change check

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.gitea/workflows/lint-test.yaml

@@ -0,0 +1,38 @@
+name: lint-and-test-charts
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+          check-latest: true
+
+      - name: Set up Chart Testing
+        uses: helm/chart-testing-action@v2.7.0
+
+      - name: Run Chart Testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run Chart Testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ gitea.event.repository.default_branch }}

.gitea/workflows/release-charts-cloudflared.yml

@@ -0,0 +1,57 @@
+name: release-charts-cloudflared
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/cloudflared/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/cloudflared"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}

.gitea/workflows/release-charts-generic-device-plugin.yml

@@ -0,0 +1,57 @@
+name: release-charts-generic-device-plugin
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/generic-device-plugin/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/generic-device-plugin"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}

.gitea/workflows/release-charts-postgres-cluster.yml

@@ -0,0 +1,57 @@
+name: release-charts-postgres-cluster
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/postgres-cluster/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/postgres-cluster"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}

.github/renovate-update-notification/Dockerfile

@@ -1,2 +0,0 @@
-# This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
-FROM renovate/renovate:37

.github/workflows/lint-test.yaml

@@ -1,37 +0,0 @@
-name: lint-and-test-charts
-
-on: pull_request
-
-jobs:
-  lint-test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          version: v3.13.3
-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: "3.10"
-          check-latest: true
-
-      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
-
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Run chart-testing (lint)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }}

.github/workflows/release-charts.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+    paths:
+      - "charts/**"
 
 jobs:
   release:
@@ -22,6 +24,6 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -9,4 +9,4 @@ charts/**/charts/
 __snapshot__/
 
 # Docs
-_site/
+_site/

.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.3.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: check-yaml
+        exclude: 'charts/'
+        args:
+          - --multi
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v1.14.2
+    hooks:
+      - id: helm-docs
+        args:
+          - --chart-search-root=charts
+          - --template-files=./_templates.gotmpl
+          - --template-files=README.md.gotmpl

charts/cloudflared/Chart.yaml

@@ -1,18 +1,18 @@
 apiVersion: v2
 name: cloudflared
-version: 1.3.0
+version: 1.14.7
 description: Cloudflared Tunnel
 keywords:
   - cloudflare
   - tunnel
 sources:
   - https://github.com/cloudflare/cloudflared
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
 maintainers:
   - name: alexlebens
 dependencies:
   - name: common
-    repository: https://bjw-s.github.io/helm-charts/
+    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 3.2.1
+    version: 3.7.3
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
-appVersion: "2024.5.0"
+appVersion: "2025.4.2"

charts/cloudflared/README.md

@@ -1,16 +1,35 @@
-## Introduction
+# cloudflared
 
-[Cloudflared](https://github.com/cloudflare/cloudflared)
+![Version: 1.14.7](https://img.shields.io/badge/Version-1.14.7-informational?style=flat-square) ![AppVersion: 2025.4.2](https://img.shields.io/badge/AppVersion-2025.4.2-informational?style=flat-square)
 
-Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins.
+Cloudflared Tunnel
 
-This chart bootstraps a [Cloudflared](https://github.com/cloudflare/cloudflared) tunnel on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+## Maintainers
 
-## Prerequisites
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
 
-- Kubernetes
+## Source Code
-- Helm
 
-## Parameters
+* <https://github.com/cloudflare/cloudflared>
+* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
 
-See the [values files](values.yaml).
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s-labs.github.io/helm-charts/ | common | 3.7.3 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
+| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.4.2"}` | Default image |
+| name | string | `"cloudflared"` | Name override of release |
+| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/cloudflared/templates/common.yaml

@@ -4,7 +4,7 @@
 {{ if not .Values.global.nameOverride }}
 global:
   nameOverride: {{ .Values.name }}
-{{ end }}  
+{{ end }}
 controllers:
   main:
     type: deployment
@@ -38,4 +38,4 @@ controllers:
 {{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}
 
 {{/* Render the templates */}}
-{{ include "bjw-s.common.loader.generate" . }}
+{{ include "bjw-s.common.loader.generate" . }}

charts/cloudflared/values.yaml

@@ -1,11 +1,20 @@
+# -- Name override of release
 name: cloudflared
+
+# -- Name of existing secret that contains Cloudflare token
 existingSecretName: cloudflared-secret
+
+# -- Name of key that contains the token in the existingSecret
 existingSecretKey: cf-tunnel-token
+
+# -- Default image
 image:
   repository: cloudflare/cloudflared
-  tag: "2024.5.0"
+  tag: "2025.4.2"
   pullPolicy: IfNotPresent
+
+# -- Default resources
 resources:
   requests:
-    cpu: 100m
+    cpu: 10m
     memory: 128Mi

charts/generic-device-plugin/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: generic-device-plugin
+version: 0.1.10
+description: Generic Device Plugin
+keywords:
+  - generic-device-plugin
+  - device
+  - plugin
+sources:
+  - https://github.com/squat/generic-device-plugin
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.7.3
+appVersion: 0.1.10

charts/generic-device-plugin/README.md

@@ -0,0 +1,37 @@
+# generic-device-plugin
+
+![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![AppVersion: 0.1.10](https://img.shields.io/badge/AppVersion-0.1.10-informational?style=flat-square)
+
+Generic Device Plugin
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/squat/generic-device-plugin>
+* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
+| config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
+| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5"}` | Default image |
+| name | string | `"generic-device-plugin"` | Name override of release |
+| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
+| service | object | `{"listenPort":8080}` | Service port |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/generic-device-plugin/templates/common.yaml

@@ -0,0 +1,82 @@
+{{ include "bjw-s.common.loader.init" . }}
+
+{{ define "genericDevicePlugin.hardcodedValues" }}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: daemonset
+    pod:
+      priorityClassName: system-node-critical
+      tolerations:
+        - operator: "Exists"
+          effect: "NoExecute"
+        - operator: "Exists"
+          effect: "NoSchedule"
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --config=/config/config.yaml
+        env:
+          - name: LISTEN
+            value: :{{ .Values.service.listenPort }}
+          - name: PLUGIN_DIRECTORY
+            value: /var/lib/kubelet/device-plugins
+          - name: DOMAIN
+            value: {{ .Values.deviceDomain }}
+        probes:
+          liveness:
+            type: HTTP
+            path: /health
+          readiness:
+            type: HTTP
+            path: /health
+          startup:
+            type: HTTP
+            path: /health
+        securityContext:
+          privileged: True
+configMaps:
+  config:
+    enabled: {{ .Values.config.enabled }}
+    data:
+      config.yaml: {{ toYaml .Values.config.data | nindent 8 }}
+service:
+  main:
+    controller: main
+    ports:
+      http:
+        port: {{ .Values.service.listenPort }}
+persistence:
+  config:
+    enabled: true
+    type: configMap
+    name: {{ .Values.name }}-config
+  device-plugins:
+    enabled: true
+    type: hostPath
+    hostPath: /var/lib/kubelet/device-plugins
+  dev:
+    enabled: true
+    type: hostPath
+    hostPath: /dev
+serviceMonitor:
+  main:
+    serviceName: generic-device-plugin
+    endpoints:
+      - port: http
+        scheme: http
+        path: /metrics
+        interval: 30s
+        scrapeTimeout: 10s
+{{ end }}
+{{ $_ := mergeOverwrite .Values (include "genericDevicePlugin.hardcodedValues" . | fromYaml) }}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/generic-device-plugin/values.yaml

@@ -0,0 +1,80 @@
+# -- Name override of release
+name: generic-device-plugin
+
+# -- Default image
+image:
+  repository: ghcr.io/squat/generic-device-plugin
+  tag: latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5
+  pullPolicy: Always
+
+# -- Domain used by devices for identifcation
+deviceDomain: squat.ai
+
+# -- Service port
+service:
+  listenPort: 8080
+
+# -- Default resources
+resources:
+  limit:
+    cpu: 100m
+    memory: 20Mi
+  requests:
+    cpu: 50m
+    memory: 10Mi
+
+# -- Config map
+config:
+  enabled: true
+  # -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)
+  # @default -- See [values.yaml](./values.yaml)
+  data: |
+    devices:
+      - name: serial
+        groups:
+          - paths:
+              - path: /dev/ttyUSB*
+          - paths:
+              - path: /dev/ttyACM*
+          - paths:
+              - path: /dev/tty.usb*
+          - paths:
+              - path: /dev/cu.*
+          - paths:
+              - path: /dev/cuaU*
+          - paths:
+              - path: /dev/rfcomm*
+      - name: video
+        groups:
+          - paths:
+              - path: /dev/video0
+      - name: fuse
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/fuse
+      - name: audio
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/snd
+      - name: capture
+        groups:
+          - paths:
+              - path: /dev/snd/controlC0
+              - path: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC1
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC1D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC2
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC2D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC3
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC3D0c
+                mountPath: /dev/snd/pcmC0D0c

charts/mysql-cluster/Chart.yaml

@@ -1,15 +0,0 @@
-apiVersion: v2
-name: mysql-cluster
-version: 0.2.1
-description: Chart for a mysql cluster
-keywords:
-  - database
-  - mysql
-sources:
-  - https://dev.mysql.com/
-  - https://github.com/mysql/mysql-operator
-  - https://github.com/mysql/mysql-operator/tree/trunk/helm/mysql-innodbcluster
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/2452804?s=48&v=4
-appVersion: 8.4.0

charts/mysql-cluster/README.md

@@ -1,17 +0,0 @@
-## Introduction
-
-[MySQL Operator](https://dev.mysql.com/doc/mysql-operator/en/)
-
-MySQL Operator for Kubernetes manages MySQL InnoDB Cluster setups inside a Kubernetes Cluster. MySQL Operator for Kubernetes manages the full lifecycle with setup and maintenance including automating upgrades and backups.
-
-This chart bootstraps a [MySQL InnoDB](https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-innodbcluster.html) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- MySQL Operator
-
-## Parameters
-
-See the [values files](values.yaml).

