update image

update version
2025-03-03 11:17:13 -06:00 · 2025-03-03 11:16:15 -06:00 · 2025-02-26 13:57:44 -06:00 · 2025-02-26 13:55:58 -06:00 · 2025-02-26 13:54:41 -06:00 · 2025-02-26 13:38:48 -06:00
26 changed files with 1453 additions and 6018 deletions
--- a/.github/renovate-update-notification/Dockerfile
+++ b/.github/renovate-update-notification/Dockerfile
@@ -0,0 +1,2 @@
+# This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
+FROM renovate/renovate:39
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -0,0 +1,73 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "config:recommended",
+        "mergeConfidence:all-badges",
+        ":rebaseStalePrs"
+    ],
+    "timezone": "US/Central",
+    "labels": [],
+    "packageRules": [
+        {
+            "description": "Disables for non major Renovate version",
+            "matchFileNames": [
+                ".github/renovate-update-notification/Dockerfile"
+            ],
+            "matchUpdateTypes": [
+                "minor",
+                "patch",
+                "pin",
+                "digest",
+                "rollback"
+            ],
+            "enabled": false
+        },
+        {
+            "description": "Generate for major Renovate version",
+            "matchFileNames": [
+                ".github/renovate-update-notification/Dockerfile"
+            ],
+            "matchUpdateTypes": [
+                "major"
+            ],
+            "addLabels": [
+                "upgrade"
+            ],
+            "automerge": false
+        },
+        {
+            "description": "Label charts",
+            "matchDatasources": [
+                "helm"
+            ],
+            "addLabels": [
+                "chart"
+            ],
+            "automerge": false
+        },
+        {
+            "description": "Label images",
+            "matchDatasources": [
+                "docker"
+            ],
+            "addLabels": [
+                "image"
+            ],
+            "automerge": false
+        },
+        {
+            "description": "CNPG image",
+            "matchDepNames": [
+                "ghcr.io/cloudnative-pg/postgresql"
+            ],
+            "matchDatasources": [
+                "docker"
+            ],
+            "addLabels": [
+                "image"
+            ],
+            "automerge": false,
+            "versioning": "deb"
+        }
+    ]
+}
--- a/.github/workflows/lint-test.yaml
+++ b/.github/workflows/lint-test.yaml
@@ -0,0 +1,37 @@
+name: lint-and-test-charts
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.7.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,27 @@
+name: release-charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.7.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,12 @@
+# Archived
+charts/**/archive
+
+# Compiled Helm chart dependencies
+charts/**/Chart.lock
+charts/**/charts/
+
+# Testing
+__snapshot__/
+
+# Docs
+_site/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,19 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.3.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: check-yaml
+        exclude: 'charts/'
+        args:
+          - --multi
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v1.14.2
+    hooks:
+      - id: helm-docs
+        args:
+          - --chart-search-root=charts
+          - --template-files=./_templates.gotmpl
+          - --template-files=README.md.gotmpl
--- a/201
+++ b/201
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
--- a/_config.yml
+++ b/_config.yml
@@ -1 +0,0 @@
-theme: jekyll-theme-cayman
--- a/charts/cloudflared/Chart.yaml
+++ b/charts/cloudflared/Chart.yaml
@@ -0,0 +1,18 @@
+apiVersion: v2
+name: cloudflared
+version: 1.14.1
+description: Cloudflared Tunnel
+keywords:
+  - cloudflare
+  - tunnel
+sources:
+  - https://github.com/cloudflare/cloudflared
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.7.1
+icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
+appVersion: "2025.2.1"
--- a/charts/cloudflared/README.md
+++ b/charts/cloudflared/README.md
@@ -0,0 +1,35 @@
+# cloudflared
+
+![Version: 1.14.1](https://img.shields.io/badge/Version-1.14.1-informational?style=flat-square) ![AppVersion: 2025.2.1](https://img.shields.io/badge/AppVersion-2025.2.1-informational?style=flat-square)
+
+Cloudflared Tunnel
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/cloudflare/cloudflared>
+* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
+| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.2.1"}` | Default image |
+| name | string | `"cloudflared"` | Name override of release |
+| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
--- a/charts/cloudflared/templates/common.yaml
+++ b/charts/cloudflared/templates/common.yaml
@@ -0,0 +1,41 @@
+{{- include "bjw-s.common.loader.init" . }}
+
