feat: increase default shared buffers

Reviewed-on: #207

charts/cloudflared/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.6.2
+  version: 5.0.0
-digest: sha256:35e8f4e5d15d878c246a04eb51de580291f31203fa10e9e4d2318f16026b2061
+digest: sha256:153788a98eab8a2e83bd456e1f6f3d53d1a3363bfe5bca07bd232d948e01a6b2
-generated: "2026-01-16T13:29:29.385123-06:00"
+generated: "2026-05-07T20:55:55.373128-05:00"

charts/cloudflared/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: cloudflared
-version: 2.6.0
+version: 3.3.0
 description: Cloudflared Tunnel
 keywords:
   - cloudflare
@@ -14,7 +14,7 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.6.2
+    version: 5.0.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/cloudflare.png
 # renovate: datasource=docker depName=cloudflare/cloudflared
-appVersion: 2026.3.0
+appVersion: 2026.5.0

charts/cloudflared/README.md

@@ -1,6 +1,6 @@
 # cloudflared
 
-![Version: 2.6.0](https://img.shields.io/badge/Version-2.6.0-informational?style=flat-square) ![AppVersion: 2026.3.0](https://img.shields.io/badge/AppVersion-2026.3.0-informational?style=flat-square)
+![Version: 3.2.2](https://img.shields.io/badge/Version-3.2.2-informational?style=flat-square) ![AppVersion: 2026.3.0](https://img.shields.io/badge/AppVersion-2026.3.0-informational?style=flat-square)
 
 Cloudflared Tunnel
 
@@ -20,14 +20,16 @@ Cloudflared Tunnel
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.2 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 5.0.0 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2026.3.0@sha256:6b599ca3e974349ead3286d178da61d291961182ec3fe9c505e1dd02c8ac31b0"}` | Default image |
+| metrics | object | `{"enabled":true}` | Metrics |
 | name | string | `""` | Name override of release |
+| protocol | string | `"auto"` | Protocol - Available values are auto, http2, and quic. |
 | resources | object | `{"requests":{"cpu":"1m","memory":"20Mi"}}` | Default resources |
 | secret | object | `{"existingSecret":{"key":"cf-tunnel-token","name":"cloudflared-secret"},"externalSecret":{"additionalLabels":{},"enabled":true,"nameOverride":"","store":{"name":"openbao","path":"/cloudflare/tunnels","property":"token"}}}` | Secret configuration |
 | secret.existingSecret | object | `{"key":"cf-tunnel-token","name":"cloudflared-secret"}` | Name of existing secret that contains Cloudflare token |

charts/cloudflared/templates/common.yaml

@@ -4,10 +4,14 @@
 global:
   nameOverride: {{ include "cloudflared.name" . }}
   fullNameOverride: {{ include "cloudflared.name" . }}
+  createDefaultServiceAccount: true
 controllers:
   main:
     type: deployment
+    replicas: 1
     strategy: Recreate
+    serviceAccount:
+      identifier: {{ .Release.Name }}
     containers:
       main:
         image:
@@ -17,8 +21,12 @@ controllers:
         args:
           - tunnel
           - --protocol
-          - http2
+          - {{ .Values.protocol }}
           - --no-autoupdate
+          {{- if .Values.metrics.enabled }}
+          - --metrics
+          - 0.0.0.0:20241
+          {{- end }}
           - run
           - --token
           - $(CF_MANAGED_TUNNEL_TOKEN)
@@ -30,9 +38,29 @@ controllers:
                 key: {{ include "secret.key" . }}
         resources:
           {{- with .Values.resources }}
-        resources:
           {{- toYaml . | nindent 10 }}
           {{ end }}
+{{- if .Values.metrics.enabled }}
+service:
+  main:
+    controller: main
+    ports:
+      metrics:
+        port: 20241
+        targetPort: 20241
+serviceMonitor:
+  main:
+    selector:
+      matchLabels:
+        app.kubernetes.io/name: {{ include "cloudflared.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Namespace }}
+    serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
+    endpoints:
+      - port: metrics
+        interval: 30s
+        scrapeTimeout: 10s
+        path: /metrics
+{{- end }}
 {{- end -}}
 {{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}
 

charts/cloudflared/values.yaml

@@ -1,6 +1,13 @@
 # -- Name override of release
 name: ""
 
+# -- Protocol - Available values are auto, http2, and quic.
+protocol: auto
+
+# -- Metrics
+metrics:
+  enabled: true
+
 # -- Secret configuration
 secret:
 
@@ -26,7 +33,7 @@ secret:
 # -- Default image
 image:
   repository: cloudflare/cloudflared
-  tag: 2026.3.0@sha256:6b599ca3e974349ead3286d178da61d291961182ec3fe9c505e1dd02c8ac31b0
+  tag: 2026.5.0@sha256:59bab8d3aceec09bf6bdb07d6beca0225ca5cd7ab79436a87ea97978fe1dc4f9
   pullPolicy: IfNotPresent
 
 # -- Default resources

charts/generic-device-plugin/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.6.2
+  version: 5.0.0
-digest: sha256:35e8f4e5d15d878c246a04eb51de580291f31203fa10e9e4d2318f16026b2061
+digest: sha256:153788a98eab8a2e83bd456e1f6f3d53d1a3363bfe5bca07bd232d948e01a6b2
-generated: "2026-01-16T13:29:01.760344-06:00"
+generated: "2026-05-07T20:58:40.139936-05:00"

charts/generic-device-plugin/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: generic-device-plugin
-version: 0.20.31
+version: 0.21.5
 description: Generic Device Plugin
 keywords:
   - generic-device-plugin
@@ -14,5 +14,5 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.6.2
+    version: 5.0.0
-appVersion: 0.20.17
+appVersion: 0.21.1

charts/generic-device-plugin/README.md

@@ -1,6 +1,6 @@
 # generic-device-plugin
 
-![Version: 0.20.31](https://img.shields.io/badge/Version-0.20.31-informational?style=flat-square) ![AppVersion: 0.20.17](https://img.shields.io/badge/AppVersion-0.20.17-informational?style=flat-square)
+![Version: 0.21.2](https://img.shields.io/badge/Version-0.21.2-informational?style=flat-square) ![AppVersion: 0.21.1](https://img.shields.io/badge/AppVersion-0.21.1-informational?style=flat-square)
 
 Generic Device Plugin
 
@@ -19,7 +19,7 @@ Generic Device Plugin
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.2 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 5.0.0 |
 
