update image

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/lint-test.yaml

@@ -22,7 +22,7 @@ jobs:
           check-latest: true
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
+        uses: helm/chart-testing-action@v2.7.0
 
       - name: Run chart-testing (list-changed)
         id: list-changed

.github/workflows/release.yml

@@ -22,6 +22,6 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

charts/cloudflared/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: cloudflared
-version: 1.12.1
+version: 1.14.0
 description: Cloudflared Tunnel
 keywords:
   - cloudflare
@@ -13,6 +13,6 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s.github.io/helm-charts/
-    version: 3.5.1
+    version: 3.7.1
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
-appVersion: "2024.12.2"
+appVersion: "2025.2.0"

charts/cloudflared/README.md

@@ -1,6 +1,6 @@
 # cloudflared
 
-![Version: 1.12.1](https://img.shields.io/badge/Version-1.12.1-informational?style=flat-square) ![AppVersion: 2024.12.2](https://img.shields.io/badge/AppVersion-2024.12.2-informational?style=flat-square)
+![Version: 1.14.0](https://img.shields.io/badge/Version-1.14.0-informational?style=flat-square) ![AppVersion: 2025.2.0](https://img.shields.io/badge/AppVersion-2025.2.0-informational?style=flat-square)
 
 Cloudflared Tunnel
 
@@ -19,20 +19,17 @@ Cloudflared Tunnel
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s.github.io/helm-charts/ | common | 3.5.1 |
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.1 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| existingSecretKey | string | `"cf-tunnel-token"` |  |
-| existingSecretName | string | `"cloudflared-secret"` |  |
-| image.pullPolicy | string | `"IfNotPresent"` |  |
-| image.repository | string | `"cloudflare/cloudflared"` |  |
-| image.tag | string | `"2024.12.2"` |  |
-| name | string | `"cloudflared"` |  |
-| resources.requests.cpu | string | `"100m"` |  |
-| resources.requests.memory | string | `"128Mi"` |  |
+| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
+| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.2.0"}` | Default image |
+| name | string | `"cloudflared"` | Name override of release |
+| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/cloudflared/values.yaml

@@ -1,11 +1,20 @@
+# -- Name override of release
 name: cloudflared
+
+# -- Name of existing secret that contains Cloudflare token
 existingSecretName: cloudflared-secret
+
+# -- Name of key that contains the token in the existingSecret
 existingSecretKey: cf-tunnel-token
+
+# -- Default image
 image:
   repository: cloudflare/cloudflared
-  tag: "2024.12.2"
+  tag: "2025.2.0"
   pullPolicy: IfNotPresent
+
+# -- Default resources
 resources:
   requests:
-    cpu: 100m
+    cpu: 10m
     memory: 128Mi

charts/generic-device-plugin/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: generic-device-plugin
-version: 0.1.3
+version: 0.1.7
 description: Generic Device Plugin
 keywords:
   - generic-device-plugin
@@ -14,5 +14,5 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s.github.io/helm-charts/
-    version: 3.5.1
-appVersion: 0.1.3
+    version: 3.7.1
+appVersion: 0.1.7

charts/generic-device-plugin/README.md

@@ -1,6 +1,6 @@
 # generic-device-plugin
 
-![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![AppVersion: 0.1.3](https://img.shields.io/badge/AppVersion-0.1.3-informational?style=flat-square)
+![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![AppVersion: 0.1.7](https://img.shields.io/badge/AppVersion-0.1.7-informational?style=flat-square)
 
