release chart

add release workflow
add gitea actions
2025-06-06 14:14:54 -05:00 · 2025-06-06 14:07:50 -05:00 · 2025-06-06 14:05:44 -05:00 · 2025-06-04 21:08:11 -05:00 · 2025-06-04 21:03:47 -05:00 · 2025-05-29 16:40:26 -05:00
30 changed files with 927 additions and 348 deletions
--- a/.gitea/workflows/release-charts-cloudflared.yml
+++ b/.gitea/workflows/release-charts-cloudflared.yml
@@ -55,3 +55,12 @@ jobs:
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: Actions Ntfy
        run: |
          curl \
            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
            -H "Content-Type: text/plain" \
            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
            ${{ secrets.NTFY_URL }}
--- a/.gitea/workflows/release-charts-generic-device-plugin.yml
+++ b/.gitea/workflows/release-charts-generic-device-plugin.yml
@@ -55,3 +55,12 @@ jobs:
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: Actions Ntfy
        run: |
          curl \
            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
            -H "Content-Type: text/plain" \
            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
            ${{ secrets.NTFY_URL }}
--- a/.gitea/workflows/release-charts-gitea-actions.yml
+++ b/.gitea/workflows/release-charts-gitea-actions.yml
@@ -0,0 +1,66 @@
 name: release-charts-gitea-actions
 on:
  push:
    branches:
      - main
    paths:
      - "charts/gitea-actions/**"
  workflow_dispatch:
 env:
  WORKFLOW_DIR: "charts/gitea-actions"
 jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Helm
        uses: azure/setup-helm@v4
        with:
          token: ${{ secrets.GITEA_TOKEN }}
          version: latest
      - name: Package Helm Chart
        run: |
          cd $WORKFLOW_DIR
          helm dependency build
          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
      - name: Publish Helm Chart to Harbor
        run: |
          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
      - name: Publish Helm Chart to Gitea
        run: |
          helm plugin install https://github.com/chartmuseum/helm-push
          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
      - name: Extract Chart Metadata
        run: |
          cd $WORKFLOW_DIR
          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
      - name: Release Helm Chart
        uses: akkuman/gitea-release-action@v1
        with:
          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: Actions Ntfy
        run: |
          curl \
            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
            -H "Content-Type: text/plain" \
            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
            ${{ secrets.NTFY_URL }}
--- a/.gitea/workflows/release-charts-postgres-cluster.yml
+++ b/.gitea/workflows/release-charts-postgres-cluster.yml
@@ -55,3 +55,12 @@ jobs:
          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
          files: |-
            ${{ env.PACKAGE_PATH }}
      - name: Actions Ntfy
        run: |
          curl \
            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
            -H "Content-Type: text/plain" \
            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
            ${{ secrets.NTFY_URL }}
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -0,0 +1,30 @@
 name: renovate
 on:
  schedule:
    - cron: "@daily"
  push:
    branches:
      - main
  workflow_dispatch:
 jobs:
  renovate:
    runs-on: ubuntu-latest
    container: ghcr.io/renovatebot/renovate:40
    steps:
      - uses: actions/checkout@v4
      - run: renovate
        env:
          RENOVATE_PLATFORM: gitea
          RENOVATE_AUTODISCOVER: true
          RENOVATE_ONBOARDING: true
          RENOVATE_ENDPOINT: http://gitea-http.gitea:3000
          RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
          LOG_LEVEL: debug
          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
          RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
          RENOVATE_REDIS_URL: redis://gitea-renovate-valkey-primary.gitea:6379
--- a/charts/cloudflared/Chart.yaml
+++ b/charts/cloudflared/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: cloudflared
-version: 1.14.7
+version: 1.15.0
 description: Cloudflared Tunnel
 keywords:
  - cloudflare
@@ -13,6 +13,6 @@ maintainers:
 dependencies:
  - name: common
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 3.7.3
+    version: 4.0.1
 icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
-appVersion: "2025.4.2"
+appVersion: "2025.5.0"
--- a/charts/cloudflared/README.md
+++ b/charts/cloudflared/README.md
@@ -1,6 +1,6 @@
 # cloudflared
-![Version: 1.14.7](https://img.shields.io/badge/Version-1.14.7-informational?style=flat-square) ![AppVersion: 2025.4.2](https://img.shields.io/badge/AppVersion-2025.4.2-informational?style=flat-square)
+![Version: 1.15.0](https://img.shields.io/badge/Version-1.15.0-informational?style=flat-square) ![AppVersion: 2025.5.0](https://img.shields.io/badge/AppVersion-2025.5.0-informational?style=flat-square)
 Cloudflared Tunnel
@@ -19,7 +19,7 @@ Cloudflared Tunnel
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 3.7.3 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
 ## Values
@@ -27,7 +27,7 @@ Cloudflared Tunnel
 |-----|------|---------|-------------|
 | existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
 | existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.4.2"}` | Default image |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.5.0"}` | Default image |
 | name | string | `"cloudflared"` | Name override of release |
 | resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
--- a/charts/cloudflared/values.yaml
+++ b/charts/cloudflared/values.yaml
@@ -10,7 +10,7 @@ existingSecretKey: cf-tunnel-token
 # -- Default image
 image:
  repository: cloudflare/cloudflared
-  tag: "2025.4.2"
+  tag: "2025.5.0"
  pullPolicy: IfNotPresent
 # -- Default resources
--- a/charts/generic-device-plugin/Chart.yaml
+++ b/charts/generic-device-plugin/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: generic-device-plugin
-version: 0.1.10
+version: 0.2.0
 description: Generic Device Plugin
 keywords:
  - generic-device-plugin
@@ -13,6 +13,6 @@ maintainers:
  - name: alexlebens
 dependencies:
  - name: common
-    repository: https://bjw-s.github.io/helm-charts/
+    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 3.7.3
+    version: 4.0.1
-appVersion: 0.1.10
+appVersion: 0.2.0
--- a/charts/generic-device-plugin/README.md
+++ b/charts/generic-device-plugin/README.md
@@ -1,6 +1,6 @@
 # generic-device-plugin
-![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![AppVersion: 0.1.10](https://img.shields.io/badge/AppVersion-0.1.10-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square)
 Generic Device Plugin
@@ -19,7 +19,7 @@ Generic Device Plugin
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
 ## Values
--- a/charts/gitea-actions/Chart.yaml
+++ b/charts/gitea-actions/Chart.yaml
@@ -0,0 +1,15 @@
 apiVersion: v2
 name: gitea-actions
 version: 0.1.0
 description: Gitea Actions
 keywords:
  - cicd
  - runner
  - actions
 sources:
  - https://gitea.com/gitea/helm-actions
  - https://gitea.com/gitea/act
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
 appVersion: 0.261.3
--- a/charts/gitea-actions/LICENSE
+++ b/charts/gitea-actions/LICENSE
@@ -0,0 +1,18 @@
 MIT License
 Copyright (c) 2025 gitea
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
 associated documentation files (the "Software"), to deal in the Software without restriction, including
 without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
 following conditions:
 The above copyright notice and this permission notice shall be included in all copies or substantial
 portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
 LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
 EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/charts/gitea-actions/README.md
+++ b/charts/gitea-actions/README.md
@@ -0,0 +1,71 @@
 # gitea-actions
 ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 0.261.3](https://img.shields.io/badge/AppVersion-0.261.3-informational?style=flat-square)
 Gitea Actions
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | alexlebens |  |  |
 ## Source Code
 * <https://gitea.com/gitea/helm-actions>
 * <https://gitea.com/gitea/act>
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | enabled | bool | `false` |  |
 | existingSecret | string | `""` |  |
 | existingSecretKey | string | `""` |  |
 | giteaRootURL | string | `""` |  |
 | global.fullnameOverride | string | `""` |  |
 | global.imageRegistry | string | `""` |  |
 | global.nameOverride | string | `""` |  |
 | global.storageClass | string | `""` |  |
 | image.digest | string | `""` |  |
 | image.fullOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.registry | string | `"docker.gitea.com"` |  |
 | image.repository | string | `"gitea"` |  |
 | image.rootless | bool | `true` |  |
 | image.tag | string | `""` |  |
 | init.image.repository | string | `"busybox"` |  |
 | init.image.tag | string | `"1.37.0"` |  |
 | persistence.accessModes[0] | string | `"ReadWriteOnce"` |  |
 | persistence.annotations."helm.sh/resource-policy" | string | `"keep"` |  |
 | persistence.claimName | string | `"gitea-shared-storage"` |  |
