fix sync issues

.gitea/workflows/release-charts-barman-cloud.yml

@@ -0,0 +1,66 @@
+name: release-charts-cloudfbarman-cloudlared
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/barman-cloud/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/barman-cloud"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

charts/barman-cloud/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: barman-cloud
+version: 0.2.5
+description: Barman Cloud Plugin
+keywords:
+  - barman-cloud
+  - cloudnative-pg
+sources:
+  - https://github.com/cloudnative-pg/plugin-barman-cloud
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.0.1
+icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
+appVersion: v.0.4.0

charts/barman-cloud/README.md

@@ -0,0 +1,33 @@
+# barman-cloud
+
+![Version: 0.2.5](https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square) ![AppVersion: v.0.4.0](https://img.shields.io/badge/AppVersion-v.0.4.0-informational?style=flat-square)
+
+Barman Cloud Plugin
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/cloudnative-pg/plugin-barman-cloud>
+* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/plugin-barman-cloud","tag":"v0.4.0"}` | Default image |
+| name | string | `"barman-cloud"` | Name override of release |
+| service | object | `{"listenPort":9090}` | Default service |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/barman-cloud/templates/certificate.yaml

@@ -0,0 +1,46 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.name }}-client
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  commonName: {{ .Values.name }}-client
+  duration: 2160h
+  isCA: false
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: selfsigned-issuer
+  renewBefore: 360h
+  secretName: {{ .Values.name }}-client-tls
+  usages:
+    - client auth
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.name }}-server
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  commonName: {{ .Values.name }}
+  dnsNames:
+    - {{ .Values.name }}
+  duration: 2160h
+  isCA: false
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: selfsigned-issuer
+  renewBefore: 360h
+  secretName: {{ .Values.name }}-server-tls
+  usages:
+    - server auth

charts/barman-cloud/templates/cluster-role-binding.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-auth-rolebinding
+  labels:
+    app.kubernetes.io/name: metrics-auth-rolebinding
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}-barman-cloud
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: plugin-barman-cloud-binding
+  labels:
+    app.kubernetes.io/name: plugin-barman-cloud
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: plugin-barman-cloud
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}-barman-cloud
+  namespace: {{ .Release.Namespace }}

charts/barman-cloud/templates/cluster-role.yaml

@@ -0,0 +1,157 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-auth-role
+  labels:
+    app.kubernetes.io/name: metrics-auth-role
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+  labels:
+    app.kubernetes.io/name: metrics-reader
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: objectstore-editor-role
+  labels:
+    app.kubernetes.io/name: objectstore-editor-role
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores/status
+    verbs:
+      - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: objectstore-viewer-role
+  labels:
+    app.kubernetes.io/name: objectstore-viewer-role
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores/status
+    verbs:
+      - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: plugin-barman-cloud
+  labels:
+    app.kubernetes.io/name: plugin-barman-cloud
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - postgresql.cnpg.io
+    resources:
+      - backups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - rolebindings
+      - roles
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - watch

charts/barman-cloud/templates/common.yaml

@@ -0,0 +1,99 @@
+{{ include "bjw-s.common.loader.init" . }}
+
+{{ define "barman-cloud.hardcodedValues" }}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: deployment
+    labels:
+      app: {{ .Values.name }}
+    replicas: 1
+    strategy: Recreate
+    serviceAccount:
+      name: {{ .Release.Name }}-barman-cloud
+    pod:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      selector:
+        matchLabels:
+          app: {{ .Values.name }}
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - operator
+          - --server-cert=/server/tls.crt
+          - --server-key=/server/tls.key
+          - --client-cert=/client/tls.crt
+          - --server-address=:{{ .Values.service.listenPort }}
+          - --leader-elect
+          - --log-level=debug
+        env:
+          - name: SIDECAR_IMAGE
+            valueFrom:
+              secretKeyRef:
+                key: SIDECAR_IMAGE
+                name: plugin-barman-cloud-m76km67hd7
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+          readOnlyRootFilesystem: true
+          runAsGroup: 10001
+          runAsUser: 10001
+          seccompProfile:
+            type: RuntimeDefault
+serviceAccount:
+  barman-cloud:
+    enabled: true
+service:
+  main:
+    controller: main
+    annotations:
+      cnpg.io/pluginPort: "{{ .Values.service.listenPort }}"
+      cnpg.io/pluginClientSecret: {{ .Values.name }}-client-tls
+      cnpg.io/pluginServerSecret: {{ .Values.name }}-server-tls
+    labels:
+      app: {{ .Values.name }}
+      cnpg.io/pluginName: barman-cloud.cloudnative-pg.io
+    ports:
+      http:
+        port: {{ .Values.service.listenPort }}
+        protocol: TCP
+        targetPort: {{ .Values.service.listenPort }}
+persistence:
+  server-tls:
+    enabled: true
+    type: secret
+    name: {{ .Values.name }}-server-tls
+    advancedMounts:
+      main:
+        main:
+          - path: /server
+            readOnly: true
+            mountPropagation: None
+  client-tls:
+    enabled: true
+    type: secret
+    name: {{ .Values.name }}-client-tls
+    advancedMounts:
+      main:
+        main:
+          - path: /client
+            readOnly: true
+            mountPropagation: None
+
+{{ end }}
+{{ $_ := mergeOverwrite .Values (include "barman-cloud.hardcodedValues" . | fromYaml) }}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/barman-cloud/templates/custom-resource-definition.yaml