 Generic Device Plugin
 
@@ -19,24 +19,19 @@ Generic Device Plugin
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s.github.io/helm-charts/ | common | 3.5.1 |
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.1 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
 | config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
-| config.enabled | bool | `true` |  |
-| deviceDomain | string | `"squat.ai"` |  |
-| image.pullPolicy | string | `"Always"` |  |
-| image.repository | string | `"ghcr.io/squat/generic-device-plugin"` |  |
-| image.tag | string | `"latest"` |  |
-| name | string | `"generic-device-plugin"` |  |
-| resources.limit.cpu | string | `"100m"` |  |
-| resources.limit.memory | string | `"20Mi"` |  |
-| resources.requests.cpu | string | `"50m"` |  |
-| resources.requests.memory | string | `"10Mi"` |  |
-| service.listenPort | int | `8080` |  |
+| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821"}` | Default image |
+| name | string | `"generic-device-plugin"` | Name override of release |
+| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
+| service | object | `{"listenPort":8080}` | Service port |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/generic-device-plugin/values.yaml

@@ -1,15 +1,20 @@
+# -- Name override of release
 name: generic-device-plugin
 
+# -- Default image
 image:
   repository: ghcr.io/squat/generic-device-plugin
+  tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
   pullPolicy: Always
-  tag: latest
 
+# -- Domain used by devices for identifcation
 deviceDomain: squat.ai
 
+# -- Service port
 service:
   listenPort: 8080
 
+# -- Default resources
 resources:
   limit:
     cpu: 100m
@@ -18,6 +23,7 @@ resources:
     cpu: 50m
     memory: 10Mi
 
+# -- Config map
 config:
   enabled: true
   # -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 4.0.1
+version: 4.1.5
 description: Chart for cloudnative-pg cluster
 keywords:
   - database

charts/postgres-cluster/README.md

@@ -1,6 +1,6 @@
 # postgres-cluster
 
-![Version: 4.0.1](https://img.shields.io/badge/Version-4.0.1-informational?style=flat-square) ![AppVersion: v1.25.0](https://img.shields.io/badge/AppVersion-v1.25.0-informational?style=flat-square)
+![Version: 4.1.5](https://img.shields.io/badge/Version-4.1.5-informational?style=flat-square) ![AppVersion: v1.25.0](https://img.shields.io/badge/AppVersion-v1.25.0-informational?style=flat-square)
 