+{{- define "cloudflared.hardcodedValues" -}}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: deployment
+    strategy: Recreate
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - tunnel
+          - --protocol
+          - http2
+          - --no-autoupdate
+          - run
+          - --token
+          - $(CF_MANAGED_TUNNEL_TOKEN)
+        env:
+          - name: CF_MANAGED_TUNNEL_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.existingSecretName }}
+                key: {{ .Values.existingSecretKey }}
+        resources:
+        {{- with .Values.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{ end }}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}
--- a/charts/cloudflared/values.yaml
+++ b/charts/cloudflared/values.yaml
@@ -0,0 +1,20 @@
+# -- Name override of release
+name: cloudflared
+
+# -- Name of existing secret that contains Cloudflare token
+existingSecretName: cloudflared-secret
+
+# -- Name of key that contains the token in the existingSecret
+existingSecretKey: cf-tunnel-token
+
+# -- Default image
+image:
+  repository: cloudflare/cloudflared
+  tag: "2025.2.1"
+  pullPolicy: IfNotPresent
+
+# -- Default resources
+resources:
+  requests:
+    cpu: 10m
+    memory: 128Mi
--- a/charts/generic-device-plugin/Chart.yaml
+++ b/charts/generic-device-plugin/Chart.yaml
@@ -0,0 +1,18 @@
+apiVersion: v2
+name: generic-device-plugin
+version: 0.1.7
+description: Generic Device Plugin
+keywords:
+  - generic-device-plugin
+  - device
+  - plugin
+sources:
+  - https://github.com/squat/generic-device-plugin
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.7.1
+appVersion: 0.1.7
--- a/charts/generic-device-plugin/README.md
+++ b/charts/generic-device-plugin/README.md
@@ -0,0 +1,37 @@
+# generic-device-plugin
+
+![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![AppVersion: 0.1.7](https://img.shields.io/badge/AppVersion-0.1.7-informational?style=flat-square)
+
+Generic Device Plugin
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/squat/generic-device-plugin>
+* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
+| config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
+| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821"}` | Default image |
+| name | string | `"generic-device-plugin"` | Name override of release |
+| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
+| service | object | `{"listenPort":8080}` | Service port |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
--- a/charts/generic-device-plugin/templates/common.yaml
+++ b/charts/generic-device-plugin/templates/common.yaml
@@ -0,0 +1,82 @@
+{{ include "bjw-s.common.loader.init" . }}
+
+{{ define "genericDevicePlugin.hardcodedValues" }}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: daemonset
+    pod:
+      priorityClassName: system-node-critical
+      tolerations:
+        - operator: "Exists"
+          effect: "NoExecute"
+        - operator: "Exists"
+          effect: "NoSchedule"
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --config=/config/config.yaml
+        env:
+          - name: LISTEN
+            value: :{{ .Values.service.listenPort }}
+          - name: PLUGIN_DIRECTORY
+            value: /var/lib/kubelet/device-plugins
+          - name: DOMAIN
+            value: {{ .Values.deviceDomain }}
+        probes:
+          liveness:
+            type: HTTP
+            path: /health
+          readiness:
+            type: HTTP
+            path: /health
+          startup:
+            type: HTTP
+            path: /health
+        securityContext:
+          privileged: True
+configMaps:
+  config:
+    enabled: {{ .Values.config.enabled }}
+    data:
+      config.yaml: {{ toYaml .Values.config.data | nindent 8 }}
+service:
+  main:
+    controller: main
+    ports:
+      http:
+        port: {{ .Values.service.listenPort }}
+persistence:
+  config:
+    enabled: true
+    type: configMap
+    name: {{ .Values.name }}-config
+  device-plugins:
+    enabled: true
+    type: hostPath
+    hostPath: /var/lib/kubelet/device-plugins
+  dev:
+    enabled: true
+    type: hostPath
+    hostPath: /dev
+serviceMonitor:
+  main:
+    serviceName: generic-device-plugin
+    endpoints:
+      - port: http
+        scheme: http
+        path: /metrics
+        interval: 30s
+        scrapeTimeout: 10s
+{{ end }}
+{{ $_ := mergeOverwrite .Values (include "genericDevicePlugin.hardcodedValues" . | fromYaml) }}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}
--- a/charts/generic-device-plugin/values.yaml
+++ b/charts/generic-device-plugin/values.yaml
@@ -0,0 +1,80 @@
+# -- Name override of release
+name: generic-device-plugin
+
+# -- Default image
+image:
+  repository: ghcr.io/squat/generic-device-plugin
+  tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
+  pullPolicy: Always
+
+# -- Domain used by devices for identifcation
+deviceDomain: squat.ai
+
+# -- Service port
+service:
+  listenPort: 8080
+
+# -- Default resources
+resources:
+  limit:
+    cpu: 100m
+    memory: 20Mi
+  requests:
+    cpu: 50m
+    memory: 10Mi
+
+# -- Config map
+config:
+  enabled: true
+  # -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)
+  # @default -- See [values.yaml](./values.yaml)
+  data: |
+    devices:
+      - name: serial
+        groups:
+          - paths:
+              - path: /dev/ttyUSB*
+          - paths:
+              - path: /dev/ttyACM*
+          - paths:
+              - path: /dev/tty.usb*
+          - paths:
+              - path: /dev/cu.*
+          - paths:
+              - path: /dev/cuaU*
+          - paths:
+              - path: /dev/rfcomm*
+      - name: video
+        groups:
+          - paths:
+              - path: /dev/video0
+      - name: fuse
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/fuse
+      - name: audio
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/snd
+      - name: capture
+        groups:
+          - paths:
+              - path: /dev/snd/controlC0
+              - path: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC1
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC1D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC2
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC2D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC3
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC3D0c
+                mountPath: /dev/snd/pcmC0D0c
--- a/charts/postgres-cluster/Chart.yaml
+++ b/charts/postgres-cluster/Chart.yaml
@@ -0,0 +1,13 @@
+apiVersion: v2
+name: postgres-cluster
+version: 4.2.1
+description: Chart for cloudnative-pg cluster
+keywords:
+  - database
+  - postgres
+sources:
+  - https://github.com/cloudnative-pg/cloudnative-pg
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
+appVersion: v1.25.0
--- a/charts/postgres-cluster/README.md
+++ b/charts/postgres-cluster/README.md
@@ -0,0 +1,82 @@
+# postgres-cluster
+
+![Version: 4.2.1](https://img.shields.io/badge/Version-4.2.1-informational?style=flat-square) ![AppVersion: v1.25.0](https://img.shields.io/badge/AppVersion-v1.25.0-informational?style=flat-square)
+
+Chart for cloudnative-pg cluster
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/cloudnative-pg/cloudnative-pg>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| backup.backupIndex | int | `1` | Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}" |
+| backup.backupName | string | `""` | Name of the backup cluster in the object store, defaults to "cluster.name" |
+| backup.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backup.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backup.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| backup.destinationPath | string | `""` | S3 path starting with "s3://" |
+| backup.enabled | bool | `false` |  |
+| backup.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
+| backup.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| backup.endpointURL | string | `""` | S3 endpoint starting with "https://" |
+| backup.historyTags.backupRetentionPolicy | string | `""` |  |
+| backup.retentionPolicy | string | `"7d"` | Retention policy for backups |
+| backup.schedule | string | `"0 0 */3 * *"` | Scheduled backup in cron format |
+| backup.tags | object | `{"backupRetentionPolicy":""}` | Tags to add to backups. Add in key value beneath the type. |
+| backup.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backup.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backup.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| bootstrap | object | `{"initdb":{}}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
+| bootstrap.initdb | object | `{}` | Example values database: app owner: app secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch postInitApplicationSQL:   - CREATE TABLE IF NOT EXISTS example; |
+| cluster.additionalLabels | object | `{}` |  |
+| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
+| cluster.annotations | object | `{}` |  |
+| cluster.enableSuperuserAccess | bool | `false` | Create secret containing credentials of superuser |
+| cluster.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.4-3-bullseye"}` | Default image |
+| cluster.instances | int | `3` |  |
+| cluster.logLevel | string | `"info"` |  |
+| cluster.monitoring | object | `{"enabled":false,"podMonitor":{"enabled":true},"prometheusRule":{"enableDefaultRules":true,"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
+| cluster.postgresGID | int | `26` |  |
+| cluster.postgresUID | int | `26` | The UID and GID of the postgres user inside the image |
+| cluster.postgresql | object | `{"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"shared_preload_libraries":[]}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
+| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or in-place (restart). |
+| cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
+| cluster.priorityClassName | string | `""` |  |
+| cluster.resources | object | `{"limits":{"cpu":"1","hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Default resources |
+| cluster.storage.size | string | `"10Gi"` |  |
+| cluster.storage.storageClass | string | `""` |  |
+| cluster.walStorage | object | `{"size":"2Gi","storageClass":""}` | Default storage size |
+| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup * `replica` - Create database as a replica from another CNPG cluster |
+| nameOverride | string | `""` | Override the name of the cluster |
+| recovery | object | `{"data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","endpointCA":"","endpointCredentials":"","endpointURL":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryInstanceName":"","recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":1}}` | Recovery settings when booting cluster from external cluster |
+| recovery.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| recovery.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
+| recovery.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| recovery.endpointURL | string | `""` | S3 https endpoint and the s3:// path |
+| recovery.pitrTarget | object | `{"time":""}` | Point in time recovery target in RFC3339 format |
+| recovery.recoveryIndex | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }} |
+| recovery.recoveryInstanceName | string | `""` | Name of the recovery cluster in the object store, defaults to ".Release.Name" |
+| recovery.recoveryServerName | string | `""` | Name of the recovery cluster in the object store, defaults to "cluster.name" |
+| recovery.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| replica.externalCluster | object | `{"connectionParameters":{"dbname":"app","host":"postgresql","user":"app"},"password":{"key":"password","name":"postgresql"}}` | External cluster connection, password specifies a secret name and the key containing the password value |
+| replica.importDatabases | list | `["app"]` | If type microservice only one database is allowed, default is app as standard in cnpg clusters |
+| replica.importRoles | list | `[]` | If type microservice no roles are imported and ignored |
+| replica.importType | string | `"microservice"` | See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types * `microservice` - Single database import as expected from cnpg clusters * `monolith` - Import multiple databases and roles |
+| replica.postImportApplicationSQL | list | `[]` | If import type is monolith postImportApplicationSQL is not supported and ignored |
+| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` * `timescaledb` * `tensorchord` |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
--- a/charts/postgres-cluster/templates/_backup.tpl
+++ b/charts/postgres-cluster/templates/_backup.tpl
@@ -0,0 +1,50 @@
+{{- define "cluster.backup" -}}
+{{- if .Values.backup.enabled }}
+backup:
+  retentionPolicy: {{ .Values.backup.retentionPolicy }}
+  barmanObjectStore:
+    destinationPath: {{ .Values.backup.destinationPath }}
+    endpointURL: {{ .Values.backup.endpointURL }}
+    {{- if .Values.backup.endpointCA }}
+    endpointCA:
+      name: {{ .Values.backup.endpointCA }}
+      key: ca-bundle.crt
+    {{- end }}
+    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
+    tags:
+      {{- with .Values.backup.tags }}
+      {{- . | toYaml | nindent 6 }}
+      {{- end }}
+    historyTags:
+      {{- with .Values.backup.historyTags }}
+      {{- . | toYaml | nindent 6 }}
+      {{- end }}
+    s3Credentials:
+      accessKeyId:
+        name: {{ include "cluster.backupCredentials" . }}
+        key: ACCESS_KEY_ID
+      secretAccessKey:
+        name: {{ include "cluster.backupCredentials" . }}
+        key: ACCESS_SECRET_KEY
+    wal:
+      {{- if .Values.backup.wal.compression }}
+      compression: {{ .Values.backup.wal.compression }}
+      {{- end }}
+      {{- if .Values.backup.wal.encryption }}
+      encryption: {{ .Values.backup.wal.encryption }}
+      {{- end }}
+      {{- if .Values.backup.wal.maxParallel }}
+      maxParallel: {{ .Values.backup.wal.maxParallel }}
+      {{- end }}
+    data:
+      {{- if .Values.backup.data.compression }}
+      compression: {{ .Values.backup.data.compression }}
+      {{- end }}
+      {{- if .Values.backup.data.encryption }}
+      encryption: {{ .Values.backup.data.encryption }}
+      {{- end }}
+      {{- if .Values.backup.data.jobs }}
+      jobs: {{ .Values.backup.data.jobs }}
+      {{- end }}
+{{- end }}
+{{- end }}
--- a/charts/postgres-cluster/templates/_bootstrap.tpl
+++ b/charts/postgres-cluster/templates/_bootstrap.tpl
@@ -0,0 +1,122 @@
+{{- define "cluster.bootstrap" -}}
+bootstrap:
+{{- if eq .Values.mode "standalone" }}
