Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-04-05 08:47:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/cloudnative-pg] feat: 🎉 Add chart (#31908)

Browse Source 
* [bitnami/cloudnative-pg] feat: 🎉 Add chart

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* chore: ✏️ Rename workload

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* fix: 🐛 Update runtime-parameters

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* docs: 📝 Improve NOTES.txt

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* chore: 🔥 Remove ingress

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* chore: ♻️ Apply suggestions from code review

Co-authored-by: Juan Ariza Toledano <jariza@vmware.com>
Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* test:  Update parameters

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* test:  Allow insecure

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* chore: 🚨 Fix indentations

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* chore: 🔧 Allow insecure

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* chore: ♻️ Minor refactoring

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* fix: 🐛 remove $versionlabel

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* fix: 🐛 Apply suggestions from code review

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* chore: ⬆️ Bump common library

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* chore: 🔧 Update postgresql image

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>

---------

Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Juan Ariza Toledano <jariza@vmware.com>
This commit is contained in:
Javier J. Salmerón García
2025-02-24 13:12:15 +01:00
committed by GitHub
parent 6af5812bc8
commit deb16ef112
39 changed files with 19592 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.vib/cloudnative-pg/goss/goss.yaml Normal file
View File

@@ -0,0 +1,27 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
http:
https://cnpg-webhook-service:{{ .Vars.service.ports.webhook }}/readyz:
status: 200
allow-insecure: true
http://cloudnative-pg-metrics:{{ .Vars.metrics.service.ports.metrics }}/metrics:
status: 200
body:
- /controller_runtime_reconcile_time_seconds_bucket/
# Ports hardcoded in the operator
addr:
tcp://vib-cluster-example-r:5432:
reachable: true
tcp://vib-cluster-example-rw:5432:
reachable: true
tcp://vib-cluster-example-ro:5432:
reachable: true
{{- $username := (index .Vars.extraDeploy 0).stringData.username }}
{{- $password := (index .Vars.extraDeploy 0).stringData.password }}
command:
check-auth-and-cluster-status:
exec: PGPASSWORD={{ $password }} psql -U {{ $username }} -d postgres -h vib-cluster-example-rw -c "SELECT client_addr, state FROM pg_stat_replication;"
exit-status: 0
stdout:
- /2 rows/

118
.vib/cloudnative-pg/runtime-parameters.yaml Normal file
View File

@@ -0,0 +1,118 @@
extraDeploy:
# Taken from https://cloudnative-pg.io/documentation/1.25/declarative_role_management/
- apiVersion: v1
kind: Secret
metadata:
name: vib-cluster-example-user
labels:
cnpg.io/reload: "true"
type: kubernetes.io/basic-auth
stringData:
username: vib_user
password: bitnami1234
- apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: vib-cluster-example
spec:
instances: 3
storage:
size: 1Gi
managed:
roles:
- name: vib_user
ensure: present
comment: VIB User
login: true
superuser: true
passwordSecret:
name: vib-cluster-example-user
# We cannot run goss tests in the actual instances because it's ReadOnlyRootFilesystem and it is not configurable
# Instead we deploy a PostgreSQL client
- apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: postgresql
name: vib-postgresql-test
spec:
replicas: 1
selector:
matchLabels:
app: postgresql
template:
metadata:
labels:
app: postgresql
spec:
containers:
- image: docker.io/bitnami/postgresql:latest
command:
- /bin/bash
args:
- -ec
- |
echo 0 > /tmp/ready
# Wait until the cluster is formed
while true; do
if PGPASSWORD=$POSTGRES_PASSWORD psql -U $POSTGRES_USER -d postgres -h vib-cluster-example-rw -c "SELECT client_addr, state FROM pg_stat_replication;" | grep "2 rows"; then
echo 1 > /tmp/ready
echo "Connected to PostgreSQL"
break
else
echo "Connection failed. Sleeping 10 seconds"
sleep 10
fi
done
sleep infinity
name: postgresql
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: vib-cluster-example-user
key: password
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: vib-cluster-example-user
key: username
startupProbe:
exec:
command:
- sh
- -c
- |
if [ $(cat /tmp/ready) = "1" ]; then
exit 0
else
exit 1
fi
initialDelaySeconds: 40
periodSeconds: 20
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
securityContext:
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
volumeMounts:
- name: empty-dir
mountPath: /tmp
volumes:
- name: empty-dir
emptyDir: {}
service:
ports:
webhook: 443
type: LoadBalancer
metrics:
enabled: true
service:
ports:
metrics: 2311

47
.vib/cloudnative-pg/vib-publish.json Normal file
View File

@@ -0,0 +1,47 @@
{
"phases": {
"package": {
"context": {
"credentials": [
{
"url": "{VIB_ENV_CHARTS_REGISTRY}",
"authn": {
"username": "{VIB_ENV_CHARTS_REGISTRY_USERNAME}",
"password": "{VIB_ENV_CHARTS_REGISTRY_PASSWORD}"
}
}
],
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/cloudnative-pg"
}
},
"actions": [
{
"action_id": "helm-package"
},
{
"action_id": "helm-lint"
}
]
},
"publish": {
"actions": [
{
"action_id": "helm-publish",
"params": {
"repository": {
"kind": "S3",
"url": "{VIB_ENV_S3_URL}",
"authn": {
"access_key_id": "{VIB_ENV_S3_ACCESS_KEY_ID}",
"secret_access_key": "{VIB_ENV_S3_SECRET_ACCESS_KEY}",
"role": "{VIB_ENV_S3_ROLE_ARN}"
}
}
}
}
]
}
}
}

66
.vib/cloudnative-pg/vib-verify.json Normal file
View File

@@ -0,0 +1,66 @@
{
"phases": {
"package": {
"context": {
"credentials": [
{
"url": "{VIB_ENV_CHARTS_REGISTRY}",
"authn": {
"username": "{VIB_ENV_CHARTS_REGISTRY_USERNAME}",
"password": "{VIB_ENV_CHARTS_REGISTRY_PASSWORD}"
}
}
],
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/cloudnative-pg"
}
},
"actions": [
{
"action_id": "helm-package"
},
{
"action_id": "helm-lint"
}
]
},
"verify": {
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/cloudnative-pg"
},
"target_platform": {
"target_platform_id": "{VIB_ENV_ALTERNATIVE_TARGET_PLATFORM}",
"size": {
"name": "M4"
}
}
},
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "cloudnative-pg/goss/goss.yaml",
"vars_file": "cloudnative-pg/runtime-parameters.yaml",
"remote": {
"pod": {
"workload": "deploy-vib-postgresql-test"
}
}
}
},
{
"action_id": "kubescape",
"params": {
"threshold": {VIB_ENV_KUBESCAPE_SCORE_THRESHOLD}
}
}
]
}
}
}

25
bitnami/cloudnative-pg/.helmignore Normal file
View File

@@ -0,0 +1,25 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# img folder
img/
# Changelog
CHANGELOG.md

5
bitnami/cloudnative-pg/CHANGELOG.md Normal file
View File

@@ -0,0 +1,5 @@
# Changelog
## 0.1.0 (2025-02-24)
* [bitnami/cloudnative-pg] feat: :tada: Add chart ([#31908](https://github.com/bitnami/charts/pull/31908))

6
bitnami/cloudnative-pg/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.30.0
digest: sha256:46afdf79eae69065904d430f03f7e5b79a148afed20aa45ee83ba88adc036169
generated: "2025-02-20T12:53:55.537884667+01:00"

33
bitnami/cloudnative-pg/Chart.yaml Normal file
View File

@@ -0,0 +1,33 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
annotations:
category: Infrastructure
licenses: Apache-2.0
images: |
- name: cloudnative-pg
image: docker.io/bitnami/cloudnative-pg:1.25.0-debian-12-r1
- name: postgresql
image: docker.io/bitnami/postgresql:17.4.0-debian-12-r2
apiVersion: v2
appVersion: 1.25.0
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
description: CloudNativePG is an open-source tool for managing PostgreSQL databases on Kubernetes, from setup to ongoing upkeep
home: https://bitnami.com
icon: https://bitnami.com/assets/stacks/cloudnative-pg/img/cloudnative-pg-stack-220x234.png
keywords:
- cloudnative-pg
- operator
- postgresql
maintainers:
- name: Broadcom, Inc. All Rights Reserved.
url: https://github.com/bitnami/charts
name: cloudnative-pg
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/cloudnative-pg
version: 0.1.0

