Update ghcr.io/cloudnative-pg/postgresql Docker tag to v18

Merge pull request 'Update ghcr.io/squat/generic-device-plugin:latest Docker digest to aa0571c' (#152 ) from renovate/ghcr.io-squat-generic-device-plugin-latest into main
Update ghcr.io/squat/generic-device-plugin:latest Docker digest to aa0571c
2025-12-15 00:07:07 +00:00 · 2025-12-15 00:05:37 +00:00 · 2025-12-15 00:05:14 +00:00 · 2025-12-12 16:43:45 -06:00 · 2025-12-12 16:43:45 -06:00 · 2025-12-12 00:01:34 +00:00
69 changed files with 2941 additions and 886 deletions
@@ -0,0 +1,226 @@
 name: lint-and-test
 on:
  pull_request:
    branches:
      - main
    paths:
      - 'charts/**'
  push:
    branches:
      - main
    paths:
      - 'charts/**'
 env:
  BASE_BRANCH: "origin/${{ gitea.base_ref }}"
 jobs:
  chart-testing:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Set up Node.js
        uses: actions/setup-node@v6
        with:
          node-version: '24'
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: '3.14'
      - name: Set up Chart Testing
        uses: helm/chart-testing-action@v2.7.0
        with:
          yamale_version: "6.0.0"
      - name: Run Chart Testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
          if [[ -n "$changed" ]]; then
            echo "changed=true" >> $GITHUB_OUTPUT
          fi
      - name: Run Chart Testing (lint)
        if: steps.list-changed.outputs.changed == 'true'
        run: ct lint --validate-maintainers=false --target-branch ${{ gitea.event.repository.default_branch }}
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Helm Charts'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Tests have failed for Helm Charts'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=lint-test.yaml", "clear": true}]'
          image: true
  lint-helm:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Check Branch Exists
        id: check-branch-exists
        if: github.event_name == 'pull_request'
        uses: GuillaumeFalourd/branch-exists@v1.1
        with:
          branch: ${{ gitea.base_ref }}
      - name: Report Branch Exists
        id: branch-exists
        if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
        run: |
          if [ ${{ github.event_name == 'push' }} ]; then
            echo ">> Action is from a push event, will continue with linting"
          else
            echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
          fi
          echo "----"
          echo "exists=true" >> $GITEA_OUTPUT
      - name: Set up Helm
        uses: azure/setup-helm@v4
        if: steps.branch-exists.outputs.exists == 'true'
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3
      - name: Check Directories for Changes
        id: check-dir-changes
        if: steps.branch-exists.outputs.exists == 'true'
        run: |
          CHANGED_CHARTS=()
          echo ">> Target branch for diff is: ${BASE_BRANCH}"
          if [ "${{ github.event_name }}" == "pull_request" ]; then
            echo ""
            echo ">> Checking for changes in a pull request ..."
            GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "charts/")
          else
            echo ""
            echo ">> Checking for changes from a push ..."
            GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "charts/")
          fi
          if [ -n "${GIT_DIFF}" ]; then
            echo ""
            echo ">> Changes detected:"
            echo "$GIT_DIFF"
            for path in $GIT_DIFF; do
              CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $2}')
              CHANGED_CHARTS+=$(echo " ")
            done
          else
            echo ""
            echo ">> No changes detected"
          fi
          if [ -n "${CHANGED_CHARTS}" ]; then
            echo ""
            echo ">> Chart to Lint:"
            echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
            echo "----"
            echo "changes-detected=true" >> $GITEA_OUTPUT
            echo "chart-dir<<EOF" >> $GITEA_OUTPUT
            echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
            echo "EOF" >> $GITEA_OUTPUT
          else
            echo "changes-detected=false" >> $GITEA_OUTPUT
          fi
      - name: Add Repositories
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
        run: |
          echo ">> Adding repositories for chart dependencies ..."
          for dir in ${CHANGED_CHARTS}; do
            helm dependency list --max-col-width 120 charts/$dir 2> /dev/null \
              | tail +2 | head -n -1 \
              | awk '{ print "helm repo add " $1 " " $3 }' \
              | while read cmd; do echo "$cmd" | sh; done || true
          done
          if helm repo list | tail +2 | read -r; then
            echo ""
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Lint Helm Chart
        if: steps.check-dir-changes.outputs.changes-detected == 'true'
        env:
          CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
        run: |
          echo ">> Running linting on changed charts ..."
          for dir in ${CHANGED_CHARTS}; do
            chart_path=charts/$dir
            chart_name=$(basename "$chart_path")
            if [ -f "$chart_path/Chart.yaml" ]; then
              cd $chart_path
              echo ""
              echo ">> Building helm dependency ..."
              helm dependency build --skip-refresh
              echo ""
              echo ">> Linting helm ..."
              helm lint --namespace "$chart_name"
            else
              echo ""
              echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
              echo ""
            fi
          done
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Test Failure - Helm Charts'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Tests have failed for Helm Charts'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=lint-test.yaml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-cloudflared
 on:
  push:
    branches:
      - main
    paths:
      - "charts/cloudflared/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/cloudflared"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-cloudflared.yml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-generic-device-plugin
 on:
  push:
    branches:
      - main
    paths:
      - "charts/generic-device-plugin/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/generic-device-plugin"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-generic-device-plugin.yml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-gitea-actions
 on:
  push:
    branches:
      - main
    paths:
      - "charts/gitea-actions/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/gitea-actions"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-gitea-actions.yml", "clear": true}]'
          image: true
@@ -0,0 +1,128 @@
 name: release-charts-postgres-cluster
 on:
  push:
    branches:
      - main
    paths:
      - "charts/postgres-cluster/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/postgres-cluster"
 jobs:
  release:
    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: v3.19.2
      - name: Add Repositories
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding repositories for chart dependencies ..."
          helm dependency list --max-col-width 120 2> /dev/null \
            | tail +2 | head -n -1 \
            | awk '{ print "helm repo add " $1 " " $3 }' \
            | while read cmd; do echo "$cmd" | sh; done || true
          if helm repo list | tail +2 | read -r; then
            echo ">> Update repository cache ..."
            helm repo update
          fi
          echo "----"
      - name: Package Helm Chart
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Building helm dependency ..."
          helm dependency build --skip-refresh --debug
          echo "----"
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          echo ">> Logging into Harbor ..."
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
          echo ""
          echo ">> Publishing chart to Harbor ..."
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
          echo "----"
      - name: Publish Helm Chart to Gitea
        run: |
          echo ">> Installing Chart Museum plugin ..."
          helm plugin install https://github.com/chartmuseum/helm-push --debug
          echo ""
          echo ">> Adding Gitea repository ..."
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
          echo ""
          echo ">> Pushing chart to gitea"
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
      - name: Extract Chart Metadata
        run: |
          cd ${WORKFLOW_DIR}
          echo ">> Adding Chart metadata to workflow ENV ..."
          echo ""
          echo ">> Chart Version: $(yq '.version' Chart.yaml)"
          echo ">> Chart Name: $(yq '.name' Chart.yaml)"
          echo "----"
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: ntfy Success
        uses: niniyas/ntfy-action@master
        if: success()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Success - ${{ env.CHART_NAME }}'
          priority: 3
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,successfully,completed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
      - name: ntfy Failed
        uses: niniyas/ntfy-action@master
        if: failure()
        with:
          url: '${{ secrets.NTFY_URL }}'
          topic: '${{ secrets.NTFY_TOPIC }}'
          title: 'Release Failure - ${{ env.CHART_NAME }}'
          priority: 4
          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
          tags: action,failed
          details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-postgres-cluster.yml", "clear": true}]'
          image: true
@@ -0,0 +1,32 @@
 name: renovate
 on:
  schedule:
    - cron: "@daily"
  push:
    branches:
      - main
  workflow_dispatch:
 jobs:
  renovate:
    runs-on: ubuntu-latest
    container: ghcr.io/renovatebot/renovate:42
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Renovate
        run: renovate
        env:
          RENOVATE_PLATFORM: gitea
          RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
          RENOVATE_REPOSITORIES: alexlebens/helm-charts
          RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
          LOG_LEVEL: info
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
          RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
@@ -1,2 +0,0 @@
 # This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
 FROM renovate/renovate:37
@@ -1,64 +0,0 @@
 {
    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
    "extends": [
        "config:recommended",
        "mergeConfidence:all-badges",
        ":rebaseStalePrs"
    ],
    "timezone": "US/Central",
    "schedule": [
        "every weekday"
    ],
    "labels": [],
    "packageRules": [
        {
            "description": "Disables for non major Renovate version",
            "matchPaths": [
                ".github/renovate-update-notification/Dockerfile"
            ],
            "matchUpdateTypes": [
                "minor",
                "patch",
                "pin",
                "digest",
                "rollback"
            ],
            "enabled": false
        },
        {
            "description": "Generate for major Renovate version",
            "matchPaths": [
                ".github/renovate-update-notification/Dockerfile"
            ],
            "matchUpdateTypes": [
                "major"
            ],
            "addLabels": [
                "upgrade"
            ],
            "automerge": false
        },
        {
            "description": "Label images",
            "matchDatasources": [
                "docker"
            ],
            "addLabels": [
                "image"
            ],
            "automerge": false,
            "minimumReleaseAge": "3 days"
        },
        {
            "description": "Label charts",
            "matchDatasources": [
                "helm"
            ],
            "addLabels": [
                "chart"
            ],
            "automerge": false,
            "minimumReleaseAge": "3 days"
        }
    ]
 }
@@ -1,37 +0,0 @@
 name: lint-and-test-charts
 on: pull_request
 jobs:
  lint-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          version: v3.13.3
      - uses: actions/setup-python@v5
        with:
          python-version: "3.10"
          check-latest: true
      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.6.1
      - name: Run chart-testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
          if [[ -n "$changed" ]]; then
            echo "changed=true" >> "$GITHUB_OUTPUT"
          fi
      - name: Run chart-testing (lint)
        if: steps.list-changed.outputs.changed == 'true'
        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
@@ -4,6 +4,8 @@ on:
  push:
    branches:
      - main
    paths:
      - "charts/**"
 jobs:
  release:
@@ -12,7 +14,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
@@ -22,6 +24,6 @@ jobs:
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
@@ -1,12 +1,2 @@
 # Archived
 charts/**/archive
 # Compiled Helm chart dependencies
 charts/**/Chart.lock
 charts/**/charts/
 # Testing
 __snapshot__/
 # Docs
 _site/
@@ -0,0 +1,19 @@
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v2.3.0
    hooks:
      - id: end-of-file-fixer
      - id: trailing-whitespace
      - id: check-added-large-files
      - id: check-yaml
        exclude: 'charts/'
        args:
          - --multi
  - repo: https://github.com/norwoodj/helm-docs
    rev: v1.14.2
    hooks:
      - id: helm-docs
        args:
          - --chart-search-root=charts
          - --template-files=./_templates.gotmpl
          - --template-files=README.md.gotmpl
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.5.0
 digest: sha256:cd050e107fbec6769024a6d316c3f43701295a55cddf53a9fc304b52ea879560
 generated: "2025-12-04T18:06:50.235715-06:00"
@@ -1,18 +1,18 @@
 apiVersion: v2
 name: cloudflared
-version: 1.4.0
+version: 1.23.2
 description: Cloudflared Tunnel
 keywords:
  - cloudflare
  - tunnel
 sources:
  - https://github.com/cloudflare/cloudflared
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
 maintainers:
  - name: alexlebens
 dependencies:
  - name: common
-    repository: https://bjw-s.github.io/helm-charts/
+    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 3.2.1
+    version: 4.5.0
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
-appVersion: "2024.6.0"
+appVersion: "2025.11.1"
@@ -1,16 +1,35 @@
-## Introduction
+# cloudflared
-[Cloudflared](https://github.com/cloudflare/cloudflared)
+![Version: 1.23.2](https://img.shields.io/badge/Version-1.23.2-informational?style=flat-square) ![AppVersion: 2025.11.1](https://img.shields.io/badge/AppVersion-2025.11.1-informational?style=flat-square)
-Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins.
+Cloudflared Tunnel
-This chart bootstraps a [Cloudflared](https://github.com/cloudflare/cloudflared) tunnel on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+## Maintainers
-## Prerequisites
+| Name | Email | Url |
 | ---- | ------ | --- |
 | alexlebens |  |  |
- Kubernetes
+## Source Code
 - Helm
-## Parameters
+* <https://github.com/cloudflare/cloudflared>
 * <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
-See the [values files](values.yaml).
+## Requirements
 | Repository | Name | Version |
 |------------|------|---------|
 | https://bjw-s-labs.github.io/helm-charts/ | common | 4.5.0 |
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
 | existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
 | image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.11.1"}` | Default image |
 | name | string | `"cloudflared"` | Name override of release |
 | resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -1,11 +1,20 @@
 # -- Name override of release
 name: cloudflared
 # -- Name of existing secret that contains Cloudflare token
 existingSecretName: cloudflared-secret
 # -- Name of key that contains the token in the existingSecret
 existingSecretKey: cf-tunnel-token
 # -- Default image
 image:
  repository: cloudflare/cloudflared
-  tag: "2024.6.0"
+  tag: "2025.11.1"
  pullPolicy: IfNotPresent
 # -- Default resources
 resources:
  requests:
-    cpu: 100m
+    cpu: 10m
    memory: 128Mi
@@ -0,0 +1,6 @@
 dependencies:
 - name: common
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.5.0
 digest: sha256:cd050e107fbec6769024a6d316c3f43701295a55cddf53a9fc304b52ea879560
 generated: "2025-12-04T18:08:17.823318-06:00"
@@ -0,0 +1,18 @@
 apiVersion: v2
 name: generic-device-plugin
 version: 0.20.7
 description: Generic Device Plugin
 keywords:
  - generic-device-plugin
  - device
  - plugin
 sources:
  - https://github.com/squat/generic-device-plugin
  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
 maintainers:
  - name: alexlebens
 dependencies:
  - name: common
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.5.0
 appVersion: 0.20.4
@@ -0,0 +1,37 @@
 # generic-device-plugin
 ![Version: 0.20.5](https://img.shields.io/badge/Version-0.20.5-informational?style=flat-square) ![AppVersion: 0.20.4](https://img.shields.io/badge/AppVersion-0.20.4-informational?style=flat-square)
 Generic Device Plugin
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | alexlebens |  |  |
 ## Source Code
 * <https://github.com/squat/generic-device-plugin>
 * <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
 ## Requirements
 | Repository | Name | Version |
 |------------|------|---------|
 | https://bjw-s-labs.github.io/helm-charts/ | common | 4.5.0 |
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
 | config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
 | deviceDomain | string | `"devic.es"` | Domain used by devices for identifcation |
 | image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:a8482160f4ef7a52fb3aff05f8ba8e71b7e3974fc9929cb629d615149358c036"}` | Default image |
 | name | string | `"generic-device-plugin"` | Name override of release |
 | resources | object | `{"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
 | service | object | `{"listenPort":8080}` | Service port |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -0,0 +1,82 @@
 {{ include "bjw-s.common.loader.init" . }}
 {{ define "genericDevicePlugin.hardcodedValues" }}
 {{ if not .Values.global.nameOverride }}
 global:
  nameOverride: {{ .Values.name }}
 {{ end }}
 controllers:
  main:
    type: daemonset
    pod:
      priorityClassName: system-node-critical
      tolerations:
        - operator: "Exists"
          effect: "NoExecute"
        - operator: "Exists"
          effect: "NoSchedule"
    containers:
      main:
        image:
          repository: {{ .Values.image.repository }}
          tag: {{ .Values.image.tag }}
          pullPolicy: {{ .Values.image.pullPolicy }}
        args:
          - --config=/config/config.yaml
        env:
          - name: LISTEN
            value: :{{ .Values.service.listenPort }}
          - name: PLUGIN_DIRECTORY
            value: /var/lib/kubelet/device-plugins
          - name: DOMAIN
            value: {{ .Values.deviceDomain }}
        probes:
          liveness:
            type: HTTP
            path: /health
          readiness:
            type: HTTP
            path: /health
          startup:
            type: HTTP
            path: /health
        securityContext:
          privileged: True
 configMaps:
  config:
    enabled: {{ .Values.config.enabled }}
    data:
      config.yaml: {{ toYaml .Values.config.data | nindent 8 }}
 service:
  main:
    controller: main
    ports:
      http:
        port: {{ .Values.service.listenPort }}
 persistence:
  config:
    enabled: true
    type: configMap
    name: {{ .Values.name }}-config
  device-plugins:
    enabled: true
    type: hostPath
    hostPath: /var/lib/kubelet/device-plugins
  dev:
    enabled: true
    type: hostPath
    hostPath: /dev
 serviceMonitor:
  main:
    serviceName: generic-device-plugin
    endpoints:
      - port: http
        scheme: http
        path: /metrics
        interval: 30s
        scrapeTimeout: 10s
 {{ end }}
 {{ $_ := mergeOverwrite .Values (include "genericDevicePlugin.hardcodedValues" . | fromYaml) }}
 {{/* Render the templates */}}
 {{ include "bjw-s.common.loader.generate" . }}
@@ -0,0 +1,77 @@
 # -- Name override of release
 name: generic-device-plugin
 # -- Default image
 image:
  repository: ghcr.io/squat/generic-device-plugin
  tag: latest@sha256:aa0571c7f461fb99747ada00f2de69eb856dcbbc0e87965fffe37a15f7bc006f
  pullPolicy: Always
 # -- Domain used by devices for identifcation
 deviceDomain: devic.es
 # -- Service port
 service:
  listenPort: 8080
 # -- Default resources
 resources:
  requests:
    cpu: 50m
    memory: 10Mi
 # -- Config map
 config:
  enabled: true
  # -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)
  # @default -- See [values.yaml](./values.yaml)
  data: |
    devices:
      - name: serial
        groups:
          - paths:
              - path: /dev/ttyUSB*
          - paths:
              - path: /dev/ttyACM*
          - paths:
              - path: /dev/tty.usb*
          - paths:
              - path: /dev/cu.*
          - paths:
              - path: /dev/cuaU*
          - paths:
              - path: /dev/rfcomm*
      - name: video
        groups:
          - paths:
              - path: /dev/video0
      - name: fuse
        groups:
          - count: 10
            paths:
              - path: /dev/fuse
      - name: audio
        groups:
          - count: 10
            paths:
              - path: /dev/snd
      - name: capture
        groups:
          - paths:
              - path: /dev/snd/controlC0
              - path: /dev/snd/pcmC0D0c
          - paths:
              - path: /dev/snd/controlC1
                mountPath: /dev/snd/controlC0
              - path: /dev/snd/pcmC1D0c
                mountPath: /dev/snd/pcmC0D0c
          - paths:
              - path: /dev/snd/controlC2
                mountPath: /dev/snd/controlC0
              - path: /dev/snd/pcmC2D0c
                mountPath: /dev/snd/pcmC0D0c
          - paths:
              - path: /dev/snd/controlC3
                mountPath: /dev/snd/controlC0
              - path: /dev/snd/pcmC3D0c
                mountPath: /dev/snd/pcmC0D0c
@@ -0,0 +1,15 @@
 apiVersion: v2
 name: gitea-actions
 version: 0.2.1
 description: Gitea Actions
 keywords:
  - cicd
  - runner
  - actions
 sources:
  - https://gitea.com/gitea/helm-actions
  - https://gitea.com/gitea/act
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
 appVersion: 0.2.11
@@ -0,0 +1,18 @@
 MIT License
 Copyright (c) 2025 gitea
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
 associated documentation files (the "Software"), to deal in the Software without restriction, including
 without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
 following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial
 portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
 LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
 EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,54 @@
 # gitea-actions
 ![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![AppVersion: 0.2.11](https://img.shields.io/badge/AppVersion-0.2.11-informational?style=flat-square)
 Gitea Actions
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | alexlebens |  |  |
 ## Source Code
 * <https://gitea.com/gitea/helm-actions>
 * <https://gitea.com/gitea/act>
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | enabled | bool | `true` |  |
 | existingSecret | string | `""` |  |
 | existingSecretKey | string | `""` |  |
 | giteaRootURL | string | `""` |  |
 | global.fullnameOverride | string | `""` |  |
 | global.imageRegistry | string | `""` |  |
 | global.nameOverride | string | `""` |  |
 | global.storageClass | string | `""` |  |
 | init.image.repository | string | `"busybox"` |  |
 | init.image.tag | string | `"1.37.0"` |  |
 | statefulset.actRunner.config | string | `"log:\n  level: debug\ncache:\n  enabled: false\n"` |  |
 | statefulset.actRunner.extraVolumeMounts | list | `[]` |  |
 | statefulset.actRunner.pullPolicy | string | `"IfNotPresent"` |  |
 | statefulset.actRunner.repository | string | `"gitea/act_runner"` |  |
 | statefulset.actRunner.tag | string | `"0.2.11"` |  |
 | statefulset.affinity | object | `{}` |  |
 | statefulset.annotations | object | `{}` |  |
 | statefulset.dind.extraEnvs | list | `[]` |  |
 | statefulset.dind.extraVolumeMounts | list | `[]` |  |
 | statefulset.dind.pullPolicy | string | `"IfNotPresent"` |  |
 | statefulset.dind.repository | string | `"docker"` |  |
 | statefulset.dind.tag | string | `"25.0.2-dind"` |  |
 | statefulset.extraVolumes | list | `[]` |  |
 | statefulset.labels | object | `{}` |  |
 | statefulset.nodeSelector | object | `{}` |  |
 | statefulset.persistence.size | string | `"1Gi"` |  |
 | statefulset.persistence.storageClass | string | `""` |  |
 | statefulset.replicas | int | `1` |  |
 | statefulset.resources | object | `{}` |  |
 | statefulset.tolerations | list | `[]` |  |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -0,0 +1,102 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "gitea.actions.name" -}}
 {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "gitea.actions.fullname" -}}
 {{- if .Values.global.fullnameOverride -}}
 {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.global.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "gitea.actions.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Storage Class
 */}}
 {{- define "gitea.actions.persistence.storageClass" -}}
 {{- $storageClass :=  (tpl ( default "" .Values.statefulset.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
 {{- if $storageClass }}
 storageClassName: {{ $storageClass | quote }}
 {{- end }}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "gitea.actions.labels" -}}
 helm.sh/chart: {{ include "gitea.actions.chart" . }}
 app: {{ include "gitea.actions.name" . }}
 {{ include "gitea.actions.selectorLabels" . }}
 app.kubernetes.io/version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
 version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "gitea.actions.labels.actRunner" -}}
 helm.sh/chart: {{ include "gitea.actions.chart" . }}
 app: {{ include "gitea.actions.name" . }}-act-runner
 {{ include "gitea.actions.selectorLabels.actRunner" . }}
 app.kubernetes.io/version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
 version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Selector labels
 */}}
 {{- define "gitea.actions.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "gitea.actions.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "gitea.actions.selectorLabels.actRunner" -}}
 app.kubernetes.io/name: {{ include "gitea.actions.name" . }}-act-runner
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "gitea.actions.local_root_url" -}}
  {{- .Values.giteaRootURL -}}
 {{- end -}}
 {{/*
 Parse the http url to hostname + port separated by space for the nc command
 */}}
 {{- define "gitea.actions.nc" -}}
 {{- $url := include "gitea.actions.local_root_url" . | urlParse -}}
 {{- $host := get $url "host" -}}
 {{- $scheme := get $url "scheme" -}}
 {{- $port := "80" -}}
 {{- if contains ":" $host -}}
    {{- $hostAndPort := regexSplit ":" $host 2 -}}
    {{- $host = index $hostAndPort 0 -}}
    {{- $port = index $hostAndPort 1 -}}
 {{- else if eq $scheme "https" -}}
    {{- $port = "443" -}}
 {{- else if eq $scheme "http" -}}
    {{- $port = "80" -}}
 {{- end -}}
 {{- printf "%s %s" $host $port -}}
 {{- end -}}
@@ -0,0 +1,15 @@
 {{- if .Values.enabled }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "gitea.actions.fullname" . }}-act-runner-config
  namespace: {{ .Values.namespace | default .Release.Namespace }}
  labels:
    {{- include "gitea.actions.labels" . | nindent 4 }}
 data:
  config.yaml: |
    {{- with .Values.statefulset.actRunner.config -}}
    {{ . | nindent 4}}
    {{- end -}}
 {{- end }}
@@ -0,0 +1,127 @@
 {{- if .Values.enabled }}
 ---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  labels:
    {{- include "gitea.actions.labels.actRunner" . | nindent 4 }}
    {{- with .Values.statefulset.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  annotations:
    {{- with .Values.statefulset.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "gitea.actions.fullname" . }}-act-runner
  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
  replicas: {{ .Values.statefulset.replicas }}
  selector:
    matchLabels:
      {{- include "gitea.actions.selectorLabels.actRunner" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "gitea.actions.labels.actRunner" . | nindent 8 }}
        {{- with .Values.statefulset.labels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      initContainers:
        - name: init-gitea
          image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
          command:
            - sh
            - -c
            - |
              while ! nc -z {{ include "gitea.actions.nc" . }}; do
                sleep 5
              done
      containers:
        - name: act-runner
          image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"
          imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
          workingDir: /data
          env:
            - name: DOCKER_HOST
              value: tcp://127.0.0.1:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/server
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.existingSecret | default "gitea-actions-token" }}"
                  key: "{{ .Values.existingSecretKey | default "token" }}"
            - name: GITEA_INSTANCE_URL
              value: {{ include "gitea.actions.local_root_url" . }}
            - name: CONFIG_FILE
              value: /actrunner/config.yaml
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /actrunner/config.yaml
              name: act-runner-config
              subPath: config.yaml
            - mountPath: /certs/server
              name: docker-certs
            - mountPath: /data
              name: data-act-runner
            {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
        - name: dind
          image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}"
          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
          env:
            - name: DOCKER_HOST
              value: tcp://127.0.0.1:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/server
            {{- if .Values.statefulset.dind.extraEnvs }}
            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
            {{- end }}
          securityContext:
            privileged: true
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /certs/server
              name: docker-certs
            {{- with .Values.statefulset.dind.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
      {{- range $key, $value := .Values.statefulset.nodeSelector }}
      nodeSelector:
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- with .Values.statefulset.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.statefulset.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
        - name: act-runner-config
          configMap:
            name: {{ include "gitea.actions.fullname" . }}-act-runner-config
        - name: docker-certs
          emptyDir: {}
        {{- with .Values.statefulset.extraVolumes }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
  volumeClaimTemplates:
    - metadata:
        name: data-act-runner
      spec:
        accessModes: [ "ReadWriteOnce" ]
        {{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
        resources:
          requests:
            storage: {{ .Values.statefulset.persistence.size }}
 {{- end }}
@@ -0,0 +1,102 @@
 # Configure Gitea Actions
 # - must enable persistence if the job is enabled
 ## @section Gitea Actions
 #
 ## @param enabled Create an act runner StatefulSet.
 ## @param init.image.repository The image used for the init containers
 ## @param init.image.tag The image tag used for the init containers
 ## @param statefulset.annotations Act runner annotations
 ## @param statefulset.labels Act runner labels
 ## @param statefulset.resources Act runner resources
 ## @param statefulset.nodeSelector NodeSelector for the statefulset
 ## @param statefulset.tolerations Tolerations for the statefulset
 ## @param statefulset.affinity Affinity for the statefulset
 ## @param statefulset.extraVolumes Extra volumes for the statefulset
 ## @param statefulset.actRunner.repository The Gitea act runner image
 ## @param statefulset.actRunner.tag The Gitea act runner tag
 ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
 ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
 ## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
 ## @param statefulset.dind.repository The Docker-in-Docker image
 ## @param statefulset.dind.tag The Docker-in-Docker image tag
 ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
 ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
 ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
 ## @param statefulset.persistence.size Size for persistence to store act runner data
 ## @param provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret
 ## @param provisioning.annotations Job's annotations
 ## @param provisioning.labels Job's labels
 ## @param provisioning.resources Job's resources
 ## @param provisioning.nodeSelector NodeSelector for the job
 ## @param provisioning.tolerations Tolerations for the job
 ## @param provisioning.affinity Affinity for the job
 ## @param provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed
 ## @param provisioning.publish.repository The image that can create the secret via kubectl
 ## @param provisioning.publish.tag The publish image tag that can create the secret
 ## @param provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret
 ## @param existingSecret Secret that contains the token
 ## @param existingSecretKey Secret key
 ## @param giteaRootURL URL the act_runner registers and connect with
 enabled: true
 statefulset:
  replicas: 1
  annotations: {}
  labels: {}
  resources: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  extraVolumes: []
  actRunner:
    repository: gitea/act_runner
    tag: 0.2.11
    pullPolicy: IfNotPresent
    extraVolumeMounts: []
    # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
    config: |
      log:
        level: debug
      cache:
        enabled: false
  dind:
    repository: docker
    tag: 25.0.2-dind
    pullPolicy: IfNotPresent
    extraVolumeMounts: []
    # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
    # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456
    extraEnvs:
      []
      #  - name: "DOCKER_IPTABLES_LEGACY"
      #    value: "1"
  persistence:
    storageClass: ""
    size: 1Gi
 init:
  image:
    repository: busybox
    tag: "1.37.0"
 ## Specify an existing token secret
 ##
 existingSecret: ""
 existingSecretKey: ""
 ## Specify the root URL of the Gitea instance
 giteaRootURL: ""
 ## @section Global
 #
 ## @param global.imageRegistry global image registry override
 ## @param global.storageClass global storage class override
 global:
  imageRegistry: ""
  storageClass: ""
  nameOverride: ""
  fullnameOverride: ""
@@ -1,15 +0,0 @@
 apiVersion: v2
 name: mysql-cluster
 version: 0.2.1
 description: Chart for a mysql cluster
 keywords:
  - database
  - mysql
 sources:
  - https://dev.mysql.com/
  - https://github.com/mysql/mysql-operator
  - https://github.com/mysql/mysql-operator/tree/trunk/helm/mysql-innodbcluster
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/2452804?s=48&v=4
 appVersion: 8.4.0
@@ -1,17 +0,0 @@
 ## Introduction
 [MySQL Operator](https://dev.mysql.com/doc/mysql-operator/en/)
 MySQL Operator for Kubernetes manages MySQL InnoDB Cluster setups inside a Kubernetes Cluster. MySQL Operator for Kubernetes manages the full lifecycle with setup and maintenance including automating upgrades and backups.
 This chart bootstraps a [MySQL InnoDB](https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-innodbcluster.html) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 - MySQL Operator
 ## Parameters
 See the [values files](values.yaml).
@@ -1,72 +0,0 @@
 {{- define "cluster.backup" -}}
 {{- if and .Values.backup.enabled .Values.backup.profiles }}
 backupProfiles:
 {{- $isDumpInstance := false }}
 {{- $isSnapshot := false }}
 {{- range $_, $profile := .Values.backup.profiles }}
  - name: {{ $profile.name | quote }}
      {{- if hasKey $profile "podAnnotations" }}
    podAnnotations:
      {{ toYaml $profile.podAnnotations | nindent 6 }}
      {{- end }}
      {{- if hasKey $profile "podLabels" }}
    podLabels:
      {{ toYaml $profile.podLabels | nindent 6 }}
      {{- end }}
    {{- $isDumpInstance = hasKey $profile "dumpInstance" }}
    {{- $isSnapshot = hasKey $profile "snapshot" }}
    {{- if or $isDumpInstance $isSnapshot }}
      {{- $backupProfile := ternary $profile.dumpInstance $profile.snapshot $isDumpInstance }}
      {{- if $isDumpInstance }}
    dumpInstance:
      {{- else if $isSnapshot }}
    snapshot:
      {{- else }}
      {{- fail "Unsupported or unspecified backup type, must be either snapshot or dumpInstance" }}
      {{ end }}
      {{- if not (hasKey $backupProfile "storage") }}
      {{- fail "backup profile $profile.name has no storage section" }}
      {{- else if hasKey $backupProfile.storage "s3" }}
      storage:
        s3:
            {{- if $backupProfile.storage.s3.prefix }}
          prefix: {{ $backupProfile.storage.s3.prefix }}
            {{- end }}
          bucketName: {{ required "bucketName is required" $backupProfile.storage.s3.bucketName }}
          config: {{ required "config is required" $backupProfile.storage.s3.config }}
            {{- if $backupProfile.storage.s3.profile }}
          profile: {{ $backupProfile.storage.s3.profile }}
            {{- end }}
            {{- if $backupProfile.storage.s3.endpoint }}
          endpoint: {{ $backupProfile.storage.s3.endpoint }}
            {{- end }}
      {{- else if hasKey $backupProfile.storage "persistentVolumeClaim" }}
      storage:
        persistentVolumeClaim: {{ toYaml $backupProfile.storage.persistentVolumeClaim | nindent 12}}
      {{- else -}}
      {{- fail "Backup profile $profile.name has empty storage section - neither s3 nor persistentVolumeClaim defined" }}
      {{- end -}}
    {{- end }}
 {{- end }}
 {{- end }}
 {{- if .Values.backup.schedules }}
 backupSchedules:
 {{- range $_, $schedule := .Values.backup.schedules }}
  - name: {{ $schedule.name | quote }}
    enabled: {{ $schedule.enabled }}
    schedule: {{ quote $schedule.schedule }}
      {{- if ($schedule).timeZone }}
    timeZone: {{ quote $schedule.timeZone }}
      {{- end }}
    deleteBackupData: {{ $schedule.deleteBackupData }}
    backupProfileName: {{ $schedule.backupProfileName }}
 {{- end }}
 {{- end }}
 {{- end }}
@@ -1,64 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "cluster.name" -}}
  {{- if .Values.global.nameOverride }}
    {{- .Values.global.nameOverride | trunc 63 | trimSuffix "-" }}
  {{- else }}
    {{- printf "%s-mysql-%s" .Release.Name ((semver .Values.cluster.image.version).Major | toString) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "cluster.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Check for invalid versions
 */}}
 {{- $minimalVersion := "8.0.27" }}
 {{- $forbiddenVersions := list "8.0.29" }}
 {{- $serverVersion := .Values.serverVersion | default .Chart.AppVersion }}
 {{- if lt $serverVersion $minimalVersion }}
  {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above" $serverVersion $minimalVersion }}
  {{- fail $err }}
 {{- end }}
 {{- if has $serverVersion $forbiddenVersions }}
  {{- $err := printf "It is not possible to use MySQL version %s . Please, use %s or above except %v" $serverVersion $minimalVersion $forbiddenVersions }}
  {{- fail $err }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "cluster.labels" -}}
 helm.sh/chart: {{ include "cluster.chart" . }}
 {{ include "cluster.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "cluster.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "cluster.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: cloudnative-pg
 {{- end }}
 {{/*
 Create the name of the service account to use.