charts/mysql-cluster/templates/_backup.tpl

@@ -1,72 +0,0 @@
-{{- define "cluster.backup" -}}
-
-{{- if and .Values.backup.enabled .Values.backup.profiles }}
-backupProfiles:
-{{- $isDumpInstance := false }}
-{{- $isSnapshot := false }}
-{{- range $_, $profile := .Values.backup.profiles }}
-  - name: {{ $profile.name | quote }}
-      {{- if hasKey $profile "podAnnotations" }}
-    podAnnotations:
-      {{ toYaml $profile.podAnnotations | nindent 6 }}
-      {{- end }}
-      {{- if hasKey $profile "podLabels" }}
-    podLabels:
-      {{ toYaml $profile.podLabels | nindent 6 }}
-      {{- end }}
-
-    {{- $isDumpInstance = hasKey $profile "dumpInstance" }}
-    {{- $isSnapshot = hasKey $profile "snapshot" }}
-    {{- if or $isDumpInstance $isSnapshot }}
-
-      {{- $backupProfile := ternary $profile.dumpInstance $profile.snapshot $isDumpInstance }}
-      {{- if $isDumpInstance }}
-    dumpInstance:
-      {{- else if $isSnapshot }}
-    snapshot:
-      {{- else }}
-      {{- fail "Unsupported or unspecified backup type, must be either snapshot or dumpInstance" }}
-      {{ end }}
-
-      {{- if not (hasKey $backupProfile "storage") }}
-      {{- fail "backup profile $profile.name has no storage section" }}
-      {{- else if hasKey $backupProfile.storage "s3" }}
-      storage:
-        s3:
-            {{- if $backupProfile.storage.s3.prefix }}
-          prefix: {{ $backupProfile.storage.s3.prefix }}
-            {{- end }}
-          bucketName: {{ required "bucketName is required" $backupProfile.storage.s3.bucketName }}
-          config: {{ required "config is required" $backupProfile.storage.s3.config }}
-            {{- if $backupProfile.storage.s3.profile }}
-          profile: {{ $backupProfile.storage.s3.profile }}
-            {{- end }}
-            {{- if $backupProfile.storage.s3.endpoint }}
-          endpoint: {{ $backupProfile.storage.s3.endpoint }}
-            {{- end }}
-      {{- else if hasKey $backupProfile.storage "persistentVolumeClaim" }}
-      storage:
-        persistentVolumeClaim: {{ toYaml $backupProfile.storage.persistentVolumeClaim | nindent 12}}
-      {{- else -}}
-      {{- fail "Backup profile $profile.name has empty storage section - neither s3 nor persistentVolumeClaim defined" }}
-      {{- end -}}
-
-    {{- end }}
-{{- end }}
-{{- end }}
-
-{{- if .Values.backup.schedules }}
-backupSchedules:
-{{- range $_, $schedule := .Values.backup.schedules }}
-  - name: {{ $schedule.name | quote }}
-    enabled: {{ $schedule.enabled }}
-    schedule: {{ quote $schedule.schedule }}
-      {{- if ($schedule).timeZone }}
-    timeZone: {{ quote $schedule.timeZone }}
-      {{- end }}
-    deleteBackupData: {{ $schedule.deleteBackupData }}
-    backupProfileName: {{ $schedule.backupProfileName }}
-{{- end }}
-{{- end }}
-
-{{- end }}

charts/mysql-cluster/templates/_helpers.tpl

@@ -1,64 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "cluster.name" -}}
-  {{- if .Values.global.nameOverride }}
-    {{- .Values.global.nameOverride | trunc 63 | trimSuffix "-" }}
-  {{- else }}
-    {{- printf "%s-mysql-%s" .Release.Name ((semver .Values.cluster.image.version).Major | toString) | trunc 63 | trimSuffix "-" -}}
-  {{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "cluster.chart" -}}
-  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Check for invalid versions
-*/}}
-{{- $minimalVersion := "8.0.27" }}
-{{- $forbiddenVersions := list "8.0.29" }}
-{{- $serverVersion := .Values.serverVersion | default .Chart.AppVersion }}
-{{- if lt $serverVersion $minimalVersion }}
-  {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above" $serverVersion $minimalVersion }}
-  {{- fail $err }}
-{{- end }}
-{{- if has $serverVersion $forbiddenVersions }}
-  {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above except %v" $serverVersion $minimalVersion $forbiddenVersions }}
-  {{- fail $err }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "cluster.labels" -}}
-helm.sh/chart: {{ include "cluster.chart" . }}
-{{ include "cluster.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "cluster.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "cluster.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: cloudnative-pg
-{{- end }}
-
-{{/*
-Create the name of the service account to use.
-*/}}
-{{- define "mysql.serviceAccountName" -}}
-{{- if .Values.serviceAccount.enabled -}}
-    {{ default (include "cluster.name" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}

charts/mysql-cluster/templates/_init.tpl

@@ -1,47 +0,0 @@
-{{- define "cluster.init" -}}
-
-{{- if eq .Values.mode "clone" }}
-{{- with .Values.clone }}
-initDB:
-  clone:
-    donorUrl: {{ required "clone donorUrl is required" .donorUrl }}
-    rootUser: {{ .rootUser | default "root" }}
-    secretKeyRef:
-      name: {{ required "clone credentials is required" .exisitingCredentialsSecret }}
-{{- end }}
-{{- end }}
-
-{{- if eq .Values.mode "recovery" }}
-{{- with .Values.recovery }}
-initDB:
-  dump:
-      {{- if .name }}
-    name: {{ .name | quote }}
-      {{- end }}
-      {{- if .path }}
-    path: {{ .path | quote }}
-      {{- end }}
-      {{- if .options }}
-    options: {{ toYaml .options | nindent 8 }}
-      {{- end }}
-    storage:
-      {{- if eq .type "s3" }}
-      s3:
-        prefix: {{ required "s3 prefix is required" .s3.prefix }}
-        bucketName: {{ required "s3 bucketName is required" .s3.bucketName }}
-        config: {{ required "s3 config is required" .s3.config }}
-          {{- if .s3.profile }}
-        profile: {{ .s3.profile }}
-          {{- end }}
-          {{- if .s3.endpoint }}
-        endpoint: {{ .s3.endpoint }}
-          {{- end }}
-      {{- end }}
-      {{- if eq .type "pvc" }}
-      persistentVolumeClaim:
-        {{ toYaml .persistentVolumeClaim | nindent 10}}
-      {{- end }}
-{{- end }}
-{{- end }}
-
-{{- end }}

charts/mysql-cluster/templates/deployment.yaml

@@ -1,75 +0,0 @@
-apiVersion: mysql.oracle.com/v2
-kind: InnoDBCluster
-metadata:
-  name: {{ include "cluster.name" . }}-cluster
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    {{- with .Values.global.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-  labels:
-    {{- include "cluster.labels" . | nindent 4 }}
-    {{- include "cluster.selectorLabels" . | nindent 4 }}
-    {{- with .Values.global.labels }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  instances: {{ required "serverInstances is required" .Values.cluster.serverInstances }}
-  baseServerId: {{ required "baseServerId is required" .Values.cluster.baseServerId }}  
-  serviceAccountName: {{ include "mysql.serviceAccountName" . }}  
-  imagePullPolicy : {{ .Values.cluster.image.pullPolicy }}
-  version: {{ .Values.cluster.image.version }}
-  tlsUseSelfSigned: true
-  secretName: {{ .Values.cluster.exisitingCredentialsSecret }}
-  podSpec:
-    {{- with .Values.cluster.podSpec }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}
-  podAnnotations:
-    {{- with .Values.cluster.podAnnotations }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}
-  podLabels:
-    {{- with .Values.cluster.podLabels }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}
-  router:
-    instances: {{ required "router.instances is required" .Values.cluster.router.instances }}
-    podSpec:
-      {{- with .Values.cluster.router.podSpec }}
-      {{- toYaml . | nindent 6 }}
-      {{- end }}
-    podAnnotations:
-      {{- with .Values.cluster.router.podAnnotations }}
-      {{- toYaml . | nindent 6 }}
-      {{- end }}
-    podLabels:
-      {{- with .Values.cluster.router.podLabels }}
-      {{- toYaml . | nindent 6 }}
-      {{- end }}
-    tlsSecretName: {{ include "cluster.name" . }}-router-tls
-  logs:
-    {{- with .Values.cluster.logs }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}      
-  mycnf: |
-{{ .Values.cluster.serverConfig.mycnf | indent 4 }}
-  {{- if .Values.cluster.datadirVolumeClaimTemplate }}
-  {{- with .Values.cluster.datadirVolumeClaimTemplate }}
-  datadirVolumeClaimTemplate:
-    {{- if .storageClassName }}
-    storageClassName: {{ .storageClassName | quote }}
-    {{- end}}
-    {{- if .accessModes }}
-    accessModes: [ "{{ .accessModes }}" ]
-    {{- end }}
-    {{- if .size }}
-    resources:
-      requests:
-        storage: "{{ .size }}"
-    {{- end }}
-  {{- end }}
-  {{- end }}
-
-  {{ include "cluster.init" . | nindent 2 }}
-  {{ include "cluster.backup" . | nindent 2 }}

charts/mysql-cluster/templates/service-account.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "mysql.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "cluster.labels" . | nindent 4 }}
-    {{- include "cluster.selectorLabels" . | nindent 4 }}    
-    {{- with .Values.global.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    {{- with .Values.serviceAccount.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}    
-  annotations:
-    {{- with .Values.global.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    {{- with .Values.serviceAccount.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}

