change env

Reviewed-on: #109

.gitea/workflows/lint-test.yaml

@@ -1,6 +1,7 @@
-name: lint-and-test-charts
+name: lint-and-test
 
-on: pull_request
+on:
+  pull_request:
 
 jobs:
   lint-test:
@@ -16,15 +17,16 @@ jobs:
         with:
           version: latest
 
-      - uses: actions/setup-python@v5
+      - name: Set up Python
+        uses: actions/setup-python@v5
         with:
           python-version: "3.13"
           check-latest: true
 
-      - name: Set up chart-testing
+      - name: Set up Chart Testing
         uses: helm/chart-testing-action@v2.7.0
 
-      - name: Run chart-testing (list-changed)
+      - name: Run Chart Testing (list-changed)
         id: list-changed
         run: |
           changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
@@ -32,6 +34,6 @@ jobs:
             echo "changed=true" >> $GITHUB_OUTPUT
           fi
 
-      - name: Run chart-testing (lint)
+      - name: Run Chart Testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --target-branch ${{ gitea.event.repository.default_branch }}
+        run: ct lint --validate-maintainers=false --target-branch ${{ gitea.event.repository.default_branch }}

.gitea/workflows/process-repository.yaml

@@ -0,0 +1,40 @@
+name: process-repository
+
+on:
+  schedule:
+    - cron: '@daily'
+
+  workflow_dispatch:
+
+jobs:
+  process-repository:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Python Script
+        uses: actions/checkout@v4
+        with:
+          repository: alexlebens/workflow-scripts
+          ref: main
+          token: ${{ secrets.BOT_TOKEN }}
+          path: workflow-scripts
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Install dependencies
+        run: pip install requests immutabledict
+
+      - name: Run Script
+        env:
+          INSTANCE_URL: ${{ vars.INSTANCE_URL }}
+          REPOSITORY: ${{ gitea.repository }}
+          TOKEN: ${{ secrets.BOT_TOKEN }}
+          LOG_LEVEL: DEBUG
+          ISSUE_STALE_DAYS: 3
+          ISSUE_STALE_TAG: stale
+          ISSUE_EXCLUDE_TAG: Renovate
+          PULL_REQUEST_STALE_DAYS: 3
+          PULL_REQUEST_STALE_TAG: stale
+        run: python ./workflow-scripts/process-repository.py

.gitea/workflows/release-charts-cloudflared.yml

@@ -19,8 +19,8 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Setup Helm
-        uses: azure/setup-helm@v3
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
           version: latest
@@ -39,7 +39,7 @@ jobs:
       - name: Publish Helm Chart to Gitea
         run: |
           helm plugin install https://github.com/chartmuseum/helm-push
-          helm repo add --username ${{ github.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
           helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
 
       - name: Extract Chart Metadata
@@ -55,3 +55,31 @@ jobs:
           tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
           files: |-
             ${{ env.PACKAGE_PATH }}
+
+      - name: ntfy Success
+        uses: niniyas/ntfy-action@master
+        if: success()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: 'Helm Chart for cloudflared release workflow has successfully completed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Helm Chart for cloudflared release workflow has failed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image.yml", "clear": true}]'
+          image: true

.gitea/workflows/release-charts-generic-device-plugin.yml

@@ -19,8 +19,8 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Setup Helm
-        uses: azure/setup-helm@v3
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
           version: latest
@@ -39,7 +39,7 @@ jobs:
       - name: Publish Helm Chart to Gitea
         run: |
           helm plugin install https://github.com/chartmuseum/helm-push
-          helm repo add --username ${{ github.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
           helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
 
       - name: Extract Chart Metadata
@@ -55,3 +55,31 @@ jobs:
           tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
           files: |-
             ${{ env.PACKAGE_PATH }}
+
+      - name: ntfy Success
+        uses: niniyas/ntfy-action@master
+        if: success()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: 'Helm Chart for generic-device-plugin release workflow has successfully completed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Helm Chart for generic-device-plugin release workflow has failed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image.yml", "clear": true}]'
+          image: true

.gitea/workflows/release-charts-gitea-actions.yml

@@ -0,0 +1,85 @@
+name: release-charts-gitea-actions
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/gitea-actions/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/gitea-actions"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: ntfy Success
+        uses: niniyas/ntfy-action@master
+        if: success()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: 'Helm Chart for gitea-actions release workflow has successfully completed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Helm Chart for gitea-actions release workflow has failed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image.yml", "clear": true}]'
+          image: true

.gitea/workflows/release-charts-postgres-cluster.yml

@@ -19,8 +19,8 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Setup Helm
-        uses: azure/setup-helm@v3
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITEA_TOKEN }}
           version: latest
@@ -39,7 +39,7 @@ jobs:
       - name: Publish Helm Chart to Gitea
         run: |
           helm plugin install https://github.com/chartmuseum/helm-push
-          helm repo add --username ${{ github.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
           helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
 
       - name: Extract Chart Metadata
@@ -55,3 +55,31 @@ jobs:
           tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
           files: |-
             ${{ env.PACKAGE_PATH }}
+
+      - name: ntfy Success
+        uses: niniyas/ntfy-action@master
+        if: success()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,successfully,completed
+          details: 'Helm Chart for postgres-cluster release workflow has successfully completed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 4
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Helm Chart for postgres-cluster release workflow has failed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image.yml", "clear": true}]'
+          image: true

.gitea/workflows/renovate.yaml

@@ -0,0 +1,32 @@
+name: renovate
+
+on:
+  schedule:
+    - cron: "@daily"
+
+  push:
+    branches:
+      - main
+
+  workflow_dispatch:
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    container: ghcr.io/renovatebot/renovate:41
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Renovate
+        run: renovate
+        env:
+          RENOVATE_PLATFORM: gitea
+          RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
+          RENOVATE_REPOSITORIES: alexlebens/helm-charts
+          RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
+          LOG_LEVEL: info
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
+          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
+          RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}

.github/workflows/release-charts.yml

@@ -0,0 +1,29 @@
+name: release-charts
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/**"
+
+jobs:
+  release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.7.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

charts/cloudflared/Chart.yaml

@@ -1,18 +1,18 @@
 apiVersion: v2
 name: cloudflared
-version: 1.14.3
+version: 1.18.0
 description: Cloudflared Tunnel
 keywords:
   - cloudflare
   - tunnel
 sources:
   - https://github.com/cloudflare/cloudflared
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
 maintainers:
   - name: alexlebens
 dependencies:
   - name: common
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.3
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.1.2
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
-appVersion: "2025.2.1"
+appVersion: "2025.6.0"

charts/cloudflared/README.md

@@ -1,6 +1,6 @@
 # cloudflared
 
-![Version: 1.14.3](https://img.shields.io/badge/Version-1.14.3-informational?style=flat-square) ![AppVersion: 2025.2.1](https://img.shields.io/badge/AppVersion-2025.2.1-informational?style=flat-square)
+![Version: 1.17.3](https://img.shields.io/badge/Version-1.17.3-informational?style=flat-square) ![AppVersion: 2025.6.0](https://img.shields.io/badge/AppVersion-2025.6.0-informational?style=flat-square)
 
 Cloudflared Tunnel
 
@@ -13,13 +13,13 @@ Cloudflared Tunnel
 ## Source Code
 
 * <https://github.com/cloudflare/cloudflared>
-* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
+* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
 
 ## Requirements
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.1.2 |
 
 ## Values
 
@@ -27,7 +27,7 @@ Cloudflared Tunnel
 |-----|------|---------|-------------|
 | existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
 | existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.2.1"}` | Default image |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.6.1"}` | Default image |
 | name | string | `"cloudflared"` | Name override of release |
 | resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
 

charts/cloudflared/values.yaml

@@ -10,7 +10,7 @@ existingSecretKey: cf-tunnel-token
 # -- Default image
 image:
   repository: cloudflare/cloudflared
-  tag: "2025.2.1"
+  tag: "2025.7.0"
   pullPolicy: IfNotPresent
 
 # -- Default resources

charts/generic-device-plugin/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: generic-device-plugin
-version: 0.1.10
+version: 0.4.0
 description: Generic Device Plugin
 keywords:
   - generic-device-plugin
@@ -13,6 +13,6 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: common
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.3
-appVersion: 0.1.10
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.1.2
+appVersion: 0.2.0

charts/generic-device-plugin/README.md

@@ -1,6 +1,6 @@
 # generic-device-plugin
 
-![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![AppVersion: 0.1.10](https://img.shields.io/badge/AppVersion-0.1.10-informational?style=flat-square)
+![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square)
 
 Generic Device Plugin
 
@@ -19,7 +19,7 @@ Generic Device Plugin
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.1.2 |
 
 ## Values
 

charts/generic-device-plugin/values.yaml

@@ -4,7 +4,7 @@ name: generic-device-plugin
 # -- Default image
 image:
   repository: ghcr.io/squat/generic-device-plugin
-  tag: latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5
+  tag: latest@sha256:1f779444c72c7bf06b082c44698d6268a8e642ebd9488a35c84a603087940e64
   pullPolicy: Always
 
 # -- Domain used by devices for identifcation

charts/gitea-actions/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: gitea-actions
+version: 0.2.1
+description: Gitea Actions
+keywords:
+  - cicd
+  - runner
+  - actions
+sources:
+  - https://gitea.com/gitea/helm-actions
+  - https://gitea.com/gitea/act
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
+appVersion: 0.2.11

charts/gitea-actions/LICENSE

@@ -0,0 +1,18 @@
+MIT License
+
+Copyright (c) 2025 gitea
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+USE OR OTHER DEALINGS IN THE SOFTWARE.

charts/gitea-actions/README.md

@@ -0,0 +1,54 @@
+# gitea-actions
+
+![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![AppVersion: 0.2.11](https://img.shields.io/badge/AppVersion-0.2.11-informational?style=flat-square)
+
+Gitea Actions
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://gitea.com/gitea/helm-actions>
+* <https://gitea.com/gitea/act>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| enabled | bool | `true` |  |
+| existingSecret | string | `""` |  |
+| existingSecretKey | string | `""` |  |
+| giteaRootURL | string | `""` |  |
+| global.fullnameOverride | string | `""` |  |
+| global.imageRegistry | string | `""` |  |
+| global.nameOverride | string | `""` |  |
+| global.storageClass | string | `""` |  |
+| init.image.repository | string | `"busybox"` |  |
+| init.image.tag | string | `"1.37.0"` |  |
+| statefulset.actRunner.config | string | `"log:\n  level: debug\ncache:\n  enabled: false\n"` |  |
+| statefulset.actRunner.extraVolumeMounts | list | `[]` |  |
+| statefulset.actRunner.pullPolicy | string | `"IfNotPresent"` |  |
+| statefulset.actRunner.repository | string | `"gitea/act_runner"` |  |
+| statefulset.actRunner.tag | string | `"0.2.11"` |  |
+| statefulset.affinity | object | `{}` |  |
+| statefulset.annotations | object | `{}` |  |
+| statefulset.dind.extraEnvs | list | `[]` |  |
+| statefulset.dind.extraVolumeMounts | list | `[]` |  |
+| statefulset.dind.pullPolicy | string | `"IfNotPresent"` |  |
+| statefulset.dind.repository | string | `"docker"` |  |
+| statefulset.dind.tag | string | `"25.0.2-dind"` |  |
+| statefulset.extraVolumes | list | `[]` |  |
+| statefulset.labels | object | `{}` |  |
+| statefulset.nodeSelector | object | `{}` |  |
+| statefulset.persistence.size | string | `"1Gi"` |  |
+| statefulset.persistence.storageClass | string | `""` |  |
+| statefulset.replicas | int | `1` |  |
+| statefulset.resources | object | `{}` |  |
+| statefulset.tolerations | list | `[]` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/gitea-actions/templates/_helpers.tpl

