- patch
- update
- watch
{{- if .Values.pluginBarmanCloud.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.pluginBarmanCloud.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}
---
kind: ClusterRole
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ printf "%s-metrics-auth" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" .) | trunc 64 | trimSuffix "-" }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
kind: ClusterRole
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ printf "%s-metrics-reader" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" .) | trunc 64 | trimSuffix "-" }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- nonResourceURLs:
- "/metrics"
verbs:
- get
---
kind: ClusterRole
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ printf "%s-objectstore-editor" (include "cloudnative-pg.plugin-barman-cloud.fullname.namespace" .) | trunc 64 | trimSuffix "-" }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- barmancloud.cnpg.io
resources:
- objectstores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- barmancloud.cnpg.io
resources:
- objectstores/status
verbs:
- get
{{- end }}

192
bitnami/cloudnative-pg/templates/plugin-barman-cloud/deployment.yaml Normal file
View File

@@ -0,0 +1,192 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.pluginBarmanCloud.enabled }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "cloudnative-pg.plugin-barman-cloud.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.pluginBarmanCloud.autoscaling.hpa.enabled }}
replicas: {{ .Values.pluginBarmanCloud.replicaCount }}
{{- end }}
{{- if .Values.pluginBarmanCloud.updateStrategy }}
strategy: {{- toYaml .Values.pluginBarmanCloud.updateStrategy | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.pluginBarmanCloud.podLabels .Values.commonLabels) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
template:
metadata:
{{- if .Values.pluginBarmanCloud.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
spec:
serviceAccountName: {{ template "cloudnative-pg.plugin-barman-cloud.serviceAccountName" . }}
{{- include "cloudnative-pg.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.pluginBarmanCloud.automountServiceAccountToken }}
{{- if .Values.pluginBarmanCloud.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.pluginBarmanCloud.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.pluginBarmanCloud.podAffinityPreset "component" "operator" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.pluginBarmanCloud.podAntiAffinityPreset "component" "operator" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.pluginBarmanCloud.nodeAffinityPreset.type "key" .Values.pluginBarmanCloud.nodeAffinityPreset.key "values" .Values.pluginBarmanCloud.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.pluginBarmanCloud.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.priorityClassName }}
priorityClassName: {{ .Values.pluginBarmanCloud.priorityClassName | quote }}
{{- end }}
{{- if .Values.pluginBarmanCloud.schedulerName }}
schedulerName: {{ .Values.pluginBarmanCloud.schedulerName | quote }}
{{- end }}
{{- if .Values.pluginBarmanCloud.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.pluginBarmanCloud.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.pluginBarmanCloud.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.pluginBarmanCloud.initContainers }}
initContainers:
{{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: plugin-barman-cloud
image: {{ template "cloudnative-pg.plugin-barman-cloud.image" . }}
imagePullPolicy: {{ .Values.pluginBarmanCloud.image.pullPolicy }}
{{- if .Values.pluginBarmanCloud.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.pluginBarmanCloud.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.args "context" $) | nindent 12 }}
{{- else }}
args:
- operator
- --server-address=:{{ .Values.pluginBarmanCloud.containerPorts.grpc }}
- --health-probe-bind-address=:{{ .Values.pluginBarmanCloud.containerPorts.health }}
- --metrics-bind-address=:{{ .Values.pluginBarmanCloud.containerPorts.metrics }}
- --leader-elect
- --server-cert=/certs/server/tls.crt
- --server-key=/certs/server/tls.key
- --client-cert=/certs/client/tls.crt
{{- if .Values.pluginBarmanCloud.image.debug }}
- --log-level=trace
{{- end }}
{{- if .Values.pluginBarmanCloud.extraArgs }}
{{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.extraArgs "context" $) | nindent 12 }}
{{- end }}
{{- end }}
env:
- name: SIDECAR_IMAGE
value: {{ include "cloudnative-pg.plugin-barman-cloud.sidecar.image" . | quote }}
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
{{- if .Values.pluginBarmanCloud.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.pluginBarmanCloud.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.pluginBarmanCloud.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.pluginBarmanCloud.resources }}
resources: {{- toYaml .Values.pluginBarmanCloud.resources | nindent 12 }}
{{- else if ne .Values.pluginBarmanCloud.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.pluginBarmanCloud.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.pluginBarmanCloud.containerPorts.metrics }}
- name: http-health
containerPort: {{ .Values.pluginBarmanCloud.containerPorts.health }}
- name: grpc
containerPort: {{ .Values.pluginBarmanCloud.containerPorts.grpc }}
{{- if .Values.pluginBarmanCloud.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.pluginBarmanCloud.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.pluginBarmanCloud.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /healthz
port: http-health
{{- end }}
{{- if .Values.pluginBarmanCloud.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.pluginBarmanCloud.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.pluginBarmanCloud.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: http-health
{{- end }}
{{- if .Values.pluginBarmanCloud.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.pluginBarmanCloud.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.pluginBarmanCloud.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: http-health
{{- end }}
{{- if .Values.pluginBarmanCloud.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: client-certificate
mountPath: /certs/client
- name: server-certificate
mountPath: /certs/server
{{- if .Values.pluginBarmanCloud.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.pluginBarmanCloud.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: client-certificate
secret:
defaultMode: 420
secretName: {{ include "cloudnative-pg.plugin-barman-cloud.tlsClientSecretName" . }}
- name: server-certificate
secret:
defaultMode: 420
secretName: {{ include "cloudnative-pg.plugin-barman-cloud.tlsServerSecretName" . }}
{{- if .Values.pluginBarmanCloud.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