 ## Values
 
@@ -28,7 +28,7 @@ Generic Device Plugin
 | config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
 | config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
 | deviceDomain | string | `"devic.es"` | Domain used by devices for identifcation |
-| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:d9e098e33a20c32a561adb1ef8cace7d5912cd5ffb38f07dd9f83af4bdf38505"}` | Default image |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:7bc1ecec8472be1e5cf1ce534f0438a1d48cc3e2b4997cee924dac4d3dbfc3d3"}` | Default image |
 | name | string | `"generic-device-plugin"` | Name override of release |
 | resources | object | `{"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
 | service | object | `{"listenPort":8080}` | Service port |

charts/generic-device-plugin/values.yaml

@@ -4,7 +4,7 @@ name: generic-device-plugin
 # -- Default image
 image:
   repository: ghcr.io/squat/generic-device-plugin
-  tag: latest@sha256:d9e098e33a20c32a561adb1ef8cace7d5912cd5ffb38f07dd9f83af4bdf38505
+  tag: latest@sha256:dc192e164c69b03f156765793a1be62ca437709ae477b27ca7d8f3dcf5021576
   pullPolicy: Always
 
 # -- Domain used by devices for identifcation

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 7.12.1
+version: 7.13.1
 description: Cloudnative-pg Cluster
 keywords:
   - database
@@ -12,4 +12,4 @@ maintainers:
   - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
 # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-appVersion: v1.29.0
+appVersion: v1.29.1

charts/postgres-cluster/README.md

@@ -1,6 +1,6 @@
 # postgres-cluster
 
-![Version: 7.12.1](https://img.shields.io/badge/Version-7.12.1-informational?style=flat-square) ![AppVersion: v1.29.0](https://img.shields.io/badge/AppVersion-v1.29.0-informational?style=flat-square)
+![Version: 7.13.1](https://img.shields.io/badge/Version-7.13.1-informational?style=flat-square) ![AppVersion: v1.29.1](https://img.shields.io/badge/AppVersion-v1.29.1-informational?style=flat-square)
 
 Cloudnative-pg Cluster
 
@@ -24,7 +24,7 @@ Cloudnative-pg Cluster
 | backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
 | backup.objectStore | string | `nil` | Options for object store backups |
 | backup.scheduledBackups | list | `[]` | List of scheduled backups |
-| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.3-standard-trixie"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{"database":"app","owner":"app"},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":true,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"20m","memory":"80Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":"local-path"},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":"local-path"}}` | Cluster settings |
+| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.3-standard-trixie"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{"database":"app","owner":"app"},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":true,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"512MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"20m","memory":"80Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":"local-path"},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":"local-path"}}` | Cluster settings |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
 | cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
@@ -42,12 +42,13 @@ Cloudnative-pg Cluster
 | cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
 | cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
 | cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
+| cluster.monitoring.prometheusRule | object | `{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}` | Prometheus rule |
 | cluster.monitoring.prometheusRule.enabled | bool | `true` | Whether to enable the PrometheusRule automated alerts |
 | cluster.monitoring.prometheusRule.excludeRules | list | `["CNPGClusterLastFailedArchiveTimeWarning"]` | Exclude specified rules |
 | cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
-| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
+| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"512MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
 | cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
-| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
+| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"512MB"}` | PostgreSQL configuration options (postgresql.conf) |
 | cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
 | cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
 | cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |

charts/postgres-cluster/template.yaml

@@ -0,0 +1,346 @@
+---
+# Source: postgres-cluster/templates/cluster.yaml
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: release-name-postgresql-18-cluster
+  namespace: gitea
+  labels:
+    app.kubernetes.io/name: release-name-postgresql-18-cluster
+    helm.sh/chart: postgres-cluster-7.13.1
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: release-name
+    app.kubernetes.io/version: "7.13.1"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  instances: 3
+  imageName: "ghcr.io/cloudnative-pg/postgresql:18.3-standard-trixie"
+  imagePullPolicy: IfNotPresent
+  postgresUID: 26
+  postgresGID: 26
+  storage:
+    size: 10Gi
+    storageClass: local-path
+  walStorage:
+    size: 2Gi
+    storageClass: local-path
+  resources:
+    limits:
+      hugepages-2Mi: 256Mi
+    requests:
+      cpu: 20m
+      memory: 80Mi
+  affinity:
+    enablePodAntiAffinity: true
+    topologyKey: kubernetes.io/hostname
+  primaryUpdateMethod: switchover
+  primaryUpdateStrategy: unsupervised
+  logLevel: info
+  enableSuperuserAccess: false
+  enablePDB: true
+  postgresql:
+    parameters:
+      hot_standby_feedback: "on"
+      max_slot_wal_keep_size: 2000MB
+      shared_buffers: 128MB
+  monitoring:
+    enablePodMonitor: false
+    disableDefaultQueries: false
+
+  bootstrap:
+    initdb:
+      database: app
+      owner: app
+---
+# Source: postgres-cluster/templates/pod-monitor.yaml
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: release-name-postgresql-18
+  namespace: gitea
+  labels:
+    app.kubernetes.io/name: release-name-postgresql-18
+    helm.sh/chart: postgres-cluster-7.13.1
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: release-name
+    app.kubernetes.io/version: "7.13.1"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      cnpg.io/cluster: release-name-postgresql-18
+      cnpg.io/podRole: instance
+  podMetricsEndpoints:
+    - port: metrics
+---
+# Source: postgres-cluster/templates/prometheus-rule.yaml
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: release-name-postgresql-18-alert-rules
+  namespace: gitea
+  labels:
+    app.kubernetes.io/name: release-name-postgresql-18-alert-rules
+    helm.sh/chart: postgres-cluster-7.13.1
+    app.kubernetes.io/instance: release-name
+    app.kubernetes.io/part-of: release-name
+    app.kubernetes.io/version: "7.13.1"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  groups:
+    - name: cloudnative-pg/release-name-postgresql-18
+      rules:
+        - alert: CNPGClusterBackendsWaitingWarning
+          annotations:
+            summary: CNPG Cluster a backend is waiting for longer than 5 minutes.
+            description: |-
+              Pod {{ $labels.pod }}
+              has been waiting for longer than 5 minutes
+          expr: |
+            cnpg_backends_waiting_total{namespace="gitea"} > 300
+          for: 1m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterDatabaseDeadlockConflictsWarning
+          annotations:
+            summary: CNPG Cluster has over 10 deadlock conflicts.
+            description: |-
+              There are over 10 deadlock conflicts in
+              {{ $labels.pod }}
+          expr: |
+            cnpg_pg_stat_database_deadlocks{namespace="gitea"} > 10
+          for: 1m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterHACritical
+          annotations:
+            summary: CNPG Cluster has no standby replicas!
+            description: |-
+              CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has no ready standby replicas. Your cluster at a severe
+              risk of data loss and downtime if the primary instance fails.
+
+              The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint
+              will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main.
+
+              This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less
+              instances. The replaced instance may need some time to catch-up with the cluster primary instance.
+
+              This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this
+              case you may want to silence it.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
+          expr: |
+            max by (job) (cnpg_pg_replication_streaming_replicas{namespace="gitea"} - cnpg_pg_replication_is_wal_receiver_up{namespace="gitea"}) < 1
+          for: 5m
+          labels:
+            severity: critical
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterHAWarning
+          annotations:
+            summary: CNPG Cluster less than 2 standby replicas.
+            description: |-
+              CloudNativePG Cluster "{{`{{`}} $labels.job {{`}}`}}" has only {{`{{`}} $value {{`}}`}} standby replicas, putting
+              your cluster at risk if another instance fails. The cluster is still able to operate normally, although
+              the `-ro` and `-r` endpoints operate at reduced capacity.
+
+              This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may
+              need some time to catch-up with the cluster primary instance.
+
+              This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances.
+              In this case you may want to silence it.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
+          expr: |
+            max by (job) (cnpg_pg_replication_streaming_replicas{namespace="gitea"} - cnpg_pg_replication_is_wal_receiver_up{namespace="gitea"}) < 2
+          for: 5m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterHighConnectionsCritical
+          annotations:
+            summary: CNPG Instance maximum number of connections critical!
+            description: |-
+              CloudNativePG Cluster "gitea/release-name-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of
+              the maximum number of connections.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
+          expr: |
+            sum by (pod) (cnpg_backends_total{namespace="gitea", pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="gitea", pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 95
+          for: 5m
+          labels:
+            severity: critical
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterHighConnectionsWarning
+          annotations:
+            summary: CNPG Instance is approaching the maximum number of connections.
+            description: |-
+              CloudNativePG Cluster "gitea/release-name-postgresql-18-cluster" instance {{`{{`}} $labels.pod {{`}}`}} is using {{`{{`}} $value {{`}}`}}% of
+              the maximum number of connections.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
+          expr: |
+            sum by (pod) (cnpg_backends_total{namespace="gitea", pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="gitea", pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}) * 100 > 80
+          for: 5m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterHighReplicationLag
+          annotations:
+            summary: CNPG Cluster high replication lag
+            description: |-
+              CloudNativePG Cluster "gitea/release-name-postgresql-18-cluster" is experiencing a high replication lag of
+              {{`{{`}} $value {{`}}`}}ms.
+
+              High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
+          expr: |
+            max(cnpg_pg_replication_lag{namespace="gitea",pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}) * 1000 > 1000
+          for: 5m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterInstancesOnSameNode
+          annotations:
+            summary: CNPG Cluster instances are located on the same node.
+            description: |-
+              CloudNativePG Cluster "gitea/release-name-postgresql-18-cluster" has {{`{{`}} $value {{`}}`}}
+              instances on the same node {{`{{`}} $labels.node {{`}}`}}.
+
+              A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
+          expr: |
+            count by (node) (kube_pod_info{namespace="gitea", pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}) > 1
+          for: 5m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterLongRunningTransactionWarning
+          annotations:
+            summary: CNPG Cluster query is taking longer than 5 minutes.
+            description: |-
+              CloudNativePG Cluster Pod {{ $labels.pod }}
+              is taking more than 5 minutes (300 seconds) for a query.
+          expr: |-
+            cnpg_backends_max_tx_duration_seconds{namespace="gitea"} > 300
+          for: 1m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterLowDiskSpaceCritical
+          annotations:
+            summary: CNPG Instance is running out of disk space!
+            description: |-
+              CloudNativePG Cluster "gitea/release-name-postgresql-18-cluster" is running extremely low on disk space. Check attached PVCs!
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
+          expr: |
+            max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.9 OR
+            max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.9 OR
+            max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
+                /
+                sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
+                *
+                on(namespace, persistentvolumeclaim) group_left(volume)
+                kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}
+            ) > 0.9
+          for: 5m
+          labels:
+            severity: critical
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterLowDiskSpaceWarning
+          annotations:
+            summary: CNPG Instance is running out of disk space.
+            description: |-
+              CloudNativePG Cluster "gitea/release-name-postgresql-18-cluster" is running low on disk space. Check attached PVCs.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
+          expr: |
+            max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"} / kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"})) > 0.7 OR
+            max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$-wal"} / kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$-wal"})) > 0.7 OR
+            max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
+                /
+                sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="gitea", persistentvolumeclaim=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$-tbs.*"})
+                *
+                on(namespace, persistentvolumeclaim) group_left(volume)
+                kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}
+            ) > 0.7
+          for: 5m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterOffline
+          annotations:
+            summary: CNPG Cluster has no running instances!
+            description: |-
+              CloudNativePG Cluster "gitea/release-name-postgresql-18-cluster" has no ready instances.
+
+              Having an offline cluster means your applications will not be able to access the database, leading to
+              potential service disruption and/or data loss.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
+          expr: |
+            (count(cnpg_collector_up{namespace="gitea",pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"}) OR on() vector(0)) == 0
+          for: 5m
+          labels:
+            severity: critical
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterPGDatabaseXidAgeWarning
+          annotations:
+            summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
+            description: |-
+              Over 300,000,000 transactions from frozen xid
+              on pod {{ $labels.pod }}
+          expr: |
+            cnpg_pg_database_xid_age{namespace="gitea"} > 300000000
+          for: 1m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterPGReplicationWarning
+          annotations:
+            summary: CNPG Cluster standby is lagging behind the primary.
+            description: |-
+              Standby is lagging behind by over 300 seconds (5 minutes)
+          expr: |
+            cnpg_pg_replication_lag{namespace="gitea"} > 300
+          for: 1m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterReplicaFailingReplicationWarning
+          annotations:
+            summary: CNPG Cluster has a replica is failing to replicate.
+            description: |-
+              Replica {{ $labels.pod }}
+              is failing to replicate
+          expr: |
+            cnpg_pg_replication_in_recovery{namespace="gitea"} > cnpg_pg_replication_is_wal_receiver_up{namespace="gitea"}
+          for: 1m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster
+        - alert: CNPGClusterZoneSpreadWarning
+          annotations:
+            summary: CNPG Cluster instances in the same zone.
+            description: |-
+              CloudNativePG Cluster "gitea/release-name-postgresql-18-cluster" has instances in the same availability zone.
+
+              A disaster in one availability zone will lead to a potential service disruption and/or data loss.
+            runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
+          expr: |
+            3 > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="gitea", pod=~"release-name-postgresql-18-cluster-([1-9][0-9]*)$"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
+          for: 5m
+          labels:
+            severity: warning
+            namespace: gitea
+            cnpg_cluster: release-name-postgresql-18-cluster