@@ -0,0 +1,102 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+
+{{- define "gitea.actions.name" -}}
+{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "gitea.actions.fullname" -}}
+{{- if .Values.global.fullnameOverride -}}
+{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.global.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gitea.actions.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Storage Class
+*/}}
+{{- define "gitea.actions.persistence.storageClass" -}}
+{{- $storageClass :=  (tpl ( default "" .Values.statefulset.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
+{{- if $storageClass }}
+storageClassName: {{ $storageClass | quote }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "gitea.actions.labels" -}}
+helm.sh/chart: {{ include "gitea.actions.chart" . }}
+app: {{ include "gitea.actions.name" . }}
+{{ include "gitea.actions.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
+version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{- define "gitea.actions.labels.actRunner" -}}
+helm.sh/chart: {{ include "gitea.actions.chart" . }}
+app: {{ include "gitea.actions.name" . }}-act-runner
+{{ include "gitea.actions.selectorLabels.actRunner" . }}
+app.kubernetes.io/version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
+version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "gitea.actions.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "gitea.actions.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{- define "gitea.actions.selectorLabels.actRunner" -}}
+app.kubernetes.io/name: {{ include "gitea.actions.name" . }}-act-runner
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{- define "gitea.actions.local_root_url" -}}
+  {{- .Values.giteaRootURL -}}
+{{- end -}}
+
+{{/*
+Parse the http url to hostname + port separated by space for the nc command
+*/}}
+{{- define "gitea.actions.nc" -}}
+{{- $url := include "gitea.actions.local_root_url" . | urlParse -}}
+{{- $host := get $url "host" -}}
+{{- $scheme := get $url "scheme" -}}
+{{- $port := "80" -}}
+{{- if contains ":" $host -}}
+    {{- $hostAndPort := regexSplit ":" $host 2 -}}
+    {{- $host = index $hostAndPort 0 -}}
+    {{- $port = index $hostAndPort 1 -}}
+{{- else if eq $scheme "https" -}}
+    {{- $port = "443" -}}
+{{- else if eq $scheme "http" -}}
+    {{- $port = "80" -}}
+{{- end -}}
+{{- printf "%s %s" $host $port -}}
+{{- end -}}

charts/gitea-actions/templates/config-map.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "gitea.actions.fullname" . }}-act-runner-config
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+  labels:
+    {{- include "gitea.actions.labels" . | nindent 4 }}
+data:
+  config.yaml: |
+    {{- with .Values.statefulset.actRunner.config -}}
+    {{ . | nindent 4}}
+    {{- end -}}
+{{- end }}

charts/gitea-actions/templates/stateful-set.yaml

@@ -0,0 +1,127 @@
+{{- if .Values.enabled }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    {{- include "gitea.actions.labels.actRunner" . | nindent 4 }}
+    {{- with .Values.statefulset.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.statefulset.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  name: {{ include "gitea.actions.fullname" . }}-act-runner
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+spec:
+  replicas: {{ .Values.statefulset.replicas }}
+  selector:
+    matchLabels:
+      {{- include "gitea.actions.selectorLabels.actRunner" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "gitea.actions.labels.actRunner" . | nindent 8 }}
+        {{- with .Values.statefulset.labels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      initContainers:
+        - name: init-gitea
+          image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
+          command:
+            - sh
+            - -c
+            - |
+              while ! nc -z {{ include "gitea.actions.nc" . }}; do
+                sleep 5
+              done
+      containers:
+        - name: act-runner
+          image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"
+          imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
+          workingDir: /data
+          env:
+            - name: DOCKER_HOST
+              value: tcp://127.0.0.1:2376
+            - name: DOCKER_TLS_VERIFY
+              value: "1"
+            - name: DOCKER_CERT_PATH
+              value: /certs/server
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.existingSecret | default "gitea-actions-token" }}"
+                  key: "{{ .Values.existingSecretKey | default "token" }}"
+            - name: GITEA_INSTANCE_URL
+              value: {{ include "gitea.actions.local_root_url" . }}
+            - name: CONFIG_FILE
+              value: /actrunner/config.yaml
+          resources:
+            {{- toYaml .Values.statefulset.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /actrunner/config.yaml
+              name: act-runner-config
+              subPath: config.yaml
+            - mountPath: /certs/server
+              name: docker-certs
+            - mountPath: /data
+              name: data-act-runner
+            {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+        - name: dind
+          image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}"
+          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
+          env:
+            - name: DOCKER_HOST
+              value: tcp://127.0.0.1:2376
+            - name: DOCKER_TLS_VERIFY
+              value: "1"
+            - name: DOCKER_CERT_PATH
+              value: /certs/server
+            {{- if .Values.statefulset.dind.extraEnvs }}
+            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
+            {{- end }}
+          securityContext:
+            privileged: true
+          resources:
+            {{- toYaml .Values.statefulset.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /certs/server
+              name: docker-certs
+            {{- with .Values.statefulset.dind.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+      {{- range $key, $value := .Values.statefulset.nodeSelector }}
+      nodeSelector:
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+      {{- with .Values.statefulset.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.statefulset.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: act-runner-config
+          configMap:
+            name: {{ include "gitea.actions.fullname" . }}-act-runner-config
+        - name: docker-certs
+          emptyDir: {}
+        {{- with .Values.statefulset.extraVolumes }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+  volumeClaimTemplates:
+    - metadata:
+        name: data-act-runner
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        {{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
+        resources:
+          requests:
+            storage: {{ .Values.statefulset.persistence.size }}
+{{- end }}

charts/gitea-actions/values.yaml

@@ -0,0 +1,102 @@
+# Configure Gitea Actions
+# - must enable persistence if the job is enabled
+## @section Gitea Actions
+#
+## @param enabled Create an act runner StatefulSet.
+## @param init.image.repository The image used for the init containers
+## @param init.image.tag The image tag used for the init containers
+## @param statefulset.annotations Act runner annotations
+## @param statefulset.labels Act runner labels
+## @param statefulset.resources Act runner resources
+## @param statefulset.nodeSelector NodeSelector for the statefulset
+## @param statefulset.tolerations Tolerations for the statefulset
+## @param statefulset.affinity Affinity for the statefulset
+## @param statefulset.extraVolumes Extra volumes for the statefulset
+## @param statefulset.actRunner.repository The Gitea act runner image
+## @param statefulset.actRunner.tag The Gitea act runner tag
+## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
+## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
+## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
+## @param statefulset.dind.repository The Docker-in-Docker image
+## @param statefulset.dind.tag The Docker-in-Docker image tag
+## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
+## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
+## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
+## @param statefulset.persistence.size Size for persistence to store act runner data
+## @param provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret
+## @param provisioning.annotations Job's annotations
+## @param provisioning.labels Job's labels
+## @param provisioning.resources Job's resources
+## @param provisioning.nodeSelector NodeSelector for the job
+## @param provisioning.tolerations Tolerations for the job
+## @param provisioning.affinity Affinity for the job
+## @param provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed
+## @param provisioning.publish.repository The image that can create the secret via kubectl
+## @param provisioning.publish.tag The publish image tag that can create the secret
+## @param provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret
+## @param existingSecret Secret that contains the token
+## @param existingSecretKey Secret key
+## @param giteaRootURL URL the act_runner registers and connect with
+enabled: true
+statefulset:
+  replicas: 1
+  annotations: {}
+  labels: {}
+  resources: {}
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+  extraVolumes: []
+
+  actRunner:
+    repository: gitea/act_runner
+    tag: 0.2.11
+    pullPolicy: IfNotPresent
+    extraVolumeMounts: []
+
+    # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
+    config: |
+      log:
+        level: debug
+      cache:
+        enabled: false
+
+  dind:
+    repository: docker
+    tag: 25.0.2-dind
+    pullPolicy: IfNotPresent
+    extraVolumeMounts: []
+
+    # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
+    # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456
+    extraEnvs:
+      []
+      #  - name: "DOCKER_IPTABLES_LEGACY"
+      #    value: "1"
+
+  persistence:
+    storageClass: ""
+    size: 1Gi
+
+init:
+  image:
+    repository: busybox
+    tag: "1.37.0"
+
+## Specify an existing token secret
+##
+existingSecret: ""
+existingSecretKey: ""
+
+## Specify the root URL of the Gitea instance
+giteaRootURL: ""
+
+## @section Global
+#
+## @param global.imageRegistry global image registry override
+## @param global.storageClass global storage class override
+global:
+  imageRegistry: ""
+  storageClass: ""
+  nameOverride: ""
+  fullnameOverride: ""

charts/postgres-cluster/Chart.yaml

@@ -1,13 +1,14 @@
 apiVersion: v2
 name: postgres-cluster
-version: 4.2.1
-description: Chart for cloudnative-pg cluster
+version: 6.4.4
+description: Cloudnative-pg Cluster
 keywords:
   - database
   - postgres
 sources:
   - https://github.com/cloudnative-pg/cloudnative-pg
+  - https://github.com/cloudnative-pg/charts/tree/main/charts/cluster
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.25.0
+appVersion: v1.26.0

charts/postgres-cluster/README.md

@@ -1,8 +1,8 @@
 # postgres-cluster
 
-![Version: 4.2.1](https://img.shields.io/badge/Version-4.2.1-informational?style=flat-square) ![AppVersion: v1.25.0](https://img.shields.io/badge/AppVersion-v1.25.0-informational?style=flat-square)
+![Version: 6.4.4](https://img.shields.io/badge/Version-6.4.4-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
 