 Chart for cloudnative-pg cluster
 
@@ -18,81 +18,64 @@ Chart for cloudnative-pg cluster
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backup.backupIndex | int | `1` |  |
-| backup.backupName | string | `""` |  |
-| backup.data.compression | string | `"snappy"` |  |
-| backup.data.encryption | string | `""` |  |
-| backup.data.jobs | int | `2` |  |
-| backup.destinationPath | string | `""` |  |
+| backup.backupIndex | int | `1` | Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}" |
+| backup.backupName | string | `""` | Name of the backup cluster in the object store, defaults to "cluster.name" |
+| backup.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backup.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backup.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| backup.destinationPath | string | `""` | S3 path starting with "s3://" |
 | backup.enabled | bool | `false` |  |
-| backup.endpointCA | string | `""` |  |
-| backup.endpointCredentials | string | `""` |  |
-| backup.endpointURL | string | `""` |  |
+| backup.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
+| backup.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| backup.endpointURL | string | `""` | S3 endpoint starting with "https://" |
 | backup.historyTags.backupRetentionPolicy | string | `""` |  |
-| backup.retentionPolicy | string | `"14d"` |  |
-| backup.schedule | string | `"0 0 0 * * *"` |  |
-| backup.tags.backupRetentionPolicy | string | `""` |  |
-| backup.wal.compression | string | `"snappy"` |  |
-| backup.wal.encryption | string | `""` |  |
-| backup.wal.maxParallel | int | `2` |  |
-| bootstrap.initdb | object | `{}` |  |
+| backup.retentionPolicy | string | `"7d"` | Retention policy for backups |
+| backup.schedule | string | `"0 0 */3 * *"` | Scheduled backup in cron format |
+| backup.tags | object | `{"backupRetentionPolicy":""}` | Tags to add to backups. Add in key value beneath the type. |
+| backup.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backup.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backup.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| bootstrap | object | `{"initdb":{}}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
+| bootstrap.initdb | object | `{}` | Example values database: app owner: app secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch postInitApplicationSQL:   - CREATE TABLE IF NOT EXISTS example; |
 | cluster.additionalLabels | object | `{}` |  |
-| cluster.affinity.enablePodAntiAffinity | bool | `true` |  |
-| cluster.affinity.topologyKey | string | `"kubernetes.io/hostname"` |  |
+| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.annotations | object | `{}` |  |
-| cluster.enableSuperuserAccess | bool | `false` |  |
-| cluster.image.pullPolicy | string | `"IfNotPresent"` |  |
-| cluster.image.repository | string | `"ghcr.io/cloudnative-pg/postgresql"` |  |
-| cluster.image.tag | string | `"17.2-22"` |  |
+| cluster.enableSuperuserAccess | bool | `false` | Create secret containing credentials of superuser |
+| cluster.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.2-34"}` | Default image |
 | cluster.instances | int | `3` |  |
 | cluster.logLevel | string | `"info"` |  |
-| cluster.monitoring.enabled | bool | `false` |  |
-| cluster.monitoring.podMonitor.enabled | bool | `true` |  |
-| cluster.monitoring.prometheusRule.enabled | bool | `false` |  |
-| cluster.monitoring.prometheusRule.excludeRules | list | `[]` |  |
+| cluster.monitoring | object | `{"enabled":false,"podMonitor":{"enabled":true},"prometheusRule":{"enableDefaultRules":true,"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
 | cluster.postgresGID | int | `26` |  |
-| cluster.postgresUID | int | `26` |  |
-| cluster.postgresql.parameters.hot_standby_feedback | string | `"on"` |  |
-| cluster.postgresql.parameters.max_slot_wal_keep_size | string | `"2000MB"` |  |
-| cluster.postgresql.parameters.shared_buffers | string | `"128MB"` |  |
-| cluster.postgresql.shared_preload_libraries | list | `[]` |  |
-| cluster.primaryUpdateMethod | string | `"switchover"` |  |
-| cluster.primaryUpdateStrategy | string | `"unsupervised"` |  |
+| cluster.postgresUID | int | `26` | The UID and GID of the postgres user inside the image |
+| cluster.postgresql | object | `{"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"shared_preload_libraries":[]}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
+| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or in-place (restart). |
+| cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
 | cluster.priorityClassName | string | `""` |  |
-| cluster.resources.limits.cpu | string | `"800m"` |  |
-| cluster.resources.limits.hugepages-2Mi | string | `"256Mi"` |  |
-| cluster.resources.limits.memory | string | `"1Gi"` |  |
-| cluster.resources.requests.cpu | string | `"10m"` |  |
-| cluster.resources.requests.memory | string | `"256Mi"` |  |
+| cluster.resources | object | `{"limits":{"cpu":"1","hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Default resources |
 | cluster.storage.size | string | `"10Gi"` |  |
 | cluster.storage.storageClass | string | `""` |  |
-| cluster.walStorage.size | string | `"2Gi"` |  |
-| cluster.walStorage.storageClass | string | `""` |  |
-| mode | string | `"standalone"` |  |
+| cluster.walStorage | object | `{"size":"2Gi","storageClass":""}` | Default storage size |
+| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup * `replica` - Create database as a replica from another CNPG cluster |
 | nameOverride | string | `""` | Override the name of the cluster |
-| recovery.data.compression | string | `"snappy"` |  |
-| recovery.data.encryption | string | `""` |  |
-| recovery.data.jobs | int | `2` |  |
-| recovery.destinationPath | string | `""` |  |
-| recovery.endpointCA | string | `""` |  |
-| recovery.endpointCredentials | string | `""` |  |
-| recovery.endpointURL | string | `""` |  |
-| recovery.pitrTarget.time | string | `""` |  |
-| recovery.recoveryIndex | int | `1` |  |
-| recovery.recoveryInstanceName | string | `""` |  |
-| recovery.recoveryServerName | string | `""` |  |
-| recovery.wal.compression | string | `"snappy"` |  |
-| recovery.wal.encryption | string | `""` |  |
-| recovery.wal.maxParallel | int | `2` |  |
-| replica.externalCluster.connectionParameters.dbname | string | `"app"` |  |
-| replica.externalCluster.connectionParameters.host | string | `"postgresql"` |  |
-| replica.externalCluster.connectionParameters.user | string | `"app"` |  |
-| replica.externalCluster.password.key | string | `"password"` |  |
-| replica.externalCluster.password.name | string | `"postgresql"` |  |
-| replica.importDatabases[0] | string | `"app"` |  |
-| replica.importRoles | list | `[]` |  |
-| replica.importType | string | `"microservice"` |  |
-| replica.postImportApplicationSQL | list | `[]` |  |
+| recovery | object | `{"data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","endpointCA":"","endpointCredentials":"","endpointURL":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryInstanceName":"","recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":1}}` | Recovery settings when booting cluster from external cluster |
+| recovery.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| recovery.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
+| recovery.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| recovery.endpointURL | string | `""` | S3 https endpoint and the s3:// path |
+| recovery.pitrTarget | object | `{"time":""}` | Point in time recovery target in RFC3339 format |
+| recovery.recoveryIndex | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }} |
+| recovery.recoveryInstanceName | string | `""` | Name of the recovery cluster in the object store, defaults to ".Release.Name" |
+| recovery.recoveryServerName | string | `""` | Name of the recovery cluster in the object store, defaults to "cluster.name" |
+| recovery.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| replica.externalCluster | object | `{"connectionParameters":{"dbname":"app","host":"postgresql","user":"app"},"password":{"key":"password","name":"postgresql"}}` | External cluster connection, password specifies a secret name and the key containing the password value |
+| replica.importDatabases | list | `["app"]` | If type microservice only one database is allowed, default is app as standard in cnpg clusters |
+| replica.importRoles | list | `[]` | If type microservice no roles are imported and ignored |
+| replica.importType | string | `"microservice"` | See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types * `microservice` - Single database import as expected from cnpg clusters * `monolith` - Import multiple databases and roles |
+| replica.postImportApplicationSQL | list | `[]` | If import type is monolith postImportApplicationSQL is not supported and ignored |
 | type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` * `timescaledb` * `tensorchord` |
 
