alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
gitea-bot
2025-12-10 19:31:16 +00:00
parent a9dd136161
commit 17e42ccbdd
15 changed files with 794 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/manifests/cloudnative-pg/ClusterRole-cloudnative-pg-edit.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRole
metadata:
name: cloudnative-pg-edit
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:

4
clusters/cl01tl/manifests/cloudnative-pg/ClusterRole-cloudnative-pg-view.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRole
metadata:
name: cloudnative-pg-view
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:

4
clusters/cl01tl/manifests/cloudnative-pg/ClusterRole-cloudnative-pg.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRole
metadata:
name: cloudnative-pg
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:

4
clusters/cl01tl/manifests/cloudnative-pg/ClusterRoleBinding-cloudnative-pg.yaml
View File

@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
metadata:
name: cloudnative-pg
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io

4
clusters/cl01tl/manifests/cloudnative-pg/ConfigMap-cnpg-controller-manager-config.yaml
View File

@@ -4,9 +4,9 @@ metadata:
name: cnpg-controller-manager-config
namespace: cloudnative-pg
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
data: {}

4
clusters/cl01tl/manifests/cloudnative-pg/ConfigMap-cnpg-default-monitoring.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: cnpg-default-monitoring
namespace: cloudnative-pg
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
cnpg.io/reload: ""
data:

495
clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-clusters.postgresql.cnpg.io.yaml
View File