 */}}
 {{- define "mysql.serviceAccountName" -}}
 {{- if .Values.serviceAccount.enabled -}}
    {{ default (include "cluster.name" .) .Values.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
@@ -1,47 +0,0 @@
 {{- define "cluster.init" -}}
 {{- if eq .Values.mode "clone" }}
 {{- with .Values.clone }}
 initDB:
  clone:
    donorUrl: {{ required "clone donorUrl is required" .donorUrl }}
    rootUser: {{ .rootUser | default "root" }}
    secretKeyRef:
      name: {{ required "clone credentials is required" .exisitingCredentialsSecret }}
 {{- end }}
 {{- end }}
 {{- if eq .Values.mode "recovery" }}
 {{- with .Values.recovery }}
 initDB:
  dump:
      {{- if .name }}
    name: {{ .name | quote }}
      {{- end }}
      {{- if .path }}
    path: {{ .path | quote }}
      {{- end }}
      {{- if .options }}
    options: {{ toYaml .options | nindent 8 }}
      {{- end }}
    storage:
      {{- if eq .type "s3" }}
      s3:
        prefix: {{ required "s3 prefix is required" .s3.prefix }}
        bucketName: {{ required "s3 bucketName is required" .s3.bucketName }}
        config: {{ required "s3 config is required" .s3.config }}
          {{- if .s3.profile }}
        profile: {{ .s3.profile }}
          {{- end }}
          {{- if .s3.endpoint }}
        endpoint: {{ .s3.endpoint }}
          {{- end }}
      {{- end }}
      {{- if eq .type "pvc" }}
      persistentVolumeClaim:
        {{ toYaml .persistentVolumeClaim | nindent 10}}
      {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
@@ -1,75 +0,0 @@
 apiVersion: mysql.oracle.com/v2
 kind: InnoDBCluster
 metadata:
  name: {{ include "cluster.name" . }}-cluster
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
    {{- include "cluster.selectorLabels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  instances: {{ required "serverInstances is required" .Values.cluster.serverInstances }}
  baseServerId: {{ required "baseServerId is required" .Values.cluster.baseServerId }}  
  serviceAccountName: {{ include "mysql.serviceAccountName" . }}  
  imagePullPolicy : {{ .Values.cluster.image.pullPolicy }}
  version: {{ .Values.cluster.image.version }}
  tlsUseSelfSigned: true
  secretName: {{ .Values.cluster.exisitingCredentialsSecret }}
  podSpec:
    {{- with .Values.cluster.podSpec }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
  podAnnotations:
    {{- with .Values.cluster.podAnnotations }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
  podLabels:
    {{- with .Values.cluster.podLabels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
  router:
    instances: {{ required "router.instances is required" .Values.cluster.router.instances }}
    podSpec:
      {{- with .Values.cluster.router.podSpec }}
      {{- toYaml . | nindent 6 }}
      {{- end }}
    podAnnotations:
      {{- with .Values.cluster.router.podAnnotations }}
      {{- toYaml . | nindent 6 }}
      {{- end }}
    podLabels:
      {{- with .Values.cluster.router.podLabels }}
      {{- toYaml . | nindent 6 }}
      {{- end }}
    tlsSecretName: {{ include "cluster.name" . }}-router-tls
  logs:
    {{- with .Values.cluster.logs }}
    {{ toYaml . | nindent 4 }}
    {{- end }}      
  mycnf: |
 {{ .Values.cluster.serverConfig.mycnf | indent 4 }}
  {{- if .Values.cluster.datadirVolumeClaimTemplate }}
  {{- with .Values.cluster.datadirVolumeClaimTemplate }}
  datadirVolumeClaimTemplate:
    {{- if .storageClassName }}
    storageClassName: {{ .storageClassName | quote }}
    {{- end}}
    {{- if .accessModes }}
    accessModes: [ "{{ .accessModes }}" ]
    {{- end }}
    {{- if .size }}
    resources:
      requests:
        storage: "{{ .size }}"
    {{- end }}
  {{- end }}
  {{- end }}
  {{ include "cluster.init" . | nindent 2 }}
  {{ include "cluster.backup" . | nindent 2 }}
@@ -1,21 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "mysql.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
    {{- include "cluster.selectorLabels" . | nindent 4 }}    
    {{- with .Values.global.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}    
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
@@ -1,148 +0,0 @@
 global:
  nameOverride:
  labels: {}
  annotations: {}
 serviceAccount:
  enabled: true
  labels: {}
  annotations: {}
  name: ""
 ###
 # Cluster mode of operation. Available modes:
 # * `standalone` - Default mode. Creates new or updates an existing cluster.
 # * `recovery` - Same as standalone but creates a cluster from a backup
 # * `clone` - Create database as a replica from another cluster
 mode: standalone
 ##
 # Cluster spec
 #
 # Reference: https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-properties.html#mysql-operator-spec-innodbclusterspecinitdbdumpstorages3
 #
 cluster:
  serverInstances: 1
  baseServerId: 1000
  # Existing secret that contains the keys "rootUser", "rootHost", and "rootPassword"
  exisitingCredentialsSecret: ""
  image:
    version: 8.4.0
    pullPolicy: IfNotPresent
  router:
    instances: 1
    podSpec: {}
    podAnnotations: {}
    podLabels: {}
  logs:
    error:
      enabled: true
      collect: false
    general:
      enabled: false
      collect: false
    slowQuery:
      enabled: false
      longQueryTime: 2.5
  serverConfig:
    mycnf: |
      [mysqld]
      core_file
      local_infile=off
      mysql_native_password=ON
  datadirVolumeClaimTemplate:
    storageClassName: ""
    accessModes: ""
    size: ""
  podSpec:
    containers:
      - name: mysql
        resources:
          limits:
            memory: 1024Mi
            cpu: 1000m
          requests:
            memory: 512Mi
            cpu: 100m
  podAnnotations: {}
  podLabels: {}
 ##
 # Recovery database from storage
 #
 recovery:
  # * `s3` - Restores from s3 object store
  # * `pvc` - Restores from persistent volume claim
  type:
  # -- Name of the dump. Not used by the operator, but a descriptive hint for the cluster administrator
  name: ""
  # -- Path to the dump in the PVC. Use when specifying persistentVolumeClaim. Omit for ociObjectStorage, S3, or azure.
  path: ""
  # -- A dictionary of key-value pairs passed directly to MySQL Shell's loadDump()
  options: {}
  s3:
    # -- Path in the bucket where the dump files are stored
    prefix: ""
    # -- Name of a Secret with S3 configuration and credentials as contained in ~/.aws/config
    config: ""
    # -- Name of the S3 bucket where the dump is stored
    bucketName: ""
    # -- Override endpoint URL
    endpoint: ""
  persistentVolumeClaim: {}
 ##
 # Clone database from another instance
 #
 clone:
  donorUrl: ""
  rootUser: root
  exisitingCredentialsSecret: ""
 ##
 # Backup database to pvc or s3
 #
 backup:
  enabled: false
  profiles:
 ## -- Example profile that back ups to local pvc
 #    - name: pvc-backup
 #      dumpInstance:
 #        storage:
 #          persistentVolumeClaim:
 #            claimName: backup-volume-claim
 ## -- Example profile that back ups to s3 endpoint
 #    - name: s3-backup
 #      snapshot:
 #        storage:
 #          s3:
 #            prefix: ""
 #            config: ""
 #            bucketName: ""
 #            endpoint: ""
  schedules:
 ## -- Example schedule that backups daily
 #    - name: schedule-daily
 #      enabled: true
 #      schedule: "0 0 0 * * *"
 #      timeZone: "US/Central"
 #      deleteBackupData: false
 #      backupProfileName:
@@ -1,13 +1,14 @@
 apiVersion: v2
 name: postgres-cluster
-version: 3.4.0
+version: 6.18.0
-description: Chart for cloudnative-pg cluster
+description: Cloudnative-pg Cluster
 keywords:
  - database
  - postgres
 sources:
  - https://github.com/cloudnative-pg/cloudnative-pg
  - https://github.com/cloudnative-pg/charts/tree/main/charts/cluster
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.23.1
+appVersion: v1.27.0
@@ -1,17 +1,114 @@
-## Introduction
+# postgres-cluster
-[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
+![Version: 6.17.1](https://img.shields.io/badge/Version-6.17.1-informational?style=flat-square) ![AppVersion: v1.27.0](https://img.shields.io/badge/AppVersion-v1.27.0-informational?style=flat-square)
-CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
+Cloudnative-pg Cluster
-This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+## Maintainers
-## Prerequisites
+| Name | Email | Url |
 | ---- | ------ | --- |
 | alexlebens |  |  |
- Kubernetes
+## Source Code
 - Helm
 - CloudNative PG Operator
-## Parameters
+* <https://github.com/cloudnative-pg/cloudnative-pg>
 * <https://github.com/cloudnative-pg/charts/tree/main/charts/cluster>
-See the [values files](values.yaml).
+## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | backup | object | `{"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
 | backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
 | backup.objectStore | list | `[]` | Options for object store backups |
 | backup.scheduledBackups | list | `[]` | List of scheduled backups |
 | cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.7-standard-trixie"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
 | cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
 | cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
 | cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.7-standard-trixie"}` | Default image |
 | cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
 | cluster.initdb | object | `{}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
 | cluster.logLevel | string | `"info"` | The instances' log level, one of the following values: error, warning, info (default), debug, trace |
 | cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}}` | Enable default monitoring and alert rules |
 | cluster.monitoring.customQueries | list | `[]` | Custom Prometheus metrics Will be stored in the ConfigMap |
 | cluster.monitoring.customQueriesSecret | list | `[]` | The list of secrets containing the custom queries |
 | cluster.monitoring.disableDefaultQueries | bool | `false` | Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. |
 | cluster.monitoring.enabled | bool | `false` | Whether to enable monitoring |
 | cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
 | cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
 | cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
 | cluster.monitoring.prometheusRule.enabled | bool | `false` | Whether to enable the PrometheusRule automated alerts |
 | cluster.monitoring.prometheusRule.excludeRules | list | `["CNPGClusterLastFailedArchiveTimeWarning"]` | Exclude specified rules |
 | cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
 | cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
 | cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
 | cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
 | cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
 | cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
 | cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
 | cluster.postgresql.synchronous | object | `{}` | Quorum-based Synchronous Replication |
 | cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
 | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
 | cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
 | cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
 | cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
 | cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
 | cluster.storage | object | `{"size":"10Gi","storageClass":""}` | Default storage size |
 | mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup |
 | nameOverride | string | `""` | Override the name of the cluster |
 | namespaceOverride | string | `""` | Override the namespace of the chart |
 | poolers | list | `[]` | List of PgBouncer poolers |
 | recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"https://nyc3.digitaloceanspaces.com","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"disable","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
 | recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
 | recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
 | recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
 | recovery.backup.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
 | recovery.backup.pitrTarget.time | string | `""` | Time in RFC3339 format |
 | recovery.import.databases | list | `[]` | Databases to import |
 | recovery.import.pgDumpExtraOptions | list | `[]` | List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
 | recovery.import.pgRestoreExtraOptions | list | `[]` | List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
 | recovery.import.postImportApplicationSQL | list | `[]` | List of SQL queries to be executed as a superuser in the application database right after is imported. To be used with extreme care. Only available in microservice type. |
 | recovery.import.roles | list | `[]` | Roles to import |
 | recovery.import.schemaOnly | bool | `false` | When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import. |
 | recovery.import.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"}` | Configuration for the source database |
 | recovery.import.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
 | recovery.import.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
 | recovery.import.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
 | recovery.import.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
 | recovery.import.type | string | `"microservice"` | One of `microservice` or `monolith.` See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works |
 | recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported). * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to        migrate databases to CloudNativePG, even from outside Kubernetes. * `import` - Import one or more databases from an existing Postgres cluster. |
 | recovery.objectStore.clusterName | string | `""` | Override the name of the backup cluster, defaults to "cluster.name" |
 | recovery.objectStore.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | recovery.objectStore.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
 | recovery.objectStore.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
 | recovery.objectStore.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
 | recovery.objectStore.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
 | recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
 | recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
 | recovery.objectStore.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
 | recovery.objectStore.endpointURL | string | `"https://nyc3.digitaloceanspaces.com"` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
 | recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
 | recovery.objectStore.name | string | `"recovery"` | Object store backup name |
 | recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
 | recovery.objectStore.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
 | recovery.objectStore.pitrTarget.time | string | `""` | Time in RFC3339 format |
 | recovery.objectStore.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
 | recovery.objectStore.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | recovery.objectStore.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
 | recovery.objectStore.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
 | recovery.pgBaseBackup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
 | recovery.pgBaseBackup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
 | recovery.pgBaseBackup.secret | string | `""` | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch |
 | recovery.pgBaseBackup.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"disable","sslRootCertSecret":{"key":"","name":""},"username":""}` | Configuration for the source database |
 | recovery.pgBaseBackup.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
 | recovery.pgBaseBackup.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
 | recovery.pgBaseBackup.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
 | recovery.pgBaseBackup.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
 | type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterBackendsWaitingWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster a backend is waiting for longer than 5 minutes.
  description: |-
    Pod {{`{{`}} $labels.pod {{`}}`}}
    has been waiting for longer than 5 minutes
 expr: |
  cnpg_backends_waiting_total > 300
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterDatabaseDeadlockConflictsWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has over 10 deadlock conflicts.
  description: |-
    There are over 10 deadlock conflicts in
    {{`{{`}} $labels.pod {{`}}`}}
 expr: |
  cnpg_pg_stat_database_deadlocks > 10
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,26 @@
 {{- $alert := "CNPGClusterHACritical" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has no standby replicas!
  description: |-
    CloudNativePG Cluster "{{ .labels.job }}" has no ready standby replicas. Your cluster at a severe
    risk of data loss and downtime if the primary instance fails.