 ----------------------------------------------

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -14,10 +14,10 @@ spec:
     - name: cloudnative-pg/{{ include "cluster.name" . }}
       rules:
         {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
-        {{- $_ := set $dict "value"       "{{ $value }}" -}}
+        {{- $_ := set $dict "value"       "{{`{{`}} $value {{`}}`}}" -}}
         {{- $_ := set $dict "namespace"   .Release.Namespace -}}
         {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
-        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{`{{`}} $labels.job {{`}}`}}" "node" "{{`{{`}} $labels.node {{`}}`}}" "pod" "{{`{{`}} $labels.pod {{`}}`}}") -}}
         {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
         {{- $_ := set $dict "Values"      .Values -}}
         {{- $_ := set $dict "Template"    .Template -}}
@@ -27,4 +27,71 @@ spec:
         - {{ $tpl }}
         {{- end -}}
         {{- end -}}
+    {{- if .Values.cluster.monitoring.prometheusRule.enableDefaultRules }}
+    - name: cloudnative-pg/default-rules
+      rules:
+        - alert: LongRunningTransaction
+          annotations:
+            description: Pod {{`{{`}} $labels.pod {{`}}`}} is taking more than 5 minutes (300 seconds) for a query.
+            summary: A query is taking longer than 5 minutes.
+          expr: |-
+            cnpg_backends_max_tx_duration_seconds > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: BackendsWaiting
+          annotations:
+            description: Pod {{`{{`}} $labels.pod {{`}}`}} has been waiting for longer than 5 minutes
+            summary: If a backend is waiting for longer than 5 minutes
+          expr: |-
+            cnpg_backends_waiting_total > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: PGDatabaseXidAge
+          annotations:
+            description: Over 300,000,000 transactions from frozen xid on pod {{`{{`}} $labels.pod {{`}}`}}
+            summary: Number of transactions from the frozen XID to the current one
+          expr: |-
+            cnpg_pg_database_xid_age > 300000000
+          for: 1m
+          labels:
+            severity: warning
+        - alert: PGReplication
+          annotations:
+            description: Standby is lagging behind by over 300 seconds (5 minutes)
+            summary: The standby is lagging behind the primary
+          expr: |-
+            cnpg_pg_replication_lag > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: LastFailedArchiveTime
+          annotations:
+            description: Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
+            summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
+          expr: |-
+            (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
+          for: 1m
+          labels:
+            severity: warning
+        - alert: DatabaseDeadlockConflicts
+          annotations:
+            description: There are over 10 deadlock conflicts in {{`{{`}} $labels.pod {{`}}`}}
+            summary: Checks the number of database conflicts
+          expr: |-
+            cnpg_pg_stat_database_deadlocks > 10
+          for: 1m
+          labels:
+            severity: warning
+        - alert: ReplicaFailingReplication
+          annotations:
+            description: Replica {{`{{`}} $labels.pod {{`}}`}} is failing to replicate
+            summary: Checks if the replica is failing to replicate
+          expr: |-
+            cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
+          for: 1m
+          labels:
+            severity: warning
+    {{- end }}
 {{ end }}