-Chart for cloudnative-pg cluster
+Cloudnative-pg Cluster
 
 ## Maintainers
 
@@ -13,70 +13,103 @@ Chart for cloudnative-pg cluster
 ## Source Code
 
 * <https://github.com/cloudnative-pg/cloudnative-pg>
+* <https://github.com/cloudnative-pg/charts/tree/main/charts/cluster>
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backup.backupIndex | int | `1` | Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}" |
-| backup.backupName | string | `""` | Name of the backup cluster in the object store, defaults to "cluster.name" |
-| backup.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
-| backup.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| backup.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
-| backup.destinationPath | string | `""` | S3 path starting with "s3://" |
-| backup.enabled | bool | `false` |  |
-| backup.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
-| backup.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
-| backup.endpointURL | string | `""` | S3 endpoint starting with "https://" |
-| backup.historyTags.backupRetentionPolicy | string | `""` |  |
-| backup.retentionPolicy | string | `"7d"` | Retention policy for backups |
-| backup.schedule | string | `"0 0 */3 * *"` | Scheduled backup in cron format |
-| backup.tags | object | `{"backupRetentionPolicy":""}` | Tags to add to backups. Add in key value beneath the type. |
-| backup.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
-| backup.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| backup.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
-| bootstrap | object | `{"initdb":{}}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
-| bootstrap.initdb | object | `{}` | Example values database: app owner: app secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch postInitApplicationSQL:   - CREATE TABLE IF NOT EXISTS example; |
-| cluster.additionalLabels | object | `{}` |  |
-| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
-| cluster.annotations | object | `{}` |  |
-| cluster.enableSuperuserAccess | bool | `false` | Create secret containing credentials of superuser |
-| cluster.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.4-3-bullseye"}` | Default image |
-| cluster.instances | int | `3` |  |
-| cluster.logLevel | string | `"info"` |  |
-| cluster.monitoring | object | `{"enabled":false,"podMonitor":{"enabled":true},"prometheusRule":{"enableDefaultRules":true,"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
-| cluster.postgresGID | int | `26` |  |
-| cluster.postgresUID | int | `26` | The UID and GID of the postgres user inside the image |
-| cluster.postgresql | object | `{"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"shared_preload_libraries":[]}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
-| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or in-place (restart). |
+| backup | object | `{"enabled":false,"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
+| backup.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
+| backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
+| backup.objectStore | list | `[]` | Options for object store backups |
+| backup.scheduledBackups | list | `[]` | List of scheduled backups |
+| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
+| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
+| cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
+| cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
+| cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
+| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"}` | Default image |
+| cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
+| cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
+| cluster.initdb | object | `{}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
+| cluster.logLevel | string | `"info"` | The instances' log level, one of the following values: error, warning, info (default), debug, trace |
+| cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
+| cluster.monitoring.customQueries | list | `[]` | Custom Prometheus metrics Will be stored in the ConfigMap |
+| cluster.monitoring.customQueriesSecret | list | `[]` | The list of secrets containing the custom queries |
+| cluster.monitoring.disableDefaultQueries | bool | `false` | Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. |
+| cluster.monitoring.enabled | bool | `false` | Whether to enable monitoring |
+| cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
+| cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
+| cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
+| cluster.monitoring.prometheusRule.enabled | bool | `false` | Whether to enable the PrometheusRule automated alerts |
+| cluster.monitoring.prometheusRule.excludeRules | list | `[]` | Exclude specified rules |
+| cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
+| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
+| cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
+| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
+| cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
+| cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
+| cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
+| cluster.postgresql.synchronous | object | `{}` | Quorum-based Synchronous Replication |
+| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
 | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
-| cluster.priorityClassName | string | `""` |  |
-| cluster.resources | object | `{"limits":{"cpu":"1","hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Default resources |
-| cluster.storage.size | string | `"10Gi"` |  |
-| cluster.storage.storageClass | string | `""` |  |
-| cluster.walStorage | object | `{"size":"2Gi","storageClass":""}` | Default storage size |
-| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup * `replica` - Create database as a replica from another CNPG cluster |
+| cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
+| cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
+| cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
+| cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
+| cluster.storage | object | `{"size":"10Gi","storageClass":""}` | Default storage size |
+| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup |
 | nameOverride | string | `""` | Override the name of the cluster |
-| recovery | object | `{"data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","endpointCA":"","endpointCredentials":"","endpointURL":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryInstanceName":"","recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":1}}` | Recovery settings when booting cluster from external cluster |
-| recovery.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
-| recovery.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| recovery.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
-| recovery.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
-| recovery.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
-| recovery.endpointURL | string | `""` | S3 https endpoint and the s3:// path |
-| recovery.pitrTarget | object | `{"time":""}` | Point in time recovery target in RFC3339 format |
-| recovery.recoveryIndex | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }} |
-| recovery.recoveryInstanceName | string | `""` | Name of the recovery cluster in the object store, defaults to ".Release.Name" |
-| recovery.recoveryServerName | string | `""` | Name of the recovery cluster in the object store, defaults to "cluster.name" |
-| recovery.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
-| recovery.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| recovery.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
-| replica.externalCluster | object | `{"connectionParameters":{"dbname":"app","host":"postgresql","user":"app"},"password":{"key":"password","name":"postgresql"}}` | External cluster connection, password specifies a secret name and the key containing the password value |
-| replica.importDatabases | list | `["app"]` | If type microservice only one database is allowed, default is app as standard in cnpg clusters |
-| replica.importRoles | list | `[]` | If type microservice no roles are imported and ignored |
-| replica.importType | string | `"microservice"` | See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types * `microservice` - Single database import as expected from cnpg clusters * `monolith` - Import multiple databases and roles |
-| replica.postImportApplicationSQL | list | `[]` | If import type is monolith postImportApplicationSQL is not supported and ignored |
-| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` * `timescaledb` * `tensorchord` |
+| namespaceOverride | string | `""` | Override the namespace of the chart |
+| poolers | list | `[]` | List of PgBouncer poolers |
+| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"https://nyc3.digitaloceanspaces.com","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
+| recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
+| recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.backup.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
+| recovery.backup.pitrTarget.time | string | `""` | Time in RFC3339 format |
+| recovery.import.databases | list | `[]` | Databases to import |
+| recovery.import.pgDumpExtraOptions | list | `[]` | List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
+| recovery.import.pgRestoreExtraOptions | list | `[]` | List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
+| recovery.import.postImportApplicationSQL | list | `[]` | List of SQL queries to be executed as a superuser in the application database right after is imported. To be used with extreme care. Only available in microservice type. |
+| recovery.import.roles | list | `[]` | Roles to import |
+| recovery.import.schemaOnly | bool | `false` | When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import. |
+| recovery.import.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"}` | Configuration for the source database |
+| recovery.import.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
+| recovery.import.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
+| recovery.import.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
+| recovery.import.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
+| recovery.import.type | string | `"microservice"` | One of `microservice` or `monolith.` See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works |
+| recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported). * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to        migrate databases to CloudNativePG, even from outside Kubernetes. * `import` - Import one or more databases from an existing Postgres cluster. |
+| recovery.objectStore.clusterName | string | `""` | Override the name of the backup cluster, defaults to "cluster.name" |
+| recovery.objectStore.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.objectStore.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.objectStore.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| recovery.objectStore.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.objectStore.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
+| recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
+| recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
+| recovery.objectStore.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| recovery.objectStore.endpointURL | string | `"https://nyc3.digitaloceanspaces.com"` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
+| recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
+| recovery.objectStore.name | string | `"recovery"` | Object store backup name |
+| recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.objectStore.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
+| recovery.objectStore.pitrTarget.time | string | `""` | Time in RFC3339 format |
+| recovery.objectStore.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
+| recovery.objectStore.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.objectStore.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.objectStore.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| recovery.pgBaseBackup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
+| recovery.pgBaseBackup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
+| recovery.pgBaseBackup.secret | string | `""` | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch |
+| recovery.pgBaseBackup.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}` | Configuration for the source database |
+| recovery.pgBaseBackup.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
+| recovery.pgBaseBackup.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
+| recovery.pgBaseBackup.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
+| recovery.pgBaseBackup.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
+| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `tensorchord` |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/postgres-cluster/prometheus_rules/cluster-backends_waiting-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterBackendsWaitingWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster a backend is waiting for longer than 5 minutes.
+  description: |-
+    Pod {{`{{`}} $labels.pod {{`}}`}}
+    has been waiting for longer than 5 minutes
+expr: |
+  cnpg_backends_waiting_total > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-database_deadlock_conflicts-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterDatabaseDeadlockConflictsWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has over 10 deadlock conflicts.
+  description: |-
+    There are over 10 deadlock conflicts in
+    {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  cnpg_pg_stat_database_deadlocks > 10
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-ha-critical.yaml

@@ -0,0 +1,26 @@
+{{- $alert := "CNPGClusterHACritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has no standby replicas!
+  description: |-
+    CloudNativePG Cluster "{{ .labels.job }}" has no ready standby replicas. Your cluster at a severe
+    risk of data loss and downtime if the primary instance fails.
+
+    The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint
+    will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main.
+
+    This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less
+    instances. The replaced instance may need some time to catch-up with the cluster primary instance.
+
+    This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this
+    case you may want to silence it.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
+expr: |
+  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 1
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-ha-warning.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterHAWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster less than 2 standby replicas.
+  description: |-
+    CloudNativePG Cluster "{{ .labels.job }}" has only {{ .value }} standby replicas, putting
+    your cluster at risk if another instance fails. The cluster is still able to operate normally, although
+    the `-ro` and `-r` endpoints operate at reduced capacity.
+
+    This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may
+    need some time to catch-up with the cluster primary instance.
+
+    This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances.
+    In this case you may want to silence it.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
+expr: |
+  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 2
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_connection-critical.yaml

@@ -0,0 +1,17 @@
+{{- $alert := "CNPGClusterHighConnectionsCritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance maximum number of connections critical!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
+    the maximum number of connections.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
+expr: |
+  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 95
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_connection-warning.yaml

@@ -0,0 +1,17 @@
+{{- $alert := "CNPGClusterHighConnectionsWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is approaching the maximum number of connections.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
+    the maximum number of connections.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
+expr: |
+  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 80
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-high_replication_lag.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterHighReplicationLag" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster high replication lag
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is experiencing a high replication lag of
+    {{ .value }}ms.
+
+    High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
+expr: |
+  max(cnpg_pg_replication_lag{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) * 1000 > 1000
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-instances_on_same_node.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterInstancesOnSameNode" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster instances are located on the same node.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has {{ .value }}
+    instances on the same node {{ .labels.node }}.
+
+    A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
+expr: |
+  count by (node) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) > 1
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-last_failed_archive_time-warning.yaml