    The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint
    will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main.
    This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less
    instances. The replaced instance may need some time to catch-up with the cluster primary instance.
    This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this
    case you may want to silence it.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
 expr: |
  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 1
 for: 5m
 labels:
  severity: critical
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,24 @@
 {{- $alert := "CNPGClusterHAWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster less than 2 standby replicas.
  description: |-
    CloudNativePG Cluster "{{ .labels.job }}" has only {{ .value }} standby replicas, putting
    your cluster at risk if another instance fails. The cluster is still able to operate normally, although
    the `-ro` and `-r` endpoints operate at reduced capacity.
    This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may
    need some time to catch-up with the cluster primary instance.
    This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances.
    In this case you may want to silence it.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
 expr: |
  max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 2
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,17 @@
 {{- $alert := "CNPGClusterHighConnectionsCritical" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Instance maximum number of connections critical!
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
    the maximum number of connections.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
 expr: |
  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 95
 for: 5m
 labels:
  severity: critical
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,17 @@
 {{- $alert := "CNPGClusterHighConnectionsWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Instance is approaching the maximum number of connections.
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
    the maximum number of connections.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
 expr: |
  sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 80
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,19 @@
 {{- $alert := "CNPGClusterHighReplicationLag" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster high replication lag
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is experiencing a high replication lag of
    {{ .value }}ms.
    High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
 expr: |
  max(cnpg_pg_replication_lag{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) * 1000 > 1000
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,19 @@
 {{- $alert := "CNPGClusterInstancesOnSameNode" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster instances are located on the same node.
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has {{ .value }}
    instances on the same node {{ .labels.node }}.
    A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
 expr: |
  count by (node) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) > 1
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,15 @@
 {{- $alert := "CNPGClusterLastFailedArchiveTimeWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster last time archiving failed.
  description: |-
    Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
 expr: |
  (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 2
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterLongRunningTransactionWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster query is taking longer than 5 minutes.
  description: |-
    CloudNativePG Cluster Pod {{`{{`}} $labels.pod {{`}}`}}
    is taking more than 5 minutes (300 seconds) for a query.
 expr: |-
  cnpg_backends_max_tx_duration_seconds > 300
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,24 @@
 {{- $alert := "CNPGClusterLowDiskSpaceCritical" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Instance is running out of disk space!
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running extremely low on disk space. Check attached PVCs!
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
 expr: |
  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.9 OR
  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.9 OR
  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
      /
      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
      *
      on(namespace, persistentvolumeclaim) group_left(volume)
      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
  ) > 0.9
 for: 5m
 labels:
  severity: critical
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,24 @@
 {{- $alert := "CNPGClusterLowDiskSpaceWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Instance is running out of disk space.
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running low on disk space. Check attached PVCs.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
 expr: |
  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.7 OR
  max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.7 OR
  max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
      /
      sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
      *
      on(namespace, persistentvolumeclaim) group_left(volume)
      kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
  ) > 0.7
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,19 @@
 {{- $alert := "CNPGClusterOffline" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has no running instances!
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has no ready instances.
    Having an offline cluster means your applications will not be able to access the database, leading to
    potential service disruption and/or data loss.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
 expr: |
  (count(cnpg_collector_up{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) OR on() vector(0)) == 0
 for: 5m
 labels:
  severity: critical
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterPGDatabaseXidAgeWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
  description: |-
    Over 300,000,000 transactions from frozen xid
    on pod {{`{{`}} $labels.pod {{`}}`}}
 expr: |
  cnpg_pg_database_xid_age > 300000000
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,15 @@
 {{- $alert := "CNPGClusterPGReplicationWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster standby is lagging behind the primary.
  description: |-
    Standby is lagging behind by over 300 seconds (5 minutes)
 expr: |
  cnpg_pg_replication_lag > 300
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,16 @@
 {{- $alert := "CNPGClusterReplicaFailingReplicationWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster has a replica is failing to replicate.
  description: |-
    Replica {{`{{`}} $labels.pod {{`}}`}}
    is failing to replicate
 expr: |
  cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
 for: 1m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -0,0 +1,18 @@
 {{- $alert := "CNPGClusterZoneSpreadWarning" -}}
 {{- if not (has $alert .excludeRules) -}}
 alert: {{ $alert }}
 annotations:
  summary: CNPG Cluster instances in the same zone.
  description: |-
    CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has instances in the same availability zone.
    A disaster in one availability zone will lead to a potential service disruption and/or data loss.
  runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
 expr: |
  {{ .Values.cluster.instances }} > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
 for: 5m
 labels:
  severity: warning
  namespace: {{ .namespace }}
  cnpg_cluster: {{ .cluster }}
 {{- end -}}
@@ -1,30 +0,0 @@
 {{- define "cluster.backup" -}}
 {{- if .Values.backup.enabled }}
 backup:
  retentionPolicy: {{ .Values.backup.retentionPolicy }}
  barmanObjectStore:
    destinationPath: {{ .Values.backup.destinationPath }}
    endpointURL: {{ .Values.backup.endpointURL }}
    {{- if .Values.backup.endpointCA }}
    endpointCA:
      name: {{ .Values.backup.endpointCA }}
      key: ca-bundle.crt
    {{- end }}
    serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
    s3Credentials:
      accessKeyId:
        name: {{ include "cluster.backupCredentials" . }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: {{ include "cluster.backupCredentials" . }}
        key: ACCESS_SECRET_KEY
    wal:
      compression: {{ .Values.backup.wal.compression }}
      encryption: {{ .Values.backup.wal.encryption }}
      maxParallel: {{ .Values.backup.wal.maxParallel }}
    data:
      compression: {{ .Values.backup.data.compression }}
      encryption: {{ .Values.backup.data.encryption }}
      jobs: {{ .Values.backup.data.jobs }}
 {{- end }}
 {{- end }}
@@ -1,91 +1,135 @@
 {{- define "cluster.bootstrap" -}}
-bootstrap:
+
 {{- if eq .Values.mode "standalone" }}
 bootstrap:
  initdb:
    {{- with .Values.cluster.initdb }}
-    {{- with (omit . "postInitApplicationSQL") }}
+        {{- with (omit . "postInitApplicationSQL" "owner" "import") }}
-    {{- . | toYaml | nindent 4 }}
+            {{- . | toYaml | nindent 4 }}
        {{- end }}
    {{- end }}
    {{- if .Values.cluster.initdb.owner }}
    owner: {{ tpl .Values.cluster.initdb.owner . }}
    {{- end }}
    {{- if (.Values.cluster.initdb.postInitApplicationSQL) }}
    postInitApplicationSQL:
      {{- if eq .Values.type "postgis" }}
      - CREATE EXTENSION IF NOT EXISTS postgis;
      - CREATE EXTENSION IF NOT EXISTS postgis_topology;
      - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
      - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
      {{- else if eq .Values.type "timescaledb" }}
      - CREATE EXTENSION IF NOT EXISTS timescaledb;
      {{- end }}
      {{- with .Values.cluster.initdb }}
-      {{- range .postInitApplicationSQL }}
+        {{- range .postInitApplicationSQL }}
-      {{- printf "- %s" . | nindent 6 }}
+          {{- printf "- %s" . | nindent 6 }}
        {{- end -}}
      {{- end }}
-      {{- end }}
+    {{- end }}
-{{- else if eq .Values.mode "replica" }}
+
 {{- else if eq .Values.mode "recovery" -}}
 bootstrap:
 {{- if eq .Values.recovery.method "pgBaseBackup" }}
  pg_basebackup:
    source: pgBaseBackupSource
    {{ with .Values.recovery.pgBaseBackup.database }}
    database: {{ . }}
    {{- end }}
    {{ with .Values.recovery.pgBaseBackup.owner }}
    owner: {{ . }}
    {{- end }}
    {{ with .Values.recovery.pgBaseBackup.secret }}
    secret:
      {{- toYaml . | nindent 6 }}
    {{- end }}
 externalClusters:
  {{- include "cluster.externalSourceCluster" (list "pgBaseBackupSource" .Values.recovery.pgBaseBackup.source) | nindent 2 }}
 {{- else if eq .Values.recovery.method "import" }}
  initdb:
    {{- with .Values.cluster.initdb }}
      {{- with (omit . "owner" "import" "postInitApplicationSQL") }}
        {{- . | toYaml | nindent 4 }}
      {{- end }}
    {{- end }}
    {{- if .Values.cluster.initdb.owner }}
    owner: {{ tpl .Values.cluster.initdb.owner . }}
    {{- end }}
    import:
-      type: {{ .Values.replica.importType }}
+      source:
        externalCluster: importSource
      type: {{ .Values.recovery.import.type }}
      databases:
-        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
+        {{- if and (gt (len .Values.recovery.import.databases) 1) (eq .Values.recovery.import.type "microservice") }}
          {{ fail "Too many databases in import type of microservice!" }}
        {{- else}}
-        {{- with .Values.replica.importDatabases }}
+        {{- with .Values.recovery.import.databases }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
        {{- end }}
-      {{- if eq .Values.replica.importType "monolith" }}
+      {{- if eq .Values.recovery.import.type "monolith" }}
      roles:
-        {{- with .Values.replica.importRoles }}
+        {{- with .Values.recovery.import.roles }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
      {{- end }}
-      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
+      {{- if and (.Values.recovery.import.postImportApplicationSQL) (eq .Values.recovery.import.type "microservice") }}
      postImportApplicationSQL:
-        {{- with .Values.replica.postImportApplicationSQL }}
+        {{- with .Values.recovery.import.postImportApplicationSQL }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
      {{- end }}
-      source:
+      schemaOnly: {{ .Values.recovery.import.schemaOnly }}
-        externalCluster: "{{ include "cluster.name" . }}-cluster"
+      {{ with .Values.recovery.import.pgDumpExtraOptions }}
      pgDumpExtraOptions:
        {{- . | toYaml | nindent 8 }}
      {{- end }}
      {{ with .Values.recovery.import.pgRestoreExtraOptions }}
      pgRestoreExtraOptions:
        {{- . | toYaml | nindent 8 }}
      {{- end }}
 externalClusters:
-  - name: "{{ include "cluster.name" . }}-cluster"
+  {{- include "cluster.externalSourceCluster" (list "importSource" .Values.recovery.import.source) | nindent 2 }}
-    {{- with .Values.replica.externalCluster }}
+
-    {{- . | toYaml | nindent 4 }}
+{{- else if eq .Values.recovery.method "backup" }}
    {{- end }}
 {{- else if eq .Values.mode "recovery" }}
  recovery:
-    {{- with .Values.recovery.pitrTarget.time }}
+    {{- with .Values.recovery.backup.pitrTarget.time }}
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
