Compare commits
1 Commits
redis-repl
...
5347e6840c
| Author | SHA1 | Date | |
|---|---|---|---|
5347e6840c
|
@@ -1,52 +1,30 @@
|
||||
name: lint-and-test
|
||||
name: lint-and-test-charts
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'charts/**'
|
||||
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'charts/**'
|
||||
|
||||
env:
|
||||
BASE_BRANCH: "origin/${{ gitea.base_ref }}"
|
||||
on: pull_request
|
||||
|
||||
jobs:
|
||||
chart-testing:
|
||||
runs-on: ubuntu-js
|
||||
lint-test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.19.2
|
||||
version: latest
|
||||
|
||||
- name: Set up Node.js
|
||||
uses: actions/setup-node@v6
|
||||
- uses: actions/setup-python@v5
|
||||
with:
|
||||
node-version: '24'
|
||||
python-version: "3.13"
|
||||
check-latest: true
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v6
|
||||
with:
|
||||
python-version: '3.14'
|
||||
|
||||
- name: Set up Chart Testing
|
||||
- name: Set up chart-testing
|
||||
uses: helm/chart-testing-action@v2.7.0
|
||||
with:
|
||||
yamale_version: "6.0.0"
|
||||
|
||||
- name: Run Chart Testing (list-changed)
|
||||
- name: Run chart-testing (list-changed)
|
||||
id: list-changed
|
||||
run: |
|
||||
changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
|
||||
@@ -54,179 +32,6 @@ jobs:
|
||||
echo "changed=true" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Run Chart Testing (lint)
|
||||
- name: Run chart-testing (lint)
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
run: ct lint --validate-maintainers=false --target-branch ${{ gitea.event.repository.default_branch }}
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Test Failure - Helm Charts'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Tests have failed for Helm Charts'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=lint-test.yaml", "clear": true}]'
|
||||
image: true
|
||||
|
||||
lint-helm:
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Check Branch Exists
|
||||
id: check-branch-exists
|
||||
if: github.event_name == 'pull_request'
|
||||
uses: GuillaumeFalourd/branch-exists@v1.1
|
||||
with:
|
||||
branch: ${{ gitea.base_ref }}
|
||||
|
||||
- name: Report Branch Exists
|
||||
id: branch-exists
|
||||
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
|
||||
run: |
|
||||
if [ ${{ github.event_name == 'push' }} ]; then
|
||||
echo ">> Action is from a push event, will continue with linting"
|
||||
|
||||
else
|
||||
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
|
||||
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "exists=true" >> $GITEA_OUTPUT
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
if: steps.branch-exists.outputs.exists == 'true'
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3
|
||||
|
||||
- name: Check Directories for Changes
|
||||
id: check-dir-changes
|
||||
if: steps.branch-exists.outputs.exists == 'true'
|
||||
run: |
|
||||
CHANGED_CHARTS=()
|
||||
|
||||
echo ">> Target branch for diff is: ${BASE_BRANCH}"
|
||||
|
||||
if [ "${{ github.event_name }}" == "pull_request" ]; then
|
||||
echo ""
|
||||
echo ">> Checking for changes in a pull request ..."
|
||||
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "charts/")
|
||||
else
|
||||
echo ""
|
||||
echo ">> Checking for changes from a push ..."
|
||||
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "charts/")
|
||||
fi
|
||||
|
||||
if [ -n "${GIT_DIFF}" ]; then
|
||||
echo ""
|
||||
echo ">> Changes detected:"
|
||||
echo "$GIT_DIFF"
|
||||
|
||||
for path in $GIT_DIFF; do
|
||||
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $2}')
|
||||
CHANGED_CHARTS+=$(echo " ")
|
||||
done
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> No changes detected"
|
||||
|
||||
fi
|
||||
|
||||
if [ -n "${CHANGED_CHARTS}" ]; then
|
||||
echo ""
|
||||
echo ">> Chart to Lint:"
|
||||
echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
echo "chart-dir<<EOF" >> $GITEA_OUTPUT
|
||||
echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
|
||||
echo "EOF" >> $GITEA_OUTPUT
|
||||
else
|
||||
echo "changes-detected=false" >> $GITEA_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Add Repositories
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
env:
|
||||
CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
|
||||
run: |
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
for dir in ${CHANGED_CHARTS}; do
|
||||
helm dependency list --max-col-width 120 charts/$dir 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do
|
||||
if [[ "$cmd" == "*oci://*" ]]; then
|
||||
echo ">> Ignoring OCI repo"
|
||||
else
|
||||
echo "$cmd" | sh;
|
||||
fi
|
||||
done || true
|
||||
done
|
||||
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ""
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Lint Helm Chart
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
env:
|
||||
CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
|
||||
run: |
|
||||
echo ">> Running linting on changed charts ..."
|
||||
|
||||
for dir in ${CHANGED_CHARTS}; do
|
||||
chart_path=charts/$dir
|
||||
chart_name=$(basename "$chart_path")
|
||||
|
||||
if [ -f "$chart_path/Chart.yaml" ]; then
|
||||
cd $chart_path
|
||||
|
||||
echo ""
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh
|
||||
|
||||
echo ""
|
||||
echo ">> Linting helm ..."
|
||||
helm lint --namespace "$chart_name"
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
|
||||
echo ""
|
||||
fi
|
||||
done
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Test Failure - Helm Charts'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Tests have failed for Helm Charts'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=lint-test.yaml", "clear": true}]'
|
||||
image: true
|
||||
run: ct lint --target-branch ${{ gitea.event.repository.default_branch }}
|
||||
|
||||
@@ -1,128 +0,0 @@
|
||||
name: release-charts-cloudflared
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/cloudflared/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/cloudflared"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.19.2
|
||||
|
||||
- name: Add Repositories
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
helm dependency list --max-col-width 120 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do echo "$cmd" | sh; done || true
|
||||
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
echo ">> Logging into Harbor ..."
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Publishing chart to Harbor ..."
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
echo ">> Installing Chart Museum plugin ..."
|
||||
helm plugin install https://github.com/chartmuseum/helm-push --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Adding Gitea repository ..."
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Pushing chart to gitea"
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding Chart metadata to workflow ENV ..."
|
||||
echo ""
|
||||
echo ">> Chart Version: $(yq '.version' Chart.yaml)"
|
||||
echo ">> Chart Name: $(yq '.name' Chart.yaml)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: ntfy Success
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: success()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Success - ${{ env.CHART_NAME }}'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Failure - ${{ env.CHART_NAME }}'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-cloudflared.yml", "clear": true}]'
|
||||
image: true
|
||||
@@ -1,128 +0,0 @@
|
||||
name: release-charts-generic-device-plugin
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/generic-device-plugin/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/generic-device-plugin"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.19.2
|
||||
|
||||
- name: Add Repositories
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
helm dependency list --max-col-width 120 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do echo "$cmd" | sh; done || true
|
||||
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
echo ">> Logging into Harbor ..."
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Publishing chart to Harbor ..."
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
echo ">> Installing Chart Museum plugin ..."
|
||||
helm plugin install https://github.com/chartmuseum/helm-push --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Adding Gitea repository ..."
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Pushing chart to gitea"
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding Chart metadata to workflow ENV ..."
|
||||
echo ""
|
||||
echo ">> Chart Version: $(yq '.version' Chart.yaml)"
|
||||
echo ">> Chart Name: $(yq '.name' Chart.yaml)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: ntfy Success
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: success()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Success - ${{ env.CHART_NAME }}'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Failure - ${{ env.CHART_NAME }}'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-generic-device-plugin.yml", "clear": true}]'
|
||||
image: true
|
||||
@@ -1,128 +0,0 @@
|
||||
name: release-charts-gitea-actions
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/gitea-actions/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/gitea-actions"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.19.2
|
||||
|
||||
- name: Add Repositories
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
helm dependency list --max-col-width 120 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do echo "$cmd" | sh; done || true
|
||||
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
echo ">> Logging into Harbor ..."
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Publishing chart to Harbor ..."
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
echo ">> Installing Chart Museum plugin ..."
|
||||
helm plugin install https://github.com/chartmuseum/helm-push --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Adding Gitea repository ..."
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Pushing chart to gitea"
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding Chart metadata to workflow ENV ..."
|
||||
echo ""
|
||||
echo ">> Chart Version: $(yq '.version' Chart.yaml)"
|
||||
echo ">> Chart Name: $(yq '.name' Chart.yaml)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: ntfy Success
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: success()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Success - ${{ env.CHART_NAME }}'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Failure - ${{ env.CHART_NAME }}'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-gitea-actions.yml", "clear": true}]'
|
||||
image: true
|
||||
@@ -1,128 +0,0 @@
|
||||
name: release-charts-postgres-cluster
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/postgres-cluster/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/postgres-cluster"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.19.2
|
||||
|
||||
- name: Add Repositories
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
helm dependency list --max-col-width 120 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do echo "$cmd" | sh; done || true
|
||||
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
echo ">> Logging into Harbor ..."
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Publishing chart to Harbor ..."
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
echo ">> Installing Chart Museum plugin ..."
|
||||
helm plugin install https://github.com/chartmuseum/helm-push --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Adding Gitea repository ..."
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Pushing chart to gitea"
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding Chart metadata to workflow ENV ..."
|
||||
echo ""
|
||||
echo ">> Chart Version: $(yq '.version' Chart.yaml)"
|
||||
echo ">> Chart Name: $(yq '.name' Chart.yaml)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: ntfy Success
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: success()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Success - ${{ env.CHART_NAME }}'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Failure - ${{ env.CHART_NAME }}'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-postgres-cluster.yml", "clear": true}]'
|
||||
image: true
|
||||
@@ -1,128 +0,0 @@
|
||||
name: release-charts-redis-replication
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/redis-replication/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/redis-replication"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.19.2
|
||||
|
||||
- name: Add Repositories
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
helm dependency list --max-col-width 120 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do echo "$cmd" | sh; done || true
|
||||
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
echo ">> Logging into Harbor ..."
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Publishing chart to Harbor ..."
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
echo ">> Installing Chart Museum plugin ..."
|
||||
helm plugin install https://github.com/chartmuseum/helm-push --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Adding Gitea repository ..."
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Pushing chart to gitea"
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding Chart metadata to workflow ENV ..."
|
||||
echo ""
|
||||
echo ">> Chart Version: $(yq '.version' Chart.yaml)"
|
||||
echo ">> Chart Name: $(yq '.name' Chart.yaml)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: ntfy Success
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: success()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Success - ${{ env.CHART_NAME }}'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Failure - ${{ env.CHART_NAME }}'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-redis-replication.yml", "clear": true}]'
|
||||
image: true
|
||||
@@ -1,128 +0,0 @@
|
||||
name: release-charts-volsync-target
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/volsync-target/**"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
WORKFLOW_DIR: "charts/volsync-target"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-js
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.19.2
|
||||
|
||||
- name: Add Repositories
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
helm dependency list --max-col-width 120 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do echo "$cmd" | sh; done || true
|
||||
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Package Helm Chart
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
|
||||
|
||||
- name: Publish Helm Chart to Harbor
|
||||
run: |
|
||||
echo ">> Logging into Harbor ..."
|
||||
helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }} --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Publishing chart to Harbor ..."
|
||||
helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts --debug
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Publish Helm Chart to Gitea
|
||||
run: |
|
||||
echo ">> Installing Chart Museum plugin ..."
|
||||
helm plugin install https://github.com/chartmuseum/helm-push --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Adding Gitea repository ..."
|
||||
helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm --debug
|
||||
|
||||
echo ""
|
||||
echo ">> Pushing chart to gitea"
|
||||
helm cm-push ${{ env.PACKAGE_PATH }} helm-charts --debug
|
||||
|
||||
- name: Extract Chart Metadata
|
||||
run: |
|
||||
cd ${WORKFLOW_DIR}
|
||||
|
||||
echo ">> Adding Chart metadata to workflow ENV ..."
|
||||
echo ""
|
||||
echo ">> Chart Version: $(yq '.version' Chart.yaml)"
|
||||
echo ">> Chart Name: $(yq '.name' Chart.yaml)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
|
||||
echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
|
||||
|
||||
- name: Release Helm Chart
|
||||
uses: akkuman/gitea-release-action@v1
|
||||
with:
|
||||
name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
|
||||
files: |-
|
||||
${{ env.PACKAGE_PATH }}
|
||||
|
||||
- name: ntfy Success
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: success()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Success - ${{ env.CHART_NAME }}'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has been released!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Release Failure - ${{ env.CHART_NAME }}'
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: 'Helm Chart ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }} has failed to be released.'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/helm-charts/actions?workflow=release-charts-volsync-target.yml", "clear": true}]'
|
||||
image: true
|
||||
37
.gitea/workflows/release-to-harbor.yml
Normal file
37
.gitea/workflows/release-to-harbor.yml
Normal file
@@ -0,0 +1,37 @@
|
||||
name: Release Charts
|
||||
# https://github.com/thpham/helm-oci-charts-releaser
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'charts/**'
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
packages: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Configure Git
|
||||
run: |
|
||||
git config user.name "${{ gitea.actor }}"
|
||||
git config user.email "${{ gitea.actor }}@users.noreply.${{ vars.REPOSITORY_HOST }}"
|
||||
|
||||
- name: Run chart-releaser
|
||||
uses: https://github.com/thpham/helm-oci-charts-releaser@v1
|
||||
with:
|
||||
oci_registry: ${{ vars.REGISTRY_HOST }}/v2/helm-charts
|
||||
oci_username: ${{ vars.REGISTRY_USER }}
|
||||
oci_password: ${{ secrets.REGISTRY_SECRET }}
|
||||
gitea_server: ${{ vars.REPOSITORY_HOST }}
|
||||
gitea_token: ${{ secrets.REPOSITORY_TOKEN }}
|
||||
tag_name_pattern: '{chartName}-chart'
|
||||
skip_existing: true
|
||||
@@ -1,32 +0,0 @@
|
||||
name: renovate
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "@daily"
|
||||
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:42
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Renovate
|
||||
run: renovate
|
||||
env:
|
||||
RENOVATE_PLATFORM: gitea
|
||||
RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
|
||||
RENOVATE_REPOSITORIES: alexlebens/helm-charts
|
||||
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
|
||||
LOG_LEVEL: info
|
||||
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
|
||||
RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
|
||||
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
|
||||
RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}
|
||||
@@ -4,8 +4,6 @@ on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- "charts/**"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
@@ -14,7 +12,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
@@ -23,16 +21,6 @@ jobs:
|
||||
git config user.name "$GITHUB_ACTOR"
|
||||
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
|
||||
|
||||
- name: Add Repositories
|
||||
run: |
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
for dir in $(ls -d charts/*/); do
|
||||
helm dependency list $dir --max-col-width 120 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do echo "$cmd" | sh; done || true
|
||||
done
|
||||
|
||||
- name: Run chart-releaser
|
||||
uses: helm/chart-releaser-action@v1.7.0
|
||||
env:
|
||||
10
.gitignore
vendored
10
.gitignore
vendored
@@ -1,2 +1,12 @@
|
||||
# Archived
|
||||
charts/**/archive
|
||||
|
||||
# Compiled Helm chart dependencies
|
||||
charts/**/Chart.lock
|
||||
charts/**/charts/
|
||||
|
||||
# Testing
|
||||
__snapshot__/
|
||||
|
||||
# Docs
|
||||
_site/
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.0
|
||||
digest: sha256:a1675afcbd6e7a3d61fd241f646271c1975ef24f37d2d8cd56a8ff3e48bed794
|
||||
generated: "2026-01-08T14:57:38.964824-06:00"
|
||||
@@ -1,18 +1,18 @@
|
||||
apiVersion: v2
|
||||
name: cloudflared
|
||||
version: 2.1.6
|
||||
version: 1.14.2
|
||||
description: Cloudflared Tunnel
|
||||
keywords:
|
||||
- cloudflare
|
||||
- tunnel
|
||||
sources:
|
||||
- https://github.com/cloudflare/cloudflared
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
|
||||
- https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.0
|
||||
repository: https://bjw-s.github.io/helm-charts/
|
||||
version: 3.7.2
|
||||
icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
|
||||
appVersion: "2025.11.1"
|
||||
appVersion: "2025.2.1"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# cloudflared
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
Cloudflared Tunnel
|
||||
|
||||
@@ -13,26 +13,23 @@ Cloudflared Tunnel
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/cloudflare/cloudflared>
|
||||
* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
|
||||
* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
|
||||
|
||||
## Requirements
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.0 |
|
||||
| https://bjw-s.github.io/helm-charts/ | common | 3.7.2 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.11.1"}` | Default image |
|
||||
| name | string | `""` | Name override of release |
|
||||
| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
|
||||
| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
|
||||
| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.2.1"}` | Default image |
|
||||
| name | string | `"cloudflared"` | Name override of release |
|
||||
| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
|
||||
| secret | object | `{"existingSecret":{"key":"cf-tunnel-token","name":"cloudflared-secret"},"externalSecret":{"additionalLabels":{},"enabled":true,"nameOverride":"","store":{"name":"vault","path":"/cloudflare/tunnels","property":"token"}}}` | Secret configuration |
|
||||
| secret.existingSecret | object | `{"key":"cf-tunnel-token","name":"cloudflared-secret"}` | Name of existing secret that contains Cloudflare token |
|
||||
