update chart

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/renovate-update-notification/Dockerfile

@@ -1,2 +1,2 @@
 # This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
-FROM renovate/renovate:38
+FROM renovate/renovate:39

.github/renovate.json

@@ -6,14 +6,11 @@
         ":rebaseStalePrs"
     ],
     "timezone": "US/Central",
-    "schedule": [
-        "every weekday"
-    ],
     "labels": [],
     "packageRules": [
         {
             "description": "Disables for non major Renovate version",
-            "matchPaths": [
+            "matchFileNames": [
                 ".github/renovate-update-notification/Dockerfile"
             ],
             "matchUpdateTypes": [
@@ -27,7 +24,7 @@
         },
         {
             "description": "Generate for major Renovate version",
-            "matchPaths": [
+            "matchFileNames": [
                 ".github/renovate-update-notification/Dockerfile"
             ],
             "matchUpdateTypes": [

.github/workflows/lint-test.yaml

@@ -14,11 +14,11 @@ jobs:
       - name: Set up Helm
         uses: azure/setup-helm@v4
         with:
-          version: v3.13.3
+          version: latest
 
       - uses: actions/setup-python@v5
         with:
-          python-version: "3.10"
+          python-version: "3.13"
           check-latest: true
 
       - name: Set up chart-testing

.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.3.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: check-yaml
+        exclude: 'charts/'
+        args:
+          - --multi
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v1.14.2
+    hooks:
+      - id: helm-docs
+        args:
+          - --chart-search-root=charts
+          - --template-files=./_templates.gotmpl
+          - --template-files=README.md.gotmpl

charts/cloudflared/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: cloudflared
-version: 1.6.0
+version: 1.14.0
 description: Cloudflared Tunnel
 keywords:
   - cloudflare
@@ -13,6 +13,6 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s.github.io/helm-charts/
-    version: 3.3.2
+    version: 3.7.1
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
-appVersion: "2024.8.2"
+appVersion: "2025.2.0"

charts/cloudflared/README.md

@@ -1,16 +1,35 @@
-## Introduction
+# cloudflared
 
-[Cloudflared](https://github.com/cloudflare/cloudflared)
+![Version: 1.14.0](https://img.shields.io/badge/Version-1.14.0-informational?style=flat-square) ![AppVersion: 2025.2.0](https://img.shields.io/badge/AppVersion-2025.2.0-informational?style=flat-square)
 
-Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins.
+Cloudflared Tunnel
 
-This chart bootstraps a [Cloudflared](https://github.com/cloudflare/cloudflared) tunnel on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+## Maintainers
 
-## Prerequisites
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
 
-- Kubernetes
+## Source Code
-- Helm
 
-## Parameters
+* <https://github.com/cloudflare/cloudflared>
+* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
 
-See the [values files](values.yaml).
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
+| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.2.0"}` | Default image |
+| name | string | `"cloudflared"` | Name override of release |
+| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/cloudflared/values.yaml

@@ -1,11 +1,20 @@
+# -- Name override of release
 name: cloudflared
+
+# -- Name of existing secret that contains Cloudflare token
 existingSecretName: cloudflared-secret
+
+# -- Name of key that contains the token in the existingSecret
 existingSecretKey: cf-tunnel-token
+
+# -- Default image
 image:
   repository: cloudflare/cloudflared
-  tag: "2024.8.2"
+  tag: "2025.2.0"
   pullPolicy: IfNotPresent
+
+# -- Default resources
 resources:
   requests:
-    cpu: 100m
+    cpu: 10m
     memory: 128Mi

charts/generic-device-plugin/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: generic-device-plugin
+version: 0.1.7
+description: Generic Device Plugin
+keywords:
+  - generic-device-plugin
+  - device
+  - plugin
+sources:
+  - https://github.com/squat/generic-device-plugin
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.7.1
+appVersion: 0.1.7

charts/generic-device-plugin/README.md

@@ -0,0 +1,37 @@
+# generic-device-plugin
+
+![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![AppVersion: 0.1.7](https://img.shields.io/badge/AppVersion-0.1.7-informational?style=flat-square)
+
+Generic Device Plugin
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/squat/generic-device-plugin>
+* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
+| config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
+| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821"}` | Default image |
+| name | string | `"generic-device-plugin"` | Name override of release |
+| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
+| service | object | `{"listenPort":8080}` | Service port |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/generic-device-plugin/templates/common.yaml