charts/postgres-cluster/templates/_bootstrap.tpl

@@ -1,5 +1,4 @@
-{{- define "cluster.bootstrap" -}}
+{{- define "cluster.bootstrap" }}
-
 {{- if eq .Values.mode "standalone" }}
 bootstrap:
   initdb:
@@ -16,13 +15,11 @@ bootstrap:
       {{- with .Values.cluster.initdb }}
       {{- range .postInitApplicationSQL }}
       {{- printf "- %s" . | nindent 6 }}
-        {{- end -}}
       {{- end }}
       {{- end }}
-
+    {{- end }}
-{{- else if eq .Values.mode "recovery" -}}
+{{- else if eq .Values.mode "recovery" }}
 bootstrap:
-
   {{- if eq .Values.recovery.method "import" }}
   initdb:
     {{- with .Values.cluster.initdb }}
@@ -66,7 +63,6 @@ bootstrap:
       pgRestoreExtraOptions:
         {{- . | toYaml | nindent 8 }}
       {{- end }}
-
   {{- else if eq .Values.recovery.method "backup" }}
   recovery:
     {{- with .Values.recovery.backup.pitrTarget.time }}
@@ -81,7 +77,6 @@ bootstrap:
     {{- end }}
     backup:
       name: {{ .Values.recovery.backup.backupName }}
-
   {{- else if eq .Values.recovery.method "objectStore" }}
   recovery:
     {{- with .Values.recovery.objectStore.pitrTarget.time }}
@@ -95,13 +90,10 @@ bootstrap:
     owner: {{ . }}
     {{- end }}
     source: {{ include "cluster.recoveryServerName" . }}
-
   {{- else }}
     {{ fail "Invalid recovery mode!" }}
   {{- end }}
-
 {{- else }}
   {{ fail "Invalid cluster mode!" }}
 {{- end }}
-
 {{- end }}

charts/postgres-cluster/templates/_external_clusters.tpl

@@ -1,4 +1,4 @@
-{{- define "cluster.externalClusters" -}}
+{{- define "cluster.externalClusters" }}
 {{- if eq .Values.mode "standalone" }}
 {{- else if eq .Values.mode "recovery" }}
 externalClusters:
@@ -18,4 +18,4 @@ externalClusters:
 {{- else }}
   {{ fail "Invalid cluster mode!" }}
 {{- end }}
-{{ end }}
+{{- end }}

charts/postgres-cluster/templates/_external_source_cluster.tpl

@@ -30,4 +30,4 @@
     name: {{ $config.sslRootCertSecret.name }}
     key: {{ $config.sslRootCertSecret.key }}
   {{- end }}
-{{- end }}
+{{- end -}}

charts/postgres-cluster/templates/cluster.yaml

@@ -35,7 +35,7 @@ spec:
   {{- with .Values.cluster.resources }}
   resources:
     {{- toYaml . | nindent 4 }}
-  {{ end }}
+  {{- end }}
   {{- with .Values.cluster.affinity }}
   affinity:
     {{- toYaml . | nindent 4 }}
@@ -43,7 +43,6 @@ spec:
   {{- if .Values.cluster.priorityClassName }}
   priorityClassName: {{ .Values.cluster.priorityClassName }}
   {{- end }}
-
   primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
   primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
   logLevel: {{ .Values.cluster.logLevel }}
@@ -57,7 +56,6 @@ spec:
     name: {{ . }}
   {{ end }}
   enablePDB: {{ .Values.cluster.enablePDB }}
-
   postgresql:
     {{- if .Values.cluster.postgresql.shared_preload_libraries }}
     shared_preload_libraries:
@@ -85,7 +83,6 @@ spec:
     parameters:
       {{- toYaml . | nindent 6 }}
     {{- end }}
-
   {{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
   managed:
     {{- with .Values.cluster.services }}
@@ -97,14 +94,12 @@ spec:
       {{- toYaml . | nindent 6 }}
     {{ end }}
   {{- end }}
-
   {{- with .Values.cluster.serviceAccountTemplate }}
   serviceAccountTemplate:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-
   monitoring:
-    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+    enablePodMonitor: false
     disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
     {{- if not (empty .Values.cluster.monitoring.customQueries) }}
     customQueriesConfigMap:
@@ -127,9 +122,9 @@ spec:
     {{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
     podMonitorMetricRelabelings:
       {{- toYaml . | nindent 6 }}
-    {{ end }}
     {{- end }}
-
+    {{- end }}
+  {{- if not (empty .Values.backup.objectStore) -}}
   plugins:
   {{- range $objectStore := .Values.backup.objectStore }}
     - name: barman-cloud.cloudnative-pg.io
@@ -146,7 +141,7 @@ spec:
         {{- else }}
         serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
         {{- end }}
-  {{- end }}
+  {{- end -}}
-
+  {{- end -}}
-  {{ include "cluster.bootstrap" . | nindent 2 }}
+  {{- include "cluster.bootstrap" . | nindent 2 -}}
-  {{ include "cluster.externalClusters" . | nindent 2 }}
+  {{- include "cluster.externalClusters" . | nindent 2 -}}

charts/postgres-cluster/templates/external-secret.yaml

@@ -1,6 +1,6 @@
-{{ if and (eq .Values.backup.method "objectStore") (.Values.backup.externalSecret.enabled) }}
+{{- if and (eq .Values.backup.method "objectStore") (.Values.backup.externalSecret.enabled) }}
-{{ $context := . -}}
+{{- $context := . }}
-{{ range .Values.backup.objectStore -}}
+{{- range .Values.backup.objectStore }}
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
@@ -30,8 +30,8 @@ spec:
       remoteRef:
         key: {{ .externalSecretCredentialPath| required "External Secret Credential local path is required" }}
         property: ACCESS_SECRET_KEY
-{{ end -}}
+{{- end }}
-{{ end }}
+{{- end }}
 