413
bitnami/cloudnative-pg/README.md Normal file
View File

@@ -0,0 +1,413 @@
<!--- app-name: CloudNative-PG -->
# Bitnami package for CloudNative-PG
CloudNativePG is an open-source tool for managing PostgreSQL databases on Kubernetes, from setup to ongoing upkeep
[Overview of cloudnative-pg](https://cloudnative-pg.io)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/cloudnative-pg
```
Looking to use CloudNativePG in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog.
## Introduction
This chart bootstraps a [CloudNativePG](https://github.com/bitnami/containers/tree/main/bitnami/cloudnative-pg) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
## Prerequisites
- Kubernetes 1.23+
- Helm 3.8.0+
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm install my-release REGISTRY_NAME/REPOSITORY_NAME/cloudnative-pg
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
The command deploys CloudNativePG on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Configuration and installation details
### Operator configuration
The Bitnami CloudNativePG chart allows [configuring the operator](https://cloudnative-pg.io/documentation/current/operator_conf/#available-options) using ConfigMaps and Secrets. This is done using the `configuration` and `secretConfiguration` parameters. Both are values are compatible, and the configuration in the `secretConfiguration` section takes precedence over the `configuration` section. In the example below we add extra configuration parameters to the operator:
```yaml
configuration:
EXPIRING_CHECK_THRESHOLD: 12
secretConfiguration:
CERTIFICATE_DURATION: 120
```
It is also possible to use existing ConfigMaps and Secrets using the `existingConfigMap` and `existingSecret` parameters (note that these are not compatible with the `configuration` and `secretConfiguration` parameters).
### Resource requests and limits
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcesPreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### Backup and restore
To back up and restore Helm chart deployments on Kubernetes, you need to back up the persistent volumes from the source deployment and attach them to a new deployment using [Velero](https://velero.io/), a Kubernetes backup/restore tool. Find the instructions for using Velero in [this guide](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-backup-restore-deployments-velero-index.html).
### Prometheus metrics
This chart can be integrated with Prometheus by setting `metrics.enabled` to true. This will expose the cloudnative-pg native Prometheus endpoint in a `metrics` service, which can be configured under the `metrics.service` section. It will have the necessary annotations to be automatically scraped by Prometheus.
#### Prometheus requirements
It is necessary to have a working installation of Prometheus or Prometheus Operator for the integration to work. Install the [Bitnami Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/prometheus) or the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) to easily have a working Prometheus in your cluster.
#### Integration with Prometheus Operator
The chart can deploy `ServiceMonitor` objects for integration with Prometheus Operator installations. To do so, set the value `metrics.serviceMonitor.enabled=true`. Ensure that the Prometheus Operator `CustomResourceDefinitions` are installed in the cluster or it will fail with the following error:
```text
no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
```
Install the [Bitnami Kube Prometheus helm chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) for having the necessary CRDs and the Prometheus Operator.
### [Rolling VS Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Additional environment variables
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property:
```yaml
extraEnvVars:
- name: LOG_LEVEL
value: error
```
Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values inside the `operator`, `apiserver` and `cluster` sections.
### Sidecars
If additional containers are needed in the same pod as cloudnative-pg (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter:
```yaml
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below:
```yaml
service:
extraPorts:
- name: extraPort
port: 11311
targetPort: 11311
```
If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example:
```yaml
initContainers:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
### Deploying extra resources
Apart from the Operator, you may want to deploy PostgreSQL Cluster, ImageCatalog or other operator objects. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. The following example would creates a PostgreSQL Cluster object with a secret containing the credentials of a role:
```yaml
extraDeploy:
- apiVersion: v1
kind: Secret
metadata:
name: my-cluster-example-user
labels:
cnpg.io/reload: "true"
type: kubernetes.io/basic-auth
stringData:
username: my_user
password: bitnami1234
- apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: my-cluster-example
spec:
instances: 3
storage:
size: 1Gi
managed:
roles:
- name: my_user
ensure: present
comment: MY User
login: true
superuser: true
passwordSecret:
name: my-cluster-example-user
```
Check the [CloudNativePG official documentation](https://cloudnative-pg.io/documentation/current/) for the list of available objects.
### Pod affinity
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters inside the `operator`, `apiserver` and `cluster` sections.
## Parameters
### Global parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` |
| `global.security.allowInsecureImages` | Allows skipping image verification | `false` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
### Common parameters
| Name | Description | Value |
| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| `kubeVersion` | Override Kubernetes version | `""` |
| `apiVersions` | Override Kubernetes API versions reported by .Capabilities | `[]` |
| `nameOverride` | String to partially override common.names.name | `""` |
| `fullnameOverride` | String to fully override common.names.fullname | `""` |
| `namespaceOverride` | String to fully override common.names.namespace | `""` |
| `commonLabels` | Labels to add to all deployed objects | `{}` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `image.registry` | cloudnative-pg Operator image registry | `REGISTRY_NAME` |
| `image.repository` | cloudnative-pg Operator image repository | `REPOSITORY_NAME/cloudnative-pg` |
| `image.digest` | cloudnative-pg Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
| `image.pullPolicy` | cloudnative-pg Operator image pull policy | `IfNotPresent` |
| `image.pullSecrets` | cloudnative-pg Operator image pull secrets | `[]` |
| `image.debug` | Enable cloudnative-pg Operator image debug mode | `false` |
| `postgresqlImage.registry` | PostgreSQL image registry | `REGISTRY_NAME` |
| `postgresqlImage.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` |
| `postgresqlImage.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `replicaCount` | Number of cloudnative-pg Operator replicas to deploy | `1` |
| `containerPorts.metrics` | cloudnative-pg Operator metrics container port | `8080` |
| `containerPorts.webhook` | cloudnative-pg Operator webhook container port | `9443` |
| `livenessProbe.enabled` | Enable livenessProbe on cloudnative-pg Operator containers | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe on cloudnative-pg Operator containers | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe on cloudnative-pg Operator containers | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `watchAllNamespaces` | Watch for cloudnative-pg resources in all namespaces | `true` |
| `watchNamespaces` | Watch for cloudnative-pg resources in the given namespaces | `[]` |
| `maxConcurrentReconciles` | Maximum concurrent reconciles in the operator | `10` |
| `configuration` | Add configuration settings to a configmap | `{}` |
| `secretConfiguration` | Add configuration settings to a secret | `{}` |
| `existingConfigMap` | Name of a ConfigMap containing the operator configuration | `""` |
| `existingSecret` | Name of a Secret containing the operator secret configuration | `""` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if operator.resources is set (operator.resources is recommended for production). | `nano` |
| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `podSecurityContext.enabled` | Enabled cloudnative-pg Operator pods' Security Context | `true` |
| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `podSecurityContext.fsGroup` | Set cloudnative-pg Operator pod's Security Context fsGroup | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `hostAliases` | cloudnative-pg Operator pods host aliases | `[]` |
| `podLabels` | Extra labels for cloudnative-pg Operator pods | `{}` |
| `podAnnotations` | Annotations for cloudnative-pg Operator pods | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` |
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `affinity` | Affinity for cloudnative-pg Operator pods assignment | `{}` |
| `nodeSelector` | Node labels for cloudnative-pg Operator pods assignment | `{}` |
| `tolerations` | Tolerations for cloudnative-pg Operator pods assignment | `[]` |
| `updateStrategy.type` | cloudnative-pg Operator statefulset strategy type | `RollingUpdate` |
| `priorityClassName` | cloudnative-pg Operator pods' priorityClassName | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `schedulerName` | Name of the k8s scheduler (other than default) for cloudnative-pg Operator pods | `""` |
| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
| `lifecycleHooks` | for the cloudnative-pg Operator container(s) to automate configuration before or after startup | `{}` |
| `extraEnvVars` | Array with extra environment variables to add to cloudnative-pg Operator nodes | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for cloudnative-pg Operator nodes | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for cloudnative-pg Operator nodes | `""` |
| `extraVolumes` | Optionally specify extra list of additional volumes for the cloudnative-pg Operator pod(s) | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the cloudnative-pg Operator container(s) | `[]` |
| `sidecars` | Add additional sidecar containers to the cloudnative-pg Operator pod(s) | `[]` |
| `initContainers` | Add additional init containers to the cloudnative-pg Operator pod(s) | `[]` |
| `webhook.validating.create` | Create ValidatingWebhookConfiguration | `true` |
| `webhook.validating.failurePolicy` | Set failure policy of the validating webhook | `Fail` |
| `webhook.mutating.create` | Create MutatingWebhookConfiguration | `true` |
| `webhook.mutating.failurePolicy` | Set failure policy of the mutating webhook | `Fail` |
| `autoscaling.vpa.enabled` | Enable VPA | `false` |
| `autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` |
| `autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` |
| `autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` |
| `autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` |
| `autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod | `Auto` |
