upgrade chart

.gitea/workflows/release-charts-barman-cloud.yml

@@ -0,0 +1,66 @@
+name: release-charts-cloudfbarman-cloudlared
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/barman-cloud/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/barman-cloud"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

.gitea/workflows/renovate.yaml

@@ -0,0 +1,30 @@
+name: renovate
+
+on:
+  schedule:
+    - cron: "@daily"
+
+  push:
+    branches:
+      - main
+
+  workflow_dispatch:
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    container: ghcr.io/renovatebot/renovate:40
+    steps:
+      - uses: actions/checkout@v4
+      - run: renovate
+        env:
+          RENOVATE_PLATFORM: gitea
+          RENOVATE_AUTODISCOVER: true
+          RENOVATE_ONBOARDING: true
+          RENOVATE_ENDPOINT: http://gitea-http.gitea:3000
+          RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
+          LOG_LEVEL: debug
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
+          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
+          RENOVATE_REDIS_URL: redis://gitea-renovate-valkey-primary.gitea:6379

charts/generic-device-plugin/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: generic-device-plugin
-version: 0.1.10
+version: 0.2.0
 description: Generic Device Plugin
 keywords:
   - generic-device-plugin
@@ -13,6 +13,6 @@ maintainers:
   - name: alexlebens
 dependencies:
   - name: common
-    repository: https://bjw-s.github.io/helm-charts/
+    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 3.7.3
+    version: 4.0.1
-appVersion: 0.1.10
+appVersion: 0.2.0

charts/generic-device-plugin/README.md

@@ -1,6 +1,6 @@
 # generic-device-plugin
 
-![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![AppVersion: 0.1.10](https://img.shields.io/badge/AppVersion-0.1.10-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square)
 
 Generic Device Plugin
 
@@ -19,7 +19,7 @@ Generic Device Plugin
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
 
 ## Values
 

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 6.2.0
+version: 6.4.4
 description: Cloudnative-pg Cluster
 keywords:
   - database

charts/postgres-cluster/README.md

@@ -1,6 +1,6 @@
 # postgres-cluster
 
-![Version: 6.2.0](https://img.shields.io/badge/Version-6.2.0-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
+![Version: 6.4.4](https://img.shields.io/badge/Version-6.4.4-informational?style=flat-square) ![AppVersion: v1.26.0](https://img.shields.io/badge/AppVersion-v1.26.0-informational?style=flat-square)
 
 Cloudnative-pg Cluster
 
@@ -19,16 +19,11 @@ Cloudnative-pg Cluster
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backup | object | `{"enabled":true,"method":"objectStore","objectStore":[],"scheduledBackups":[{"backupName":"external","backupOwnerReference":"self","name":"daily-backup","plugin":"barman-cloud.cloudnative-pg.io","schedule":"0 0 */3 * *","suspend":false}]}` | Backup settings |
+| backup | object | `{"enabled":false,"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
-| backup.enabled | bool | `true` | You need to configure backups manually, so backups are disabled by default. |
+| backup.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
 | backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
 | backup.objectStore | list | `[]` | Options for object store backups |
-| backup.scheduledBackups[0].backupName | string | `"external"` | Name of backup target |
+| backup.scheduledBackups | list | `[]` | List of scheduled backups |
-| backup.scheduledBackups[0].backupOwnerReference | string | `"self"` | Backup owner reference |
-| backup.scheduledBackups[0].name | string | `"daily-backup"` | Scheduled backup name |
-| backup.scheduledBackups[0].plugin | string | `"barman-cloud.cloudnative-pg.io"` | Backup method, can be `barman-cloud.cloudnative-pg.io` (default) |
-| backup.scheduledBackups[0].schedule | string | `"0 0 */3 * *"` | Schedule in cron format |
-| backup.scheduledBackups[0].suspend | bool | `false` | Temporarily stop scheduled backups from running |
 | cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.5-1-bullseye"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":false,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":false,"excludeRules":[]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":""},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":""}}` | Cluster settings |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
@@ -68,7 +63,7 @@ Cloudnative-pg Cluster
 | nameOverride | string | `""` | Override the name of the cluster |
 | namespaceOverride | string | `""` | Override the namespace of the chart |
 | poolers | list | `[]` | List of PgBouncer poolers |
-| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
+| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationPath":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointURL":"https://nyc3.digitaloceanspaces.com","index":1,"name":"recovery","owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}},"pgBaseBackup":{"database":"app","owner":"","secret":"","source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":""}}}` | Recovery settings when booting cluster from external cluster |
 | recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
 | recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
 | recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
@@ -96,7 +91,7 @@ Cloudnative-pg Cluster
 | recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
 | recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
 | recovery.objectStore.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
-| recovery.objectStore.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
+| recovery.objectStore.endpointURL | string | `"https://nyc3.digitaloceanspaces.com"` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
 | recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
 | recovery.objectStore.name | string | `"recovery"` | Object store backup name |
 | recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -131,6 +131,8 @@ externalClusters:
   - name: {{ include "cluster.recoveryServerName" . }}
     plugin:
       name: barman-cloud.cloudnative-pg.io
+      enabled: true
+      isWALArchiver: false
       parameters:
         barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
         serverName: {{ include "cluster.recoveryServerName" . }}

