change release

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.gitea/workflows/lint-test.yaml

@@ -16,22 +16,23 @@ jobs:
         with:
           version: latest
 
-      - uses: actions/setup-python@v5
+      - name: Set up Python
+        uses: actions/setup-python@v5
         with:
           python-version: "3.13"
           check-latest: true
 
-      - name: Set up chart-testing
+      - name: Set up Chart Testing
-        uses: helm/chart-testing-action@v2.6.1
+        uses: helm/chart-testing-action@v2.7.0
 
-      - name: Run chart-testing (list-changed)
+      - name: Run Chart Testing (list-changed)
         id: list-changed
         run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
           if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
+            echo "changed=true" >> $GITHUB_OUTPUT
           fi
 
-      - name: Run chart-testing (lint)
+      - name: Run Chart Testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+        run: ct lint --target-branch ${{ gitea.event.repository.default_branch }}

.gitea/workflows/release-charts-cloudflared.yml

@@ -0,0 +1,57 @@
+name: release-charts-cloudflared
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/cloudflared/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/cloudflared"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}

.gitea/workflows/release-charts-generic-device-plugin.yml

@@ -0,0 +1,57 @@
+name: release-charts-generic-device-plugin
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/generic-device-plugin/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/generic-device-plugin"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}

.gitea/workflows/release-charts-postgres-cluster.yml

@@ -0,0 +1,57 @@
+name: release-charts-postgres-cluster
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/postgres-cluster/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/postgres-cluster"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}

.github/renovate-update-notification/Dockerfile

@@ -1,2 +0,0 @@
-# This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
-FROM renovate/renovate:39

.github/workflows/release-charts.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+    paths:
+      - "charts/**"
 
 jobs:
   release:
@@ -22,6 +24,6 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

charts/cloudflared/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: cloudflared
-version: 1.12.3
+version: 1.14.5
 description: Cloudflared Tunnel
 keywords:
   - cloudflare
@@ -13,6 +13,6 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s.github.io/helm-charts/
-    version: 3.6.0
+    version: 3.7.3
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
-appVersion: "2024.12.2"
+appVersion: "2025.4.0"

charts/cloudflared/README.md

@@ -1,6 +1,6 @@
 # cloudflared
 
-![Version: 1.12.3](https://img.shields.io/badge/Version-1.12.3-informational?style=flat-square) ![AppVersion: 2024.12.2](https://img.shields.io/badge/AppVersion-2024.12.2-informational?style=flat-square)
+![Version: 1.14.5](https://img.shields.io/badge/Version-1.14.5-informational?style=flat-square) ![AppVersion: 2025.4.0](https://img.shields.io/badge/AppVersion-2025.4.0-informational?style=flat-square)
 
 Cloudflared Tunnel
 
@@ -19,7 +19,7 @@ Cloudflared Tunnel
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s.github.io/helm-charts/ | common | 3.6.0 |
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
 
 ## Values
 
@@ -27,9 +27,9 @@ Cloudflared Tunnel
 |-----|------|---------|-------------|
 | existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
 | existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2024.12.2"}` | Default image |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.4.0"}` | Default image |
 | name | string | `"cloudflared"` | Name override of release |
-| resources | object | `{"requests":{"cpu":"100m","memory":"128Mi"}}` | Default resources |
+| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/cloudflared/values.yaml

@@ -10,11 +10,11 @@ existingSecretKey: cf-tunnel-token
 # -- Default image
 image:
   repository: cloudflare/cloudflared
-  tag: "2024.12.2"
+  tag: "2025.4.0"
   pullPolicy: IfNotPresent
 
 # -- Default resources
 resources:
   requests:
-    cpu: 100m
+    cpu: 10m
     memory: 128Mi

charts/generic-device-plugin/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: generic-device-plugin
-version: 0.1.5
+version: 0.1.10
 description: Generic Device Plugin
 keywords:
   - generic-device-plugin
@@ -14,5 +14,5 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s.github.io/helm-charts/
-    version: 3.6.0
+    version: 3.7.3
-appVersion: 0.1.5
+appVersion: 0.1.10

charts/generic-device-plugin/README.md

@@ -1,6 +1,6 @@
 # generic-device-plugin
 
-![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![AppVersion: 0.1.5](https://img.shields.io/badge/AppVersion-0.1.5-informational?style=flat-square)
+![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![AppVersion: 0.1.10](https://img.shields.io/badge/AppVersion-0.1.10-informational?style=flat-square)
 