 {{- if and (eq .Values.recovery.method "objectStore") (.Values.recovery.objectStore.externalSecret.enabled) }}
 ---

charts/postgres-cluster/templates/object-store.yaml

@@ -1,6 +1,6 @@
-{{ if (eq .Values.backup.method "objectStore") }}
+{{- if (eq .Values.backup.method "objectStore") }}
-{{ $context := . -}}
+{{- $context := . }}
-{{ range .Values.backup.objectStore -}}
+{{- range .Values.backup.objectStore }}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
@@ -57,10 +57,9 @@ spec:
       region:
         name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
         key: ACCESS_REGION
-{{ end -}}
+{{- end }}
-{{ end }}
+{{- end }}
-
+{{- if eq .Values.recovery.method "objectStore" }}
-{{ if eq .Values.recovery.method "objectStore" }}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
@@ -104,4 +103,4 @@ spec:
       region:
         name: {{ include "cluster.recoverySecretName" . }}
         key: ACCESS_REGION
-{{ end }}
+{{- end }}

charts/postgres-cluster/templates/pod-monitor.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: {{ include "cluster.name" $ }}
+  namespace: {{ include "cluster.namespace" $ }}
+  labels:
+    app.kubernetes.io/name: {{ include "cluster.name" $ }}
+    {{- include "cluster.labels" $ | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      cnpg.io/cluster: {{ include "cluster.name" $ }}
+      cnpg.io/podRole: instance
+  podMetricsEndpoints:
+    - port: metrics
+{{- end }}

charts/postgres-cluster/templates/poolers.yaml

@@ -47,6 +47,6 @@ spec:
   {{- end }}
   {{- with .template }}
   template:
-    {{- . | toYaml | nindent 4 }}
+    {{ . | toYaml | nindent 4 }}
   {{- end }}
 {{- end }}

charts/postgres-cluster/templates/prometheus-rule.yaml

@@ -1,4 +1,5 @@
-{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled -}}
+{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled }}
+---
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
@@ -25,4 +26,4 @@ spec:
         - {{ $tpl }}
         {{- end -}}
         {{- end }}
-{{ end }}
+{{- end }}

charts/postgres-cluster/templates/scheduled-backup.yaml

@@ -1,5 +1,5 @@
-{{ $context := . -}}
+{{- $context := . }}
-{{ range .Values.backup.scheduledBackups -}}
+{{- range .Values.backup.scheduledBackups }}
 ---
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
@@ -21,4 +21,4 @@ spec:
     name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
     parameters:
       barmanObjectName: "{{ include "cluster.name" $context }}-backup-{{ .backupName }}"
-{{ end -}}
+{{- end }}

charts/postgres-cluster/values.yaml

@@ -127,6 +127,7 @@ cluster:
       # Applied to samples before ingestion.
       metricRelabelings: []
 
+    # -- Prometheus rule
     prometheusRule:
 
       # -- Whether to enable the PrometheusRule automated alerts
@@ -164,7 +165,7 @@ cluster:
 
     # -- PostgreSQL configuration options (postgresql.conf)
     parameters:
-      shared_buffers: 128MB
+      shared_buffers: 512MB
       max_slot_wal_keep_size: 2000MB
       hot_standby_feedback: "on"
 

charts/rclone-bucket/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.6.2
+  version: 5.0.0
-digest: sha256:35e8f4e5d15d878c246a04eb51de580291f31203fa10e9e4d2318f16026b2061
+digest: sha256:153788a98eab8a2e83bd456e1f6f3d53d1a3363bfe5bca07bd232d948e01a6b2
-generated: "2026-04-25T20:40:50.27544-05:00"
+generated: "2026-05-07T20:56:33.260732-05:00"

charts/rclone-bucket/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: rclone-bucket
-version: 0.3.0
+version: 0.11.3
 description: Rclone CronJob to replicate buckets
 keywords:
   - rclone-bucket
@@ -14,7 +14,7 @@ maintainers:
 dependencies:
   - name: common
     repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.6.2
+    version: 5.0.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
 # renovate: datasource=github-releases depName=rclone/rclone
-appVersion: v1.73.5
+appVersion: v1.74.1

charts/rclone-bucket/README.md

@@ -1,6 +1,6 @@
 # rclone-bucket
 
-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: v1.73.5](https://img.shields.io/badge/AppVersion-v1.73.5-informational?style=flat-square)
+![Version: 0.11.3](https://img.shields.io/badge/Version-0.11.3-informational?style=flat-square) ![AppVersion: v1.74.1](https://img.shields.io/badge/AppVersion-v1.74.1-informational?style=flat-square)
 
 Rclone CronJob to replicate buckets
 
@@ -19,7 +19,7 @@ Rclone CronJob to replicate buckets
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.2 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 5.0.0 |
 
 ## Values
 
@@ -27,9 +27,11 @@ Rclone CronJob to replicate buckets
 |-----|------|---------|-------------|
 | additionalLabels | object | `{}` | Add additional labels |
 | cronJob | object | `{"backoffLimit":3,"parallelism":1,"schedule":"0 0 * * *","suspend":false,"timeZone":"America/Chicago"}` | CronJob configuration |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"rclone/rclone","tag":"1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96"}` | Default image |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"rclone/rclone","tag":"1.74.1@sha256:eb8788b795f0009324e9572b0e2acb9b56885327c2746b07d67a9d3b893a6602"}` | Default image |
+| metrics | object | `{"enabled":true}` | Metrics |
 | nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
-| prune | object | `{"ageToPrune":"90d","enabled":false}` | Enable prune job |
+| prometheusRule | object | `{"enabled":true}` | Prometheus Rule |
+| prune | object | `{"ageToPrune":"90d","enabled":false,"exclude":"","include":""}` | Enable prune job |
 | rclone | object | `{"destination":{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"},"providerType":"Other","source":{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"}}` | rclone configuration |
 | rclone.destination | object | `{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"}` | Destination configuration |
 | rclone.source | object | `{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"}` | Source configuration |

charts/rclone-bucket/templates/_helpers.tpl

@@ -43,35 +43,35 @@ Generate the secret name
 {{/*
 Common env names
 */}}
-{{- define "secret.envAccessKey" -}}
+{{- define "secretRclone.envAccessKey" -}}
 ACCESS_KEY_ID
 {{- end }}
-{{- define "secret.envSecretKey" -}}
+{{- define "secretRclone.envSecretKey" -}}
 ACCESS_SECRET_KEY
 {{- end }}
-{{- define "secret.envRegion" -}}
+{{- define "secretRclone.envRegion" -}}
 ACCESS_REGION
 {{- end }}
-{{- define "secret.envSrcEndpoint" -}}
+{{- define "secretRclone.envSrcEndpoint" -}}
 SRC_ENDPOINT
 {{- end }}
-{{- define "secret.envDestEndpoint" -}}
+{{- define "secretRclone.envDestEndpoint" -}}
 DEST_ENDPOINT
 {{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "secret.chart" -}}
+{{- define "rclone.chart" -}}
   {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "secret.labels" -}}
+{{- define "rclone.labels" -}}
-helm.sh/chart: {{ include "secret.chart" $ }}
+helm.sh/chart: {{ include "rclone.chart" $ }}
-{{ include "secret.selectorLabels" $ }}
+{{ include "rclone.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.Version | quote }}
 {{- end }}
@@ -84,7 +84,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "secret.selectorLabels" -}}
+{{- define "rclone.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}