| `autoscaling.hpa.enabled` | Enable autoscaling for operator | `false` |
| `autoscaling.hpa.minReplicas` | Minimum number of operator replicas | `""` |
| `autoscaling.hpa.maxReplicas` | Maximum number of operator replicas | `""` |
| `autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` |
| `autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` |
### cloudnative-pg Operator Traffic Exposure Parameters
| Name | Description | Value |
| --------------------------------------- | -------------------------------------------------------------------------------------------------- | ----------- |
| `service.type` | cloudnative-pg Operator service type | `ClusterIP` |
| `service.ports.webhook` | cloudnative-pg Operator service webhook port | `443` |
| `service.nodePorts.webhook` | Node port for webhook | `""` |
| `service.clusterIP` | cloudnative-pg Operator service Cluster IP | `""` |
| `service.loadBalancerIP` | cloudnative-pg Operator service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | cloudnative-pg Operator service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | cloudnative-pg Operator service external traffic policy | `Cluster` |
| `service.labels` | Labels for the service | `{}` |
| `service.annotations` | Additional custom annotations for cloudnative-pg Operator service | `{}` |
| `service.extraPorts` | Extra ports to expose in cloudnative-pg Operator service (normally used with the `sidecars` value) | `[]` |
| `service.sessionAffinity` | Control where web requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` |
| `networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### cloudnative-pg Operator RBAC Parameters
| Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------- | ------- |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.rules` | Custom RBAC rules to set | `[]` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` |
| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
### cloudnative-pg Operator Metrics Parameters
| Name | Description | Value |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------ | ------- |
| `metrics.enabled` | Enable the export of Prometheus metrics | `false` |
| `metrics.service.ports.metrics` | Meetrics service port | `80` |
| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `metrics.service.labels` | Labels for the metrics service | `{}` |
| `metrics.service.annotations` | Annotations for the metrics service | `{}` |
| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
| `metrics.serviceMonitor.annotations` | Additional custom annotations for the ServiceMonitor | `{}` |
| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` |
| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` |
| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` |
| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
The above parameters map to the env variables defined in [bitnami/cloudnative-pg](https://github.com/bitnami/containers/tree/main/bitnami/cloudnative-pg). For more information please refer to the [bitnami/cloudnative-pg](https://github.com/bitnami/containers/tree/main/bitnami/cloudnative-pg) image documentation.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set apiserver.enabled=true \
REGISTRY_NAME/REPOSITORY_NAME/cloudnative-pg
```
The above command enables the cloudnative-pg API Server.
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml REGISTRY_NAME/REPOSITORY_NAME/cloudnative-pg
```
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/cloudnative-pg/values.yaml)
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## License
Copyright &copy; 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

443
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_backups.yaml Normal file
View File

@@ -0,0 +1,443 @@
# Source: https://github.com/cloudnative-pg/cloudnative-pg/blob/v{version}/config/crd/bases/postgresql.cnpg.io_backups.yaml
# Version: 1.25.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: backups.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: Backup
listKind: BackupList
plural: backups
singular: backup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.cluster.name
name: Cluster
type: string
- jsonPath: .spec.method
name: Method
type: string
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .status.error
name: Error
type: string
name: v1
schema:
openAPIV3Schema:
description: Backup is the Schema for the backups API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of the desired behavior of the backup.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
cluster:
description: The cluster to backup
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
method:
default: barmanObjectStore
description: |-
The backup method to be used, possible options are `barmanObjectStore`,
`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`.
enum:
- barmanObjectStore
- volumeSnapshot
- plugin
type: string
online:
description: |-
Whether the default type of backup with volume snapshots is
online/hot (`true`, default) or offline/cold (`false`)
Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'
type: boolean
onlineConfiguration:
description: |-
Configuration parameters to control the online/hot backup with volume snapshots
Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza
properties:
immediateCheckpoint:
description: |-
Control whether the I/O workload for the backup initial checkpoint will
be limited, according to the `checkpoint_completion_target` setting on
the PostgreSQL server. If set to true, an immediate checkpoint will be
used, meaning PostgreSQL will complete the checkpoint as soon as
possible. `false` by default.
type: boolean
waitForArchive:
default: true
description: |-
If false, the function will return immediately after the backup is completed,
without waiting for WAL to be archived.
This behavior is only useful with backup software that independently monitors WAL archiving.
Otherwise, WAL required to make the backup consistent might be missing and make the backup useless.
By default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is
enabled.
On a standby, this means that it will wait only when archive_mode = always.
If write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger
an immediate segment switch.
type: boolean
type: object
pluginConfiguration:
description: Configuration parameters passed to the plugin managing
this backup
properties:
name:
description: Name is the name of the plugin managing this backup
type: string
parameters:
additionalProperties:
type: string
description: |-
Parameters are the configuration parameters passed to the backup
plugin for this backup
type: object
required:
- name
type: object
target:
description: |-
The policy to decide which instance should perform this backup. If empty,
it defaults to `cluster.spec.backup.target`.
Available options are empty string, `primary` and `prefer-standby`.
`primary` to have backups run always on primary instances,
`prefer-standby` to have backups run preferably on the most updated
standby, if available.
enum:
- primary
- prefer-standby
type: string
required:
- cluster
type: object
status:
description: |-
Most recently observed status of the backup. This data may not be up to
date. Populated by the system. Read-only.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
azureCredentials:
description: The credentials to use to upload data to Azure Blob Storage
properties:
connectionString:
description: The connection string to be used
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromAzureAD:
description: Use the Azure AD based authentication without providing
explicitly the keys.
type: boolean
storageAccount:
description: The storage account where to upload data
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageKey:
description: |-
The storage account key to be used in conjunction
with the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
storageSasToken:
description: |-
A shared-access-signature to be used in conjunction with
the storage account name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
backupId:
description: The ID of the Barman backup
type: string
backupLabelFile:
description: Backup label file content as returned by Postgres in
case of online (hot) backups
format: byte
type: string
backupName:
description: The Name of the Barman backup
type: string
beginLSN:
description: The starting xlog
type: string
beginWal:
description: The starting WAL
type: string
commandError:
description: The backup command output in case of error
type: string
commandOutput:
description: Unused. Retained for compatibility with old versions.
type: string
destinationPath:
description: |-
The path where to store the backup (i.e. s3://bucket/path/to/folder)
this path, with different destination folders, will be used for WALs
and for data. This may not be populated in case of errors.
type: string
encryption:
description: Encryption method required to S3 API
type: string
endLSN:
description: The ending xlog
type: string
endWal:
description: The ending WAL
type: string
endpointCA:
description: |-
EndpointCA store the CA bundle of the barman endpoint.
Useful when using self-signed certificates to avoid
errors with certificate issuer and barman-cloud-wal-archive.
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
endpointURL:
description: |-
Endpoint to be used to upload data to the cloud,
overriding the automatic endpoint discovery
type: string
error:
description: The detected error
type: string
googleCredentials:
description: The credentials to use to upload data to Google Cloud
Storage
properties:
applicationCredentials:
description: The secret containing the Google Cloud Storage JSON
file with the credentials
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
gkeEnvironment:
description: |-
If set to true, will presume that it's running inside a GKE environment,
default to false.
type: boolean
type: object
instanceID:
description: Information to identify the instance where the backup
has been taken from
properties:
ContainerID:
description: The container ID
type: string
podName:
description: The pod name
type: string
type: object
method:
description: The backup method being used
type: string
online:
description: Whether the backup was online/hot (`true`) or offline/cold
(`false`)
type: boolean
phase:
description: The last backup status
type: string
pluginMetadata:
additionalProperties:
type: string
description: A map containing the plugin metadata
type: object
s3Credentials:
description: The credentials to use to upload data to S3
properties:
accessKeyId:
description: The reference to the access key id
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
inheritFromIAMRole:
description: Use the role based authentication without providing
explicitly the keys.
type: boolean
region:
description: The reference to the secret containing the region
name
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
secretAccessKey:
description: The reference to the secret access key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
sessionToken:
description: The references to the session key
properties:
key:
description: The key to select