@@ -0,0 +1,15 @@
+{{- $alert := "CNPGClusterLastFailedArchiveTimeWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster last time archiving failed.
+  description: |-
+    Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-long_running_transaction-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterLongRunningTransactionWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster query is taking longer than 5 minutes.
+  description: |-
+    CloudNativePG Cluster Pod {{`{{`}} $labels.pod {{`}}`}}
+    is taking more than 5 minutes (300 seconds) for a query.
+expr: |-
+  cnpg_backends_max_tx_duration_seconds > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-low_disk_space-critical.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterLowDiskSpaceCritical" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is running out of disk space!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running extremely low on disk space. Check attached PVCs!
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
+expr: |
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.9 OR
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.9 OR
+  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      /
+      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      *
+      on(namespace, persistentvolumeclaim) group_left(volume)
+      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
+  ) > 0.9
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-low_disk_space-warning.yaml

@@ -0,0 +1,24 @@
+{{- $alert := "CNPGClusterLowDiskSpaceWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Instance is running out of disk space.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running low on disk space. Check attached PVCs.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
+expr: |
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.7 OR
+  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.7 OR
+  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      /
+      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
+      *
+      on(namespace, persistentvolumeclaim) group_left(volume)
+      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
+  ) > 0.7
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-offline.yaml

@@ -0,0 +1,19 @@
+{{- $alert := "CNPGClusterOffline" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has no running instances!
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has no ready instances.
+
+    Having an offline cluster means your applications will not be able to access the database, leading to
+    potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
+expr: |
+  (count(cnpg_collector_up{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) OR on() vector(0)) == 0
+for: 5m
+labels:
+  severity: critical
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-pg_database_xid_age-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterPGDatabaseXidAgeWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
+  description: |-
+    Over 300,000,000 transactions from frozen xid
+    on pod {{`{{`}} $labels.pod {{`}}`}}
+expr: |
+  cnpg_pg_database_xid_age > 300000000
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-pg_replication-warning.yaml

@@ -0,0 +1,15 @@
+{{- $alert := "CNPGClusterPGReplicationWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster standby is lagging behind the primary.
+  description: |-
+    Standby is lagging behind by over 300 seconds (5 minutes)
+expr: |
+  cnpg_pg_replication_lag > 300
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-replica_failing_replication-warning.yaml

@@ -0,0 +1,16 @@
+{{- $alert := "CNPGClusterReplicaFailingReplicationWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster has a replica is failing to replicate.
+  description: |-
+    Replica {{`{{`}} $labels.pod {{`}}`}}
+    is failing to replicate
+expr: |
+  cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
+for: 1m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/prometheus_rules/cluster-zone_spread-warning.yaml

@@ -0,0 +1,18 @@
+{{- $alert := "CNPGClusterZoneSpreadWarning" -}}
+{{- if not (has $alert .excludeRules) -}}
+alert: {{ $alert }}
+annotations:
+  summary: CNPG Cluster instances in the same zone.
+  description: |-
+    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has instances in the same availability zone.
+
+    A disaster in one availability zone will lead to a potential service disruption and/or data loss.
+  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
+expr: |
+  {{ .Values.cluster.instances }} > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
+for: 5m
+labels:
+  severity: warning
+  namespace: {{ .namespace }}
+  cnpg_cluster: {{ .cluster }}
+{{- end -}}

charts/postgres-cluster/templates/_backup.tpl

@@ -1,50 +0,0 @@
-{{- define "cluster.backup" -}}
-{{- if .Values.backup.enabled }}
-backup:
-  retentionPolicy: {{ .Values.backup.retentionPolicy }}
-  barmanObjectStore:
-    destinationPath: {{ .Values.backup.destinationPath }}
-    endpointURL: {{ .Values.backup.endpointURL }}
-    {{- if .Values.backup.endpointCA }}
-    endpointCA:
-      name: {{ .Values.backup.endpointCA }}
-      key: ca-bundle.crt
-    {{- end }}
-    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
-    tags:
-      {{- with .Values.backup.tags }}
-      {{- . | toYaml | nindent 6 }}
-      {{- end }}
-    historyTags:
-      {{- with .Values.backup.historyTags }}
-      {{- . | toYaml | nindent 6 }}
-      {{- end }}
-    s3Credentials:
-      accessKeyId:
-        name: {{ include "cluster.backupCredentials" . }}
-        key: ACCESS_KEY_ID
-      secretAccessKey:
-        name: {{ include "cluster.backupCredentials" . }}
-        key: ACCESS_SECRET_KEY
-    wal:
-      {{- if .Values.backup.wal.compression }}
-      compression: {{ .Values.backup.wal.compression }}
-      {{- end }}
-      {{- if .Values.backup.wal.encryption }}
-      encryption: {{ .Values.backup.wal.encryption }}
-      {{- end }}
-      {{- if .Values.backup.wal.maxParallel }}
-      maxParallel: {{ .Values.backup.wal.maxParallel }}
-      {{- end }}
-    data:
-      {{- if .Values.backup.data.compression }}
-      compression: {{ .Values.backup.data.compression }}
-      {{- end }}
-      {{- if .Values.backup.data.encryption }}
-      encryption: {{ .Values.backup.data.encryption }}
-      {{- end }}
-      {{- if .Values.backup.data.jobs }}
-      jobs: {{ .Values.backup.data.jobs }}
-      {{- end }}
-{{- end }}
-{{- end }}

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -1,25 +1,22 @@
 {{- define "cluster.bootstrap" -}}
-bootstrap:
+
 {{- if eq .Values.mode "standalone" }}
+bootstrap:
   initdb:
-    {{- with .Values.bootstrap.initdb }}
-    {{- with (omit . "postInitApplicationSQL") }}
-    {{- . | toYaml | nindent 4 }}
+    {{- with .Values.cluster.initdb }}
+        {{- with (omit . "postInitApplicationSQL" "owner" "import") }}
+            {{- . | toYaml | nindent 4 }}
+        {{- end }}
     {{- end }}
+    {{- if .Values.cluster.initdb.owner }}
+    owner: {{ tpl .Values.cluster.initdb.owner . }}
     {{- end }}
     {{- if eq .Values.type "tensorchord" }}
     dataChecksums: true
     {{- end }}
-    {{- if or (eq .Values.type "postgis") (eq .Values.type "timescaledb") (eq .Values.type "tensorchord") (.Values.bootstrap.initdb.postInitApplicationSQL) }}
+    {{- if or (eq .Values.type "tensorchord") (.Values.cluster.initdb.postInitApplicationSQL) }}
     postInitApplicationSQL:
-      {{- if eq .Values.type "postgis" }}
-      - CREATE EXTENSION IF NOT EXISTS postgis;
-      - CREATE EXTENSION IF NOT EXISTS postgis_topology;
-      - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
-      - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
-      {{- else if eq .Values.type "timescaledb" }}
-      - CREATE EXTENSION IF NOT EXISTS timescaledb;
-      {{- else if eq .Values.type "tensorchord" }}
+      {{- if eq .Values.type "tensorchord" }}
       - ALTER SYSTEM SET search_path TO "$user", public, vectors;
       - SET search_path TO "$user", public, vectors;
       - CREATE EXTENSION IF NOT EXISTS "vectors";
@@ -29,94 +26,123 @@ bootstrap:
       - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "app";
       - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "app";
       {{- end }}
-      {{- with .Values.bootstrap.initdb }}
-      {{- range .postInitApplicationSQL }}
-      {{- printf "- %s" . | nindent 6 }}
-      {{- end }}
+      {{- with .Values.cluster.initdb }}
+        {{- range .postInitApplicationSQL }}
+          {{- printf "- %s" . | nindent 6 }}
+        {{- end -}}
       {{- end }}
     {{- end }}
-{{- else if eq .Values.mode "replica" }}
+
+{{- else if eq .Values.mode "recovery" -}}
+bootstrap:
+
+{{- if eq .Values.recovery.method "pgBaseBackup" }}
+  pg_basebackup:
+    source: pgBaseBackupSource
+    {{ with .Values.recovery.pgBaseBackup.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.pgBaseBackup.owner }}
+    owner: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.pgBaseBackup.secret }}
+    secret:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+externalClusters:
+  {{- include "cluster.externalSourceCluster" (list "pgBaseBackupSource" .Values.recovery.pgBaseBackup.source) | nindent 2 }}
+
+{{- else if eq .Values.recovery.method "import" }}
   initdb:
+    {{- with .Values.cluster.initdb }}
+      {{- with (omit . "owner" "import" "postInitApplicationSQL") }}
+        {{- . | toYaml | nindent 4 }}
+      {{- end }}
+    {{- end }}
+    {{- if .Values.cluster.initdb.owner }}
+    owner: {{ tpl .Values.cluster.initdb.owner . }}
+    {{- end }}
     import:
-      type: {{ .Values.replica.importType }}
+      source:
+        externalCluster: importSource
+      type: {{ .Values.recovery.import.type }}
       databases:
-        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
+        {{- if and (gt (len .Values.recovery.import.databases) 1) (eq .Values.recovery.import.type "microservice") }}
           {{ fail "Too many databases in import type of microservice!" }}
         {{- else}}
-        {{- with .Values.replica.importDatabases }}
+        {{- with .Values.recovery.import.databases }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
         {{- end }}
-      {{- if eq .Values.replica.importType "monolith" }}
+      {{- if eq .Values.recovery.import.type "monolith" }}
       roles:
         {{- with .Values.replica.importRoles }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
       {{- end }}
-      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
+      {{- if and (.Values.recovery.import.postImportApplicationSQL) (eq .Values.recovery.import.type "microservice") }}
       postImportApplicationSQL:
-        {{- with .Values.replica.postImportApplicationSQL }}
+        {{- with .Values.recovery.import.postImportApplicationSQL }}
         {{- . | toYaml | nindent 8 }}
         {{- end }}
       {{- end }}
-      source:
-        externalCluster: "{{ include "cluster.name" . }}-cluster"
-    {{- with .Values.bootstrap.initdb }}
-    {{- with (omit . "postInitApplicationSQL") }}
-    {{- . | toYaml | nindent 4 }}
-    {{- end }}
-    {{- end }}
+      schemaOnly: {{ .Values.recovery.import.schemaOnly }}
+      {{ with .Values.recovery.import.pgDumpExtraOptions }}
+      pgDumpExtraOptions:
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
+      {{ with .Values.recovery.import.pgRestoreExtraOptions }}
+      pgRestoreExtraOptions:
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
 externalClusters:
-  - name: "{{ include "cluster.name" . }}-cluster"
-    {{- with .Values.replica.externalCluster }}
-    {{- . | toYaml | nindent 4 }}
-    {{- end }}
-{{- else if eq .Values.mode "recovery" }}
+  {{- include "cluster.externalSourceCluster" (list "importSource" .Values.recovery.import.source) | nindent 2 }}
+
+{{- else if eq .Values.recovery.method "backup" }}
   recovery:
-    {{- with .Values.recovery.pitrTarget.time }}
+    {{- with .Values.recovery.backup.pitrTarget.time }}
     recoveryTarget:
       targetTime: {{ . }}
     {{- end }}
+    {{ with .Values.recovery.backup.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.backup.owner }}
+    owner: {{ . }}
+    {{- end }}
+    backup:
+      name: {{ .Values.recovery.backup.backupName }}
+
+{{- else if eq .Values.recovery.method "objectStore" }}
+  recovery:
+    {{- with .Values.recovery.objectStore.pitrTarget.time }}
+    recoveryTarget:
+      targetTime: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.objectStore.database }}
+    database: {{ . }}
+    {{- end }}
+    {{ with .Values.recovery.objectStore.owner }}
+    owner: {{ . }}
+    {{- end }}
     source: {{ include "cluster.recoveryServerName" . }}
+
 externalClusters:
   - name: {{ include "cluster.recoveryServerName" . }}
-    barmanObjectStore:
-      serverName: {{ include "cluster.recoveryServerName" . }}
-      destinationPath: {{ .Values.recovery.destinationPath }}
-      endpointURL: {{ .Values.recovery.endpointURL }}
-      {{- with .Values.recovery.endpointCA }}
-      endpointCA:
-        name: {{ . }}
-        key: ca-bundle.crt
-      {{- end }}
-      s3Credentials:
-        accessKeyId:
-          name: {{ include "cluster.recoveryCredentials" . }}
-          key: ACCESS_KEY_ID
-        secretAccessKey:
-          name: {{ include "cluster.recoveryCredentials" . }}
-          key: ACCESS_SECRET_KEY
-      wal:
-        {{- if .Values.recovery.wal.compression }}
-        compression: {{ .Values.recovery.wal.compression }}
-        {{- end }}
-        {{- if .Values.recovery.wal.encryption }}
-        encryption: {{ .Values.recovery.wal.encryption }}
-        {{- end }}
-        {{- if .Values.recovery.wal.maxParallel }}
-        maxParallel: {{ .Values.recovery.wal.maxParallel }}
-        {{- end }}
-      data:
-        {{- if .Values.recovery.data.compression }}
-        compression: {{ .Values.recovery.data.compression }}
-        {{- end }}
-        {{- if .Values.recovery.data.encryption }}
-        encryption: {{ .Values.recovery.data.encryption }}
-        {{- end }}
-        {{- if .Values.recovery.data.jobs }}
-        jobs: {{ .Values.recovery.data.jobs }}
-        {{- end }}
-{{- else }}
+    plugin:
+      name: barman-cloud.cloudnative-pg.io
+      enabled: true
+      isWALArchiver: false
+      parameters:
+        barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
+        serverName: {{ include "cluster.recoveryServerName" . }}
+
+{{-  else }}
+  {{ fail "Invalid recovery mode!" }}
+{{- end }}
+
+{{-  else }}
   {{ fail "Invalid cluster mode!" }}
 {{- end }}
+
 {{- end }}

charts/postgres-cluster/templates/_colorize.tpl

@@ -0,0 +1,12 @@
+{{- define "cluster.color-error" }}
+  {{- printf "\033[0;31m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-ok" }}
+  {{- printf "\033[0;32m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-warning" }}
+  {{- printf "\033[0;33m%s\033[0m" . -}}
+{{- end }}
+{{- define "cluster.color-info" }}
+  {{- printf "\033[0;34m%s\033[0m" . -}}
+{{- end }}

charts/postgres-cluster/templates/_external_source_cluster.tpl

@@ -0,0 +1,33 @@
+{{- define "cluster.externalSourceCluster" -}}
+{{- $name := first . -}}
+{{- $config := last . -}}
+- name: {{ first . }}
+  connectionParameters:
+    host: {{ $config.host | quote }}
+    port: {{ $config.port | quote }}
+    user: {{ $config.username | quote }}
+    {{- with $config.database }}
+    dbname: {{ . | quote }}
+    {{- end }}
+    sslmode: {{ $config.sslMode | quote }}
+  {{- if $config.passwordSecret.name }}
+  password:
+    name: {{ $config.passwordSecret.name }}
+    key: {{ $config.passwordSecret.key }}
+  {{- end }}
+  {{- if $config.sslKeySecret.name }}
+  sslKey:
+    name: {{ $config.sslKeySecret.name }}
+    key: {{ $config.sslKeySecret.key }}
+  {{- end }}
+  {{- if $config.sslCertSecret.name }}
+  sslCert:
+    name: {{ $config.sslCertSecret.name }}
+    key: {{ $config.sslCertSecret.key }}
+  {{- end }}
+  {{- if $config.sslRootCertSecret.name }}
+  sslRootCert:
+    name: {{ $config.sslRootCertSecret.name }}
+    key: {{ $config.sslRootCertSecret.key }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -20,25 +20,72 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "cluster.labels" -}}
-helm.sh/chart: {{ include "cluster.chart" . }}
-{{ include "cluster.selectorLabels" . }}
+helm.sh/chart: {{ include "cluster.chart" $ }}
+{{ include "cluster.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/version: {{ .Chart.Version | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.cluster.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}
 
 {{/*
 Selector labels
 */}}
 {{- define "cluster.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/name: {{ include "cluster.name" $ }}
 app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: cloudnative-pg
+app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 
 {{/*
-Generate name for object store credentials
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "cluster.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Postgres UID
+*/}}
+{{- define "cluster.postgresUID" -}}
+  {{- if ge (int .Values.cluster.postgresUID) 0 -}}
+    {{- .Values.cluster.postgresUID }}
+  {{- else -}}
+    {{- 26 -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Postgres GID
+*/}}
+{{- define "cluster.postgresGID" -}}
+  {{- if ge (int .Values.cluster.postgresGID) 0 -}}
+    {{- .Values.cluster.postgresGID }}
+  {{- else -}}
+    {{- 26 -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Generate recovery server name
+*/}}
+{{- define "cluster.recoveryServerName" -}}
+  {{- if .Values.recovery.recoveryServerName -}}
+    {{- .Values.recovery.recoveryServerName -}}
+  {{- else -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate name for recovery object store credentials
 */}}
 {{- define "cluster.recoveryCredentials" -}}
   {{- if .Values.recovery.endpointCredentials -}}
@@ -48,44 +95,9 @@ Generate name for object store credentials
   {{- end }}
 {{- end }}
 
+{{/*
+Generate name for backup object store credentials
+*/}}
 {{- define "cluster.backupCredentials" -}}
-  {{- if .Values.backup.endpointCredentials -}}
-    {{- .Values.backup.endpointCredentials -}}
-  {{- else -}}
     {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
-  {{- end }}
-{{- end }}
-
-{{/*
-Generate backup server name
-*/}}
-{{- define "cluster.backupName" -}}
-  {{- if .Values.backup.backupName -}}
-    {{- .Values.backup.backupName -}}
-  {{- else -}}
-    {{ include "cluster.name" . }}
-  {{- end }}
-{{- end }}
-
-
-{{/*
-Generate recovery server name
-*/}}
-{{- define "cluster.recoveryServerName" -}}
-  {{- if .Values.recovery.recoveryServerName -}}
-    {{- .Values.recovery.recoveryServerName -}}
-  {{- else -}}
-    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
-  {{- end }}
-{{- end }}
-
-{{/*
-Generate recovery instance name
-*/}}
-{{- define "cluster.recoveryInstanceName" -}}
-  {{- if .Values.recovery.recoveryInstanceName -}}
-    {{- .Values.recovery.recoveryInstanceName -}}
-  {{- else -}}
-    {{ include "cluster.name" . }}
-  {{- end }}
 {{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -2,29 +2,58 @@ apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
   name: {{ include "cluster.name" . }}-cluster
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "cluster.namespace" . }}
   {{- with .Values.cluster.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
   labels:
     {{- include "cluster.labels" . | nindent 4 }}
-  {{- with .Values.cluster.additionalLabels }}
-    {{ toYaml . | nindent 4 }}
-  {{- end }}
 spec:
   instances: {{ .Values.cluster.instances }}
   imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
-  postgresUID: {{ .Values.cluster.postgresUID }}
-  postgresGID: {{ .Values.cluster.postgresGID }}
-  enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
-  walStorage:
-    size: {{ .Values.cluster.walStorage.size }}
-    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+  imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
+  {{- with .Values.cluster.imagePullSecrets }}
+  imagePullSecrets:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+  postgresUID: {{ include "cluster.postgresUID" . }}
+  postgresGID: {{ include "cluster.postgresGID" . }}
+  {{ if or (eq .Values.backup.method "objectStore") (eq .Values.recovery.method "objectStore") }}
+  plugins:
+  {{ end }}
+  {{- range $objectStore := .Values.backup.objectStore }}
+    - name: barman-cloud.cloudnative-pg.io
+      enabled: true
+      isWALArchiver: {{ $objectStore.isWALArchiver | default true }}
+      parameters:
+        barmanObjectName: "{{ include "cluster.name" $ }}-{{ $objectStore.name }}-backup"
+        {{- if $objectStore.clusterName }}
+        serverName: "{{ $objectStore.clusterName }}-backup-{{ $objectStore.index }}"
+        {{- else }}
+        serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
+        {{- end }}
+  {{- end }}
+  {{ if eq .Values.recovery.method "objectStore" }}
+    - name: barman-cloud.cloudnative-pg.io
+      enabled: true
+      isWALArchiver: false
+      parameters:
+        barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
+        serverName: {{ include "cluster.recoveryServerName" . }}
+  {{ end }}
   storage:
     size: {{ .Values.cluster.storage.size }}
+    {{- if not (empty .Values.cluster.storage.storageClass) }}
     storageClass: {{ .Values.cluster.storage.storageClass }}
+    {{- end }}
+  {{- if .Values.cluster.walStorage.enabled }}
+  walStorage:
+    size: {{ .Values.cluster.walStorage.size }}
+    {{- if not (empty .Values.cluster.walStorage.storageClass) }}
+    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+    {{- end }}
+  {{- end }}
   {{- with .Values.cluster.resources }}
   resources:
     {{- toYaml . | nindent 4 }}
@@ -36,30 +65,94 @@ spec:
   {{- if .Values.cluster.priorityClassName }}
   priorityClassName: {{ .Values.cluster.priorityClassName }}
   {{- end }}
+
   primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
   primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
   logLevel: {{ .Values.cluster.logLevel }}
+  {{- with .Values.cluster.certificates }}
+  certificates:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
+  {{- with .Values.cluster.superuserSecret }}
+  superuserSecret:
+    name: {{ . }}
+  {{ end }}
+  enablePDB: {{ .Values.cluster.enablePDB }}
+
   postgresql:
-    {{- if eq .Values.type "timescaledb" }}
-    shared_preload_libraries:
-      - timescaledb
-    {{- end }}
-    {{- if eq .Values.type "tensorchord" }}
+    {{- if or (eq .Values.type "tensorchord") (not (empty .Values.cluster.postgresql.shared_preload_libraries)) }}
     shared_preload_libraries:
+      {{- if eq .Values.type "tensorchord" }}
       - vectors.so
-    enableAlterSystem: true
+      {{- end }}
+      {{- with .Values.cluster.postgresql.shared_preload_libraries }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
     {{- end }}
-    {{- with .Values.cluster.postgresql.shared_preload_libraries }}
-    shared_preload_libraries:
+    {{- with .Values.cluster.postgresql.pg_hba }}
+    pg_hba:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.cluster.postgresql.pg_ident }}
+    pg_ident:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.cluster.postgresql.ldap  }}
+    ldap:
+      {{- toYaml . | nindent 6 }}
+    {{- end}}
+    {{- with .Values.cluster.postgresql.synchronous }}
+    synchronous:
       {{- toYaml . | nindent 6 }}
     {{ end }}
     {{- with .Values.cluster.postgresql.parameters }}
     parameters:
       {{- toYaml . | nindent 6 }}
+    {{- end }}
+
+  {{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
+  managed:
+    {{- with .Values.cluster.services }}
+    services:
+      {{- toYaml . | nindent 6 }}
     {{ end }}
+    {{- with .Values.cluster.roles }}
+    roles:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  {{- end }}
+
+  {{- with .Values.cluster.serviceAccountTemplate }}
+  serviceAccountTemplate:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
   monitoring:
     enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+    disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
+    {{- if not (empty .Values.cluster.monitoring.customQueries) }}
+    customQueriesConfigMap:
+      - name: {{ include "cluster.name" . }}-monitoring
+        key: custom-queries
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.customQueriesSecret) }}
+    {{- with .Values.cluster.monitoring.customQueriesSecret }}
+    customQueriesSecret:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.podMonitor.relabelings) }}
+    {{- with .Values.cluster.monitoring.podMonitor.relabelings }}
+    podMonitorRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
+    {{- if not (empty .Values.cluster.monitoring.podMonitor.metricRelabelings) }}
+    {{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
+    podMonitorMetricRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- end }}
 