charts/rclone-bucket/templates/common.yaml

@@ -4,6 +4,7 @@
 global:
   nameOverride: {{ include "rclone.name" . }}
   fullNameOverride: {{ include "rclone.name" . }}
+  createDefaultServiceAccount: true
 controllers:
   main:
     type: cronjob
@@ -11,6 +12,8 @@ controllers:
     cronjob:
       {{- toYaml . | nindent 6 }}
     {{ end }}
+    serviceAccount:
+      identifier: {{ .Release.Name }}
     containers:
       sync:
         image:
@@ -23,8 +26,22 @@ controllers:
           - dest:{{ .Values.rclone.destination.bucketName }}
           - --s3-no-check-bucket
           {{- if .Values.prune.enabled }}
-          - --min-age
+          - --max-age
-          - {{ .Values.prune.ageToPrune }}
+          - {{ .Values.prune.ageToPrune | quote }}
+          {{- end }}
+          {{- if .Values.prune.include }}
+          - --include
+          - {{ .Values.prune.include | quote }}
+          {{- end }}
+          {{- if .Values.prune.exclude }}
+          - --exclude
+          - {{ .Values.prune.exclude | quote }}
+          {{- end }}
+          {{- if .Values.metrics.enabled }}
+          - --rc
+          - --rc-addr=0.0.0.0:5572
+          - --rc-enable-metrics
+          - --rc-no-auth
           {{- end }}
           - --verbose
         env:
@@ -35,57 +52,57 @@ controllers:
           - name: RCLONE_CONFIG_SRC_PROVIDER
             value: {{ .Values.rclone.source.providerType }}
           - name: RCLONE_CONFIG_SRC_ENV_AUTH
-            value: false
+            value: "false"
           - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secret.envAccessKey" . }}
+                key: {{ include "secretRclone.envAccessKey" . }}
           - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secret.envSecretKey" . }}
+                key: {{ include "secretRclone.envSecretKey" . }}
           - name: RCLONE_CONFIG_SRC_REGION
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secret.envRegion" . }}
+                key: {{ include "secretRclone.envRegion" . }}
           - name: RCLONE_CONFIG_SRC_ENDPOINT
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secret.envSrcEndpoint" . }}
+                key: {{ include "secretRclone.envSrcEndpoint" . }}
-          - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
+          - name: RCLONE_CONFIG_SRC_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.source.forcePathStyle }}
+            value: {{ .Values.rclone.source.forcePathStyle | quote }}
           - name: RCLONE_CONFIG_DEST_TYPE
             value: s3
           - name: RCLONE_CONFIG_DEST_PROVIDER
             value: {{ .Values.rclone.destination.providerType }}
           - name: RCLONE_CONFIG_DEST_ENV_AUTH
-            value: false
+            value: "false"
           - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envAccessKey" . }}
+                key: {{ include "secretRclone.envAccessKey" . }}
           - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envSecretKey" . }}
+                key: {{ include "secretRclone.envSecretKey" . }}
           - name: RCLONE_CONFIG_DEST_REGION
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envRegion" . }}
+                key: {{ include "secretRclone.envRegion" . }}
           - name: RCLONE_CONFIG_DEST_ENDPOINT
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envDestEndpoint" . }}
+                key: {{ include "secretRclone.envDestEndpoint" . }}
-          - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
+          - name: RCLONE_CONFIG_DEST_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.destination.forcePathStyle }}
+            value: {{ .Values.rclone.destination.forcePathStyle | quote }}
       {{- if .Values.prune.enabled }}
       prune:
         image:
@@ -96,38 +113,72 @@ controllers:
           - delete
           - dest:{{ .Values.rclone.destination.bucketName }}
           - --min-age
-          - {{ .Values.prune.ageToPrune }}
+          - {{ .Values.prune.ageToPrune | quote }}
           - --verbose
+          {{- if .Values.metrics.enabled }}
+          - --rc
+          - --rc-addr=0.0.0.0:5573
+          - --rc-enable-metrics
+          - --rc-no-auth
+          {{- end }}
         env:
           - name: RCLONE_CONFIG_DEST_TYPE
             value: s3
           - name: RCLONE_CONFIG_DEST_PROVIDER
             value: {{ .Values.rclone.destination.providerType }}
           - name: RCLONE_CONFIG_DEST_ENV_AUTH
-            value: false
+            value: "false"
           - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envAccessKey" . }}
+                key: {{ include "secretRclone.envAccessKey" . }}
           - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envSecretKey" . }}
+                key: {{ include "secretRclone.envSecretKey" . }}
           - name: RCLONE_CONFIG_DEST_REGION
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envRegion" . }}
+                key: {{ include "secretRclone.envRegion" . }}
           - name: RCLONE_CONFIG_DEST_ENDPOINT
             valueFrom:
               secretKeyRef:
                 name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secret.envDestEndpoint" . }}
+                key: {{ include "secretRclone.envDestEndpoint" . }}
-          - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
+          - name: RCLONE_CONFIG_DEST_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.destination.forcePathStyle }}
+            value: {{ .Values.rclone.destination.forcePathStyle | quote }}
       {{- end }}
+{{- if .Values.metrics.enabled }}
+service:
+  main:
+    controller: main
+    ports:
+      rc-sync:
+        port: 5572
+        targetPort: 5572
+      rc-prune:
+        port: 5573
+        targetPort: 5573
+serviceMonitor:
+  main:
+    selector:
+      matchLabels:
+        app.kubernetes.io/name: {{ include "rclone.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Namespace }}
+    serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
+    endpoints:
+      - port: rc-sync
+        interval: 10s
+        scrapeTimeout: 5s
+        path: /metrics
+      - port: rc-prune
+        interval: 10s
+        scrapeTimeout: 5s
+        path: /metrics
+{{- end }}
 {{- end -}}
 {{- $_ := mergeOverwrite .Values (include "rclone.hardcodedValues" . | fromYaml) -}}
 