@@ -0,0 +1,82 @@
+{{ include "bjw-s.common.loader.init" . }}
+
+{{ define "genericDevicePlugin.hardcodedValues" }}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: daemonset
+    pod:
+      priorityClassName: system-node-critical
+      tolerations:
+        - operator: "Exists"
+          effect: "NoExecute"
+        - operator: "Exists"
+          effect: "NoSchedule"
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --config=/config/config.yaml
+        env:
+          - name: LISTEN
+            value: :{{ .Values.service.listenPort }}
+          - name: PLUGIN_DIRECTORY
+            value: /var/lib/kubelet/device-plugins
+          - name: DOMAIN
+            value: {{ .Values.deviceDomain }}
+        probes:
+          liveness:
+            type: HTTP
+            path: /health
+          readiness:
+            type: HTTP
+            path: /health
+          startup:
+            type: HTTP
+            path: /health
+        securityContext:
+          privileged: True
+configMaps:
+  config:
+    enabled: {{ .Values.config.enabled }}
+    data:
+      config.yaml: {{ toYaml .Values.config.data | nindent 8 }}
+service:
+  main:
+    controller: main
+    ports:
+      http:
+        port: {{ .Values.service.listenPort }}
+persistence:
+  config:
+    enabled: true
+    type: configMap
+    name: {{ .Values.name }}-config
+  device-plugins:
+    enabled: true
+    type: hostPath
+    hostPath: /var/lib/kubelet/device-plugins
+  dev:
+    enabled: true
+    type: hostPath
+    hostPath: /dev
+serviceMonitor:
+  main:
+    serviceName: generic-device-plugin
+    endpoints:
+      - port: http
+        scheme: http
+        path: /metrics
+        interval: 30s
+        scrapeTimeout: 10s
+{{ end }}
+{{ $_ := mergeOverwrite .Values (include "genericDevicePlugin.hardcodedValues" . | fromYaml) }}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/generic-device-plugin/values.yaml

@@ -0,0 +1,80 @@
+# -- Name override of release
+name: generic-device-plugin
+
+# -- Default image
+image:
+  repository: ghcr.io/squat/generic-device-plugin
+  tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
+  pullPolicy: Always
+
+# -- Domain used by devices for identifcation
+deviceDomain: squat.ai
+
+# -- Service port
+service:
+  listenPort: 8080
+
+# -- Default resources
+resources:
+  limit:
+    cpu: 100m
+    memory: 20Mi
+  requests:
+    cpu: 50m
+    memory: 10Mi
+
+# -- Config map
+config:
+  enabled: true
+  # -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)
+  # @default -- See [values.yaml](./values.yaml)
+  data: |
+    devices:
+      - name: serial
+        groups:
+          - paths:
+              - path: /dev/ttyUSB*
+          - paths:
+              - path: /dev/ttyACM*
+          - paths:
+              - path: /dev/tty.usb*
+          - paths:
+              - path: /dev/cu.*
+          - paths:
+              - path: /dev/cuaU*
+          - paths:
+              - path: /dev/rfcomm*
+      - name: video
+        groups:
+          - paths:
+              - path: /dev/video0
+      - name: fuse
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/fuse
+      - name: audio
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/snd
+      - name: capture
+        groups:
+          - paths:
+              - path: /dev/snd/controlC0
+              - path: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC1
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC1D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC2
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC2D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC3
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC3D0c
+                mountPath: /dev/snd/pcmC0D0c

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 3.9.0
+version: 4.1.4
 description: Chart for cloudnative-pg cluster
 keywords:
   - database
@@ -10,4 +10,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.23.3
+appVersion: v1.25.0

charts/postgres-cluster/README.md

@@ -1,17 +1,82 @@
-## Introduction
+# postgres-cluster
 
-[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
+![Version: 4.1.4](https://img.shields.io/badge/Version-4.1.4-informational?style=flat-square) ![AppVersion: v1.25.0](https://img.shields.io/badge/AppVersion-v1.25.0-informational?style=flat-square)
 
-CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
+Chart for cloudnative-pg cluster
 
