[bitnami/cloudnative-pg] feat: 🎉 Add chart (#31908)

* [bitnami/cloudnative-pg] feat: 🎉 Add chart Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * chore: ✏️ Rename workload Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * fix: 🐛 Update runtime-parameters Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * docs: 📝 Improve NOTES.txt Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * chore: 🔥 Remove ingress Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * chore: ♻️ Apply suggestions from code review Co-authored-by: Juan Ariza Toledano <jariza@vmware.com> Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * test: ✅ Update parameters Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * test: ✅ Allow insecure Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * chore: 🚨 Fix indentations Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * chore: 🔧 Allow insecure Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * chore: ♻️ Minor refactoring Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * fix: 🐛 remove $versionlabel Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * fix: 🐛 Apply suggestions from code review Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * chore: ⬆️ Bump common library Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * chore: 🔧 Update postgresql image Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> --------- Signed-off-by: Javier J. Salmerón García <javier.salmeron@broadcom.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Juan Ariza Toledano <jariza@vmware.com>
2026-04-02 15:27:08 +08:00 · 2025-02-24 13:12:15 +01:00
parent 6af5812bc8
commit deb16ef112
39 changed files with 19592 additions and 0 deletions
--- a/.vib/cloudnative-pg/goss/goss.yaml
+++ b/.vib/cloudnative-pg/goss/goss.yaml
@@ -0,0 +1,27 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+http:
+  https://cnpg-webhook-service:{{ .Vars.service.ports.webhook }}/readyz:
+    status: 200
+    allow-insecure: true
+  http://cloudnative-pg-metrics:{{ .Vars.metrics.service.ports.metrics }}/metrics:
+    status: 200
+    body:
+      - /controller_runtime_reconcile_time_seconds_bucket/
+# Ports hardcoded in the operator
+addr:
+  tcp://vib-cluster-example-r:5432:
+    reachable: true
+  tcp://vib-cluster-example-rw:5432:
+    reachable: true
+  tcp://vib-cluster-example-ro:5432:
+    reachable: true
+{{- $username := (index .Vars.extraDeploy 0).stringData.username }}
+{{- $password := (index .Vars.extraDeploy 0).stringData.password }}
+command:
+  check-auth-and-cluster-status:
+    exec: PGPASSWORD={{ $password }} psql -U {{ $username }} -d postgres -h vib-cluster-example-rw -c "SELECT client_addr, state FROM pg_stat_replication;"
+    exit-status: 0
+    stdout:
+      - /2 rows/
--- a/.vib/cloudnative-pg/runtime-parameters.yaml
+++ b/.vib/cloudnative-pg/runtime-parameters.yaml
@@ -0,0 +1,118 @@
+extraDeploy:
+# Taken from https://cloudnative-pg.io/documentation/1.25/declarative_role_management/
+- apiVersion: v1
+  kind: Secret
+  metadata:
+    name: vib-cluster-example-user
+    labels:
+      cnpg.io/reload: "true"
+  type: kubernetes.io/basic-auth
+  stringData:
+    username: vib_user
+    password: bitnami1234
+- apiVersion: postgresql.cnpg.io/v1
+  kind: Cluster
+  metadata:
+    name: vib-cluster-example
+  spec:
+    instances: 3
+    storage:
+      size: 1Gi
+    managed:
+      roles:
+        - name: vib_user
+          ensure: present
+          comment: VIB User
+          login: true
+          superuser: true
+          passwordSecret:
+            name: vib-cluster-example-user
+# We cannot run goss tests in the actual instances because it's ReadOnlyRootFilesystem and it is not configurable
+# Instead we deploy a PostgreSQL client
+- apiVersion: apps/v1
+  kind: Deployment
+  metadata:
+    labels:
+      app: postgresql
+    name: vib-postgresql-test
+  spec:
+    replicas: 1
+    selector:
+      matchLabels:
+        app: postgresql
+    template:
+      metadata:
+        labels:
+          app: postgresql
+      spec:
+        containers:
+        - image: docker.io/bitnami/postgresql:latest
+          command:
+            - /bin/bash
+          args:
+            - -ec
+            - |
+              echo 0 > /tmp/ready
+              # Wait until the cluster is formed
+              while true; do
+                  if PGPASSWORD=$POSTGRES_PASSWORD psql -U $POSTGRES_USER -d postgres -h vib-cluster-example-rw -c "SELECT client_addr, state FROM pg_stat_replication;" | grep "2 rows"; then