 Generic Device Plugin
 
@@ -19,7 +19,7 @@ Generic Device Plugin
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s.github.io/helm-charts/ | common | 3.6.0 |
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
 
 ## Values
 
@@ -28,7 +28,7 @@ Generic Device Plugin
 | config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
 | config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
 | deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
-| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest"}` | Default image |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5"}` | Default image |
 | name | string | `"generic-device-plugin"` | Name override of release |
 | resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
 | service | object | `{"listenPort":8080}` | Service port |

charts/generic-device-plugin/values.yaml

@@ -4,8 +4,8 @@ name: generic-device-plugin
 # -- Default image
 image:
   repository: ghcr.io/squat/generic-device-plugin
+  tag: latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5
   pullPolicy: Always
-  tag: latest
 
 # -- Domain used by devices for identifcation
 deviceDomain: squat.ai

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 4.1.0
+version: 4.2.1
 description: Chart for cloudnative-pg cluster
 keywords:
   - database

charts/postgres-cluster/README.md

@@ -1,6 +1,6 @@
 # postgres-cluster
 
-![Version: 4.1.0](https://img.shields.io/badge/Version-4.1.0-informational?style=flat-square) ![AppVersion: v1.25.0](https://img.shields.io/badge/AppVersion-v1.25.0-informational?style=flat-square)
+![Version: 4.2.1](https://img.shields.io/badge/Version-4.2.1-informational?style=flat-square) ![AppVersion: v1.25.0](https://img.shields.io/badge/AppVersion-v1.25.0-informational?style=flat-square)
 
 Chart for cloudnative-pg cluster
 
@@ -22,26 +22,26 @@ Chart for cloudnative-pg cluster
 | backup.backupName | string | `""` | Name of the backup cluster in the object store, defaults to "cluster.name" |
 | backup.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | backup.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| backup.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. |
+| backup.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
 | backup.destinationPath | string | `""` | S3 path starting with "s3://" |
 | backup.enabled | bool | `false` |  |
 | backup.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
 | backup.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
 | backup.endpointURL | string | `""` | S3 endpoint starting with "https://" |
 | backup.historyTags.backupRetentionPolicy | string | `""` |  |
-| backup.retentionPolicy | string | `"14d"` | Retention policy for backups |
+| backup.retentionPolicy | string | `"7d"` | Retention policy for backups |
-| backup.schedule | string | `"0 0 0 * * *"` | Scheduled backup in cron format |
+| backup.schedule | string | `"0 0 */3 * *"` | Scheduled backup in cron format |
 | backup.tags | object | `{"backupRetentionPolicy":""}` | Tags to add to backups. Add in key value beneath the type. |
 | backup.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | backup.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| backup.wal.maxParallel | int | `2` | Number of WAL files to be archived or restored in parallel. |
+| backup.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
 | bootstrap | object | `{"initdb":{}}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
 | bootstrap.initdb | object | `{}` | Example values database: app owner: app secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch postInitApplicationSQL:   - CREATE TABLE IF NOT EXISTS example; |
 | cluster.additionalLabels | object | `{}` |  |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.annotations | object | `{}` |  |
 | cluster.enableSuperuserAccess | bool | `false` | Create secret containing credentials of superuser |
-| cluster.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.2-22"}` | Default image |
+| cluster.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.4-3-bullseye"}` | Default image |
 | cluster.instances | int | `3` |  |
 | cluster.logLevel | string | `"info"` |  |
 | cluster.monitoring | object | `{"enabled":false,"podMonitor":{"enabled":true},"prometheusRule":{"enableDefaultRules":true,"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
@@ -51,16 +51,16 @@ Chart for cloudnative-pg cluster
 | cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or in-place (restart). |
 | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
 | cluster.priorityClassName | string | `""` |  |
-| cluster.resources | object | `{"limits":{"cpu":"1000m","hugepages-2Mi":"256Mi","memory":"2Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Default resources |
+| cluster.resources | object | `{"limits":{"cpu":"1","hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Default resources |
 | cluster.storage.size | string | `"10Gi"` |  |
 | cluster.storage.storageClass | string | `""` |  |
 | cluster.walStorage | object | `{"size":"2Gi","storageClass":""}` | Default storage size |
 | mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup * `replica` - Create database as a replica from another CNPG cluster |
 | nameOverride | string | `""` | Override the name of the cluster |
-| recovery | object | `{"data":{"compression":"snappy","encryption":"","jobs":2},"destinationPath":"","endpointCA":"","endpointCredentials":"","endpointURL":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryInstanceName":"","recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":2}}` | Recovery settings when booting cluster from external cluster |
+| recovery | object | `{"data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","endpointCA":"","endpointCredentials":"","endpointURL":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryInstanceName":"","recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":1}}` | Recovery settings when booting cluster from external cluster |
 | recovery.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | recovery.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| recovery.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. |
+| recovery.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
 | recovery.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
 | recovery.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
 | recovery.endpointURL | string | `""` | S3 https endpoint and the s3:// path |
@@ -70,7 +70,7 @@ Chart for cloudnative-pg cluster
 | recovery.recoveryServerName | string | `""` | Name of the recovery cluster in the object store, defaults to "cluster.name" |
 | recovery.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | recovery.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| recovery.wal.maxParallel | int | `2` | Number of WAL files to be archived or restored in parallel. |
+| recovery.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
 | replica.externalCluster | object | `{"connectionParameters":{"dbname":"app","host":"postgresql","user":"app"},"password":{"key":"password","name":"postgresql"}}` | External cluster connection, password specifies a secret name and the key containing the password value |
 | replica.importDatabases | list | `["app"]` | If type microservice only one database is allowed, default is app as standard in cnpg clusters |
 | replica.importRoles | list | `[]` | If type microservice no roles are imported and ignored |