type: string
name:
description: Name of the referent.
type: string
required:
- key
- name
type: object
type: object
serverName:
description: |-
The server name on S3, the cluster name is used if this
parameter is omitted
type: string
snapshotBackupStatus:
description: Status of the volumeSnapshot backup
properties:
elements:
description: The elements list, populated with the gathered volume
snapshots
items:
description: BackupSnapshotElementStatus is a volume snapshot
that is part of a volume snapshot method backup
properties:
name:
description: Name is the snapshot resource name
type: string
tablespaceName:
description: |-
TablespaceName is the name of the snapshotted tablespace. Only set
when type is PG_TABLESPACE
type: string
type:
description: Type is tho role of the snapshot in the cluster,
such as PG_DATA, PG_WAL and PG_TABLESPACE
type: string
required:
- name
- type
type: object
type: array
type: object
startedAt:
description: When the backup was started
format: date-time
type: string
stoppedAt:
description: When the backup was terminated
format: date-time
type: string
tablespaceMapFile:
description: Tablespace map file content as returned by Postgres in
case of online (hot) backups
format: byte
type: string
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

83
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_clusterimagecatalogs.yaml Normal file
View File

@@ -0,0 +1,83 @@
# Source: https://github.com/cloudnative-pg/cloudnative-pg/blob/v{version}/config/crd/bases/postgresql.cnpg.io_clusterimagecatalogs.yaml
# Version: 1.25.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: clusterimagecatalogs.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: ClusterImageCatalog
listKind: ClusterImageCatalogList
plural: clusterimagecatalogs
singular: clusterimagecatalog
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ClusterImageCatalog is the Schema for the clusterimagecatalogs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of the desired behavior of the ClusterImageCatalog.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
images:
description: List of CatalogImages available in the catalog
items:
description: CatalogImage defines the image and major version
properties:
image:
description: The image reference
type: string
major:
description: The PostgreSQL major version of the image. Must
be unique within the catalog.
minimum: 10
type: integer
required:
- image
- major
type: object
maxItems: 8
minItems: 1
type: array
x-kubernetes-validations:
- message: Images must have unique major versions
rule: self.all(e, self.filter(f, f.major==e.major).size() == 1)
required:
- images
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources: {}

6417
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_clusters.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

264
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_databases.yaml Normal file
View File

@@ -0,0 +1,264 @@
# Source: https://github.com/cloudnative-pg/cloudnative-pg/blob/v{version}/config/crd/bases/postgresql.cnpg.io_databases.yaml
# Version: 1.25.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: databases.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: Database
listKind: DatabaseList
plural: databases
singular: database
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.cluster.name
name: Cluster
type: string
- jsonPath: .spec.name
name: PG Name
type: string
- jsonPath: .status.applied
name: Applied
type: boolean
- description: Latest reconciliation message
jsonPath: .status.message
name: Message
type: string
name: v1
schema:
openAPIV3Schema:
description: Database is the Schema for the databases API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of the desired Database.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
allowConnections:
description: |-
Maps to the `ALLOW_CONNECTIONS` parameter of `CREATE DATABASE` and
`ALTER DATABASE`. If false then no one can connect to this database.
type: boolean
builtinLocale:
description: |-
Maps to the `BUILTIN_LOCALE` parameter of `CREATE DATABASE`. This
setting cannot be changed. Specifies the locale name when the
builtin provider is used. This option requires `localeProvider` to
be set to `builtin`. Available from PostgreSQL 17.
type: string
x-kubernetes-validations:
- message: builtinLocale is immutable
rule: self == oldSelf
cluster:
description: The name of the PostgreSQL cluster hosting the database.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
collationVersion:
description: |-
Maps to the `COLLATION_VERSION` parameter of `CREATE DATABASE`. This
setting cannot be changed.
type: string
x-kubernetes-validations:
- message: collationVersion is immutable
rule: self == oldSelf
connectionLimit:
description: |-
Maps to the `CONNECTION LIMIT` clause of `CREATE DATABASE` and
`ALTER DATABASE`. How many concurrent connections can be made to
this database. -1 (the default) means no limit.
type: integer
databaseReclaimPolicy:
default: retain
description: The policy for end-of-life maintenance of this database.
enum:
- delete
- retain
type: string
encoding:
description: |-
Maps to the `ENCODING` parameter of `CREATE DATABASE`. This setting
cannot be changed. Character set encoding to use in the database.
type: string
x-kubernetes-validations:
- message: encoding is immutable
rule: self == oldSelf
ensure:
default: present
description: Ensure the PostgreSQL database is `present` or `absent`
- defaults to "present".
enum:
- present
- absent
type: string
icuLocale:
description: |-
Maps to the `ICU_LOCALE` parameter of `CREATE DATABASE`. This
setting cannot be changed. Specifies the ICU locale when the ICU
provider is used. This option requires `localeProvider` to be set to
`icu`. Available from PostgreSQL 15.
type: string
x-kubernetes-validations:
- message: icuLocale is immutable
rule: self == oldSelf
icuRules:
description: |-
Maps to the `ICU_RULES` parameter of `CREATE DATABASE`. This setting
cannot be changed. Specifies additional collation rules to customize
the behavior of the default collation. This option requires
`localeProvider` to be set to `icu`. Available from PostgreSQL 16.
type: string
x-kubernetes-validations:
- message: icuRules is immutable
rule: self == oldSelf
isTemplate:
description: |-
Maps to the `IS_TEMPLATE` parameter of `CREATE DATABASE` and `ALTER
DATABASE`. If true, this database is considered a template and can
be cloned by any user with `CREATEDB` privileges.
type: boolean
locale:
description: |-
Maps to the `LOCALE` parameter of `CREATE DATABASE`. This setting
cannot be changed. Sets the default collation order and character
classification in the new database.
type: string
x-kubernetes-validations:
- message: locale is immutable
rule: self == oldSelf
localeCType:
description: |-
Maps to the `LC_CTYPE` parameter of `CREATE DATABASE`. This setting
cannot be changed.
type: string
x-kubernetes-validations:
- message: localeCType is immutable
rule: self == oldSelf
localeCollate:
description: |-
Maps to the `LC_COLLATE` parameter of `CREATE DATABASE`. This
setting cannot be changed.
type: string
x-kubernetes-validations:
- message: localeCollate is immutable
rule: self == oldSelf
localeProvider:
description: |-
Maps to the `LOCALE_PROVIDER` parameter of `CREATE DATABASE`. This
setting cannot be changed. This option sets the locale provider for
databases created in the new cluster. Available from PostgreSQL 16.
type: string
x-kubernetes-validations:
- message: localeProvider is immutable
rule: self == oldSelf
name:
description: The name of the database to create inside PostgreSQL.
This setting cannot be changed.
type: string
x-kubernetes-validations:
- message: name is immutable
rule: self == oldSelf
- message: the name postgres is reserved
rule: self != 'postgres'
- message: the name template0 is reserved
rule: self != 'template0'
- message: the name template1 is reserved
rule: self != 'template1'
owner:
description: |-
Maps to the `OWNER` parameter of `CREATE DATABASE`.
Maps to the `OWNER TO` command of `ALTER DATABASE`.
The role name of the user who owns the database inside PostgreSQL.
type: string
tablespace:
description: |-
Maps to the `TABLESPACE` parameter of `CREATE DATABASE`.
Maps to the `SET TABLESPACE` command of `ALTER DATABASE`.
The name of the tablespace (in PostgreSQL) that will be associated
with the new database. This tablespace will be the default
tablespace used for objects created in this database.
type: string
template:
description: |-
Maps to the `TEMPLATE` parameter of `CREATE DATABASE`. This setting
cannot be changed. The name of the template from which to create
this database.
type: string
x-kubernetes-validations:
- message: template is immutable
rule: self == oldSelf
required:
- cluster
- name
- owner
type: object
x-kubernetes-validations:
- message: builtinLocale is only available when localeProvider is set
to `builtin`
rule: '!has(self.builtinLocale) || self.localeProvider == ''builtin'''
- message: icuLocale is only available when localeProvider is set to `icu`
rule: '!has(self.icuLocale) || self.localeProvider == ''icu'''
- message: icuRules is only available when localeProvider is set to `icu`
rule: '!has(self.icuRules) || self.localeProvider == ''icu'''
status:
description: |-
Most recently observed status of the Database. This data may not be up to
date. Populated by the system. Read-only.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
applied:
description: Applied is true if the database was reconciled correctly
type: boolean
message:
description: Message is the reconciliation output message
type: string
observedGeneration:
description: |-
A sequence number representing the latest
desired state that was synchronized
format: int64
type: integer
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

82
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_imagecatalogs.yaml Normal file
View File

@@ -0,0 +1,82 @@
# Source: https://github.com/cloudnative-pg/cloudnative-pg/blob/v{version}/config/crd/bases/postgresql.cnpg.io_imagecatalogs.yaml
# Version: 1.25.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: imagecatalogs.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: ImageCatalog
listKind: ImageCatalogList
plural: imagecatalogs
singular: imagecatalog
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: ImageCatalog is the Schema for the imagecatalogs API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of the desired behavior of the ImageCatalog.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
images:
description: List of CatalogImages available in the catalog
items:
description: CatalogImage defines the image and major version
properties:
image:
description: The image reference
type: string
major:
description: The PostgreSQL major version of the image. Must
be unique within the catalog.
minimum: 10
type: integer
required:
- image
- major
type: object
maxItems: 8
minItems: 1
type: array
x-kubernetes-validations:
- message: Images must have unique major versions
rule: self.all(e, self.filter(f, f.major==e.major).size() == 1)
required:
- images
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources: {}

8860