+                      echo 1 > /tmp/ready
+                      echo "Connected to PostgreSQL"
+                      break
+                  else
+                      echo "Connection failed. Sleeping 10 seconds"
+                      sleep 10
+                  fi
+              done
+              sleep infinity
+          name: postgresql
+          env:
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: vib-cluster-example-user
+                  key: password
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: vib-cluster-example-user
+                  key: username
+          startupProbe:
+            exec:
+              command:
+                - sh
+                - -c
+                - |
+                  if [ $(cat /tmp/ready) = "1" ]; then
+                      exit 0
+                  else
+                      exit 1
+                  fi
+            initialDelaySeconds: 40
+            periodSeconds: 20
+            timeoutSeconds: 1
+            failureThreshold: 15
+            successThreshold: 1
+          securityContext:
+            runAsNonRoot: true
+            privileged: false
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            seccompProfile:
+              type: "RuntimeDefault"
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+        volumes:
+          - name: empty-dir
+            emptyDir: {}
+service:
+  ports:
+    webhook: 443
+  type: LoadBalancer
+metrics:
+  enabled: true
+  service:
+    ports:
+      metrics: 2311
--- a/.vib/cloudnative-pg/vib-publish.json
+++ b/.vib/cloudnative-pg/vib-publish.json
@@ -0,0 +1,47 @@
+{
+  "phases": {
+    "package": {
+      "context": {
+        "credentials": [
+          {
+            "url": "{VIB_ENV_CHARTS_REGISTRY}",
+            "authn": {
+              "username": "{VIB_ENV_CHARTS_REGISTRY_USERNAME}",
+              "password": "{VIB_ENV_CHARTS_REGISTRY_PASSWORD}"
+            }
+          }
+        ],
+        "resources": {
+          "url": "{SHA_ARCHIVE}",
+          "path": "/bitnami/cloudnative-pg"
+        }
+      },
+      "actions": [
+        {
+          "action_id": "helm-package"
+        },
+        {
+          "action_id": "helm-lint"
+        }
+      ]
+    },
+    "publish": {
+      "actions": [
+        {
+          "action_id": "helm-publish",
+          "params": {
+            "repository": {
+              "kind": "S3",
+              "url": "{VIB_ENV_S3_URL}",
+              "authn": {
+                "access_key_id": "{VIB_ENV_S3_ACCESS_KEY_ID}",
+                "secret_access_key": "{VIB_ENV_S3_SECRET_ACCESS_KEY}",
+                "role": "{VIB_ENV_S3_ROLE_ARN}"
+              }
+            }
+          }
+        }
+      ]
+    }
+  }
+}
--- a/.vib/cloudnative-pg/vib-verify.json
+++ b/.vib/cloudnative-pg/vib-verify.json
@@ -0,0 +1,66 @@
+{
+  "phases": {
+    "package": {
+      "context": {
+        "credentials": [
+          {
+            "url": "{VIB_ENV_CHARTS_REGISTRY}",
+            "authn": {
+              "username": "{VIB_ENV_CHARTS_REGISTRY_USERNAME}",
+              "password": "{VIB_ENV_CHARTS_REGISTRY_PASSWORD}"
+            }
+          }
+        ],
+        "resources": {
+          "url": "{SHA_ARCHIVE}",
+          "path": "/bitnami/cloudnative-pg"
+        }
+      },
+      "actions": [
+        {
+          "action_id": "helm-package"
+        },
+        {
+          "action_id": "helm-lint"
+        }
+      ]
+    },
+    "verify": {
+      "context": {
+        "resources": {
+          "url": "{SHA_ARCHIVE}",
+          "path": "/bitnami/cloudnative-pg"
+        },
+        "target_platform": {
+          "target_platform_id": "{VIB_ENV_ALTERNATIVE_TARGET_PLATFORM}",
+          "size": {
+            "name": "M4"
+          }
+        }
+      },
+      "actions": [
+        {
+          "action_id": "goss",
+          "params": {
+            "resources": {
+              "path": "/.vib"
+            },
+            "tests_file": "cloudnative-pg/goss/goss.yaml",
+            "vars_file": "cloudnative-pg/runtime-parameters.yaml",
+            "remote": {
+              "pod": {
+                "workload": "deploy-vib-postgresql-test"
+              }
+            }
+          }
+        },
+        {
+          "action_id": "kubescape",
+          "params": {
+            "threshold": {VIB_ENV_KUBESCAPE_SCORE_THRESHOLD}
+          }
+        }
+      ]
+    }
+  }
+}