    {{ with .Values.recovery.backup.database }}
    database: {{ . }}
    {{- end }}
    {{ with .Values.recovery.backup.owner }}
    owner: {{ . }}
    {{- end }}
    backup:
      name: {{ .Values.recovery.backup.backupName }}
 {{- else if eq .Values.recovery.method "objectStore" }}
  recovery:
    {{- with .Values.recovery.objectStore.pitrTarget.time }}
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
    {{ with .Values.recovery.objectStore.database }}
    database: {{ . }}
    {{- end }}
    {{ with .Values.recovery.objectStore.owner }}
    owner: {{ . }}
    {{- end }}
    source: {{ include "cluster.recoveryServerName" . }}
 externalClusters:
  - name: {{ include "cluster.recoveryServerName" . }}
-    barmanObjectStore:
+    plugin:
-      serverName: {{ include "cluster.recoveryServerName" . }}
+      name: barman-cloud.cloudnative-pg.io
-      destinationPath: {{ .Values.recovery.destinationPath }}
+      enabled: true
-      endpointURL: {{ .Values.recovery.endpointURL }}
+      isWALArchiver: false
-      {{- with .Values.recovery.endpointCA }}
+      parameters:
-      endpointCA:
+        barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
-        name: {{ . }}
+        serverName: {{ include "cluster.recoveryServerName" . }}
-        key: ca-bundle.crt
+
-      {{- end }}
+{{-  else }}
-      s3Credentials:
+  {{ fail "Invalid recovery mode!" }}
-        accessKeyId:
+{{- end }}
-          name: {{ include "cluster.recoveryCredentials" . }}
+
-          key: ACCESS_KEY_ID
+{{-  else }}
        secretAccessKey:
          name: {{ include "cluster.recoveryCredentials" . }}
          key: ACCESS_SECRET_KEY
      wal:
        compression: {{ .Values.recovery.wal.compression }}
        encryption: {{ .Values.recovery.wal.encryption }}
        maxParallel: {{ .Values.recovery.wal.maxParallel }}
      data:
        compression: {{ .Values.recovery.data.compression }}
        encryption: {{ .Values.recovery.data.encryption }}
        jobs: {{ .Values.recovery.data.jobs }}
 {{- else }}
  {{ fail "Invalid cluster mode!" }}
 {{- end }}
 {{- end }}
@@ -0,0 +1,12 @@
 {{- define "cluster.color-error" }}
  {{- printf "\033[0;31m%s\033[0m" . -}}
 {{- end }}
 {{- define "cluster.color-ok" }}
  {{- printf "\033[0;32m%s\033[0m" . -}}
 {{- end }}
 {{- define "cluster.color-warning" }}
  {{- printf "\033[0;33m%s\033[0m" . -}}
 {{- end }}
 {{- define "cluster.color-info" }}
  {{- printf "\033[0;34m%s\033[0m" . -}}
 {{- end }}
@@ -0,0 +1,33 @@
 {{- define "cluster.externalSourceCluster" -}}
 {{- $name := first . -}}
 {{- $config := last . -}}
 - name: {{ first . }}
  connectionParameters:
    host: {{ $config.host | quote }}
    port: {{ $config.port | quote }}
    user: {{ $config.username | quote }}
    {{- with $config.database }}
    dbname: {{ . | quote }}
    {{- end }}
    sslmode: {{ $config.sslMode | quote }}
  {{- if $config.passwordSecret.name }}
  password:
    name: {{ $config.passwordSecret.name }}
    key: {{ $config.passwordSecret.key }}
  {{- end }}
  {{- if $config.sslKeySecret.name }}
  sslKey:
    name: {{ $config.sslKeySecret.name }}
    key: {{ $config.sslKeySecret.key }}
  {{- end }}
  {{- if $config.sslCertSecret.name }}
  sslCert:
    name: {{ $config.sslCertSecret.name }}
    key: {{ $config.sslCertSecret.key }}
  {{- end }}
  {{- if $config.sslRootCertSecret.name }}
  sslRootCert:
    name: {{ $config.sslRootCertSecret.name }}
    key: {{ $config.sslRootCertSecret.key }}
  {{- end }}
 {{- end }}
@@ -20,53 +20,58 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "cluster.labels" -}}
-helm.sh/chart: {{ include "cluster.chart" . }}
+helm.sh/chart: {{ include "cluster.chart" $ }}
-{{ include "cluster.selectorLabels" . }}
+{{ include "cluster.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/version: {{ .Chart.Version | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- with .Values.cluster.additionalLabels }}
 {{ toYaml . }}
 {{- end }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "cluster.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "cluster.name" . }}
+app.kubernetes.io/name: {{ include "cluster.name" $ }}
 app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: cloudnative-pg
+app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
-Generate name for object store credentials
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
 */}}
-{{- define "cluster.recoveryCredentials" -}}
+{{- define "cluster.namespace" -}}
-  {{- if .Values.recovery.endpointCredentials -}}
+  {{- if .Values.namespaceOverride -}}
-    {{- .Values.recovery.endpointCredentials -}}
+    {{- .Values.namespaceOverride -}}
  {{- else -}}
-    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+    {{- .Release.Namespace -}}
-  {{- end }}
+  {{- end -}}
-{{- end }}
+{{- end -}}
 {{- define "cluster.backupCredentials" -}}
  {{- if .Values.backup.endpointCredentials -}}
    {{- .Values.backup.endpointCredentials -}}
  {{- else -}}
    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
-Generate backup server name
+Postgres UID
 */}}
-{{- define "cluster.backupName" -}}
+{{- define "cluster.postgresUID" -}}
-  {{- if .Values.backup.backupName -}}
+  {{- if ge (int .Values.cluster.postgresUID) 0 -}}
-    {{- .Values.backup.backupName -}}
+    {{- .Values.cluster.postgresUID }}
  {{- else -}}
-    {{ include "cluster.name" . }}
+    {{- 26 -}}
-  {{- end }}
+  {{- end -}}
-{{- end }}
+{{- end -}}
 {{/*
 Postgres GID
 */}}
 {{- define "cluster.postgresGID" -}}
  {{- if ge (int .Values.cluster.postgresGID) 0 -}}
    {{- .Values.cluster.postgresGID }}
  {{- else -}}
    {{- 26 -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Generate recovery server name
@@ -75,17 +80,6 @@ Generate recovery server name
  {{- if .Values.recovery.recoveryServerName -}}
    {{- .Values.recovery.recoveryServerName -}}
  {{- else -}}
-    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate recovery instance name
 */}}
 {{- define "cluster.recoveryInstanceName" -}}
  {{- if .Values.recovery.recoveryInstanceName -}}
    {{- .Values.recovery.recoveryInstanceName -}}
  {{- else -}}
    {{ include "cluster.name" . }}
  {{- end }}
 {{- end }}
@@ -2,28 +2,61 @@ apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: {{ include "cluster.name" . }}-cluster
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "cluster.namespace" . }}
  {{- with .Values.cluster.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  instances: {{ .Values.cluster.instances }}
  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
+  imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
-  postgresUID: {{ .Values.cluster.postgresUID }}
+  {{- with .Values.cluster.imagePullSecrets }}
-  postgresGID: {{ .Values.cluster.postgresGID }}
+  imagePullSecrets:
-  walStorage:
+    {{- . | toYaml | nindent 4 }}
-    size: {{ .Values.cluster.walStorage.size }}
+  {{- end }}
-    storageClass: {{ .Values.cluster.walStorage.storageClass }}
+  postgresUID: {{ include "cluster.postgresUID" . }}
  postgresGID: {{ include "cluster.postgresGID" . }}
  plugins:
  {{- range $objectStore := .Values.backup.objectStore }}
    - name: barman-cloud.cloudnative-pg.io
      enabled: true
      {{- if $objectStore.isWALArchiver }}
      isWALArchiver: true
      {{- else }}
      isWALArchiver: false
      {{- end }}
      parameters:
        barmanObjectName: "{{ include "cluster.name" $ }}-{{ $objectStore.name }}-backup"
        {{- if $objectStore.clusterName }}
        serverName: "{{ $objectStore.clusterName }}-backup-{{ $objectStore.index }}"
        {{- else }}
        serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
        {{- end }}
  {{- end }}
  {{ if (eq .Values.recovery.method "objectStore") }}
  externalClusters:
    - name: recovery
      plugin:
        name: barman-cloud.cloudnative-pg.io
        parameters:
          barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
          serverName: {{ include "cluster.recoveryServerName" . }}
  {{ end }}
  storage:
    size: {{ .Values.cluster.storage.size }}
    {{- if not (empty .Values.cluster.storage.storageClass) }}
    storageClass: {{ .Values.cluster.storage.storageClass }}
    {{- end }}
  {{- if .Values.cluster.walStorage.enabled }}
  walStorage:
    size: {{ .Values.cluster.walStorage.size }}
    {{- if not (empty .Values.cluster.walStorage.storageClass) }}
    storageClass: {{ .Values.cluster.walStorage.storageClass }}
    {{- end }}
  {{- end }}
  {{- with .Values.cluster.resources }}
  resources:
    {{- toYaml . | nindent 4 }}
@@ -32,21 +65,94 @@ spec:
  affinity:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- if .Values.cluster.priorityClassName }}
  priorityClassName: {{ .Values.cluster.priorityClassName }}
  {{- end }}
  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
  logLevel: {{ .Values.cluster.logLevel }}
  {{- with .Values.cluster.certificates }}
  certificates:
    {{- toYaml . | nindent 4 }}
  {{ end }}
  enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
  {{- with .Values.cluster.superuserSecret }}
  superuserSecret:
    name: {{ . }}
  {{ end }}
  enablePDB: {{ .Values.cluster.enablePDB }}
  postgresql:
    {{- if .Values.cluster.postgresql.shared_preload_libraries }}
    shared_preload_libraries:
-      {{- if eq .Values.type "timescaledb" }}
+      {{- with .Values.cluster.postgresql.shared_preload_libraries }}
-      - timescaledb
+      {{- toYaml . | nindent 6 }}
      {{- end }}
    {{- end }}
    {{- with .Values.cluster.postgresql.pg_hba }}
    pg_hba:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .Values.cluster.postgresql.pg_ident }}
    pg_ident:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .Values.cluster.postgresql.ldap  }}
    ldap:
      {{- toYaml . | nindent 6 }}
    {{- end}}
    {{- with .Values.cluster.postgresql.synchronous }}
    synchronous:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- with .Values.cluster.postgresql.parameters }}
    parameters:
      {{- toYaml . | nindent 6 }}
    {{- end }}
  {{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
  managed:
    {{- with .Values.cluster.services }}
    services:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- with .Values.cluster.roles }}
    roles:
      {{- toYaml . | nindent 6 }}
    {{ end }}
  {{- end }}
  {{- with .Values.cluster.serviceAccountTemplate }}
  serviceAccountTemplate:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  monitoring:
    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
    disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
    {{- if not (empty .Values.cluster.monitoring.customQueries) }}
    customQueriesConfigMap:
      - name: {{ include "cluster.name" . }}-monitoring
        key: custom-queries
    {{- end }}
    {{- if not (empty .Values.cluster.monitoring.customQueriesSecret) }}
    {{- with .Values.cluster.monitoring.customQueriesSecret }}
    customQueriesSecret:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- end }}
    {{- if not (empty .Values.cluster.monitoring.podMonitor.relabelings) }}
    {{- with .Values.cluster.monitoring.podMonitor.relabelings }}
    podMonitorRelabelings:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- end }}
    {{- if not (empty .Values.cluster.monitoring.podMonitor.metricRelabelings) }}
    {{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
    podMonitorMetricRelabelings:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- end }}
  {{ include "cluster.bootstrap" . | nindent 2 }}
  {{ include "cluster.backup" . | nindent 2 }}
@@ -0,0 +1,18 @@
 {{- if not (empty .Values.cluster.monitoring.customQueries) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "cluster.name" $ }}-monitoring
  namespace: {{ include "cluster.namespace" $ }}
  labels:
    cnpg.io/reload: ""
    {{- include "cluster.labels" $ | nindent 4 }}
 data:
  custom-queries: |
    {{- range .Values.cluster.monitoring.customQueries }}
    {{ .name }}:
      query: {{ .query | quote }}
      metrics:
        {{- .metrics | toYaml | nindent 8 }}
    {{- end }}
 {{- end }}
@@ -0,0 +1,90 @@
 {{ if (eq .Values.backup.method "objectStore") }}
 {{ $context := . -}}
 {{ range .Values.backup.objectStore -}}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
  name: "{{ include "cluster.name" $context }}-{{ .name }}-backup"
  namespace: {{ include "cluster.namespace" $context }}
  labels:
    {{- include "cluster.labels" $context | nindent 4 }}
 spec:
  retentionPolicy: {{ .retentionPolicy | default "30d" }}
  configuration:
    destinationPath: {{ .destinationPath | required "Destination path is required" }}
    endpointURL: {{ .endpointURL | default "https://nyc3.digitaloceanspaces.com" }}
    {{- if .endpointCA }}
    endpointCA:
      name: {{ .endpointCA.name }}
      key: {{ .endpointCA.key }}
    {{- end }}
    {{- if .wal }}
    wal:
      compression: {{ .wal.compression | default "snappy" }}
      {{ with .wal.encryption }}
      encryption: {{ . }}
      {{ end }}
      maxParallel: {{ .wal.maxParallel | default "1" }}
    {{- end }}
    {{- if .data }}
    data:
      compression: {{ .data.compression | default "snappy"  }}
      {{- with .data.encryption }}
      encryption: {{ . }}
      {{- end }}
      jobs: {{ .data.jobs | default 1 }}
    {{- end }}
    s3Credentials:
      accessKeyId:
        name: {{ .endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-") }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: {{ .endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-") }}
        key: ACCESS_SECRET_KEY