| secret.externalSecret | object | `{"additionalLabels":{},"enabled":true,"nameOverride":"","store":{"name":"vault","path":"/cloudflare/tunnels","property":"token"}}` | External Secret configuration |
|
||||
| secret.externalSecret.additionalLabels | object | `{}` | Add additional labels |
|
||||
| secret.externalSecret.store | object | `{"name":"vault","path":"/cloudflare/tunnels","property":"token"}` | Cluster store config |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
|
||||
@@ -1,86 +0,0 @@
|
||||
{{/*
|
||||
Generate the root name
|
||||
*/}}
|
||||
{{- define "cloudflared.name" -}}
|
||||
{{- if .Values.name }}
|
||||
{{- printf "%s-cloudflared" .Values.name -}}
|
||||
{{- else }}
|
||||
{{- printf "cloudflared" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate the secret name
|
||||
*/}}
|
||||
{{- define "secret.name" -}}
|
||||
{{- if .Values.secret.externalSecret.enabled }}
|
||||
{{- if .Values.secret.externalSecret.nameOverride }}
|
||||
{{- .Values.secret.externalSecret.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s-secret" .Release.Name (include "cloudflared.name" .) -}}
|
||||
{{- end }}
|
||||
{{- else if .Values.secret.existingSecret.name }}
|
||||
{{- printf "%s" .Values.secret.existingSecret.name -}}
|
||||
{{- else }}
|
||||
{{ fail "No Secret Name Found!" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate the name of the secret key
|
||||
*/}}
|
||||
{{- define "secret.key" -}}
|
||||
{{- if .Values.secret.externalSecret.enabled }}
|
||||
{{- printf "cf-tunnel-token" -}}
|
||||
{{- else if .Values.secret.existingSecret.key }}
|
||||
{{- printf "%s" .Values.secret.existingSecret.key -}}
|
||||
{{- else }}
|
||||
{{ fail "No Secret Key Found!" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate path in the secret store
|
||||
*/}}
|
||||
{{- define "secret.path" -}}
|
||||
{{- if and (.Values.secret.externalSecret.enabled) (.Values.secret.externalSecret.store.path) }}
|
||||
{{- if .Values.name }}
|
||||
{{- printf "%s/%s-%s" .Values.secret.externalSecret.store.path .Release.Name .Values.name -}}
|
||||
{{- else }}
|
||||
{{- printf "%s/%s" .Values.secret.externalSecret.store.path .Release.Name -}}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{ fail "No Secret Store Path Found!" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "secret.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "secret.labels" -}}
|
||||
helm.sh/chart: {{ include "secret.chart" $ }}
|
||||
{{ include "secret.selectorLabels" $ }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.Version | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/name: {{ include "secret.name" . }}
|
||||
{{- with .Values.secret.externalSecret.additionalLabels }}
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "secret.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,9 +1,10 @@
|
||||
{{- include "bjw-s.common.loader.init" . }}
|
||||
|
||||
{{- define "cloudflared.hardcodedValues" -}}
|
||||
{{ if not .Values.global.nameOverride }}
|
||||
global:
|
||||
nameOverride: {{ include "cloudflared.name" . }}
|
||||
fullNameOverride: {{ include "cloudflared.name" . }}
|
||||
nameOverride: {{ .Values.name }}
|
||||
{{ end }}
|
||||
controllers:
|
||||
main:
|
||||
type: deployment
|
||||
@@ -26,8 +27,8 @@ controllers:
|
||||
- name: CF_MANAGED_TUNNEL_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "secret.name" . }}
|
||||
key: {{ include "secret.key" . }}
|
||||
name: {{ .Values.existingSecretName }}
|
||||
key: {{ .Values.existingSecretKey }}
|
||||
resources:
|
||||
{{- with .Values.resources }}
|
||||
resources:
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
{{- if .Values.secret.externalSecret.enabled }}
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{ include "secret.name" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "secret.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: {{ .Values.secret.externalSecret.store.name | required "External Secret store name is required" }}
|
||||
data:
|
||||
- secretKey: {{ include "secret.key" . }}
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ include "secret.path" . }}
|
||||
metadataPolicy: None
|
||||
property: {{ .Values.secret.externalSecret.store.property | required "External Secret store property is required" }}
|
||||
|
||||
{{- end }}
|
||||
@@ -1,32 +1,16 @@
|
||||
# -- Name override of release
|
||||
name: ""
|
||||
name: cloudflared
|
||||
|
||||
# -- Secret configuration
|
||||
secret:
|
||||
# -- Name of existing secret that contains Cloudflare token
|
||||
existingSecretName: cloudflared-secret
|
||||
|
||||
# -- External Secret configuration
|
||||
externalSecret:
|
||||
enabled: true
|
||||
nameOverride: ""
|
||||
|
||||
# -- Cluster store config
|
||||
store:
|
||||
name: vault
|
||||
path: /cloudflare/tunnels
|
||||
property: token
|
||||
|
||||
# -- Add additional labels
|
||||
additionalLabels: {}
|
||||
|
||||
# -- Name of existing secret that contains Cloudflare token
|
||||
existingSecret:
|
||||
name: cloudflared-secret
|
||||
key: cf-tunnel-token
|
||||
# -- Name of key that contains the token in the existingSecret
|
||||
existingSecretKey: cf-tunnel-token
|
||||
|
||||
# -- Default image
|
||||
image:
|
||||
repository: cloudflare/cloudflared
|
||||
tag: "2025.11.1"
|
||||
tag: "2025.2.1"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Default resources
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.0
|
||||
digest: sha256:a1675afcbd6e7a3d61fd241f646271c1975ef24f37d2d8cd56a8ff3e48bed794
|
||||
generated: "2026-01-08T14:57:09.560708-06:00"
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: generic-device-plugin
|
||||
version: 0.20.12
|
||||
version: 0.1.8
|
||||
description: Generic Device Plugin
|
||||
keywords:
|
||||
- generic-device-plugin
|
||||
@@ -13,6 +13,6 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.0
|
||||
appVersion: 0.20.12
|
||||
repository: https://bjw-s.github.io/helm-charts/
|
||||
version: 3.7.2
|
||||
appVersion: 0.1.7
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# generic-device-plugin
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
Generic Device Plugin
|
||||
|
||||
@@ -19,7 +19,7 @@ Generic Device Plugin
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.0 |
|
||||
| https://bjw-s.github.io/helm-charts/ | common | 3.7.2 |
|
||||
|
||||
## Values
|
||||
|
||||
@@ -27,10 +27,10 @@ Generic Device Plugin
|
||||
|-----|------|---------|-------------|
|
||||
| config | object | `{"data":"devices:\n - name: serial\n groups:\n - paths:\n - path: /dev/ttyUSB*\n - paths:\n - path: /dev/ttyACM*\n - paths:\n - path: /dev/tty.usb*\n - paths:\n - path: /dev/cu.*\n - paths:\n - path: /dev/cuaU*\n - paths:\n - path: /dev/rfcomm*\n - name: video\n groups:\n - paths:\n - path: /dev/video0\n - name: fuse\n groups:\n - count: 10\n paths:\n - path: /dev/fuse\n - name: audio\n groups:\n - count: 10\n paths:\n - path: /dev/snd\n - name: capture\n groups:\n - paths:\n - path: /dev/snd/controlC0\n - path: /dev/snd/pcmC0D0c\n - paths:\n - path: /dev/snd/controlC1\n mountPath: /dev/snd/controlC0\n - path: /dev/snd/pcmC1D0c\n mountPath: /dev/snd/pcmC0D0c\n - paths:\n - path: /dev/snd/controlC2\n mountPath: /dev/snd/controlC0\n - path: /dev/snd/pcmC2D0c\n mountPath: /dev/snd/pcmC0D0c\n - paths:\n - path: /dev/snd/controlC3\n mountPath: /dev/snd/controlC0\n - path: /dev/snd/pcmC3D0c\n mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
|
||||
| config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
|
||||
| deviceDomain | string | `"devic.es"` | Domain used by devices for identifcation |
|
||||
| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:f1055553438c495c5258c4648a83f6aaf0a3c908d0c5313302ddf0feaa1758bd"}` | Default image |
|
||||
| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
|
||||
| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821"}` | Default image |
|
||||
| name | string | `"generic-device-plugin"` | Name override of release |
|
||||
| resources | object | `{"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
|
||||
| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
|
||||
| service | object | `{"listenPort":8080}` | Service port |
|
||||
|
||||
----------------------------------------------
|
||||
|
||||
@@ -4,11 +4,11 @@ name: generic-device-plugin
|
||||
# -- Default image
|
||||
image:
|
||||
repository: ghcr.io/squat/generic-device-plugin
|
||||
tag: latest@sha256:f1055553438c495c5258c4648a83f6aaf0a3c908d0c5313302ddf0feaa1758bd
|
||||
tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
|
||||
pullPolicy: Always
|
||||
|
||||
# -- Domain used by devices for identifcation
|
||||
deviceDomain: devic.es
|
||||
deviceDomain: squat.ai
|
||||
|
||||
# -- Service port
|
||||
service:
|
||||
@@ -16,6 +16,9 @@ service:
|
||||
|
||||
# -- Default resources
|
||||
resources:
|
||||
limit:
|
||||
cpu: 100m
|
||||
memory: 20Mi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 10Mi
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: gitea-actions
|
||||
version: 0.2.1
|
||||
description: Gitea Actions
|
||||
keywords:
|
||||
- cicd
|
||||
- runner
|
||||
- actions
|
||||
sources:
|
||||
- https://gitea.com/gitea/helm-actions
|
||||
- https://gitea.com/gitea/act
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
|
||||
appVersion: 0.2.11
|
||||
@@ -1,18 +0,0 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2025 gitea
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
|
||||
associated documentation files (the "Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
|
||||
following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all copies or substantial
|
||||
portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
||||
LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
|
||||
EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
||||
USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
@@ -1,54 +0,0 @@
|
||||
# gitea-actions
|
||||
|
||||
 
|
||||
|
||||
Gitea Actions
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| alexlebens | | |
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://gitea.com/gitea/helm-actions>
|
||||
* <https://gitea.com/gitea/act>
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| enabled | bool | `true` | |
|
||||
| existingSecret | string | `""` | |
|
||||
| existingSecretKey | string | `""` | |
|
||||
| giteaRootURL | string | `""` | |
|
||||
| global.fullnameOverride | string | `""` | |
|
||||
| global.imageRegistry | string | `""` | |
|
||||
| global.nameOverride | string | `""` | |
|
||||
| global.storageClass | string | `""` | |
|
||||
| init.image.repository | string | `"busybox"` | |
|
||||
| init.image.tag | string | `"1.37.0"` | |
|
||||
| statefulset.actRunner.config | string | `"log:\n level: debug\ncache:\n enabled: false\n"` | |
|
||||
| statefulset.actRunner.extraVolumeMounts | list | `[]` | |
|
||||
| statefulset.actRunner.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| statefulset.actRunner.repository | string | `"gitea/act_runner"` | |
|
||||
| statefulset.actRunner.tag | string | `"0.2.11"` | |
|
||||
| statefulset.affinity | object | `{}` | |
|
||||
| statefulset.annotations | object | `{}` | |
|
||||
| statefulset.dind.extraEnvs | list | `[]` | |
|
||||
| statefulset.dind.extraVolumeMounts | list | `[]` | |
|
||||
| statefulset.dind.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| statefulset.dind.repository | string | `"docker"` | |
|
||||
| statefulset.dind.tag | string | `"25.0.2-dind"` | |
|
||||
| statefulset.extraVolumes | list | `[]` | |
|
||||
| statefulset.labels | object | `{}` | |
|
||||
| statefulset.nodeSelector | object | `{}` | |
|
||||
| statefulset.persistence.size | string | `"1Gi"` | |
|
||||
| statefulset.persistence.storageClass | string | `""` | |
|
||||
| statefulset.replicas | int | `1` | |
|
||||
| statefulset.resources | object | `{}` | |
|
||||
| statefulset.tolerations | list | `[]` | |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
@@ -1,102 +0,0 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
|
||||
{{- define "gitea.actions.name" -}}
|
||||
{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "gitea.actions.fullname" -}}
|
||||
{{- if .Values.global.fullnameOverride -}}
|
||||
{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.global.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "gitea.actions.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Storage Class
|
||||
*/}}
|
||||
{{- define "gitea.actions.persistence.storageClass" -}}
|
||||
{{- $storageClass := (tpl ( default "" .Values.statefulset.persistence.storageClass) .) | default (tpl ( default "" .Values.global.storageClass) .) }}
|
||||
{{- if $storageClass }}
|
||||
storageClassName: {{ $storageClass | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "gitea.actions.labels" -}}
|
||||
helm.sh/chart: {{ include "gitea.actions.chart" . }}
|
||||
app: {{ include "gitea.actions.name" . }}
|
||||
{{ include "gitea.actions.selectorLabels" . }}
|
||||
app.kubernetes.io/version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
|
||||
version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.actions.labels.actRunner" -}}
|
||||
helm.sh/chart: {{ include "gitea.actions.chart" . }}
|
||||
app: {{ include "gitea.actions.name" . }}-act-runner
|
||||
{{ include "gitea.actions.selectorLabels.actRunner" . }}
|
||||
app.kubernetes.io/version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
|
||||
version: {{ .Values.statefulset.actRunner.tag | default .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "gitea.actions.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "gitea.actions.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.actions.selectorLabels.actRunner" -}}
|
||||
app.kubernetes.io/name: {{ include "gitea.actions.name" . }}-act-runner
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.actions.local_root_url" -}}
|
||||
{{- .Values.giteaRootURL -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Parse the http url to hostname + port separated by space for the nc command
|
||||
*/}}
|
||||
{{- define "gitea.actions.nc" -}}
|
||||
{{- $url := include "gitea.actions.local_root_url" . | urlParse -}}
|
||||
{{- $host := get $url "host" -}}
|
||||
{{- $scheme := get $url "scheme" -}}
|
||||
{{- $port := "80" -}}
|
||||
{{- if contains ":" $host -}}
|
||||
{{- $hostAndPort := regexSplit ":" $host 2 -}}
|
||||
{{- $host = index $hostAndPort 0 -}}
|
||||
{{- $port = index $hostAndPort 1 -}}
|
||||
{{- else if eq $scheme "https" -}}
|
||||
{{- $port = "443" -}}
|
||||
{{- else if eq $scheme "http" -}}
|
||||
{{- $port = "80" -}}
|
||||
{{- end -}}
|
||||
{{- printf "%s %s" $host $port -}}
|
||||
{{- end -}}
|
||||
@@ -1,15 +0,0 @@
|
||||
{{- if .Values.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "gitea.actions.fullname" . }}-act-runner-config
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "gitea.actions.labels" . | nindent 4 }}
|
||||
data:
|
||||
config.yaml: |
|
||||
{{- with .Values.statefulset.actRunner.config -}}
|
||||
{{ . | nindent 4}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
@@ -1,127 +0,0 @@
|
||||
{{- if .Values.enabled }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "gitea.actions.labels.actRunner" . | nindent 4 }}
|
||||
{{- with .Values.statefulset.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- with .Values.statefulset.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "gitea.actions.fullname" . }}-act-runner
|
||||
namespace: {{ .Values.namespace | default .Release.Namespace }}
|
||||
spec:
|
||||
replicas: {{ .Values.statefulset.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "gitea.actions.selectorLabels.actRunner" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "gitea.actions.labels.actRunner" . | nindent 8 }}
|
||||
{{- with .Values.statefulset.labels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
initContainers:
|
||||
- name: init-gitea
|
||||
image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
while ! nc -z {{ include "gitea.actions.nc" . }}; do
|
||||
sleep 5
|
||||
done
|
||||
containers:
|
||||
- name: act-runner
|
||||
image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}"
|
||||
imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }}
|
||||
workingDir: /data
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://127.0.0.1:2376
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/server
|
||||
- name: GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.existingSecret | default "gitea-actions-token" }}"
|
||||
key: "{{ .Values.existingSecretKey | default "token" }}"
|
||||
- name: GITEA_INSTANCE_URL
|
||||
value: {{ include "gitea.actions.local_root_url" . }}
|
||||
- name: CONFIG_FILE
|
||||
value: /actrunner/config.yaml
|
||||
resources:
|
||||
{{- toYaml .Values.statefulset.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /actrunner/config.yaml
|
||||
name: act-runner-config
|
||||
subPath: config.yaml
|
||||
- mountPath: /certs/server
|
||||
name: docker-certs
|
||||
- mountPath: /data
|
||||
name: data-act-runner
|
||||
{{- with .Values.statefulset.actRunner.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: dind
|
||||
image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}"
|
||||
imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }}
|
||||
env:
|
||||
- name: DOCKER_HOST
|
||||
value: tcp://127.0.0.1:2376
|
||||
- name: DOCKER_TLS_VERIFY
|
||||
value: "1"
|
||||
- name: DOCKER_CERT_PATH
|
||||
value: /certs/server
|
||||
{{- if .Values.statefulset.dind.extraEnvs }}
|
||||
{{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
resources:
|
||||
{{- toYaml .Values.statefulset.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /certs/server
|
||||
name: docker-certs
|
||||
{{- with .Values.statefulset.dind.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.statefulset.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.statefulset.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.statefulset.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: act-runner-config
|
||||
configMap:
|
||||
name: {{ include "gitea.actions.fullname" . }}-act-runner-config
|
||||
- name: docker-certs
|
||||
emptyDir: {}
|
||||
{{- with .Values.statefulset.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data-act-runner
|
||||
spec:
|
||||
accessModes: [ "ReadWriteOnce" ]
|
||||
{{- include "gitea.actions.persistence.storageClass" . | nindent 8 }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.statefulset.persistence.size }}
|
||||
{{- end }}
|
||||
@@ -1,102 +0,0 @@
|
||||
# Configure Gitea Actions
|
||||
# - must enable persistence if the job is enabled
|
||||
## @section Gitea Actions
|
||||
#
|
||||
## @param enabled Create an act runner StatefulSet.
|
||||
## @param init.image.repository The image used for the init containers
|
||||
## @param init.image.tag The image tag used for the init containers
|
||||
## @param statefulset.annotations Act runner annotations
|
||||
## @param statefulset.labels Act runner labels
|
||||
## @param statefulset.resources Act runner resources
|
||||
## @param statefulset.nodeSelector NodeSelector for the statefulset
|
||||
## @param statefulset.tolerations Tolerations for the statefulset
|
||||
## @param statefulset.affinity Affinity for the statefulset
|
||||
## @param statefulset.extraVolumes Extra volumes for the statefulset
|
||||
## @param statefulset.actRunner.repository The Gitea act runner image
|
||||
## @param statefulset.actRunner.tag The Gitea act runner tag
|
||||
## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
|
||||
## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
|
||||
## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
|
||||
## @param statefulset.dind.repository The Docker-in-Docker image
|
||||
## @param statefulset.dind.tag The Docker-in-Docker image tag
|
||||
## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
|
||||
## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
|
||||
## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
|
||||
## @param statefulset.persistence.size Size for persistence to store act runner data
|
||||
## @param provisioning.enabled Create a job that will create and save the token in a Kubernetes Secret
|
||||
## @param provisioning.annotations Job's annotations
|
||||
## @param provisioning.labels Job's labels
|
||||
## @param provisioning.resources Job's resources
|
||||
## @param provisioning.nodeSelector NodeSelector for the job
|
||||
## @param provisioning.tolerations Tolerations for the job
|
||||
## @param provisioning.affinity Affinity for the job
|
||||
## @param provisioning.ttlSecondsAfterFinished ttl for the job after finished in order to allow helm to properly recognize that the job completed
|
||||
## @param provisioning.publish.repository The image that can create the secret via kubectl
|
||||
## @param provisioning.publish.tag The publish image tag that can create the secret
|
||||
## @param provisioning.publish.pullPolicy The publish image pullPolicy that can create the secret
|
||||
## @param existingSecret Secret that contains the token
|
||||
## @param existingSecretKey Secret key
|
||||
## @param giteaRootURL URL the act_runner registers and connect with
|
||||
enabled: true
|
||||
statefulset:
|
||||
replicas: 1
|
||||
annotations: {}
|
||||
labels: {}
|
||||
resources: {}
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
extraVolumes: []
|
||||
|
||||
actRunner:
|
||||
repository: gitea/act_runner
|
||||
tag: 0.2.11
|
||||
pullPolicy: IfNotPresent
|
||||
extraVolumeMounts: []
|
||||
|
||||
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
|
||||
config: |
|
||||
log:
|
||||
level: debug
|
||||
cache:
|
||||
enabled: false
|
||||
|
||||
dind:
|
||||
repository: docker
|
||||
tag: 25.0.2-dind
|
||||
pullPolicy: IfNotPresent
|
||||
extraVolumeMounts: []
|
||||
|
||||
# If the container keeps crashing in your environment, you might have to add the `DOCKER_IPTABLES_LEGACY` environment variable.