-This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+## Maintainers
 
-## Prerequisites
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
 
-- Kubernetes
+## Source Code
-- Helm
-- CloudNative PG Operator
 
-## Parameters
+* <https://github.com/cloudnative-pg/cloudnative-pg>
 
-See the [values files](values.yaml).
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| backup.backupIndex | int | `1` | Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}" |
+| backup.backupName | string | `""` | Name of the backup cluster in the object store, defaults to "cluster.name" |
+| backup.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backup.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backup.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| backup.destinationPath | string | `""` | S3 path starting with "s3://" |
+| backup.enabled | bool | `false` |  |
+| backup.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
+| backup.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| backup.endpointURL | string | `""` | S3 endpoint starting with "https://" |
+| backup.historyTags.backupRetentionPolicy | string | `""` |  |
+| backup.retentionPolicy | string | `"7d"` | Retention policy for backups |
+| backup.schedule | string | `"0 0 */3 * *"` | Scheduled backup in cron format |
+| backup.tags | object | `{"backupRetentionPolicy":""}` | Tags to add to backups. Add in key value beneath the type. |
+| backup.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| backup.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| backup.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| bootstrap | object | `{"initdb":{}}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
+| bootstrap.initdb | object | `{}` | Example values database: app owner: app secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch postInitApplicationSQL:   - CREATE TABLE IF NOT EXISTS example; |
+| cluster.additionalLabels | object | `{}` |  |
+| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
+| cluster.annotations | object | `{}` |  |
+| cluster.enableSuperuserAccess | bool | `false` | Create secret containing credentials of superuser |
+| cluster.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.2-22"}` | Default image |
+| cluster.instances | int | `3` |  |
+| cluster.logLevel | string | `"info"` |  |
+| cluster.monitoring | object | `{"enabled":false,"podMonitor":{"enabled":true},"prometheusRule":{"enableDefaultRules":true,"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
+| cluster.postgresGID | int | `26` |  |
+| cluster.postgresUID | int | `26` | The UID and GID of the postgres user inside the image |
+| cluster.postgresql | object | `{"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"shared_preload_libraries":[]}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
+| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or in-place (restart). |
+| cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
+| cluster.priorityClassName | string | `""` |  |
+| cluster.resources | object | `{"limits":{"cpu":"1","hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Default resources |
+| cluster.storage.size | string | `"10Gi"` |  |
+| cluster.storage.storageClass | string | `""` |  |
+| cluster.walStorage | object | `{"size":"2Gi","storageClass":""}` | Default storage size |
+| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup * `replica` - Create database as a replica from another CNPG cluster |
+| nameOverride | string | `""` | Override the name of the cluster |
+| recovery | object | `{"data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","endpointCA":"","endpointCredentials":"","endpointURL":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryInstanceName":"","recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":1}}` | Recovery settings when booting cluster from external cluster |
+| recovery.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
+| recovery.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
+| recovery.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| recovery.endpointURL | string | `""` | S3 https endpoint and the s3:// path |
+| recovery.pitrTarget | object | `{"time":""}` | Point in time recovery target in RFC3339 format |
+| recovery.recoveryIndex | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }} |
+| recovery.recoveryInstanceName | string | `""` | Name of the recovery cluster in the object store, defaults to ".Release.Name" |
+| recovery.recoveryServerName | string | `""` | Name of the recovery cluster in the object store, defaults to "cluster.name" |
+| recovery.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
+| recovery.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
+| recovery.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
+| replica.externalCluster | object | `{"connectionParameters":{"dbname":"app","host":"postgresql","user":"app"},"password":{"key":"password","name":"postgresql"}}` | External cluster connection, password specifies a secret name and the key containing the password value |
+| replica.importDatabases | list | `["app"]` | If type microservice only one database is allowed, default is app as standard in cnpg clusters |
+| replica.importRoles | list | `[]` | If type microservice no roles are imported and ignored |
+| replica.importType | string | `"microservice"` | See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types * `microservice` - Single database import as expected from cnpg clusters * `monolith` - Import multiple databases and roles |
+| replica.postImportApplicationSQL | list | `[]` | If import type is monolith postImportApplicationSQL is not supported and ignored |
+| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` * `timescaledb` * `tensorchord` |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/postgres-cluster/templates/_backup.tpl

@@ -11,6 +11,14 @@ backup:
       key: ca-bundle.crt
     {{- end }}
     serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
+    tags:
+      {{- with .Values.backup.tags }}
+      {{- . | toYaml | nindent 6 }}
+      {{- end }}
+    historyTags:
+      {{- with .Values.backup.historyTags }}
+      {{- . | toYaml | nindent 6 }}
+      {{- end }}
     s3Credentials:
       accessKeyId:
         name: {{ include "cluster.backupCredentials" . }}