@@ -0,0 +1,627 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.18.0
+  name: objectstores.barmancloud.cnpg.io
+spec:
+  group: barmancloud.cnpg.io
+  names:
+    kind: ObjectStore
+    listKind: ObjectStoreList
+    plural: objectstores
+    singular: objectstore
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: ObjectStore is the Schema for the objectstores API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: |-
+              Specification of the desired behavior of the ObjectStore.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+            properties:
+              configuration:
+                description: The configuration for the barman-cloud tool suite
+                properties:
+                  azureCredentials:
+                    description: The credentials to use to upload data to Azure Blob
+                      Storage
+                    properties:
+                      connectionString:
+                        description: The connection string to be used
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      inheritFromAzureAD:
+                        description: Use the Azure AD based authentication without
+                          providing explicitly the keys.
+                        type: boolean
+                      storageAccount:
+                        description: The storage account where to upload data
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      storageKey:
+                        description: |-
+                          The storage account key to be used in conjunction
+                          with the storage account name
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      storageSasToken:
+                        description: |-
+                          A shared-access-signature to be used in conjunction with
+                          the storage account name
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                    type: object
+                  data:
+                    description: |-
+                      The configuration to be used to backup the data files
+                      When not defined, base backups files will be stored uncompressed and may
+                      be unencrypted in the object store, according to the bucket default
+                      policy.
+                    properties:
+                      additionalCommandArgs:
+                        description: |-
+                          AdditionalCommandArgs represents additional arguments that can be appended
+                          to the 'barman-cloud-backup' command-line invocation. These arguments
+                          provide flexibility to customize the backup process further according to
+                          specific requirements or configurations.
+
+                          Example:
+                          In a scenario where specialized backup options are required, such as setting
+                          a specific timeout or defining custom behavior, users can use this field
+                          to specify additional command arguments.
+
+                          Note:
+                          It's essential to ensure that the provided arguments are valid and supported
+                          by the 'barman-cloud-backup' command, to avoid potential errors or unintended
+                          behavior during execution.
+                        items:
+                          type: string
+                        type: array
+                      compression:
+                        description: |-
+                          Compress a backup file (a tar file per tablespace) while streaming it
+                          to the object store. Available options are empty string (no
+                          compression, default), `gzip`, `bzip2`, and `snappy`.
+                        enum:
+                        - bzip2
+                        - gzip
+                        - snappy
+                        type: string
+                      encryption:
+                        description: |-
+                          Whenever to force the encryption of files (if the bucket is
+                          not already configured for that).
+                          Allowed options are empty string (use the bucket policy, default),
+                          `AES256` and `aws:kms`
+                        enum:
+                        - AES256
+                        - aws:kms
+                        type: string
+                      immediateCheckpoint:
+                        description: |-
+                          Control whether the I/O workload for the backup initial checkpoint will
+                          be limited, according to the `checkpoint_completion_target` setting on
+                          the PostgreSQL server. If set to true, an immediate checkpoint will be
+                          used, meaning PostgreSQL will complete the checkpoint as soon as
+                          possible. `false` by default.
+                        type: boolean
+                      jobs:
+                        description: |-
+                          The number of parallel jobs to be used to upload the backup, defaults
+                          to 2
+                        format: int32
+                        minimum: 1
+                        type: integer
+                    type: object
+                  destinationPath:
+                    description: |-
+                      The path where to store the backup (i.e. s3://bucket/path/to/folder)
+                      this path, with different destination folders, will be used for WALs
+                      and for data
+                    minLength: 1
+                    type: string
+                  endpointCA:
+                    description: |-
+                      EndpointCA store the CA bundle of the barman endpoint.
+                      Useful when using self-signed certificates to avoid
+                      errors with certificate issuer and barman-cloud-wal-archive
+                    properties:
+                      key:
+                        description: The key to select
+                        type: string
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  endpointURL:
+                    description: |-
+                      Endpoint to be used to upload data to the cloud,
+                      overriding the automatic endpoint discovery
+                    type: string
+                  googleCredentials:
+                    description: The credentials to use to upload data to Google Cloud