 | persistence.create | bool | `true` |  |
 | persistence.enabled | bool | `true` |  |
 | persistence.labels | object | `{}` |  |
 | persistence.mount | bool | `true` |  |
 | persistence.size | string | `"10Gi"` |  |
 | persistence.storageClass | string | `nil` |  |
 | persistence.subPath | string | `nil` |  |
 | persistence.volumeName | string | `""` |  |
 | statefulset.actRunner.config | string | `"log:\n  level: debug\ncache:\n  enabled: false\n"` |  |
 | statefulset.actRunner.extraVolumeMounts | list | `[]` |  |
 | statefulset.actRunner.pullPolicy | string | `"IfNotPresent"` |  |
 | statefulset.actRunner.repository | string | `"gitea/act_runner"` |  |
 | statefulset.actRunner.tag | string | `"0.2.11"` |  |
 | statefulset.affinity | object | `{}` |  |
 | statefulset.annotations | object | `{}` |  |
 | statefulset.dind.extraEnvs | list | `[]` |  |
 | statefulset.dind.extraVolumeMounts | list | `[]` |  |
 | statefulset.dind.pullPolicy | string | `"IfNotPresent"` |  |
 | statefulset.dind.repository | string | `"docker"` |  |
 | statefulset.dind.tag | string | `"25.0.2-dind"` |  |
 | statefulset.extraVolumes | list | `[]` |  |
 | statefulset.labels | object | `{}` |  |
 | statefulset.nodeSelector | object | `{}` |  |
 | statefulset.persistence.size | string | `"1Gi"` |  |
 | statefulset.replicas | int | `1` |  |
 | statefulset.resources | object | `{}` |  |
 | statefulset.tolerations | list | `[]` |  |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
--- a/charts/gitea-actions/templates/_helpers.tpl
+++ b/charts/gitea-actions/templates/_helpers.tpl
@@ -0,0 +1,125 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "gitea.actions.name" -}}
 {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "gitea.actions.fullname" -}}
 {{- if .Values.global.fullnameOverride -}}
 {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.global.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "gitea.actions.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create image name and tag used by the deployment.
 */}}
 {{- define "gitea.actions.image" -}}
 {{- $fullOverride := .Values.image.fullOverride | default "" -}}
 {{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}}
 {{- $repository := .Values.image.repository -}}
 {{- $separator := ":" -}}
 {{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}}
 {{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}}
 {{- $digest := "" -}}
 {{- if .Values.image.digest }}
    {{- $digest = (printf "@%s" (.Values.image.digest | toString)) -}}
 {{- end -}}
 {{- if $fullOverride }}
    {{- printf "%s" $fullOverride -}}
 {{- else if $registry }}
    {{- printf "%s/%s%s%s%s%s" $registry $repository $separator $tag $rootless $digest -}}
 {{- else -}}
    {{- printf "%s%s%s%s%s" $repository $separator $tag $rootless $digest -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Storage Class
 */}}
 {{- define "gitea.actions.persistence.storageClass" -}}
 {{- $storageClass :=  (tpl ( default "" .Values.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
 {{- if $storageClass }}
 storageClassName: {{ $storageClass | quote }}
 {{- end }}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "gitea.actions.labels" -}}
 helm.sh/chart: {{ include "gitea.actions.chart" . }}
 app: {{ include "gitea.actions.name" . }}
 {{ include "gitea.actions.selectorLabels" . }}
 app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
 version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "gitea.actions.labels.actRunner" -}}
 helm.sh/chart: {{ include "gitea.actions.chart" . }}
 app: {{ include "gitea.actions.name" . }}-act-runner
 {{ include "gitea.actions.selectorLabels.actRunner" . }}
 app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
 version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Selector labels
 */}}
 {{- define "gitea.actions.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "gitea.actions.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "gitea.actions.selectorLabels.actRunner" -}}
 app.kubernetes.io/name: {{ include "gitea.actions.name" . }}-act-runner
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "gitea.actions.local_root_url" -}}
  {{- .Values.giteaRootURL -}}
 {{- end -}}
 {{/*
 Parse the http url to hostname + port separated by space for the nc command
 */}}
 {{- define "gitea.actions.nc" -}}
 {{- $url := include "gitea.actions.local_root_url" . | urlParse -}}
 {{- $host := get $url "host" -}}
 {{- $scheme := get $url "scheme" -}}
 {{- $port := "80" -}}
 {{- if contains ":" $host -}}
    {{- $hostAndPort := regexSplit ":" $host 2 -}}
    {{- $host = index $hostAndPort 0 -}}
    {{- $port = index $hostAndPort 1 -}}
 {{- else if eq $scheme "https" -}}
    {{- $port = "443" -}}
 {{- else if eq $scheme "http" -}}
    {{- $port = "80" -}}
 {{- end -}}
 {{- printf "%s %s" $host $port -}}
 {{- end -}}
--- a/charts/gitea-actions/templates/config-map.yaml
+++ b/charts/gitea-actions/templates/config-map.yaml
@@ -0,0 +1,15 @@
 {{- if .Values.enabled }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "gitea.actions.fullname" . }}-act-runner-config
  namespace: {{ .Values.namespace | default .Release.Namespace }}
  labels:
    {{- include "gitea.actions.labels" . | nindent 4 }}
 data:
  config.yaml: |
    {{- with .Values.statefulset.actRunner.config -}}
    {{ . | nindent 4}}
    {{- end -}}
 {{- end }}
--- a/charts/gitea-actions/templates/stateful-set.yaml
+++ b/charts/gitea-actions/templates/stateful-set.yaml
@@ -0,0 +1,127 @@
 {{- if .Values.enabled }}
 ---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  labels:
    {{- include "gitea.actions.labels.actRunner" . | nindent 4 }}
    {{- with .Values.statefulset.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  annotations:
    {{- with .Values.statefulset.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "gitea.actions.fullname" . }}-act-runner
  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
  replicas: {{ .Values.statefulset.replicas }}
  selector:
    matchLabels:
      {{- include "gitea.actions.selectorLabels.actRunner" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "gitea.actions.labels.actRunner" . | nindent 8 }}
        {{- with .Values.statefulset.labels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      initContainers:
        - name: init-gitea
          image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
          command:
            - sh
            - -c
            - |
              while ! nc -z {{ include "gitea.actions.nc" . }}; do
                sleep 5
              done
      containers:
        - name: act-runner
          image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"
          imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
          workingDir: /data
          env:
            - name: DOCKER_HOST
              value: tcp://127.0.0.1:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/server
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.existingSecret | default "gitea-actions-token" }}"
                  key: "{{ .Values.existingSecretKey | default "token" }}"
            - name: GITEA_INSTANCE_URL
              value: {{ include "gitea.actions.local_root_url" . }}
            - name: CONFIG_FILE
              value: /actrunner/config.yaml
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /actrunner/config.yaml
              name: act-runner-config
              subPath: config.yaml
            - mountPath: /certs/server
              name: docker-certs
            - mountPath: /data
              name: data-act-runner
            {{- with .Values.statefulset.actRunner.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
        - name: dind
          image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}"
          imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
          env:
            - name: DOCKER_HOST
              value: tcp://127.0.0.1:2376
            - name: DOCKER_TLS_VERIFY
              value: "1"
            - name: DOCKER_CERT_PATH
              value: /certs/server
            {{- if .Values.statefulset.dind.extraEnvs }}
            {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
            {{- end }}
          securityContext:
            privileged: true
          resources:
            {{- toYaml .Values.statefulset.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /certs/server
              name: docker-certs
            {{- with .Values.statefulset.dind.extraVolumeMounts }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
      {{- range $key, $value := .Values.statefulset.nodeSelector }}
      nodeSelector:
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- with .Values.statefulset.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.statefulset.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
        - name: act-runner-config
          configMap:
            name: {{ include "gitea.actions.fullname" . }}-act-runner-config
        - name: docker-certs
          emptyDir: {}
        {{- with .Values.statefulset.extraVolumes }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
  volumeClaimTemplates:
    - metadata:
        name: data-act-runner
      spec:
        accessModes: [ "ReadWriteOnce" ]
        {{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
        resources:
          requests:
            storage: {{ .Values.statefulset.persistence.size }}
 {{- end }}
--- a/charts/gitea-actions/values.yaml
+++ b/charts/gitea-actions/values.yaml
@@ -0,0 +1,147 @@
 # Configure Gitea Actions
 # - must enable persistence if the job is enabled
 ## @section Gitea Actions
 #
 ## @param enabled Create an act runner StatefulSet.
 ## @param init.image.repository The image used for the init containers
 ## @param init.image.tag The image tag used for the init containers
 ## @param statefulset.annotations Act runner annotations
 ## @param statefulset.labels Act runner labels
 ## @param statefulset.resources Act runner resources
 ## @param statefulset.nodeSelector NodeSelector for the statefulset
 ## @param statefulset.tolerations Tolerations for the statefulset
 ## @param statefulset.affinity Affinity for the statefulset
 ## @param statefulset.extraVolumes Extra volumes for the statefulset
 ## @param statefulset.actRunner.repository The Gitea act runner image
 ## @param statefulset.actRunner.tag The Gitea act runner tag
 ## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
 ## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
 ## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
 ## @param statefulset.dind.repository The Docker-in-Docker image
 ## @param statefulset.dind.tag The Docker-in-Docker image tag
 ## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
 ## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
 ## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
 ## @param statefulset.persistence.size Size for persistence to store act runner data
 ## @param provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret
 ## @param provisioning.annotations Job's annotations
 ## @param provisioning.labels Job's labels
 ## @param provisioning.resources Job's resources
 ## @param provisioning.nodeSelector NodeSelector for the job
 ## @param provisioning.tolerations Tolerations for the job
 ## @param provisioning.affinity Affinity for the job
 ## @param provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed
 ## @param provisioning.publish.repository The image that can create the secret via kubectl
 ## @param provisioning.publish.tag The publish image tag that can create the secret
 ## @param provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret
 ## @param existingSecret Secret that contains the token
 ## @param existingSecretKey Secret key
 ## @param giteaRootURL URL the act_runner registers and connect with
 enabled: false
 statefulset:
  replicas: 1
  annotations: {}
  labels: {}
  resources: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  extraVolumes: []
  actRunner:
    repository: gitea/act_runner
    tag: 0.2.11
    pullPolicy: IfNotPresent
    extraVolumeMounts: []
    # See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
    config: |
      log:
        level: debug
      cache:
        enabled: false
  dind:
    repository: docker
    tag: 25.0.2-dind
    pullPolicy: IfNotPresent
    extraVolumeMounts: []
    # If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
    # See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456
    extraEnvs:
      []
      #  - name: "DOCKER_IPTABLES_LEGACY"
      #    value: "1"
  persistence:
    size: 1Gi
 init:
  image:
    repository: busybox
    tag: "1.37.0"
 ## Specify an existing token secret
 ##
 existingSecret: ""
 existingSecretKey: ""
 ## Specify the root URL of the Gitea instance
 giteaRootURL: ""
 ## @section Persistence
 #
 ## @param persistence.enabled Enable persistent storage
 ## @param persistence.create Whether to create the persistentVolumeClaim for shared storage
 ## @param persistence.mount Whether the persistentVolumeClaim should be mounted (even if not created)
 ## @param persistence.claimName Use an existing claim to store repository information
 ## @param persistence.size Size for persistence to store repo information
 ## @param persistence.accessModes AccessMode for persistence
 ## @param persistence.labels Labels for the persistence volume claim to be created
 ## @param persistence.annotations.helm.sh/resource-policy Resource policy for the persistence volume claim
 ## @param persistence.storageClass Name of the storage class to use
 ## @param persistence.subPath Subdirectory of the volume to mount at
 ## @param persistence.volumeName Name of persistent volume in PVC
 persistence:
  enabled: true
  create: true
  mount: true
  claimName: gitea-shared-storage
  size: 10Gi
  accessModes:
    - ReadWriteOnce
  labels: {}
  storageClass:
  subPath:
  volumeName: ""
  annotations:
    helm.sh/resource-policy: keep
 ## @section Image
 ## @param image.registry image registry, e.g. gcr.io,docker.io
 ## @param image.repository Image to start for this pod
 ## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
 ## @param image.digest Image digest. Allows to pin the given image tag. Useful for having control over mutable tags like `latest`
 ## @param image.pullPolicy Image pull policy
 ## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
 ## @param image.fullOverride Completely overrides the image registry, path/image, tag and digest. **Adjust `image.rootless` accordingly and review [Rootless defaults](#rootless-defaults).**
 image:
  registry: "docker.gitea.com"
  repository: gitea
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""
  digest: ""
  pullPolicy: IfNotPresent
  rootless: true
  fullOverride: ""
 ## @section Global
 #
 ## @param global.imageRegistry global image registry override
 ## @param global.storageClass global storage class override
 global:
  imageRegistry: ""
  storageClass: ""
  nameOverride: ""
  fullnameOverride: ""
--- a/charts/postgres-cluster/Chart.yaml
+++ b/charts/postgres-cluster/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 5.0.3
+version: 6.4.4
 description: Cloudnative-pg Cluster
 keywords:
  - database
@@ -11,4 +11,4 @@ sources:
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
-appVersion: v1.25.1
+appVersion: v1.26.0
--- a/charts/postgres-cluster/README.md
+++ b/charts/postgres-cluster/README.md
@@ -1,6 +1,6 @@
 # postgres-cluster
-![Version: 5.0.3](https://img.shields.io/badge/Version-5.0.3-informational?style=flat-square) ![AppVersion: v1.25.1](https://img.shields.io/badge/AppVersion-v1.25.1-informational?style=flat-square)
+![Version: 6.4.4](https://img.shields.io/badge/Version-6.4.4-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
 Cloudnative-pg Cluster
@@ -19,34 +19,17 @@ Cloudnative-pg Cluster
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backup | object | `{"backupIndex":1,"backupName":"","data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","enabled":false,"endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","retentionPolicy":"30d","scheduledBackups":[{"backupOwnerReference":"self","method":"barmanObjectStore","name":"daily-backup","schedule":"0 0 */3 * *"}],"wal":{"compression":"snappy","encryption":"","maxParallel":1}}` | Backup settings |
+| backup | object | `{"enabled":false,"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
 | backup.backupIndex | int | `1` | Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}" |
 | backup.backupName | string | `""` | Override ame of the backup cluster in the object store, defaults to "cluster.name" |
 | backup.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | backup.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
 | backup.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
 | backup.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
 | backup.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
-| backup.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
+| backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
-| backup.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
+| backup.objectStore | list | `[]` | Options for object store backups |
-| backup.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
+| backup.scheduledBackups | list | `[]` | List of scheduled backups |
-| backup.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" |
+| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
 | backup.retentionPolicy | string | `"30d"` | Retention policy for backups |
 | backup.scheduledBackups[0].backupOwnerReference | string | `"self"` | Backup owner reference |
 | backup.scheduledBackups[0].method | string | `"barmanObjectStore"` | Backup method, can be `barmanObjectStore` (default) or `volumeSnapshot` |
 | backup.scheduledBackups[0].name | string | `"daily-backup"` | Scheduled backup name |
 | backup.scheduledBackups[0].schedule | string | `"0 0 */3 * *"` | Schedule in cron format |
 | backup.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
 | backup.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | backup.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
 | backup.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
 | cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.4-3-bullseye"},"imageCatalogRef":{},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
 | cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
 | cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
-| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.4-3-bullseye"}` | Default image |
+| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"}` | Default image |
 | cluster.imageCatalogRef | object | `{}` | Reference to `ImageCatalog` of `ClusterImageCatalog`, if specified takes precedence over `cluster.imageName` |
 | cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
 | cluster.initdb | object | `{}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
@@ -76,13 +59,11 @@ Cloudnative-pg Cluster
 | cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
 | cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
 | cluster.storage | object | `{"size":"10Gi","storageClass":""}` | Default storage size |
 | imageCatalog.create | bool | `false` | Whether to provision an image catalog. If imageCatalog.images is empty this option will be ignored. |
 | imageCatalog.images | list | `[]` | List of images to be provisioned in an image catalog. |
 | mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup |
 | nameOverride | string | `""` | Override the name of the cluster |
 | namespaceOverride | string | `""` | Override the namespace of the chart |
 | poolers | list | `[]` | List of PgBouncer poolers |
-| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","owner":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
+| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"https://nyc3.digitaloceanspaces.com","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
 | recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
 | recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
 | recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
@@ -101,6 +82,7 @@ Cloudnative-pg Cluster
 | recovery.import.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
 | recovery.import.type | string | `"microservice"` | One of `microservice` or `monolith.` See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works |
 | recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported). * `pgBaseBackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to        migrate databases to CloudNativePG, even from outside Kubernetes. * `import` - Import one or more databases from an existing Postgres cluster. |
 | recovery.objectStore.clusterName | string | `""` | Override the name of the backup cluster, defaults to "cluster.name" |
 | recovery.objectStore.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | recovery.objectStore.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
 | recovery.objectStore.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
@@ -109,12 +91,12 @@ Cloudnative-pg Cluster
 | recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
 | recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
 | recovery.objectStore.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
-| recovery.objectStore.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
+| recovery.objectStore.endpointURL | string | `"https://nyc3.digitaloceanspaces.com"` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
 | recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
 | recovery.objectStore.name | string | `"recovery"` | Object store backup name |
 | recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
 | recovery.objectStore.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
 | recovery.objectStore.pitrTarget.time | string | `""` | Time in RFC3339 format |
 | recovery.objectStore.recoveryIndex | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }} |
 | recovery.objectStore.recoveryServerName | string | `""` | Override name of the recovery cluster in the object store, defaults to "cluster.name" |
 | recovery.objectStore.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
 | recovery.objectStore.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | recovery.objectStore.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
@@ -127,10 +109,7 @@ Cloudnative-pg Cluster
 | recovery.pgBaseBackup.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
 | recovery.pgBaseBackup.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
 | recovery.pgBaseBackup.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
-| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` * `timescaledb` * `tensorchord` |
+| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `tensorchord` |
 | version.postgis | string | `"3.5"` | If using PostGIS, specify the version |
 | version.postgresql | string | `"17"` | PostgreSQL major version to use |
 | version.timescaledb | string | `"2.15"` | If using TimescaleDB, specify the version |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
--- a/charts/postgres-cluster/templates/_backup.tpl
+++ b/charts/postgres-cluster/templates/_backup.tpl
@@ -1,34 +0,0 @@
 {{- define "cluster.backup" -}}
 {{- if .Values.backup.enabled }}
 backup:
  retentionPolicy: {{ .Values.backup.retentionPolicy }}
  barmanObjectStore:
    destinationPath: {{ .Values.backup.destinationPath }}
    endpointURL: {{ .Values.backup.endpointURL }}
    {{- if .Values.backup.endpointCA }}
    endpointCA:
      name: {{ .Values.backup.endpointCA.name }}
      key: {{ .Values.backup.endpointCA.key }}
    {{- end }}
    serverName: "{{ include "cluster.backupName" . }}-backup-{{ .Values.backup.backupIndex }}"
    wal:
      compression: {{ .Values.backup.wal.compression }}
      {{- with .Values.backup.wal.encryption}}
      encryption: {{ . }}
      {{- end }}
      maxParallel: {{ .Values.backup.wal.maxParallel }}
    data:
      compression: {{ .Values.backup.data.compression }}
      {{- with .Values.backup.data.encryption }}
      encryption: {{ . }}
      {{- end }}
      jobs: {{ .Values.backup.data.jobs }}
    s3Credentials:
      accessKeyId:
        name: {{ include "cluster.backupCredentials" . }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: {{ include "cluster.backupCredentials" . }}
        key: ACCESS_SECRET_KEY
 {{- end }}
 {{- end }}
--- a/charts/postgres-cluster/templates/_bootstrap.tpl
+++ b/charts/postgres-cluster/templates/_bootstrap.tpl
@@ -14,16 +14,9 @@ bootstrap:
    {{- if eq .Values.type "tensorchord" }}
    dataChecksums: true
    {{- end }}
-    {{- if or (eq .Values.type "postgis") (eq .Values.type "timescaledb") (eq .Values.type "tensorchord") (.Values.cluster.initdb.postInitApplicationSQL) }}
+    {{- if or (eq .Values.type "tensorchord") (.Values.cluster.initdb.postInitApplicationSQL) }}
    postInitApplicationSQL:
-      {{- if eq .Values.type "postgis" }}
+      {{- if eq .Values.type "tensorchord" }}
      - CREATE EXTENSION IF NOT EXISTS postgis;
      - CREATE EXTENSION IF NOT EXISTS postgis_topology;
      - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
      - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
      {{- else if eq .Values.type "timescaledb" }}
      - CREATE EXTENSION IF NOT EXISTS timescaledb;
      {{- else if eq .Values.type "tensorchord" }}
      - ALTER SYSTEM SET search_path TO "$user", public, vectors;
      - SET search_path TO "$user", public, vectors;
      - CREATE EXTENSION IF NOT EXISTS "vectors";
@@ -105,7 +98,7 @@ externalClusters:
 externalClusters:
  {{- include "cluster.externalSourceCluster" (list "importSource" .Values.recovery.import.source) | nindent 2 }}