+  initdb:
+    {{- with .Values.bootstrap.initdb }}
+    {{- with (omit . "postInitApplicationSQL") }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+    {{- end }}
+    {{- if eq .Values.type "tensorchord" }}
+    dataChecksums: true
+    {{- end }}
+    {{- if or (eq .Values.type "postgis") (eq .Values.type "timescaledb") (eq .Values.type "tensorchord") (.Values.bootstrap.initdb.postInitApplicationSQL) }}
+    postInitApplicationSQL:
+      {{- if eq .Values.type "postgis" }}
+      - CREATE EXTENSION IF NOT EXISTS postgis;
+      - CREATE EXTENSION IF NOT EXISTS postgis_topology;
+      - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
+      - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
+      {{- else if eq .Values.type "timescaledb" }}
+      - CREATE EXTENSION IF NOT EXISTS timescaledb;
+      {{- else if eq .Values.type "tensorchord" }}
+      - ALTER SYSTEM SET search_path TO "$user", public, vectors;
+      - SET search_path TO "$user", public, vectors;
+      - CREATE EXTENSION IF NOT EXISTS "vectors";
+      - CREATE EXTENSION IF NOT EXISTS "cube";
+      - CREATE EXTENSION IF NOT EXISTS "earthdistance";
+      - ALTER SCHEMA vectors OWNER TO "app";
+      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "app";
+      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "app";
+      {{- end }}
+      {{- with .Values.bootstrap.initdb }}
+      {{- range .postInitApplicationSQL }}
+      {{- printf "- %s" . | nindent 6 }}
+      {{- end }}
+      {{- end }}
+    {{- end }}
+{{- else if eq .Values.mode "replica" }}
+  initdb:
+    import:
+      type: {{ .Values.replica.importType }}
+      databases:
+        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
+          {{ fail "Too many databases in import type of microservice!" }}
+        {{- else}}
+        {{- with .Values.replica.importDatabases }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+        {{- end }}
+      {{- if eq .Values.replica.importType "monolith" }}
+      roles:
+        {{- with .Values.replica.importRoles }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
+      postImportApplicationSQL:
+        {{- with .Values.replica.postImportApplicationSQL }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      source:
+        externalCluster: "{{ include "cluster.name" . }}-cluster"
+    {{- with .Values.bootstrap.initdb }}
+    {{- with (omit . "postInitApplicationSQL") }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+    {{- end }}
+externalClusters:
+  - name: "{{ include "cluster.name" . }}-cluster"
+    {{- with .Values.replica.externalCluster }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+{{- else if eq .Values.mode "recovery" }}
+  recovery:
+    {{- with .Values.recovery.pitrTarget.time }}
+    recoveryTarget:
+      targetTime: {{ . }}
+    {{- end }}
+    source: {{ include "cluster.recoveryServerName" . }}
+externalClusters:
+  - name: {{ include "cluster.recoveryServerName" . }}
+    barmanObjectStore:
+      serverName: {{ include "cluster.recoveryServerName" . }}
+      destinationPath: {{ .Values.recovery.destinationPath }}
+      endpointURL: {{ .Values.recovery.endpointURL }}
+      {{- with .Values.recovery.endpointCA }}
+      endpointCA:
+        name: {{ . }}
+        key: ca-bundle.crt
+      {{- end }}
+      s3Credentials:
+        accessKeyId:
+          name: {{ include "cluster.recoveryCredentials" . }}
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: {{ include "cluster.recoveryCredentials" . }}
+          key: ACCESS_SECRET_KEY
+      wal:
+        {{- if .Values.recovery.wal.compression }}
+        compression: {{ .Values.recovery.wal.compression }}
+        {{- end }}
+        {{- if .Values.recovery.wal.encryption }}
+        encryption: {{ .Values.recovery.wal.encryption }}
+        {{- end }}
+        {{- if .Values.recovery.wal.maxParallel }}
+        maxParallel: {{ .Values.recovery.wal.maxParallel }}
+        {{- end }}
+      data:
+        {{- if .Values.recovery.data.compression }}
+        compression: {{ .Values.recovery.data.compression }}
+        {{- end }}
+        {{- if .Values.recovery.data.encryption }}
+        encryption: {{ .Values.recovery.data.encryption }}
+        {{- end }}
+        {{- if .Values.recovery.data.jobs }}
+        jobs: {{ .Values.recovery.data.jobs }}
+        {{- end }}
+{{- else }}
+  {{ fail "Invalid cluster mode!" }}
+{{- end }}
+{{- end }}
--- a/charts/postgres-cluster/templates/_helpers.tpl
+++ b/charts/postgres-cluster/templates/_helpers.tpl
@@ -0,0 +1,91 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster.name" -}}
+  {{- if .Values.nameOverride }}
+    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+  {{- else }}
+    {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster.chart" -}}
+  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster.labels" -}}
+helm.sh/chart: {{ include "cluster.chart" . }}
+{{ include "cluster.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: cloudnative-pg
+{{- end }}
+
+{{/*
+Generate name for object store credentials
+*/}}
+{{- define "cluster.recoveryCredentials" -}}
+  {{- if .Values.recovery.endpointCredentials -}}
+    {{- .Values.recovery.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{- define "cluster.backupCredentials" -}}
+  {{- if .Values.backup.endpointCredentials -}}
+    {{- .Values.backup.endpointCredentials -}}
+  {{- else -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate backup server name
+*/}}
+{{- define "cluster.backupName" -}}
+  {{- if .Values.backup.backupName -}}
+    {{- .Values.backup.backupName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}
+
+
+{{/*
+Generate recovery server name
+*/}}
+{{- define "cluster.recoveryServerName" -}}
+  {{- if .Values.recovery.recoveryServerName -}}
+    {{- .Values.recovery.recoveryServerName -}}
+  {{- else -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+  {{- end }}
+{{- end }}
+
+{{/*
+Generate recovery instance name
+*/}}
+{{- define "cluster.recoveryInstanceName" -}}
+  {{- if .Values.recovery.recoveryInstanceName -}}
+    {{- .Values.recovery.recoveryInstanceName -}}
+  {{- else -}}
+    {{ include "cluster.name" . }}
+  {{- end }}
+{{- end }}
--- a/charts/postgres-cluster/templates/cluster.yaml
+++ b/charts/postgres-cluster/templates/cluster.yaml
@@ -0,0 +1,65 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ include "cluster.name" . }}-cluster
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.cluster.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  instances: {{ .Values.cluster.instances }}
+  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
+  imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
+  postgresUID: {{ .Values.cluster.postgresUID }}
+  postgresGID: {{ .Values.cluster.postgresGID }}
+  enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
+  walStorage:
+    size: {{ .Values.cluster.walStorage.size }}
+    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+  storage:
+    size: {{ .Values.cluster.storage.size }}
+    storageClass: {{ .Values.cluster.storage.storageClass }}
+  {{- with .Values.cluster.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  {{- with .Values.cluster.affinity }}
+  affinity:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.cluster.priorityClassName }}
+  priorityClassName: {{ .Values.cluster.priorityClassName }}
+  {{- end }}
+  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
+  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
+  logLevel: {{ .Values.cluster.logLevel }}
+  postgresql:
+    {{- if eq .Values.type "timescaledb" }}
+    shared_preload_libraries:
+      - timescaledb
+    {{- end }}
+    {{- if eq .Values.type "tensorchord" }}
+    shared_preload_libraries:
+      - vectors.so
+    enableAlterSystem: true
+    {{- end }}
+    {{- with .Values.cluster.postgresql.shared_preload_libraries }}
+    shared_preload_libraries:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+    {{- with .Values.cluster.postgresql.parameters }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  monitoring:
+    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+
+  {{ include "cluster.bootstrap" . | nindent 2 }}
+
+  {{ include "cluster.backup" . | nindent 2 }}
--- a/charts/postgres-cluster/templates/prometheus-rule.yaml
+++ b/charts/postgres-cluster/templates/prometheus-rule.yaml
@@ -0,0 +1,97 @@
+{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "cluster.name" . }}-alert-rules
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  groups:
+    - name: cloudnative-pg/{{ include "cluster.name" . }}
+      rules:
+        {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
+        {{- $_ := set $dict "value"       "{{`{{`}} $value {{`}}`}}" -}}
+        {{- $_ := set $dict "namespace"   .Release.Namespace -}}
+        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{`{{`}} $labels.job {{`}}`}}" "node" "{{`{{`}} $labels.node {{`}}`}}" "pod" "{{`{{`}} $labels.pod {{`}}`}}") -}}
+        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
+        {{- $_ := set $dict "Values"      .Values -}}
+        {{- $_ := set $dict "Template"    .Template -}}
+        {{- range $path, $_ := .Files.Glob  "prometheus_rules/**.yaml" }}
+        {{- $tpl := tpl ($.Files.Get $path) $dict | nindent 10 | trim -}}
+        {{- with $tpl }}
+        - {{ $tpl }}
+        {{- end -}}
+        {{- end -}}
+    {{- if .Values.cluster.monitoring.prometheusRule.enableDefaultRules }}
+    - name: cloudnative-pg/default-rules
+      rules:
+        - alert: LongRunningTransaction
+          annotations:
+            description: Pod {{`{{`}} $labels.pod {{`}}`}} is taking more than 5 minutes (300 seconds) for a query.
+            summary: A query is taking longer than 5 minutes.
+          expr: |-
+            cnpg_backends_max_tx_duration_seconds > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: BackendsWaiting
+          annotations:
+            description: Pod {{`{{`}} $labels.pod {{`}}`}} has been waiting for longer than 5 minutes
+            summary: If a backend is waiting for longer than 5 minutes
+          expr: |-
+            cnpg_backends_waiting_total > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: PGDatabaseXidAge
+          annotations:
+            description: Over 300,000,000 transactions from frozen xid on pod {{`{{`}} $labels.pod {{`}}`}}
+            summary: Number of transactions from the frozen XID to the current one
+          expr: |-
+            cnpg_pg_database_xid_age > 300000000
+          for: 1m
+          labels:
+            severity: warning
+        - alert: PGReplication
+          annotations:
+            description: Standby is lagging behind by over 300 seconds (5 minutes)
+            summary: The standby is lagging behind the primary
+          expr: |-
+            cnpg_pg_replication_lag > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: LastFailedArchiveTime
+          annotations:
+            description: Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
+            summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
+          expr: |-
+            (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
+          for: 1m
+          labels:
+            severity: warning
+        - alert: DatabaseDeadlockConflicts
+          annotations:
+            description: There are over 10 deadlock conflicts in {{`{{`}} $labels.pod {{`}}`}}
+            summary: Checks the number of database conflicts
+          expr: |-
+            cnpg_pg_stat_database_deadlocks > 10
+          for: 1m
+          labels:
+            severity: warning
+        - alert: ReplicaFailingReplication
+          annotations:
+            description: Replica {{`{{`}} $labels.pod {{`}}`}} is failing to replicate
+            summary: Checks if the replica is failing to replicate
+          expr: |-
+            cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
+          for: 1m
+          labels:
+            severity: warning
+    {{- end }}
+{{ end }}
--- a/charts/postgres-cluster/templates/scheduled-backup.yaml
+++ b/charts/postgres-cluster/templates/scheduled-backup.yaml
@@ -0,0 +1,18 @@
+{{ if .Values.backup.enabled }}
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: {{ include "cluster.name" . }}-scheduled-backup
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "cluster.labels" . | nindent 4 }}
+  {{- with .Values.cluster.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  immediate: true
+  schedule: {{ .Values.backup.schedule }}
+  backupOwnerReference: self
+  cluster:
+    name: {{ include "cluster.name" . }}-cluster
+{{ end }}
--- a/charts/postgres-cluster/values.yaml
+++ b/charts/postgres-cluster/values.yaml
@@ -0,0 +1,213 @@
+# -- Override the name of the cluster
+nameOverride: ""
+
+# -- Type of the CNPG database. Available types:
+# * `postgresql`
+# * `postgis`
+# * `timescaledb`
+# * `tensorchord`
+type: postgresql
+
+# -- Cluster mode of operation. Available modes:
+# * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
+# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
+# * `replica` - Create database as a replica from another CNPG cluster
+mode: standalone
+
+cluster:
+  instances: 3
+
+  # -- Default image
+  image:
+    repository: ghcr.io/cloudnative-pg/postgresql
+    tag: "17.4-3-bullseye"
+    pullPolicy: IfNotPresent
+
+  # -- The UID and GID of the postgres user inside the image
+  postgresUID: 26
+  postgresGID: 26
+
+  # -- Create secret containing credentials of superuser
+  enableSuperuserAccess: false
+
+  # -- Default storage size
+  walStorage:
+    size: 2Gi
+    storageClass: ""
+  storage:
+    size: 10Gi
+    storageClass: ""
+
+  # -- Default resources
+  resources:
+    requests:
+      memory: 256Mi
+      cpu: 100m
+    limits:
+      cpu: '1'
+      hugepages-2Mi: 256Mi
+
+  # -- See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
+  affinity:
+    enablePodAntiAffinity: true
+    topologyKey: kubernetes.io/hostname
+
+  additionalLabels: {}
+  annotations: {}
+  priorityClassName: ""
+
+  # -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated. It can be switchover (default) or in-place (restart).