42
bitnami/cloudnative-pg/templates/plugin-barman-cloud/hpa.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.pluginBarmanCloud.enabled .Values.pluginBarmanCloud.autoscaling.hpa.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ template "cloudnative-pg.plugin-barman-cloud.fullname" . }}
minReplicas: {{ .Values.pluginBarmanCloud.autoscaling.hpa.minReplicas }}
maxReplicas: {{ .Values.pluginBarmanCloud.autoscaling.hpa.maxReplicas }}
metrics:
{{- if .Values.pluginBarmanCloud.autoscaling.hpa.targetCPU }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.pluginBarmanCloud.autoscaling.hpa.targetCPU }}
{{- end }}
{{- if .Values.pluginBarmanCloud.autoscaling.hpa.targetMemory }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.pluginBarmanCloud.autoscaling.hpa.targetMemory }}
{{- end }}
{{- end }}

38
bitnami/cloudnative-pg/templates/plugin-barman-cloud/metrics-service.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.pluginBarmanCloud.enabled .Values.pluginBarmanCloud.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels .Values.pluginBarmanCloud.metrics.service.labels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- $defaultAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" (.Values.pluginBarmanCloud.metrics.service.ports.metrics | quote) "prometheus.io/path" "/metrics" }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list $defaultAnnotations .Values.pluginBarmanCloud.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.pluginBarmanCloud.metrics.service.sessionAffinity }}
{{- if .Values.pluginBarmanCloud.metrics.service.clusterIP }}
clusterIP: {{ .Values.pluginBarmanCloud.metrics.service.clusterIP }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.pluginBarmanCloud.metrics.service.ports.metrics }}
protocol: TCP
targetPort: http-metrics
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- end }}

86
bitnami/cloudnative-pg/templates/plugin-barman-cloud/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,86 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.pluginBarmanCloud.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "cloudnative-pg.plugin-barman-cloud.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: plugin-barman-cloud
app.kubernetes.io/part-of: cloudnative-pg
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.pluginBarmanCloud.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
policyTypes:
- Ingress
- Egress
{{- if .Values.pluginBarmanCloud.networkPolicy.allowExternalEgress }}
egress:
- {}
{{- else }}
egress:
- ports:
# Allow dns resolution
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# Allow access to kube-apiserver
{{- range $port := .Values.pluginBarmanCloud.networkPolicy.kubeAPIServerPorts }}
- port: {{ $port }}
{{- end }}
# PostgreSQL instances have the label cnpg.io/podRole: "instance". The barman plugin will inject a sidecar
- to:
- podSelector:
matchLabels:
cnpg.io/podRole: "instance"
{{- if .Values.pluginBarmanCloud.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.pluginBarmanCloud.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.pluginBarmanCloud.containerPorts.grpc }}
{{- if .Values.pluginBarmanCloud.metrics.enabled }}
- port: {{ .Values.pluginBarmanCloud.containerPorts.metrics }}
{{- end }}
{{- if not .Values.pluginBarmanCloud.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: cloudnative-pg
- podSelector:
matchLabels:
{{ template "cloudnative-pg.plugin-barman-cloud.fullname" . }}-client: "true"
{{- if .Values.pluginBarmanCloud.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.pluginBarmanCloud.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.pluginBarmanCloud.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.pluginBarmanCloud.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.pluginBarmanCloud.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.pluginBarmanCloud.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

33
bitnami/cloudnative-pg/templates/plugin-barman-cloud/pdb.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.pluginBarmanCloud.pdb.create }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "cloudnative-pg.plugin-barman-cloud.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pluginBarmanCloud.pdb.minAvailable }}
minAvailable: {{ .Values.pluginBarmanCloud.pdb.minAvailable }}
{{- end }}
{{- if or .Values.pluginBarmanCloud.pdb.maxUnavailable ( not .Values.pluginBarmanCloud.pdb.minAvailable ) }}
maxUnavailable: {{ .Values.pluginBarmanCloud.pdb.maxUnavailable | default 1 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.pluginBarmanCloud.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- end }}

53
bitnami/cloudnative-pg/templates/plugin-barman-cloud/role.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.pluginBarmanCloud.rbac.create }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ printf "%s-leader-election" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
{{- end }}

29
bitnami/cloudnative-pg/templates/plugin-barman-cloud/rolebinding.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.pluginBarmanCloud.rbac.create }}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ printf "%s-leader-election" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ printf "%s-leader-election" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-" }}
subjects:
- kind: ServiceAccount
name: {{ template "cloudnative-pg.plugin-barman-cloud.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end }}

21
bitnami/cloudnative-pg/templates/plugin-barman-cloud/service-account.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.pluginBarmanCloud.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "cloudnative-pg.plugin-barman-cloud.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
{{- if or .Values.pluginBarmanCloud.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.pluginBarmanCloud.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.pluginBarmanCloud.serviceAccount.automountServiceAccountToken }}
{{- end }}

64
bitnami/cloudnative-pg/templates/plugin-barman-cloud/service.yaml Normal file
View File

@@ -0,0 +1,64 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "cloudnative-pg.plugin-barman-cloud.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels .Values.pluginBarmanCloud.service.labels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
cnpg.io/pluginName: barman-cloud.cloudnative-pg.io
annotations:
cnpg.io/pluginClientSecret: {{ include "cloudnative-pg.plugin-barman-cloud.tlsClientSecretName" . }}
cnpg.io/pluginServerSecret: {{ include "cloudnative-pg.plugin-barman-cloud.tlsServerSecretName" . }}
cnpg.io/pluginPort: {{ .Values.pluginBarmanCloud.service.ports.grpc | quote }}
{{- if or .Values.pluginBarmanCloud.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.pluginBarmanCloud.service.annotations .Values.commonAnnotations ) "context" . ) }}
{{- if or .Values.pluginBarmanCloud.service.annotations .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.pluginBarmanCloud.service.type }}
{{- if and .Values.pluginBarmanCloud.service.clusterIP (eq .Values.pluginBarmanCloud.service.type "ClusterIP") }}
clusterIP: {{ .Values.pluginBarmanCloud.service.clusterIP }}
{{- end }}
{{- if .Values.pluginBarmanCloud.service.sessionAffinity }}
sessionAffinity: {{ .Values.pluginBarmanCloud.service.sessionAffinity }}
{{- end }}
{{- if .Values.pluginBarmanCloud.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.pluginBarmanCloud.service.type "LoadBalancer") (eq .Values.pluginBarmanCloud.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.pluginBarmanCloud.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.pluginBarmanCloud.service.type "LoadBalancer") (not (empty .Values.pluginBarmanCloud.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.pluginBarmanCloud.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.pluginBarmanCloud.service.type "LoadBalancer") (not (empty .Values.pluginBarmanCloud.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.pluginBarmanCloud.service.loadBalancerIP }}
{{- end }}
ports:
- name: grpc
port: {{ .Values.pluginBarmanCloud.service.ports.grpc }}
protocol: TCP
{{- if and (or (eq .Values.pluginBarmanCloud.service.type "NodePort") (eq .Values.pluginBarmanCloud.service.type "LoadBalancer")) (not (empty .Values.pluginBarmanCloud.service.nodePorts.grpc)) }}
nodePort: {{ .Values.pluginBarmanCloud.service.nodePorts.grpc }}
{{- else if eq .Values.pluginBarmanCloud.service.type "ClusterIP" }}
nodePort: null
{{- end }}
targetPort: grpc
{{- if .Values.pluginBarmanCloud.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.pluginBarmanCloud.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud

54
bitnami/cloudnative-pg/templates/plugin-barman-cloud/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,54 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.pluginBarmanCloud.metrics.enabled .Values.pluginBarmanCloud.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "cloudnative-pg.plugin-barman-cloud.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.pluginBarmanCloud.metrics.serviceMonitor.namespace | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.pluginBarmanCloud.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- if or .Values.pluginBarmanCloud.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.pluginBarmanCloud.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.pluginBarmanCloud.metrics.serviceMonitor.jobLabel | quote }}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $labels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- if .Values.pluginBarmanCloud.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.pluginBarmanCloud.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: http-metrics
path: "/metrics"
{{- if .Values.pluginBarmanCloud.metrics.serviceMonitor.interval }}
interval: {{ .Values.pluginBarmanCloud.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.pluginBarmanCloud.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.pluginBarmanCloud.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.pluginBarmanCloud.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.pluginBarmanCloud.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.pluginBarmanCloud.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.pluginBarmanCloud.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.pluginBarmanCloud.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.pluginBarmanCloud.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

56
bitnami/cloudnative-pg/templates/plugin-barman-cloud/tls-secret.yaml Normal file
View File

@@ -0,0 +1,56 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.pluginBarmanCloud.tls.autoGenerated.enabled (eq .Values.pluginBarmanCloud.tls.autoGenerated.engine "helm") }}
{{- $ca := genCA (include "cloudnative-pg.plugin-barman-cloud.fullname" .) 365 }}
{{- $altNames := list (include "cloudnative-pg.plugin-barman-cloud.fullname" .) "localhost" "127.0.0.1" }}
{{/* We create two certs, one for the client and another for the server. Depending on whether these are provided or not */}}
{{- $secrets := list }}
{{- if not .Values.pluginBarmanCloud.tls.server.existingSecret }}
{{- $secrets = append $secrets (
dict
"name" (printf "%s-server-crt" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-")
"cert" .Values.pluginBarmanCloud.tls.server.cert
"key" .Values.pluginBarmanCloud.tls.server.key
) }}
{{- end }}
{{- if not .Values.pluginBarmanCloud.tls.client.existingSecret }}
{{- $secrets = append $secrets (
dict
"name" (printf "%s-client-crt" (include "cloudnative-pg.plugin-barman-cloud.fullname" .) | trunc 63 | trimSuffix "-")
"cert" .Values.pluginBarmanCloud.tls.client.cert
"key" .Values.pluginBarmanCloud.tls.client.key
) }}
{{- end }}
{{ range $secret := $secrets }}
{{- $secretName := $secret.name }}
{{- $autogenCert := genSignedCert (include "cloudnative-pg.plugin-barman-cloud.fullname" $) nil $altNames 365 $ca }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" $ | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels $.Values.commonLabels) "context" $ ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
{{- if $.Values.pluginBarmanCloud.tls.autoGenerated.enabled }}
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $autogenCert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $autogenCert.Key "context" $) }}
{{- else }}
data:
tls.crt: {{ $secret.cert | b64enc | quote }}
tls.key: {{ $secret.key | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

48
bitnami/cloudnative-pg/templates/plugin-barman-cloud/vpa.yaml Normal file
View File

@@ -0,0 +1,48 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.pluginBarmanCloud.autoscaling.vpa.enabled }}
apiVersion: {{ include "common.capabilities.vpa.apiVersion" . }}
kind: VerticalPodAutoscaler
metadata:
name: {{ include "cloudnative-pg.plugin-barman-cloud.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- /* Updating app.kubernetes.io/name because to avoid "duplicate deployment" error: https://github.com/cloudnative-pg/cloudnative-pg/blob/9c2769815ff78cbfc28e2a2818f3a04add33477c/pkg/certs/operator_deployment.go#L120 */}}
{{- $appNameLabels := dict "app.kubernetes.io/name" "plugin-barman-cloud" }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $appNameLabels .Values.commonLabels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: plugin-barman-cloud
{{- if or .Values.pluginBarmanCloud.autoscaling.vpa.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.pluginBarmanCloud.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
resourcePolicy:
containerPolicies:
- containerName: cloudnative-pg
{{- with .Values.pluginBarmanCloud.autoscaling.vpa.controlledResources }}
controlledResources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.pluginBarmanCloud.autoscaling.vpa.maxAllowed }}
maxAllowed:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.pluginBarmanCloud.autoscaling.vpa.minAllowed }}
minAllowed:
{{- toYaml . | nindent 8 }}
{{- end }}
targetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ include "cloudnative-pg.plugin-barman-cloud.fullname" . }}
{{- if .Values.pluginBarmanCloud.autoscaling.vpa.updatePolicy }}
updatePolicy:
{{- with .Values.pluginBarmanCloud.autoscaling.vpa.updatePolicy.updateMode }}
updateMode: {{ . }}
{{- end }}
{{- end }}
{{- end }}

18
bitnami/cloudnative-pg/templates/service-account.yaml
View File

@@ -1,18 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "cloudnative-pg.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

50
bitnami/cloudnative-pg/templates/servicemonitor.yaml
View File

@@ -1,50 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: http-metrics
path: "/metrics"
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

60
bitnami/cloudnative-pg/templates/webhook-service.yaml
View File

@@ -1,60 +0,0 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
# Service name hardcoded in cloudnative-pg code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels .Values.service.labels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
annotations:
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: http-webhook
port: {{ .Values.service.ports.webhook }}
protocol: TCP
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.webhook)) }}
nodePort: {{ .Values.service.nodePorts.webhook }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
targetPort: http-webhook
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator

1794
bitnami/cloudnative-pg/values.yaml
View File

File diff suppressed because it is too large Load Diff