-{{- else if eq .Values.mode "backup" }}
+{{- else if eq .Values.recovery.method "backup" }}
  recovery:
    {{- with .Values.recovery.backup.pitrTarget.time }}
    recoveryTarget:
@@ -120,7 +113,7 @@ externalClusters:
    backup:
      name: {{ .Values.recovery.backup.backupName }}
-{{- else if eq .Values.mode "objectStore" }}
+{{- else if eq .Values.recovery.method "objectStore" }}
  recovery:
    {{- with .Values.recovery.objectStore.pitrTarget.time }}
    recoveryTarget:
@@ -136,34 +129,13 @@ externalClusters:
 externalClusters:
  - name: {{ include "cluster.recoveryServerName" . }}
-    barmanObjectStore:
+    plugin:
-      serverName: {{ include "cluster.recoveryServerName" . }}
+      name: barman-cloud.cloudnative-pg.io
-      endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
+      enabled: true
-      destinationPath: {{ .Values.recovery.objectStore.destinationPath }}
+      isWALArchiver: false
-      {{- if .Values.recovery.objectStore.endpointCA }}
+      parameters:
-      endpointCA:
+        barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
-        name: {{ .Values.recovery.objectStore.endpointCA.name }}
+        serverName: {{ include "cluster.recoveryServerName" . }}
        key: {{ .Values.recovery.objectStore.endpointCA.key }}
      {{- end }}
      s3Credentials:
        accessKeyId:
          name: {{ include "cluster.recoveryCredentials" . }}
          key: ACCESS_KEY_ID
        secretAccessKey:
          name: {{ include "cluster.recoveryCredentials" . }}
          key: ACCESS_SECRET_KEY
      wal:
        compression: {{ .Values.recovery.objectStore.wal.compression }}
        {{- with .Values.recovery.objectStore.wal.encryption}}
        encryption: {{ . }}
        {{- end }}
        maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
      data:
        compression: {{ .Values.recovery.objectStore.data.compression }}
        {{- with .Values.recovery.objectStore.data.encryption }}
        encryption: {{ . }}
        {{- end }}
        jobs: {{ .Values.recovery.objectStore.data.jobs }}
 {{-  else }}
  {{ fail "Invalid recovery mode!" }}
--- a/charts/postgres-cluster/templates/_helpers.tpl
+++ b/charts/postgres-cluster/templates/_helpers.tpl
@@ -23,9 +23,12 @@ Common labels
 helm.sh/chart: {{ include "cluster.chart" $ }}
 {{ include "cluster.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/version: {{ .Chart.Version | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- with .Values.cluster.additionalLabels }}
 {{ toYaml . }}
 {{- end }}
 {{- end }}
 {{/*
@@ -34,7 +37,7 @@ Selector labels
 {{- define "cluster.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "cluster.name" $ }}
 app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/part-of: cloudnative-pg
+app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
@@ -48,83 +51,12 @@ Allow the release namespace to be overridden for multi-namespace deployments in
  {{- end -}}
 {{- end -}}
 {{/*
 Whether we need to use TimescaleDB defaults
 */}}
 {{- define "cluster.useTimescaleDBDefaults" -}}
 {{ and (eq .Values.type "timescaledb") .Values.imageCatalog.create (empty .Values.cluster.imageCatalogRef.name) (empty .Values.imageCatalog.images) (empty .Values.cluster.imageName) }}
 {{- end -}}
 {{/*
 Cluster Image Name
 If a custom imageName is available, use it, otherwise use the defaults based on the .Values.type
 */}}
 {{- define "cluster.imageName" -}}
    {{- if .Values.cluster.image.repository -}}
        {{- printf "%s:%s" .Values.cluster.image.repository .Values.cluster.image.tag -}}
    {{- else if eq .Values.type "postgresql" -}}
        {{- printf "ghcr.io/cloudnative-pg/postgresql:%s" .Values.version.postgresql -}}
    {{- else if eq .Values.type "postgis" -}}
        {{- printf "ghcr.io/cloudnative-pg/postgis:%s-%s" .Values.version.postgresql .Values.version.postgis -}}
    {{- else -}}
        {{ fail "Invalid cluster type!" }}
    {{- end }}
 {{- end -}}
 {{/*
 Cluster Image
 If imageCatalogRef defined, use it, otherwise calculate ordinary imageName.
 */}}
 {{- define "cluster.image" }}
 {{- if .Values.cluster.imageCatalogRef.name }}
 imageCatalogRef:
  apiGroup: postgresql.cnpg.io
  {{- toYaml .Values.cluster.imageCatalogRef | nindent 2 }}
  major: {{ include "cluster.postgresqlMajor" . }}
 {{- else if and .Values.imageCatalog.create (not (empty .Values.imageCatalog.images )) }}
 imageCatalogRef:
  apiGroup: postgresql.cnpg.io
  kind: ImageCatalog
  name: {{ include "cluster.name" . }}
  major: {{ include "cluster.postgresqlMajor" . }}
 {{- else if eq (include "cluster.useTimescaleDBDefaults" .) "true" -}}
 imageCatalogRef:
  apiGroup: postgresql.cnpg.io
  kind: ImageCatalog
  name: {{ include "cluster.name" . }}-timescaledb-ha
  major: {{ include "cluster.postgresqlMajor" . }}
 {{- else }}
 imageName: {{ include "cluster.imageName" . }}
 {{- end }}
 {{- end }}
 {{/*
 Generate name for object store credentials
 */}}
 {{- define "cluster.recoveryCredentials" -}}
  {{- if .Values.recovery.endpointCredentials -}}
    {{- .Values.recovery.endpointCredentials -}}
  {{- else -}}
    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{- define "cluster.backupCredentials" -}}
  {{- if .Values.backup.endpointCredentials -}}
    {{- .Values.backup.endpointCredentials -}}
  {{- else -}}
    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Postgres UID
 */}}
 {{- define "cluster.postgresUID" -}}
  {{- if ge (int .Values.cluster.postgresUID) 0 -}}
    {{- .Values.cluster.postgresUID }}
  {{- else if and (eq (include "cluster.useTimescaleDBDefaults" .) "true") (eq .Values.type "timescaledb") -}}
    {{- 1000 -}}
  {{- else -}}
    {{- 26 -}}
  {{- end -}}
@@ -136,24 +68,11 @@ Postgres GID
 {{- define "cluster.postgresGID" -}}
  {{- if ge (int .Values.cluster.postgresGID) 0 -}}
    {{- .Values.cluster.postgresGID }}
  {{- else if and (eq (include "cluster.useTimescaleDBDefaults" .) "true") (eq .Values.type "timescaledb") -}}
    {{- 1000 -}}
  {{- else -}}
    {{- 26 -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Generate backup server name
 */}}
 {{- define "cluster.backupName" -}}
  {{- if .Values.backup.backupName -}}
    {{- .Values.backup.backupName -}}
  {{- else -}}
    {{ include "cluster.name" . }}
  {{- end }}
 {{- end }}
 {{/*
 Generate recovery server name
 */}}
@@ -161,6 +80,24 @@ Generate recovery server name
  {{- if .Values.recovery.recoveryServerName -}}
    {{- .Values.recovery.recoveryServerName -}}
  {{- else -}}
-    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate name for recovery object store credentials
 */}}
 {{- define "cluster.recoveryCredentials" -}}
  {{- if .Values.recovery.endpointCredentials -}}
    {{- .Values.recovery.endpointCredentials -}}
  {{- else -}}
    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate name for backup object store credentials
 */}}
 {{- define "cluster.backupCredentials" -}}
    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
 {{- end }}
--- a/charts/postgres-cluster/templates/cluster.yaml
+++ b/charts/postgres-cluster/templates/cluster.yaml
@@ -9,20 +9,39 @@ metadata:
  {{- end }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  instances: {{ .Values.cluster.instances }}
  {{- include "cluster.image" . | nindent 2 }}
  imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
-  imagePullPolicy: {{ .Values.cluster.image.imagePullPolicy }}
+  imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
-  {{- with .Values.cluster.image.imagePullSecrets }}
+  {{- with .Values.cluster.imagePullSecrets }}
  imagePullSecrets:
    {{- . | toYaml | nindent 4 }}
  {{- end }}
  postgresUID: {{ include "cluster.postgresUID" . }}
  postgresGID: {{ include "cluster.postgresGID" . }}
  {{ if or (eq .Values.backup.method "objectStore") (eq .Values.recovery.method "objectStore") }}
  plugins:
  {{ end }}
  {{- range $objectStore := .Values.backup.objectStore }}
    - name: barman-cloud.cloudnative-pg.io
      enabled: true
      isWALArchiver: {{ $objectStore.isWALArchiver | default true }}
      parameters:
        barmanObjectName: "{{ include "cluster.name" $ }}-{{ $objectStore.name }}-backup"
        {{- if $objectStore.clusterName }}
        serverName: "{{ $objectStore.clusterName }}-backup-{{ $objectStore.index }}"
        {{- else }}
        serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
        {{- end }}
  {{- end }}
  {{ if eq .Values.recovery.method "objectStore" }}
    - name: barman-cloud.cloudnative-pg.io
      enabled: true
      isWALArchiver: false
      parameters:
        barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
        serverName: {{ include "cluster.recoveryServerName" . }}
  {{ end }}
  storage:
    size: {{ .Values.cluster.storage.size }}
    {{- if not (empty .Values.cluster.storage.storageClass) }}
@@ -62,11 +81,8 @@ spec:
  enablePDB: {{ .Values.cluster.enablePDB }}
  postgresql:
-    {{- if or (eq .Values.type "timescaledb") (eq .Values.type "tensorchord") (not (empty .Values.cluster.postgresql.shared_preload_libraries)) }}
+    {{- if or (eq .Values.type "tensorchord") (not (empty .Values.cluster.postgresql.shared_preload_libraries)) }}
    shared_preload_libraries:
      {{- if eq .Values.type "timescaledb" }}
      - timescaledb
      {{- end }}
      {{- if eq .Values.type "tensorchord" }}
      - vectors.so
      {{- end }}
@@ -140,4 +156,3 @@ spec:
    {{- end }}
  {{ include "cluster.bootstrap" . | nindent 2 }}
  {{ include "cluster.backup" . | nindent 2 }}
--- a/charts/postgres-cluster/templates/config-map.yaml
+++ b/charts/postgres-cluster/templates/config-map.yaml
@@ -2,14 +2,11 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "cluster.name" . }}-monitoring
+  name: {{ include "cluster.name" $ }}-monitoring
-  namespace: {{ include "cluster.namespace" . }}
+  namespace: {{ include "cluster.namespace" $ }}
  labels:
    cnpg.io/reload: ""
-    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.labels" $ | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 data:
  custom-queries: |
    {{- range .Values.cluster.monitoring.customQueries }}
--- a/charts/postgres-cluster/templates/image-catalog.yaml
+++ b/charts/postgres-cluster/templates/image-catalog.yaml
@@ -1,18 +0,0 @@
 {{ if and .Values.imageCatalog.create (not (empty .Values.imageCatalog.images )) }}
 apiVersion: postgresql.cnpg.io/v1
 kind: ImageCatalog
 metadata:
  name: {{ include "cluster.name" . }}-image-catalog
  namespace: {{ include "cluster.namespace" . }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  images:
    {{- range $image := .Values.imageCatalog.images }}
    - image: {{ $image.image }}
      major: {{ $image.major }}
    {{- end }}
 {{- end }}
--- a/charts/postgres-cluster/templates/object-store.yaml
+++ b/charts/postgres-cluster/templates/object-store.yaml
@@ -0,0 +1,93 @@
 {{ if and (.Values.backup.enabled) (eq .Values.backup.method "objectStore") }}
 {{ $context := . -}}
 {{ range .Values.backup.objectStore -}}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
  name: "{{ include "cluster.name" $context }}-{{ .name }}-backup"
  namespace: {{ include "cluster.namespace" $context }}
  labels:
    {{- include "cluster.labels" $context | nindent 4 }}
 spec:
  retentionPolicy: {{ .retentionPolicy | default "30d" }}
  configuration:
    destinationPath: {{ .destinationPath | required "Destination path is required" }}
    endpointURL: {{ .endpointURL | default "https://nyc3.digitaloceanspaces.com" }}
    {{- if .endpointCA }}
    endpointCA:
      name: {{ .endpointCA.name }}
      key: {{ .endpointCA.key }}
    {{- end }}
    {{- if .wal }}
    wal:
      compression: {{ .wal.compression | default "snappy" }}
      {{ with .wal.encryption }}
      encryption: {{ . }}
      {{ end }}
      maxParallel: {{ .wal.maxParallel | default "1" }}
    {{- end }}
    {{- if .wal }}
    data:
      compression: {{ .data.compression | default "snappy"  }}
      {{- with .data.encryption }}
      encryption: {{ . }}
      {{- end }}
      jobs: {{ .data.jobs | default 1 }}
    {{- end }}
    s3Credentials:
      accessKeyId:
        {{- if .endpointCredentials }}
        name: {{ .endpointCredentials }}
        {{- else }}
        name: {{ include "cluster.backupCredentials" $context }}
        {{- end }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        {{- if .endpointCredentials }}
        name: {{ .endpointCredentials }}
        {{- else }}
        name: {{ include "cluster.backupCredentials" $context }}
        {{- end }}
        key: ACCESS_SECRET_KEY
 {{ end -}}
 {{ end }}
 {{ if eq .Values.recovery.method "objectStore" }}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
  name: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
  namespace: {{ include "cluster.namespace" . }}
  labels:
    {{- include "cluster.labels" . | nindent 4 }}
 spec:
  configuration:
    destinationPath: {{ .Values.recovery.objectStore.destinationPath }}
    endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
    {{- if .Values.recovery.objectStore.endpointCA.name }}
    endpointCA:
      name: {{ .Values.recovery.objectStore.endpointCA.name }}
      key: {{ .Values.recovery.objectStore.endpointCA.key }}
    {{- end }}
    wal:
      compression: {{ .Values.recovery.objectStore.wal.compression }}
      {{- with .Values.recovery.objectStore.wal.encryption}}
      encryption: {{ . }}
      {{- end }}
      maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
    data:
      compression: {{ .Values.recovery.objectStore.data.compression }}
      {{- with .Values.recovery.objectStore.data.encryption }}
      encryption: {{ . }}
      {{- end }}
      jobs: {{ .Values.recovery.objectStore.data.jobs }}
    s3Credentials:
      accessKeyId:
        name: {{ include "cluster.recoveryCredentials" . }}
        key: ACCESS_KEY_ID
      secretAccessKey:
        name: {{ include "cluster.recoveryCredentials" . }}
        key: ACCESS_SECRET_KEY
 {{ end }}
--- a/charts/postgres-cluster/templates/poolers.yaml
+++ b/charts/postgres-cluster/templates/poolers.yaml
@@ -6,10 +6,7 @@ metadata:
  name: {{ include "cluster.name" $  }}-pooler-{{ .name }}
  namespace: {{ include "cluster.namespace" $ }}
  labels:
-    {{- include "cluster.labels" . | nindent 4 }}
+    {{- include "cluster.labels" $ | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  cluster:
    name: {{ include "cluster.name" $ }}
--- a/charts/postgres-cluster/templates/prometheus-rule.yaml
+++ b/charts/postgres-cluster/templates/prometheus-rule.yaml
@@ -6,9 +6,6 @@ metadata:
  namespace: {{ include "cluster.namespace" $ }}
  labels:
    {{- include "cluster.labels" $ | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
  groups:
    - name: cloudnative-pg/{{ include "cluster.name" . }}
--- a/charts/postgres-cluster/templates/scheduled-backup.yaml
+++ b/charts/postgres-cluster/templates/scheduled-backup.yaml
@@ -5,18 +5,21 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: {{ include "cluster.name" $context }}-{{ .name }}-scheduled-backup
+  name: "{{ include "cluster.name" $context }}-{{ .name }}-scheduled-backup"
-  namespace: {{ include "cluster.namespace" $ }}
+  namespace: {{ include "cluster.namespace" $context }}
  labels:
-    {{- include "cluster.labels" $ | nindent 4 }}
+    {{- include "cluster.labels" $context | nindent 4 }}
  {{- with .Values.cluster.additionalLabels }}
    {{ toYaml . | nindent 4 }}
  {{- end }}
 spec:
-  immediate: true
+  immediate: {{ .immediate | default true }}
-  schedule: {{ .schedule | quote }}
+  suspend: {{ .suspend | default false }}
-  backupOwnerReference: {{ .backupOwnerReference }}
+  schedule: {{ .schedule | quote | required "Schedule is required" }}
  backupOwnerReference: {{ .backupOwnerReference | default "self" }}
  cluster:
-    name: {{ include "cluster.name" $context }}
+    name: {{ include "cluster.name" $context }}-cluster
  method: plugin
  pluginConfiguration:
    name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
    parameters:
      barmanObjectName: "{{ include "cluster.name" $context }}-{{ .backupName }}-backup"
 {{ end -}}
 {{ end }}
--- a/charts/postgres-cluster/values.yaml
+++ b/charts/postgres-cluster/values.yaml
@@ -6,32 +6,9 @@ namespaceOverride: ""
 # -- Type of the CNPG database. Available types:
 # * `postgresql`
 # * `postgis`
 # * `timescaledb`
 # * `tensorchord`
 type: postgresql
 imageCatalog:
  # -- Whether to provision an image catalog. If imageCatalog.images is empty this option will be ignored.
  create: false
  # -- List of images to be provisioned in an image catalog.
  images: []
    # - image: ghcr.io/your_repo/your_image:your_tag
    #   major: 16
 version:
  # -- PostgreSQL major version to use
  postgresql: "17"
  # -- If using TimescaleDB, specify the version
  timescaledb: "2.15"
  # -- If using PostGIS, specify the version
  postgis: "3.5"
 # -- Cluster mode of operation. Available modes:
 # * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
 # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
@@ -44,12 +21,7 @@ cluster:
  # -- Default image
  image:
    repository: ghcr.io/cloudnative-pg/postgresql
-    tag: "17.4-3-bullseye"
+    tag: "17.5-1-bullseye"
  # -- Reference to `ImageCatalog` of `ClusterImageCatalog`, if specified takes precedence over `cluster.imageName`
  imageCatalogRef: {}
    # kind: ImageCatalog
    # name: postgresql
  # -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
  # More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
@@ -287,10 +259,8 @@ recovery:
    # -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
    owner: ""
-    # -- Overrides the provider specific default endpoint. Defaults to:
+    # -- Object store backup name
-    # S3: https://s3.<region>.amazonaws.com"
+    name: recovery
    # Leave empty if using the default S3 endpoint
    endpointURL: ""
    # -- Overrides the provider specific default path. Defaults to:
    # S3: s3://<bucket><path>
@@ -298,14 +268,25 @@ recovery:
    # Google: gs://<bucket><path>
    destinationPath: ""
    # -- Overrides the provider specific default endpoint. Defaults to:
    # S3: https://s3.<region>.amazonaws.com"
    # Leave empty if using the default S3 endpoint
    endpointURL: "https://nyc3.digitaloceanspaces.com"
    # -- Specifies a CA bundle to validate a privately signed certificate.
    endpointCA:
      # -- Creates a secret with the given value if true, otherwise uses an existing secret.
      create: false
      name: ""
      key: ""
    # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
    index: 1
    # -- Override the name of the backup cluster, defaults to "cluster.name"
    clusterName: ""
    # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
    endpointCredentials: ""
@@ -331,12 +312,6 @@ recovery:
      # -- Number of data files to be archived or restored in parallel.
      jobs: 1
    # -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
    recoveryIndex: 1
    # -- Override name of the recovery cluster in the object store, defaults to "cluster.name"
    recoveryServerName: ""
  # See https://cloudnative-pg.io/documentation/current/bootstrap/#bootstrap-from-a-live-cluster-pg_basebackup
  pgBaseBackup:
@@ -445,70 +420,95 @@ backup:
  # -- You need to configure backups manually, so backups are disabled by default.
  enabled: false
-  # -- Overrides the provider specific default endpoint. Defaults to:
+  # -- Method to create backups, options currently are only objectStore
-  # S3: https://s3.<region>.amazonaws.com"
+  method: objectStore
  endpointURL: ""  # Leave empty if using the default S3 endpoint
-  # -- Specifies a CA bundle to validate a privately signed certificate.
+  # -- Options for object store backups
-  endpointCA:
+  objectStore: []
    # -- Creates a secret with the given value if true, otherwise uses an existing secret.
    create: false
    name: ""
    key: ""
-  # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+    # -
-  endpointCredentials: ""
+    #   # -- Object store backup name
    #   name: external
-  # -- Overrides the provider specific default path. Defaults to:
+    #   # -- Overrides the provider specific default path. Defaults to:
-  # S3: s3://<bucket><path>
+    #   # S3: s3://<bucket><path>
-  # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
+    #   # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
-  # Google: gs://<bucket><path>
+    #   # Google: gs://<bucket><path>
-  destinationPath: ""
+    #   destinationPath: ""
-  # -- Storage
+    #   # -- Overrides the provider specific default endpoint. Defaults to:
-  wal:
+    #   # https://nyc3.digitaloceanspaces.com
    #   endpointURL: ""
-    # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    #   # -- Specifies a CA bundle to validate a privately signed certificate.
-    compression: snappy
+    #   endpointCA:
    #     # -- Creates a secret with the given value if true, otherwise uses an existing secret.
    #     create: false
-    # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    #     name: ""
-    encryption: ""
+    #     key: ""
-    # -- Number of WAL files to be archived or restored in parallel.
+    #   # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
-    maxParallel: 1
+    #   index: 1
-  data:
+    #   # -- Override the name of the backup cluster, defaults to "cluster.name"
-    # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    #   clusterName: ""
    compression: snappy
-    # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    #   # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
-    encryption: ""
+    #   endpointCredentials: ""
-    # -- Number of data files to be archived or restored in parallel.
+    #   # -- Retention policy for backups
-    jobs: 1
+    #   retentionPolicy: "30d"
-  scheduledBackups:
+    #   # -- Specificies if this backup will do WALs
-    -
+    #   isWALArchiver: true
      # -- Scheduled backup name
      name: daily-backup
-      # -- Schedule in cron format
+    #   # -- Storage
-      schedule: "0 0 */3 * *"
+    #   wal:
-      # -- Backup owner reference
+    #     # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-      backupOwnerReference: self
+    #     compression: snappy
-      # -- Backup method, can be `barmanObjectStore` (default) or `volumeSnapshot`
+    #     # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-      method: barmanObjectStore
+    #     encryption: ""
-  # -- Retention policy for backups
+    #     # -- Number of WAL files to be archived or restored in parallel.