+                      Storage
+                    properties:
+                      applicationCredentials:
+                        description: The secret containing the Google Cloud Storage
+                          JSON file with the credentials
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      gkeEnvironment:
+                        description: |-
+                          If set to true, will presume that it's running inside a GKE environment,
+                          default to false.
+                        type: boolean
+                    type: object
+                  historyTags:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      HistoryTags is a list of key value pairs that will be passed to the
+                      Barman --history-tags option.
+                    type: object
+                  s3Credentials:
+                    description: The credentials to use to upload data to S3
+                    properties:
+                      accessKeyId:
+                        description: The reference to the access key id
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      inheritFromIAMRole:
+                        description: Use the role based authentication without providing
+                          explicitly the keys.
+                        type: boolean
+                      region:
+                        description: The reference to the secret containing the region
+                          name
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      secretAccessKey:
+                        description: The reference to the secret access key
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      sessionToken:
+                        description: The references to the session key
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                    type: object
+                  serverName:
+                    description: |-
+                      The server name on S3, the cluster name is used if this
+                      parameter is omitted
+                    type: string
+                  tags:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      Tags is a list of key value pairs that will be passed to the
+                      Barman --tags option.
+                    type: object
+                  wal:
+                    description: |-
+                      The configuration for the backup of the WAL stream.
+                      When not defined, WAL files will be stored uncompressed and may be
+                      unencrypted in the object store, according to the bucket default policy.
+                    properties:
+                      archiveAdditionalCommandArgs:
+                        description: |-
+                          Additional arguments that can be appended to the 'barman-cloud-wal-archive'
+                          command-line invocation. These arguments provide flexibility to customize
+                          the WAL archive process further, according to specific requirements or configurations.
+
+                          Example:
+                          In a scenario where specialized backup options are required, such as setting
+                          a specific timeout or defining custom behavior, users can use this field
+                          to specify additional command arguments.
+
+                          Note:
+                          It's essential to ensure that the provided arguments are valid and supported
+                          by the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended
+                          behavior during execution.
+                        items:
+                          type: string
+                        type: array
+                      compression:
+                        description: |-
+                          Compress a WAL file before sending it to the object store. Available
+                          options are empty string (no compression, default), `gzip`, `bzip2`,
+                          `lz4`, `snappy`, `xz`, and `zstd`.
+                        enum:
+                        - bzip2
+                        - gzip
+                        - lz4
+                        - snappy
+                        - xz
+                        - zstd
+                        type: string
+                      encryption:
+                        description: |-
+                          Whenever to force the encryption of files (if the bucket is
+                          not already configured for that).
+                          Allowed options are empty string (use the bucket policy, default),
+                          `AES256` and `aws:kms`
+                        enum:
+                        - AES256
+                        - aws:kms
+                        type: string
+                      maxParallel:
+                        description: |-
+                          Number of WAL files to be either archived in parallel (when the
+                          PostgreSQL instance is archiving to a backup object store) or
+                          restored in parallel (when a PostgreSQL standby is fetching WAL
+                          files from a recovery object store). If not specified, WAL files
+                          will be processed one at a time. It accepts a positive integer as a
+                          value - with 1 being the minimum accepted value.
+                        minimum: 1
+                        type: integer
+                      restoreAdditionalCommandArgs:
+                        description: |-
+                          Additional arguments that can be appended to the 'barman-cloud-wal-restore'
+                          command-line invocation. These arguments provide flexibility to customize
+                          the WAL restore process further, according to specific requirements or configurations.
+
+                          Example:
+                          In a scenario where specialized backup options are required, such as setting
+                          a specific timeout or defining custom behavior, users can use this field
+                          to specify additional command arguments.
+
+                          Note:
+                          It's essential to ensure that the provided arguments are valid and supported
+                          by the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended
+                          behavior during execution.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                required:
+                - destinationPath
+                type: object
+                x-kubernetes-validations:
+                - fieldPath: .serverName
+                  message: use the 'serverName' plugin parameter in the Cluster resource
+                  reason: FieldValueForbidden
+                  rule: '!has(self.serverName)'
+              instanceSidecarConfiguration:
+                description: The configuration for the sidecar that runs in the instance
+                  pods
+                properties:
+                  env:
+                    description: The environment to be explicitly passed to the sidecar
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: |-
+                            Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in the container and
+                            any service environment variables. If a variable cannot be resolved,
+                            the reference in the input string will be unchanged. Double $$ are reduced
+                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless of whether the variable
+                            exists or not.
+                            Defaults to "".
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  default: ""
+                                  description: |-
+                                    Name of the referent.
+                                    This field is effectively required, but due to backwards compatibility is
+                                    allowed to be empty. Instances of this type with an empty value here are
+                                    almost certainly wrong.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: |-
+                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: |-
+                                Selects a resource of the container: only resources limits and requests
+                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  default: ""
+                                  description: |-
+                                    Name of the referent.
+                                    This field is effectively required, but due to backwards compatibility is
+                                    allowed to be empty. Instances of this type with an empty value here are
+                                    almost certainly wrong.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  resources:
+                    description: Resources define cpu/memory requests and limits for
+                      the sidecar that runs in the instance pods.
+                    properties:
+                      claims:
+                        description: |-
+                          Claims lists the names of resources, defined in spec.resourceClaims,
+                          that are used by this container.
+
+                          This is an alpha field and requires enabling the
+                          DynamicResourceAllocation feature gate.
+
+                          This field is immutable. It can only be set for containers.
+                        items:
+                          description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                          properties:
+                            name:
+                              description: |-
+                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                the Pod where this field is used. It makes that resource available
+                                inside a container.
+                              type: string
+                            request:
+                              description: |-
+                                Request is the name chosen for a request in the referenced claim.
+                                If empty, everything from the claim is made available, otherwise
+                                only the result of this request.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: |-
+                          Limits describes the maximum amount of compute resources allowed.
+                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: |-
+                          Requests describes the minimum amount of compute resources required.
+                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                        type: object
+                    type: object
+                  retentionPolicyIntervalSeconds:
+                    default: 1800
+                    description: |-
+                      The retentionCheckInterval defines the frequency at which the
+                      system checks and enforces retention policies.
+                    type: integer
+                type: object
+              retentionPolicy:
+                description: |-
+                  RetentionPolicy is the retention policy to be used for backups
+                  and WALs (i.e. '60d'). The retention policy is expressed in the form
+                  of `XXu` where `XX` is a positive integer and `u` is in `[dwm]` -
+                  days, weeks, months.
+                pattern: ^[1-9][0-9]*[dwm]$
+                type: string
+            required:
+            - configuration
+            type: object
+          status:
+            description: |-
+              Most recently observed status of the ObjectStore. This data may not be up to
+              date. Populated by the system. Read-only.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+            properties:
+              serverRecoveryWindow:
+                additionalProperties:
+                  description: |-
+                    RecoveryWindow represents the time span between the first
+                    recoverability point and the last successful backup of a PostgreSQL
+                    server, defining the period during which data can be restored.
+                  properties:
+                    firstRecoverabilityPoint:
+                      description: |-
+                        The first recoverability point in a PostgreSQL server refers to
+                        the earliest point in time to which the database can be
+                        restored.
+                      format: date-time
+                      type: string
+                    lastSuccussfulBackupTime:
+                      description: The last successful backup time
+                      format: date-time
+                      type: string
+                  type: object
+                description: ServerRecoveryWindow maps each server to its recovery
+                  window
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