@@ -1486,19 +1486,59 @@ spec:
type: array
pgDumpExtraOptions:
description: |-
List of custom options to pass to the `pg_dump` command. IMPORTANT:
Use these options with caution and at your own risk, as the operator
does not validate their content. Be aware that certain options may
conflict with the operator's intended functionality or design.
List of custom options to pass to the `pg_dump` command.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior.
items:
type: string
type: array
pgRestoreDataOptions:
description: |-
Custom options to pass to the `pg_restore` command during the `data`
section. This setting overrides the generic `pgRestoreExtraOptions` value.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior.
items:
type: string
type: array
pgRestoreExtraOptions:
description: |-
List of custom options to pass to the `pg_restore` command. IMPORTANT:
Use these options with caution and at your own risk, as the operator
does not validate their content. Be aware that certain options may
conflict with the operator's intended functionality or design.
List of custom options to pass to the `pg_restore` command.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior.
items:
type: string
type: array
pgRestorePostdataOptions:
description: |-
Custom options to pass to the `pg_restore` command during the `post-data`
section. This setting overrides the generic `pgRestoreExtraOptions` value.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior.
items:
type: string
type: array
pgRestorePredataOptions:
description: |-
Custom options to pass to the `pg_restore` command during the `pre-data`
section. This setting overrides the generic `pgRestoreExtraOptions` value.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior.
items:
type: string
type: array
@@ -1557,6 +1597,7 @@ spec:
options:
description: |-
The list of options that must be passed to initdb when creating the cluster.
Deprecated: This could lead to inconsistent configurations,
please use the explicit provided parameters instead.
If defined, explicit values will be ignored.
@@ -3677,6 +3718,14 @@ spec:
Deprecated: This feature will be removed in an upcoming release. If
you need this functionality, you can create a PodMonitor manually.
type: boolean
metricsQueriesTTL:
description: |-
The interval during which metrics computed from queries are considered current.
Once it is exceeded, a new scrape will trigger a rerun
of the queries.
If not set, defaults to 30 seconds, in line with Prometheus scraping defaults.
Setting this to zero disables the caching mechanism and can cause heavy load on the PostgreSQL server.
type: string
podMonitorMetricRelabelings:
description: |-
The list of metric relabelings for the `PodMonitor`. Applied to samples before ingestion.
@@ -3914,6 +3963,237 @@ spec:
- name
type: object
type: array
podSecurityContext:
description: |-
Override the PodSecurityContext applied to every Pod of the cluster.
When set, this overrides the operator's default PodSecurityContext for the cluster.
If omitted, the operator defaults are used.
This field doesn't have any effect if SecurityContextConstraints are present.
properties:
appArmorProfile:
description: |-
appArmorProfile is the AppArmor options to use by the containers in this pod.
Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile loaded on the node that should be used.
The profile must be preconfigured on the node to work.
Must match the loaded name of the profile.
Must be set if and only if type is "Localhost".
type: string
type:
description: |-
type indicates which kind of AppArmor profile will be applied.
Valid options are:
Localhost - a profile pre-loaded on the node.
RuntimeDefault - the container runtime's default profile.
Unconfined - no AppArmor enforcement.
type: string
required:
- type
type: object
fsGroup:
description: |-
A special supplemental group that applies to all containers in a pod.
Some volume types allow the Kubelet to change the ownership of that volume
to be owned by the pod:
1. The owning GID will be the FSGroup
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
fsGroupChangePolicy:
description: |-
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
before being exposed inside Pod. This field will only apply to
volume types which support fsGroup based ownership(and permissions).
It will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir.
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
Note that this field cannot be set when spec.os.name is windows.
type: string
runAsGroup:
description: |-
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in SecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence
for that container.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
description: |-
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in SecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: |-
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence
for that container.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxChangePolicy:
description: |-
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime.
This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with `-o context` mount option.
This requires all Pods that share the same volume to use the same SELinux label.
It is not possible to share the same volume among privileged and unprivileged Pods.
Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
CSIDriver instance. Other volumes are always re-labelled recursively.
"MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
Note that this field cannot be set when spec.os.name is windows.
type: string
seLinuxOptions:
description: |-
The SELinux context to be applied to all containers.
If unspecified, the container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to the container.
type: string
role:
description: Role is a SELinux role label that applies to the container.
type: string
type:
description: Type is a SELinux type label that applies to the container.
type: string
user:
description: User is a SELinux user label that applies to the container.
type: string
type: object
seccompProfile:
description: |-
The seccomp options to use by the containers in this pod.
Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
required:
