feat: improve cnpg-cluster chart

this-is-tobi · Feb 22, 2025 · 319b9bc · 319b9bc
1 parent 64e50c1
commit 319b9bc
Show file tree

Hide file tree

Showing 11 changed files with 200 additions and 79 deletions.
diff --git a/charts/cnpg-cluster/Chart.yaml b/charts/cnpg-cluster/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 name: cnpg-cluster
 type: application
-version: 0.6.2
-appVersion: "0.1.0"
+version: 0.7.0
+appVersion: "1.25.0"
 description: A Helm Chart to deploy easily a CNPG cluster
 home: https://cloudnative-pg.io
 deprecated: false
@@ -16,6 +16,7 @@ dependencies:
   condition: cnpg-operator.enabled
 sources:
 - https://github.com/this-is-tobi/helm-charts
+- https://artifacthub.io/packages/helm/cloudnative-pg/cloudnative-pg
 maintainers:
 - name: this-is-tobi
   email: [email protected]

diff --git a/charts/cnpg-cluster/README.md b/charts/cnpg-cluster/README.md
@@ -1,6 +1,6 @@
 # cnpg-cluster
 
-![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.0](https://img.shields.io/badge/AppVersion-1.25.0-informational?style=flat-square)
 
 A Helm Chart to deploy easily a CNPG cluster
 
@@ -15,6 +15,7 @@ A Helm Chart to deploy easily a CNPG cluster
 ## Source Code
 
 * <https://github.com/this-is-tobi/helm-charts>
+* <https://artifacthub.io/packages/helm/cloudnative-pg/cloudnative-pg>
 
 ## Requirements
 
@@ -26,43 +27,57 @@ A Helm Chart to deploy easily a CNPG cluster
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| annotations | object | `{}` | Additional cnpg cluster annotations. |
-| backup.compression | string | `""` | Which compression algorithm should be used for cnpg backups (should be one of "gzip", "bzip2" or "snappy"). |
+| annotations | object | `{}` | Additional annotations for created resources. |
+| backup.compression | string | `""` | Which compression algorithm should be used for cnpg backups (should be one of "gzip", "bzip2" or "snappy"), leave blank to disable compression. |
 | backup.cron | string | `"0 0 */6 * * *"` | The cron rule used for cnpg backups. By default it runs every 6 hours. |
 | backup.destinationPath | string | `""` | S3 destination path for cnpg backups (it should be set like `s3://<bucket_name>/<path>`). |
 | backup.enabled | bool | `false` | Whether or not cnpg cluster deployment should be enabled. |
-| backup.endpointCA.create | bool | `false` | Whether or not to create S3 CA kubernetes secret used for cnpg backups. It will use `secretName`, `accessKeyId.key`, `accessKeyId.value`, `secretAccessKey.key` and `secretAccessKey.value` to create the secret. |
-| backup.endpointCA.key | string | `""` | The secret key containing S3 CA for cnpg backups. |
-| backup.endpointCA.secretName | string | `""` | The secret name containing S3 CA for cnpg backups. |
+| backup.endpointCA.create | bool | `false` | Whether or not to create S3 CA kubernetes secret used for cnpg backups. It will use `secretName`, `endpointCA.key` and `endpointCA.value` to create the secret. |
+| backup.endpointCA.key | string | `"ca.crt"` | The secret key containing S3 CA for cnpg backups. |
+| backup.endpointCA.secretName | string | `""` | The secret name containing S3 CA for cnpg backups, leave it empty to auto-generate the secret name. |
 | backup.endpointCA.value | string | `""` | The S3 certificate used for cnpg backups. Only needed if `backup.endpointCA.create` is set to `true`. |
 | backup.endpointURL | string | `""` | S3 endpoint for cnpg backups. |
 | backup.maxParallelWal | int | `8` | The number of parallel process that will be applied when applying wals. |
-| backup.recoveryTarget | object | `{}` | Recovery target config to perform a point in time recovery when restore. |
 | backup.retentionPolicy | string | `"14d"` | Retention policy for cnpg backups recurrences. |
 | backup.s3Credentials.accessKeyId.key | string | `"accessKeyId"` | S3 accessKeyId kubernetes secret key used for cnpg backups. |
 | backup.s3Credentials.accessKeyId.value | string | `""` | S3 accessKeyId value used for cnpg backups. Only needed if `backup.s3Credentials.create` is set to `true`. |
 | backup.s3Credentials.create | bool | `false` | Whether or not to create S3 credentials kubernetes secret used for cnpg backups. It will use `secretName`, `accessKeyId.key`, `accessKeyId.value`, `secretAccessKey.key` and `secretAccessKey.value` to create the secret. |
 | backup.s3Credentials.secretAccessKey.key | string | `"secretAccessKey"` | S3 secretAccessKey kubernetes secret key used for cnpg backups. |
 | backup.s3Credentials.secretAccessKey.value | string | `""` | S3 secretAccessKey value used for cnpg backups. Only needed if `backup.s3Credentials.create` is set to `true`. |
-| backup.s3Credentials.secretName | string | `""` | S3 kubernetes secret name used for cnpg backups. |
+| backup.s3Credentials.secretName | string | `""` | S3 kubernetes secret name used for cnpg backups, leave it empty to auto-generate the secret name. |
+| bootstrap.initDbExtraArgs | object | `{}` | Extra configuration of the initDb bootstrap process (See. https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-BootstrapInitDB). |
+| bootstrap.recoveryExtraArgs | object | `{}` | Extra configuration of the recovery bootstrap process (See. https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-BootstrapRecovery). |
+| cnpg-operator.config.clusterWide | bool | `true` | This option determines if the operator is responsible for observing events across the entire Kubernetes cluster or if its focus should be narrowed down to the specific namespace within which it has been deployed. |
+| cnpg-operator.crds.create | bool | `true` | Specifies whether the CRDs should be created when installing the chart. |
 | cnpg-operator.enabled | bool | `false` | Whether or not cnpg operator should be deployed. |
-| dbName | string | `"dbname"` | Name of the database. |
+| dbName | string | `""` | Name of the database (Default to the `nameOverride` value or the name of the Helm release). |
 | enableSuperuserAccess | bool | `true` | Enable superuser access. |
 | exposed | bool | `false` | Whether or not a NodePort service should be created to exposed the database. |