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_poolers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

197
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_publications.yaml Normal file
View File

@@ -0,0 +1,197 @@
# Source: https://github.com/cloudnative-pg/cloudnative-pg/blob/v{version}/config/crd/bases/postgresql.cnpg.io_publications.yaml
# Version: 1.25.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: publications.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: Publication
listKind: PublicationList
plural: publications
singular: publication
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.cluster.name
name: Cluster
type: string
- jsonPath: .spec.name
name: PG Name
type: string
- jsonPath: .status.applied
name: Applied
type: boolean
- description: Latest reconciliation message
jsonPath: .status.message
name: Message
type: string
name: v1
schema:
openAPIV3Schema:
description: Publication is the Schema for the publications API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PublicationSpec defines the desired state of Publication
properties:
cluster:
description: The name of the PostgreSQL cluster that identifies the
"publisher"
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
dbname:
description: |-
The name of the database where the publication will be installed in
the "publisher" cluster
type: string
x-kubernetes-validations:
- message: dbname is immutable
rule: self == oldSelf
name:
description: The name of the publication inside PostgreSQL
type: string
x-kubernetes-validations:
- message: name is immutable
rule: self == oldSelf
parameters:
additionalProperties:
type: string
description: |-
Publication parameters part of the `WITH` clause as expected by
PostgreSQL `CREATE PUBLICATION` command
type: object
publicationReclaimPolicy:
default: retain
description: The policy for end-of-life maintenance of this publication
enum:
- delete
- retain
type: string
target:
description: Target of the publication as expected by PostgreSQL `CREATE
PUBLICATION` command
properties:
allTables:
description: |-
Marks the publication as one that replicates changes for all tables
in the database, including tables created in the future.
Corresponding to `FOR ALL TABLES` in PostgreSQL.
type: boolean
x-kubernetes-validations:
- message: allTables is immutable
rule: self == oldSelf
objects:
description: Just the following schema objects
items:
description: PublicationTargetObject is an object to publish
properties:
table:
description: |-
Specifies a list of tables to add to the publication. Corresponding
to `FOR TABLE` in PostgreSQL.
properties:
columns:
description: The columns to publish
items:
type: string
type: array
name:
description: The table name
type: string
only:
description: Whether to limit to the table only or include
all its descendants
type: boolean
schema:
description: The schema name
type: string
required:
- name
type: object
tablesInSchema:
description: |-
Marks the publication as one that replicates changes for all tables
in the specified list of schemas, including tables created in the
future. Corresponding to `FOR TABLES IN SCHEMA` in PostgreSQL.
type: string
type: object
x-kubernetes-validations:
- message: tablesInSchema and table are mutually exclusive
rule: (has(self.tablesInSchema) && !has(self.table)) || (!has(self.tablesInSchema)
&& has(self.table))
maxItems: 100000
type: array
x-kubernetes-validations:
- message: specifying a column list when the publication also
publishes tablesInSchema is not supported
rule: '!(self.exists(o, has(o.table) && has(o.table.columns))
&& self.exists(o, has(o.tablesInSchema)))'
type: object
x-kubernetes-validations:
- message: allTables and objects are mutually exclusive
rule: (has(self.allTables) && !has(self.objects)) || (!has(self.allTables)
&& has(self.objects))
required:
- cluster
- dbname
- name
- target
type: object
status:
description: PublicationStatus defines the observed state of Publication
properties:
applied:
description: Applied is true if the publication was reconciled correctly
type: boolean
message:
description: Message is the reconciliation output message
type: string
observedGeneration:
description: |-
A sequence number representing the latest
desired state that was synchronized
format: int64
type: integer
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

193
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_scheduledbackups.yaml Normal file
View File

@@ -0,0 +1,193 @@
# Source: https://github.com/cloudnative-pg/cloudnative-pg/blob/v{version}/config/crd/bases/postgresql.cnpg.io_scheduledbackups.yaml
# Version: 1.25.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: scheduledbackups.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: ScheduledBackup
listKind: ScheduledBackupList
plural: scheduledbackups
singular: scheduledbackup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.cluster.name
name: Cluster
type: string
- jsonPath: .status.lastScheduleTime
name: Last Backup
type: date
name: v1
schema:
openAPIV3Schema:
description: ScheduledBackup is the Schema for the scheduledbackups API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of the desired behavior of the ScheduledBackup.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
backupOwnerReference:
default: none
description: |-
Indicates which ownerReference should be put inside the created backup resources.<br />
- none: no owner reference for created backup objects (same behavior as before the field was introduced)<br />
- self: sets the Scheduled backup object as owner of the backup<br />
- cluster: set the cluster as owner of the backup<br />
enum:
- none
- self
- cluster
type: string
cluster:
description: The cluster to backup
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
immediate:
description: If the first backup has to be immediately start after
creation or not
type: boolean
method:
default: barmanObjectStore
description: |-
The backup method to be used, possible options are `barmanObjectStore`,
`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`.
enum:
- barmanObjectStore
- volumeSnapshot
- plugin
type: string
online:
description: |-
Whether the default type of backup with volume snapshots is
online/hot (`true`, default) or offline/cold (`false`)
Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'
type: boolean
onlineConfiguration:
description: |-
Configuration parameters to control the online/hot backup with volume snapshots
Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza
properties:
immediateCheckpoint:
description: |-
Control whether the I/O workload for the backup initial checkpoint will
be limited, according to the `checkpoint_completion_target` setting on
the PostgreSQL server. If set to true, an immediate checkpoint will be
used, meaning PostgreSQL will complete the checkpoint as soon as
possible. `false` by default.
type: boolean
waitForArchive:
default: true
description: |-
If false, the function will return immediately after the backup is completed,
without waiting for WAL to be archived.
This behavior is only useful with backup software that independently monitors WAL archiving.
Otherwise, WAL required to make the backup consistent might be missing and make the backup useless.
By default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is
enabled.
On a standby, this means that it will wait only when archive_mode = always.
If write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger
an immediate segment switch.
type: boolean
type: object
pluginConfiguration:
description: Configuration parameters passed to the plugin managing
this backup
properties:
name:
description: Name is the name of the plugin managing this backup
type: string
parameters:
additionalProperties:
type: string
description: |-
Parameters are the configuration parameters passed to the backup
plugin for this backup
type: object
required:
- name
type: object
schedule:
description: |-
The schedule does not follow the same format used in Kubernetes CronJobs
as it includes an additional seconds specifier,
see https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format
type: string
suspend:
description: If this backup is suspended or not
type: boolean
target:
description: |-
The policy to decide which instance should perform this backup. If empty,
it defaults to `cluster.spec.backup.target`.
Available options are empty string, `primary` and `prefer-standby`.
`primary` to have backups run always on primary instances,
`prefer-standby` to have backups run preferably on the most updated
standby, if available.
enum:
- primary
- prefer-standby
type: string
required:
- cluster
- schedule
type: object
status:
description: |-
Most recently observed status of the ScheduledBackup. This data may not be up
to date. Populated by the system. Read-only.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
properties:
lastCheckTime:
description: The latest time the schedule
format: date-time
type: string
lastScheduleTime:
description: Information when was the last time that backup was successfully
scheduled.
format: date-time
type: string
nextScheduleTime:
description: Next time we will run a backup
format: date-time
type: string
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

148
bitnami/cloudnative-pg/crds/postgresql.cnpg.io_subscriptions.yaml Normal file
View File

@@ -0,0 +1,148 @@
# Source: https://github.com/cloudnative-pg/cloudnative-pg/blob/v{version}/config/crd/bases/postgresql.cnpg.io_subscriptions.yaml
# Version: 1.25.0
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: subscriptions.postgresql.cnpg.io
spec:
group: postgresql.cnpg.io
names:
kind: Subscription
listKind: SubscriptionList
plural: subscriptions
singular: subscription
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.cluster.name
name: Cluster
type: string
- jsonPath: .spec.name
name: PG Name
type: string
- jsonPath: .status.applied
name: Applied
type: boolean
- description: Latest reconciliation message
jsonPath: .status.message
name: Message
type: string
name: v1
schema:
openAPIV3Schema:
description: Subscription is the Schema for the subscriptions API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SubscriptionSpec defines the desired state of Subscription
properties:
cluster:
description: The name of the PostgreSQL cluster that identifies the
"subscriber"
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
dbname:
description: |-
The name of the database where the publication will be installed in
the "subscriber" cluster
type: string
x-kubernetes-validations:
- message: dbname is immutable
rule: self == oldSelf
externalClusterName:
description: The name of the external cluster with the publication
("publisher")
type: string
name:
description: The name of the subscription inside PostgreSQL
type: string
x-kubernetes-validations:
- message: name is immutable
rule: self == oldSelf
parameters:
additionalProperties:
type: string
description: |-
Subscription parameters part of the `WITH` clause as expected by
PostgreSQL `CREATE SUBSCRIPTION` command
type: object
publicationDBName:
description: |-
The name of the database containing the publication on the external