charts/mysql-cluster/values.yaml

@@ -1,148 +0,0 @@
-global:
-  nameOverride:
-  labels: {}
-  annotations: {}
-
-serviceAccount:
-  enabled: true
-  labels: {}
-  annotations: {}
-  name: ""
-
-###
-# Cluster mode of operation. Available modes:
-# * `standalone` - Default mode. Creates new or updates an existing cluster.
-# * `recovery` - Same as standalone but creates a cluster from a backup
-# * `clone` - Create database as a replica from another cluster
-mode: standalone
-
-##
-# Cluster spec
-#
-# Reference: https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-properties.html#mysql-operator-spec-innodbclusterspecinitdbdumpstorages3
-#
-cluster:
-  serverInstances: 1
-  baseServerId: 1000
-
-  # Existing secret that contains the keys "rootUser", "rootHost", and "rootPassword"
-  exisitingCredentialsSecret: ""
-
-  image:
-    version: 8.4.0
-    pullPolicy: IfNotPresent
-
-  router:
-    instances: 1
-    podSpec: {}
-    podAnnotations: {}
-    podLabels: {}
-
-  logs:
-    error:
-      enabled: true
-      collect: false
-    general:
-      enabled: false
-      collect: false
-    slowQuery:
-      enabled: false
-      longQueryTime: 2.5
-
-  serverConfig:
-    mycnf: |
-      [mysqld]
-      core_file
-      local_infile=off
-      mysql_native_password=ON
-
-  datadirVolumeClaimTemplate:
-    storageClassName: ""
-    accessModes: ""
-    size: ""
-
-  podSpec:
-    containers:
-      - name: mysql
-        resources:
-          limits:
-            memory: 1024Mi
-            cpu: 1000m
-          requests:
-            memory: 512Mi
-            cpu: 100m
-  podAnnotations: {}
-  podLabels: {}
-
-##
-# Recovery database from storage
-#
-recovery:
-
-  # * `s3` - Restores from s3 object store
-  # * `pvc` - Restores from persistent volume claim
-  type:
-
-  # -- Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator
-  name: ""
-  # -- Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage, S3, or azure.
-  path: ""
-  # -- A dictionary of key-value pairs passed directly to MySQL Shell's loadDump()
-  options: {}
-
-  s3:
-    # -- Path in the bucket where the dump files are stored
-    prefix: ""
-    # -- Name of a Secret with S3 configuration and credentials as contained in ~/.aws/config
-    config: ""
-    # -- Name of the S3 bucket where the dump is stored
-    bucketName: ""
-    # -- Override endpoint URL
-    endpoint: ""
-
-  persistentVolumeClaim: {}
-
-##
-# Clone database from another instance
-#
-clone:
-  donorUrl: ""
-  rootUser: root
-  exisitingCredentialsSecret: ""
-
-##
-# Backup database to pvc or s3
-#
-backup:
-  enabled: false
-  profiles:
-
-## -- Example profile that back ups to local pvc
-
-#    - name: pvc-backup
-#      dumpInstance:
-#        storage:
-#          persistentVolumeClaim:
-#            claimName: backup-volume-claim
-
-## -- Example profile that back ups to s3 endpoint
-
-#    - name: s3-backup
-#      snapshot:
-#        storage:
-#          s3:
-#            prefix: ""
-#            config: ""
-#            bucketName: ""
-#            endpoint: ""
-
-  schedules:
-
-## -- Example schedule that backups daily
-
-#    - name: schedule-daily
-#      enabled: true
-#      schedule: "0 0 0 * * *"
-#      timeZone: "US/Central"
-#      deleteBackupData: false
-#      backupProfileName:

charts/postgres-cluster/Chart.yaml

@@ -1,13 +1,14 @@
 apiVersion: v2
 name: postgres-cluster
-version: 3.1.0
+version: 5.0.6
-description: Chart for cloudnative-pg cluster
+description: Cloudnative-pg Cluster
 keywords:
   - database
   - postgres
 sources:
   - https://github.com/cloudnative-pg/cloudnative-pg
+  - https://github.com/cloudnative-pg/charts/tree/main/charts/cluster
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.22.2
+appVersion: v1.25.1

charts/postgres-cluster/README.md

@@ -1,17 +1,136 @@
-## Introduction
+# postgres-cluster
 
-[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
+![Version: 5.0.6](https://img.shields.io/badge/Version-5.0.6-informational?style=flat-square) ![AppVersion: v1.25.1](https://img.shields.io/badge/AppVersion-v1.25.1-informational?style=flat-square)
 
-CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
+Cloudnative-pg Cluster
 
-This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+## Maintainers
 
-## Prerequisites
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
 
-- Kubernetes
+## Source Code
-- Helm
-- CloudNative PG Operator
 
-## Parameters
+* <https://github.com/cloudnative-pg/cloudnative-pg>
+* <https://github.com/cloudnative-pg/charts/tree/main/charts/cluster>
 
-See the [values files](values.yaml).
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| backup | object | `{"backupIndex":1,"backupName":"","data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","enabled":false,"endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","retentionPolicy":"30d","scheduledBackups":[{"backupOwnerReference":"self","method":"barmanObjectStore","name":"daily-backup","schedule":"0 0 */3 * *"}],"wal":{"compression":"snappy","encryption":"","maxParallel":1}}` | Backup settings |
+| backup.backupIndex | int | `1` | Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}" |
+| backup.backupName | string | `""` | Override ame of the backup cluster in the object store, defaults to "cluster.name" |
+| backup.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backup.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backup.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| backup.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
+| backup.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
+| backup.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
+| backup.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
+| backup.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| backup.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" |
+| backup.retentionPolicy | string | `"30d"` | Retention policy for backups |
+| backup.scheduledBackups[0].backupOwnerReference | string | `"self"` | Backup owner reference |
+| backup.scheduledBackups[0].method | string | `"barmanObjectStore"` | Backup method, can be `barmanObjectStore` (default) or `volumeSnapshot` |
+| backup.scheduledBackups[0].name | string | `"daily-backup"` | Scheduled backup name |
+| backup.scheduledBackups[0].schedule | string | `"0 0 */3 * *"` | Schedule in cron format |
+| backup.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
+| backup.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backup.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backup.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.4-3-bullseye"},"imageCatalogRef":{},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
+| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
+| cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
+| cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
+| cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
+| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.4-3-bullseye"}` | Default image |
+| cluster.imageCatalogRef | object | `{}` | Reference to `ImageCatalog` of `ClusterImageCatalog`, if specified takes precedence over `cluster.imageName` |
+| cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
+| cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
+| cluster.initdb | object | `{}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
+| cluster.logLevel | string | `"info"` | The instances' log level, one of the following values: error, warning, info (default), debug, trace |
+| cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
+| cluster.monitoring.customQueries | list | `[]` | Custom Prometheus metrics Will be stored in the ConfigMap |
+| cluster.monitoring.customQueriesSecret | list | `[]` | The list of secrets containing the custom queries |
+| cluster.monitoring.disableDefaultQueries | bool | `false` | Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. |
+| cluster.monitoring.enabled | bool | `false` | Whether to enable monitoring |
+| cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
+| cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
+| cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
+| cluster.monitoring.prometheusRule.enabled | bool | `false` | Whether to enable the PrometheusRule automated alerts |
+| cluster.monitoring.prometheusRule.excludeRules | list | `[]` | Exclude specified rules |
+| cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
+| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
+| cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
+| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
+| cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
+| cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
+| cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
+| cluster.postgresql.synchronous | object | `{}` | Quorum-based Synchronous Replication |
+| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
+| cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
+| cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
+| cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
+| cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
+| cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
+| cluster.storage | object | `{"size":"10Gi","storageClass":""}` | Default storage size |
+| imageCatalog.create | bool | `false` | Whether to provision an image catalog. If imageCatalog.images is empty this option will be ignored. |
+| imageCatalog.images | list | `[]` | List of images to be provisioned in an image catalog. |
+| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup |
+| nameOverride | string | `""` | Override the name of the cluster |
+| namespaceOverride | string | `""` | Override the namespace of the chart |
+| poolers | list | `[]` | List of PgBouncer poolers |
+| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","owner":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
+| recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
+| recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.backup.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
+| recovery.backup.pitrTarget.time | string | `""` | Time in RFC3339 format |
+| recovery.import.databases | list | `[]` | Databases to import |
+| recovery.import.pgDumpExtraOptions | list | `[]` | List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
+| recovery.import.pgRestoreExtraOptions | list | `[]` | List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
+| recovery.import.postImportApplicationSQL | list | `[]` | List of SQL queries to be executed as a superuser in the application database right after is imported. To be used with extreme care. Only available in microservice type. |
+| recovery.import.roles | list | `[]` | Roles to import |
+| recovery.import.schemaOnly | bool | `false` | When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import. |
+| recovery.import.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"}` | Configuration for the source database |
+| recovery.import.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
+| recovery.import.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
+| recovery.import.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
+| recovery.import.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
+| recovery.import.type | string | `"microservice"` | One of `microservice` or `monolith.` See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works |
+| recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported). * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to        migrate databases to CloudNativePG, even from outside Kubernetes. * `import` - Import one or more databases from an existing Postgres cluster. |
+| recovery.objectStore.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.objectStore.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.objectStore.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| recovery.objectStore.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.objectStore.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
+| recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
+| recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
+| recovery.objectStore.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| recovery.objectStore.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
+| recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.objectStore.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
+| recovery.objectStore.pitrTarget.time | string | `""` | Time in RFC3339 format |
+| recovery.objectStore.recoveryIndex | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }} |
+| recovery.objectStore.recoveryServerName | string | `""` | Override name of the recovery cluster in the object store, defaults to "cluster.name" |
+| recovery.objectStore.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
+| recovery.objectStore.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.objectStore.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.objectStore.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| recovery.pgBaseBackup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.pgBaseBackup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.pgBaseBackup.secret | string | `""` | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch |
+| recovery.pgBaseBackup.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}` | Configuration for the source database |
+| recovery.pgBaseBackup.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
+| recovery.pgBaseBackup.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
+| recovery.pgBaseBackup.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
+| recovery.pgBaseBackup.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
+| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` * `timescaledb` * `tensorchord` |
+| version.postgis | string | `"3.5"` | If using PostGIS, specify the version |
+| version.postgresql | string | `"17"` | PostgreSQL major version to use |
+| version.timescaledb | string | `"2.15"` | If using TimescaleDB, specify the version |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/postgres-cluster/prometheus_rules/cluster-backends_waiting-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterBackendsWaitingWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster a backend is waiting for longer than 5 minutes.
+  description: |-
+    Pod {{`{{`}} $labels.pod {{`}}`}}
+    has been waiting for longer than 5 minutes
+expr: |
+  cnpg_backends_waiting_total > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-database_deadlock_conflicts-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterDatabaseDeadlockConflictsWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has over 10 deadlock conflicts.
+  description: |-
+    There are over 10 deadlock conflicts in
+    {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  cnpg_pg_stat_database_deadlocks > 10
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-ha-critical.yaml