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -14,10 +14,10 @@ spec:
     - name: cloudnative-pg/{{ include "cluster.name" . }}
       rules:
         {{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
-        {{- $_ := set $dict "value"       "{{ $value }}" -}}
+        {{- $_ := set $dict "value"       "{{`{{`}} $value {{`}}`}}" -}}
         {{- $_ := set $dict "namespace"   .Release.Namespace -}}
         {{- $_ := set $dict "cluster"     (printf "%s-cluster" (include "cluster.name" .) ) -}}
-        {{- $_ := set $dict "labels"      (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
+        {{- $_ := set $dict "labels"      (dict "job" "{{`{{`}} $labels.job {{`}}`}}" "node" "{{`{{`}} $labels.node {{`}}`}}" "pod" "{{`{{`}} $labels.pod {{`}}`}}") -}}
         {{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
         {{- $_ := set $dict "Values"      .Values -}}
         {{- $_ := set $dict "Template"    .Template -}}
@@ -32,7 +32,7 @@ spec:
       rules:
         - alert: LongRunningTransaction
           annotations:
-            description: Pod {{ $labels.pod }} is taking more than 5 minutes (300 seconds) for a query.
+            description: Pod {{`{{`}} $labels.pod {{`}}`}} is taking more than 5 minutes (300 seconds) for a query.
             summary: A query is taking longer than 5 minutes.
           expr: |-
             cnpg_backends_max_tx_duration_seconds > 300
@@ -41,7 +41,7 @@ spec:
             severity: warning
         - alert: BackendsWaiting
           annotations:
-            description: Pod {{ $labels.pod  }} has been waiting for longer than 5 minutes
+            description: Pod {{`{{`}} $labels.pod {{`}}`}} has been waiting for longer than 5 minutes
             summary: If a backend is waiting for longer than 5 minutes
           expr: |-
             cnpg_backends_waiting_total > 300
@@ -50,7 +50,7 @@ spec:
             severity: warning
         - alert: PGDatabaseXidAge
           annotations:
-            description: Over 300,000,000 transactions from frozen xid on pod {{ $labels.pod  }}
+            description: Over 300,000,000 transactions from frozen xid on pod {{`{{`}} $labels.pod {{`}}`}}
             summary: Number of transactions from the frozen XID to the current one
           expr: |-
             cnpg_pg_database_xid_age > 300000000
@@ -68,7 +68,7 @@ spec:
             severity: warning
         - alert: LastFailedArchiveTime
           annotations:
-            description: Archiving failed for {{ $labels.pod }}
+            description: Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
             summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
           expr: |-
             (cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
@@ -77,7 +77,7 @@ spec:
             severity: warning
         - alert: DatabaseDeadlockConflicts
           annotations:
-            description: There are over 10 deadlock conflicts in {{ $labels.pod }}
+            description: There are over 10 deadlock conflicts in {{`{{`}} $labels.pod {{`}}`}}
             summary: Checks the number of database conflicts
           expr: |-
             cnpg_pg_stat_database_deadlocks > 10
@@ -86,7 +86,7 @@ spec:
             severity: warning
         - alert: ReplicaFailingReplication
           annotations:
-            description: Replica {{ $labels.pod }} is failing to replicate
+            description: Replica {{`{{`}} $labels.pod {{`}}`}} is failing to replicate
             summary: Checks if the replica is failing to replicate
           expr: |-
             cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up