charts/rclone-bucket/templates/external-secret.yaml

@@ -6,7 +6,7 @@ metadata:
   name: {{ include "rclone.sourceSecretName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "secret.labels" . | nindent 4 }}
+    {{- include "rclone.labels" . | nindent 4 }}
     app.kubernetes.io/name: {{ include "rclone.sourceSecretName" . }}
     {{- with .Values.additionalLabels }}
     {{- toYaml . | nindent 4 }}
@@ -16,19 +16,19 @@ spec:
     kind: ClusterSecretStore
     name: {{ .Values.secret.externalSecret.storeName | required "External Secret store name is required" }}
   data:
-    - secretKey: {{ include "secret.envAccessKey" . }}
+    - secretKey: {{ include "secretRclone.envAccessKey" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.source.credentials.path }}
         property: {{ .Values.secret.externalSecret.source.credentials.keyIdProperty }}
-    - secretKey: {{ include "secret.envSecretKey" . }}
+    - secretKey: {{ include "secretRclone.envSecretKey" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.source.credentials.path }}
         property: {{ .Values.secret.externalSecret.source.credentials.secretKeyProperty }}
-    - secretKey: {{ include "secret.envRegion" . }}
+    - secretKey: {{ include "secretRclone.envRegion" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.source.credentials.path }}
         property: {{ .Values.secret.externalSecret.source.credentials.regionProperty }}
-    - secretKey: {{ include "secret.envSrcEndpoint" . }}
+    - secretKey: {{ include "secretRclone.envSrcEndpoint" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.source.config.path }}
         property: {{ .Values.secret.externalSecret.source.config.endpointProperty }}
@@ -40,7 +40,7 @@ metadata:
   name: {{ include "rclone.destinationSecretName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "secret.labels" . | nindent 4 }}
+    {{- include "rclone.labels" . | nindent 4 }}
     app.kubernetes.io/name: {{ include "rclone.destinationSecretName" . }}
     {{- with .Values.additionalLabels }}
     {{- toYaml . | nindent 4 }}
@@ -50,19 +50,19 @@ spec:
     kind: ClusterSecretStore
     name: {{ .Values.secret.externalSecret.storeName | required "External Secret store name is required" }}
   data:
-    - secretKey: {{ include "secret.envAccessKey" . }}
+    - secretKey: {{ include "secretRclone.envAccessKey" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.destination.credentials.path }}
         property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
-    - secretKey: {{ include "secret.envSecretKey" . }}
+    - secretKey: {{ include "secretRclone.envSecretKey" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.destination.credentials.path }}
-        property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
+        property: {{ .Values.secret.externalSecret.destination.credentials.secretKeyProperty }}
-    - secretKey: {{ include "secret.envRegion" . }}
+    - secretKey: {{ include "secretRclone.envRegion" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.destination.credentials.path }}
-        property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
+        property: {{ .Values.secret.externalSecret.destination.credentials.regionProperty }}
-    - secretKey: {{ include "secret.envDestEndpoint" . }}
+    - secretKey: {{ include "secretRclone.envDestEndpoint" . }}
       remoteRef:
         key: {{ .Values.secret.externalSecret.destination.config.path }}
         property: {{ .Values.secret.externalSecret.destination.config.endpointProperty }}

charts/rclone-bucket/templates/prometheus-rule.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.prometheusRule.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "rclone.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "rclone.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "rclone.name" . }}
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  groups:
+    - name: rclone.alerts
+      rules:
+        - alert: RclonePodFailed
+          expr: |
+            (kube_pod_container_status_last_terminated_exitcode > 0)
+            * on(pod, namespace) group_left(owner_name)
+            kube_pod_owner{owner_kind="Job", owner_name=~"rclone-.*"}
+          for: 1m
+          labels:
+            severity: critical
+          annotations:
+            summary: "Rclone Pod failed in {{ `{{ $labels.namespace }}` }}"
+            description: |
+              A pod for the Rclone sync of s3 bucket '{{ .Values.rclone.source.bucketName }}' failed with exit code {{ `{{ $value }}` }}.
+              Job: {{ `{{ $labels.owner_name }}` }}
+              Namespace: {{ `{{ $labels.namespace }}` }}
+{{- end }}

charts/rclone-bucket/values.yaml

@@ -7,7 +7,7 @@ additionalLabels: {}
 # -- Default image
 image:
   repository: rclone/rclone
-  tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
+  tag: 1.74.1@sha256:eb8788b795f0009324e9572b0e2acb9b56885327c2746b07d67a9d3b893a6602
   pullPolicy: IfNotPresent
 
 # -- CronJob configuration
@@ -38,6 +38,8 @@ rclone:
 prune:
   enabled: false
   ageToPrune: 90d
+  include: ""
+  exclude: ""
 
 # -- Secret configuration
 secret:
@@ -80,3 +82,11 @@ secret:
 
   existingSecretDestination:
     name: rclone-destination-secret
+
+# -- Metrics
+metrics:
+  enabled: true
+
+# -- Prometheus Rule
+prometheusRule:
+  enabled: true

charts/valkey/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: valkey
-version: 0.6.1
+version: 0.8.0
 description: Valkey chart with preconfigured settings
 keywords:
   - valkey
@@ -19,4 +19,4 @@ dependencies:
     version: 0.9.4
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/valkey.png
 # renovate: datasource=github-releases depName=valkey-io/valkey
-appVersion: 9.0.3
+appVersion: 9.0.4

charts/valkey/README.md

@@ -1,6 +1,6 @@
 # valkey
 
-![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![AppVersion: 9.0.3](https://img.shields.io/badge/AppVersion-9.0.3-informational?style=flat-square)
+![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 9.0.4](https://img.shields.io/badge/AppVersion-9.0.4-informational?style=flat-square)
 
 Valkey chart with preconfigured settings
 
@@ -35,11 +35,11 @@ Valkey chart with preconfigured settings
 | valkey.dataStorage.requestedSize | string | `"1Gi"` |  |
 | valkey.image.registry | string | `"docker.io"` |  |
 | valkey.image.repository | string | `"valkey/valkey"` |  |
-| valkey.image.tag | string | `"9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9"` |  |
+| valkey.image.tag | string | `"9.0.4@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193"` |  |
 | valkey.metrics.enabled | bool | `true` |  |
 | valkey.metrics.exporter.image.registry | string | `"ghcr.io"` |  |
 | valkey.metrics.exporter.image.repository | string | `"oliver006/redis_exporter"` |  |
-| valkey.metrics.exporter.image.tag | string | `"v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03"` |  |
+| valkey.metrics.exporter.image.tag | string | `"v1.83.0@sha256:e8c209894d4c0cc55b1259ddd47e0b769ad1ff864b356736ee885462a3b0e48c"` |  |
 | valkey.metrics.exporter.resources.requests.cpu | string | `"1m"` |  |
 | valkey.metrics.exporter.resources.requests.memory | string | `"10M"` |  |
 | valkey.metrics.podMonitor.enabled | bool | `true` |  |

charts/valkey/values.yaml

@@ -3,7 +3,7 @@ valkey:
   image:
     registry: docker.io
     repository: valkey/valkey
-    tag: 9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
+    tag: 9.0.4@sha256:8436e10bc65c94886a91d4415b6a6dfa9cb5a306fb3b996e5bb67cd2b4854193
   serviceAccount:
     create: true
   resources:
@@ -31,7 +31,7 @@ valkey:
       image:
         registry: ghcr.io
         repository: oliver006/redis_exporter
-        tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03
+        tag: v1.83.0@sha256:e8c209894d4c0cc55b1259ddd47e0b769ad1ff864b356736ee885462a3b0e48c
       resources:
         requests:
           cpu: 1m

charts/volsync-target/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: volsync-target
-version: 1.0.0
+version: 2.0.0
 description: Volsync Replication set to target specific PVC with preconfigured settings
 keywords:
   - volsync-target

charts/volsync-target/README.md

@@ -1,6 +1,6 @@
 # volsync-target
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square)
+![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square)
 