charts/barman-cloud/templates/issuer.yaml

@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  selfSigned: {}

charts/barman-cloud/templates/role-binding.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: leader-election-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: plugin-barman-cloud
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}-barman-cloud
+  namespace: {{ .Release.Namespace }}

charts/barman-cloud/templates/role.yaml

@@ -0,0 +1,41 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: leader-election-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: leader-election-role
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch

charts/barman-cloud/templates/secret.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: plugin-barman-cloud-m76km67hd7
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+type: Opaque
+data:
+  SIDECAR_IMAGE: |
+    Z2hjci5pby9jbG91ZG5hdGl2ZS1wZy9wbHVnaW4tYmFybWFuLWNsb3VkLXNpZGVjYXI6dj
+    AuNC4w

charts/barman-cloud/values.yaml

@@ -0,0 +1,12 @@
+# -- Name override of release
+name: barman-cloud
+
+# -- Default image
+image:
+  repository: ghcr.io/cloudnative-pg/plugin-barman-cloud
+  tag: "v0.4.0"
+  pullPolicy: IfNotPresent
+
+# -- Default service
+service:
+  listenPort: 9090

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 6.0.5
+version: 6.4.2
 description: Cloudnative-pg Cluster
 keywords:
   - database

charts/postgres-cluster/README.md

@@ -1,6 +1,6 @@
 # postgres-cluster
 
-![Version: 6.0.5](https://img.shields.io/badge/Version-6.0.5-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
+![Version: 6.4.2](https://img.shields.io/badge/Version-6.4.2-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
 
 Cloudnative-pg Cluster
 
@@ -19,33 +19,11 @@ Cloudnative-pg Cluster
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backup | object | `{"enabled":false,"method":"objectStore","objectStore":[{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","index":1,"isWALArchiver":true,"name":"external","retentionPolicy":"30d","wal":{"compression":"snappy","encryption":"","maxParallel":1}}],"scheduledBackups":[{"backupName":"external","backupOwnerReference":"self","name":"daily-backup","plugin":"barman-cloud.cloudnative-pg.io","schedule":"0 0 */3 * *","suspend":false}]}` | Backup settings |
+| backup | object | `{"enabled":false,"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
 | backup.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
 | backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
-| backup.objectStore | list | `[{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","index":1,"isWALArchiver":true,"name":"external","retentionPolicy":"30d","wal":{"compression":"snappy","encryption":"","maxParallel":1}}]` | Options for object store backups |
+| backup.objectStore | list | `[]` | Options for object store backups |
-| backup.objectStore[0].clusterName | string | `""` | Override the name of the backup cluster, defaults to "cluster.name" |
+| backup.scheduledBackups | list | `[]` | List of scheduled backups |
-| backup.objectStore[0].data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
-| backup.objectStore[0].data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| backup.objectStore[0].data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
-| backup.objectStore[0].destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
-| backup.objectStore[0].endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
-| backup.objectStore[0].endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
-| backup.objectStore[0].endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
-| backup.objectStore[0].endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" |
-| backup.objectStore[0].index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
-| backup.objectStore[0].isWALArchiver | bool | `true` | Specificies if this backup will do WALs |
-| backup.objectStore[0].name | string | `"external"` | Object store backup name |
-| backup.objectStore[0].retentionPolicy | string | `"30d"` | Retention policy for backups |
-| backup.objectStore[0].wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
-| backup.objectStore[0].wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
-| backup.objectStore[0].wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
-| backup.objectStore[0].wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
-| backup.scheduledBackups[0].backupName | string | `"external"` | Name of backup target |
-| backup.scheduledBackups[0].backupOwnerReference | string | `"self"` | Backup owner reference |
-| backup.scheduledBackups[0].name | string | `"daily-backup"` | Scheduled backup name |
-| backup.scheduledBackups[0].plugin | string | `"barman-cloud.cloudnative-pg.io"` | Backup method, can be `barman-cloud.cloudnative-pg.io` (default) |
-| backup.scheduledBackups[0].schedule | string | `"0 0 */3 * *"` | Schedule in cron format |
-| backup.scheduledBackups[0].suspend | bool | `false` | Temporarily stop scheduled backups from running |
 | cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
@@ -85,7 +63,7 @@ Cloudnative-pg Cluster
 | nameOverride | string | `""` | Override the name of the cluster |
 | namespaceOverride | string | `""` | Override the namespace of the chart |
 | poolers | list | `[]` | List of PgBouncer poolers |
-| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
+| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"https://nyc3.digitaloceanspaces.com","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
 | recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
 | recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
 | recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
@@ -113,7 +91,7 @@ Cloudnative-pg Cluster
 | recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
 | recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
 | recovery.objectStore.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
-| recovery.objectStore.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
+| recovery.objectStore.endpointURL | string | `"https://nyc3.digitaloceanspaces.com"` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
 | recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
 | recovery.objectStore.name | string | `"recovery"` | Object store backup name |
 | recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -131,6 +131,8 @@ externalClusters:
   - name: {{ include "cluster.recoveryServerName" . }}
     plugin:
       name: barman-cloud.cloudnative-pg.io
+      enabled: true
+      isWALArchiver: false
       parameters:
         barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
         serverName: {{ include "cluster.recoveryServerName" . }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 Expand the name of the chart.
 */}}
 {{- define "cluster.name" -}}
-  {{- if not (empty .Values.nameOverride ) }}
+  {{- if .Values.nameOverride }}
     {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
   {{- else }}
     {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
@@ -80,7 +80,7 @@ Generate recovery server name
   {{- if .Values.recovery.recoveryServerName -}}
     {{- .Values.recovery.recoveryServerName -}}
   {{- else -}}
-    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
 {{- end }}
 