- type
type: object
supplementalGroups:
description: |-
A list of groups applied to the first process run in each container, in
addition to the container's primary GID and fsGroup (if specified). If
the SupplementalGroupsPolicy feature is enabled, the
supplementalGroupsPolicy field determines whether these are in addition
to or instead of any group memberships defined in the container image.
If unspecified, no additional groups are added, though group memberships
defined in the container image may still be used, depending on the
supplementalGroupsPolicy field.
Note that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
type: array
x-kubernetes-list-type: atomic
supplementalGroupsPolicy:
description: |-
Defines how supplemental groups of the first container processes are calculated.
Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
and the container runtime must implement support for this feature.
Note that this field cannot be set when spec.os.name is windows.
type: string
sysctls:
description: |-
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
sysctls (by the container runtime) might fail to launch.
Note that this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
x-kubernetes-list-type: atomic
windowsOptions:
description: |-
The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext will be used.
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: |-
GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
GMSA credential spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
type: string
hostProcess:
description: |-
HostProcess determines if a container should be run as a 'Host Process' container.
All of a Pod's containers must have the same effective HostProcess value
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
In addition, if HostProcess is true then HostNetwork must also be set to true.
type: boolean
runAsUserName:
description: |-
The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
postgresGID:
default: 26
description: The GID of the `postgres` user inside the image, defaults to `26`
@@ -4125,6 +4405,12 @@ spec:
- required
- preferred
type: string
failoverQuorum:
description: |-
FailoverQuorum enables a quorum-based check before failover, improving
data durability and safety during failover events in CloudNativePG-managed
PostgreSQL clusters.
type: boolean
maxStandbyNamesFromCluster:
description: |-
Specifies the maximum number of local cluster pods that can be
@@ -4177,7 +4463,10 @@ spec:
description: |-
Method to follow to upgrade the primary server during a rolling
update procedure, after all replicas have been successfully updated:
it can be with a switchover (`switchover`) or in-place (`restart` - default)
it can be with a switchover (`switchover`) or in-place (`restart` - default).
Note: when using `switchover`, the operator will reject updates that change both
the image name and PostgreSQL configuration parameters simultaneously to avoid
configuration mismatches during the switchover process.
enum:
- switchover
- restart
@@ -5018,6 +5307,194 @@ spec:
required:
- type
type: object
securityContext:
description: |-
Override the SecurityContext applied to every Container in the Pod of the cluster.
When set, this overrides the operator's default Container SecurityContext.
If omitted, the operator defaults are used.
properties:
allowPrivilegeEscalation:
description: |-
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.
type: boolean
appArmorProfile:
description: |-
appArmorProfile is the AppArmor options to use by this container. If set, this profile
overrides the pod's appArmorProfile.
Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile loaded on the node that should be used.
The profile must be preconfigured on the node to work.
Must match the loaded name of the profile.
Must be set if and only if type is "Localhost".
type: string
type:
description: |-
type indicates which kind of AppArmor profile will be applied.
Valid options are:
Localhost - a profile pre-loaded on the node.
RuntimeDefault - the container runtime's default profile.
Unconfined - no AppArmor enforcement.
type: string
required:
- type
type: object
capabilities:
description: |-
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
x-kubernetes-list-type: atomic
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities type
type: string
type: array
x-kubernetes-list-type: atomic
type: object
privileged:
description: |-
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Defaults to false.
Note that this field cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: |-
Whether this container has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: |-
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
description: |-
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: |-
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
description: |-
The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies to the container.
type: string
role:
description: Role is a SELinux role label that applies to the container.
type: string
type:
description: Type is a SELinux type label that applies to the container.
type: string
user:
description: User is a SELinux user label that applies to the container.
type: string
type: object
seccompProfile:
description: |-
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
required:
- type
type: object
windowsOptions:
description: |-
The Windows specific settings applied to all containers.
If unspecified, the options from the PodSecurityContext will be used.
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: |-
GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
GMSA credential spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
type: string
hostProcess:
description: |-
HostProcess determines if a container should be run as a 'Host Process' container.
All of a Pod's containers must have the same effective HostProcess value
(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
In addition, if HostProcess is true then HostNetwork must also be set to true.
type: boolean
runAsUserName:
description: |-
The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
serviceAccountTemplate:
description: Configure the generation of the service account
properties:

232
clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-databases.postgresql.cnpg.io.yaml
View File

@@ -131,16 +131,16 @@ spec:
ensure:
default: present
description: |-
Specifies whether an extension/schema should be present or absent in
the database. If set to `present`, the extension/schema will be
created if it does not exist. If set to `absent`, the
extension/schema will be removed if it exists.
Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists.
enum:
- present
- absent
type: string
name:
description: Name of the extension/schema
description: Name of the object (extension, schema, FDW, server)
type: string
schema:
description: |-
@@ -160,6 +160,95 @@ spec:
- name
type: object
type: array
fdws:
description: The list of foreign data wrappers to be managed in the database
items:
description: FDWSpec configures an Foreign Data Wrapper in a database
properties:
ensure:
default: present
description: |-
Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists.
enum:
- present
- absent
type: string
handler:
description: |-
Name of the handler function (e.g., "postgres_fdw_handler").
This will be empty if no handler is specified. In that case,
the default handler is registered when the FDW extension is created.
type: string
name:
description: Name of the object (extension, schema, FDW, server)
type: string
options:
description: Options specifies the configuration options for the FDW.
items:
description: OptionSpec holds the name, value and the ensure field for an option
properties:
ensure:
default: present
description: |-
Specifies whether an option should be present or absent in
the database. If set to `present`, the option will be
created if it does not exist. If set to `absent`, the
option will be removed if it exists.
enum:
- present
- absent
type: string
name:
description: Name of the option
type: string
value:
description: Value of the option
type: string
required:
- name
- value
type: object
type: array
owner:
description: |-
Owner specifies the database role that will own the Foreign Data Wrapper.
The role must have superuser privileges in the target database.
type: string
usage:
description: List of roles for which `USAGE` privileges on the FDW are granted or revoked.
items:
description: UsageSpec configures a usage for a foreign data wrapper
properties:
name:
description: Name of the usage
type: string
x-kubernetes-validations:
- message: name is required
rule: self != ''
type:
default: grant
description: The type of usage
enum:
- grant
- revoke
type: string
required:
- name
type: object
type: array
validator:
description: |-
Name of the validator function (e.g., "postgres_fdw_validator").
This will be empty if no validator is specified. In that case,
the default validator is registered when the FDW extension is created.
type: string
required:
- name
type: object
type: array
icuLocale:
description: |-
Maps to the `ICU_LOCALE` parameter of `CREATE DATABASE`. This
@@ -246,16 +335,16 @@ spec:
ensure:
default: present
description: |-
Specifies whether an extension/schema should be present or absent in
the database. If set to `present`, the extension/schema will be
created if it does not exist. If set to `absent`, the
extension/schema will be removed if it exists.
Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists.
enum:
- present
- absent
type: string
name:
description: Name of the extension/schema
description: Name of the object (extension, schema, FDW, server)
type: string
owner:
description: |-
@@ -267,6 +356,87 @@ spec:
- name
type: object
type: array
servers:
description: The list of foreign servers to be managed in the database
items:
description: ServerSpec configures a server of a foreign data wrapper
properties:
ensure:
default: present
description: |-
Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists.
enum:
- present
- absent
type: string
fdw:
description: The name of the Foreign Data Wrapper (FDW)
type: string
x-kubernetes-validations:
- message: fdw is required
rule: self != ''
name:
description: Name of the object (extension, schema, FDW, server)
type: string
options:
description: |-
Options specifies the configuration options for the server
(key is the option name, value is the option value).
items:
description: OptionSpec holds the name, value and the ensure field for an option
properties:
ensure:
default: present
description: |-
Specifies whether an option should be present or absent in
the database. If set to `present`, the option will be
created if it does not exist. If set to `absent`, the
option will be removed if it exists.
enum:
- present
- absent
type: string
name:
description: Name of the option
type: string
value:
description: Value of the option
type: string
required:
- name
- value
type: object
type: array
usage:
description: List of roles for which `USAGE` privileges on the server are granted or revoked.
items:
description: UsageSpec configures a usage for a foreign data wrapper
properties:
name:
description: Name of the usage
type: string
x-kubernetes-validations:
- message: name is required
rule: self != ''
type:
default: grant
description: The type of usage
enum:
- grant
- revoke
type: string
required:
- name
type: object
type: array
required:
- fdw
- name
type: object
type: array
tablespace:
description: |-
Maps to the `TABLESPACE` parameter of `CREATE DATABASE`.
@@ -326,6 +496,27 @@ spec:
- name
type: object
type: array
fdws:
description: FDWs is the status of the managed FDWs
items:
description: DatabaseObjectStatus is the status of the managed database objects
properties:
applied:
description: |-
True of the object has been installed successfully in
the database
type: boolean
message:
description: Message is the object reconciliation message
type: string
name:
description: The name of the object
type: string
required:
- applied
- name
type: object
type: array
message:
description: Message is the reconciliation output message
type: string
@@ -356,6 +547,27 @@ spec:
- name
type: object
type: array
servers:
description: Servers is the status of the managed servers
items:
description: DatabaseObjectStatus is the status of the managed database objects
properties:
applied:
description: |-
True of the object has been installed successfully in
the database
type: boolean
message:
description: Message is the object reconciliation message
type: string
name:
description: The name of the object
type: string
required:
- applied
- name
type: object
type: array
type: object
required:
- metadata

57
clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-poolers.postgresql.cnpg.io.yaml
View File