@@ -0,0 +1,26 @@
+{{- $alert := "CNPGClusterHACritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has no standby replicas!
+  description: |-
+    CloudNativePG Cluster "{{ .labels.job }}" has no ready standby replicas. Your cluster at a severe
+    risk of data loss and downtime if the primary instance fails.
+
+    The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint
+    will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main.
+
+    This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less
+    instances. The replaced instance may need some time to catch-up with the cluster primary instance.
+
+    This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this
+    case you may want to silence it.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
+expr: |
+  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 1
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-ha-warning.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterHAWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster less than 2 standby replicas.
+  description: |-
+    CloudNativePG Cluster "{{ .labels.job }}" has only {{ .value }} standby replicas, putting
+    your cluster at risk if another instance fails. The cluster is still able to operate normally, although
+    the `-ro` and `-r` endpoints operate at reduced capacity.
+
+    This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may
+    need some time to catch-up with the cluster primary instance.
+
+    This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances.
+    In this case you may want to silence it.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
+expr: |
+  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 2
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_connection-critical.yaml

@@ -0,0 +1,17 @@
+{{- $alert := "CNPGClusterHighConnectionsCritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance maximum number of connections critical!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
+    the maximum number of connections.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
+expr: |
+  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 95
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_connection-warning.yaml

@@ -0,0 +1,17 @@
+{{- $alert := "CNPGClusterHighConnectionsWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is approaching the maximum number of connections.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
+    the maximum number of connections.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
+expr: |
+  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 80
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_replication_lag.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterHighReplicationLag" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster high replication lag
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is experiencing a high replication lag of
+    {{ .value }}ms.
+
+    High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
+expr: |
+  max(cnpg_pg_replication_lag{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) * 1000 > 1000
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-instances_on_same_node.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterInstancesOnSameNode" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster instances are located on the same node.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has {{ .value }}
+    instances on the same node {{ .labels.node }}.
+
+    A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
+expr: |
+  count by (node) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) > 1
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-last_failed_archive_time-warning.yaml

@@ -0,0 +1,15 @@
+{{- $alert := "CNPGClusterLastFailedArchiveTimeWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster last time archiving failed.
+  description: |-
+    Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-long_running_transaction-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterLongRunningTransactionWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster query is taking longer than 5 minutes.
+  description: |-
+    CloudNativePG Cluster Pod {{`{{`}} $labels.pod {{`}}`}}
+    is taking more than 5 minutes (300 seconds) for a query.
+expr: |-
+  cnpg_backends_max_tx_duration_seconds > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-low_disk_space-critical.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterLowDiskSpaceCritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is running out of disk space!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running extremely low on disk space. Check attached PVCs!
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
+expr: |
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.9 OR
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.9 OR
+  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      /
+      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      *
+      on(namespace, persistentvolumeclaim) group_left(volume)
+      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
+  ) > 0.9
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-low_disk_space-warning.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterLowDiskSpaceWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is running out of disk space.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running low on disk space. Check attached PVCs.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
+expr: |
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.7 OR
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.7 OR
+  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      /
+      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      *
+      on(namespace, persistentvolumeclaim) group_left(volume)
+      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
+  ) > 0.7
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-offline.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterOffline" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has no running instances!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has no ready instances.
+
+    Having an offline cluster means your applications will not be able to access the database, leading to
+    potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
+expr: |
+  (count(cnpg_collector_up{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) OR on() vector(0)) == 0
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-pg_database_xid_age-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterPGDatabaseXidAgeWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
+  description: |-
+    Over 300,000,000 transactions from frozen xid
+    on pod {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  cnpg_pg_database_xid_age > 300000000
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-pg_replication-warning.yaml

@@ -0,0 +1,15 @@
+{{- $alert := "CNPGClusterPGReplicationWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster standby is lagging behind the primary.
+  description: |-
+    Standby is lagging behind by over 300 seconds (5 minutes)
+expr: |
+  cnpg_pg_replication_lag > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-replica_failing_replication-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterReplicaFailingReplicationWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has a replica is failing to replicate.
+  description: |-
+    Replica {{`{{`}} $labels.pod {{`}}`}}
+    is failing to replicate
+expr: |
+  cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-zone_spread-warning.yaml

@@ -0,0 +1,18 @@
+{{- $alert := "CNPGClusterZoneSpreadWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster instances in the same zone.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has instances in the same availability zone.
+
+    A disaster in one availability zone will lead to a potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
+expr: |
+  {{ .Values.cluster.instances }} > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/templates/_backup.tpl

@@ -5,12 +5,24 @@ backup:
   barmanObjectStore:
     destinationPath: {{ .Values.backup.destinationPath }}
     endpointURL: {{ .Values.backup.endpointURL }}
-    {{- if .Values.backup.endpointCA }}
+    {{- if .Values.backup.endpointCA.name }}
     endpointCA:
-      name: {{ .Values.backup.endpointCA }}
+      name: {{ .Values.backup.endpointCA.name }}
-      key: ca-bundle.crt
+      key: {{ .Values.backup.endpointCA.key }}
     {{- end }}
-    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
+    serverName: "{{ include "cluster.backupName" . }}-backup-{{ .Values.backup.backupIndex }}"
+    wal:
+      compression: {{ .Values.backup.wal.compression }}
+      {{- with .Values.backup.wal.encryption}}
+      encryption: {{ . }}
+      {{- end }}
+      maxParallel: {{ .Values.backup.wal.maxParallel }}
+    data:
+      compression: {{ .Values.backup.data.compression }}
+      {{- with .Values.backup.data.encryption }}
+      encryption: {{ . }}
+      {{- end }}
+      jobs: {{ .Values.backup.data.jobs }}
     s3Credentials:
       accessKeyId:
         name: {{ include "cluster.backupCredentials" . }}
@@ -18,13 +30,5 @@ backup:
       secretAccessKey:
         name: {{ include "cluster.backupCredentials" . }}
         key: ACCESS_SECRET_KEY
-    wal:
-      compression: {{ .Values.backup.wal.compression }}
-      encryption: {{ .Values.backup.wal.encryption }}
-      maxParallel: {{ .Values.backup.wal.maxParallel }}
-    data:
-      compression: {{ .Values.backup.data.compression }}
-      encryption: {{ .Values.backup.data.encryption }}
-      jobs: {{ .Values.backup.data.jobs }}
 {{- end }}
 {{- end }}