    {{- if .endpointCredentialsIncludeRegion }}
      region:
        name: {{ .endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-") }}
        key: ACCESS_REGION
    {{- end }}
 {{ end -}}
 {{ end }}
 {{ if eq .Values.recovery.method "objectStore" }}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
  name: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
  namespace: {{ include "cluster.namespace" . }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
 spec:
  configuration:
    destinationPath: {{ .Values.recovery.objectStore.destinationPath }}
    endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
    {{- if .Values.recovery.objectStore.endpointCA.name }}
    endpointCA:
      name: {{ .Values.recovery.objectStore.endpointCA.name }}
      key: {{ .Values.recovery.objectStore.endpointCA.key }}
    {{- end }}
    wal:
      compression: {{ .Values.recovery.objectStore.wal.compression }}
      {{- with .Values.recovery.objectStore.wal.encryption}}
      encryption: {{ . }}
      {{- end }}
      maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
    data:
      compression: {{ .Values.recovery.objectStore.data.compression }}
      {{- with .Values.recovery.objectStore.data.encryption }}
      encryption: {{ . }}
      {{- end }}
      jobs: {{ .Values.recovery.objectStore.data.jobs }}
    s3Credentials:
      accessKeyId:
        name: {{ .Values.recovery.objectStore.endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-") }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: {{ .Values.recovery.objectStore.endpointCredentials | default (printf "%s-cluster-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-") }}
        key: ACCESS_SECRET_KEY
 {{ end }}
@@ -0,0 +1,51 @@
 {{- range .Values.poolers }}
 ---
 apiVersion: postgresql.cnpg.io/v1
 kind: Pooler
 metadata:
  name: {{ include "cluster.name" $  }}-pooler-{{ .name }}
  namespace: {{ include "cluster.namespace" $ }}
  labels:
    {{- include "cluster.labels" $ | nindent 4 }}
 spec:
  cluster:
    name: {{ include "cluster.name" $ }}
  instances: {{ .instances }}
  type: {{ default "rw" .type }}
  pgbouncer:
    poolMode: {{ default "session" .poolMode }}
    {{- with .authQuerySecret }}
    authQuerySecret:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .authQuery }}
    authQuery:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .parameters }}
    parameters:
      {{- toYaml . | nindent 6 }}
    {{- end }}
    {{- with .pg_hba }}
    pg_hba:
      {{- toYaml . | nindent 6 }}
    {{- end }}
  {{ with .monitoring }}
  monitoring:
  {{- if not (empty .podMonitor) }}
    enablePodMonitor: {{ and .enabled .podMonitor.enabled }}
    {{- with .podMonitor.relabelings }}
    podMonitorRelabelings:
      {{- toYaml . | nindent 6 }}
    {{ end }}
    {{- with .podMonitor.metricRelabelings }}
    podMonitorMetricRelabelings:
      {{- toYaml . | nindent 6 }}
    {{ end }}
  {{- end }}
  {{- end }}
  {{- with .template }}
  template:
    {{- . | toYaml | nindent 4 }}
  {{- end }}
 {{- end }}
@@ -2,22 +2,19 @@
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: {{ include "cluster.name" . }}-alert-rules
+  name: {{ include "cluster.name" $ }}-alert-rules
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "cluster.namespace" $ }}
  labels:
-    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.labels" $ | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  groups:
    - name: cloudnative-pg/{{ include "cluster.name" . }}
      rules:
        {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
-        {{- $_ := set $dict "value"       "{{ $value }}" -}}
+        {{- $_ := set $dict "value"       "{{`{{`}} $value {{`}}`}}" -}}
        {{- $_ := set $dict "namespace"   .Release.Namespace -}}
        {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
-        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{`{{`}} $labels.job {{`}}`}}" "node" "{{`{{`}} $labels.node {{`}}`}}" "pod" "{{`{{`}} $labels.pod {{`}}`}}") -}}
        {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
        {{- $_ := set $dict "Values"      .Values -}}
        {{- $_ := set $dict "Template"    .Template -}}
@@ -26,5 +23,5 @@ spec:
        {{- with $tpl }}
        - {{ $tpl }}
        {{- end -}}
-        {{- end -}}
+        {{- end }}
 {{ end }}
@@ -1,18 +1,23 @@
-{{ if .Values.backup.enabled }}
+{{ $context := . -}}
 {{ range .Values.backup.scheduledBackups -}}
 ---
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: {{ include "cluster.name" . }}-scheduled-backup
+  name: "{{ include "cluster.name" $context }}-{{ .name }}-scheduled-backup"
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ include "cluster.namespace" $context }}
  labels:
-    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.labels" $context | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
-  immediate: true
+  immediate: {{ .immediate | default false }}
-  schedule: {{ .Values.backup.schedule }}
+  suspend: {{ .suspend | default false }}
-  backupOwnerReference: self
+  schedule: {{ .schedule | quote | required "Schedule is required" }}
  backupOwnerReference: {{ .backupOwnerReference | default "self" }}
  cluster:
-    name: {{ include "cluster.name" . }}-cluster
+    name: {{ include "cluster.name" $context }}-cluster
-{{ end }}
+  method: plugin
  pluginConfiguration:
    name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
    parameters:
      barmanObjectName: "{{ include "cluster.name" $context }}-{{ .backupName }}-backup"
 {{ end -}}
@@ -1,197 +1,555 @@
 # -- Override the name of the cluster
 nameOverride: ""
-###
+# -- Override the namespace of the chart
 namespaceOverride: ""
 # -- Type of the CNPG database. Available types:
 # * `postgresql`
 # * `postgis`
 # * `timescaledb`
 type: postgresql
-###
+# -- Cluster mode of operation. Available modes:
 # Cluster mode of operation. Available modes:
 # * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
 # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
 # * `replica` - Create database as a replica from another CNPG cluster
 mode: standalone
 # -- Cluster settings
 cluster:
  instances: 3
  # -- Default image
  image:
    repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "16.3"
+    tag: 18.1-standard-trixie
    pullPolicy: IfNotPresent
-  # The UID and GID of the postgres user inside the image
+  # -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
-  postgresUID: 26
+  # More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
-  postgresGID: 26
+  imagePullPolicy: IfNotPresent
-  walStorage:
+  # -- The list of pull secrets to be used to pull the images.
-    size: 2Gi
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference
-    storageClass: ""
+  imagePullSecrets: []
  # -- Default storage size
  storage:
    size: 10Gi
    storageClass: ""
  walStorage:
    enabled: true
    size: 2Gi
    storageClass: ""
  # -- The UID and GID of the postgres user inside the image, defaults to 26
  postgresUID: -1
  postgresGID: -1
  # -- Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/
  services: {}
  # -- Resources requirements of every generated Pod.
  # Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.
  # We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS.
  # See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
  resources:
    requests:
      memory: 256Mi
-      cpu: 10m
+      cpu: 100m
    limits:
      memory: 1Gi
      cpu: 800m
      hugepages-2Mi: 256Mi
  priorityClassName: ""
  # -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
  # successfully updated. It can be switchover (default) or restart.
  primaryUpdateMethod: switchover
  # -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
  primaryUpdateStrategy: unsupervised
  # -- The instances' log level, one of the following values: error, warning, info (default), debug, trace
  logLevel: "info"
  # -- Affinity/Anti-affinity rules for Pods.
  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
  affinity:
    enablePodAntiAffinity: true
    topologyKey: kubernetes.io/hostname
-  additionalLabels: {}
+  # -- The configuration for the CA and related certificates.
-  annotations: {}
+  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration
  certificates: {}
-  priorityClassName: ""
+  # -- When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
  # If the secret is not present, the operator will automatically create one.
  # When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
  # and then blank the password of the postgres user by setting it to NULL.
  enableSuperuserAccess: false
  superuserSecret: ""
-  # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # -- Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes
-  # successfully updated. It can be switchover (default) or in-place (restart).
+  # See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets
-  primaryUpdateMethod: switchover
+  enablePDB: true
-  # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
-  # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
+  # already present in the database.
-  primaryUpdateStrategy: unsupervised
+  # See: https://cloudnative-pg.io/documentation/current/declarative_role_management/
-
+  roles: []
-  logLevel: "info"
+    # - name: dante
    #   ensure: present
    #   comment: Dante Alighieri
    #   login: true
    #   superuser: false
    #   inRoles:
    #     - pg_monitor
    #     - pg_signal_backend
  # -- Enable default monitoring and alert rules
  monitoring:
    enabled: false
    podMonitor:
      enabled: true
    prometheusRule:
      enabled: true
      excludeRules: []
    # -- Whether to enable monitoring
    enabled: false
    podMonitor:
      # -- Whether to enable the PodMonitor
      enabled: true
      # --The list of relabelings for the PodMonitor.
      # Applied to samples before scraping.
      relabelings: []
      # -- The list of metric relabelings for the PodMonitor.
      # Applied to samples before ingestion.
      metricRelabelings: []
    prometheusRule:
      # -- Whether to enable the PrometheusRule automated alerts
      enabled: false
      # -- Exclude specified rules
      excludeRules:
        - CNPGClusterLastFailedArchiveTimeWarning
    # -- Whether the default queries should be injected.
    # Set it to true if you don't want to inject default queries into the cluster.
    disableDefaultQueries: false
    # -- Custom Prometheus metrics
    # Will be stored in the ConfigMap
    customQueries: []
    #  - name: "pg_cache_hit_ratio"
    #    query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
    #    metrics:
    #      - datname:
    #          usage: "LABEL"
    #          description: "Name of the database"
    #      - ratio:
    #          usage: GAUGE
    #          description: "Cache hit ratio"
    # -- The list of secrets containing the custom queries
    customQueriesSecret: []
    #  - name: custom-queries-secret
    #    key: custom-queries
  # -- Parameters to be set for the database itself
  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
  postgresql:
    # -- PostgreSQL configuration options (postgresql.conf)
    parameters:
      shared_buffers: 128MB
      max_slot_wal_keep_size: 2000MB
      hot_standby_feedback: "on"
-  # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
+    # -- Quorum-based Synchronous Replication
    synchronous: {}
      # method: any
      # number: 1
    # -- PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file)
    pg_hba: []
      # - host all all 10.244.0.0/16 md5
    # -- PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file)
    pg_ident: []
      # - mymap   /^(.*)@mydomain\.com$      \1
    # -- Lists of shared preload libraries to add to the default ones
    shared_preload_libraries: []
      # - pgaudit
    # -- PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration)
    ldap: {}
      # https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration
      # server: 'openldap.default.svc.cluster.local'
      # bindSearchAuth:
        # baseDN: 'ou=org,dc=example,dc=com'
        # bindDN: 'cn=admin,dc=example,dc=com'
        # bindPassword:
          # name: 'ldapBindPassword'
          # key: 'data'
        # searchAttribute: 'uid'
  # -- Bootstrap is the configuration of the bootstrap process when initdb is used.
  # See: https://cloudnative-pg.io/documentation/current/bootstrap/
  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
-  initdb:
+  initdb: {}
    {}
    # database: app
-    # owner: app
+    # owner: "" # Defaults to the database name
-    # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+    # secret:
-    # postInitApplicationSQL:
+    #   name: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
-    #   - CREATE TABLE IF NOT EXISTS example;
+    # options: []
    # encoding: UTF8
    # postInitSQL:
    #   - CREATE EXTENSION IF NOT EXISTS vector;
    # postInitApplicationSQL: []
    # postInitTemplateSQL: []
  # -- Configure the metadata of the generated service account
  serviceAccountTemplate: {}
  additionalLabels: {}
  annotations: {}
 # -- Recovery settings when booting cluster from external cluster
 recovery:
  # Point in time recovery target in RFC3339 format
  pitrTarget:
    time: ""
-  # S3 https endpoint and the s3:// path
+  # -- Available recovery methods:
-  endpointURL: ""
+  # * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
-  destinationPath: ""
+  # * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported).
  # * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to
  #        migrate databases to CloudNativePG, even from outside Kubernetes.
  # * `import` - Import one or more databases from an existing Postgres cluster.
  method: backup
-  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  # See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-a-backup-object
-  endpointCA: ""
+  backup:
-  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+    # -- Point in time recovery target. Specify one of the following:
-  endpointCredentials: ""
+    pitrTarget:
-  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
+      # -- Time in RFC3339 format
-  recoveryIndex: 1
+      time: ""
-  # Name of the recovery cluster in the object store, defaults to "cluster.name"
+    # -- Name of the database used by the application. Default: `app`.
-  recoveryServerName: ""
+    database: app
-  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
+    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
-  recoveryInstanceName: ""
+    owner: ""
-  wal:
+    # -- Name of the backup to recover from.
-    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    backupName: ""
    compression: snappy
    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    encryption: ""
    # Number of WAL files to be archived or restored in parallel.
    maxParallel: 2
  data:
    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    compression: snappy
    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    encryption: ""
    # Number of data files to be archived or restored in parallel.
    jobs: 2
-replica:
+  # See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-an-object-store
-  # See https://cloudnative-pg.io/documentation/current/database_import/
+  objectStore:
  # * `microservice` - Single database import as expected from cnpg clusters
  # * `monolith` - Import multiple databases and roles
  importType: microservice
-  # If type microservice only one database is allowed, default is app as standard in cnpg clusters
+    # -- Point in time recovery target. Specify one of the following:
-  importDatabases:
+    pitrTarget:
    - app
-  # If type microservice no roles are imported and ignored
+      # -- Time in RFC3339 format
-  importRoles: []
+      time: ""
-  # If import type is monolith postImportApplicationSQL is not supported and ignored
+    # -- Name of the database used by the application. Default: `app`.
-  postImportApplicationSQL: []
+    database: app
-  # External cluster connection, password specifies a secret name and the key containing the password value
+    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
-  externalCluster:
+    owner: ""
    connectionParameters:
      host: postgresql
      user: app
      dbname: app
    password:
      name: postgresql
      key: password
    # -- Object store backup name
    name: recovery
    # -- Overrides the provider specific default path. Defaults to:
    # S3: s3://<bucket><path>
    # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
    # Google: gs://<bucket><path>
    destinationPath: ""
    # -- Overrides the provider specific default endpoint. Defaults to:
    # S3: https://s3.<region>.amazonaws.com"
    # Leave empty if using the default S3 endpoint
    endpointURL: "https://nyc3.digitaloceanspaces.com"
    # -- Specifies a CA bundle to validate a privately signed certificate.
    endpointCA:
      # -- Creates a secret with the given value if true, otherwise uses an existing secret.
      create: false
      name: ""
      key: ""
    # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
    index: 1
    # -- Override the name of the backup cluster, defaults to "cluster.name"
    clusterName: ""
    # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
    endpointCredentials: ""
    # -- Storage
    wal:
      # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
      compression: snappy
      # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
      encryption: ""
      # -- Number of WAL files to be archived or restored in parallel.
      maxParallel: 1
    data:
      # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
      compression: snappy
      # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
      encryption: ""
      # -- Number of data files to be archived or restored in parallel.
      jobs: 1
  # See https://cloudnative-pg.io/documentation/current/bootstrap/#bootstrap-from-a-live-cluster-pg_basebackup
  pgBaseBackup:
    # -- Name of the database used by the application. Default: `app`.
    database: app
    # -- Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
    secret: ""
    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
    owner: ""
    # -- Configuration for the source database
    source:
      host: ""
      port: 5432
      username: ""
      database: "app"
      sslMode: "disable"
      passwordSecret:
        # -- Whether to create a secret for the password
        create: false
        # -- Name of the secret containing the password
        name: ""
        # -- The key in the secret containing the password
        key: "password"
        # -- The password value to use when creating the secret
        value: ""
      sslKeySecret:
        name: ""
        key: ""
      sslCertSecret:
        name: ""
        key: ""
      sslRootCertSecret:
        name: ""
        key: ""
  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-Import
  import:
    # -- One of `microservice` or `monolith.`
    # See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works
    type: "microservice"
    # -- Databases to import
    databases: []
    # -- Roles to import
    roles: []
    # -- List of SQL queries to be executed as a superuser in the application database right after is imported.
    # To be used with extreme care. Only available in microservice type.
    postImportApplicationSQL: []
    # -- When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import.
    schemaOnly: false
    # -- List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your
    # own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
    # operator's intended functionality or design.
    pgDumpExtraOptions: []
    # -- List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at
    # your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
    # operator's intended functionality or design.
    pgRestoreExtraOptions: []
    # -- Configuration for the source database
    source:
      host: ""
      port: 5432
      username: app
      database: app
      sslMode: "verify-full"
      passwordSecret:
        # -- Whether to create a secret for the password
        create: false
        # -- Name of the secret containing the password
        name: ""
        # -- The key in the secret containing the password
        key: "password"
        # -- The password value to use when creating the secret
        value: ""
      sslKeySecret:
        name: ""
        key: ""
      sslCertSecret:
        name: ""
        key: ""
      sslRootCertSecret:
        name: ""
        key: ""
 # -- Backup settings
 backup:
  enabled: false
-  # S3 endpoint starting with "https://"
+  # -- Method to create backups, options currently are only objectStore
-  endpointURL: ""
+  method: objectStore
-  # S3 path starting with "s3://"
+  # -- Options for object store backups
-  destinationPath: ""
+  objectStore: []
-  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+    # -
-  endpointCA: ""
+    #   # -- Object store backup name
    #   name: external
-  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+    #   # -- Overrides the provider specific default path. Defaults to:
-  endpointCredentials: ""
+    #   # S3: s3://<bucket><path>
    #   # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
    #   # Google: gs://<bucket><path>
    #   destinationPath: ""
-  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
+    #   # -- Overrides the provider specific default endpoint. Defaults to:
-  backupIndex: 1
+    #   # https://nyc3.digitaloceanspaces.com
    #   endpointURL: ""
-  # Name of the backup cluster in the object store, defaults to "cluster.name"
+    #   # -- Specifies a CA bundle to validate a privately signed certificate.
-  backupName: ""
+    #   endpointCA:
    #     # -- Creates a secret with the given value if true, otherwise uses an existing secret.
    #     create: false
-  wal:
+    #     name: ""
-    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    #     key: ""
    compression: snappy
    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    encryption: ""
    # Number of WAL files to be archived or restored in parallel.
    maxParallel: 2
  data:
    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    compression: snappy
    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    encryption: ""
    # Number of data files to be archived or restored in parallel.
    jobs: 2
-  # Retention policy for backups
+    #   # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
-  retentionPolicy: "30d"
+    #   index: 1
-  # Scheduled backup in cron format
+    #   # -- Override the name of the backup cluster, defaults to "cluster.name"
-  schedule: "0 0 0 * * *"
+    #   clusterName: ""
    #   # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
    #   endpointCredentials: ""
    #   # -- Retention policy for backups
    #   retentionPolicy: "30d"
    #   # -- Specificies if this backup will do WALs
    #   isWALArchiver: true
    #   # -- Storage
    #   wal:
    #     # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    #     compression: snappy
    #     # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    #     encryption: ""
    #     # -- Number of WAL files to be archived or restored in parallel.
    #     maxParallel: 1
    #   data:
    #     # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    #     compression: snappy
    #     # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
    #     encryption: ""
    #     # -- Number of data files to be archived or restored in parallel.
    #     jobs: 1
  # -- List of scheduled backups
  scheduledBackups: []
    # -
    #   # -- Scheduled backup name
    #   name: daily-backup
    #   # -- Schedule in cron format
    #   schedule: "0 0 0 * * *"
    #   # -- Start backup on deployment
    #   immediate: false
    #   # -- Temporarily stop scheduled backups from running
    #   suspend: false
    #   # -- Backup owner reference
    #   backupOwnerReference: self
    #   # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
    #   plugin: barman-cloud.cloudnative-pg.io
    #   # -- Name of backup target
    #   backupName: external
 # -- List of PgBouncer poolers
 poolers: []
  # -
  #   # -- Pooler name
  #   name: rw
  #   # -- PgBouncer type of service to forward traffic to.
  #   type: rw
  #   # -- PgBouncer pooling mode
  #   poolMode: transaction
  #   # -- Number of PgBouncer instances
  #   instances: 3
  #   # -- PgBouncer configuration parameters
  #   parameters:
  #     max_client_conn: "1000"
  #     default_pool_size: "25"
  #   monitoring:
  #     # -- Whether to enable monitoring
  #     enabled: false
  #     podMonitor:
  #         # -- Whether to enable the PodMonitor
  #       enabled: true
  #   # -- Custom PgBouncer deployment template.
  #   # Use to override image, specify resources, etc.
  #   template: {}
  # -
  #   # -- Pooler name
  #   name: ro
  #   # -- PgBouncer type of service to forward traffic to.
  #   type: ro
  #   # -- PgBouncer pooling mode
  #   poolMode: transaction
  #   # -- Number of PgBouncer instances
  #   instances: 3
  #   # -- PgBouncer configuration parameters
  #   parameters:
  #     max_client_conn: "1000"
  #     default_pool_size: "25"
  #   monitoring:
  #     # -- Whether to enable monitoring
  #     enabled: false
  #     podMonitor:
  #         # -- Whether to enable the PodMonitor
  #       enabled: true
  #   # -- Custom PgBouncer deployment template.
  #   # Use to override image, specify resources, etc.
  #   template: {}
@@ -0,0 +1,56 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:recommended",
    "mergeConfidence:all-badges",
    ":rebaseStalePrs"
  ],
  "timezone": "US/Central",
  "labels": [],
  "prHourlyLimit": 0,
  "prConcurrentLimit": 0,
  "packageRules": [
    {
      "description": "Label charts",
      "matchDatasources": ["helm"],
      "addLabels": ["chart"],
      "automerge": false,
      "bumpVersions": [
        {
          "filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
          "matchStrings": ["version:\\s(?<version>[^\\s]+)"],
          "bumpType": "{{#if isPatch}}patch{{else}}minor{{/if}}"
        }
      ]
    },
    {
      "description": "Label images",
      "matchDatasources": ["docker"],
      "addLabels": ["image"],
      "automerge": false,
      "bumpVersions": [
        {
          "filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
          "matchStrings": ["version:\\s(?<version>[^\\s]+)"],
          "bumpType": "{{#if isPatch}}patch{{else}}minor{{/if}}"
        }
      ]
    },
    {
      "description": "Automerge generic-device-plugin image on digest",
      "matchDatasources": ["docker"],
      "matchDepNames": ["ghcr.io/squat/generic-device-plugin"],
      "matchUpdateTypes": ["digest"],
      "addLabels": ["image", "automerge"],
      "automerge": true,
      "minimumReleaseAge": "1 days",
      "bumpVersions": [
        {
          "filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
          "matchStrings": ["version:\\s(?<version>[^\\s]+)"],
          "bumpType": "patch"
        }
      ]
    }
  ]
 }
		`@@ -1,2 +0,0 @@`
			`# This file is processed by Renovate bot so that it creates a PR on new major Renovate versions`
			`FROM renovate/renovate:37`