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -2,12 +2,15 @@
 bootstrap:
 {{- if eq .Values.mode "standalone" }}
   initdb:
-    {{- with .Values.cluster.initdb }}
+    {{- with .Values.bootstrap.initdb }}
     {{- with (omit . "postInitApplicationSQL") }}
     {{- . | toYaml | nindent 4 }}
     {{- end }}
     {{- end }}
-    {{- if or (eq .Values.type "postgis") (eq .Values.type "timescaledb") (.Values.cluster.initdb.postInitApplicationSQL) }}
+    {{- if eq .Values.type "tensorchord" }}
+    dataChecksums: true
+    {{- end }}
+    {{- if or (eq .Values.type "postgis") (eq .Values.type "timescaledb") (eq .Values.type "tensorchord") (.Values.bootstrap.initdb.postInitApplicationSQL) }}
     postInitApplicationSQL:
       {{- if eq .Values.type "postgis" }}
       - CREATE EXTENSION IF NOT EXISTS postgis;
@@ -16,8 +19,17 @@ bootstrap:
       - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
       {{- else if eq .Values.type "timescaledb" }}
       - CREATE EXTENSION IF NOT EXISTS timescaledb;
+      {{- else if eq .Values.type "tensorchord" }}
+      - ALTER SYSTEM SET search_path TO "$user", public, vectors;
+      - SET search_path TO "$user", public, vectors;
+      - CREATE EXTENSION IF NOT EXISTS "vectors";
+      - CREATE EXTENSION IF NOT EXISTS "cube";
+      - CREATE EXTENSION IF NOT EXISTS "earthdistance";
+      - ALTER SCHEMA vectors OWNER TO "app";
+      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "app";
+      - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "app";
       {{- end }}
-      {{- with .Values.cluster.initdb }}
+      {{- with .Values.bootstrap.initdb }}
       {{- range .postInitApplicationSQL }}
       {{- printf "- %s" . | nindent 6 }}
       {{- end }}
@@ -49,6 +61,11 @@ bootstrap:
       {{- end }}
       source:
         externalCluster: "{{ include "cluster.name" . }}-cluster"
+    {{- with .Values.bootstrap.initdb }}
+    {{- with (omit . "postInitApplicationSQL") }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+    {{- end }}
 externalClusters:
   - name: "{{ include "cluster.name" . }}-cluster"
     {{- with .Values.replica.externalCluster }}

charts/postgres-cluster/templates/cluster.yaml

@@ -18,6 +18,7 @@ spec:
   imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
   postgresUID: {{ .Values.cluster.postgresUID }}
   postgresGID: {{ .Values.cluster.postgresGID }}
+  enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
   walStorage:
     size: {{ .Values.cluster.walStorage.size }}
     storageClass: {{ .Values.cluster.walStorage.storageClass }}
@@ -43,6 +44,15 @@ spec:
     shared_preload_libraries:
       - timescaledb
     {{- end }}
+    {{- if eq .Values.type "tensorchord" }}
+    shared_preload_libraries:
+      - vectors.so
+    enableAlterSystem: true
+    {{- end }}
+    {{- with .Values.cluster.postgresql.shared_preload_libraries }}
+    shared_preload_libraries:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
     {{- with .Values.cluster.postgresql.parameters }}
     parameters:
       {{- toYaml . | nindent 6 }}
@@ -51,4 +61,5 @@ spec:
     enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
 
   {{ include "cluster.bootstrap" . | nindent 2 }}
+
   {{ include "cluster.backup" . | nindent 2 }}