charts/postgres-cluster/values.yaml

@@ -20,7 +20,7 @@ cluster:
   # -- Default image
   image:
     repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "17.2-22"
+    tag: "17.4-3-bullseye"
     pullPolicy: IfNotPresent
 
   # -- The UID and GID of the postgres user inside the image
@@ -44,8 +44,7 @@ cluster:
       memory: 256Mi
       cpu: 100m
     limits:
-      memory: 2Gi
+      cpu: '1'
-      cpu: 1000m
       hugepages-2Mi: 256Mi
 
   # -- See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
@@ -130,14 +129,14 @@ recovery:
     # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
     # -- Number of WAL files to be archived or restored in parallel.
-    maxParallel: 2
+    maxParallel: 1
   data:
     # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
     # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
     # -- Number of data files to be archived or restored in parallel.
-    jobs: 2
+    jobs: 1
 
 replica:
   # -- See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types
@@ -198,17 +197,17 @@ backup:
     # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
     # -- Number of WAL files to be archived or restored in parallel.
-    maxParallel: 2
+    maxParallel: 1
   data:
     # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
     compression: snappy
     # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
     encryption: ""
     # -- Number of data files to be archived or restored in parallel.
-    jobs: 2
+    jobs: 1
 
   # -- Retention policy for backups
-  retentionPolicy: "14d"
+  retentionPolicy: "7d"
 
   # -- Scheduled backup in cron format
-  schedule: "0 0 0 * * *"
+  schedule: "0 0 */3 * *"

renovate.json

@@ -6,32 +6,18 @@
         ":rebaseStalePrs"
     ],
     "timezone": "US/Central",
+    "schedule": [ "* */1 * * *" ],
     "labels": [],
+    "prHourlyLimit": 0,
+    "prConcurrentLimit": 0,
     "packageRules": [
         {
-            "description": "Disables for non major Renovate version",
+            "description": "Label charts",
-            "matchFileNames": [
+            "matchDatasources": [
-                ".github/renovate-update-notification/Dockerfile"
+                "helm"
-            ],
-            "matchUpdateTypes": [
-                "minor",
-                "patch",
-                "pin",
-                "digest",
-                "rollback"
-            ],
-            "enabled": false
-        },
-        {
-            "description": "Generate for major Renovate version",
-            "matchFileNames": [
-                ".github/renovate-update-notification/Dockerfile"
-            ],
-            "matchUpdateTypes": [
-                "major"
             ],
             "addLabels": [
-                "upgrade"
+                "chart"
             ],
             "automerge": false
         },
@@ -43,19 +29,21 @@
             "addLabels": [
                 "image"
             ],
-            "automerge": false,
+            "automerge": false
-            "minimumReleaseAge": "3 days"
         },
         {
-            "description": "Label charts",
+            "description": "CNPG image",
+            "matchDepNames": [
+                "ghcr.io/cloudnative-pg/postgresql"
+            ],
             "matchDatasources": [
-                "helm"
+                "docker"
             ],
             "addLabels": [
-                "chart"
+                "image"
             ],
             "automerge": false,
-            "minimumReleaseAge": "3 days"
+            "versioning": "deb"
         }
     ]
 }