@@ -94,3 +94,10 @@ Generate name for recovery object store credentials
     {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
 {{- end }}
+
+{{/*
+Generate name for backup object store credentials
+*/}}
+{{- define "cluster.backupCredentials" -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -19,22 +19,28 @@ spec:
   {{- end }}
   postgresUID: {{ include "cluster.postgresUID" . }}
   postgresGID: {{ include "cluster.postgresGID" . }}
-  {{ if or (and (.Values.backup.enabled) (eq .Values.backup.method "objectStore")) (eq .Values.recovery.method "objectStore") }}
+  {{ if or (eq .Values.backup.method "objectStore") (eq .Values.recovery.method "objectStore") }}
   plugins:
   {{ end }}
-  {{ if and (.Values.backup.enabled) (eq .Values.backup.method "objectStore") }}
+  {{- range $objectStore := .Values.backup.objectStore }}
-  {{ $context := . -}}
-  {{ range .Values.backup.objectStore -}}
     - name: barman-cloud.cloudnative-pg.io
-      isWALArchiver: {{ $context.isWALArchiver }}
+      enabled: true
+      isWALArchiver: {{ $objectStore.isWALArchiver | default true }}
       parameters:
-        barmanObjectName: "{{ include "cluster.name" . }}-{{ $context.name }}-backup"
+        barmanObjectName: "{{ include "cluster.name" $ }}-{{ $objectStore.name }}-backup"
-  {{ end -}}
+        {{- if $objectStore.clusterName }}
-  {{ end }}
+        serverName: "{{ $objectStore.clusterName }}-backup-{{ $objectStore.index }}"
+        {{- else }}
+        serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
+        {{- end }}
+  {{- end }}
   {{ if eq .Values.recovery.method "objectStore" }}
     - name: barman-cloud.cloudnative-pg.io
+      enabled: true
+      isWALArchiver: false
       parameters:
         barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
+        serverName: {{ include "cluster.recoveryServerName" . }}
   {{ end }}
   storage:
     size: {{ .Values.cluster.storage.size }}

charts/postgres-cluster/templates/object-store.yaml

@@ -5,50 +5,49 @@
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
 metadata:
-  name: "{{ include "cluster.name" $context }}-{{ $context.name }}-backup"
+  name: "{{ include "cluster.name" $context }}-{{ .name }}-backup"
   namespace: {{ include "cluster.namespace" $context }}
   labels:
     {{- include "cluster.labels" $context | nindent 4 }}
 spec:
-  retentionPolicy: {{ $context.retentionPolicy }}
+  retentionPolicy: {{ .retentionPolicy | default "30d" }}
   configuration:
-    destinationPath: {{ $context.destinationPath }}
+    destinationPath: {{ .destinationPath | required "Destination path is required" }}
-    endpointURL: {{ $context.endpointURL }}
+    endpointURL: {{ .endpointURL | default "https://nyc3.digitaloceanspaces.com" }}
-    {{- if not (empty $context.endpointCA.name) }}
+    {{- if .endpointCA }}
     endpointCA:
-      name: {{ $context.endpointCA.name }}
+      name: {{ .endpointCA.name }}
-      key: {{ $context.endpointCA.key }}
+      key: {{ .endpointCA.key }}
-    {{- end }}
-    {{- if not (empty $context.clusterName) }}
-    serverName: "{{ $context.clusterName }}-backup-{{ $context.index }}"
-    {{- else }}
-    serverName: "{{ include "cluster.name" $context }}-backup-{{ $context.index }}"
     {{- end }}
+    {{- if .wal }}
     wal:
-      compression: {{ $context.wal.compression }}
+      compression: {{ .wal.compression | default "snappy" }}
-      {{- with $context.wal.encryption}}
+      {{ with .wal.encryption }}
       encryption: {{ . }}
+      {{ end }}
+      maxParallel: {{ .wal.maxParallel | default "1" }}
     {{- end }}
-      maxParallel: {{ $context.wal.maxParallel }}
+    {{- if .wal }}
     data:
-      compression: {{ $context.data.compression }}
+      compression: {{ .data.compression | default "snappy"  }}
-      {{- with $context.data.encryption }}
+      {{- with .data.encryption }}
       encryption: {{ . }}
       {{- end }}
-      jobs: {{ $context.data.jobs }}
+      jobs: {{ .data.jobs | default 1 }}
+    {{- end }}
     s3Credentials:
       accessKeyId:
-        {{- if not (empty $context.endpointCredentials) }}
+        {{- if .endpointCredentials }}
-        name: {{ $context.endpointCredentials }}
+        name: {{ .endpointCredentials }}
         {{- else }}
-        name: {{- printf "%s-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-" -}}
+        name: {{ include "cluster.backupCredentials" $context }}
         {{- end }}
         key: ACCESS_KEY_ID
       secretAccessKey:
-        {{- if not (empty $context.endpointCredentials) }}
+        {{- if .endpointCredentials }}
-        name: {{ $context.endpointCredentials }}
+        name: {{ .endpointCredentials }}
         {{- else }}
-        name: {{- printf "%s-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-" -}}
+        name: {{ include "cluster.backupCredentials" $context }}
         {{- end }}
         key: ACCESS_SECRET_KEY
 {{ end -}}
@@ -67,12 +66,11 @@ spec:
   configuration:
     destinationPath: {{ .Values.recovery.objectStore.destinationPath }}
     endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
-    {{- if not (empty .Values.recovery.objectStore.endpointCA.name) }}
+    {{- if .Values.recovery.objectStore.endpointCA.name }}
     endpointCA:
       name: {{ .Values.recovery.objectStore.endpointCA.name }}
       key: {{ .Values.recovery.objectStore.endpointCA.key }}
     {{- end }}
-    serverName: {{ include "cluster.recoveryServerName" . }}
     wal:
       compression: {{ .Values.recovery.objectStore.wal.compression }}
       {{- with .Values.recovery.objectStore.wal.encryption}}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -5,21 +5,21 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
 metadata:
-  name: "{{ include "cluster.name" $context }}-{{ $context.name }}-scheduled-backup"
+  name: "{{ include "cluster.name" $context }}-{{ .name }}-scheduled-backup"
   namespace: {{ include "cluster.namespace" $context }}
   labels:
     {{- include "cluster.labels" $context | nindent 4 }}
 spec:
-  immediate: true
+  immediate: {{ .immediate | default true }}
-  suspend: {{ $context.suspend }}
+  suspend: {{ .suspend | default false }}
-  schedule: {{ $context.schedule | quote }}
+  schedule: {{ .schedule | quote | required "Schedule is required" }}
-  backupOwnerReference: {{ $context.backupOwnerReference }}
+  backupOwnerReference: {{ .backupOwnerReference | default "self" }}
   cluster:
     name: {{ include "cluster.name" $context }}-cluster
   method: plugin
   pluginConfiguration:
-    name: {{ $context.plugin }}
+    name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
     parameters:
-      barmanObjectName: "{{ include "cluster.name" $context }}-{{ $context.backupName }}-backup"
+      barmanObjectName: "{{ include "cluster.name" $context }}-{{ .backupName }}-backup"
 {{ end -}}
 {{ end }}

charts/postgres-cluster/values.yaml

@@ -271,13 +271,13 @@ recovery:
     # -- Overrides the provider specific default endpoint. Defaults to:
     # S3: https://s3.<region>.amazonaws.com"
     # Leave empty if using the default S3 endpoint
-    endpointURL: ""
+    endpointURL: "https://nyc3.digitaloceanspaces.com"
 