charts/postgres-cluster/values.yaml

@@ -1,7 +1,6 @@
 # -- Override the name of the cluster
 nameOverride: ""
 
-###
 # -- Type of the CNPG database. Available types:
 # * `postgresql`
 # * `postgis`
@@ -9,8 +8,7 @@ nameOverride: ""
 # * `tensorchord`
 type: postgresql
 
-###
-# Cluster mode of operation. Available modes:
+# -- Cluster mode of operation. Available modes:
 # * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
 # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
 # * `replica` - Create database as a replica from another CNPG cluster
@@ -19,17 +17,20 @@ mode: standalone
 cluster:
   instances: 3
 
+  # -- Default image
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "17.2-22"
+    tag: "17.2-34"
     pullPolicy: IfNotPresent
 
-  # The UID and GID of the postgres user inside the image
+  # -- The UID and GID of the postgres user inside the image
   postgresUID: 26
   postgresGID: 26
 
+  # -- Create secret containing credentials of superuser
   enableSuperuserAccess: false
 
+  # -- Default storage size
   walStorage:
     size: 2Gi
     storageClass: ""
@@ -37,43 +38,45 @@ cluster:
     size: 10Gi
     storageClass: ""
 
+  # -- Default resources
   resources:
     requests:
       memory: 256Mi
-      cpu: 10m
+      cpu: 100m
     limits:
-      memory: 1Gi
-      cpu: 800m
+      cpu: '1'
       hugepages-2Mi: 256Mi
 
-  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
+  # -- See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
   affinity:
     enablePodAntiAffinity: true
     topologyKey: kubernetes.io/hostname
 
   additionalLabels: {}
   annotations: {}
-
   priorityClassName: ""
 
-  # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
   # successfully updated. It can be switchover (default) or in-place (restart).
   primaryUpdateMethod: switchover
 
-  # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
   # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
   primaryUpdateStrategy: unsupervised
 
   logLevel: "info"
 
+  # -- Enable default monitoring and alert rules
   monitoring:
     enabled: false
     podMonitor:
       enabled: true
     prometheusRule:
       enabled: false
+      enableDefaultRules: true
       excludeRules: []
 
+  # -- Parameters to be set for the database itself
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
   postgresql:
     parameters:
@@ -82,73 +85,76 @@ cluster:
       hot_standby_feedback: "on"
     shared_preload_libraries: []
 
+# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
+# See: https://cloudnative-pg.io/documentation/current/bootstrap/
+# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
 bootstrap:
-  # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
-  # See: https://cloudnative-pg.io/documentation/current/bootstrap/
-  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
-  initdb: {}
+  # -- Example values
   # database: app
   # owner: app
   # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
   # postInitApplicationSQL:
   #   - CREATE TABLE IF NOT EXISTS example;
+  initdb: {}
 
+# -- Recovery settings when booting cluster from external cluster
 recovery:
-  # Point in time recovery target in RFC3339 format
+
+  # -- Point in time recovery target in RFC3339 format
   pitrTarget:
     time: ""
 
-  # S3 https endpoint and the s3:// path
+  # -- S3 https endpoint and the s3:// path
   endpointURL: ""
   destinationPath: ""
 
-  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  # -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
   endpointCA: ""
 
-  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
   endpointCredentials: ""
 
-  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
+  # -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
   recoveryIndex: 1
 
-  # Name of the recovery cluster in the object store, defaults to "cluster.name"
+  # -- Name of the recovery cluster in the object store, defaults to "cluster.name"
   recoveryServerName: ""
 
-  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
+  # -- Name of the recovery cluster in the object store, defaults to ".Release.Name"
   recoveryInstanceName: ""
 
   wal:
-    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
-    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
-    # Number of WAL files to be archived or restored in parallel.
-    maxParallel: 2
+    # -- Number of WAL files to be archived or restored in parallel.
+    maxParallel: 1
   data:
-    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
-    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
-    # Number of data files to be archived or restored in parallel.
-    jobs: 2
+    # -- Number of data files to be archived or restored in parallel.
+    jobs: 1
 
 replica:
-  # See https://cloudnative-pg.io/documentation/current/database_import/
+  # -- See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types
   # * `microservice` - Single database import as expected from cnpg clusters
   # * `monolith` - Import multiple databases and roles
   importType: microservice
 
-  # If type microservice only one database is allowed, default is app as standard in cnpg clusters
+  # -- If type microservice only one database is allowed, default is app as standard in cnpg clusters
   importDatabases:
     - app
 
-  # If type microservice no roles are imported and ignored
+  # -- If type microservice no roles are imported and ignored
   importRoles: []
 
-  # If import type is monolith postImportApplicationSQL is not supported and ignored
+  # -- If import type is monolith postImportApplicationSQL is not supported and ignored
   postImportApplicationSQL: []
 
-  # External cluster connection, password specifies a secret name and the key containing the password value
+  # -- External cluster connection, password specifies a secret name and the key containing the password value
   externalCluster:
     connectionParameters:
       host: postgresql
@@ -161,48 +167,47 @@ replica:
 backup:
   enabled: false
 
-  # S3 endpoint starting with "https://"
+  # -- S3 endpoint starting with "https://"
   endpointURL: ""
 
-  # S3 path starting with "s3://"
+  # -- S3 path starting with "s3://"
   destinationPath: ""
 
-  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  # -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
   endpointCA: ""
 
-  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
   endpointCredentials: ""
 
-  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
+  # -- Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
   backupIndex: 1
 
-  # Name of the backup cluster in the object store, defaults to "cluster.name"
+  # -- Name of the backup cluster in the object store, defaults to "cluster.name"
   backupName: ""
 
-  # Tags to add to backups. Add in key value beneath the type.
+  # -- Tags to add to backups. Add in key value beneath the type.
   tags:
     backupRetentionPolicy: ""
   historyTags:
     backupRetentionPolicy: ""
 
-  # Configuration for the WAL and data files.
   wal:
-    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
-    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
-    # Number of WAL files to be archived or restored in parallel.
-    maxParallel: 2
+    # -- Number of WAL files to be archived or restored in parallel.
+    maxParallel: 1
   data:
-    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
-    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
-    # Number of data files to be archived or restored in parallel.
-    jobs: 2
+    # -- Number of data files to be archived or restored in parallel.
+    jobs: 1
 
-  # Retention policy for backups
-  retentionPolicy: "14d"
+  # -- Retention policy for backups
+  retentionPolicy: "7d"
 
-  # Scheduled backup in cron format
-  schedule: "0 0 0 * * *"
+  # -- Scheduled backup in cron format
+  schedule: "0 0 */3 * *"