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -14,10 +14,10 @@ spec:
     - name: cloudnative-pg/{{ include "cluster.name" . }}
       rules:
         {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
-        {{- $_ := set $dict "value"       "{{ $value }}" -}}
+        {{- $_ := set $dict "value"       "{{`{{`}} $value {{`}}`}}" -}}
         {{- $_ := set $dict "namespace"   .Release.Namespace -}}
         {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
-        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{`{{`}} $labels.job {{`}}`}}" "node" "{{`{{`}} $labels.node {{`}}`}}" "pod" "{{`{{`}} $labels.pod {{`}}`}}") -}}
         {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
         {{- $_ := set $dict "Values"      .Values -}}
         {{- $_ := set $dict "Template"    .Template -}}
@@ -27,4 +27,71 @@ spec:
         - {{ $tpl }}
         {{- end -}}
         {{- end -}}
+    {{- if .Values.cluster.monitoring.prometheusRule.enableDefaultRules }}
+    - name: cloudnative-pg/default-rules
+      rules:
+        - alert: LongRunningTransaction
+          annotations:
+            description: Pod {{`{{`}} $labels.pod {{`}}`}} is taking more than 5 minutes (300 seconds) for a query.
+            summary: A query is taking longer than 5 minutes.
+          expr: |-
+            cnpg_backends_max_tx_duration_seconds > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: BackendsWaiting
+          annotations:
+            description: Pod {{`{{`}} $labels.pod {{`}}`}} has been waiting for longer than 5 minutes
+            summary: If a backend is waiting for longer than 5 minutes
+          expr: |-
+            cnpg_backends_waiting_total > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: PGDatabaseXidAge
+          annotations:
+            description: Over 300,000,000 transactions from frozen xid on pod {{`{{`}} $labels.pod {{`}}`}}
+            summary: Number of transactions from the frozen XID to the current one
+          expr: |-
+            cnpg_pg_database_xid_age > 300000000
+          for: 1m
+          labels:
+            severity: warning
+        - alert: PGReplication
+          annotations:
+            description: Standby is lagging behind by over 300 seconds (5 minutes)
+            summary: The standby is lagging behind the primary
+          expr: |-
+            cnpg_pg_replication_lag > 300
+          for: 1m
+          labels:
+            severity: warning
+        - alert: LastFailedArchiveTime
+          annotations:
+            description: Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
+            summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
+          expr: |-
+            (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
+          for: 1m
+          labels:
+            severity: warning
+        - alert: DatabaseDeadlockConflicts
+          annotations:
+            description: There are over 10 deadlock conflicts in {{`{{`}} $labels.pod {{`}}`}}
+            summary: Checks the number of database conflicts
+          expr: |-
+            cnpg_pg_stat_database_deadlocks > 10
+          for: 1m
+          labels:
+            severity: warning
+        - alert: ReplicaFailingReplication
+          annotations:
+            description: Replica {{`{{`}} $labels.pod {{`}}`}} is failing to replicate
+            summary: Checks if the replica is failing to replicate
+          expr: |-
+            cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
+          for: 1m
+          labels:
+            severity: warning
+    {{- end }}
 {{ end }}

charts/postgres-cluster/values.yaml

@@ -1,15 +1,14 @@
 # -- Override the name of the cluster
 nameOverride: ""
 
-###
 # -- Type of the CNPG database. Available types:
 # * `postgresql`
 # * `postgis`
 # * `timescaledb`
+# * `tensorchord`
 type: postgresql
 
-###
+# -- Cluster mode of operation. Available modes:
-# Cluster mode of operation. Available modes:
 # * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
 # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
 # * `replica` - Create database as a replica from another CNPG cluster
@@ -18,15 +17,20 @@ mode: standalone
 cluster:
   instances: 3
 
+  # -- Default image
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "16.4"
+    tag: "17.2-22"
     pullPolicy: IfNotPresent
 
-  # The UID and GID of the postgres user inside the image
+  # -- The UID and GID of the postgres user inside the image
   postgresUID: 26
   postgresGID: 26
 
+  # -- Create secret containing credentials of superuser
+  enableSuperuserAccess: false
+
+  # -- Default storage size
   walStorage:
     size: 2Gi
     storageClass: ""
@@ -34,116 +38,123 @@ cluster:
     size: 10Gi
     storageClass: ""
 
+  # -- Default resources
   resources:
     requests:
       memory: 256Mi
-      cpu: 10m
+      cpu: 100m
     limits:
-      memory: 1Gi
+      cpu: '1'
-      cpu: 800m
       hugepages-2Mi: 256Mi
 
-  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
+  # -- See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
   affinity:
     enablePodAntiAffinity: true
     topologyKey: kubernetes.io/hostname
 
   additionalLabels: {}
   annotations: {}
-
   priorityClassName: ""
 
-  # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
   # successfully updated. It can be switchover (default) or in-place (restart).
   primaryUpdateMethod: switchover
 
-  # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
+  # -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
   # successfully updated: it can be automated (unsupervised - default) or manual (supervised)
   primaryUpdateStrategy: unsupervised
 
   logLevel: "info"
 
+  # -- Enable default monitoring and alert rules
   monitoring:
     enabled: false
     podMonitor:
       enabled: true
     prometheusRule:
       enabled: false
+      enableDefaultRules: true
       excludeRules: []
 
+  # -- Parameters to be set for the database itself
   # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
   postgresql:
     parameters:
       shared_buffers: 128MB
       max_slot_wal_keep_size: 2000MB
       hot_standby_feedback: "on"
+    shared_preload_libraries: []
 