@@ -311,6 +311,30 @@ spec:
query. In case it is specified, also an AuthQuery
(e.g. "SELECT usename, passwd FROM pg_catalog.pg_shadow WHERE usename=$1")
has to be specified and no automatic CNPG Cluster integration will be triggered.
Deprecated.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
clientCASecret:
description: |-
ClientCASecret provides PgBouncers client_tls_ca_file, the root
CA for validating client certificates
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
clientTLSSecret:
description: |-
ClientTLSSecret provides PgBouncers client_tls_key_file (private key)
and client_tls_cert_file (certificate) used to accept client connections
properties:
name:
description: Name of the referent.
@@ -347,6 +371,29 @@ spec:
- session
- transaction
type: string
serverCASecret:
description: |-
ServerCASecret provides PgBouncers server_tls_ca_file, the root
CA for validating PostgreSQL certificates
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
serverTLSSecret:
description: |-
ServerTLSSecret, when pointing to a TLS secret, provides pgbouncer's
`server_tls_key_file` and `server_tls_cert_file`, used when
authenticating against PostgreSQL.
properties:
name:
description: Name of the referent.
type: string
required:
- name
type: object
type: object
serviceTemplate:
description: Template for the Service to be created
@@ -8799,6 +8846,16 @@ spec:
description: The ResourceVersion of the secret
type: string
type: object
clientTLS:
description: The client TLS secret version
properties:
name:
description: The name of the secret
type: string
version:
description: The ResourceVersion of the secret
type: string
type: object
pgBouncerSecrets:
description: The version of the secrets used by PgBouncer
properties:

14
clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: cloudnative-pg
namespace: cloudnative-pg
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 2
@@ -18,9 +18,9 @@ spec:
template:
metadata:
annotations:
checksum/rbac: ecc7ac52a42c48513234accf4bd785afb5889e77f0672f57c00b875960e3497a
checksum/config: c9268d2e1b50fbad8b125b152e51e44e51e393aef15b37b31b8ef35e60c039ec
checksum/monitoring-config: 5b7dc0c42a24b297d6f659777324c4105b8ce5e022ee55e973a2f3697f4e7702
checksum/rbac: 625d3dbff4558ad674205e1cd8555211cddb507d587760354c9c1871e366b859
checksum/config: ffb213960dde6a3a8cc898d67058389735af67e191de063efd4d39b4e1130db4
checksum/monitoring-config: 1e0e508ea8c794ca396cd418f9fc622311e161e94283828fa8b61896a86f60c9
labels:
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
@@ -36,14 +36,14 @@ spec:
- /manager
env:
- name: OPERATOR_IMAGE_NAME
value: "ghcr.io/cloudnative-pg/cloudnative-pg:1.27.1"
value: "ghcr.io/cloudnative-pg/cloudnative-pg:1.28.0"
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MONITORING_QUERIES_CONFIGMAP
value: "cnpg-default-monitoring"
image: "ghcr.io/cloudnative-pg/cloudnative-pg:1.27.1"
image: "ghcr.io/cloudnative-pg/cloudnative-pg:1.28.0"
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:

4
clusters/cl01tl/manifests/cloudnative-pg/MutatingWebhookConfiguration-cnpg-mutating-webhook-configuration.yaml
View File

@@ -3,10 +3,10 @@ kind: MutatingWebhookConfiguration
metadata:
name: cnpg-mutating-webhook-configuration
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
webhooks:
- admissionReviewVersions:

4
clusters/cl01tl/manifests/cloudnative-pg/PodMonitor-cloudnative-pg.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: cloudnative-pg
namespace: cloudnative-pg
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
spec:
selector:

4
clusters/cl01tl/manifests/cloudnative-pg/Service-cnpg-webhook-service.yaml
View File

@@ -4,10 +4,10 @@ metadata:
name: cnpg-webhook-service
namespace: cloudnative-pg
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP

4
clusters/cl01tl/manifests/cloudnative-pg/ServiceAccount-cloudnative-pg.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: cloudnative-pg
namespace: cloudnative-pg
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm

4
clusters/cl01tl/manifests/cloudnative-pg/ValidatingWebhookConfiguration-cnpg-validating-webhook-configuration.yaml
View File

@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
metadata:
name: cnpg-validating-webhook-configuration
labels:
helm.sh/chart: cloudnative-pg-0.26.1
helm.sh/chart: cloudnative-pg-0.27.0
app.kubernetes.io/name: cloudnative-pg
app.kubernetes.io/instance: cloudnative-pg
app.kubernetes.io/version: "1.27.1"
app.kubernetes.io/version: "1.28.0"
app.kubernetes.io/managed-by: Helm
webhooks:
- admissionReviewVersions: