From 8a50f22e31c3c05846a7203a3ce88ce5598f647b Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sat, 24 May 2025 11:35:29 -0500 Subject: [PATCH] add barman --- charts/barman-cloud/Chart.yaml | 18 + charts/barman-cloud/README.md | 35 + .../barman-cloud/templates/certificate.yaml | 46 ++ .../templates/cluster-role-binding.yaml | 34 + .../barman-cloud/templates/cluster-role.yaml | 157 +++++ charts/barman-cloud/templates/common.yaml | 94 +++ .../templates/custom-resource-definition.yaml | 627 ++++++++++++++++++ charts/barman-cloud/templates/issuer.yaml | 11 + .../barman-cloud/templates/role-binding.yaml | 17 + charts/barman-cloud/templates/role.yaml | 41 ++ charts/barman-cloud/templates/secret.yaml | 14 + charts/barman-cloud/values.yaml | 20 + 12 files changed, 1114 insertions(+) create mode 100644 charts/barman-cloud/Chart.yaml create mode 100644 charts/barman-cloud/README.md create mode 100644 charts/barman-cloud/templates/certificate.yaml create mode 100644 charts/barman-cloud/templates/cluster-role-binding.yaml create mode 100644 charts/barman-cloud/templates/cluster-role.yaml create mode 100644 charts/barman-cloud/templates/common.yaml create mode 100644 charts/barman-cloud/templates/custom-resource-definition.yaml create mode 100644 charts/barman-cloud/templates/issuer.yaml create mode 100644 charts/barman-cloud/templates/role-binding.yaml create mode 100644 charts/barman-cloud/templates/role.yaml create mode 100644 charts/barman-cloud/templates/secret.yaml create mode 100644 charts/barman-cloud/values.yaml diff --git a/charts/barman-cloud/Chart.yaml b/charts/barman-cloud/Chart.yaml new file mode 100644 index 0000000..6272d9f --- /dev/null +++ b/charts/barman-cloud/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: barman-cloud +version: 1.15.0 +description: Barman Cloud Plugin +keywords: + - barman-cloud + - cloudnative-pg +sources: + - https://github.com/cloudnative-pg/plugin-barman-cloud + - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common +maintainers: + - name: alexlebens +dependencies: + - name: common + repository: https://bjw-s-labs.github.io/helm-charts/ + version: 4.0.1 +icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4 +appVersion: v.0.4.0 diff --git a/charts/barman-cloud/README.md b/charts/barman-cloud/README.md new file mode 100644 index 0000000..0f27d12 --- /dev/null +++ b/charts/barman-cloud/README.md @@ -0,0 +1,35 @@ +# barman-cloud + +![Version: 1.15.0](https://img.shields.io/badge/Version-1.15.0-informational?style=flat-square) ![AppVersion: v.0.4.0](https://img.shields.io/badge/AppVersion-v.0.4.0-informational?style=flat-square) + +Barman Cloud Plugin + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| alexlebens | | | + +## Source Code + +* +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret | +| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token | +| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/plugin-barman-cloud","tag":"v0.4.0"}` | Default image | +| name | string | `"barman-cloud"` | Name override of release | +| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/barman-cloud/templates/certificate.yaml b/charts/barman-cloud/templates/certificate.yaml new file mode 100644 index 0000000..865b6e7 --- /dev/null +++ b/charts/barman-cloud/templates/certificate.yaml @@ -0,0 +1,46 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Values.name }}-client + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Values.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + commonName: {{ .Values.name }}-client + duration: 2160h + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: selfsigned-issuer + renewBefore: 360h + secretName: {{ .Values.name }}-client-tls + usages: + - client auth + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Values.name }}-server + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Values.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + commonName: {{ .Values.name }} + dnsNames: + - {{ .Values.name }} + duration: 2160h + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: selfsigned-issuer + renewBefore: 360h + secretName: {{ .Values.name }}-server-tls + usages: + - server auth diff --git a/charts/barman-cloud/templates/cluster-role-binding.yaml b/charts/barman-cloud/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..2423dee --- /dev/null +++ b/charts/barman-cloud/templates/cluster-role-binding.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-auth-rolebinding + labels: + app.kubernetes.io/name: metrics-auth-rolebinding + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-auth-role +subjects: +- kind: ServiceAccount + name: plugin-barman-cloud + namespace: {{ .Release.Namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: plugin-barman-cloud-binding + labels: + app.kubernetes.io/name: plugin-barman-cloud + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: plugin-barman-cloud +subjects: +- kind: ServiceAccount + name: plugin-barman-cloud + namespace: {{ .Release.Namespace }} diff --git a/charts/barman-cloud/templates/cluster-role.yaml b/charts/barman-cloud/templates/cluster-role.yaml new file mode 100644 index 0000000..ec3e665 --- /dev/null +++ b/charts/barman-cloud/templates/cluster-role.yaml @@ -0,0 +1,157 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-auth-role + labels: + app.kubernetes.io/name: metrics-auth-role + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader + labels: + app.kubernetes.io/name: metrics-reader + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +rules: + - nonResourceURLs: + - /metrics + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: objectstore-editor-role + labels: + app.kubernetes.io/name: objectstore-editor-role + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +rules: + - apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/status + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: objectstore-viewer-role + labels: + app.kubernetes.io/name: objectstore-viewer-role + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +rules: + - apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores + verbs: + - get + - list + - watch + - apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/status + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: plugin-barman-cloud + labels: + app.kubernetes.io/name: plugin-barman-cloud + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/finalizers + verbs: + - update + - apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/status + verbs: + - get + - patch + - update + - apiGroups: + - postgresql.cnpg.io + resources: + - backups + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - get + - list + - patch + - update + - watch diff --git a/charts/barman-cloud/templates/common.yaml b/charts/barman-cloud/templates/common.yaml new file mode 100644 index 0000000..094df96 --- /dev/null +++ b/charts/barman-cloud/templates/common.yaml @@ -0,0 +1,94 @@ +{{ include "bjw-s.common.loader.init" . }} + +{{ define "barman-cloud.hardcodedValues" }} +{{ if not .Values.global.nameOverride }} +global: + nameOverride: {{ .Values.name }} +{{ end }} +controllers: + main: + type: deployment + labels: + app: {{ .Values.name }} + replicas: 1 + strategy: Recreate + serviceAccountName: plugin-barman-cloud + pod: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + selector: + matchLabels: + app: {{ .Values.name }} + containers: + main: + image: + repository: {{ .Values.image.repository }} + tag: {{ .Values.image.tag }} + pullPolicy: {{ .Values.image.pullPolicy }} + args: + - operator + - --server-cert=/server/tls.crt + - --server-key=/server/tls.key + - --client-cert=/client/tls.crt + - --server-address=:{{ .Values.service.listenPort }} + - --leader-elect + - --log-level=debug + env: + - name: SIDECAR_IMAGE + valueFrom: + secretKeyRef: + key: SIDECAR_IMAGE + name: plugin-barman-cloud-m76km67hd7 + + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 10001 + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault +serviceAccount: + plugin-barman-cloud: + enabled: {{ .Values.serviceAccount.enabled }} +service: + main: + controller: main + annotations: + cnpg.io/pluginPort: "{{ .Values.service.listenPort }}" + cnpg.io/pluginClientSecret: {{ .Values.name }}-client-tls + cnpg.io/pluginServerSecret: {{ .Values.name }}-server-tls + labels: + app: {{ .Values.name }} + cnpg.io/pluginName: barman-cloud.cloudnative-pg.io + ports: + http: + port: {{ .Values.service.listenPort }} + protocol: TCP + targetPort: {{ .Values.service.listenPort }} +persistence: + server-tls: + enabled: true + type: secret + name: {{ .Values.name }}-server-tls + advancedMounts: + main: + main: + - path: /server + readOnly: true + mountPropagation: None + subPath: server + - path: /client + readOnly: true + mountPropagation: None + subPath: client + +{{ end }} +{{ $_ := mergeOverwrite .Values (include "barman-cloud.hardcodedValues" . | fromYaml) }} + +{{/* Render the templates */}} +{{ include "bjw-s.common.loader.generate" . }} diff --git a/charts/barman-cloud/templates/custom-resource-definition.yaml b/charts/barman-cloud/templates/custom-resource-definition.yaml new file mode 100644 index 0000000..703e0db --- /dev/null +++ b/charts/barman-cloud/templates/custom-resource-definition.yaml @@ -0,0 +1,627 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + name: objectstores.barmancloud.cnpg.io +spec: + group: barmancloud.cnpg.io + names: + kind: ObjectStore + listKind: ObjectStoreList + plural: objectstores + singular: objectstore + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ObjectStore is the Schema for the objectstores API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the desired behavior of the ObjectStore. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + configuration: + description: The configuration for the barman-cloud tool suite + properties: + azureCredentials: + description: The credentials to use to upload data to Azure Blob + Storage + properties: + connectionString: + description: The connection string to be used + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromAzureAD: + description: Use the Azure AD based authentication without + providing explicitly the keys. + type: boolean + storageAccount: + description: The storage account where to upload data + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageKey: + description: |- + The storage account key to be used in conjunction + with the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + storageSasToken: + description: |- + A shared-access-signature to be used in conjunction with + the storage account name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + data: + description: |- + The configuration to be used to backup