     # -- Specifies a CA bundle to validate a privately signed certificate.
     endpointCA:
-
       # -- Creates a secret with the given value if true, otherwise uses an existing secret.
       create: false
+
       name: ""
       key: ""
 
@@ -424,84 +424,91 @@ backup:
   method: objectStore
 
   # -- Options for object store backups
-  objectStore:
+  objectStore: []
-    -
-      # -- Object store backup name
-      name: external
 
-      # -- Overrides the provider specific default path. Defaults to:
+    # -
-      # S3: s3://<bucket><path>
+    #   # -- Object store backup name
-      # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
+    #   name: external
-      # Google: gs://<bucket><path>
-      destinationPath: ""
 
-      # -- Overrides the provider specific default endpoint. Defaults to:
+    #   # -- Overrides the provider specific default path. Defaults to:
-      # S3: https://s3.<region>.amazonaws.com"
+    #   # S3: s3://<bucket><path>
-      endpointURL: ""  # Leave empty if using the default S3 endpoint
+    #   # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
+    #   # Google: gs://<bucket><path>
+    #   destinationPath: ""
 
-      # -- Specifies a CA bundle to validate a privately signed certificate.
+    #   # -- Overrides the provider specific default endpoint. Defaults to:
-      endpointCA:
+    #   # https://nyc3.digitaloceanspaces.com
-        # -- Creates a secret with the given value if true, otherwise uses an existing secret.
+    #   endpointURL: ""
-        create: false
-        name: ""
-        key: ""
 
-      # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
+    #   # -- Specifies a CA bundle to validate a privately signed certificate.
-      index: 1
+    #   endpointCA:
+    #     # -- Creates a secret with the given value if true, otherwise uses an existing secret.
+    #     create: false
 
-      # -- Override the name of the backup cluster, defaults to "cluster.name"
+    #     name: ""
-      clusterName: ""
+    #     key: ""
 
-      # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
+    #   # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
-      endpointCredentials: ""
+    #   index: 1
 
-      # -- Retention policy for backups
+    #   # -- Override the name of the backup cluster, defaults to "cluster.name"
-      retentionPolicy: "30d"
+    #   clusterName: ""
 
-      # -- Specificies if this backup will do WALs
+    #   # -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
-      isWALArchiver: true
+    #   endpointCredentials: ""
 
-      # -- Storage
+    #   # -- Retention policy for backups
-      wal:
+    #   retentionPolicy: "30d"
 
-        # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    #   # -- Specificies if this backup will do WALs
-        compression: snappy
+    #   isWALArchiver: true
 
-        # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    #   # -- Storage
-        encryption: ""
+    #   wal:
 
-        # -- Number of WAL files to be archived or restored in parallel.
+    #     # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
-        maxParallel: 1
+    #     compression: snappy
 
-      data:
+    #     # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-        # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    #     encryption: ""
-        compression: snappy
 
-        # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
+    #     # -- Number of WAL files to be archived or restored in parallel.
-        encryption: ""
+    #     maxParallel: 1
 
-        # -- Number of data files to be archived or restored in parallel.
+    #   data:
-        jobs: 1
+    #     # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
+    #     compression: snappy
 
-  scheduledBackups:
+    #     # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
-    -
+    #     encryption: ""
-      # -- Scheduled backup name
-      name: daily-backup
 
-      # -- Schedule in cron format
+    #     # -- Number of data files to be archived or restored in parallel.
-      schedule: "0 0 */3 * *"
+    #     jobs: 1
 
-      # -- Temporarily stop scheduled backups from running
+  # -- List of scheduled backups
-      suspend: false
+  scheduledBackups: []
 
-      # -- Backup owner reference
+    # -
-      backupOwnerReference: self
+    #   # -- Scheduled backup name
+    #   name: daily-backup
 
-      # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
+    #   # -- Schedule in cron format
-      plugin: barman-cloud.cloudnative-pg.io
+    #   schedule: "0 0 */3 * *"
 
-      # -- Name of backup target
+    #   # -- Start backup on deployment
-      backupName: external
+    #   immediate: false
+
+    #   # -- Temporarily stop scheduled backups from running
+    #   suspend: false
+
+    #   # -- Backup owner reference
+    #   backupOwnerReference: self
+
+    #   # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
+    #   plugin: barman-cloud.cloudnative-pg.io
+
+    #   # -- Name of backup target
+    #   backupName: external
 
 # -- List of PgBouncer poolers
 poolers: []