charts/postgres-cluster/templates/_helpers.tpl

@@ -80,7 +80,7 @@ Generate recovery server name
   {{- if .Values.recovery.recoveryServerName -}}
     {{- .Values.recovery.recoveryServerName -}}
   {{- else -}}
-    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
 {{- end }}
 
@@ -94,3 +94,10 @@ Generate name for recovery object store credentials
     {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
   {{- end }}
 {{- end }}
+
+{{/*
+Generate name for backup object store credentials
+*/}}
+{{- define "cluster.backupCredentials" -}}
+    {{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
+{{- end }}

charts/postgres-cluster/templates/cluster.yaml

@@ -19,22 +19,28 @@ spec:
   {{- end }}
   postgresUID: {{ include "cluster.postgresUID" . }}
   postgresGID: {{ include "cluster.postgresGID" . }}
-  {{ if or (and (.Values.backup.enabled) (eq .Values.backup.method "objectStore")) (eq .Values.recovery.method "objectStore") }}
+  {{ if or (eq .Values.backup.method "objectStore") (eq .Values.recovery.method "objectStore") }}
   plugins:
   {{ end }}
-  {{ if and (.Values.backup.enabled) (eq .Values.backup.method "objectStore") }}
+  {{- range $objectStore := .Values.backup.objectStore }}
-  {{ $context := . -}}
-  {{ range .Values.backup.objectStore -}}
     - name: barman-cloud.cloudnative-pg.io
-      isWALArchiver: {{ .isWALArchiver }}
+      enabled: true
+      isWALArchiver: {{ $objectStore.isWALArchiver | default true }}
       parameters:
-        barmanObjectName: "{{ include "cluster.name" $context }}-{{ .name }}-backup"
+        barmanObjectName: "{{ include "cluster.name" $ }}-{{ $objectStore.name }}-backup"
-  {{ end -}}
+        {{- if $objectStore.clusterName }}
-  {{ end }}
+        serverName: "{{ $objectStore.clusterName }}-backup-{{ $objectStore.index }}"
+        {{- else }}
+        serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
+        {{- end }}
+  {{- end }}
   {{ if eq .Values.recovery.method "objectStore" }}
     - name: barman-cloud.cloudnative-pg.io
+      enabled: true
+      isWALArchiver: false
       parameters:
         barmanObjectName: "{{ include "cluster.name" . }}-{{ .Values.recovery.objectStore.name }}"
+        serverName: {{ include "cluster.recoveryServerName" . }}
   {{ end }}
   storage:
     size: {{ .Values.cluster.storage.size }}

charts/postgres-cluster/templates/object-store.yaml

@@ -19,18 +19,13 @@ spec:
       name: {{ .endpointCA.name }}
       key: {{ .endpointCA.key }}
     {{- end }}
-    {{- if .clusterName }}
-    serverName: "{{ .clusterName }}-backup-{{ .index }}"
-    {{- else }}
-    serverName: "{{ include "cluster.name" $context }}-backup-{{ .index }}"
-    {{- end }}
     {{- if .wal }}
     wal:
       compression: {{ .wal.compression | default "snappy" }}
-      {{- with .wal.encryption }}
+      {{ with .wal.encryption }}
       encryption: {{ . }}
-      {{- end }}
+      {{ end }}
-      maxParallel: {{ .wal.maxParallel | default 1 }}
+      maxParallel: {{ .wal.maxParallel | default "1" }}
     {{- end }}
     {{- if .wal }}
     data:
@@ -45,14 +40,14 @@ spec:
         {{- if .endpointCredentials }}
         name: {{ .endpointCredentials }}
         {{- else }}
-        name: {{- printf "%s-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-" -}}
+        name: {{ include "cluster.backupCredentials" $context }}
         {{- end }}
         key: ACCESS_KEY_ID
       secretAccessKey:
         {{- if .endpointCredentials }}
         name: {{ .endpointCredentials }}
         {{- else }}
-        name: {{- printf "%s-backup-secret" (include "cluster.name" $context) | trunc 63 | trimSuffix "-" -}}
+        name: {{ include "cluster.backupCredentials" $context }}
         {{- end }}
         key: ACCESS_SECRET_KEY
 {{ end -}}
@@ -76,7 +71,6 @@ spec:
       name: {{ .Values.recovery.objectStore.endpointCA.name }}
       key: {{ .Values.recovery.objectStore.endpointCA.key }}
     {{- end }}
-    serverName: {{ include "cluster.recoveryServerName" . }}
     wal:
       compression: {{ .Values.recovery.objectStore.wal.compression }}
       {{- with .Values.recovery.objectStore.wal.encryption}}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -10,15 +10,15 @@ metadata:
   labels:
     {{- include "cluster.labels" $context | nindent 4 }}
 spec:
-  immediate: true
+  immediate: {{ .immediate | default true }}
-  suspend: {{ .suspend }}
+  suspend: {{ .suspend | default false }}
-  schedule: {{ .schedule | quote }}
+  schedule: {{ .schedule | quote | required "Schedule is required" }}
-  backupOwnerReference: {{ .backupOwnerReference }}
+  backupOwnerReference: {{ .backupOwnerReference | default "self" }}
   cluster:
     name: {{ include "cluster.name" $context }}-cluster
   method: plugin
   pluginConfiguration:
-    name: {{ .plugin }}
+    name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
     parameters:
       barmanObjectName: "{{ include "cluster.name" $context }}-{{ .backupName }}-backup"
 {{ end -}}

charts/postgres-cluster/values.yaml

@@ -271,7 +271,7 @@ recovery:
     # -- Overrides the provider specific default endpoint. Defaults to:
     # S3: https://s3.<region>.amazonaws.com"
     # Leave empty if using the default S3 endpoint
-    endpointURL: ""
+    endpointURL: "https://nyc3.digitaloceanspaces.com"
 
     # -- Specifies a CA bundle to validate a privately signed certificate.
     endpointCA:
@@ -418,7 +418,7 @@ recovery:
 backup:
 
   # -- You need to configure backups manually, so backups are disabled by default.
-  enabled: true
+  enabled: false
 
   # -- Method to create backups, options currently are only objectStore
   method: objectStore
@@ -485,25 +485,30 @@ backup:
     #     # -- Number of data files to be archived or restored in parallel.
     #     jobs: 1
 
-  scheduledBackups:
+  # -- List of scheduled backups
-    -
+  scheduledBackups: []
-      # -- Scheduled backup name
-      name: daily-backup
 
-      # -- Schedule in cron format
+    # -
-      schedule: "0 0 */3 * *"
+    #   # -- Scheduled backup name
+    #   name: daily-backup
 
-      # -- Temporarily stop scheduled backups from running
+    #   # -- Schedule in cron format
-      suspend: false
+    #   schedule: "0 0 0 * * *"
 
-      # -- Backup owner reference
+    #   # -- Start backup on deployment
-      backupOwnerReference: self
+    #   immediate: false
 
-      # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
+    #   # -- Temporarily stop scheduled backups from running
-      plugin: barman-cloud.cloudnative-pg.io
+    #   suspend: false
 
-      # -- Name of backup target
+    #   # -- Backup owner reference
-      backupName: external
+    #   backupOwnerReference: self
+
+    #   # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
+    #   plugin: barman-cloud.cloudnative-pg.io
+
+    #   # -- Name of backup target
+    #   backupName: external
 
 # -- List of PgBouncer poolers
 poolers: []