cluster. Defaults to the one in the external cluster definition.
type: string
publicationName:
description: |-
The name of the publication inside the PostgreSQL database in the
"publisher"
type: string
subscriptionReclaimPolicy:
default: retain
description: The policy for end-of-life maintenance of this subscription
enum:
- delete
- retain
type: string
required:
- cluster
- dbname
- externalClusterName
- name
- publicationName
type: object
status:
description: SubscriptionStatus defines the observed state of Subscription
properties:
applied:
description: Applied is true if the subscription was reconciled correctly
type: boolean
message:
description: Message is the reconciliation output message
type: string
observedGeneration:
description: |-
A sequence number representing the latest
desired state that was synchronized
format: int64
type: integer
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

40
bitnami/cloudnative-pg/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,40 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.
** Please be patient while the chart is being deployed **
Check the status of the pods by running this command:
kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }}
Check the cloudnative-pg documentation for instructions on how to deploy Cluster, Backup and other postgresql.cnpg.io objects.
https://cloudnative-pg.io/docs/
{{- if .Values.rbac.create }}
{{- if .Values.watchAllNamespaces }}
WARNING: CloudNative-PG can access all secrets in the cluster. This could pose a security risk if the application gets compromised.
You can limit allowed namespaces by setting watchAllNamespaces = false and configuring watchNamespaces
{{- else }}
CloudNative-PG can ONLY access resources in the following namespaces:
{{ $namespaces := .Values.watchNamespaces | default (list (include "common.names.namespace" .)) }}
{{- range $namespace := $namespaces }}
- {{ $namespace }}
{{- end }}
CloudNative-PG won't be able to access resources in other namespaces. You can configure this behavior by setting watchNamespaces
{{- end }}
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.postgresqlImage }}
{{- include "cloudnative-pg.validateValues" . }}
{{- include "common.warnings.resources" (dict "sections" (list "") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.postgresqlImage .Values.image) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.postgresqlImage .Values.image) "context" $) }}

119
bitnami/cloudnative-pg/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,119 @@
{{/*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "cloudnative-pg.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.postgresqlImage ) "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Name for the env var PULL_SECRET_NAME
Note: This env var only allows one pull secret, so we will use the first one returned by common.images.pullSecrets
*/}}
{{- define "cloudnative-pg.operator.imagePullSecret" -}}
{{- $pullSecretsYaml := include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) | fromYaml -}}
{{- if $pullSecretsYaml }}
{{- print (index $pullSecretsYaml.imagePullSecrets 0) }}
{{- end -}}
{{- end -}}
{{/*
Return the proper cloudnative-pg Operator image name
*/}}
{{- define "cloudnative-pg.operator.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper PostgreSQL image name
*/}}
{{- define "cloudnative-pg.postgresql.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.postgresqlImage "global" .Values.global) }}
{{- end -}}
{{/*
Create the name of the service account to use (cloudnative-pg Operator)
*/}}
{{- define "cloudnative-pg.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use (cloudnative-pg Operator)
*/}}
{{- define "cloudnative-pg.useConfigMap" -}}
{{- if or .Values.configuration .Values.existingConfigMap -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use (cloudnative-pg Operator)
*/}}
{{- define "cloudnative-pg.useSecret" -}}
{{- if or .Values.secretConfiguration .Values.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Get the configuration secret.
*/}}
{{- define "cloudnative-pg.secretName" -}}
{{- if .Values.existingSecret -}}
{{- tpl .Values.existingSecret $ -}}
{{- else }}
{{- include "common.names.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Get the configuration configmap.
*/}}
{{- define "cloudnative-pg.configmapName" -}}
{{- if .Values.existingConfigMap -}}
{{- tpl .Values.existingConfigMap $ -}}
{{- else }}
{{- include "common.names.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Validate values for cloudnative-pg.
*/}}
{{- define "cloudnative-pg.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "cloudnative-pg.validateValues.configmap" .) -}}
{{- $messages := append $messages (include "cloudnative-pg.validateValues.secret" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message -}}
{{- end -}}
{{- end -}}
{{/*
Function to validate the configmap settings
*/}}
{{- define "cloudnative-pg.validateValues.configmap" -}}
{{- if and .Values.configuration .Values.existingConfigMap -}}
cloudnative-pg: Cannot specify configuration and existingConfigMap at the same time
{{- end -}}
{{- end -}}
{{/*
Function to validate the secret settings
*/}}
{{- define "cloudnative-pg.validateValues.secret" -}}
{{- if and .Values.secretConfiguration .Values.existingSecret -}}
cloudnative-pg: Cannot specify secretConfiguration and existingSecret at the same time
{{- end -}}
{{- end -}}

25
bitnami/cloudnative-pg/templates/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ include "common.names.fullname.namespace" . }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "common.names.fullname.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ template "cloudnative-pg.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end }}

238
bitnami/cloudnative-pg/templates/clusterroles.yaml Normal file
View File

@@ -0,0 +1,238 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
metadata:
name: {{ include "common.names.fullname.namespace" . }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- get
- patch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusterimagecatalogs
verbs:
- get
- list
- watch
{{- if .Values.watchAllNamespaces }}
- apiGroups:
- ""
resources:
- configmaps
- secrets
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
- secrets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
- pods
- pods/exec
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- apiGroups:
- monitoring.coreos.com
resources:
- podmonitors
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- backups
- clusters
- databases
- poolers
- publications
- scheduledbackups
- subscriptions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- backups/status
- databases/status
- publications/status
- scheduledbackups/status
- subscriptions/status
verbs:
- get
- patch
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- imagecatalogs
verbs:
- get
- list
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/finalizers
- poolers/finalizers
verbs:
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/status
- poolers/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- create
- get
- list
- patch
- watch
{{- end }}
{{- if .Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}
{{- end }}

19
bitnami/cloudnative-pg/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.configuration (not .Values.existingConfigMap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data: {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 2 }}
{{- end }}

210
bitnami/cloudnative-pg/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,210 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.autoscaling.hpa.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
{{- if .Values.updateStrategy }}
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
template:
metadata:
{{- if or .Values.podAnnotations (include "cloudnative-pg.useConfigMap" .) (include "cloudnative-pg.useSecret" .) }}
annotations:
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- if (include "cloudnative-pg.useConfigMap" .) }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if (include "cloudnative-pg.useSecret" .)}}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
spec:
serviceAccountName: {{ template "cloudnative-pg.serviceAccountName" . }}
{{- include "cloudnative-pg.imagePullSecrets" . | nindent 6 }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "operator" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "operator" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.initContainers }}
initContainers:
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: cloudnative-pg
image: {{ template "cloudnative-pg.operator.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- else }}
args:
- controller
- --leader-elect
- --max-concurrent-reconciles={{ .Values.maxConcurrentReconciles }}
{{- if (include "cloudnative-pg.useConfigMap" .) }}
- --config-map-name= {{ include "cloudnative-pg.configmapName" .}}
{{- end }}
{{- if (include "cloudnative-pg.useSecret" .) }}
- --secret-name= {{ include "cloudnative-pg.secretName" .}}
{{- end }}
- --webhook-port={{ .Values.containerPorts.webhook }}
- --metrics-bind-address=:{{ .Values.containerPorts.metrics }}
{{- if .Values.image.debug }}
- --log-level=debug
{{- end }}
{{- end }}
env:
- name: OPERATOR_IMAGE_NAME
value: {{ include "cloudnative-pg.operator.image" . | quote }}
- name: POSTGRES_IMAGE_NAME
value: {{ include "cloudnative-pg.postgresql.image" . }}
{{- if (include "cloudnative-pg.operator.imagePullSecret" . ) | quote }}
- name: PULL_SECRET_NAME
value: {{ include "cloudnative-pg.operator.imagePullSecret" . | quote }}
{{- end }}
{{- if not .Values.watchAllNamespaces }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.watchNamespaces }}
- name: WATCH_NAMESPACE
value: {{ join "," $watchNamespaces | quote }}
{{- end }}
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.containerPorts.metrics }}
- name: http-webhook
containerPort: {{ .Values.containerPorts.webhook }}
{{- if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
{{- /* Not using http-webhook because it adds noise in the logs */}}
port: http-metrics
{{- end }}
{{- if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: http-webhook
scheme: HTTPS
{{- end }}
{{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: http-webhook
scheme: HTTPS
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
# Paths hardcoded in source code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
- name: empty-dir
mountPath: /controller
subPath: tmp-dir
- mountPath: /run/secrets/cnpg.io/webhook
name: webhook-certificates
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
# Hardcoded in source code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
- name: webhook-certificates
secret:
defaultMode: 420
optional: true
secretName: cnpg-webhook-cert
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}

9
bitnami/cloudnative-pg/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,9 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

48
bitnami/cloudnative-pg/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,48 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.autoscaling.hpa.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