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -1,12 +1,20 @@
 {{- define "cluster.bootstrap" -}}
-bootstrap:
+
 {{- if eq .Values.mode "standalone" }}
+bootstrap:
   initdb:
     {{- with .Values.cluster.initdb }}
-    {{- with (omit . "postInitApplicationSQL") }}
+        {{- with (omit . "postInitApplicationSQL" "owner" "import") }}
-    {{- . | toYaml | nindent 4 }}
+            {{- . | toYaml | nindent 4 }}
+        {{- end }}
     {{- end }}
+    {{- if .Values.cluster.initdb.owner }}
+    owner: {{ tpl .Values.cluster.initdb.owner . }}
     {{- end }}
+    {{- if eq .Values.type "tensorchord" }}
+    dataChecksums: true
+    {{- end }}
+    {{- if or (eq .Values.type "postgis") (eq .Values.type "timescaledb") (eq .Values.type "tensorchord") (.Values.cluster.initdb.postInitApplicationSQL) }}
     postInitApplicationSQL:
       {{- if eq .Values.type "postgis" }}
       - CREATE EXTENSION IF NOT EXISTS postgis;
@@ -15,60 +23,127 @@ bootstrap:
       - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
       {{- else if eq .Values.type "timescaledb" }}
       - CREATE EXTENSION IF NOT EXISTS timescaledb;
+      {{- else if eq .Values.type "tensorchord" }}
+      - ALTER SYSTEM SET search_path TO "$user", public, vectors;
+      - SET search_path TO "$user", public, vectors;
+      - CREATE EXTENSION IF NOT EXISTS "vectors";
+      - CREATE EXTENSION IF NOT EXISTS "cube";
+      - CREATE EXTENSION IF NOT EXISTS "earthdistance";
+      - ALTER SCHEMA vectors OWNER TO "app";
+      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "app";
+      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "app";
       {{- end }}
       {{- with .Values.cluster.initdb }}
-      {{- range .postInitApplicationSQL }}
+        {{- range .postInitApplicationSQL }}
-      {{- printf "- %s" . | nindent 6 }}
+          {{- printf "- %s" . | nindent 6 }}
+        {{- end -}}
       {{- end }}
-      {{- end }}
+    {{- end }}
-{{- else if eq .Values.mode "replica" }}
+
+{{- else if eq .Values.mode "recovery" -}}
+bootstrap:
+
+{{- if eq .Values.recovery.method "pgBaseBackup" }}
+  pg_basebackup:
+    source: pgBaseBackupSource
+    {{ with .Values.recovery.pgBaseBackup.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.pgBaseBackup.owner }}
+    owner: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.pgBaseBackup.secret }}
+    secret:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+externalClusters:
+  {{- include "cluster.externalSourceCluster" (list "pgBaseBackupSource" .Values.recovery.pgBaseBackup.source) | nindent 2 }}
+
+{{- else if eq .Values.recovery.method "import" }}
   initdb:
+    {{- with .Values.cluster.initdb }}
+      {{- with (omit . "owner" "import" "postInitApplicationSQL") }}
+        {{- . | toYaml | nindent 4 }}
+      {{- end }}
+    {{- end }}
+    {{- if .Values.cluster.initdb.owner }}
+    owner: {{ tpl .Values.cluster.initdb.owner . }}
+    {{- end }}
     import:
-      type: {{ .Values.replica.importType }}
+      source:
+        externalCluster: importSource
+      type: {{ .Values.recovery.import.type }}
       databases:
-        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
+        {{- if and (gt (len .Values.recovery.import.databases) 1) (eq .Values.recovery.import.type "microservice") }}
           {{ fail "Too many databases in import type of microservice!" }}
         {{- else}}
-        {{- with .Values.replica.importDatabases }}
+        {{- with .Values.recovery.import.databases }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
-        {{- end }}        
+        {{- end }}
-      {{- if eq .Values.replica.importType "monolith" }}
+      {{- if eq .Values.recovery.import.type "monolith" }}
       roles:
         {{- with .Values.replica.importRoles }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
       {{- end }}
-      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
+      {{- if and (.Values.recovery.import.postImportApplicationSQL) (eq .Values.recovery.import.type "microservice") }}
       postImportApplicationSQL:
-        {{- with .Values.replica.postImportApplicationSQL }}
+        {{- with .Values.recovery.import.postImportApplicationSQL }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      schemaOnly: {{ .Values.recovery.import.schemaOnly }}
+      {{ with .Values.recovery.import.pgDumpExtraOptions }}
+      pgDumpExtraOptions:
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
+      {{ with .Values.recovery.import.pgRestoreExtraOptions }}
+      pgRestoreExtraOptions:
         {{- . | toYaml | nindent 8 }}
-        {{- end }}      
       {{- end }}
-      source:
-        externalCluster: "{{ include "cluster.name" . }}-cluster"
 externalClusters:
-  - name: "{{ include "cluster.name" . }}-cluster"
+  {{- include "cluster.externalSourceCluster" (list "importSource" .Values.recovery.import.source) | nindent 2 }}
-    {{- with .Values.replica.externalCluster }}
+
-    {{- . | toYaml | nindent 4 }}
+{{- else if eq .Values.mode "backup" }}
-    {{- end }}    
-{{- else if eq .Values.mode "recovery" }}
   recovery:
-    {{- with .Values.recovery.pitrTarget.time }}
+    {{- with .Values.recovery.backup.pitrTarget.time }}
     recoveryTarget:
       targetTime: {{ . }}
     {{- end }}
+    {{ with .Values.recovery.backup.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.backup.owner }}
+    owner: {{ . }}
+    {{- end }}
+    backup:
+      name: {{ .Values.recovery.backup.backupName }}
+
+{{- else if eq .Values.mode "objectStore" }}
+  recovery:
+    {{- with .Values.recovery.objectStore.pitrTarget.time }}
+    recoveryTarget:
+      targetTime: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.objectStore.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.objectStore.owner }}
+    owner: {{ . }}
+    {{- end }}
     source: {{ include "cluster.recoveryServerName" . }}
+
 externalClusters:
   - name: {{ include "cluster.recoveryServerName" . }}
     barmanObjectStore:
       serverName: {{ include "cluster.recoveryServerName" . }}
-      destinationPath: {{ .Values.recovery.destinationPath }}
+      endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
-      endpointURL: {{ .Values.recovery.endpointURL }}
+      destinationPath: {{ .Values.recovery.objectStore.destinationPath }}
-      {{- with .Values.recovery.endpointCA }}
+      {{- if .Values.recovery.objectStore.endpointCA.name }}
       endpointCA:
-        name: {{ . }}
+        name: {{ .Values.recovery.objectStore.endpointCA.name }}
-        key: ca-bundle.crt
+        key: {{ .Values.recovery.objectStore.endpointCA.key }}
       {{- end }}
       s3Credentials:
         accessKeyId:
@@ -78,14 +153,24 @@ externalClusters:
           name: {{ include "cluster.recoveryCredentials" . }}
           key: ACCESS_SECRET_KEY
       wal:
-        compression: {{ .Values.recovery.wal.compression }}
+        compression: {{ .Values.recovery.objectStore.wal.compression }}
-        encryption: {{ .Values.recovery.wal.encryption }}
+        {{- with .Values.recovery.objectStore.wal.encryption}}
-        maxParallel: {{ .Values.recovery.wal.maxParallel }}
+        encryption: {{ . }}
+        {{- end }}
+        maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
       data:
-        compression: {{ .Values.recovery.data.compression }}
+        compression: {{ .Values.recovery.objectStore.data.compression }}
-        encryption: {{ .Values.recovery.data.encryption }}
+        {{- with .Values.recovery.objectStore.data.encryption }}
-        jobs: {{ .Values.recovery.data.jobs }}
+        encryption: {{ . }}
-{{- else }}
+        {{- end }}
+        jobs: {{ .Values.recovery.objectStore.data.jobs }}
+
+{{-  else }}
+  {{ fail "Invalid recovery mode!" }}
+{{- end }}
+
+{{-  else }}
   {{ fail "Invalid cluster mode!" }}
 {{- end }}
+
 {{- end }}

charts/postgres-cluster/templates/_colorize.tpl

@@ -0,0 +1,12 @@
+{{- define "cluster.color-error" }}
+  {{- printf "\033[0;31m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-ok" }}
+  {{- printf "\033[0;32m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-warning" }}
+  {{- printf "\033[0;33m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-info" }}
+  {{- printf "\033[0;34m%s\033[0m" . -}}
+{{- end }}

charts/postgres-cluster/templates/_external_source_cluster.tpl

@@ -0,0 +1,33 @@
+{{- define "cluster.externalSourceCluster" -}}
+{{- $name := first . -}}
+{{- $config := last . -}}
+- name: {{ first . }}
+  connectionParameters:
+    host: {{ $config.host | quote }}
+    port: {{ $config.port | quote }}
+    user: {{ $config.username | quote }}
+    {{- with $config.database }}
+    dbname: {{ . | quote }}
+    {{- end }}
+    sslmode: {{ $config.sslMode | quote }}
+  {{- if $config.passwordSecret.name }}
+  password:
+    name: {{ $config.passwordSecret.name }}
+    key: {{ $config.passwordSecret.key }}
+  {{- end }}
+  {{- if $config.sslKeySecret.name }}
+  sslKey:
+    name: {{ $config.sslKeySecret.name }}
+    key: {{ $config.sslKeySecret.key }}
+  {{- end }}
+  {{- if $config.sslCertSecret.name }}
+  sslCert:
+    name: {{ $config.sslCertSecret.name }}
+    key: {{ $config.sslCertSecret.key }}
+  {{- end }}
+  {{- if $config.sslRootCertSecret.name }}
+  sslRootCert:
+    name: {{ $config.sslRootCertSecret.name }}
+    key: {{ $config.sslRootCertSecret.key }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -20,23 +20,87 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "cluster.labels" -}}
-helm.sh/chart: {{ include "cluster.chart" . }}
+helm.sh/chart: {{ include "cluster.chart" $ }}
-{{ include "cluster.selectorLabels" . }}
+{{ include "cluster.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.cluster.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}
 
 {{/*
 Selector labels
 */}}
 {{- define "cluster.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/name: {{ include "cluster.name" $ }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: cloudnative-pg
 {{- end }}
 
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "cluster.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Whether we need to use TimescaleDB defaults
+*/}}
+{{- define "cluster.useTimescaleDBDefaults" -}}
+{{ and (eq .Values.type "timescaledb") .Values.imageCatalog.create (empty .Values.cluster.imageCatalogRef.name) (empty .Values.imageCatalog.images) (empty .Values.cluster.imageName) }}
+{{- end -}}
+
+{{/*
+Cluster Image Name
+If a custom imageName is available, use it, otherwise use the defaults based on the .Values.type
+*/}}
+{{- define "cluster.imageName" -}}
+    {{- if .Values.cluster.image.repository -}}
+        {{- printf "%s:%s" .Values.cluster.image.repository .Values.cluster.image.tag -}}
+    {{- else if eq .Values.type "postgresql" -}}
+        {{- printf "ghcr.io/cloudnative-pg/postgresql:%s" .Values.version.postgresql -}}
+    {{- else if eq .Values.type "postgis" -}}
+        {{- printf "ghcr.io/cloudnative-pg/postgis:%s-%s" .Values.version.postgresql .Values.version.postgis -}}
+    {{- else -}}
+        {{ fail "Invalid cluster type!" }}
+    {{- end }}
+{{- end -}}
+
+{{/*
+Cluster Image
+If imageCatalogRef defined, use it, otherwise calculate ordinary imageName.
+*/}}
+{{- define "cluster.image" }}
+{{- if .Values.cluster.imageCatalogRef.name }}
+imageCatalogRef:
+  apiGroup: postgresql.cnpg.io
+  {{- toYaml .Values.cluster.imageCatalogRef | nindent 2 }}
+  major: {{ include "cluster.postgresqlMajor" . }}
+{{- else if and .Values.imageCatalog.create (not (empty .Values.imageCatalog.images )) }}
+imageCatalogRef:
+  apiGroup: postgresql.cnpg.io
+  kind: ImageCatalog
+  name: {{ include "cluster.name" . }}
+  major: {{ include "cluster.postgresqlMajor" . }}
+{{- else if eq (include "cluster.useTimescaleDBDefaults" .) "true" -}}
+imageCatalogRef:
+  apiGroup: postgresql.cnpg.io
+  kind: ImageCatalog
+  name: {{ include "cluster.name" . }}-timescaledb-ha
+  major: {{ include "cluster.postgresqlMajor" . }}
+{{- else }}
+imageName: {{ include "cluster.imageName" . }}
+{{- end }}
+{{- end }}
+
 {{/*
 Generate name for object store credentials
 */}}
@@ -56,6 +120,32 @@ Generate name for object store credentials
   {{- end }}
 {{- end }}
 