-  retentionPolicy: "30d"
+    #     maxParallel: 1
-  # -- Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
+    #   data:
-  backupIndex: 1
+    #     # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    #     compression: snappy
-  # -- Override ame of the backup cluster in the object store, defaults to "cluster.name"
+    #     # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-  backupName: ""
+    #     encryption: ""
    #     # -- Number of data files to be archived or restored in parallel.
    #     jobs: 1
  # -- List of scheduled backups
  scheduledBackups: []
    # -
    #   # -- Scheduled backup name
    #   name: daily-backup
    #   # -- Schedule in cron format
    #   schedule: "0 0 0 * * *"
    #   # -- Start backup on deployment
    #   immediate: false
    #   # -- Temporarily stop scheduled backups from running
    #   suspend: false
    #   # -- Backup owner reference
    #   backupOwnerReference: self
    #   # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
    #   plugin: barman-cloud.cloudnative-pg.io
    #   # -- Name of backup target
    #   backupName: external
 # -- List of PgBouncer poolers
 poolers: []
Author	SHA1	Message	Date
Alex Lebens	3683209b23	release chart All checks were successful release-charts-gitea-actions / release (push) Successful in 33s Details renovate / renovate (push) Successful in 2m18s Details	2025-06-06 14:14:54 -05:00
Alex Lebens	2be7e3789c	add release workflow All checks were successful renovate / renovate (push) Successful in 1m5s Details	2025-06-06 14:07:50 -05:00
Alex Lebens	f5bb3e2403	add gitea actions Some checks failed renovate / renovate (push) Has been cancelled Details	2025-06-06 14:05:44 -05:00
Alex Lebens	0ef4b6ba3c	upgrade chart All checks were successful release-charts-generic-device-plugin / release (push) Successful in 14s Details renovate / renovate (push) Successful in 1m16s Details	2025-06-04 21:08:11 -05:00
Alex Lebens	7f46106a10	add renovate All checks were successful renovate / renovate (push) Successful in 3m31s Details	2025-06-04 21:03:47 -05:00
Alex Lebens	71dbdbf9df	bump chart version All checks were successful release-charts-postgres-cluster / release (push) Successful in 15s Details	2025-05-29 16:40:26 -05:00
Alex Lebens	1e17a769dc	change default schedule recomend Some checks failed release-charts-cloudfbarman-cloudlared / release (push) Failing after 5s Details release-charts-postgres-cluster / release (push) Successful in 15s Details	2025-05-28 14:45:19 -05:00
Alex Lebens	78024a129f	fix sync issues All checks were successful release-charts-postgres-cluster / release (push) Successful in 24s Details	2025-05-24 12:42:38 -05:00
Alex Lebens	5cca3b2717	add barman All checks were successful release-charts-postgres-cluster / release (push) Successful in 17s Details	2025-05-24 12:38:46 -05:00
Alex Lebens	a70137cfbd	fix serername All checks were successful release-charts-postgres-cluster / release (push) Successful in 21s Details	2025-05-24 12:07:30 -05:00
Alex Lebens	dc4df55373	fix client mountg All checks were successful release-charts-cloudfbarman-cloudlared / release (push) Successful in 35s Details	2025-05-24 12:02:30 -05:00
Alex Lebens	a3f42e13ce	fix client mount All checks were successful release-charts-cloudfbarman-cloudlared / release (push) Successful in 28s Details	2025-05-24 11:57:30 -05:00
Alex Lebens	a48262f115	upgrade chart All checks were successful release-charts-cloudfbarman-cloudlared / release (push) Successful in 16s Details	2025-05-24 11:52:07 -05:00
Alex Lebens	bd458a3a3d	fix service account All checks were successful release-charts-cloudfbarman-cloudlared / release (push) Successful in 27s Details	2025-05-24 11:49:16 -05:00
Alex Lebens	3aa9113d24	fix service account All checks were successful release-charts-cloudfbarman-cloudlared / release (push) Successful in 19s Details	2025-05-24 11:45:45 -05:00
Alex Lebens	1fe8881dfb	update values All checks were successful release-charts-cloudfbarman-cloudlared / release (push) Successful in 21s Details	2025-05-24 11:41:21 -05:00
Alex Lebens	fa6067e68b	add workflow All checks were successful release-charts-cloudfbarman-cloudlared / release (push) Successful in 14s Details	2025-05-24 11:37:32 -05:00
Alex Lebens	8a50f22e31	add barman	2025-05-24 11:35:29 -05:00
Alex Lebens	deaa0c94d8	add default endpoint All checks were successful release-charts-postgres-cluster / release (push) Successful in 44s Details	2025-05-24 03:16:01 -05:00
Alex Lebens	e251ff65ef	add default endpoint All checks were successful release-charts-postgres-cluster / release (push) Successful in 23s Details	2025-05-24 03:12:17 -05:00
Alex Lebens	245212e878	fix issues, no default backups All checks were successful release-charts-postgres-cluster / release (push) Successful in 18s Details	2025-05-24 03:09:47 -05:00
Alex Lebens	a7150e1d20	fix boolean All checks were successful release-charts-postgres-cluster / release (push) Successful in 39s Details	2025-05-24 02:15:47 -05:00
Alex Lebens	8d67cc9209	change values handling in backup All checks were successful release-charts-postgres-cluster / release (push) Successful in 12s Details	2025-05-24 02:07:42 -05:00
Alex Lebens	e57f859564	change method All checks were successful release-charts-postgres-cluster / release (push) Successful in 18s Details	2025-05-24 01:41:10 -05:00
Alex Lebens	e98973b467	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 17s Details	2025-05-24 01:35:57 -05:00
Alex Lebens	cb5c199d03	fix name helper Some checks failed release-charts-postgres-cluster / release (push) Failing after 18s Details	2025-05-24 01:19:55 -05:00
Alex Lebens	df4bb2acd7	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 19s Details	2025-05-24 01:14:01 -05:00
Alex Lebens	7f494fcc1e	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 25s Details	2025-05-24 01:12:11 -05:00
Alex Lebens	337aee6940	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 24s Details	2025-05-24 01:09:03 -05:00
Alex Lebens	74c2bca3ae	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 36s Details	2025-05-24 01:06:02 -05:00
Alex Lebens	e1a2ee71f8	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 21s Details	2025-05-24 01:03:23 -05:00
Alex Lebens	37478087d4	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 32s Details	2025-05-24 01:01:06 -05:00
Alex Lebens	9af2f7d52a	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 27s Details	2025-05-24 00:57:59 -05:00
Alex Lebens	ab89f723a7	fix name helper All checks were successful release-charts-postgres-cluster / release (push) Successful in 24s Details	2025-05-24 00:54:42 -05:00
Alex Lebens	884cae31a3	update to use object store crd Some checks failed release-charts-postgres-cluster / release (push) Failing after 1m9s Details	2025-05-24 00:39:04 -05:00
Alex Lebens	9c2afe436d	add ntfy action	2025-05-17 20:55:52 -05:00
Alex Lebens	e0b707fa32	upgrade common chart All checks were successful release-charts-cloudflared / release (push) Successful in 36s Details	2025-05-16 15:54:03 -05:00
Alex Lebens	2b02da90fd	update image All checks were successful release-charts-cloudflared / release (push) Successful in 31s Details	2025-05-15 20:21:36 -05:00
Alex Lebens	225ffc6c7e	update image All checks were successful release-charts-postgres-cluster / release (push) Successful in 13s Details	2025-05-14 23:07:11 -05:00
Alex Lebens	fa470296b9	fix recovery method All checks were successful release-charts-postgres-cluster / release (push) Successful in 12s Details	2025-05-14 13:29:36 -05:00
Alex Lebens	336a6f2815	change check All checks were successful release-charts-postgres-cluster / release (push) Successful in 13s Details	2025-05-13 21:10:49 -05:00
Alex Lebens	406737ed6a	fix cluster name All checks were successful release-charts-postgres-cluster / release (push) Successful in 20s Details	2025-05-13 21:04:25 -05:00
Alex Lebens	ffcd5139ef	change labels All checks were successful release-charts-postgres-cluster / release (push) Successful in 47s Details	2025-05-13 20:58:06 -05:00