namespace: {{ include "common.names.namespace" . | quote }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ template "common.names.fullname" . }}
minReplicas: {{ .Values.autoscaling.hpa.minReplicas }}
maxReplicas: {{ .Values.autoscaling.hpa.maxReplicas }}
metrics:
{{- if .Values.autoscaling.hpa.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.autoscaling.hpa.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.hpa.targetCPU }}
{{- end }}
{{- end }}
{{- if .Values.autoscaling.hpa.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.autoscaling.hpa.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.hpa.targetMemory }}
{{- end }}
{{- end }}
{{- end }}

33
bitnami/cloudnative-pg/templates/metrics-service.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels .Values.metrics.service.labels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- $defaultAnnotations := dict "prometheus.io/scrape" "true" "prometheus.io/port" (.Values.metrics.service.ports.metrics | quote) "prometheus.io/path" "/metrics" }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list $defaultAnnotations .Values.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }}
spec:
type: ClusterIP
sessionAffinity: {{ .Values.metrics.service.sessionAffinity }}
{{- if .Values.metrics.service.clusterIP }}
clusterIP: {{ .Values.metrics.service.clusterIP }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.metrics.service.ports.metrics }}
protocol: TCP
targetPort: http-metrics
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- end }}

83
bitnami/cloudnative-pg/templates/mutatingwebhookconfiguration.yaml Normal file
View File

@@ -0,0 +1,83 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.webhook.mutating.create }}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
# Hardcoded in source code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
name: cnpg-mutating-webhook-configuration
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /mutate-postgresql-cnpg-io-v1-backup
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
name: mbackup.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- backups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /mutate-postgresql-cnpg-io-v1-cluster
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
name: mcluster.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- clusters
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /mutate-postgresql-cnpg-io-v1-scheduledbackup
port: {{ .Values.service.port }}
failurePolicy: {{ .Values.webhook.mutating.failurePolicy }}
name: mscheduledbackup.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- scheduledbackups
sideEffects: None
{{- end }}

94
bitnami/cloudnative-pg/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,94 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: operator
app.kubernetes.io/part-of: cloudnative-pg
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
policyTypes:
- Ingress
- Egress
{{- if .Values.networkPolicy.allowExternalEgress }}
egress:
- {}
{{- else }}
egress:
- ports:
# Allow dns resolution
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# Allow access to kube-apiserver
{{- range $port := .Values.networkPolicy.kubeAPIServerPorts }}
- port: {{ $port }}
{{- end }}
# PostgreSQL instances have the label cnpg.io/podRole: "instance"
- to:
- podSelector:
matchLabels:
cnpg.io/podRole: "instance"
{{- if not .Values.watchAllNamespaces }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.watchNamespaces }}
namespaceSelector:
matchExpressions:
- key: namespace
operator: In
values:
{{- range $namespace := $watchNamespaces }}
- {{ $namespace }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.containerPorts.webhook }}
{{- if .Values.metrics.enabled }}
- port: {{ .Values.containerPorts.metrics }}
{{- end }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
app.kubernetes.io/part-of: cloudnative-pg
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

30
bitnami/cloudnative-pg/templates/pdb.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.pdb.create }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pdb.minAvailable }}
minAvailable: {{ .Values.pdb.minAvailable }}
{{- end }}
{{- if or .Values.pdb.maxUnavailable ( not .Values.pdb.minAvailable ) }}
maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- end }}

217
bitnami/cloudnative-pg/templates/role.yaml Normal file
View File

@@ -0,0 +1,217 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.rbac.create (not .Values.watchAllNamespaces) }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.watchNamespaces }}
{{- range $namespace := $watchNamespaces }}
---
kind: Role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }}
metadata:
name: {{ include "common.names.fullname" $ | trunc 63 | trimSuffix "-" }}
namespace: {{ $namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- secrets
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
- secrets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
- pods
- pods/exec
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- apiGroups:
- monitoring.coreos.com
resources:
- podmonitors
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- backups
- clusters
- databases
- poolers
- publications
- scheduledbackups
- subscriptions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- backups/status
- databases/status
- publications/status
- scheduledbackups/status
- subscriptions/status
verbs:
- get
- patch
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- imagecatalogs
verbs:
- get
- list
- watch
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/finalizers
- poolers/finalizers
verbs:
- update
- apiGroups:
- postgresql.cnpg.io
resources:
- clusters/status
- poolers/status
verbs:
- get
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- create
- get
- list
- patch
- watch
{{- if $.Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

30
bitnami/cloudnative-pg/templates/rolebinding.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (not .Values.watchAllNamespaces) }}
{{- $watchNamespaces := default (list (include "common.names.namespace" .)) .Values.watchNamespaces }}
{{- range $namespace := $watchNamespaces }}
---
kind: RoleBinding
apiVersion: {{ include "common.capabilities.rbac.apiVersion" $ }}
metadata:
name: {{ include "common.names.fullname" $ | trunc 63 | trimSuffix "-" }}
namespace: {{ $namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "common.names.fullname" $ | trunc 63 | trimSuffix "-" }}
subjects:
- kind: ServiceAccount
name: {{ template "cloudnative-pg.serviceAccountName" $ }}
namespace: {{ include "common.names.namespace" $ | quote }}
{{- end }}
{{- end }}

19
bitnami/cloudnative-pg/templates/secret.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.secretConfiguration (not .Values.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
stringData: {{- include "common.tplvalues.render" (dict "value" .Values.secretConfiguration "context" $) | nindent 2 }}
{{- end }}

18
bitnami/cloudnative-pg/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "cloudnative-pg.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

50
bitnami/cloudnative-pg/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- if or .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: metrics
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: http-metrics
path: "/metrics"
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

104
bitnami/cloudnative-pg/templates/validatingwebhookconfiguration.yaml Normal file
View File

@@ -0,0 +1,104 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.webhook.validating.create }}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
# Hardcoded in source code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
name: cnpg-validating-webhook-configuration
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /validate-postgresql-cnpg-io-v1-backup
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
name: vbackup.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- backups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /validate-postgresql-cnpg-io-v1-cluster
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
name: vcluster.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- clusters
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /validate-postgresql-cnpg-io-v1-scheduledbackup
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
name: vscheduledbackup.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- scheduledbackups
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . }}
path: /validate-postgresql-cnpg-io-v1-pooler
port: {{ .Values.service.ports.webhook }}
failurePolicy: {{ .Values.webhook.validating.failurePolicy }}
name: vpooler.cnpg.io
rules:
- apiGroups:
- postgresql.cnpg.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- poolers
sideEffects: None
{{- end }}

45
bitnami/cloudnative-pg/templates/vpa.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and (include "common.capabilities.apiVersions.has" ( dict "version" "autoscaling.k8s.io/v1/VerticalPodAutoscaler" "context" . )) .Values.autoscaling.vpa.enabled }}
apiVersion: {{ include "common.capabilities.vpa.apiVersion" . }}
kind: VerticalPodAutoscaler
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if or .Values.autoscaling.vpa.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.autoscaling.vpa.annotations .Values.commonAnnotations ) "context" . ) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
spec:
resourcePolicy:
containerPolicies:
- containerName: cloudnative-pg
{{- with .Values.autoscaling.vpa.controlledResources }}
controlledResources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.autoscaling.vpa.maxAllowed }}
maxAllowed:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.autoscaling.vpa.minAllowed }}
minAllowed:
{{- toYaml . | nindent 8 }}
{{- end }}
targetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ include "common.names.fullname" . }}
{{- if .Values.autoscaling.vpa.updatePolicy }}
updatePolicy:
{{- with .Values.autoscaling.vpa.updatePolicy.updateMode }}
updateMode: {{ . }}
{{- end }}
{{- end }}
{{- end }}

60
bitnami/cloudnative-pg/templates/webhook-service.yaml Normal file
View File

@@ -0,0 +1,60 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
# Service name hardcoded in cloudnative-pg code
# https://github.com/cloudnative-pg/cloudnative-pg/blob/main/internal/cmd/manager/controller/controller.go#L51
name: cnpg-webhook-service
namespace: {{ include "common.names.namespace" . | quote }}
{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels .Values.service.labels) "context" . ) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
annotations:
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: http-webhook
port: {{ .Values.service.ports.webhook }}
protocol: TCP
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.webhook)) }}
nodePort: {{ .Values.service.nodePorts.webhook }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
targetPort: http-webhook
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/part-of: cloudnative-pg
app.kubernetes.io/component: operator

674
bitnami/cloudnative-pg/values.yaml Normal file