   {{ include "cluster.bootstrap" . | nindent 2 }}
-
-  {{ include "cluster.backup" . | nindent 2 }}

charts/postgres-cluster/templates/config-map.yaml

@@ -0,0 +1,18 @@
+{{- if not (empty .Values.cluster.monitoring.customQueries) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "cluster.name" $ }}-monitoring
+  namespace: {{ include "cluster.namespace" $ }}
+  labels:
+    cnpg.io/reload: ""
+    {{- include "cluster.labels" $ | nindent 4 }}
+data:
+  custom-queries: |
+    {{- range .Values.cluster.monitoring.customQueries }}
+    {{ .name }}:
+      query: {{ .query | quote }}
+      metrics:
+        {{- .metrics | toYaml | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/postgres-cluster/templates/object-store.yaml

@@ -0,0 +1,93 @@
+{{ if and (.Values.backup.enabled) (eq .Values.backup.method "objectStore") }}
+{{ $context := . -}}
+{{ range .Values.backup.objectStore -}}
+---
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: "{{ include "cluster.name" $context }}-{{ .name }}-backup"
+  namespace: {{ include "cluster.namespace" $context }}
+  labels:
+    {{- include "cluster.labels" $context | nindent 4 }}
+spec:
+  retentionPolicy: {{ .retentionPolicy | default "30d" }}
+  configuration:
+    destinationPath: {{ .destinationPath | required "Destination path is required" }}
+    endpointURL: {{ .endpointURL | default "https://nyc3.digitaloceanspaces.com" }}
+    {{- if .endpointCA }}
+    endpointCA:
+      name: {{ .endpointCA.name }}
+      key: {{ .endpointCA.key }}
+    {{- end }}
+    {{- if .wal }}
+    wal:
+      compression: {{ .wal.compression | default "snappy" }}
+      {{ with .wal.encryption }}
+      encryption: {{ . }}
+      {{ end }}
+      maxParallel: {{ .wal.maxParallel | default "1" }}
+    {{- end }}
+    {{- if .wal }}
+    data:
+      compression: {{ .data.compression | default "snappy"  }}
+      {{- with .data.encryption }}
+      encryption: {{ . }}
+      {{- end }}
+      jobs: {{ .data.jobs | default 1 }}
+    {{- end }}
+    s3Credentials:
+      accessKeyId:
+        {{- if .endpointCredentials }}
+        name: {{ .endpointCredentials }}
+        {{- else }}
+        name: {{ include "cluster.backupCredentials" $context }}
+        {{- end }}
+        key: ACCESS_KEY_ID
+      secretAccessKey:
+        {{- if .endpointCredentials }}
+        name: {{ .endpointCredentials }}
+        {{- else }}
+        name: {{ include "cluster.backupCredentials" $context }}
+        {{- end }}
+        key: ACCESS_SECRET_KEY
+{{ end -}}
+{{ end }}
+
+{{ if eq .Values.recovery.method "objectStore" }}
+---
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
+  namespace: {{ include "cluster.namespace" . }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+spec:
+  configuration:
+    destinationPath: {{ .Values.recovery.objectStore.destinationPath }}
+    endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
+    {{- if .Values.recovery.objectStore.endpointCA.name }}
+    endpointCA:
+      name: {{ .Values.recovery.objectStore.endpointCA.name }}
+      key: {{ .Values.recovery.objectStore.endpointCA.key }}
+    {{- end }}
+    wal:
+      compression: {{ .Values.recovery.objectStore.wal.compression }}
+      {{- with .Values.recovery.objectStore.wal.encryption}}
+      encryption: {{ . }}
+      {{- end }}
+      maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
+    data:
+      compression: {{ .Values.recovery.objectStore.data.compression }}
+      {{- with .Values.recovery.objectStore.data.encryption }}
+      encryption: {{ . }}
+      {{- end }}
+      jobs: {{ .Values.recovery.objectStore.data.jobs }}
+    s3Credentials:
+      accessKeyId:
+        name: {{ include "cluster.recoveryCredentials" . }}
+        key: ACCESS_KEY_ID
+      secretAccessKey:
+        name: {{ include "cluster.recoveryCredentials" . }}
+        key: ACCESS_SECRET_KEY
+{{ end }}

charts/postgres-cluster/templates/poolers.yaml

@@ -0,0 +1,51 @@
+{{- range .Values.poolers }}
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Pooler
+metadata:
+  name: {{ include "cluster.name" $  }}-pooler-{{ .name }}
+  namespace: {{ include "cluster.namespace" $ }}
+  labels:
+    {{- include "cluster.labels" $ | nindent 4 }}
+spec:
+  cluster:
+    name: {{ include "cluster.name" $ }}
+  instances: {{ .instances }}
+  type: {{ default "rw" .type }}
+  pgbouncer:
+    poolMode: {{ default "session" .poolMode }}
+    {{- with .authQuerySecret }}
+    authQuerySecret:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .authQuery }}
+    authQuery:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .parameters }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .pg_hba }}
+    pg_hba:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{ with .monitoring }}
+  monitoring:
+  {{- if not (empty .podMonitor) }}
+    enablePodMonitor: {{ and .enabled .podMonitor.enabled }}
+    {{- with .podMonitor.relabelings }}
+    podMonitorRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- with .podMonitor.metricRelabelings }}
+    podMonitorMetricRelabelings:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  {{- end }}
+  {{- end }}
+  {{- with .template }}
+  template:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -2,13 +2,10 @@
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: {{ include "cluster.name" . }}-alert-rules
-  namespace: {{ .Release.Namespace }}
+  name: {{ include "cluster.name" $ }}-alert-rules
+  namespace: {{ include "cluster.namespace" $ }}
   labels:
-    {{- include "cluster.labels" . | nindent 4 }}
-  {{- with .Values.cluster.additionalLabels }}
-    {{ toYaml . | nindent 4 }}
-  {{- end }}
+    {{- include "cluster.labels" $ | nindent 4 }}
 spec:
   groups:
     - name: cloudnative-pg/{{ include "cluster.name" . }}
@@ -26,72 +23,5 @@ spec:
         {{- with $tpl }}
         - {{ $tpl }}
         {{- end -}}
-        {{- end -}}
-    {{- if .Values.cluster.monitoring.prometheusRule.enableDefaultRules }}
-    - name: cloudnative-pg/default-rules
-      rules:
-        - alert: LongRunningTransaction
-          annotations:
-            description: Pod {{`{{`}} $labels.pod {{`}}`}} is taking more than 5 minutes (300 seconds) for a query.
-            summary: A query is taking longer than 5 minutes.
-          expr: |-
-            cnpg_backends_max_tx_duration_seconds > 300
-          for: 1m
-          labels:
-            severity: warning
-        - alert: BackendsWaiting
-          annotations:
-            description: Pod {{`{{`}} $labels.pod {{`}}`}} has been waiting for longer than 5 minutes
-            summary: If a backend is waiting for longer than 5 minutes
-          expr: |-
-            cnpg_backends_waiting_total > 300
-          for: 1m
-          labels:
-            severity: warning
-        - alert: PGDatabaseXidAge
-          annotations:
-            description: Over 300,000,000 transactions from frozen xid on pod {{`{{`}} $labels.pod {{`}}`}}
-            summary: Number of transactions from the frozen XID to the current one
-          expr: |-
-            cnpg_pg_database_xid_age > 300000000
-          for: 1m
-          labels:
-            severity: warning
-        - alert: PGReplication
-          annotations:
-            description: Standby is lagging behind by over 300 seconds (5 minutes)
-            summary: The standby is lagging behind the primary
-          expr: |-
-            cnpg_pg_replication_lag > 300
-          for: 1m
-          labels:
-            severity: warning
-        - alert: LastFailedArchiveTime
-          annotations:
-            description: Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
-            summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
-          expr: |-
-            (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
-          for: 1m
-          labels:
-            severity: warning
-        - alert: DatabaseDeadlockConflicts
-          annotations:
-            description: There are over 10 deadlock conflicts in {{`{{`}} $labels.pod {{`}}`}}
-            summary: Checks the number of database conflicts
-          expr: |-
-            cnpg_pg_stat_database_deadlocks > 10
-          for: 1m
-          labels:
-            severity: warning
-        - alert: ReplicaFailingReplication
-          annotations:
-            description: Replica {{`{{`}} $labels.pod {{`}}`}} is failing to replicate
-            summary: Checks if the replica is failing to replicate
-          expr: |-
-            cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
-          for: 1m
-          labels:
-            severity: warning
-    {{- end }}
+        {{- end }}
 {{ end }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -1,18 +1,25 @@
 {{ if .Values.backup.enabled }}
+{{ $context := . -}}
+{{ range .Values.backup.scheduledBackups -}}
+---
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: {{ include "cluster.name" . }}-scheduled-backup
-  namespace: {{ .Release.Namespace }}
+  name: "{{ include "cluster.name" $context }}-{{ .name }}-scheduled-backup"
+  namespace: {{ include "cluster.namespace" $context }}
   labels:
-    {{- include "cluster.labels" . | nindent 4 }}
-  {{- with .Values.cluster.additionalLabels }}
-    {{ toYaml . | nindent 4 }}
-  {{- end }}
+    {{- include "cluster.labels" $context | nindent 4 }}
 spec:
-  immediate: true
-  schedule: {{ .Values.backup.schedule }}
-  backupOwnerReference: self
+  immediate: {{ .immediate | default true }}
+  suspend: {{ .suspend | default false }}
+  schedule: {{ .schedule | quote | required "Schedule is required" }}
+  backupOwnerReference: {{ .backupOwnerReference | default "self" }}
   cluster:
-    name: {{ include "cluster.name" . }}-cluster
+    name: {{ include "cluster.name" $context }}-cluster
+  method: plugin
+  pluginConfiguration:
+    name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
+    parameters:
+      barmanObjectName: "{{ include "cluster.name" $context }}-{{ .backupName }}-backup"
+{{ end -}}
 {{ end }}

charts/postgres-cluster/values.yaml

@@ -1,213 +1,558 @@
 # -- Override the name of the cluster
 nameOverride: ""
 