+{{/*
+Postgres UID
+*/}}
+{{- define "cluster.postgresUID" -}}
+  {{- if ge (int .Values.cluster.postgresUID) 0 -}}
+    {{- .Values.cluster.postgresUID }}
+  {{- else if and (eq (include "cluster.useTimescaleDBDefaults" .) "true") (eq .Values.type "timescaledb") -}}
+    {{- 1000 -}}
+  {{- else -}}
+    {{- 26 -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Postgres GID
+*/}}
+{{- define "cluster.postgresGID" -}}
+  {{- if ge (int .Values.cluster.postgresGID) 0 -}}
+    {{- .Values.cluster.postgresGID }}
+  {{- else if and (eq (include "cluster.useTimescaleDBDefaults" .) "true") (eq .Values.type "timescaledb") -}}
+    {{- 1000 -}}
+  {{- else -}}
+    {{- 26 -}}
+  {{- end -}}
+{{- end -}}
+
 {{/*
 Generate backup server name
 */}}
@@ -67,7 +157,6 @@ Generate backup server name
   {{- end }}
 {{- end }}
 
-
 {{/*
 Generate recovery server name
 */}}
@@ -78,14 +167,3 @@ Generate recovery server name
     {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
 {{- end }}
-
-{{/*
-Generate recovery instance name
-*/}}
-{{- define "cluster.recoveryInstanceName" -}}
-  {{- if .Values.recovery.recoveryInstanceName -}}
-    {{- .Values.recovery.recoveryInstanceName -}}
-  {{- else -}}
-    {{ include "cluster.name" . }}
-  {{- end }}
-{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -2,28 +2,36 @@ apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
   name: {{ include "cluster.name" . }}-cluster
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "cluster.namespace" . }}
   {{- with .Values.cluster.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
   labels:
     {{- include "cluster.labels" . | nindent 4 }}
-  {{- with .Values.cluster.additionalLabels }}
-    {{ toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   instances: {{ .Values.cluster.instances }}
+  {{- include "cluster.image" . | nindent 2 }}
   imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
+  imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
-  postgresUID: {{ .Values.cluster.postgresUID }}
+  {{- with .Values.cluster.imagePullSecrets }}
-  postgresGID: {{ .Values.cluster.postgresGID }}
+  imagePullSecrets:
-  walStorage:
+    {{- . | toYaml | nindent 4 }}
-    size: {{ .Values.cluster.walStorage.size }}
+  {{- end }}
-    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+  postgresUID: {{ include "cluster.postgresUID" . }}
+  postgresGID: {{ include "cluster.postgresGID" . }}
   storage:
     size: {{ .Values.cluster.storage.size }}
+    {{- if not (empty .Values.cluster.storage.storageClass) }}
     storageClass: {{ .Values.cluster.storage.storageClass }}
+    {{- end }}
+  {{- if .Values.cluster.walStorage.enabled }}
+  walStorage:
+    size: {{ .Values.cluster.walStorage.size }}
+    {{- if not (empty .Values.cluster.walStorage.storageClass) }}
+    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+    {{- end }}
+  {{- end }}
   {{- with .Values.cluster.resources }}
   resources:
     {{- toYaml . | nindent 4 }}
@@ -32,21 +40,101 @@ spec:
   affinity:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+  {{- if .Values.cluster.priorityClassName }}
   priorityClassName: {{ .Values.cluster.priorityClassName }}
+  {{- end }}
+
   primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
   primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
   logLevel: {{ .Values.cluster.logLevel }}
+  {{- with .Values.cluster.certificates }}
+  certificates:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
+  {{- with .Values.cluster.superuserSecret }}
+  superuserSecret:
+    name: {{ . }}
+  {{ end }}
+  enablePDB: {{ .Values.cluster.enablePDB }}
+
   postgresql:
+    {{- if or (eq .Values.type "timescaledb") (eq .Values.type "tensorchord") (not (empty .Values.cluster.postgresql.shared_preload_libraries)) }}
     shared_preload_libraries:
       {{- if eq .Values.type "timescaledb" }}
       - timescaledb
       {{- end }}
+      {{- if eq .Values.type "tensorchord" }}
+      - vectors.so
+      {{- end }}
+      {{- with .Values.cluster.postgresql.shared_preload_libraries }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    {{- end }}
+    {{- with .Values.cluster.postgresql.pg_hba }}
+    pg_hba:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.cluster.postgresql.pg_ident }}
+    pg_ident:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.cluster.postgresql.ldap  }}
+    ldap:
+      {{- toYaml . | nindent 6 }}
+    {{- end}}
+    {{- with .Values.cluster.postgresql.synchronous }}
+    synchronous:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
     {{- with .Values.cluster.postgresql.parameters }}
     parameters:
       {{- toYaml . | nindent 6 }}
+    {{- end }}
+
+  {{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
+  managed:
+    {{- with .Values.cluster.services }}
+    services:
+      {{- toYaml . | nindent 6 }}
     {{ end }}
+    {{- with .Values.cluster.roles }}
+    roles:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  {{- end }}
+
+  {{- with .Values.cluster.serviceAccountTemplate }}
+  serviceAccountTemplate:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
   monitoring:
     enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+    disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
+    {{- if not (empty .Values.cluster.monitoring.customQueries) }}
+    customQueriesConfigMap:
+      - name: {{ include "cluster.name" . }}-monitoring
+        key: custom-queries
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.customQueriesSecret) }}
+    {{- with .Values.cluster.monitoring.customQueriesSecret }}
+    customQueriesSecret:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.podMonitor.relabelings) }}
+    {{- with .Values.cluster.monitoring.podMonitor.relabelings }}
+    podMonitorRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.podMonitor.metricRelabelings) }}
+    {{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
+    podMonitorMetricRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
 
   {{ include "cluster.bootstrap" . | nindent 2 }}
   {{ include "cluster.backup" . | nindent 2 }}

charts/postgres-cluster/templates/config-map.yaml

@@ -0,0 +1,18 @@
+{{- if not (empty .Values.cluster.monitoring.customQueries) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "cluster.name" $ }}-monitoring
+  namespace: {{ include "cluster.namespace" $ }}
+  labels:
+    cnpg.io/reload: ""
+    {{- include "cluster.labels" $ | nindent 4 }}
+data:
+  custom-queries: |
+    {{- range .Values.cluster.monitoring.customQueries }}
+    {{ .name }}:
+      query: {{ .query | quote }}
+      metrics:
+        {{- .metrics | toYaml | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/postgres-cluster/templates/image-catalog.yaml

@@ -0,0 +1,15 @@
+{{ if and .Values.imageCatalog.create (not (empty .Values.imageCatalog.images )) }}
+apiVersion: postgresql.cnpg.io/v1
+kind: ImageCatalog
+metadata:
+  name: {{ include "cluster.name" $ }}-image-catalog
+  namespace: {{ include "cluster.namespace" $ }}
+  labels:
+    {{- include "cluster.labels" $ | nindent 4 }}
+spec:
+  images:
+    {{- range $image := .Values.imageCatalog.images }}
+    - image: {{ $image.image }}
+      major: {{ $image.major }}
+    {{- end }}
+{{- end }}

charts/postgres-cluster/templates/poolers.yaml

@@ -0,0 +1,51 @@
+{{- range .Values.poolers }}
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Pooler
+metadata:
+  name: {{ include "cluster.name" $  }}-pooler-{{ .name }}
+  namespace: {{ include "cluster.namespace" $ }}
+  labels:
+    {{- include "cluster.labels" $ | nindent 4 }}
+spec:
+  cluster:
+    name: {{ include "cluster.name" $ }}
+  instances: {{ .instances }}
+  type: {{ default "rw" .type }}
+  pgbouncer:
+    poolMode: {{ default "session" .poolMode }}
+    {{- with .authQuerySecret }}
+    authQuerySecret:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .authQuery }}
+    authQuery:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .parameters }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .pg_hba }}
+    pg_hba:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{ with .monitoring }}
+  monitoring:
+  {{- if not (empty .podMonitor) }}
+    enablePodMonitor: {{ and .enabled .podMonitor.enabled }}
+    {{- with .podMonitor.relabelings }}
+    podMonitorRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- with .podMonitor.metricRelabelings }}
+    podMonitorMetricRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  {{- end }}
+  {{- end }}
+  {{- with .template }}
+  template:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -2,22 +2,19 @@
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: {{ include "cluster.name" . }}-alert-rules
+  name: {{ include "cluster.name" $ }}-alert-rules
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "cluster.namespace" $ }}
   labels:
-    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.labels" $ | nindent 4 }}
-  {{- with .Values.cluster.additionalLabels }}
-    {{ toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   groups:
     - name: cloudnative-pg/{{ include "cluster.name" . }}
       rules:
         {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
-        {{- $_ := set $dict "value"       "{{ $value }}" -}}
+        {{- $_ := set $dict "value"       "{{`{{`}} $value {{`}}`}}" -}}
         {{- $_ := set $dict "namespace"   .Release.Namespace -}}
         {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
-        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{`{{`}} $labels.job {{`}}`}}" "node" "{{`{{`}} $labels.node {{`}}`}}" "pod" "{{`{{`}} $labels.pod {{`}}`}}") -}}
         {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
         {{- $_ := set $dict "Values"      .Values -}}
         {{- $_ := set $dict "Template"    .Template -}}
@@ -26,5 +23,5 @@ spec:
         {{- with $tpl }}
         - {{ $tpl }}
         {{- end -}}
-        {{- end -}}
+        {{- end }}
 {{ end }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -1,18 +1,19 @@
 {{ if .Values.backup.enabled }}
+{{ $context := . -}}
+{{ range .Values.backup.scheduledBackups -}}
+---
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: {{ include "cluster.name" . }}-scheduled-backup
+  name: {{ include "cluster.name" $context }}-{{ .name }}-scheduled-backup
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "cluster.namespace" $context }}
   labels:
-    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.labels" $context | nindent 4 }}
-  {{- with .Values.cluster.additionalLabels }}
-    {{ toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   immediate: true
-  schedule: {{ .Values.backup.schedule }}
+  schedule: {{ .schedule | quote }}
-  backupOwnerReference: self
+  backupOwnerReference: {{ .backupOwnerReference }}
   cluster:
-    name: {{ include "cluster.name" . }}-cluster
+    name: {{ include "cluster.name" $context }}-cluster
+{{ end -}}
 {{ end }}

charts/postgres-cluster/values.yaml

@@ -1,197 +1,558 @@
 # -- Override the name of the cluster
 nameOverride: ""
 