View File

@@ -0,0 +1,674 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
defaultStorageClass: ""
## Security parameters
##
security:
## @param global.security.allowInsecureImages Allows skipping image verification
allowInsecureImages: false
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @param apiVersions Override Kubernetes API versions reported by .Capabilities
##
apiVersions: []
## @param nameOverride String to partially override common.names.name
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Bitnami cloudnative-pg Operator image
## ref: https://hub.docker.com/r/bitnami/cloudnative-pg/tags/
## @param image.registry [default: REGISTRY_NAME] cloudnative-pg Operator image registry
## @param image.repository [default: REPOSITORY_NAME/cloudnative-pg] cloudnative-pg Operator image repository
## @skip image.tag cloudnative-pg Operator image tag (immutable tags are recommended)
## @param image.digest cloudnative-pg Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
## @param image.pullPolicy cloudnative-pg Operator image pull policy
## @param image.pullSecrets cloudnative-pg Operator image pull secrets
## @param image.debug Enable cloudnative-pg Operator image debug mode
##
image:
registry: docker.io
repository: bitnami/cloudnative-pg
tag: 1.25.0-debian-12-r1
digest: ""
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Enable debug mode
##
debug: false
## Bitnami PostgreSQL image version
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
## @param postgresqlImage.registry [default: REGISTRY_NAME] PostgreSQL image registry
## @param postgresqlImage.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
## @skip postgresqlImage.tag PostgreSQL image tag (immutable tags are recommended)
## @param postgresqlImage.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
##
postgresqlImage:
registry: docker.io
repository: bitnami/postgresql
tag: 17.4.0-debian-12-r2
digest: ""
## @param replicaCount Number of cloudnative-pg Operator replicas to deploy
##
replicaCount: 1
## @param containerPorts.metrics cloudnative-pg Operator metrics container port
## @param containerPorts.webhook cloudnative-pg Operator webhook container port
##
containerPorts:
metrics: 8080
webhook: 9443
## Configure extra options for cloudnative-pg Operator containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe on cloudnative-pg Operator containers
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## @param readinessProbe.enabled Enable readinessProbe on cloudnative-pg Operator containers
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## @param startupProbe.enabled Enable startupProbe on cloudnative-pg Operator containers
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## @param customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param watchAllNamespaces Watch for cloudnative-pg resources in all namespaces
##
watchAllNamespaces: true
## @param watchNamespaces [array] Watch for cloudnative-pg resources in the given namespaces
##
watchNamespaces: []
## @param maxConcurrentReconciles Maximum concurrent reconciles in the operator
##
maxConcurrentReconciles: 10
## @param configuration Add configuration settings to a configmap
## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
##
configuration: {}
## @param secretConfiguration Add configuration settings to a secret
## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
##
secretConfiguration: {}
## @param existingConfigMap Name of a ConfigMap containing the operator configuration
## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
##
existingConfigMap: ""
## @param existingSecret Name of a Secret containing the operator secret configuration
## Ref: https://cloudnative-pg.io/documentation/current/operator_conf/#available-options
##
existingSecret: ""
## cloudnative-pg Operator resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if operator.resources is set (operator.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled cloudnative-pg Operator pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Set cloudnative-pg Operator pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param hostAliases cloudnative-pg Operator pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param podLabels Extra labels for cloudnative-pg Operator pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Annotations for cloudnative-pg Operator pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param pdb.create Enable/disable a Pod Disruption Budget creation
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## Node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for cloudnative-pg Operator pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for cloudnative-pg Operator pods assignment
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
##
nodeSelector: {}
## @param tolerations Tolerations for cloudnative-pg Operator pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param updateStrategy.type cloudnative-pg Operator statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## @param priorityClassName cloudnative-pg Operator pods' priorityClassName
##
priorityClassName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: []
## @param schedulerName Name of the k8s scheduler (other than default) for cloudnative-pg Operator pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param lifecycleHooks for the cloudnative-pg Operator container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param extraEnvVars Array with extra environment variables to add to cloudnative-pg Operator nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for cloudnative-pg Operator nodes
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for cloudnative-pg Operator nodes
##
extraEnvVarsSecret: ""
## @param extraVolumes Optionally specify extra list of additional volumes for the cloudnative-pg Operator pod(s)
##
extraVolumes: []
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the cloudnative-pg Operator container(s)
##
extraVolumeMounts: []
## @param sidecars Add additional sidecar containers to the cloudnative-pg Operator pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param initContainers Add additional init containers to the cloudnative-pg Operator pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Webhooks configuration
##
webhook:
## @param webhook.validating.create Create ValidatingWebhookConfiguration
## @param webhook.validating.failurePolicy Set failure policy of the validating webhook
##
validating:
create: true
failurePolicy: Fail
## @param webhook.mutating.create Create MutatingWebhookConfiguration
## @param webhook.mutating.failurePolicy Set failure policy of the mutating webhook
##
mutating:
create: true
failurePolicy: Fail
## Autoscaling configuration
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
autoscaling:
vpa:
## @param autoscaling.vpa.enabled Enable VPA
##
enabled: false
## @param autoscaling.vpa.annotations Annotations for VPA resource
##
annotations: {}
## @param autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
##
controlledResources: []
## @param autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod
## cpu: 200m
## memory: 100Mi
maxAllowed: {}
## @param autoscaling.vpa.minAllowed VPA Min allowed resources for the pod
## cpu: 200m
## memory: 100Mi
minAllowed: {}
updatePolicy:
## @param autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
## Possible values are "Off", "Initial", "Recreate", and "Auto".
##
updateMode: Auto
hpa:
## @param autoscaling.hpa.enabled Enable autoscaling for operator
##
enabled: false
## @param autoscaling.hpa.minReplicas Minimum number of operator replicas
##
minReplicas: ""
## @param autoscaling.hpa.maxReplicas Maximum number of operator replicas
##
maxReplicas: ""
## @param autoscaling.hpa.targetCPU Target CPU utilization percentage
##
targetCPU: ""
## @param autoscaling.hpa.targetMemory Target Memory utilization percentage
##
targetMemory: ""
## @section cloudnative-pg Operator Traffic Exposure Parameters
##
service:
## @param service.type cloudnative-pg Operator service type
##
type: ClusterIP
## @param service.ports.webhook cloudnative-pg Operator service webhook port
##
ports:
webhook: 443
## Node ports to expose
## @param service.nodePorts.webhook Node port for webhook
## NOTE: choose port between <30000-32767>
##
nodePorts:
webhook: ""
## @param service.clusterIP cloudnative-pg Operator service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerIP cloudnative-pg Operator service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges cloudnative-pg Operator service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.externalTrafficPolicy cloudnative-pg Operator service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-web-source-ip
##
externalTrafficPolicy: Cluster
## @param service.labels [object] Labels for the service
##
labels: {}
## @param service.annotations Additional custom annotations for cloudnative-pg Operator service
##
annotations: {}
## @param service.extraPorts Extra ports to expose in cloudnative-pg Operator service (normally used with the `sidecars` value)
##
extraPorts: []
## @param service.sessionAffinity Control where web requests go, to the same pod or round-robin
## Values: WebIP or None
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## webIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section cloudnative-pg Operator RBAC Parameters
##
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: true
## @param rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## ServiceAccount configuration
##
serviceAccount:
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
##
annotations: {}
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
##
automountServiceAccountToken: false
## @section cloudnative-pg Operator Metrics Parameters
##
## Prometheus metrics
##
metrics:
## @param metrics.enabled Enable the export of Prometheus metrics
##
enabled: false
## Metrics service configuration
##
service:
## @param metrics.service.ports.metrics Meetrics service port
##
ports:
metrics: 80
## @param metrics.service.clusterIP Static clusterIP or None for headless services
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
##
clusterIP: ""
## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param metrics.service.labels [object] Labels for the metrics service
##
labels: {}
## @param metrics.service.annotations [object] Annotations for the metrics service
##
annotations: {}
## Prometheus Operator ServiceMonitor configuration
##
serviceMonitor:
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
##
enabled: false
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
##
namespace: ""
## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
##
annotations: {}
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
##
jobLabel: ""
## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
##
honorLabels: false
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## interval: 10s
##
interval: ""
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## scrapeTimeout: 10s
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
## selector:
## prometheus: my-prometheus
##
selector: {}