|
||||
# See https://github.com/docker-library/docker/issues/463#issuecomment-1881909456
|
||||
extraEnvs:
|
||||
[]
|
||||
# - name: "DOCKER_IPTABLES_LEGACY"
|
||||
# value: "1"
|
||||
|
||||
persistence:
|
||||
storageClass: ""
|
||||
size: 1Gi
|
||||
|
||||
init:
|
||||
image:
|
||||
repository: busybox
|
||||
tag: "1.37.0"
|
||||
|
||||
## Specify an existing token secret
|
||||
##
|
||||
existingSecret: ""
|
||||
existingSecretKey: ""
|
||||
|
||||
## Specify the root URL of the Gitea instance
|
||||
giteaRootURL: ""
|
||||
|
||||
## @section Global
|
||||
#
|
||||
## @param global.imageRegistry global image registry override
|
||||
## @param global.storageClass global storage class override
|
||||
global:
|
||||
imageRegistry: ""
|
||||
storageClass: ""
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
@@ -1,14 +1,13 @@
|
||||
apiVersion: v2
|
||||
name: postgres-cluster
|
||||
version: 7.4.5
|
||||
description: Cloudnative-pg Cluster
|
||||
version: 4.2.1
|
||||
description: Chart for cloudnative-pg cluster
|
||||
keywords:
|
||||
- database
|
||||
- postgres
|
||||
sources:
|
||||
- https://github.com/cloudnative-pg/cloudnative-pg
|
||||
- https://github.com/cloudnative-pg/charts/tree/main/charts/cluster
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
|
||||
appVersion: v1.28.0
|
||||
appVersion: v1.25.0
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
# postgres-cluster
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
Cloudnative-pg Cluster
|
||||
Chart for cloudnative-pg cluster
|
||||
|
||||
## Maintainers
|
||||
|
||||
@@ -13,99 +13,70 @@ Cloudnative-pg Cluster
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/cloudnative-pg/cloudnative-pg>
|
||||
* <https://github.com/cloudnative-pg/charts/tree/main/charts/cluster>
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| backup | object | `{"externalSecret":{"enabled":true},"method":"objectStore","objectStore":null,"scheduledBackups":[]}` | Backup settings |
|
||||
| backup.externalSecret | object | `{"enabled":true}` | Use generated External Secrets, credentialPath points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
|
||||
| backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
|
||||
| backup.objectStore | string | `nil` | Options for object store backups |
|
||||
| backup.scheduledBackups | list | `[]` | List of scheduled backups |
|
||||
| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.1-standard-trixie"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{"database":"app","owner":"app"},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":true,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":"local-path"},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":"local-path"}}` | Cluster settings |
|
||||
| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
|
||||
| cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
|
||||
| cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
|
||||
| cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
|
||||
| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.1-standard-trixie"}` | Default image |
|
||||
| cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
|
||||
| cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
|
||||
| cluster.initdb | object | `{"database":"app","owner":"app"}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
|
||||
| cluster.logLevel | string | `"info"` | The instances' log level, one of the following values: error, warning, info (default), debug, trace |
|
||||
| cluster.monitoring | object | `{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":true,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}}` | Enable default monitoring and alert rules |
|
||||
| cluster.monitoring.customQueries | list | `[]` | Custom Prometheus metrics Will be stored in the ConfigMap |
|
||||
| cluster.monitoring.customQueriesSecret | list | `[]` | The list of secrets containing the custom queries |
|
||||
| cluster.monitoring.disableDefaultQueries | bool | `false` | Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. |
|
||||
| cluster.monitoring.enabled | bool | `true` | Whether to enable monitoring |
|
||||
| cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
|
||||
| cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
|
||||
| cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
|
||||
| cluster.monitoring.prometheusRule.enabled | bool | `true` | Whether to enable the PrometheusRule automated alerts |
|
||||
| cluster.monitoring.prometheusRule.excludeRules | list | `["CNPGClusterLastFailedArchiveTimeWarning"]` | Exclude specified rules |
|
||||
| cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
|
||||
| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
|
||||
| cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
|
||||
| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
|
||||
| cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
|
||||
| cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
|
||||
| cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
|
||||
| cluster.postgresql.synchronous | object | `{}` | Quorum-based Synchronous Replication |
|
||||
| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
|
||||
| backup.backupIndex | int | `1` | Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}" |
|
||||
| backup.backupName | string | `""` | Name of the backup cluster in the object store, defaults to "cluster.name" |
|
||||
| backup.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
|
||||
| backup.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
|
||||
| backup.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
|
||||
| backup.destinationPath | string | `""` | S3 path starting with "s3://" |
|
||||
| backup.enabled | bool | `false` | |
|
||||
| backup.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
|
||||
| backup.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
|
||||
| backup.endpointURL | string | `""` | S3 endpoint starting with "https://" |
|
||||
| backup.historyTags.backupRetentionPolicy | string | `""` | |
|
||||
| backup.retentionPolicy | string | `"7d"` | Retention policy for backups |
|
||||
| backup.schedule | string | `"0 0 */3 * *"` | Scheduled backup in cron format |
|
||||
| backup.tags | object | `{"backupRetentionPolicy":""}` | Tags to add to backups. Add in key value beneath the type. |
|
||||
| backup.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
|
||||
| backup.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
|
||||
| backup.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
|
||||
| bootstrap | object | `{"initdb":{}}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
|
||||
| bootstrap.initdb | object | `{}` | Example values database: app owner: app secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch postInitApplicationSQL: - CREATE TABLE IF NOT EXISTS example; |
|
||||
| cluster.additionalLabels | object | `{}` | |
|
||||
| cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
|
||||
| cluster.annotations | object | `{}` | |
|
||||
| cluster.enableSuperuserAccess | bool | `false` | Create secret containing credentials of superuser |
|
||||
| cluster.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/postgresql","tag":"17.4-3-bullseye"}` | Default image |
|
||||
| cluster.instances | int | `3` | |
|
||||
| cluster.logLevel | string | `"info"` | |
|
||||
| cluster.monitoring | object | `{"enabled":false,"podMonitor":{"enabled":true},"prometheusRule":{"enableDefaultRules":true,"enabled":false,"excludeRules":[]}}` | Enable default monitoring and alert rules |
|
||||
| cluster.postgresGID | int | `26` | |
|
||||
| cluster.postgresUID | int | `26` | The UID and GID of the postgres user inside the image |
|
||||
| cluster.postgresql | object | `{"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"shared_preload_libraries":[]}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
|
||||
| cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or in-place (restart). |
|
||||
| cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
|
||||
| cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
|
||||
| cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
|
||||
| cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
|
||||
| cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
|
||||
| cluster.storage | object | `{"size":"10Gi","storageClass":"local-path"}` | Default storage size |
|
||||
| databases | list | `[]` | Database management configuration |
|
||||
| kubernetesClusterName | string | `"cl01tl"` | Kubernetes cluster name |
|
||||
| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup |
|
||||
| cluster.priorityClassName | string | `""` | |
|
||||
| cluster.resources | object | `{"limits":{"cpu":"1","hugepages-2Mi":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Default resources |
|
||||
| cluster.storage.size | string | `"10Gi"` | |
|
||||
| cluster.storage.storageClass | string | `""` | |
|
||||
| cluster.walStorage | object | `{"size":"2Gi","storageClass":""}` | Default storage size |
|
||||
| mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - Default mode. Creates new or updates an existing CNPG cluster. * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup * `replica` - Create database as a replica from another CNPG cluster |
|
||||
| nameOverride | string | `""` | Override the name of the cluster |
|
||||
| namespaceOverride | string | `""` | Override the namespace of the chart |
|
||||
| poolers | list | `[]` | List of PgBouncer poolers |
|
||||
| recovery | object | `{"backup":{"backupName":"","database":"app","owner":"","pitrTarget":{"time":""}},"import":{"databases":[],"pgDumpExtraOptions":[],"pgRestoreExtraOptions":[],"postImportApplicationSQL":[],"roles":[],"schemaOnly":false,"source":{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"},"type":"microservice"},"method":"backup","objectStore":{"clusterName":"","data":{"compression":"snappy","encryption":"","jobs":1},"database":"app","destinationBucket":"postgres-backups","destinationPathOverride":"","endpointCA":{"create":false,"key":"","name":""},"endpointCredentials":"","endpointCredentialsIncludeRegion":true,"endpointURL":"http://garage-main.garage:3900","externalSecret":{"credentialPath":"/garage/home-infra/postgres-backups","enabled":true},"index":1,"owner":"","pitrTarget":{"time":""},"wal":{"compression":"snappy","encryption":"","maxParallel":1}}}` | Recovery settings when booting cluster from external cluster |
|
||||
| recovery.backup.backupName | string | `""` | Name of the backup to recover from. |
|
||||
| recovery.backup.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
|
||||
| recovery.backup.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
|
||||
| recovery.backup.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
|
||||
| recovery.backup.pitrTarget.time | string | `""` | Time in RFC3339 format |
|
||||
| recovery.import.databases | list | `[]` | Databases to import |
|
||||
| recovery.import.pgDumpExtraOptions | list | `[]` | List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
|
||||
| recovery.import.pgRestoreExtraOptions | list | `[]` | List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the operator's intended functionality or design. |
|
||||
| recovery.import.postImportApplicationSQL | list | `[]` | List of SQL queries to be executed as a superuser in the application database right after is imported. To be used with extreme care. Only available in microservice type. |
|
||||
| recovery.import.roles | list | `[]` | Roles to import |
|
||||
| recovery.import.schemaOnly | bool | `false` | When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import. |
|
||||
| recovery.import.source | object | `{"database":"app","host":"","passwordSecret":{"create":false,"key":"password","name":"","value":""},"port":5432,"sslCertSecret":{"key":"","name":""},"sslKeySecret":{"key":"","name":""},"sslMode":"verify-full","sslRootCertSecret":{"key":"","name":""},"username":"app"}` | Configuration for the source database |
|
||||
| recovery.import.source.passwordSecret.create | bool | `false` | Whether to create a secret for the password |
|
||||
| recovery.import.source.passwordSecret.key | string | `"password"` | The key in the secret containing the password |
|
||||
| recovery.import.source.passwordSecret.name | string | `""` | Name of the secret containing the password |
|
||||
| recovery.import.source.passwordSecret.value | string | `""` | The password value to use when creating the secret |
|
||||
| recovery.import.type | string | `"microservice"` | One of `microservice` or `monolith.` See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works |
|
||||
| recovery.method | string | `"backup"` | Available recovery methods: * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported). * `import` - Import one or more databases from an existing Postgres cluster. |
|
||||
| recovery.objectStore.clusterName | string | `""` | Override the name of the backup cluster, defaults to "cluster.name" |
|
||||
| recovery.objectStore.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
|
||||
| recovery.objectStore.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
|
||||
| recovery.objectStore.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
|
||||
| recovery.objectStore.database | string | `"app"` | Name of the database used by the application. Default: `app`. |
|
||||
| recovery.objectStore.destinationBucket | string | `"postgres-backups"` | Desitination bucket |
|
||||
| recovery.objectStore.destinationPathOverride | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path> Google: gs://<bucket><path> |
|
||||
| recovery.objectStore.endpointCA | object | `{"create":false,"key":"","name":""}` | Specifies a CA bundle to validate a privately signed certificate. |
|
||||
| recovery.objectStore.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
|
||||
| recovery.objectStore.endpointCredentials | string | `""` | Defaults to <cluster name>-recovery-secret for the existing secret |
|
||||
| recovery.objectStore.endpointCredentialsIncludeRegion | bool | `true` | If the S3 endpoint require the ACCESS_REGION variable set in credentials |
|
||||
| recovery.objectStore.endpointURL | string | `"http://garage-main.garage:3900"` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
|
||||
| recovery.objectStore.externalSecret | object | `{"credentialPath":"/garage/home-infra/postgres-backups","enabled":true}` | Use generated External Secrets, credentialPath points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
|
||||
| recovery.objectStore.index | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }} |
|
||||
| recovery.objectStore.owner | string | `""` | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key. |
|
||||
| recovery.objectStore.pitrTarget | object | `{"time":""}` | Point in time recovery target. Specify one of the following: |
|
||||
| recovery.objectStore.pitrTarget.time | string | `""` | Time in RFC3339 format |
|
||||
| recovery.objectStore.wal | object | `{"compression":"snappy","encryption":"","maxParallel":1}` | Storage |
|
||||
| recovery.objectStore.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
|
||||
| recovery.objectStore.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
|
||||
| recovery.objectStore.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
|
||||
| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` |
|
||||
| recovery | object | `{"data":{"compression":"snappy","encryption":"","jobs":1},"destinationPath":"","endpointCA":"","endpointCredentials":"","endpointURL":"","pitrTarget":{"time":""},"recoveryIndex":1,"recoveryInstanceName":"","recoveryServerName":"","wal":{"compression":"snappy","encryption":"","maxParallel":1}}` | Recovery settings when booting cluster from external cluster |
|
||||
| recovery.data.compression | string | `"snappy"` | Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
|
||||
| recovery.data.encryption | string | `""` | Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
|
||||
| recovery.data.jobs | int | `1` | Number of data files to be archived or restored in parallel. |
|
||||
| recovery.endpointCA | string | `""` | Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt |
|
||||
| recovery.endpointCredentials | string | `""` | Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
|
||||
| recovery.endpointURL | string | `""` | S3 https endpoint and the s3:// path |
|
||||
| recovery.pitrTarget | object | `{"time":""}` | Point in time recovery target in RFC3339 format |
|
||||
| recovery.recoveryIndex | int | `1` | Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }} |
|
||||
| recovery.recoveryInstanceName | string | `""` | Name of the recovery cluster in the object store, defaults to ".Release.Name" |
|
||||
| recovery.recoveryServerName | string | `""` | Name of the recovery cluster in the object store, defaults to "cluster.name" |
|
||||
| recovery.wal.compression | string | `"snappy"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
|
||||
| recovery.wal.encryption | string | `""` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
|
||||
| recovery.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
|
||||
| replica.externalCluster | object | `{"connectionParameters":{"dbname":"app","host":"postgresql","user":"app"},"password":{"key":"password","name":"postgresql"}}` | External cluster connection, password specifies a secret name and the key containing the password value |
|
||||
| replica.importDatabases | list | `["app"]` | If type microservice only one database is allowed, default is app as standard in cnpg clusters |
|
||||
| replica.importRoles | list | `[]` | If type microservice no roles are imported and ignored |
|
||||
| replica.importType | string | `"microservice"` | See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types * `microservice` - Single database import as expected from cnpg clusters * `monolith` - Import multiple databases and roles |
|
||||
| replica.postImportApplicationSQL | list | `[]` | If import type is monolith postImportApplicationSQL is not supported and ignored |
|
||||
| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` * `timescaledb` * `tensorchord` |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
|
||||
@@ -1,16 +0,0 @@
|
||||
{{- $alert := "CNPGClusterBackendsWaitingWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster a backend is waiting for longer than 5 minutes.
|
||||
description: |-
|
||||
Pod {{`{{`}} $labels.pod {{`}}`}}
|
||||
has been waiting for longer than 5 minutes
|
||||
expr: |
|
||||
cnpg_backends_waiting_total{namespace="{{ .namespace }}"} > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,16 +0,0 @@
|
||||
{{- $alert := "CNPGClusterDatabaseDeadlockConflictsWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has over 10 deadlock conflicts.
|
||||
description: |-
|
||||
There are over 10 deadlock conflicts in
|
||||
{{`{{`}} $labels.pod {{`}}`}}
|
||||
expr: |
|
||||
cnpg_pg_stat_database_deadlocks{namespace="{{ .namespace }}"} > 10
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,26 +0,0 @@
|
||||
{{- $alert := "CNPGClusterHACritical" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has no standby replicas!
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .labels.job }}" has no ready standby replicas. Your cluster at a severe
|
||||
risk of data loss and downtime if the primary instance fails.
|
||||
|
||||
The primary instance is still online and able to serve queries, although connections to the `-ro` endpoint
|
||||
will fail. The `-r` endpoint os operating at reduced capacity and all traffic is being served by the main.
|
||||
|
||||
This can happen during a normal fail-over or automated minor version upgrades in a cluster with 2 or less
|
||||
instances. The replaced instance may need some time to catch-up with the cluster primary instance.
|
||||
|
||||
This alarm will be always trigger if your cluster is configured to run with only 1 instance. In this
|
||||
case you may want to silence it.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHACritical.md
|
||||
expr: |
|
||||
max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 1
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,24 +0,0 @@
|
||||
{{- $alert := "CNPGClusterHAWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster less than 2 standby replicas.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .labels.job }}" has only {{ .value }} standby replicas, putting
|
||||
your cluster at risk if another instance fails. The cluster is still able to operate normally, although
|
||||
the `-ro` and `-r` endpoints operate at reduced capacity.
|
||||
|
||||
This can happen during a normal fail-over or automated minor version upgrades. The replaced instance may
|
||||
need some time to catch-up with the cluster primary instance.
|
||||
|
||||
This alarm will be constantly triggered if your cluster is configured to run with less than 3 instances.
|
||||
In this case you may want to silence it.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHAWarning.md
|
||||
expr: |
|
||||
max by (job) (cnpg_pg_replication_streaming_replicas{namespace="{{ .namespace }}"} - cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}) < 2
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,17 +0,0 @@
|
||||
{{- $alert := "CNPGClusterHighConnectionsCritical" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Instance maximum number of connections critical!