+# -- Override the namespace of the chart
+namespaceOverride: ""
+
 # -- Type of the CNPG database. Available types:
 # * `postgresql`
-# * `postgis`
-# * `timescaledb`
 # * `tensorchord`
 type: postgresql
 
 # -- Cluster mode of operation. Available modes:
 # * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
 # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
-# * `replica` - Create database as a replica from another CNPG cluster
 mode: standalone
 
+# -- Cluster settings
 cluster:
   instances: 3
 
   # -- Default image
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "17.4-3-bullseye"
-    pullPolicy: IfNotPresent
+    tag: "17.5-1-bullseye"
 
-  # -- The UID and GID of the postgres user inside the image
-  postgresUID: 26
-  postgresGID: 26
+  # -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
+  # More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+  imagePullPolicy: IfNotPresent
 
-  # -- Create secret containing credentials of superuser
-  enableSuperuserAccess: false
+  # -- The list of pull secrets to be used to pull the images.
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference
+  imagePullSecrets: []
 
   # -- Default storage size
-  walStorage:
-    size: 2Gi
-    storageClass: ""
   storage:
     size: 10Gi
     storageClass: ""
 
-  # -- Default resources
+  walStorage:
+    enabled: true
+    size: 2Gi
+    storageClass: ""
+
+  # -- The UID and GID of the postgres user inside the image, defaults to 26
+  postgresUID: -1
+  postgresGID: -1
+
+  # -- Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/
+  services: {}
+
+  # -- Resources requirements of every generated Pod.
+  # Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.
+  # We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS.
+  # See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
   resources:
     requests:
       memory: 256Mi
       cpu: 100m
     limits:
-      cpu: '1'
       hugepages-2Mi: 256Mi
 
-  # -- See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
-  affinity:
-    enablePodAntiAffinity: true
-    topologyKey: kubernetes.io/hostname
-
-  additionalLabels: {}
-  annotations: {}
   priorityClassName: ""
 
   # -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
-  # successfully updated. It can be switchover (default) or in-place (restart).
+  # successfully updated. It can be switchover (default) or restart.
   primaryUpdateMethod: switchover
 
   # -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
   # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
   primaryUpdateStrategy: unsupervised
 
+  # -- The instances' log level, one of the following values: error, warning, info (default), debug, trace
   logLevel: "info"
 
+  # -- Affinity/Anti-affinity rules for Pods.
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
+  affinity:
+    enablePodAntiAffinity: true
+    topologyKey: kubernetes.io/hostname
+
+  # -- The configuration for the CA and related certificates.
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration
+  certificates: {}
+
+  # -- When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
+  # If the secret is not present, the operator will automatically create one.
+  # When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
+  # and then blank the password of the postgres user by setting it to NULL.
+  enableSuperuserAccess: false
+  superuserSecret: ""
+
+  # -- Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes
+  # See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets
+  enablePDB: true
+
+  # -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
+  # already present in the database.
+  # See: https://cloudnative-pg.io/documentation/current/declarative_role_management/
+  roles: []
+    # - name: dante
+    #   ensure: present
+    #   comment: Dante Alighieri
+    #   login: true
+    #   superuser: false
+    #   inRoles:
+    #     - pg_monitor
+    #     - pg_signal_backend
+
   # -- Enable default monitoring and alert rules
   monitoring:
+
+    # -- Whether to enable monitoring
     enabled: false
+
     podMonitor:
+
+      # -- Whether to enable the PodMonitor
       enabled: true
+
+      # --The list of relabelings for the PodMonitor.
+      # Applied to samples before scraping.
+      relabelings: []
+
+      # -- The list of metric relabelings for the PodMonitor.
+      # Applied to samples before ingestion.
+      metricRelabelings: []
+
     prometheusRule:
+
+      # -- Whether to enable the PrometheusRule automated alerts
       enabled: false
-      enableDefaultRules: true
+
+      # -- Exclude specified rules
       excludeRules: []
 
+    # -- Whether the default queries should be injected.
+    # Set it to true if you don't want to inject default queries into the cluster.
+    disableDefaultQueries: false
+
+    # -- Custom Prometheus metrics
+    # Will be stored in the ConfigMap
+    customQueries: []
+    #  - name: "pg_cache_hit_ratio"
+    #    query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
+    #    metrics:
+    #      - datname:
+    #          usage: "LABEL"
+    #          description: "Name of the database"
+    #      - ratio:
+    #          usage: GAUGE
+    #          description: "Cache hit ratio"
+
+    # -- The list of secrets containing the custom queries
+    customQueriesSecret: []
+    #  - name: custom-queries-secret
+    #    key: custom-queries
+
   # -- Parameters to be set for the database itself
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
   postgresql:
+
+    # -- PostgreSQL configuration options (postgresql.conf)
     parameters:
       shared_buffers: 128MB
       max_slot_wal_keep_size: 2000MB
       hot_standby_feedback: "on"
-    shared_preload_libraries: []
 
-# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
-# See: https://cloudnative-pg.io/documentation/current/bootstrap/
-# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
-bootstrap:
-  # -- Example values
-  # database: app
-  # owner: app
-  # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
-  # postInitApplicationSQL:
-  #   - CREATE TABLE IF NOT EXISTS example;
+    # -- Quorum-based Synchronous Replication
+    synchronous: {}
+      # method: any
+      # number: 1
+
+    # -- PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file)
+    pg_hba: []
+      # - host all all 10.244.0.0/16 md5
+
+    # -- PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file)
+    pg_ident: []
+      # - mymap   /^(.*)@mydomain\.com$      \1
+
+    # -- Lists of shared preload libraries to add to the default ones
+    shared_preload_libraries: []
+      # - pgaudit
+
+    # -- PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration)
+    ldap: {}
+      # https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration
+      # server: 'openldap.default.svc.cluster.local'
+      # bindSearchAuth:
+        # baseDN: 'ou=org,dc=example,dc=com'
+        # bindDN: 'cn=admin,dc=example,dc=com'
+        # bindPassword:
+          # name: 'ldapBindPassword'
+          # key: 'data'
+        # searchAttribute: 'uid'
+
+  # -- Bootstrap is the configuration of the bootstrap process when initdb is used.
+  # See: https://cloudnative-pg.io/documentation/current/bootstrap/
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
   initdb: {}
+    # database: app
+    # owner: "" # Defaults to the database name
+    # secret:
+    #   name: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+    # options: []
+    # encoding: UTF8
+    # postInitSQL:
+    #   - CREATE EXTENSION IF NOT EXISTS vector;
+    # postInitApplicationSQL: []
+    # postInitTemplateSQL: []
+
+  # -- Configure the metadata of the generated service account
+  serviceAccountTemplate: {}
+
+  additionalLabels: {}
+  annotations: {}
 
 # -- Recovery settings when booting cluster from external cluster
 recovery:
 
-  # -- Point in time recovery target in RFC3339 format
-  pitrTarget:
-    time: ""
+  # -- Available recovery methods:
+  # * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
+  # * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported).
+  # * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to
+  #        migrate databases to CloudNativePG, even from outside Kubernetes.
+  # * `import` - Import one or more databases from an existing Postgres cluster.
+  method: backup
 
-  # -- S3 https endpoint and the s3:// path
-  endpointURL: ""
-  destinationPath: ""
+  # See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-a-backup-object
+  backup:
 
-  # -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
-  endpointCA: ""
+    # -- Point in time recovery target. Specify one of the following:
+    pitrTarget:
 
-  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
-  endpointCredentials: ""
+      # -- Time in RFC3339 format
+      time: ""
 
-  # -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
-  recoveryIndex: 1
+    # -- Name of the database used by the application. Default: `app`.
+    database: app
 
-  # -- Name of the recovery cluster in the object store, defaults to "cluster.name"
-  recoveryServerName: ""
+    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
+    owner: ""
 
-  # -- Name of the recovery cluster in the object store, defaults to ".Release.Name"
-  recoveryInstanceName: ""
+    # -- Name of the backup to recover from.
+    backupName: ""
 
-  wal:
-    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-    compression: snappy
-    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    encryption: ""
-    # -- Number of WAL files to be archived or restored in parallel.
-    maxParallel: 1
-  data:
-    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-    compression: snappy
-    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    encryption: ""
-    # -- Number of data files to be archived or restored in parallel.
-    jobs: 1
+  # See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-an-object-store
+  objectStore:
 
-replica:
-  # -- See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types
-  # * `microservice` - Single database import as expected from cnpg clusters
-  # * `monolith` - Import multiple databases and roles
-  importType: microservice
+    # -- Point in time recovery target. Specify one of the following:
+    pitrTarget:
 
-  # -- If type microservice only one database is allowed, default is app as standard in cnpg clusters
-  importDatabases:
-    - app
+      # -- Time in RFC3339 format
+      time: ""
 
-  # -- If type microservice no roles are imported and ignored
-  importRoles: []
+    # -- Name of the database used by the application. Default: `app`.
+    database: app
 
-  # -- If import type is monolith postImportApplicationSQL is not supported and ignored
-  postImportApplicationSQL: []
+    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
+    owner: ""
 
-  # -- External cluster connection, password specifies a secret name and the key containing the password value
-  externalCluster:
-    connectionParameters:
-      host: postgresql
-      user: app
-      dbname: app
-    password:
-      name: postgresql
-      key: password
+    # -- Object store backup name
+    name: recovery
 