+  primaryUpdateMethod: switchover
+
+  # -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
+  primaryUpdateStrategy: unsupervised
+
+  logLevel: "info"
+
+  # -- Enable default monitoring and alert rules
+  monitoring:
+    enabled: false
+    podMonitor:
+      enabled: true
+    prometheusRule:
+      enabled: false
+      enableDefaultRules: true
+      excludeRules: []
+
+  # -- Parameters to be set for the database itself
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
+  postgresql:
+    parameters:
+      shared_buffers: 128MB
+      max_slot_wal_keep_size: 2000MB
+      hot_standby_feedback: "on"
+    shared_preload_libraries: []
+
+# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
+# See: https://cloudnative-pg.io/documentation/current/bootstrap/
+# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
+bootstrap:
+  # -- Example values
+  # database: app
+  # owner: app
+  # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+  # postInitApplicationSQL:
+  #   - CREATE TABLE IF NOT EXISTS example;
+  initdb: {}
+
+# -- Recovery settings when booting cluster from external cluster
+recovery:
+
+  # -- Point in time recovery target in RFC3339 format
+  pitrTarget:
+    time: ""
+
+  # -- S3 https endpoint and the s3:// path
+  endpointURL: ""
+  destinationPath: ""
+
+  # -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  endpointCA: ""
+
+  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  endpointCredentials: ""
+
+  # -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
+  recoveryIndex: 1
+
+  # -- Name of the recovery cluster in the object store, defaults to "cluster.name"
+  recoveryServerName: ""
+
+  # -- Name of the recovery cluster in the object store, defaults to ".Release.Name"
+  recoveryInstanceName: ""
+
+  wal:
+    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # -- Number of WAL files to be archived or restored in parallel.
+    maxParallel: 1
+  data:
+    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # -- Number of data files to be archived or restored in parallel.
+    jobs: 1
+
+replica:
+  # -- See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types
+  # * `microservice` - Single database import as expected from cnpg clusters
+  # * `monolith` - Import multiple databases and roles
+  importType: microservice
+
+  # -- If type microservice only one database is allowed, default is app as standard in cnpg clusters
+  importDatabases:
+    - app
+
+  # -- If type microservice no roles are imported and ignored
+  importRoles: []
+
+  # -- If import type is monolith postImportApplicationSQL is not supported and ignored
+  postImportApplicationSQL: []
+
+  # -- External cluster connection, password specifies a secret name and the key containing the password value
+  externalCluster:
+    connectionParameters:
+      host: postgresql
+      user: app
+      dbname: app
+    password:
+      name: postgresql
+      key: password
+
+backup:
+  enabled: false
+
+  # -- S3 endpoint starting with "https://"
+  endpointURL: ""
+
+  # -- S3 path starting with "s3://"
+  destinationPath: ""
+
+  # -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  endpointCA: ""
+
+  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  endpointCredentials: ""
+
+  # -- Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
+  backupIndex: 1
+
+  # -- Name of the backup cluster in the object store, defaults to "cluster.name"
+  backupName: ""
+
+  # -- Tags to add to backups. Add in key value beneath the type.
+  tags:
+    backupRetentionPolicy: ""
+  historyTags:
+    backupRetentionPolicy: ""
+
+  wal:
+    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # -- Number of WAL files to be archived or restored in parallel.
+    maxParallel: 1
+  data:
+    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    compression: snappy
+    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    encryption: ""
+    # -- Number of data files to be archived or restored in parallel.
+    jobs: 1
+
+  # -- Retention policy for backups
+  retentionPolicy: "7d"
+
+  # -- Scheduled backup in cron format
+  schedule: "0 0 */3 * *"
--- a/index.yaml
+++ b/index.yaml