 | fullnameOverride | string | `""` | String to fully override the default application name. |
+| imageCredentials.email | string | `""` | Email to pull images. |
+| imageCredentials.password | string | `""` | Password to pull images. |
+| imageCredentials.registry | string | `""` | Registry to pull images from. |
+| imageCredentials.username | string | `""` | Username to pull images. |
 | imageName | string | `""` | Name of the image used for database.  By default (empty string), the operator will install the latest available minor version of the latest major version of PostgreSQL when the operator was released |
 | instances | int | `3` | Number of instances to spawn in the cluster. |
 | labels | object | `{}` | Additional cnpg cluster labels. |
 | mode | string | `"primary"` | Mode used to deploy the cnpg cluster, it should be `primary`, `replica` or `restore`. |
 | nameOverride | string | `""` | Provide a name in place of the default application name. |
 | nodePort | string | `nil` | Port used for NodePort service. Needs `exposed` tu be true. |
 | parameters | object | `{}` | Customize Postgresql parameters. |
+| password | string | `""` | Password of the database user (leave empty to auto-generate the password). |
+| pgHba | list | `[]` | Client authentication entries for pg_hba.conf file (See. https://www.postgresql.org/docs/current/auth-pg-hba-conf.html). |
+| postgresPassword | string | `""` | Password of the postgres superuser (leave empty to auto-generate the password). |
 | primaryUpdateStrategy | string | `"unsupervised"` | Rolling update strategy used : unsupervised: automated update of the primary once all replicas have been upgraded (default) supervised: requires manual supervision to perform the switchover of the primary |
 | pvcSize.data | string | `"10Gi"` | Size of the data PVC used by each cnpg instance. |
 | pvcSize.wal | string | `"5Gi"` | Size of the WAL PVC used by each cnpg instance (if value is `null` then WAL files are stored within the data PVC). |
 | replica.host | string | `""` | Primary cnpg cluster host used for replica mode. |
 | replica.port | int | `5432` | Primary cnpg cluster port used for replica mode. |
-| username | string | `"username"` | Username of the database user. |
+| resources.limits.cpu | string | `"500m"` | CPU limit for the database instance. |
+| resources.limits.memory | string | `"1Gi"` | Memory limit for the database instance. |
+| resources.requests.cpu | string | `"250m"` | CPU request for the database instance. |
+| resources.requests.memory | string | `"512Mi"` | Memory request for the database instance. |
+| username | string | `""` | Username of the database user (Default to the `nameOverride` value or the name of the Helm release). |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/charts/cnpg-cluster/templates/_helpers.tpl b/charts/cnpg-cluster/templates/_helpers.tpl
@@ -103,4 +103,7 @@ Labels
 {{- define "template.labels" -}}
 {{ include "template.common.labels" . }}
 {{ include "template.selectorLabels" . }}
+{{ range $key, $val := .Values.labels }}
+{{- $key }}: {{ $val }}
+{{- end }}
 {{- end }}
diff --git a/charts/cnpg-cluster/templates/backup-secret-ca.yaml b/charts/cnpg-cluster/templates/backup-secret-ca.yaml
@@ -2,9 +2,11 @@
 kind: Secret
 apiVersion: v1
 metadata:
-  name: {{ .Values.backup.endpointCA.secretName | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
-  labels:
-    {{- include "template.labels" . | nindent 4 }}
+  name: {{ .Values.backup.endpointCA.secretName | default (printf "%s-%s" (include "template.fullname" .) "backup-ca") }}
+  labels: {{- include "template.labels" . | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations: {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
 data:
   {{ .Values.backup.endpointCA.key | indent 2 -}}: {{ .Values.backup.endpointCA.value | b64enc }}
 {{- end -}}
diff --git a/charts/cnpg-cluster/templates/backup-secret-creds.yaml b/charts/cnpg-cluster/templates/backup-secret-creds.yaml
@@ -2,9 +2,11 @@
 kind: Secret
 apiVersion: v1
 metadata:
-  name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
-  labels:
-    {{- include "template.labels" . | nindent 4 }}
+  name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "template.fullname" .) "backup-creds") }}
+  labels: {{- include "template.labels" . | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations: {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
 data:
   {{ .Values.backup.s3Credentials.accessKeyId.key | indent 2 -}}: {{ .Values.backup.s3Credentials.accessKeyId.value | b64enc }}
   {{ .Values.backup.s3Credentials.secretAccessKey.key | indent 2 -}}: {{ .Values.backup.s3Credentials.secretAccessKey.value | b64enc }}