the data files + When not defined, base backups files will be stored uncompressed and may + be unencrypted in the object store, according to the bucket default + policy. + properties: + additionalCommandArgs: + description: |- + AdditionalCommandArgs represents additional arguments that can be appended + to the 'barman-cloud-backup' command-line invocation. These arguments + provide flexibility to customize the backup process further according to + specific requirements or configurations. + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-backup' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + compression: + description: |- + Compress a backup file (a tar file per tablespace) while streaming it + to the object store. Available options are empty string (no + compression, default), `gzip`, `bzip2`, and `snappy`. + enum: + - bzip2 + - gzip + - snappy + type: string + encryption: + description: |- + Whenever to force the encryption of files (if the bucket is + not already configured for that). + Allowed options are empty string (use the bucket policy, default), + `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + immediateCheckpoint: + description: |- + Control whether the I/O workload for the backup initial checkpoint will + be limited, according to the `checkpoint_completion_target` setting on + the PostgreSQL server. If set to true, an immediate checkpoint will be + used, meaning PostgreSQL will complete the checkpoint as soon as + possible. `false` by default. + type: boolean + jobs: + description: |- + The number of parallel jobs to be used to upload the backup, defaults + to 2 + format: int32 + minimum: 1 + type: integer + type: object + destinationPath: + description: |- + The path where to store the backup (i.e. s3://bucket/path/to/folder) + this path, with different destination folders, will be used for WALs + and for data + minLength: 1 + type: string + endpointCA: + description: |- + EndpointCA store the CA bundle of the barman endpoint. + Useful when using self-signed certificates to avoid + errors with certificate issuer and barman-cloud-wal-archive + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + endpointURL: + description: |- + Endpoint to be used to upload data to the cloud, + overriding the automatic endpoint discovery + type: string + googleCredentials: + description: The credentials to use to upload data to Google Cloud + Storage + properties: + applicationCredentials: + description: The secret containing the Google Cloud Storage + JSON file with the credentials + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + gkeEnvironment: + description: |- + If set to true, will presume that it's running inside a GKE environment, + default to false. + type: boolean + type: object + historyTags: + additionalProperties: + type: string + description: |- + HistoryTags is a list of key value pairs that will be passed to the + Barman --history-tags option. + type: object + s3Credentials: + description: The credentials to use to upload data to S3 + properties: + accessKeyId: + description: The reference to the access key id + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + inheritFromIAMRole: + description: Use the role based authentication without providing + explicitly the keys. + type: boolean + region: + description: The reference to the secret containing the region + name + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + secretAccessKey: + description: The reference to the secret access key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + sessionToken: + description: The references to the session key + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: object + serverName: + description: |- + The server name on S3, the cluster name is used if this + parameter is omitted + type: string + tags: + additionalProperties: + type: string + description: |- + Tags is a list of key value pairs that will be passed to the + Barman --tags option. + type: object + wal: + description: |- + The configuration for the backup of the WAL stream. + When not defined, WAL files will be stored uncompressed and may be + unencrypted in the object store, according to the bucket default policy. + properties: + archiveAdditionalCommandArgs: + description: |- + Additional arguments that can be appended to the 'barman-cloud-wal-archive' + command-line invocation. These arguments provide flexibility to customize + the WAL archive process further, according to specific requirements or configurations. + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + compression: + description: |- + Compress a WAL file before sending it to the object store. Available + options are empty string (no compression, default), `gzip`, `bzip2`, + `lz4`, `snappy`, `xz`, and `zstd`. + enum: + - bzip2 + - gzip + - lz4 + - snappy + - xz + - zstd + type: string + encryption: + description: |- + Whenever to force the encryption of files (if the bucket is + not already configured for that). + Allowed options are empty string (use the bucket policy, default), + `AES256` and `aws:kms` + enum: + - AES256 + - aws:kms + type: string + maxParallel: + description: |- + Number of WAL files to be either archived in parallel (when the + PostgreSQL instance is archiving to a backup object store) or + restored in parallel (when a PostgreSQL standby is fetching WAL + files from a recovery object store). If not specified, WAL files + will be processed one at a time. It accepts a positive integer as a + value - with 1 being the minimum accepted value. + minimum: 1 + type: integer + restoreAdditionalCommandArgs: + description: |- + Additional arguments that can be appended to the 'barman-cloud-wal-restore' + command-line invocation. These arguments provide flexibility to customize + the WAL restore process further, according to specific requirements or configurations. + + Example: + In a scenario where specialized backup options are required, such as setting + a specific timeout or defining custom behavior, users can use this field + to specify additional command arguments. + + Note: + It's essential to ensure that the provided arguments are valid and supported + by the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended + behavior during execution. + items: + type: string + type: array + type: object + required: + - destinationPath + type: object + x-kubernetes-validations: + - fieldPath: .serverName + message: use the 'serverName' plugin parameter in the Cluster resource + reason: FieldValueForbidden + rule: '!has(self.serverName)' + instanceSidecarConfiguration: + description: The configuration for the sidecar that runs in the instance + pods + properties: + env: + description: The environment to be explicitly passed to the sidecar + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + resources: + description: Resources define cpu/memory requests and limits for + the sidecar that runs in the instance pods. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + retentionPolicyIntervalSeconds: + default: 1800 + description: |- + The retentionCheckInterval defines the frequency at which the + system checks and enforces retention policies. + type: integer + type: object + retentionPolicy: + description: |- + RetentionPolicy is the retention policy to be used for backups + and WALs (i.e. '60d'). The retention policy is expressed in the form + of `XXu` where `XX` is a positive integer and `u` is in `[dwm]` - + days, weeks, months. + pattern: ^[1-9][0-9]*[dwm]$ + type: string + required: + - configuration + type: object + status: + description: |- + Most recently observed status of the ObjectStore. This data may not be up to + date. Populated by the system. Read-only. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + serverRecoveryWindow: + additionalProperties: + description: |- + RecoveryWindow represents the time span between the first + recoverability point and the last successful backup of a PostgreSQL + server, defining the period during which data can be restored. + properties: + firstRecoverabilityPoint: + description: |- + The first recoverability point in a PostgreSQL server refers to + the earliest point in time to which the database can be + restored. + format: date-time + type: string + lastSuccussfulBackupTime: + description: The last successful backup time + format: date-time + type: string + type: object + description: ServerRecoveryWindow maps each server to its recovery + window + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/barman-cloud/templates/issuer.yaml b/charts/barman-cloud/templates/issuer.yaml new file mode 100644 index 0000000..d722b9b --- /dev/null +++ b/charts/barman-cloud/templates/issuer.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Values.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + selfSigned: {} diff --git a/charts/barman-cloud/templates/role-binding.yaml b/charts/barman-cloud/templates/role-binding.yaml new file mode 100644 index 0000000..b1b6b1c --- /dev/null +++ b/charts/barman-cloud/templates/role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: plugin-barman-cloud + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: plugin-barman-cloud + namespace: {{ .Release.Namespace }} diff --git a/charts/barman-cloud/templates/role.yaml b/charts/barman-cloud/templates/role.yaml new file mode 100644 index 0000000..43968be --- /dev/null +++ b/charts/barman-cloud/templates/role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: leader-election-role + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/charts/barman-cloud/templates/secret.yaml b/charts/barman-cloud/templates/secret.yaml new file mode 100644 index 0000000..5573cc3 --- /dev/null +++ b/charts/barman-cloud/templates/secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: plugin-barman-cloud-m76km67hd7 + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ .Values.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +type: Opaque +data: + SIDECAR_IMAGE: | + Z2hjci5pby9jbG91ZG5hdGl2ZS1wZy9wbHVnaW4tYmFybWFuLWNsb3VkLXNpZGVjYXI6dj + AuNC4w diff --git a/charts/barman-cloud/values.yaml b/charts/barman-cloud/values.yaml new file mode 100644 index 0000000..e8e10c6 --- /dev/null +++ b/charts/barman-cloud/values.yaml @@ -0,0 +1,20 @@ +# -- Name override of release +name: barman-cloud + +# -- Name of existing secret that contains Cloudflare token +existingSecretName: cloudflared-secret + +# -- Name of key that contains the token in the existingSecret +existingSecretKey: cf-tunnel-token + +# -- Default image +image: + repository: ghcr.io/cloudnative-pg/plugin-barman-cloud + tag: "v0.4.0" + pullPolicy: IfNotPresent + +# -- Default resources +resources: + requests: + cpu: 10m + memory: 128Mi