-  # BootstrapInitDB is the configuration of the bootstrap process when initdb is used.
+# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
-  # See: https://cloudnative-pg.io/documentation/current/bootstrap/
+# See: https://cloudnative-pg.io/documentation/current/bootstrap/
-  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
+# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
+bootstrap:
+  # -- Example values
+  # database: app
+  # owner: app
+  # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
+  # postInitApplicationSQL:
+  #   - CREATE TABLE IF NOT EXISTS example;
   initdb: {}
-    # database: app
-    # owner: app
-    # secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
-    # postInitApplicationSQL:
-    #   - CREATE TABLE IF NOT EXISTS example;
 
+# -- Recovery settings when booting cluster from external cluster
 recovery:
-  # Point in time recovery target in RFC3339 format
+
+  # -- Point in time recovery target in RFC3339 format
   pitrTarget:
     time: ""
 
-  # S3 https endpoint and the s3:// path
+  # -- S3 https endpoint and the s3:// path
   endpointURL: ""
   destinationPath: ""
 
-  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  # -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
   endpointCA: ""
 
-  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
   endpointCredentials: ""
 
-  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
+  # -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
   recoveryIndex: 1
 
-  # Name of the recovery cluster in the object store, defaults to "cluster.name"
+  # -- Name of the recovery cluster in the object store, defaults to "cluster.name"
   recoveryServerName: ""
 
-  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
+  # -- Name of the recovery cluster in the object store, defaults to ".Release.Name"
   recoveryInstanceName: ""
 
   wal:
-    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
-    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
-    # Number of WAL files to be archived or restored in parallel.
+    # -- Number of WAL files to be archived or restored in parallel.
-    maxParallel: 2
+    maxParallel: 1
   data:
-    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
-    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
-    # Number of data files to be archived or restored in parallel.
+    # -- Number of data files to be archived or restored in parallel.
-    jobs: 2
+    jobs: 1
 
 replica:
-  # See https://cloudnative-pg.io/documentation/current/database_import/
+  # -- See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types
   # * `microservice` - Single database import as expected from cnpg clusters
   # * `monolith` - Import multiple databases and roles
   importType: microservice
 
-  # If type microservice only one database is allowed, default is app as standard in cnpg clusters
+  # -- If type microservice only one database is allowed, default is app as standard in cnpg clusters
   importDatabases:
     - app
 
-  # If type microservice no roles are imported and ignored
+  # -- If type microservice no roles are imported and ignored
   importRoles: []
 
-  # If import type is monolith postImportApplicationSQL is not supported and ignored
+  # -- If import type is monolith postImportApplicationSQL is not supported and ignored
   postImportApplicationSQL: []
 
-  # External cluster connection, password specifies a secret name and the key containing the password value
+  # -- External cluster connection, password specifies a secret name and the key containing the password value
   externalCluster:
     connectionParameters:
       host: postgresql
@@ -156,41 +167,47 @@ replica:
 backup:
   enabled: false
 
-  # S3 endpoint starting with "https://"
+  # -- S3 endpoint starting with "https://"
   endpointURL: ""
 
-  # S3 path starting with "s3://"
+  # -- S3 path starting with "s3://"
   destinationPath: ""
 
-  # Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
+  # -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
   endpointCA: ""
 
-  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
   endpointCredentials: ""
 
-  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
+  # -- Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
   backupIndex: 1
 
-  # Name of the backup cluster in the object store, defaults to "cluster.name"
+  # -- Name of the backup cluster in the object store, defaults to "cluster.name"
   backupName: ""
 
+  # -- Tags to add to backups. Add in key value beneath the type.
+  tags:
+    backupRetentionPolicy: ""
+  historyTags:
+    backupRetentionPolicy: ""
+
   wal:
-    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
-    # Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
-    # Number of WAL files to be archived or restored in parallel.
+    # -- Number of WAL files to be archived or restored in parallel.
-    maxParallel: 2
+    maxParallel: 1
   data:
-    # Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
-    # Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
-    # Number of data files to be archived or restored in parallel.
+    # -- Number of data files to be archived or restored in parallel.
-    jobs: 2
+    jobs: 1
 
-  # Retention policy for backups
+  # -- Retention policy for backups
-  retentionPolicy: "30d"
+  retentionPolicy: "7d"
 
-  # Scheduled backup in cron format
+  # -- Scheduled backup in cron format
-  schedule: "0 0 0 * * *"
+  schedule: "0 0 */3 * *"