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
|
||||
the maximum number of connections.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsCritical.md
|
||||
expr: |
|
||||
sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 95
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,17 +0,0 @@
|
||||
{{- $alert := "CNPGClusterHighConnectionsWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Instance is approaching the maximum number of connections.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" instance {{ .labels.pod }} is using {{ .value }}% of
|
||||
the maximum number of connections.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighConnectionsWarning.md
|
||||
expr: |
|
||||
sum by (pod) (cnpg_backends_total{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) / max by (pod) (cnpg_pg_settings_setting{name="max_connections", namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) * 100 > 80
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,19 +0,0 @@
|
||||
{{- $alert := "CNPGClusterHighReplicationLag" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster high replication lag
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is experiencing a high replication lag of
|
||||
{{ .value }}ms.
|
||||
|
||||
High replication lag indicates network issues, busy instances, slow queries or suboptimal configuration.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterHighReplicationLag.md
|
||||
expr: |
|
||||
max(cnpg_pg_replication_lag{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) * 1000 > 1000
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,19 +0,0 @@
|
||||
{{- $alert := "CNPGClusterInstancesOnSameNode" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster instances are located on the same node.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has {{ .value }}
|
||||
instances on the same node {{ .labels.node }}.
|
||||
|
||||
A failure or scheduled downtime of a single node will lead to a potential service disruption and/or data loss.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterInstancesOnSameNode.md
|
||||
expr: |
|
||||
count by (node) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"}) > 1
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,15 +0,0 @@
|
||||
{{- $alert := "CNPGClusterLastFailedArchiveTimeWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster last time archiving failed.
|
||||
description: |-
|
||||
Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
|
||||
expr: |
|
||||
(cnpg_pg_stat_archiver_last_failed_time{namespace="{{ .namespace }}"} - cnpg_pg_stat_archiver_last_archived_time{namespace="{{ .namespace }}"}) > 2
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,16 +0,0 @@
|
||||
{{- $alert := "CNPGClusterLongRunningTransactionWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster query is taking longer than 5 minutes.
|
||||
description: |-
|
||||
CloudNativePG Cluster Pod {{`{{`}} $labels.pod {{`}}`}}
|
||||
is taking more than 5 minutes (300 seconds) for a query.
|
||||
expr: |-
|
||||
cnpg_backends_max_tx_duration_seconds{namespace="{{ .namespace }}"} > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,24 +0,0 @@
|
||||
{{- $alert := "CNPGClusterLowDiskSpaceCritical" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Instance is running out of disk space!
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running extremely low on disk space. Check attached PVCs!
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceCritical.md
|
||||
expr: |
|
||||
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.9 OR
|
||||
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.9 OR
|
||||
max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
|
||||
/
|
||||
sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
|
||||
*
|
||||
on(namespace, persistentvolumeclaim) group_left(volume)
|
||||
kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
|
||||
) > 0.9
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,24 +0,0 @@
|
||||
{{- $alert := "CNPGClusterLowDiskSpaceWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Instance is running out of disk space.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" is running low on disk space. Check attached PVCs.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterLowDiskSpaceWarning.md
|
||||
expr: |
|
||||
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}"})) > 0.7 OR
|
||||
max(max by(persistentvolumeclaim) (1 - kubelet_volume_stats_available_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"} / kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-wal"})) > 0.7 OR
|
||||
max(sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_used_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
|
||||
/
|
||||
sum by (namespace,persistentvolumeclaim) (kubelet_volume_stats_capacity_bytes{namespace="{{ .namespace }}", persistentvolumeclaim=~"{{ .podSelector }}-tbs.*"})
|
||||
*
|
||||
on(namespace, persistentvolumeclaim) group_left(volume)
|
||||
kube_pod_spec_volumes_persistentvolumeclaims_info{pod=~"{{ .podSelector }}"}
|
||||
) > 0.7
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,19 +0,0 @@
|
||||
{{- $alert := "CNPGClusterOffline" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has no running instances!
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has no ready instances.
|
||||
|
||||
Having an offline cluster means your applications will not be able to access the database, leading to
|
||||
potential service disruption and/or data loss.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterOffline.md
|
||||
expr: |
|
||||
(count(cnpg_collector_up{namespace="{{ .namespace }}",pod=~"{{ .podSelector }}"}) OR on() vector(0)) == 0
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,16 +0,0 @@
|
||||
{{- $alert := "CNPGClusterPGDatabaseXidAgeWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has a number of transactions from the frozen XID to the current one.
|
||||
description: |-
|
||||
Over 300,000,000 transactions from frozen xid
|
||||
on pod {{`{{`}} $labels.pod {{`}}`}}
|
||||
expr: |
|
||||
cnpg_pg_database_xid_age{namespace="{{ .namespace }}"} > 300000000
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,15 +0,0 @@
|
||||
{{- $alert := "CNPGClusterPGReplicationWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster standby is lagging behind the primary.
|
||||
description: |-
|
||||
Standby is lagging behind by over 300 seconds (5 minutes)
|
||||
expr: |
|
||||
cnpg_pg_replication_lag{namespace="{{ .namespace }}"} > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,16 +0,0 @@
|
||||
{{- $alert := "CNPGClusterReplicaFailingReplicationWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster has a replica is failing to replicate.
|
||||
description: |-
|
||||
Replica {{`{{`}} $labels.pod {{`}}`}}
|
||||
is failing to replicate
|
||||
expr: |
|
||||
cnpg_pg_replication_in_recovery{namespace="{{ .namespace }}"} > cnpg_pg_replication_is_wal_receiver_up{namespace="{{ .namespace }}"}
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
@@ -1,18 +0,0 @@
|
||||
{{- $alert := "CNPGClusterZoneSpreadWarning" -}}
|
||||
{{- if not (has $alert .excludeRules) -}}
|
||||
alert: {{ $alert }}
|
||||
annotations:
|
||||
summary: CNPG Cluster instances in the same zone.
|
||||
description: |-
|
||||
CloudNativePG Cluster "{{ .namespace }}/{{ .cluster }}" has instances in the same availability zone.
|
||||
|
||||
A disaster in one availability zone will lead to a potential service disruption and/or data loss.
|
||||
runbook_url: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/docs/runbooks/CNPGClusterZoneSpreadWarning.md
|
||||
expr: |
|
||||
{{ .Values.cluster.instances }} > count(count by (label_topology_kubernetes_io_zone) (kube_pod_info{namespace="{{ .namespace }}", pod=~"{{ .podSelector }}"} * on(node,instance) group_left(label_topology_kubernetes_io_zone) kube_node_labels)) < 3
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
namespace: {{ .namespace }}
|
||||
cnpg_cluster: {{ .cluster }}
|
||||
{{- end -}}
|
||||
50
charts/postgres-cluster/templates/_backup.tpl
Normal file
50
charts/postgres-cluster/templates/_backup.tpl
Normal file
@@ -0,0 +1,50 @@
|
||||
{{- define "cluster.backup" -}}
|
||||
{{- if .Values.backup.enabled }}
|
||||
backup:
|
||||
retentionPolicy: {{ .Values.backup.retentionPolicy }}
|
||||
barmanObjectStore:
|
||||
destinationPath: {{ .Values.backup.destinationPath }}
|
||||
endpointURL: {{ .Values.backup.endpointURL }}
|
||||
{{- if .Values.backup.endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ .Values.backup.endpointCA }}
|
||||
key: ca-bundle.crt
|
||||
{{- end }}
|
||||
serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
|
||||
tags:
|
||||
{{- with .Values.backup.tags }}
|
||||
{{- . | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
historyTags:
|
||||
{{- with .Values.backup.historyTags }}
|
||||
{{- . | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.backupCredentials" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.backupCredentials" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
wal:
|
||||
{{- if .Values.backup.wal.compression }}
|
||||
compression: {{ .Values.backup.wal.compression }}
|
||||
{{- end }}
|
||||
{{- if .Values.backup.wal.encryption }}
|
||||
encryption: {{ .Values.backup.wal.encryption }}
|
||||
{{- end }}
|
||||
{{- if .Values.backup.wal.maxParallel }}
|
||||
maxParallel: {{ .Values.backup.wal.maxParallel }}
|
||||
{{- end }}
|
||||
data:
|
||||
{{- if .Values.backup.data.compression }}
|
||||
compression: {{ .Values.backup.data.compression }}
|
||||
{{- end }}
|
||||
{{- if .Values.backup.data.encryption }}
|
||||
encryption: {{ .Values.backup.data.encryption }}
|
||||
{{- end }}
|
||||
{{- if .Values.backup.data.jobs }}
|
||||
jobs: {{ .Values.backup.data.jobs }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,107 +1,122 @@
|
||||
{{- define "cluster.bootstrap" -}}
|
||||
|
||||
bootstrap:
|
||||
{{- if eq .Values.mode "standalone" }}
|
||||
bootstrap:
|
||||
initdb:
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- with (omit . "postInitApplicationSQL" "owner" "import") }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.bootstrap.initdb }}
|
||||
{{- with (omit . "postInitApplicationSQL") }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.cluster.initdb.owner }}
|
||||
owner: {{ tpl .Values.cluster.initdb.owner . }}
|
||||
{{- end }}
|
||||
{{- if (.Values.cluster.initdb.postInitApplicationSQL) }}
|
||||
{{- if eq .Values.type "tensorchord" }}
|
||||
dataChecksums: true
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.type "postgis") (eq .Values.type "timescaledb") (eq .Values.type "tensorchord") (.Values.bootstrap.initdb.postInitApplicationSQL) }}
|
||||
postInitApplicationSQL:
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- range .postInitApplicationSQL }}
|
||||
{{- printf "- %s" . | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- if eq .Values.type "postgis" }}
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis;
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis_topology;
|
||||
- CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
|
||||
{{- else if eq .Values.type "timescaledb" }}
|
||||
- CREATE EXTENSION IF NOT EXISTS timescaledb;
|
||||
{{- else if eq .Values.type "tensorchord" }}
|
||||
- ALTER SYSTEM SET search_path TO "$user", public, vectors;
|
||||
- SET search_path TO "$user", public, vectors;
|
||||
- CREATE EXTENSION IF NOT EXISTS "vectors";
|
||||
- CREATE EXTENSION IF NOT EXISTS "cube";
|
||||
- CREATE EXTENSION IF NOT EXISTS "earthdistance";
|
||||
- ALTER SCHEMA vectors OWNER TO "app";
|
||||
- GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "app";
|
||||
- GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "app";
|
||||
{{- end }}
|
||||
{{- with .Values.bootstrap.initdb }}
|
||||
{{- range .postInitApplicationSQL }}
|
||||
{{- printf "- %s" . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- else if eq .Values.mode "recovery" -}}
|
||||
bootstrap:
|
||||
|
||||
{{- if eq .Values.recovery.method "import" }}
|
||||
{{- else if eq .Values.mode "replica" }}
|
||||
initdb:
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- with (omit . "owner" "import" "postInitApplicationSQL") }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.cluster.initdb.owner }}
|
||||
owner: {{ tpl .Values.cluster.initdb.owner . }}
|
||||
{{- end }}
|
||||
import:
|
||||
source:
|
||||
externalCluster: importSource
|
||||
type: {{ .Values.recovery.import.type }}
|
||||
type: {{ .Values.replica.importType }}
|
||||
databases:
|
||||
{{- if and (gt (len .Values.recovery.import.databases) 1) (eq .Values.recovery.import.type "microservice") }}
|
||||
{{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
|
||||
{{ fail "Too many databases in import type of microservice!" }}
|
||||
{{- else}}
|
||||
{{- with .Values.recovery.import.databases }}
|
||||
{{- with .Values.replica.importDatabases }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.recovery.import.type "monolith" }}
|
||||
{{- if eq .Values.replica.importType "monolith" }}
|
||||
roles:
|
||||
{{- with .Values.recovery.import.roles }}
|
||||
{{- with .Values.replica.importRoles }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.recovery.import.postImportApplicationSQL) (eq .Values.recovery.import.type "microservice") }}
|
||||
{{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
|
||||
postImportApplicationSQL:
|
||||
{{- with .Values.recovery.import.postImportApplicationSQL }}
|
||||
{{- with .Values.replica.postImportApplicationSQL }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
schemaOnly: {{ .Values.recovery.import.schemaOnly }}
|
||||
{{ with .Values.recovery.import.pgDumpExtraOptions }}
|
||||
pgDumpExtraOptions:
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.import.pgRestoreExtraOptions }}
|
||||
pgRestoreExtraOptions:
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
{{- else if eq .Values.recovery.method "backup" }}
|
||||
source:
|
||||
externalCluster: "{{ include "cluster.name" . }}-cluster"
|
||||
{{- with .Values.bootstrap.initdb }}
|
||||
{{- with (omit . "postInitApplicationSQL") }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
externalClusters:
|
||||
- name: "{{ include "cluster.name" . }}-cluster"
|
||||
{{- with .Values.replica.externalCluster }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.mode "recovery" }}
|
||||
recovery:
|
||||
{{- with .Values.recovery.backup.pitrTarget.time }}
|
||||
{{- with .Values.recovery.pitrTarget.time }}
|
||||
recoveryTarget:
|
||||
targetTime: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.backup.database }}
|
||||
database: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.backup.owner }}
|
||||
owner: {{ . }}
|
||||
{{- end }}
|
||||
backup:
|
||||
name: {{ .Values.recovery.backup.backupName }}
|
||||
|
||||
{{- else if eq .Values.recovery.method "objectStore" }}
|
||||
recovery:
|
||||
{{- with .Values.recovery.objectStore.pitrTarget.time }}
|
||||
recoveryTarget:
|
||||
targetTime: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.objectStore.database }}
|
||||
database: {{ . }}
|
||||
{{- end }}
|
||||
{{ with .Values.recovery.objectStore.owner }}
|
||||
owner: {{ . }}
|
||||
{{- end }}
|
||||
source: {{ include "cluster.recoveryServerName" . }}
|
||||
|
||||
{{- else }}
|
||||
{{ fail "Invalid recovery mode!" }}
|
||||
{{- end }}
|
||||
|
||||
{{- else }}
|
||||
externalClusters:
|
||||
- name: {{ include "cluster.recoveryServerName" . }}
|
||||
barmanObjectStore:
|
||||
serverName: {{ include "cluster.recoveryServerName" . }}
|
||||
destinationPath: {{ .Values.recovery.destinationPath }}
|
||||
endpointURL: {{ .Values.recovery.endpointURL }}
|
||||
{{- with .Values.recovery.endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ . }}
|
||||
key: ca-bundle.crt
|
||||
{{- end }}
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.recoveryCredentials" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.recoveryCredentials" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
wal:
|
||||
{{- if .Values.recovery.wal.compression }}
|
||||
compression: {{ .Values.recovery.wal.compression }}
|
||||
{{- end }}
|
||||
{{- if .Values.recovery.wal.encryption }}
|
||||
encryption: {{ .Values.recovery.wal.encryption }}
|
||||
{{- end }}
|
||||
{{- if .Values.recovery.wal.maxParallel }}
|
||||
maxParallel: {{ .Values.recovery.wal.maxParallel }}
|
||||
{{- end }}
|
||||
data:
|
||||
{{- if .Values.recovery.data.compression }}
|
||||
compression: {{ .Values.recovery.data.compression }}
|
||||
{{- end }}
|
||||
{{- if .Values.recovery.data.encryption }}
|
||||
encryption: {{ .Values.recovery.data.encryption }}
|
||||
{{- end }}
|
||||
{{- if .Values.recovery.data.jobs }}
|
||||
jobs: {{ .Values.recovery.data.jobs }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{ fail "Invalid cluster mode!" }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
{{- define "cluster.color-error" }}
|
||||
{{- printf "\033[0;31m%s\033[0m" . -}}
|
||||
{{- end }}
|
||||
{{- define "cluster.color-ok" }}
|
||||
{{- printf "\033[0;32m%s\033[0m" . -}}
|
||||
{{- end }}
|
||||
{{- define "cluster.color-warning" }}
|
||||
{{- printf "\033[0;33m%s\033[0m" . -}}
|
||||
{{- end }}
|
||||
{{- define "cluster.color-info" }}
|
||||
{{- printf "\033[0;34m%s\033[0m" . -}}
|
||||
{{- end }}
|
||||
@@ -1,21 +0,0 @@
|
||||
{{- define "cluster.externalClusters" -}}
|
||||
externalClusters:
|
||||
{{- if eq .Values.mode "standalone" }}
|
||||
{{- else if eq .Values.mode "recovery" }}
|
||||
{{- if eq .Values.recovery.method "import" }}
|
||||
- name: importSource
|
||||
{{- include "cluster.externalSourceCluster" .Values.recovery.import.source | nindent 4 }}
|
||||
{{- else if eq .Values.recovery.method "objectStore" }}
|
||||
- name: {{ include "cluster.recoveryServerName" . }}
|
||||
plugin:
|
||||
name: barman-cloud.cloudnative-pg.io
|
||||
enabled: true
|
||||
isWALArchiver: false
|
||||
parameters:
|
||||
barmanObjectName: "{{ include "cluster.name" . }}-recovery"
|
||||
serverName: {{ include "cluster.recoveryServerName" . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{ fail "Invalid cluster mode!" }}
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
@@ -1,33 +0,0 @@
|
||||
{{- define "cluster.externalSourceCluster" -}}
|
||||
{{- $name := first . -}}
|
||||
{{- $config := last . -}}
|
||||
- name: {{ first . }}
|
||||
connectionParameters:
|
||||
host: {{ $config.host | quote }}
|
||||
port: {{ $config.port | quote }}
|
||||
user: {{ $config.username | quote }}
|
||||
{{- with $config.database }}
|
||||
dbname: {{ . | quote }}
|
||||
{{- end }}
|
||||
sslmode: {{ $config.sslMode | quote }}
|
||||
{{- if $config.passwordSecret.name }}
|
||||
password:
|
||||
name: {{ $config.passwordSecret.name }}
|
||||
key: {{ $config.passwordSecret.key }}
|
||||
{{- end }}
|
||||
{{- if $config.sslKeySecret.name }}
|
||||
sslKey:
|
||||
name: {{ $config.sslKeySecret.name }}
|
||||
key: {{ $config.sslKeySecret.key }}
|
||||
{{- end }}
|
||||
{{- if $config.sslCertSecret.name }}
|
||||
sslCert:
|
||||
name: {{ $config.sslCertSecret.name }}
|
||||
key: {{ $config.sslCertSecret.key }}
|
||||
{{- end }}
|
||||
{{- if $config.sslRootCertSecret.name }}
|
||||
sslRootCert:
|
||||
name: {{ $config.sslRootCertSecret.name }}
|
||||
key: {{ $config.sslRootCertSecret.key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -20,58 +20,53 @@ Create chart name and version as used by the chart label.