 Volsync Replication set to target specific PVC with preconfigured settings
 
@@ -20,24 +20,25 @@ Volsync Replication set to target specific PVC with preconfigured settings
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | additionalLabels | object | `{}` | Add additional labels |
-| external | object | `{"enabled":true,"externalSecret":{"bucketPath":"/digital-ocean/config","credentialPath":"/digital-ocean/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 9 * * *"}` | External backup configuration |
+| external | object | `{"enabled":true,"externalSecret":{"bucketPath":"/backblaze/config","credentialPath":"/backblaze/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":35,"repository":"","retain":{"daily":0,"hourly":0,"monthly":0,"weekly":12,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 9 * * 0"}` | External backup configuration |
-| external.externalSecret | object | `{"bucketPath":"/digital-ocean/config","credentialPath":"/digital-ocean/home-infra/volsync-backups"}` | External Secret configuration |
+| external.externalSecret | object | `{"bucketPath":"/backblaze/config","credentialPath":"/backblaze/home-infra/volsync-backups"}` | External Secret configuration |
-| external.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| external.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":35,"repository":"","retain":{"daily":0,"hourly":0,"monthly":0,"weekly":12,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
-| external.schedule | string | `"0 9 * * *"` | 5 character cron schedule |
+| external.schedule | string | `"0 9 * * 0"` | 5 character cron schedule |
 | externalSecrets | object | `{"enabled":true}` | Use external secrets |
 | kubernetesClusterName | string | `"cl01tl"` | Kubernetes cluster name |
-| local | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 8 * * *"}` | Local backup configuration |
+| local | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":0,"weekly":4,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 8 * * *"}` | Local backup configuration |
 | local.externalSecret | object | `{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"}` | External Secret configuration |
-| local.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| local.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":0,"weekly":4,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
 | local.schedule | string | `"0 8 * * *"` | 5 character cron schedule |
 | moverSecurityContext | object | `{}` | Glocal security context for restic mover |
 | nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
 | namespaceOverride | string | `""` | Override the namespace of the chart |
+| prometheusRule | object | `{"enabled":true}` | Prometheus Rule |
 | pvcTarget | string | `"data"` | Name of the PVC target |
-| remote | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 10 * * *"}` | Remote backup configuration |
+| remote | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":0,"hourly":0,"monthly":0,"weekly":12,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 10 * * 0"}` | Remote backup configuration |
 | remote.externalSecret | object | `{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"}` | External Secret configuration |
-| remote.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| remote.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":0,"hourly":0,"monthly":0,"weekly":12,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
-| remote.schedule | string | `"0 10 * * *"` | 5 character cron schedule |
+| remote.schedule | string | `"0 10 * * 0"` | 5 character cron schedule |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/volsync-target/templates/prometheus-rule.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.prometheusRule.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "volsync.name" . }}-source-local
+  namespace: {{ include "volsync.namespace" . }}
+  labels:
+    {{- include "volsync.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ include "volsync.name" . }}-source-local
+    {{- with .Values.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  groups:
+    - name: volsync.alerts
+      rules:
+        - alert: VolSyncBackupPodFailed
+          expr: |
+            (kube_pod_container_status_last_terminated_exitcode > 0)
+            * on(pod, namespace) group_left(owner_name)
+            kube_pod_owner{owner_kind="Job", owner_name=~"volsync-.*"}
+          for: 1m
+          labels:
+            severity: critical
+          annotations:
+            summary: "VolSync Backup Pod failed in {{ `{{ $labels.namespace }}` }}"
+            description: |
+              A pod for the VolSync backup of PVC '{{ .Values.pvcTarget }}' failed with exit code {{ `{{ $value }}` }}.
+              Job: {{ `{{ $labels.owner_name }}` }}
+              Namespace: {{ `{{ $labels.namespace }}` }}
+{{- end }}

charts/volsync-target/templates/replication-source.yaml

@@ -7,7 +7,7 @@ metadata:
   namespace: {{ include "volsync.namespace" . }}
   labels:
     {{- include "volsync.labels" . | nindent 4 }}
-    app.kubernetes.io/name: {{ include "volsync.name" . }}
+    app.kubernetes.io/name: {{ include "volsync.name" . }}-source-local
     {{- with .Values.additionalLabels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}

charts/volsync-target/values.yaml

@@ -16,6 +16,10 @@ pvcTarget: "data"
 # -- Glocal security context for restic mover
 moverSecurityContext: {}
 
+# -- Prometheus Rule
+prometheusRule:
+  enabled: true
+
 # -- Use external secrets
 externalSecrets:
   enabled: true
@@ -35,8 +39,8 @@ local:
       hourly: 0
       daily: 7
       weekly: 4
-      monthly: 3
+      monthly: 0
-      yearly: 1
+      yearly: 0
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot
@@ -54,7 +58,7 @@ remote:
   enabled: false
 
   # -- 5 character cron schedule
-  schedule: 0 10 * * *
+  schedule: 0 10 * * 0
 
   # -- Backup configuration, inserted directly into the yaml
   restic:
@@ -62,10 +66,10 @@ remote:
     repository: ""
     retain:
       hourly: 0
-      daily: 7
+      daily: 0
-      weekly: 4
+      weekly: 12
-      monthly: 3
+      monthly: 0
-      yearly: 1
+      yearly: 0
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot
@@ -83,18 +87,18 @@ external:
   enabled: true
 
   # -- 5 character cron schedule
-  schedule: 0 9 * * *
+  schedule: 0 9 * * 0
 
   # -- Backup configuration, inserted directly into the yaml
   restic:
-    pruneIntervalDays: 7
+    pruneIntervalDays: 35
     repository: ""
     retain:
       hourly: 0
-      daily: 7
+      daily: 0
-      weekly: 4
+      weekly: 12
-      monthly: 3
+      monthly: 0
-      yearly: 1
+      yearly: 0
     copyMethod: Snapshot
     storageClassName: ceph-block
     volumeSnapshotClassName: ceph-blockpool-snapshot
@@ -103,6 +107,6 @@ external:
   # -- External Secret configuration
   externalSecret:
     # This path must contain the ENDPOINT
-    bucketPath: /digital-ocean/config
+    bucketPath: /backblaze/config
     # This path must contain the AWS/S3 credentials and RESTIC_PASSWORD
-    credentialPath: /digital-ocean/home-infra/volsync-backups
+    credentialPath: /backblaze/home-infra/volsync-backups