-###
+# -- Override the namespace of the chart
+namespaceOverride: ""
+
 # -- Type of the CNPG database. Available types:
 # * `postgresql`
 # * `postgis`
 # * `timescaledb`
+# * `tensorchord`
 type: postgresql
 
-###
+imageCatalog:
-# Cluster mode of operation. Available modes:
+
+  # -- Whether to provision an image catalog. If imageCatalog.images is empty this option will be ignored.
+  create: false
+
+  # -- List of images to be provisioned in an image catalog.
+  images: []
+    # - image: ghcr.io/your_repo/your_image:your_tag
+    #   major: 16
+
+version:
+
+  # -- PostgreSQL major version to use
+  postgresql: "17"
+
+  # -- If using TimescaleDB, specify the version
+  timescaledb: "2.15"
+
+  # -- If using PostGIS, specify the version
+  postgis: "3.5"
+
+# -- Cluster mode of operation. Available modes:
 # * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
 # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
-# * `replica` - Create database as a replica from another CNPG cluster
 mode: standalone
 
+# -- Cluster settings
 cluster:
   instances: 3
 
+  # -- Default image
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "16.3"
+    tag: "17.4-3-bullseye"
-    pullPolicy: IfNotPresent
 
-  # The UID and GID of the postgres user inside the image
+  # -- Reference to `ImageCatalog` of `ClusterImageCatalog`, if specified takes precedence over `cluster.imageName`
-  postgresUID: 26
+  imageCatalogRef: {}
-  postgresGID: 26
+    # kind: ImageCatalog
+    # name: postgresql
 
-  walStorage:
+  # -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
-    size: 2Gi
+  # More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
-    storageClass: ""
+  imagePullPolicy: IfNotPresent
+
+  # -- The list of pull secrets to be used to pull the images.
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference
+  imagePullSecrets: []
+
+  # -- Default storage size
   storage:
     size: 10Gi
     storageClass: ""
 
+  walStorage:
+    enabled: true
+    size: 2Gi
+    storageClass: ""
+
+  # -- The UID and GID of the postgres user inside the image, defaults to 26
+  postgresUID: -1
+  postgresGID: -1
+
+  # -- Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/
+  services: {}
+
+  # -- Resources requirements of every generated Pod.
+  # Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.
+  # We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS.
+  # See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
   resources:
     requests:
       memory: 256Mi
-      cpu: 10m
+      cpu: 100m
     limits:
-      memory: 1Gi
-      cpu: 800m
       hugepages-2Mi: 256Mi
 
+  priorityClassName: ""
+
+  # -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated. It can be switchover (default) or restart.
+  primaryUpdateMethod: switchover
+
+  # -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
+  primaryUpdateStrategy: unsupervised
+
+  # -- The instances' log level, one of the following values: error, warning, info (default), debug, trace
+  logLevel: "info"
+
+  # -- Affinity/Anti-affinity rules for Pods.
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
   affinity:
     enablePodAntiAffinity: true
     topologyKey: kubernetes.io/hostname
 
-  additionalLabels: {}
+  # -- The configuration for the CA and related certificates.
-  annotations: {}
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration
+  certificates: {}
 
-  priorityClassName: ""
+  # -- When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
+  # If the secret is not present, the operator will automatically create one.
+  # When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
+  # and then blank the password of the postgres user by setting it to NULL.
+  enableSuperuserAccess: false
+  superuserSecret: ""
 
-  # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # -- Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes
-  # successfully updated. It can be switchover (default) or in-place (restart).
+  # See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets
-  primaryUpdateMethod: switchover
+  enablePDB: true
 
-  # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
-  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
+  # already present in the database.
-  primaryUpdateStrategy: unsupervised
+  # See: https://cloudnative-pg.io/documentation/current/declarative_role_management/
-
+  roles: []
-  logLevel: "info"
+    # - name: dante
+    #   ensure: present
+    #   comment: Dante Alighieri
+    #   login: true
+    #   superuser: false
+    #   inRoles:
+    #     - pg_monitor
+    #     - pg_signal_backend
 
+  # -- Enable default monitoring and alert rules
   monitoring:
+
+    # -- Whether to enable monitoring
     enabled: false
+
     podMonitor:
+
+      # -- Whether to enable the PodMonitor
       enabled: true
+
+      # --The list of relabelings for the PodMonitor.
+      # Applied to samples before scraping.
+      relabelings: []
+
+      # -- The list of metric relabelings for the PodMonitor.
+      # Applied to samples before ingestion.
+      metricRelabelings: []
+
     prometheusRule:
-      enabled: true
+
+      # -- Whether to enable the PrometheusRule automated alerts
+      enabled: false
+
+      # -- Exclude specified rules
       excludeRules: []
 
+    # -- Whether the default queries should be injected.
+    # Set it to true if you don't want to inject default queries into the cluster.
+    disableDefaultQueries: false
+
+    # -- Custom Prometheus metrics
+    # Will be stored in the ConfigMap
+    customQueries: []
+    #  - name: "pg_cache_hit_ratio"
+    #    query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
+    #    metrics:
+    #      - datname:
+    #          usage: "LABEL"
+    #          description: "Name of the database"
+    #      - ratio:
+    #          usage: GAUGE
+    #          description: "Cache hit ratio"
+
+    # -- The list of secrets containing the custom queries
+    customQueriesSecret: []
+    #  - name: custom-queries-secret
+    #    key: custom-queries
+
+  # -- Parameters to be set for the database itself
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
   postgresql:
+
+    # -- PostgreSQL configuration options (postgresql.conf)
     parameters:
       shared_buffers: 128MB
       max_slot_wal_keep_size: 2000MB
       hot_standby_feedback: "on"
 
-  # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
+    # -- Quorum-based Synchronous Replication
+    synchronous: {}
+      # method: any
+      # number: 1
+
+    # -- PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file)
+    pg_hba: []
+      # - host all all 10.244.0.0/16 md5
+
+    # -- PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file)
+    pg_ident: []
+      # - mymap   /^(.*)@mydomain\.com$      \1
+
+    # -- Lists of shared preload libraries to add to the default ones
+    shared_preload_libraries: []
+      # - pgaudit
+
+    # -- PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration)
+    ldap: {}
+      # https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration
+      # server: 'openldap.default.svc.cluster.local'
+      # bindSearchAuth:
+        # baseDN: 'ou=org,dc=example,dc=com'
+        # bindDN: 'cn=admin,dc=example,dc=com'
+        # bindPassword:
+          # name: 'ldapBindPassword'
+          # key: 'data'
+        # searchAttribute: 'uid'
+
+  # -- Bootstrap is the configuration of the bootstrap process when initdb is used.
   # See: https://cloudnative-pg.io/documentation/current/bootstrap/
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
-  initdb:
+  initdb: {}
-    {}
     # database: app
-    # owner: app
+    # owner: "" # Defaults to the database name
-    # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+    # secret:
-    # postInitApplicationSQL:
+    #   name: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
-    #   - CREATE TABLE IF NOT EXISTS example;
+    # options: []
+    # encoding: UTF8
+    # postInitSQL:
+    #   - CREATE EXTENSION IF NOT EXISTS vector;
+    # postInitApplicationSQL: []
+    # postInitTemplateSQL: []
 
+  # -- Configure the metadata of the generated service account
+  serviceAccountTemplate: {}
+
+  additionalLabels: {}
+  annotations: {}
+
+# -- Recovery settings when booting cluster from external cluster
 recovery:
-  # Point in time recovery target in RFC3339 format
-  pitrTarget:
-    time: ""
 
-  # S3 https endpoint and the s3:// path
+  # -- Available recovery methods:
-  endpointURL: ""
+  # * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
-  destinationPath: ""
+  # * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported).
+  # * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to
+  #        migrate databases to CloudNativePG, even from outside Kubernetes.
+  # * `import` - Import one or more databases from an existing Postgres cluster.
+  method: backup
 
-  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  # See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-a-backup-object
-  endpointCA: ""
+  backup:
 
-  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+    # -- Point in time recovery target. Specify one of the following:
-  endpointCredentials: ""
+    pitrTarget:
 
-  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
+      # -- Time in RFC3339 format
-  recoveryIndex: 1
+      time: ""
 
-  # Name of the recovery cluster in the object store, defaults to "cluster.name"
+    # -- Name of the database used by the application. Default: `app`.
-  recoveryServerName: ""
+    database: app
 
-  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
+    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
-  recoveryInstanceName: ""
+    owner: ""
 
-  wal:
+    # -- Name of the backup to recover from.
-    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    backupName: ""
-    compression: snappy
-    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    encryption: ""
-    # Number of WAL files to be archived or restored in parallel.
-    maxParallel: 2
-  data:
-    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-    compression: snappy
-    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    encryption: ""
-    # Number of data files to be archived or restored in parallel.
-    jobs: 2
 
-replica:
+  # See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-an-object-store
-  # See https://cloudnative-pg.io/documentation/current/database_import/
+  objectStore:
-  # * `microservice` - Single database import as expected from cnpg clusters
-  # * `monolith` - Import multiple databases and roles
-  importType: microservice
 
-  # If type microservice only one database is allowed, default is app as standard in cnpg clusters
+    # -- Point in time recovery target. Specify one of the following:
-  importDatabases:
+    pitrTarget:
-    - app
 
-  # If type microservice no roles are imported and ignored
+      # -- Time in RFC3339 format
-  importRoles: []
+      time: ""
 
-  # If import type is monolith postImportApplicationSQL is not supported and ignored
+    # -- Name of the database used by the application. Default: `app`.
-  postImportApplicationSQL: []
+    database: app
 
-  # External cluster connection, password specifies a secret name and the key containing the password value
+    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
-  externalCluster:
+    owner: ""
-    connectionParameters:
-      host: postgresql
-      user: app
-      dbname: app
-    password:
-      name: postgresql
-      key: password
 
+    # -- Overrides the provider specific default endpoint. Defaults to:
+    # S3: https://s3.<region>.amazonaws.com"
+    # Leave empty if using the default S3 endpoint
+    endpointURL: ""
+
+    # -- Overrides the provider specific default path. Defaults to:
+    # S3: s3://<bucket><path>
+    # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
+    # Google: gs://<bucket><path>
+    destinationPath: ""
+
+    # -- Specifies a CA bundle to validate a privately signed certificate.
+    endpointCA:
+
+      # -- Creates a secret with the given value if true, otherwise uses an existing secret.
+      create: false
+      name: ""
+      key: ""
+
+    # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+    endpointCredentials: ""
+
+    # -- Storage
+    wal:
+
+      # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+      compression: snappy
+
+      # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+      encryption: ""
+
+      # -- Number of WAL files to be archived or restored in parallel.
+      maxParallel: 1
+
+    data:
+      # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+      compression: snappy
+
+      # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+      encryption: ""
+
+      # -- Number of data files to be archived or restored in parallel.
+      jobs: 1
+
+    # -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
+    recoveryIndex: 1
+
+    # -- Override name of the recovery cluster in the object store, defaults to "cluster.name"
+    recoveryServerName: ""
+
+  # See https://cloudnative-pg.io/documentation/current/bootstrap/#bootstrap-from-a-live-cluster-pg_basebackup
+  pgBaseBackup:
+
+    # -- Name of the database used by the application. Default: `app`.
+    database: app
+
+    # -- Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+    secret: ""
+
+    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
+    owner: ""
+
+    # -- Configuration for the source database
+    source:
+      host: ""
+      port: 5432
+      username: ""
+      database: "app"
+      sslMode: "verify-full"
+      passwordSecret:
+
+        # -- Whether to create a secret for the password
+        create: false
+
+        # -- Name of the secret containing the password
+        name: ""
+
+        # -- The key in the secret containing the password
+        key: "password"
+
+        # -- The password value to use when creating the secret
+        value: ""
+      sslKeySecret:
+        name: ""
+        key: ""
+      sslCertSecret:
+        name: ""
+        key: ""
+      sslRootCertSecret:
+        name: ""
+        key: ""
+
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-Import
+  import:
+
+    # -- One of `microservice` or `monolith.`
+    # See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works
+    type: "microservice"
+
+    # -- Databases to import
+    databases: []
+
+    # -- Roles to import
+    roles: []
+
+    # -- List of SQL queries to be executed as a superuser in the application database right after is imported.
+    # To be used with extreme care. Only available in microservice type.
+    postImportApplicationSQL: []
+
+    # -- When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import.
+    schemaOnly: false
+
+    # -- List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your
+    # own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
+    # operator's intended functionality or design.
+    pgDumpExtraOptions: []
+
+    # -- List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at
+    # your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
+    # operator's intended functionality or design.
+    pgRestoreExtraOptions: []
+
+    # -- Configuration for the source database
+    source:
+      host: ""
+      port: 5432
+      username: app
+      database: app
+      sslMode: "verify-full"
+      passwordSecret:
+
+        # -- Whether to create a secret for the password
+        create: false
+
+        # -- Name of the secret containing the password
+        name: ""
+
+        # -- The key in the secret containing the password
+        key: "password"
+
+        # -- The password value to use when creating the secret
+        value: ""
+      sslKeySecret:
+        name: ""
+        key: ""
+      sslCertSecret:
+        name: ""
+        key: ""
+      sslRootCertSecret:
+        name: ""
+        key: ""
+
+# -- Backup settings
 backup:
+
+  # -- You need to configure backups manually, so backups are disabled by default.
   enabled: false
 
-  # S3 endpoint starting with "https://"
+  # -- Overrides the provider specific default endpoint. Defaults to:
-  endpointURL: ""
+  # S3: https://s3.<region>.amazonaws.com"
+  endpointURL: ""  # Leave empty if using the default S3 endpoint
 
-  # S3 path starting with "s3://"
+  # -- Specifies a CA bundle to validate a privately signed certificate.
-  destinationPath: ""
+  endpointCA:
+    # -- Creates a secret with the given value if true, otherwise uses an existing secret.
+    create: false
+    name: ""
+    key: ""
 
-  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
-  endpointCA: ""
-
-  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
   endpointCredentials: ""
 
-  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
+  # -- Overrides the provider specific default path. Defaults to:
-  backupIndex: 1
+  # S3: s3://<bucket><path>
-
+  # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
-  # Name of the backup cluster in the object store, defaults to "cluster.name"
+  # Google: gs://<bucket><path>
-  backupName: ""
+  destinationPath: ""
 
+  # -- Storage
   wal:
-    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-    compression: snappy
-    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    encryption: ""
-    # Number of WAL files to be archived or restored in parallel.
-    maxParallel: 2
-  data:
-    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-    compression: snappy
-    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    encryption: ""
-    # Number of data files to be archived or restored in parallel.
-    jobs: 2
 
-  # Retention policy for backups
+    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+
+    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+
+    # -- Number of WAL files to be archived or restored in parallel.
+    maxParallel: 1
+
+  data:
+    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+
+    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+
+    # -- Number of data files to be archived or restored in parallel.
+    jobs: 1
+
+  scheduledBackups:
+    -
+      # -- Scheduled backup name
+      name: daily-backup
+
+      # -- Schedule in cron format
+      schedule: "0 0 */3 * *"
+
+      # -- Backup owner reference
+      backupOwnerReference: self
+
+      # -- Backup method, can be `barmanObjectStore` (default) or `volumeSnapshot`
+      method: barmanObjectStore
+
+  # -- Retention policy for backups
   retentionPolicy: "30d"
 
-  # Scheduled backup in cron format
+  # -- Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
-  schedule: "0 0 0 * * *"
+  backupIndex: 1
+
+  # -- Override ame of the backup cluster in the object store, defaults to "cluster.name"
+  backupName: ""
+
+# -- List of PgBouncer poolers
+poolers: []
+  # -
+  #   # -- Pooler name
+  #   name: rw
+  #   # -- PgBouncer type of service to forward traffic to.
+  #   type: rw
+  #   # -- PgBouncer pooling mode
+  #   poolMode: transaction
+  #   # -- Number of PgBouncer instances
+  #   instances: 3
+  #   # -- PgBouncer configuration parameters
+  #   parameters:
+  #     max_client_conn: "1000"
+  #     default_pool_size: "25"
+  #   monitoring:
+  #     # -- Whether to enable monitoring
+  #     enabled: false
+  #     podMonitor:
+  #         # -- Whether to enable the PodMonitor
+  #       enabled: true
+  #   # -- Custom PgBouncer deployment template.
+  #   # Use to override image, specify resources, etc.
+  #   template: {}
+  # -
+  #   # -- Pooler name
+  #   name: ro
+  #   # -- PgBouncer type of service to forward traffic to.
+  #   type: ro
+  #   # -- PgBouncer pooling mode
+  #   poolMode: transaction
+  #   # -- Number of PgBouncer instances
+  #   instances: 3
+  #   # -- PgBouncer configuration parameters
+  #   parameters:
+  #     max_client_conn: "1000"
+  #     default_pool_size: "25"
+  #   monitoring:
+  #     # -- Whether to enable monitoring
+  #     enabled: false
+  #     podMonitor:
+  #         # -- Whether to enable the PodMonitor
+  #       enabled: true
+  #   # -- Custom PgBouncer deployment template.
+  #   # Use to override image, specify resources, etc.
+  #   template: {}

renovate.json

@@ -6,35 +6,18 @@
         ":rebaseStalePrs"
     ],
     "timezone": "US/Central",
-    "schedule": [
+    "schedule": [ "* */1 * * *" ],
-        "every weekday"
-    ],
     "labels": [],
+    "prHourlyLimit": 0,
+    "prConcurrentLimit": 0,
     "packageRules": [
         {
-            "description": "Disables for non major Renovate version",
+            "description": "Label charts",
-            "matchPaths": [
+            "matchDatasources": [
-                ".github/renovate-update-notification/Dockerfile"
+                "helm"
-            ],
-            "matchUpdateTypes": [
-                "minor",
-                "patch",
-                "pin",
-                "digest",
-                "rollback"
-            ],
-            "enabled": false
-        },
-        {
-            "description": "Generate for major Renovate version",
-            "matchPaths": [
-                ".github/renovate-update-notification/Dockerfile"
-            ],
-            "matchUpdateTypes": [
-                "major"
             ],
             "addLabels": [
-                "upgrade"
+                "chart"
             ],
             "automerge": false
         },
@@ -46,19 +29,21 @@
             "addLabels": [
                 "image"
             ],
-            "automerge": false,
+            "automerge": false
-            "minimumReleaseAge": "3 days"
         },
         {
-            "description": "Label charts",
+            "description": "CNPG image",
+            "matchDepNames": [
+                "ghcr.io/cloudnative-pg/postgresql"
+            ],
             "matchDatasources": [
-                "helm"
+                "docker"
             ],
             "addLabels": [
-                "chart"
+                "image"
             ],
             "automerge": false,
-            "minimumReleaseAge": "3 days"
+            "versioning": "deb"
         }
     ]
 }