+    # -- Overrides the provider specific default path. Defaults to:
+    # S3: s3://<bucket><path>
+    # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
+    # Google: gs://<bucket><path>
+    destinationPath: ""
+
+    # -- Overrides the provider specific default endpoint. Defaults to:
+    # S3: https://s3.<region>.amazonaws.com"
+    # Leave empty if using the default S3 endpoint
+    endpointURL: "https://nyc3.digitaloceanspaces.com"
+
+    # -- Specifies a CA bundle to validate a privately signed certificate.
+    endpointCA:
+      # -- Creates a secret with the given value if true, otherwise uses an existing secret.
+      create: false
+
+      name: ""
+      key: ""
+
+    # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
+    index: 1
+
+    # -- Override the name of the backup cluster, defaults to "cluster.name"
+    clusterName: ""
+
+    # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+    endpointCredentials: ""
+
+    # -- Storage
+    wal:
+
+      # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+      compression: snappy
+
+      # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+      encryption: ""
+
+      # -- Number of WAL files to be archived or restored in parallel.
+      maxParallel: 1
+
+    data:
+      # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+      compression: snappy
+
+      # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+      encryption: ""
+
+      # -- Number of data files to be archived or restored in parallel.
+      jobs: 1
+
+  # See https://cloudnative-pg.io/documentation/current/bootstrap/#bootstrap-from-a-live-cluster-pg_basebackup
+  pgBaseBackup:
+
+    # -- Name of the database used by the application. Default: `app`.
+    database: app
+
+    # -- Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+    secret: ""
+
+    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
+    owner: ""
+
+    # -- Configuration for the source database
+    source:
+      host: ""
+      port: 5432
+      username: ""
+      database: "app"
+      sslMode: "verify-full"
+      passwordSecret:
+
+        # -- Whether to create a secret for the password
+        create: false
+
+        # -- Name of the secret containing the password
+        name: ""
+
+        # -- The key in the secret containing the password
+        key: "password"
+
+        # -- The password value to use when creating the secret
+        value: ""
+      sslKeySecret:
+        name: ""
+        key: ""
+      sslCertSecret:
+        name: ""
+        key: ""
+      sslRootCertSecret:
+        name: ""
+        key: ""
+
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-Import
+  import:
+
+    # -- One of `microservice` or `monolith.`
+    # See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works
+    type: "microservice"
+
+    # -- Databases to import
+    databases: []
+
+    # -- Roles to import
+    roles: []
+
+    # -- List of SQL queries to be executed as a superuser in the application database right after is imported.
+    # To be used with extreme care. Only available in microservice type.
+    postImportApplicationSQL: []
+
+    # -- When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import.
+    schemaOnly: false
+
+    # -- List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your
+    # own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
+    # operator's intended functionality or design.
+    pgDumpExtraOptions: []
+
+    # -- List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at
+    # your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
+    # operator's intended functionality or design.
+    pgRestoreExtraOptions: []
+
+    # -- Configuration for the source database
+    source:
+      host: ""
+      port: 5432
+      username: app
+      database: app
+      sslMode: "verify-full"
+      passwordSecret:
+
+        # -- Whether to create a secret for the password
+        create: false
+
+        # -- Name of the secret containing the password
+        name: ""
+
+        # -- The key in the secret containing the password
+        key: "password"
+
+        # -- The password value to use when creating the secret
+        value: ""
+      sslKeySecret:
+        name: ""
+        key: ""
+      sslCertSecret:
+        name: ""
+        key: ""
+      sslRootCertSecret:
+        name: ""
+        key: ""
+
+# -- Backup settings
 backup:
+
+  # -- You need to configure backups manually, so backups are disabled by default.
   enabled: false
 
-  # -- S3 endpoint starting with "https://"
-  endpointURL: ""
+  # -- Method to create backups, options currently are only objectStore
+  method: objectStore
 
-  # -- S3 path starting with "s3://"
-  destinationPath: ""
+  # -- Options for object store backups
+  objectStore: []
 
-  # -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
-  endpointCA: ""
+    # -
+    #   # -- Object store backup name
+    #   name: external
 
-  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
-  endpointCredentials: ""
+    #   # -- Overrides the provider specific default path. Defaults to:
+    #   # S3: s3://<bucket><path>
+    #   # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
+    #   # Google: gs://<bucket><path>
+    #   destinationPath: ""
 
-  # -- Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
-  backupIndex: 1
+    #   # -- Overrides the provider specific default endpoint. Defaults to:
+    #   # https://nyc3.digitaloceanspaces.com
+    #   endpointURL: ""
 
-  # -- Name of the backup cluster in the object store, defaults to "cluster.name"
-  backupName: ""
+    #   # -- Specifies a CA bundle to validate a privately signed certificate.
+    #   endpointCA:
+    #     # -- Creates a secret with the given value if true, otherwise uses an existing secret.
+    #     create: false
 
-  # -- Tags to add to backups. Add in key value beneath the type.
-  tags:
-    backupRetentionPolicy: ""
-  historyTags:
-    backupRetentionPolicy: ""
+    #     name: ""
+    #     key: ""
 
-  wal:
-    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-    compression: snappy
-    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    encryption: ""
-    # -- Number of WAL files to be archived or restored in parallel.
-    maxParallel: 1
-  data:
-    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-    compression: snappy
-    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    encryption: ""
-    # -- Number of data files to be archived or restored in parallel.
-    jobs: 1
+    #   # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
+    #   index: 1
 
-  # -- Retention policy for backups
-  retentionPolicy: "7d"
+    #   # -- Override the name of the backup cluster, defaults to "cluster.name"
+    #   clusterName: ""
 
-  # -- Scheduled backup in cron format
-  schedule: "0 0 */3 * *"
+    #   # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+    #   endpointCredentials: ""
+
+    #   # -- Retention policy for backups
+    #   retentionPolicy: "30d"
+
+    #   # -- Specificies if this backup will do WALs
+    #   isWALArchiver: true
+
+    #   # -- Storage
+    #   wal:
+
+    #     # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    #     compression: snappy
+
+    #     # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    #     encryption: ""
+
+    #     # -- Number of WAL files to be archived or restored in parallel.
+    #     maxParallel: 1
+
+    #   data:
+    #     # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    #     compression: snappy
+
+    #     # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    #     encryption: ""
+
+    #     # -- Number of data files to be archived or restored in parallel.
+    #     jobs: 1
+
+  # -- List of scheduled backups
+  scheduledBackups: []
+
+    # -
+    #   # -- Scheduled backup name
+    #   name: daily-backup
+
+    #   # -- Schedule in cron format
+    #   schedule: "0 0 0 * * *"
+
+    #   # -- Start backup on deployment
+    #   immediate: false
+
+    #   # -- Temporarily stop scheduled backups from running
+    #   suspend: false
+
+    #   # -- Backup owner reference
+    #   backupOwnerReference: self
+
+    #   # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
+    #   plugin: barman-cloud.cloudnative-pg.io
+
+    #   # -- Name of backup target
+    #   backupName: external
+
+# -- List of PgBouncer poolers
+poolers: []
+  # -
+  #   # -- Pooler name
+  #   name: rw
+  #   # -- PgBouncer type of service to forward traffic to.
+  #   type: rw
+  #   # -- PgBouncer pooling mode
+  #   poolMode: transaction
+  #   # -- Number of PgBouncer instances
+  #   instances: 3
+  #   # -- PgBouncer configuration parameters
+  #   parameters:
+  #     max_client_conn: "1000"
+  #     default_pool_size: "25"
+  #   monitoring:
+  #     # -- Whether to enable monitoring
+  #     enabled: false
+  #     podMonitor:
+  #         # -- Whether to enable the PodMonitor
+  #       enabled: true
+  #   # -- Custom PgBouncer deployment template.
+  #   # Use to override image, specify resources, etc.
+  #   template: {}
+  # -
+  #   # -- Pooler name
+  #   name: ro
+  #   # -- PgBouncer type of service to forward traffic to.
+  #   type: ro
+  #   # -- PgBouncer pooling mode
+  #   poolMode: transaction
+  #   # -- Number of PgBouncer instances
+  #   instances: 3
+  #   # -- PgBouncer configuration parameters
+  #   parameters:
+  #     max_client_conn: "1000"
+  #     default_pool_size: "25"
+  #   monitoring:
+  #     # -- Whether to enable monitoring
+  #     enabled: false
+  #     podMonitor:
+  #         # -- Whether to enable the PodMonitor
+  #       enabled: true
+  #   # -- Custom PgBouncer deployment template.
+  #   # Use to override image, specify resources, etc.
+  #   template: {}

renovate.json

@@ -6,35 +6,11 @@
         ":rebaseStalePrs"
     ],
     "timezone": "US/Central",
+    "schedule": [ "* */1 * * *" ],
     "labels": [],
+    "prHourlyLimit": 0,
+    "prConcurrentLimit": 0,
     "packageRules": [
-        {
-            "description": "Disables for non major Renovate version",
-            "matchFileNames": [
-                ".github/renovate-update-notification/Dockerfile"
-            ],
-            "matchUpdateTypes": [
-                "minor",
-                "patch",
-                "pin",
-                "digest",
-                "rollback"
-            ],
-            "enabled": false
-        },
-        {
-            "description": "Generate for major Renovate version",
-            "matchFileNames": [
-                ".github/renovate-update-notification/Dockerfile"
-            ],
-            "matchUpdateTypes": [
-                "major"
-            ],
-            "addLabels": [
-                "upgrade"
-            ],
-            "automerge": false
-        },
         {
             "description": "Label charts",
             "matchDatasources": [
@@ -43,7 +19,14 @@
             "addLabels": [
                 "chart"
             ],
-            "automerge": false
+            "automerge": false,
+            "bumpVersions": [
+                {
+                "filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
+                "matchStrings": ["version:\\s(?<version>[^\\s]+)"],
+                "bumpType": "{{#if isPatch}}patch{{else}}minor{{/if}}"
+                }
+            ]
         },
         {
             "description": "Label images",
@@ -53,7 +36,14 @@
             "addLabels": [
                 "image"
             ],
-            "automerge": false
+            "automerge": false,
+            "bumpVersions": [
+                {
+                "filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
+                "matchStrings": ["version:\\s(?<version>[^\\s]+)"],
+                "bumpType": "{{#if isPatch}}patch{{else}}minor{{/if}}"
+                }
+            ]
         },
         {
             "description": "CNPG image",
@@ -67,7 +57,14 @@
                 "image"
             ],
             "automerge": false,
-            "versioning": "deb"
+            "versioning": "deb",
+            "bumpVersions": [
+                {
+                "filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
+                "matchStrings": ["version:\\s(?<version>[^\\s]+)"],
+                "bumpType": "{{#if isPatch}}patch{{else}}minor{{/if}}"
+                }
+            ]
         }
     ]
 }