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "cluster.labels" -}}
|
||||
helm.sh/chart: {{ include "cluster.chart" $ }}
|
||||
{{ include "cluster.selectorLabels" $ }}
|
||||
helm.sh/chart: {{ include "cluster.chart" . }}
|
||||
{{ include "cluster.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.Version | quote }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "cluster.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "cluster.name" $ }}
|
||||
app.kubernetes.io/name: {{ include "cluster.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: cloudnative-pg
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
Generate name for object store credentials
|
||||
*/}}
|
||||
{{- define "cluster.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- define "cluster.recoveryCredentials" -}}
|
||||
{{- if .Values.recovery.endpointCredentials -}}
|
||||
{{- .Values.recovery.endpointCredentials -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "cluster.backupCredentials" -}}
|
||||
{{- if .Values.backup.endpointCredentials -}}
|
||||
{{- .Values.backup.endpointCredentials -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Postgres UID
|
||||
Generate backup server name
|
||||
*/}}
|
||||
{{- define "cluster.postgresUID" -}}
|
||||
{{- if ge (int .Values.cluster.postgresUID) 0 -}}
|
||||
{{- .Values.cluster.postgresUID }}
|
||||
{{- define "cluster.backupName" -}}
|
||||
{{- if .Values.backup.backupName -}}
|
||||
{{- .Values.backup.backupName -}}
|
||||
{{- else -}}
|
||||
{{- 26 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{ include "cluster.name" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Postgres GID
|
||||
*/}}
|
||||
{{- define "cluster.postgresGID" -}}
|
||||
{{- if ge (int .Values.cluster.postgresGID) 0 -}}
|
||||
{{- .Values.cluster.postgresGID }}
|
||||
{{- else -}}
|
||||
{{- 26 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Generate recovery server name
|
||||
@@ -80,54 +75,17 @@ Generate recovery server name
|
||||
{{- if .Values.recovery.recoveryServerName -}}
|
||||
{{- .Values.recovery.recoveryServerName -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.objectStore.index) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate recovery destination path
|
||||
Generate recovery instance name
|
||||
*/}}
|
||||
{{- define "cluster.recoveryDestinationPath" -}}
|
||||
{{- if .Values.recovery.objectStore.destinationPathOverride -}}
|
||||
{{- .Values.recovery.objectStore.destinationPathOverride -}}
|
||||
{{- define "cluster.recoveryInstanceName" -}}
|
||||
{{- if .Values.recovery.recoveryInstanceName -}}
|
||||
{{- .Values.recovery.recoveryInstanceName -}}
|
||||
{{- else -}}
|
||||
{{- printf "s3://%s/%s/%s/%s-cluster" (.Values.recovery.objectStore.destinationBucket) (.Values.kubernetesClusterName) (include "cluster.namespace" .) (include "cluster.name" .) | trimSuffix "-" -}}
|
||||
{{ include "cluster.name" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate recovery credentials name
|
||||
*/}}
|
||||
{{- define "cluster.recoverySecretName" -}}
|
||||
{{- if and (.Values.recovery.objectStore.endpointCredentials) (not .Values.recovery.objectStore.externalSecret.enabled) }}
|
||||
{{- .Values.recovery.objectStore.endpointCredentials | trunc 63 | trimSuffix "-" }}
|
||||
{{- else -}}
|
||||
{{- printf "%s-recovery-secret" (include "cluster.name" .) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate backup destination path
|
||||
*/}}
|
||||
{{- define "cluster.backupDestinationPath" -}}
|
||||
{{- if .instance.destinationPathOverride -}}
|
||||
{{- .instance.destinationPathOverride -}}
|
||||
{{- else if .instance.destinationBucket -}}
|
||||
{{- printf "s3://%s/%s/%s/%s-cluster" .instance.destinationBucket .global.Values.kubernetesClusterName (include "cluster.namespace" .global) (include "cluster.name" .global) | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{ fail "Invalid destination path!" }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate backup destination path
|
||||
*/}}
|
||||
{{- define "cluster.backupSecretName" -}}
|
||||
{{- if .instance.endpointCredentialsOverride -}}
|
||||
{{- .instance.endpointCredentialsOverride -}}
|
||||
{{- else if .instance.name -}}
|
||||
{{- printf "%s-backup-%s-secret" (include "cluster.name" .global) .instance.name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{ fail "Invalid backup secret name!" }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
@@ -2,35 +2,29 @@ apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: {{ include "cluster.name" . }}-cluster
|
||||
namespace: {{ include "cluster.namespace" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- with .Values.cluster.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
instances: {{ .Values.cluster.instances }}
|
||||
imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
|
||||
{{- with .Values.cluster.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
postgresUID: {{ include "cluster.postgresUID" . }}
|
||||
postgresGID: {{ include "cluster.postgresGID" . }}
|
||||
storage:
|
||||
size: {{ .Values.cluster.storage.size }}
|
||||
{{- if not (empty .Values.cluster.storage.storageClass) }}
|
||||
storageClass: {{ .Values.cluster.storage.storageClass }}
|
||||
{{- end }}
|
||||
{{- if .Values.cluster.walStorage.enabled }}
|
||||
imagePullPolicy: {{ .Values.cluster.image.pullPolicy }}
|
||||
postgresUID: {{ .Values.cluster.postgresUID }}
|
||||
postgresGID: {{ .Values.cluster.postgresGID }}
|
||||
enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
|
||||
walStorage:
|
||||
size: {{ .Values.cluster.walStorage.size }}
|
||||
{{- if not (empty .Values.cluster.walStorage.storageClass) }}
|
||||
storageClass: {{ .Values.cluster.walStorage.storageClass }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
storage:
|
||||
size: {{ .Values.cluster.storage.size }}
|
||||
storageClass: {{ .Values.cluster.storage.storageClass }}
|
||||
{{- with .Values.cluster.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
@@ -42,110 +36,30 @@ spec:
|
||||
{{- if .Values.cluster.priorityClassName }}
|
||||
priorityClassName: {{ .Values.cluster.priorityClassName }}
|
||||
{{- end }}
|
||||
|
||||
primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
|
||||
primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
|
||||
logLevel: {{ .Values.cluster.logLevel }}
|
||||
{{- with .Values.cluster.certificates }}
|
||||
certificates:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{ end }}
|
||||
enableSuperuserAccess: {{ .Values.cluster.enableSuperuserAccess }}
|
||||
{{- with .Values.cluster.superuserSecret }}
|
||||
superuserSecret:
|
||||
name: {{ . }}
|
||||
{{ end }}
|
||||
enablePDB: {{ .Values.cluster.enablePDB }}
|
||||
|
||||
postgresql:
|
||||
{{- if .Values.cluster.postgresql.shared_preload_libraries }}
|
||||
{{- if eq .Values.type "timescaledb" }}
|
||||
shared_preload_libraries:
|
||||
{{- with .Values.cluster.postgresql.shared_preload_libraries }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
- timescaledb
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.postgresql.pg_hba }}
|
||||
pg_hba:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- if eq .Values.type "tensorchord" }}
|
||||
shared_preload_libraries:
|
||||
- vectors.so
|
||||
enableAlterSystem: true
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.postgresql.pg_ident }}
|
||||
pg_ident:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.postgresql.ldap }}
|
||||
ldap:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end}}
|
||||
{{- with .Values.cluster.postgresql.synchronous }}
|
||||
synchronous:
|
||||
{{- with .Values.cluster.postgresql.shared_preload_libraries }}
|
||||
shared_preload_libraries:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- with .Values.cluster.postgresql.parameters }}
|
||||
parameters:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
|
||||
managed:
|
||||
{{- with .Values.cluster.services }}
|
||||
services:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- with .Values.cluster.roles }}
|
||||
roles:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.cluster.serviceAccountTemplate }}
|
||||
serviceAccountTemplate:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
monitoring:
|
||||
enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
|
||||
disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
|
||||
{{- if not (empty .Values.cluster.monitoring.customQueries) }}
|
||||
customQueriesConfigMap:
|
||||
- name: {{ include "cluster.name" . }}-monitoring
|
||||
key: custom-queries
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.cluster.monitoring.customQueriesSecret) }}
|
||||
{{- with .Values.cluster.monitoring.customQueriesSecret }}
|
||||
customQueriesSecret:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.cluster.monitoring.podMonitor.relabelings) }}
|
||||
{{- with .Values.cluster.monitoring.podMonitor.relabelings }}
|
||||
podMonitorRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.cluster.monitoring.podMonitor.metricRelabelings) }}
|
||||
{{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
|
||||
podMonitorMetricRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
|
||||
plugins:
|
||||
{{- range $objectStore := .Values.backup.objectStore }}
|
||||
- name: barman-cloud.cloudnative-pg.io
|
||||
enabled: true
|
||||
{{- if $objectStore.isWALArchiver }}
|
||||
isWALArchiver: true
|
||||
{{- else }}
|
||||
isWALArchiver: false
|
||||
{{- end }}
|
||||
parameters:
|
||||
barmanObjectName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.name }}"
|
||||
{{- if $objectStore.clusterName }}
|
||||
serverName: "{{ $objectStore.clusterName }}-backup-{{ $objectStore.index }}"
|
||||
{{- else }}
|
||||
serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "cluster.bootstrap" . | nindent 2 }}
|
||||
{{ include "cluster.externalClusters" . | nindent 2 }}
|
||||
|
||||
{{ include "cluster.backup" . | nindent 2 }}
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
{{- if not (empty .Values.cluster.monitoring.customQueries) }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "cluster.name" $ }}-monitoring
|
||||
namespace: {{ include "cluster.namespace" $ }}
|
||||
labels:
|
||||
cnpg.io/reload: ""
|
||||
{{- include "cluster.labels" $ | nindent 4 }}
|
||||
data:
|
||||
custom-queries: |
|
||||
{{- range .Values.cluster.monitoring.customQueries }}
|
||||
{{ .name }}:
|
||||
query: {{ .query | quote }}
|
||||
metrics:
|
||||
{{- .metrics | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,76 +0,0 @@
|
||||
{{- range .Values.databases }}
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Database
|
||||
metadata:
|
||||
name: {{ include "cluster.name" $ }}-database-{{ .name | replace "_" "-" }}
|
||||
namespace: {{ include "cluster.namespace" $ }}
|
||||
labels:
|
||||
{{- include "cluster.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
name: {{ .name }}
|
||||
cluster:
|
||||
name: {{ include "cluster.name" $ }}-cluster
|
||||
ensure: {{ .ensure | default "present" }}
|
||||
owner: {{ .owner }}
|
||||
template: {{ .template | default "template1" }}
|
||||
encoding: {{ .encoding | default "UTF8" }}
|
||||
databaseReclaimPolicy: {{ .databaseReclaimPolicy | default "retain" }}
|
||||
{{- with .isTemplate }}
|
||||
isTemplate: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .allowConnections }}
|
||||
allowConnections: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .connectionLimit }}
|
||||
connectionLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .tablespace }}
|
||||
tablespace: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .locale }}
|
||||
locale: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .localeProvider }}
|
||||
localeProvider: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .localeCollate }}
|
||||
localeCollate: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .localeCType }}
|
||||
localeCType: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .icuLocale }}
|
||||
icuLocale: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .icuRules }}
|
||||
icuRules: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .builtinLocale }}
|
||||
builtinLocale: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .collationVersion }}
|
||||
collationVersion: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .schemas }}
|
||||
schemas:
|
||||
{{- range . }}
|
||||
- name: {{ .name }}
|
||||
owner: {{ .owner }}
|
||||
ensure: {{ .ensure | default "present" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .extensions }}
|
||||
extensions:
|
||||
{{- range . }}
|
||||
- name: {{ .name }}
|
||||
{{- with .version }}
|
||||
version: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .schema }}
|
||||
schema: {{ . }}
|
||||
{{- end }}
|
||||
ensure: {{ .ensure | default "present" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,84 +0,0 @@
|
||||
{{ if and (eq .Values.backup.method "objectStore") (.Values.backup.externalSecret.enabled) }}
|
||||
{{ $context := . -}}
|
||||
{{ range .Values.backup.objectStore -}}
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
|
||||
namespace: {{ include "cluster.namespace" $context }}
|
||||
labels:
|
||||
{{- include "cluster.labels" $context | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
|
||||
{{- with $context.Values.cluster.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .externalSecretCredentialPath | required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .externalSecretCredentialPath | required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .externalSecretCredentialPath| required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
{{ end -}}
|
||||
{{ end }}
|
||||
|
||||
{{- if and (eq .Values.recovery.method "objectStore") (.Values.recovery.objectStore.externalSecret.enabled) }}
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{ include "cluster.recoverySecretName" . }}
|
||||
namespace: {{ include "cluster.namespace" . }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "cluster.recoverySecretName" . }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.recovery.objectStore.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.recovery.objectStore.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.recovery.objectStore.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
{{- end }}
|
||||
@@ -1,99 +0,0 @@
|
||||
{{ if (eq .Values.backup.method "objectStore") }}
|
||||
{{ $context := . -}}
|
||||
{{ range .Values.backup.objectStore -}}
|
||||
---
|
||||
apiVersion: barmancloud.cnpg.io/v1
|
||||
kind: ObjectStore
|
||||
metadata:
|
||||
name: {{ include "cluster.name" $context }}-backup-{{ .name }}
|
||||
namespace: {{ include "cluster.namespace" $context }}
|
||||
labels:
|
||||
{{- include "cluster.labels" $context | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "cluster.name" $context }}-backup-{{ .name }}
|
||||
{{- with $context.Values.cluster.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
retentionPolicy: {{ .retentionPolicy | default "7d" }}
|
||||
configuration:
|
||||
destinationPath: {{ include "cluster.backupDestinationPath" (dict "instance" . "global" $context) }}
|
||||
endpointURL: {{ .endpointURL | default "http://garage-main.garage:3900" }}
|
||||
{{- if .endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ .endpointCA.name }}
|
||||
key: {{ .endpointCA.key }}
|
||||
{{- end }}
|
||||
{{- if .wal }}
|
||||
wal:
|
||||
compression: {{ .wal.compression | default "snappy" }}
|
||||
{{ with .wal.encryption }}
|
||||
encryption: {{ . }}
|
||||
{{ end }}
|
||||
maxParallel: {{ .wal.maxParallel | default "1" }}
|
||||
{{- end }}
|
||||
{{- if .data }}
|
||||
data:
|
||||
compression: {{ .data.compression | default "snappy" }}
|
||||
{{- with .data.encryption }}
|
||||
encryption: {{ . }}
|
||||
{{- end }}
|
||||
jobs: {{ .data.jobs | default 1 }}
|
||||
{{- end }}
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
region:
|
||||
name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
|
||||
key: ACCESS_REGION
|
||||
{{ end -}}
|
||||
{{ end }}
|
||||
|
||||
{{ if eq .Values.recovery.method "objectStore" }}
|
||||
---
|
||||
apiVersion: barmancloud.cnpg.io/v1
|
||||
kind: ObjectStore
|
||||
metadata:
|
||||
name: "{{ include "cluster.name" . }}-recovery"
|
||||
namespace: {{ include "cluster.namespace" . }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: "{{ include "cluster.name" . }}-recovery"
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
configuration:
|
||||
destinationPath: {{ include "cluster.recoveryDestinationPath" . }}
|
||||
endpointURL: {{ .Values.recovery.objectStore.endpointURL }}
|
||||
{{- if .Values.recovery.objectStore.endpointCA.name }}
|
||||
endpointCA:
|
||||
name: {{ .Values.recovery.objectStore.endpointCA.name }}
|
||||
key: {{ .Values.recovery.objectStore.endpointCA.key }}
|
||||
{{- end }}
|
||||
wal:
|
||||
compression: {{ .Values.recovery.objectStore.wal.compression }}
|
||||
{{- with .Values.recovery.objectStore.wal.encryption}}
|
||||
encryption: {{ . }}
|
||||
{{- end }}
|
||||
maxParallel: {{ .Values.recovery.objectStore.wal.maxParallel }}
|
||||
data:
|
||||
compression: {{ .Values.recovery.objectStore.data.compression }}
|
||||
{{- with .Values.recovery.objectStore.data.encryption }}
|
||||
encryption: {{ . }}
|
||||
{{- end }}
|
||||
jobs: {{ .Values.recovery.objectStore.data.jobs }}
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.recoverySecretName" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.recoverySecretName" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
region:
|
||||
name: {{ include "cluster.recoverySecretName" . }}
|
||||
key: ACCESS_REGION
|
||||
{{ end }}
|
||||
@@ -1,51 +0,0 @@
|
||||
{{- range .Values.poolers }}
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Pooler
|
||||
metadata:
|
||||
name: {{ include "cluster.name" $ }}-pooler-{{ .name }}
|
||||
namespace: {{ include "cluster.namespace" $ }}
|
||||
labels:
|
||||
{{- include "cluster.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
cluster:
|
||||
name: {{ include "cluster.name" $ }}
|
||||
instances: {{ .instances }}
|
||||
type: {{ default "rw" .type }}
|
||||
pgbouncer:
|
||||
poolMode: {{ default "session" .poolMode }}
|
||||
{{- with .authQuerySecret }}
|
||||
authQuerySecret:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .authQuery }}
|
||||
authQuery:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .parameters }}
|
||||
parameters:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .pg_hba }}
|
||||
pg_hba:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{ with .monitoring }}
|
||||
monitoring:
|
||||
{{- if not (empty .podMonitor) }}
|
||||
enablePodMonitor: {{ and .enabled .podMonitor.enabled }}
|
||||
{{- with .podMonitor.relabelings }}
|
||||
podMonitorRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- with .podMonitor.metricRelabelings }}
|
||||
podMonitorMetricRelabelings:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .template }}
|
||||
template:
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -2,10 +2,13 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ include "cluster.name" $ }}-alert-rules
|
||||
namespace: {{ include "cluster.namespace" $ }}
|
||||
name: {{ include "cluster.name" . }}-alert-rules
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "cluster.labels" $ | nindent 4 }}
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
groups:
|
||||
- name: cloudnative-pg/{{ include "cluster.name" . }}
|
||||
@@ -23,5 +26,72 @@ spec:
|
||||
{{- with $tpl }}
|
||||
- {{ $tpl }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if .Values.cluster.monitoring.prometheusRule.enableDefaultRules }}
|
||||
- name: cloudnative-pg/default-rules
|
||||
rules:
|
||||
- alert: LongRunningTransaction
|
||||
annotations:
|
||||
description: Pod {{`{{`}} $labels.pod {{`}}`}} is taking more than 5 minutes (300 seconds) for a query.
|
||||
summary: A query is taking longer than 5 minutes.
|
||||
expr: |-
|
||||
cnpg_backends_max_tx_duration_seconds > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: BackendsWaiting
|
||||
annotations:
|
||||
description: Pod {{`{{`}} $labels.pod {{`}}`}} has been waiting for longer than 5 minutes
|
||||
summary: If a backend is waiting for longer than 5 minutes
|
||||
expr: |-
|
||||
cnpg_backends_waiting_total > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: PGDatabaseXidAge
|
||||
annotations:
|
||||
description: Over 300,000,000 transactions from frozen xid on pod {{`{{`}} $labels.pod {{`}}`}}
|
||||
summary: Number of transactions from the frozen XID to the current one
|
||||
expr: |-
|
||||
cnpg_pg_database_xid_age > 300000000
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: PGReplication
|
||||
annotations:
|
||||
description: Standby is lagging behind by over 300 seconds (5 minutes)
|
||||
summary: The standby is lagging behind the primary
|
||||
expr: |-
|
||||
cnpg_pg_replication_lag > 300
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: LastFailedArchiveTime
|
||||
annotations:
|
||||
description: Archiving failed for {{`{{`}} $labels.pod {{`}}`}}
|
||||
summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
|
||||
expr: |-
|
||||
(cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: DatabaseDeadlockConflicts
|
||||
annotations:
|
||||
description: There are over 10 deadlock conflicts in {{`{{`}} $labels.pod {{`}}`}}
|
||||
summary: Checks the number of database conflicts
|
||||
expr: |-
|
||||
cnpg_pg_stat_database_deadlocks > 10
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: ReplicaFailingReplication
|
||||
annotations:
|
||||
description: Replica {{`{{`}} $labels.pod {{`}}`}} is failing to replicate
|
||||
summary: Checks if the replica is failing to replicate
|
||||
expr: |-
|
||||
cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
|
||||
for: 1m
|
||||
labels:
|
||||
severity: warning
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
|
||||
@@ -1,24 +1,18 @@
|
||||
{{ $context := . -}}
|
||||
{{ range .Values.backup.scheduledBackups -}}
|
||||
---
|
||||
{{ if .Values.backup.enabled }}
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: ScheduledBackup
|
||||
metadata:
|
||||
name: "{{ include "cluster.name" $context }}-scheduled-backup-{{ .name }}"
|
||||
namespace: {{ include "cluster.namespace" $context }}
|
||||
name: {{ include "cluster.name" . }}-scheduled-backup
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "cluster.labels" $context | nindent 4 }}
|
||||
app.kubernetes.io/name: "{{ include "cluster.name" $context }}-scheduled-backup-{{ .name }}"
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
{{- with .Values.cluster.additionalLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
immediate: {{ .immediate | default false }}
|
||||
suspend: {{ .suspend | default false }}
|
||||
schedule: {{ .schedule | quote | required "Schedule is required" }}
|
||||
backupOwnerReference: {{ .backupOwnerReference | default "self" }}
|
||||
immediate: true
|
||||
schedule: {{ .Values.backup.schedule }}
|
||||
backupOwnerReference: self
|
||||
cluster:
|
||||
name: {{ include "cluster.name" $context }}-cluster
|
||||
method: plugin
|
||||
pluginConfiguration:
|
||||
name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
|
||||
parameters:
|
||||
barmanObjectName: "{{ include "cluster.name" $context }}-backup-{{ .backupName }}"
|
||||
{{ end -}}
|
||||
name: {{ include "cluster.name" . }}-cluster
|
||||
{{ end }}
|
||||
|
||||
@@ -1,558 +1,213 @@
|
||||
# -- Override the name of the cluster
|
||||
nameOverride: ""
|
||||
|
||||
# -- Override the namespace of the chart
|
||||
namespaceOverride: ""
|
||||
|
||||
# -- Kubernetes cluster name
|
||||
kubernetesClusterName: cl01tl
|
||||
|
||||
# -- Type of the CNPG database. Available types:
|
||||
# * `postgresql`
|
||||
# * `postgis`
|
||||
# * `timescaledb`
|
||||
# * `tensorchord`
|
||||
type: postgresql
|
||||
|
||||
# -- Cluster mode of operation. Available modes:
|
||||
# * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
|
||||
# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
|
||||
# * `replica` - Create database as a replica from another CNPG cluster
|
||||
mode: standalone
|
||||
|
||||
# -- Cluster settings
|
||||
cluster:
|
||||
instances: 3
|
||||
|
||||
# -- Default image
|
||||
image:
|
||||
repository: ghcr.io/cloudnative-pg/postgresql
|
||||
tag: 18.1-standard-trixie
|
||||
tag: "sha256-fe18e4721366d1139fa1ec6f974a658a7f290f77dc51addc8d2f59bd9098d2df.sig"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
|
||||
# More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
|
||||
imagePullPolicy: IfNotPresent
|
||||
# -- The UID and GID of the postgres user inside the image
|
||||
postgresUID: 26
|
||||
postgresGID: 26
|
||||
|
||||
# -- The list of pull secrets to be used to pull the images.
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference
|
||||
imagePullSecrets: []
|
||||
# -- Create secret containing credentials of superuser
|
||||
enableSuperuserAccess: false
|
||||
|
||||
# -- Default storage size
|
||||
walStorage:
|
||||
size: 2Gi
|
||||
storageClass: ""
|
||||
storage:
|
||||
size: 10Gi
|
||||
storageClass: local-path
|
||||
storageClass: ""
|
||||
|
||||
walStorage:
|
||||
enabled: true
|
||||
size: 2Gi
|
||||
storageClass: local-path
|
||||
|
||||
# -- The UID and GID of the postgres user inside the image, defaults to 26
|
||||
postgresUID: -1
|
||||
postgresGID: -1
|
||||
|
||||
# -- Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/
|
||||
services: {}
|
||||
|
||||
# -- Resources requirements of every generated Pod.
|
||||
# Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.
|
||||
# We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS.
|
||||
# See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
|
||||
# -- Default resources
|
||||
resources:
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
cpu: '1'
|
||||
hugepages-2Mi: 256Mi
|
||||
|
||||
# -- See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
|
||||
affinity:
|
||||
enablePodAntiAffinity: true
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
additionalLabels: {}
|
||||
annotations: {}
|
||||
priorityClassName: ""
|
||||
|
||||
# -- Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
|
||||
# successfully updated. It can be switchover (default) or restart.
|
||||
# successfully updated. It can be switchover (default) or in-place (restart).
|
||||
primaryUpdateMethod: switchover
|
||||
|
||||
# -- Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
|
||||
# successfully updated: it can be automated (unsupervised - default) or manual (supervised)
|
||||
primaryUpdateStrategy: unsupervised
|
||||
|
||||
# -- The instances' log level, one of the following values: error, warning, info (default), debug, trace
|
||||
logLevel: "info"
|
||||
|
||||
# -- Affinity/Anti-affinity rules for Pods.
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
|
||||
affinity:
|
||||
enablePodAntiAffinity: true
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
# -- The configuration for the CA and related certificates.
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration
|
||||
certificates: {}
|
||||
|
||||
# -- When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
|
||||
# If the secret is not present, the operator will automatically create one.
|
||||
# When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
|
||||
# and then blank the password of the postgres user by setting it to NULL.
|
||||
enableSuperuserAccess: false
|
||||
superuserSecret: ""
|
||||
|
||||
# -- Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes
|
||||
# See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets
|
||||
enablePDB: true
|
||||
|
||||
# -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
|
||||
# already present in the database.
|
||||
# See: https://cloudnative-pg.io/documentation/current/declarative_role_management/
|
||||
roles: []
|
||||
# - name: dante
|
||||
# ensure: present
|
||||
# comment: Dante Alighieri
|
||||
# login: true
|
||||
# superuser: false
|
||||
# inRoles:
|
||||
# - pg_monitor
|
||||
# - pg_signal_backend
|
||||
|
||||
# -- Enable default monitoring and alert rules
|
||||
monitoring:
|
||||
|
||||
# -- Whether to enable monitoring
|
||||
enabled: true
|
||||
|
||||
enabled: false
|
||||
podMonitor:
|
||||
|
||||
# -- Whether to enable the PodMonitor
|
||||
enabled: true
|
||||
|
||||
# --The list of relabelings for the PodMonitor.
|
||||
# Applied to samples before scraping.
|
||||
relabelings: []
|
||||
|
||||
# -- The list of metric relabelings for the PodMonitor.
|
||||
# Applied to samples before ingestion.
|
||||
metricRelabelings: []
|
||||
|
||||
prometheusRule:
|
||||
|
||||
# -- Whether to enable the PrometheusRule automated alerts
|
||||
enabled: true
|
||||
|
||||
# -- Exclude specified rules
|
||||
excludeRules:
|
||||
- CNPGClusterLastFailedArchiveTimeWarning
|
||||
|
||||
# -- Whether the default queries should be injected.
|
||||
# Set it to true if you don't want to inject default queries into the cluster.
|
||||
disableDefaultQueries: false
|
||||
|
||||
# -- Custom Prometheus metrics
|
||||
# Will be stored in the ConfigMap
|
||||
customQueries: []
|
||||
# - name: "pg_cache_hit_ratio"
|
||||
# query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
|
||||
# metrics:
|
||||
# - datname:
|
||||
# usage: "LABEL"
|
||||
# description: "Name of the database"
|
||||
# - ratio:
|
||||
# usage: GAUGE
|
||||
# description: "Cache hit ratio"
|
||||
|
||||
# -- The list of secrets containing the custom queries
|
||||
customQueriesSecret: []
|
||||
# - name: custom-queries-secret
|
||||
# key: custom-queries
|
||||
enabled: false
|
||||
enableDefaultRules: true
|
||||
excludeRules: []
|
||||
|
||||
# -- Parameters to be set for the database itself
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration
|
||||
postgresql:
|
||||
|
||||
# -- PostgreSQL configuration options (postgresql.conf)
|
||||
parameters:
|
||||
shared_buffers: 128MB
|
||||
max_slot_wal_keep_size: 2000MB
|
||||
hot_standby_feedback: "on"
|
||||
|
||||
# -- Quorum-based Synchronous Replication
|
||||
synchronous: {}
|
||||
# method: any
|
||||
# number: 1
|
||||
|
||||
# -- PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file)
|
||||
pg_hba: []
|
||||
# - host all all 10.244.0.0/16 md5
|
||||
|
||||
# -- PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file)
|
||||
pg_ident: []
|
||||
# - mymap /^(.*)@mydomain\.com$ \1
|
||||
|
||||
# -- Lists of shared preload libraries to add to the default ones
|
||||
shared_preload_libraries: []
|
||||
# - pgaudit
|
||||
|
||||
# -- PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration)
|
||||
ldap: {}
|
||||
# https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration
|
||||
# server: 'openldap.default.svc.cluster.local'
|
||||
# bindSearchAuth:
|
||||
# baseDN: 'ou=org,dc=example,dc=com'
|
||||
# bindDN: 'cn=admin,dc=example,dc=com'
|
||||
# bindPassword:
|
||||
# name: 'ldapBindPassword'
|
||||
# key: 'data'
|
||||
# searchAttribute: 'uid'
|
||||
|
||||
# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
|
||||
# See: https://cloudnative-pg.io/documentation/current/bootstrap/
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
|
||||
initdb:
|
||||
database: app
|
||||
owner: app
|
||||
# secret:
|
||||
# name: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
|
||||
# options: []
|
||||
# encoding: UTF8
|
||||
# postInitSQL:
|
||||
# - CREATE EXTENSION IF NOT EXISTS vector;
|
||||
# postInitApplicationSQL: []
|
||||
# postInitTemplateSQL: []
|
||||
|
||||
# -- Configure the metadata of the generated service account
|
||||
serviceAccountTemplate: {}
|
||||
|
||||
additionalLabels: {}
|
||||
annotations: {}
|
||||
# -- Bootstrap is the configuration of the bootstrap process when initdb is used.
|
||||
# See: https://cloudnative-pg.io/documentation/current/bootstrap/
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb
|
||||
bootstrap:
|
||||
# -- Example values
|
||||
# database: app
|
||||
# owner: app
|
||||
# secret: "" # Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch
|
||||
# postInitApplicationSQL:
|
||||
# - CREATE TABLE IF NOT EXISTS example;
|
||||
initdb: {}
|
||||
|
||||
# -- Recovery settings when booting cluster from external cluster
|
||||
recovery:
|
||||
|
||||
# -- Available recovery methods:
|
||||
# * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
|
||||
# * `objectStore` - Recovers a CNPG cluster from a barman object store (PITR supported).
|
||||
# * `import` - Import one or more databases from an existing Postgres cluster.
|
||||
method: backup
|
||||
# -- Point in time recovery target in RFC3339 format
|
||||
pitrTarget:
|
||||
time: ""
|
||||
|
||||
# See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-a-backup-object
|
||||
backup:
|
||||
# -- S3 https endpoint and the s3:// path
|
||||
endpointURL: ""
|
||||
destinationPath: ""
|
||||
|
||||
# -- Point in time recovery target. Specify one of the following:
|
||||
pitrTarget:
|
||||
# -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
|
||||
endpointCA: ""
|
||||
|
||||
# -- Time in RFC3339 format
|
||||
time: ""
|
||||
# -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
endpointCredentials: ""
|
||||
|
||||
# -- Name of the database used by the application. Default: `app`.
|
||||
database: app
|
||||
# -- Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
|
||||
recoveryIndex: 1
|
||||
|
||||
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
|
||||
owner: ""
|
||||
# -- Name of the recovery cluster in the object store, defaults to "cluster.name"
|
||||
recoveryServerName: ""
|
||||
|
||||
# -- Name of the backup to recover from.
|
||||
backupName: ""
|
||||
# -- Name of the recovery cluster in the object store, defaults to ".Release.Name"
|
||||
recoveryInstanceName: ""
|
||||
|
||||
# See https://cloudnative-pg.io/documentation/current/recovery/#recovery-from-an-object-store
|
||||
objectStore:
|
||||
wal:
|
||||
# -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
# -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
# -- Number of WAL files to be archived or restored in parallel.
|
||||
maxParallel: 1
|
||||
data:
|
||||
# -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
# -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
# -- Number of data files to be archived or restored in parallel.
|
||||
jobs: 1
|
||||
|
||||
# -- Point in time recovery target. Specify one of the following:
|
||||
pitrTarget:
|
||||
replica:
|
||||
# -- See [here](https://cloudnative-pg.io/documentation/current/database_import/) for different import types
|
||||
# * `microservice` - Single database import as expected from cnpg clusters
|
||||
# * `monolith` - Import multiple databases and roles
|
||||
importType: microservice
|
||||
|
||||
# -- Time in RFC3339 format
|
||||
time: ""
|
||||
# -- If type microservice only one database is allowed, default is app as standard in cnpg clusters
|
||||
importDatabases:
|
||||
- app
|
||||
|
||||
# -- Name of the database used by the application. Default: `app`.
|
||||
database: app
|
||||
# -- If type microservice no roles are imported and ignored
|
||||
importRoles: []
|
||||
|
||||
# -- Name of the owner of the database in the instance to be used by applications. Defaults to the value of the `database` key.
|
||||
owner: ""
|
||||
# -- If import type is monolith postImportApplicationSQL is not supported and ignored
|
||||
postImportApplicationSQL: []
|
||||
|
||||
# -- Desitination bucket
|
||||
destinationBucket: postgres-backups
|
||||
# -- External cluster connection, password specifies a secret name and the key containing the password value
|
||||
externalCluster:
|
||||
connectionParameters:
|
||||
host: postgresql
|
||||
user: app
|
||||
dbname: app
|
||||
password:
|
||||
name: postgresql
|
||||
key: password
|
||||
|
||||
# -- Overrides the provider specific default path. Defaults to:
|
||||
# S3: s3://<bucket><path>
|
||||
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
|
||||
# Google: gs://<bucket><path>
|
||||
destinationPathOverride: ""
|
||||
|
||||
# -- Overrides the provider specific default endpoint. Defaults to:
|
||||
# S3: https://s3.<region>.amazonaws.com"
|
||||
# Leave empty if using the default S3 endpoint
|
||||
endpointURL: "http://garage-main.garage:3900"
|
||||
|
||||
# -- Specifies a CA bundle to validate a privately signed certificate.
|
||||
endpointCA:
|
||||
# -- Creates a secret with the given value if true, otherwise uses an existing secret.
|
||||
create: false
|
||||
|
||||
name: ""
|
||||
key: ""
|
||||
|
||||
# -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
|
||||
index: 1
|
||||
|
||||
# -- Override the name of the backup cluster, defaults to "cluster.name"
|
||||
clusterName: ""
|
||||
|
||||
# -- Use generated External Secrets, credentialPath points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
externalSecret:
|
||||
enabled: true
|
||||
credentialPath: /garage/home-infra/postgres-backups
|
||||
|
||||
# -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
# -- Defaults to <cluster name>-recovery-secret for the existing secret
|
||||
endpointCredentials: ""
|
||||
|
||||
# -- If the S3 endpoint require the ACCESS_REGION variable set in credentials
|
||||
endpointCredentialsIncludeRegion: true
|
||||
|
||||
# -- Storage
|
||||
wal:
|
||||
|
||||
# -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
|
||||
# -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
|
||||
# -- Number of WAL files to be archived or restored in parallel.
|
||||
maxParallel: 1
|
||||
|
||||
data:
|
||||
# -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
|
||||
# -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
|
||||
# -- Number of data files to be archived or restored in parallel.
|
||||
jobs: 1
|
||||
|
||||
# See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-Import
|
||||
import:
|
||||
|
||||
# -- One of `microservice` or `monolith.`
|
||||
# See: https://cloudnative-pg.io/documentation/current/database_import/#how-it-works
|
||||
type: "microservice"
|
||||
|
||||
# -- Databases to import
|
||||
databases: []
|
||||
|
||||
# -- Roles to import
|
||||
roles: []
|
||||
|
||||
# -- List of SQL queries to be executed as a superuser in the application database right after is imported.
|
||||
# To be used with extreme care. Only available in microservice type.
|
||||
postImportApplicationSQL: []
|
||||
|
||||
# -- When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import.
|
||||
schemaOnly: false
|
||||
|
||||
# -- List of custom options to pass to the `pg_dump` command. IMPORTANT: Use these options with caution and at your
|
||||
# own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
|
||||
# operator's intended functionality or design.
|
||||
pgDumpExtraOptions: []
|
||||
|
||||
# -- List of custom options to pass to the `pg_restore` command. IMPORTANT: Use these options with caution and at
|
||||
# your own risk, as the operator does not validate their content. Be aware that certain options may conflict with the
|
||||
# operator's intended functionality or design.
|
||||
pgRestoreExtraOptions: []
|
||||
|
||||
# -- Configuration for the source database
|
||||
source:
|
||||
host: ""
|
||||
port: 5432
|
||||
username: app
|
||||
database: app
|
||||
sslMode: "verify-full"
|
||||
passwordSecret:
|
||||
|
||||
# -- Whether to create a secret for the password
|
||||
create: false
|
||||
|
||||
# -- Name of the secret containing the password
|
||||
name: ""
|
||||
|
||||
# -- The key in the secret containing the password
|
||||
key: "password"
|
||||
|
||||
# -- The password value to use when creating the secret
|
||||
value: ""
|
||||
sslKeySecret:
|
||||
name: ""
|
||||
key: ""
|
||||
sslCertSecret:
|
||||
name: ""
|
||||
key: ""
|
||||
sslRootCertSecret:
|
||||
name: ""
|
||||
key: ""
|
||||
|
||||
# -- Backup settings
|
||||
backup:
|
||||
enabled: false
|
||||
|
||||
# -- Method to create backups, options currently are only objectStore
|
||||
method: objectStore
|
||||
# -- S3 endpoint starting with "https://"
|
||||
endpointURL: ""
|
||||
|
||||
# -- Use generated External Secrets, credentialPath points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
externalSecret:
|
||||
enabled: true
|
||||
# -- S3 path starting with "s3://"
|
||||
destinationPath: ""
|
||||
|
||||
# -- Options for object store backups
|
||||
objectStore:
|
||||
# -
|
||||
# # -- Object store backup name
|
||||
# name: external
|
||||
# -- Specifies secret that contains a CA bundle to validate a privately signed certificate, should contain the key ca-bundle.crt
|
||||
endpointCA: ""
|
||||
|
||||
# # -- Desitination bucket
|
||||
# destinationBucket: postgres-backups
|
||||
# -- Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
endpointCredentials: ""
|
||||
|
||||
# # -- Overrides the provider specific default path. Defaults to:
|
||||
# # S3: s3://<bucket><path>
|
||||
# # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<containerName><path>
|
||||
# # Google: gs://<bucket><path>
|
||||
# destinationPathOverride: ""
|
||||
# -- Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
|
||||
backupIndex: 1
|
||||
|
||||
# # -- Overrides the provider specific default endpoint. Defaults to:
|
||||
# # http://garage-main.garage:3900
|
||||
# endpointURL: ""
|
||||
# -- Name of the backup cluster in the object store, defaults to "cluster.name"
|
||||
backupName: ""
|
||||
|
||||
# # -- Override secret name that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
# endpointCredentialsOverride: ""
|
||||
# -- Tags to add to backups. Add in key value beneath the type.
|
||||
tags:
|
||||
backupRetentionPolicy: ""
|
||||
historyTags:
|
||||
backupRetentionPolicy: ""
|
||||
|
||||
# # -- Path points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
|
||||
# externalSecretCredentialPath
|
||||
wal:
|
||||
# -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
# -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
# -- Number of WAL files to be archived or restored in parallel.
|
||||
maxParallel: 1
|
||||
data:
|
||||
# -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
# -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
encryption: ""
|
||||
# -- Number of data files to be archived or restored in parallel.
|
||||
jobs: 1
|
||||
|
||||
# # -- Specifies a CA bundle to validate a privately signed certificate.
|
||||
# endpointCA:
|
||||
# # -- Creates a secret with the given value if true, otherwise uses an existing secret.
|
||||
# create: false
|
||||
# -- Retention policy for backups
|
||||
retentionPolicy: "7d"
|
||||
|
||||
# name: ""
|
||||
# key: ""
|
||||
|
||||
# # -- Generate external cluster name, uses: {{ .Release.Name }}-postgresql-<major version>-backup-index-{{ index }}
|
||||
# index: 1
|
||||
|
||||
# # -- Retention policy for backups
|
||||
# retentionPolicy: "30d"
|
||||
|
||||
# # -- Specificies if this backup will do WALs
|
||||
# isWALArchiver: true
|
||||
|
||||
# # -- Storage
|
||||
# wal:
|
||||
|
||||
# # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
# compression: snappy
|
||||
|
||||
# # -- Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
# encryption: ""
|
||||
|
||||
# # -- Number of WAL files to be archived or restored in parallel.
|
||||
# maxParallel: 1
|
||||
|
||||
# data:
|
||||
# # -- Data compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
# compression: snappy
|
||||
|
||||
# # -- Whether to instruct the storage provider to encrypt data files. One of `` (use the storage container default), `AES256` or `aws:kms`.
|
||||
# encryption: ""
|
||||
|
||||
# # -- Number of data files to be archived or restored in parallel.
|
||||
# jobs: 1
|
||||
|
||||
# -- List of scheduled backups
|
||||
scheduledBackups: []
|
||||
|
||||
# -
|
||||
# # -- Scheduled backup name
|
||||
# name: daily-backup
|
||||
|
||||
# # -- Schedule in cron format
|
||||
# schedule: "0 0 0 * * *"
|
||||
|
||||
# # -- Start backup on deployment
|
||||
# immediate: false
|
||||
|
||||
# # -- Temporarily stop scheduled backups from running
|
||||
# suspend: false
|
||||
|
||||
# # -- Backup owner reference
|
||||
# backupOwnerReference: self
|
||||
|
||||
# # -- Backup method, can be `barman-cloud.cloudnative-pg.io` (default)
|
||||
# plugin: barman-cloud.cloudnative-pg.io
|
||||
|
||||
# # -- Name of backup target
|
||||
# backupName: external
|
||||
|
||||
# -- Database management configuration
|
||||
databases: []
|
||||
# - name: app # -- Name of the database to be created.
|
||||
# ensure: present # -- Ensure the PostgreSQL database is present or absent - defaults to "present".
|
||||
# owner: app # -- Owner of the database, defaults to the value of the `name` key.
|
||||
# template: template1 # -- Maps to the TEMPLATE parameter.
|
||||
# encoding: UTF8 # -- Maps to the ENCODING parameter.
|
||||
# connectionLimit: -1 # -- Maps to the CONNECTION LIMIT parameter. -1 (the default) means no limit.
|
||||
# tablespace: "" # -- Maps to the TABLESPACE parameter and ALTER DATABASE.
|
||||
# databaseReclaimPolicy: retain # -- One of: retain / delete (retain by default).
|
||||
# schemas: [] # -- List of schemas to be created in the database.
|
||||
# # - name: myschema
|
||||
# # owner: app # -- Owner of the schema, defaults to the database owner.
|
||||
# # ensure: present # -- Ensure the PostgreSQL schema is present or absent - defaults to "present".
|
||||
# extensions: [] # -- List of extensions to be created in the database.
|
||||
# # - name: pg_search
|
||||
# # ensure: present # -- Ensure the PostgreSQL extension is present or absent - defaults to "present".
|
||||
# # version: "0.15.21" # -- Version of the extension to be installed, if not specified the latest version will be used.
|
||||
# # schema: "" # -- Schema where the extension will be installed, if not specified the extensions or current default object creation schema will be used.
|
||||
# isTemplate: false # -- Maps to the IS_TEMPLATE parameter. If true, the database is considered a template for new databases.
|
||||
# locale: "" # -- Maps to the LC_COLLATE and LC_CTYPE parameters
|
||||
# localeProvider: "" # -- Maps to the LOCALE_PROVIDER parameter. Available from PostgreSQL 16.
|
||||
# localeCollate: "" # -- Maps to the LC_COLLATE parameter
|
||||
# localeCType: "" # -- Maps to the LC_CTYPE parameter
|
||||
# icuLocale: "" # -- Maps to the ICU_LOCALE parameter. Available from PostgreSQL 15.
|
||||
# icuRules: "" # -- Maps to the ICU_RULES parameter. Available from PostgreSQL 16.
|
||||
# builtinLocale: "" # -- Maps to the BUILTIN_LOCALE parameter. Available from PostgreSQL 17.
|
||||
# collationVersion: "" # -- Maps to the COLLATION_VERSION parameter.
|
||||
|
||||
# -- List of PgBouncer poolers
|
||||
poolers: []
|
||||
# -
|
||||
# # -- Pooler name
|
||||
# name: rw
|
||||
# # -- PgBouncer type of service to forward traffic to.
|
||||
# type: rw
|
||||
# # -- PgBouncer pooling mode
|
||||
# poolMode: transaction
|
||||
# # -- Number of PgBouncer instances
|
||||
# instances: 3
|
||||
# # -- PgBouncer configuration parameters
|
||||
# parameters:
|
||||
# max_client_conn: "1000"
|
||||
# default_pool_size: "25"
|
||||
# monitoring:
|
||||
# # -- Whether to enable monitoring
|
||||
# enabled: false
|
||||
# podMonitor:
|
||||
# # -- Whether to enable the PodMonitor
|
||||
# enabled: true
|
||||
# # -- Custom PgBouncer deployment template.
|
||||
# # Use to override image, specify resources, etc.
|
||||
# template: {}
|
||||
# -
|
||||
# # -- Pooler name
|
||||
# name: ro
|
||||
# # -- PgBouncer type of service to forward traffic to.
|
||||
# type: ro
|
||||
# # -- PgBouncer pooling mode
|
||||
# poolMode: transaction
|
||||
# # -- Number of PgBouncer instances
|
||||
# instances: 3
|
||||
# # -- PgBouncer configuration parameters
|
||||
# parameters:
|
||||
# max_client_conn: "1000"
|
||||
# default_pool_size: "25"
|
||||
# monitoring:
|
||||
# # -- Whether to enable monitoring
|
||||
# enabled: false
|
||||
# podMonitor:
|
||||
# # -- Whether to enable the PodMonitor
|
||||
# enabled: true
|
||||
# # -- Custom PgBouncer deployment template.
|
||||
# # Use to override image, specify resources, etc.
|
||||
# template: {}
|
||||
# -- Scheduled backup in cron format
|
||||
schedule: "0 0 */3 * *"
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: redis-replication
|
||||
version: 0.7.0
|
||||
description: Redis Replication with Sentinel
|
||||
keywords:
|
||||
- redis-operator
|
||||
- redis
|
||||
- kubernetes
|
||||
sources:
|
||||
- https://github.com/OT-CONTAINER-KIT/redis-operator
|
||||
- https://github.com/OT-CONTAINER-KIT/redis-operator/tree/main/charts/redis-operator
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://github.com/OT-CONTAINER-KIT/redis-operator/raw/main/static/redis-operator-logo.svg
|
||||
appVersion: v0.23.0
|
||||
@@ -1,40 +0,0 @@
|
||||
# redis-replication
|
||||
|
||||
 
|
||||
|
||||
Redis Replication with Sentinel
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| alexlebens | | |
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/OT-CONTAINER-KIT/redis-operator>
|
||||
* <https://github.com/OT-CONTAINER-KIT/redis-operator/tree/main/charts/redis-operator>
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| additionalLabels | object | `{}` | Add additional labels |
|
||||
| existingSecret | object | `{"enabled":false,"key":"password","name":"secret-name"}` | Password |
|
||||
| namespaceOverride | string | `""` | Override the namespace of the chart |
|
||||
| redisReplication | object | `{"clusterSize":3,"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/opstree/redis","tag":"v8.4.0"},"podSecurityContext":{"fsGroup":1000,"runAsUser":1000},"redisExporter":{"enabled":true,"image":{"repository":"quay.io/opstree/redis-exporter","tag":"v1.80.1"},"serviceMonitor":{"enabled":true,"extraLabels":{},"interval":"30s","scrapeTimeout":"10s"}},"resources":{"requests":{"cpu":"10m","memory":"32Mi"}},"volumeClaimTemplate":{"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"1Gi"}},"storageClassName":"ceph-block"}}}` | Redis Replication settings |
|
||||
| redisReplication.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/opstree/redis","tag":"v8.4.0"}` | Image |
|
||||
| redisReplication.podSecurityContext | object | `{"fsGroup":1000,"runAsUser":1000}` | Security |
|
||||
| redisReplication.redisExporter | object | `{"enabled":true,"image":{"repository":"quay.io/opstree/redis-exporter","tag":"v1.80.1"},"serviceMonitor":{"enabled":true,"extraLabels":{},"interval":"30s","scrapeTimeout":"10s"}}` | Metrics |
|
||||
| redisReplication.resources | object | `{"requests":{"cpu":"10m","memory":"32Mi"}}` | Resources |
|
||||
| redisReplication.volumeClaimTemplate | object | `{"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"1Gi"}},"storageClassName":"ceph-block"}}` | Storage |
|
||||
| redisSentinel | object | `{"clusterSize":3,"enabled":false,"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/opstree/redis-sentinel","tag":"v8.4.0"},"podSecurityContext":{"fsGroup":1000,"runAsUser":1000},"redisExporter":{"enabled":true,"image":{"repository":"quay.io/opstree/redis-exporter","tag":"v1.80.1"},"serviceMonitor":{"enabled":true,"extraLabels":{},"interval":"30s","scrapeTimeout":"10s"}},"resources":{"requests":{"cpu":"10m","memory":"32Mi"}}}` | Redis Sentinel settings |
|
||||
| redisSentinel.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/opstree/redis-sentinel","tag":"v8.4.0"}` | Image |
|
||||
| redisSentinel.podSecurityContext | object | `{"fsGroup":1000,"runAsUser":1000}` | Security |
|
||||
| redisSentinel.redisExporter | object | `{"enabled":true,"image":{"repository":"quay.io/opstree/redis-exporter","tag":"v1.80.1"},"serviceMonitor":{"enabled":true,"extraLabels":{},"interval":"30s","scrapeTimeout":"10s"}}` | Metrics |
|
||||
| redisSentinel.resources | object | `{"requests":{"cpu":"10m","memory":"32Mi"}}` | Resources |
|
||||
| replicationNameOverride | string | `""` | Override the name of the resources |
|
||||
| sentinelNameOverride | string | `""` | |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
@@ -1,65 +0,0 @@
|
||||
{{/*
|
||||
Expand the names
|
||||
*/}}
|
||||
{{- define "redis.replicationName" -}}
|
||||
{{- if .Values.replicationNameOverride }}
|
||||
{{- .Values.replicationNameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "redis-replication-%s" .Release.Name -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "redis.sentinelName" -}}
|
||||
{{- if .Values.sentinelNameOverride }}
|
||||
{{- .Values.sentinelNameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "redis-sentinel-%s" .Release.Name -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "redis.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "redis.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "redis.labels" -}}
|
||||
helm.sh/chart: {{ include "redis.chart" $ }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.Version | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "redis.replicationSelectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "redis.replicationName" $ }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "redis.sentinelSelectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "redis.sentinelName" $ }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,58 +0,0 @@
|
||||
apiVersion: redis.redis.opstreelabs.in/v1beta2
|
||||
kind: RedisReplication
|
||||
metadata:
|
||||
name: {{ include "redis.replicationName" . }}
|
||||
namespace: {{ include "redis.namespace" . }}
|
||||
labels:
|
||||
{{- include "redis.labels" . | nindent 4 }}
|
||||
{{- include "redis.replicationSelectorLabels" . | nindent 4 }}
|
||||
spec:
|
||||
clusterSize: {{ .Values.redisReplication.clusterSize }}
|
||||
|
||||
podSecurityContext:
|
||||
{{- with .Values.redisReplication.podSecurityContext }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
kubernetesConfig:
|
||||
image: "{{ .Values.redisReplication.image.repository }}:{{ .Values.redisReplication.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.redisReplication.image.pullPolicy }}
|
||||
resources:
|
||||
{{- with .Values.redisReplication.resources }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{ end }}
|
||||
|
||||
{{ if .Values.existingSecret.enabled }}
|
||||
redisSecret:
|
||||
name: {{ .Values.existingSecret.name }}
|
||||
key: {{ .Values.existingSecret.key }}
|
||||
{{- end }}
|
||||
|
||||
storage:
|
||||
volumeClaimTemplate:
|
||||
{{- with .Values.redisReplication.volumeClaimTemplate }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
redisExporter:
|
||||
enabled: {{ .Values.redisReplication.redisExporter.enabled }}
|
||||
image: "{{ .Values.redisReplication.redisExporter.image.repository }}:{{ .Values.redisReplication.redisExporter.image.tag }}"
|
||||
|
||||
{{- if .Values.redisSentinel.enabled }}
|
||||
sentinel:
|
||||
image: "{{ .Values.redisSentinel.image.repository }}:{{ .Values.redisSentinel.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.redisSentinel.image.pullPolicy }}
|
||||
|
||||
{{ if .Values.existingSecret.enabled }}
|
||||
redisSecret:
|
||||
name: {{ .Values.existingSecret.name }}
|
||||
key: {{ .Values.existingSecret.key }}
|
||||
{{- end }}
|
||||
|
||||
resources:
|
||||
{{- with .Values.redisSentinel.resources }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
|
||||
size: {{ .Values.redisSentinel.clusterSize }}
|
||||
{{- end }}
|
||||
@@ -1,24 +0,0 @@
|
||||
{{- if .Values.redisReplication.redisExporter.serviceMonitor.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "redis.replicationName" . }}
|
||||
namespace: {{ include "redis.namespace" . }}
|
||||
labels:
|
||||
{{- include "redis.labels" . | nindent 4 }}
|
||||
{{- include "redis.replicationSelectorLabels" . | nindent 4 }}
|
||||
{{- with .Values.redisReplication.redisExporter.serviceMonitor.extraLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ include "redis.replicationName" . }}
|
||||
redis_setup_type: replication
|
||||
role: replication
|
||||
endpoints:
|
||||
- port: redis-exporter
|
||||
interval: {{ .Values.redisReplication.redisExporter.serviceMonitor.interval }}
|
||||
scrapeTimeout: {{ .Values.redisReplication.redisExporter.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
@@ -1,92 +0,0 @@
|
||||
# -- Override the name of the resources
|
||||
replicationNameOverride: ""
|
||||
sentinelNameOverride: ""
|
||||
|
||||
# -- Override the namespace of the chart
|
||||
namespaceOverride: ""
|
||||
|
||||
# -- Password
|
||||
existingSecret:
|
||||
enabled: false
|
||||
name: secret-name
|
||||
key: password
|
||||
|
||||
# -- Add additional labels
|
||||
additionalLabels: {}
|
||||
|
||||
# -- Redis Replication settings
|
||||
redisReplication:
|
||||
clusterSize: 3
|
||||
|
||||
# -- Security
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
runAsUser: 1000
|
||||
|
||||
# -- Image
|
||||
image:
|
||||
repository: quay.io/opstree/redis
|
||||
tag: v8.4.0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Resources
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 32Mi
|
||||
|
||||
# -- Storage
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: ceph-block
|
||||
|
||||
# -- Metrics
|
||||
redisExporter:
|
||||
enabled: true
|
||||
image:
|
||||
repository: quay.io/opstree/redis-exporter
|
||||
tag: v1.80.1
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
extraLabels: {}
|
||||
|
||||
# -- Redis Sentinel settings
|
||||
redisSentinel:
|
||||
enabled: false
|
||||
clusterSize: 3
|
||||
|
||||
# -- Security
|
||||
podSecurityContext:
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
|
||||
# -- Image
|
||||
image:
|
||||
repository: quay.io/opstree/redis-sentinel
|
||||
tag: v8.4.0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Resources
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 32Mi
|
||||
|
||||
# -- Metrics
|
||||
redisExporter:
|
||||
enabled: true
|
||||
image:
|
||||
repository: quay.io/opstree/redis-exporter
|
||||
tag: v1.80.1
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
extraLabels: {}
|
||||
@@ -1,16 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: volsync-target
|
||||
version: 0.7.0
|
||||
description: Volsync Replication set to target specific PVC with preconfigured settings
|
||||
keywords:
|
||||
- volsync-target
|
||||
- volsync
|
||||
- storage
|
||||
- kubernetes
|
||||
sources:
|
||||
- https://github.com/backube/volsync
|
||||
- https://github.com/backube/volsync/tree/main/helm/volsync
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true
|
||||
appVersion: 0.14.0
|
||||
@@ -1,42 +0,0 @@
|
||||
# volsync-target
|
||||
|
||||
 
|
||||
|
||||
Volsync Replication set to target specific PVC with preconfigured settings
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| alexlebens | | |
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/backube/volsync>
|
||||
* <https://github.com/backube/volsync/tree/main/helm/volsync>
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| additionalLabels | object | `{}` | Add additional labels |
|
||||
| external | object | `{"enabled":true,"externalSecret":{"credentialPath":"/digital-ocean/home-infra/volsync-backups","volsyncPath":"/volsync/restic/digital-ocean"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 9 * * *"}` | External backup configuration |
|
||||
| external.externalSecret | object | `{"credentialPath":"/digital-ocean/home-infra/volsync-backups","volsyncPath":"/volsync/restic/digital-ocean"}` | External Secret configuration |
|
||||
| external.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
|
||||
| external.schedule | string | `"0 9 * * *"` | 5 character cron schedule |
|
||||
| externalSecrets | object | `{"enabled":true}` | Use external secrets |
|
||||
| local | object | `{"enabled":false,"externalSecret":{"credentialPath":"/garage/home-infra/volsync-backups","volsyncPath":"/volsync/restic/garage-local"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 8 * * *"}` | Local backup configuration |
|
||||
| local.externalSecret | object | `{"credentialPath":"/garage/home-infra/volsync-backups","volsyncPath":"/volsync/restic/garage-local"}` | External Secret configuration |
|
||||
| local.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
|
||||
| local.schedule | string | `"0 8 * * *"` | 5 character cron schedule |
|
||||
| moverSecurityContext | object | `{}` | Glocal security context for restic mover |
|
||||
| nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
|
||||
| namespaceOverride | string | `""` | Override the namespace of the chart |
|
||||
| pvcTarget | string | `"data"` | Name of the PVC target |
|
||||
| remote | object | `{"enabled":false,"externalSecret":{"credentialPath":"/garage/home-infra/volsync-backups","volsyncPath":"/volsync/restic/garage-remote"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 10 * * *"}` | Remote backup configuration |
|
||||
| remote.externalSecret | object | `{"credentialPath":"/garage/home-infra/volsync-backups","volsyncPath":"/volsync/restic/garage-remote"}` | External Secret configuration |
|
||||
| remote.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
|
||||
| remote.schedule | string | `"0 10 * * *"` | 5 character cron schedule |
|
||||
|
||||
----------------------------------------------
|
||||
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
|
||||
@@ -1,75 +0,0 @@
|
||||
{{/*
|
||||
Expand the names
|
||||
*/}}
|
||||
{{- define "volsync.name" -}}
|
||||
{{- if .Values.nameOverride }}
|
||||
{{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-backup" .Values.pvcTarget -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "volsync.localRepoName" -}}
|
||||
{{- if .Values.local.restic.repository }}
|
||||
{{- .Values.local.restic.repository | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-secret-local" (include "volsync.name" .) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "volsync.remoteRepoName" -}}
|
||||
{{- if .Values.remote.restic.repository }}
|
||||
{{- .Values.remote.restic.repository | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-secret-remote" (include "volsync.name" .) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "volsync.externalRepoName" -}}
|
||||
{{- if .Values.external.restic.repository }}
|
||||
{{- .Values.external.restic.repository | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-secret-external" (include "volsync.name" .) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "volsync.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "volsync.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "volsync.labels" -}}
|
||||
helm.sh/chart: {{ include "volsync.chart" $ }}
|
||||
{{ include "volsync.selectorLabels" $ }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.Version | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "volsync.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,182 +0,0 @@
|
||||
{{- if and (.Values.local.enabled) (.Values.externalSecrets.enabled) }}
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{ include "volsync.localRepoName" . }}
|
||||
namespace: {{ include "volsync.namespace" . }}
|
||||
labels:
|
||||
{{- include "volsync.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "volsync.localRepoName" . }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.local.externalSecret.volsyncPath | required "External Secret Volsync local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.local.externalSecret.credentialPath | required "External Secret Credential local path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
{{- end }}
|
||||
|
||||
{{- if and (.Values.remote.enabled) (.Values.externalSecrets.enabled) }}
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{ include "volsync.remoteRepoName" . }}
|
||||
namespace: {{ include "volsync.namespace" . }}
|
||||
labels:
|
||||
{{- include "volsync.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "volsync.remoteRepoName" . }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.remote.externalSecret.volsyncPath | required "External Secret Volsync remote path is required" }}
|
||||
metadataPolicy: None
|
||||
property: BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.remote.externalSecret.volsyncPath | required "External Secret Volsync remote path is required" }}
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.remote.externalSecret.credentialPath | required "External Secret Credential remote path is required" }}
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
{{- end }}
|
||||
|
||||
{{- if and (.Values.external.enabled) (.Values.externalSecrets.enabled) }}
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{ include "volsync.externalRepoName" . }}
|
||||
namespace: {{ include "volsync.namespace" . }}
|
||||
labels:
|
||||
{{- include "volsync.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "volsync.externalRepoName" . }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/{{ .Release.Namespace }}/{{ .Values.pvcTarget | required "PVC target is required" }}"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.external.externalSecret.volsyncPath | required "External Secret Volsync external path is required" }}
|
||||
metadataPolicy: None
|
||||
property: BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.external.externalSecret.volsyncPath | required "External Secret Volsync external path is required" }}
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }}
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }}
|
||||
metadataPolicy: None
|
||||
property: AWS_ACCESS_KEY_ID
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: {{ .Values.external.externalSecret.credentialPath | required "External Secret Credential external path is required" }}
|
||||
metadataPolicy: None
|
||||
property: AWS_SECRET_ACCESS_KEY
|
||||
{{- end }}
|
||||
@@ -1,107 +0,0 @@
|
||||
{{- if .Values.local.enabled }}
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: {{ include "volsync.name" . }}-source-local
|
||||
namespace: {{ include "volsync.namespace" . }}
|
||||
labels:
|
||||
{{- include "volsync.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "volsync.name" . }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
sourcePVC: {{ .Values.pvcTarget }}
|
||||
trigger:
|
||||
schedule: {{ .Values.local.schedule }}
|
||||
restic:
|
||||
pruneIntervalDays: {{ .Values.local.restic.pruneIntervalDays }}
|
||||
repository: {{ include "volsync.localRepoName" . }}
|
||||
retain:
|
||||
{{- with .Values.local.restic.retain }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.moverSecurityContext }}
|
||||
moverSecurityContext:
|
||||
{{- with .Values.moverSecurityContext }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
copyMethod: {{ .Values.local.restic.copyMethod }}
|
||||
storageClassName: {{ .Values.local.restic.storageClassName }}
|
||||
volumeSnapshotClassName: {{ .Values.local.restic.volumeSnapshotClassName }}
|
||||
cacheCapacity: {{ .Values.local.restic.cacheCapacity }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.remote.enabled }}
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: {{ include "volsync.name" . }}-source-remote
|
||||
namespace: {{ include "volsync.namespace" . }}
|
||||
labels:
|
||||
{{- include "volsync.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "volsync.name" . }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
sourcePVC: {{ .Values.pvcTarget | required "PVC target is required" }}
|
||||
trigger:
|
||||
schedule: {{ .Values.remote.schedule }}
|
||||
restic:
|
||||
pruneIntervalDays: {{ .Values.remote.restic.pruneIntervalDays }}
|
||||
repository: {{ include "volsync.remoteRepoName" . }}
|
||||
retain:
|
||||
{{- with .Values.remote.restic.retain }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.moverSecurityContext }}
|
||||
moverSecurityContext:
|
||||
{{- with .Values.moverSecurityContext }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
copyMethod: {{ .Values.remote.restic.copyMethod }}
|
||||
storageClassName: {{ .Values.remote.restic.storageClassName }}
|
||||
volumeSnapshotClassName: {{ .Values.remote.restic.volumeSnapshotClassName }}
|
||||
cacheCapacity: {{ .Values.remote.restic.cacheCapacity }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.external.enabled }}
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: {{ include "volsync.name" . }}-source-external
|
||||
namespace: {{ include "volsync.namespace" . }}
|
||||
labels:
|
||||
{{- include "volsync.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ include "volsync.name" . }}
|
||||
{{- with .Values.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
sourcePVC: {{ .Values.pvcTarget }}
|
||||
trigger:
|
||||
schedule: {{ .Values.external.schedule }}
|
||||
restic:
|
||||
pruneIntervalDays: {{ .Values.external.restic.pruneIntervalDays }}
|
||||
repository: {{ include "volsync.externalRepoName" . }}
|
||||
retain:
|
||||
{{- with .Values.external.restic.retain }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.moverSecurityContext }}
|
||||
moverSecurityContext:
|
||||
{{- with .Values.moverSecurityContext }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
copyMethod: {{ .Values.external.restic.copyMethod }}
|
||||
storageClassName: {{ .Values.external.restic.storageClassName }}
|
||||
volumeSnapshotClassName: {{ .Values.external.restic.volumeSnapshotClassName }}
|
||||
cacheCapacity: {{ .Values.external.restic.cacheCapacity }}
|
||||
{{- end }}
|
||||
@@ -1,105 +0,0 @@
|
||||
# -- Default pattern follows <pvcTarget>-backup
|
||||
nameOverride: ""
|
||||
|
||||
# -- Override the namespace of the chart
|
||||
namespaceOverride: ""
|
||||
|
||||
# -- Add additional labels
|
||||
additionalLabels: {}
|
||||
|
||||
# -- Name of the PVC target
|
||||
pvcTarget: "data"
|
||||
|
||||
# -- Glocal security context for restic mover
|
||||
moverSecurityContext: {}
|
||||
|
||||
# -- Use external secrets
|
||||
externalSecrets:
|
||||
enabled: true
|
||||
|
||||
# -- Local backup configuration
|
||||
local:
|
||||
enabled: false
|
||||
|
||||
# -- 5 character cron schedule
|
||||
schedule: 0 8 * * *
|
||||
|
||||
# -- Backup configuration, inserted directly into the yaml
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: ""
|
||||
retain:
|
||||
hourly: 0
|
||||
daily: 7
|
||||
weekly: 4
|
||||
monthly: 3
|
||||
yearly: 1
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
cacheCapacity: 1Gi
|
||||
|
||||
# -- External Secret configuration
|
||||
externalSecret:
|
||||
# This path must contain the BUCKET_ENDPOINT and RESTIC_PASSWORD
|
||||
volsyncPath: /volsync/restic/garage-local
|
||||
# This path must contain the AWS/S3 credentials
|
||||
credentialPath: /garage/home-infra/volsync-backups
|
||||
|
||||
# -- Remote backup configuration
|
||||
remote:
|
||||
enabled: false
|
||||
|
||||
# -- 5 character cron schedule
|
||||
schedule: 0 10 * * *
|
||||
|
||||
# -- Backup configuration, inserted directly into the yaml
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: ""
|
||||
retain:
|
||||
hourly: 0
|
||||
daily: 7
|
||||
weekly: 4
|
||||
monthly: 3
|
||||
yearly: 1
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
cacheCapacity: 1Gi
|
||||
|
||||
# -- External Secret configuration
|
||||
externalSecret:
|
||||
# This path must contain the BUCKET_ENDPOINT and RESTIC_PASSWORD
|
||||
volsyncPath: /volsync/restic/garage-remote
|
||||
# This path must contain the AWS/S3 credentials
|
||||
credentialPath: /garage/home-infra/volsync-backups
|
||||
|
||||
# -- External backup configuration
|
||||
external:
|
||||
enabled: true
|
||||
|
||||
# -- 5 character cron schedule
|
||||
schedule: 0 9 * * *
|
||||
|
||||
# -- Backup configuration, inserted directly into the yaml
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: ""
|
||||
retain:
|
||||
hourly: 0
|
||||
daily: 7
|
||||
weekly: 4
|
||||
monthly: 3
|
||||
yearly: 1
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
cacheCapacity: 1Gi
|
||||
|
||||
# -- External Secret configuration
|
||||
externalSecret:
|
||||
# This path must contain the BUCKET_ENDPOINT and RESTIC_PASSWORD
|
||||
volsyncPath: /volsync/restic/digital-ocean
|
||||
# This path must contain the AWS/S3 credentials
|
||||
credentialPath: /digital-ocean/home-infra/volsync-backups
|
||||
117
renovate.json
117
renovate.json
@@ -1,56 +1,73 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:recommended",
|
||||
"mergeConfidence:all-badges",
|
||||
":rebaseStalePrs"
|
||||
],
|
||||
"timezone": "US/Central",
|
||||
"labels": [],
|
||||
"prHourlyLimit": 0,
|
||||
"prConcurrentLimit": 0,
|
||||
"packageRules": [
|
||||
{
|
||||
"description": "Label charts",
|
||||
"matchDatasources": ["helm"],
|
||||
"addLabels": ["chart"],
|
||||
"automerge": false,
|
||||
"bumpVersions": [
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:recommended",
|
||||
"mergeConfidence:all-badges",
|
||||
":rebaseStalePrs"
|
||||
],
|
||||
"timezone": "US/Central",
|
||||
"labels": [],
|
||||
"packageRules": [
|
||||
{
|
||||
"filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
|
||||
"matchStrings": ["version:\\s(?<version>[^\\s]+)"],
|
||||
"bumpType": "{{#if isPatch}}patch{{else}}minor{{/if}}"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": "Label images",
|
||||
"matchDatasources": ["docker"],
|
||||
"addLabels": ["image"],
|
||||
"automerge": false,
|
||||
"bumpVersions": [
|
||||
"description": "Disables for non major Renovate version",
|
||||
"matchFileNames": [
|
||||
".github/renovate-update-notification/Dockerfile"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch",
|
||||
"pin",
|
||||
"digest",
|
||||
"rollback"
|
||||
],
|
||||
"enabled": false
|
||||
},
|
||||
{
|
||||
"filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
|
||||
"matchStrings": ["version:\\s(?<version>[^\\s]+)"],
|
||||
"bumpType": "{{#if isPatch}}patch{{else}}minor{{/if}}"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": "Automerge generic-device-plugin image on digest",
|
||||
"matchDatasources": ["docker"],
|
||||
"matchDepNames": ["ghcr.io/squat/generic-device-plugin"],
|
||||
"matchUpdateTypes": ["digest"],
|
||||
"addLabels": ["image", "automerge"],
|
||||
"automerge": true,
|
||||
"minimumReleaseAge": "1 days",
|
||||
"bumpVersions": [
|
||||
"description": "Generate for major Renovate version",
|
||||
"matchFileNames": [
|
||||
".github/renovate-update-notification/Dockerfile"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"major"
|
||||
],
|
||||
"addLabels": [
|
||||
"upgrade"
|
||||
],
|
||||
"automerge": false
|
||||
},
|
||||
{
|
||||
"filePatterns": ["{{packageFileDir}}/Chart.{yaml,yml}"],
|
||||
"matchStrings": ["version:\\s(?<version>[^\\s]+)"],
|
||||
"bumpType": "patch"
|
||||
"description": "Label charts",
|
||||
"matchDatasources": [
|
||||
"helm"
|
||||
],
|
||||
"addLabels": [
|
||||
"chart"
|
||||
],
|
||||
"automerge": false
|
||||
},
|
||||
{
|
||||
"description": "Label images",
|
||||
"matchDatasources": [
|
||||
"docker"
|
||||
],
|
||||
"addLabels": [
|
||||
"image"
|
||||
],
|
||||
"automerge": false
|
||||
},
|
||||
{
|
||||
"description": "CNPG image",
|
||||
"matchDepNames": [
|
||||
"ghcr.io/cloudnative-pg/postgresql"
|
||||
],
|
||||
"matchDatasources": [
|
||||
"docker"
|
||||
],
|
||||
"addLabels": [
|
||||
"image"
|
||||
],
|
||||
"automerge": false,
|
||||
"versioning": "deb"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user