diff --git a/charts/cnpg-cluster/templates/image-pullsecret.yml b/charts/cnpg-cluster/templates/image-pullsecret.yml
@@ -0,0 +1,13 @@
+{{- if and .Values.imageCredentials.username .Values.imageCredentials.password }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "template.fullname" . }}-pullsecret
+  labels: {{- include "template.labels" . | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations: {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "template.imagePullSecret" . }}
+{{- end }}
diff --git a/charts/cnpg-cluster/templates/pg-cluster-secret-creds.yaml b/charts/cnpg-cluster/templates/pg-cluster-secret-creds.yaml
@@ -0,0 +1,30 @@
+kind: Secret
+apiVersion: v1
+type: kubernetes.io/basic-auth
+metadata:
+  name: {{ printf "%s-%s" (include "template.fullname" .) "admin" }}
+  labels: {{- include "template.labels" . | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations: {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
+data:
+  username: {{ "postgres" | b64enc }}
+  password: {{ (.Values.postgresPassword | default (randAlphaNum 24)) | b64enc }}
+
+---
+kind: Secret
+apiVersion: v1
+type: kubernetes.io/basic-auth
+metadata:
+  name: {{ printf "%s-%s" (include "template.fullname" .) "app" }}
+  labels:
+    {{- include "template.labels" . | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations:
+    {{- with .Values.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+data:
+  username: {{ (.Values.username | default .Values.fullnameOverride | default .Values.nameOverride | default .Release.Name) | b64enc }}
+  password: {{ (.Values.password | default (randAlphaNum 24)) | b64enc }}
diff --git a/charts/cnpg-cluster/templates/pg-cluster.yaml b/charts/cnpg-cluster/templates/pg-cluster.yaml
@@ -1,62 +1,74 @@
 apiVersion: postgresql.io/v1
 kind: Cluster
 metadata:
-  name: {{ .Values.nameOverride | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
-  labels:
-    {{- include "template.labels" . | nindent 4 }}
-    {{- with .Values.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-  annotations:
-    {{- with .Values.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
+  name: {{ include "template.fullname" . }}
+  labels: {{- include "template.labels" . | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations: {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
 spec:
   instances: {{ .Values.instances }}
   {{- if .Values.imageName }}
   imageName: {{ .Values.imageName }}
   {{- end }}
+  {{- if and .Values.imageCredentials.username .Values.imageCredentials.password }}
+  imagePullSecrets:
+  - name: {{ include "template.fullname" . }}-pullsecret
+  {{- end }}
   postgresql:
+    {{- if .Values.parameters }}
     parameters:
       {{- with .Values.parameters }}
       {{- toYaml . | nindent 6 }}
       {{- end }}
+    {{- end }}
+    {{- if .Values.pgHba }}
     pg_hba:
-      - {{ printf "%s %s %s %s %s" "host" .Values.dbName .Values.username "all" "md5" }}
-      - {{ printf "%s %s %s %s %s" "host" .Values.dbName "streaming_replica" "all" "md5" }}
+      {{- with .Values.pgHba }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    {{- end }}
+  superuserSecret:
+    name: {{ printf "%s-%s" (include "template.fullname" .) "admin" }}
   bootstrap:
   {{- if eq .Values.mode "primary" }}
     initdb:
-      database: {{ .Values.dbName }}
-      owner: {{ .Values.username }}
+      database: {{ .Values.dbName | default .Values.fullnameOverride | default .Values.nameOverride | default .Release.Name }}
+      owner: {{ .Values.username | default .Values.fullnameOverride | default .Values.nameOverride | default .Release.Name }}
+      secret:
+        name: {{ printf "%s-%s" (include "template.fullname" .) "app" }}
+      {{- if .Values.bootstrap.initDbExtraArgs }}
+      {{- with .Values.bootstrap.initDbExtraArgs }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- end }}
   {{- else if or (eq .Values.mode "replica") (eq .Values.mode "restore") }}
     recovery:
-      source: {{ .Values.nameOverride | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
-      {{- if .Values.backup.recoveryTarget }}
-      recoveryTarget: 
-        {{- with .Values.backup.recoveryTarget }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
+      source: {{ include "template.fullname" . }}
+      {{- if .Values.bootstrap.recoveryExtraArgs }}
+      {{- with .Values.bootstrap.recoveryExtraArgs }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
       {{- end }}
   externalClusters:
-  - name: {{ .Values.nameOverride | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
+  - name: {{ include "template.fullname" . }}
     {{- if or (.Values.backup.enabled) (eq .Values.mode "restore") }}
     barmanObjectStore:
       wal:
         maxParallel: {{ .Values.backup.maxParallelWal }}
       destinationPath: {{ .Values.backup.destinationPath }}
       endpointURL: {{ .Values.backup.endpointURL }}
-      {{- if .Values.backup.endpointCA.name }}
+      {{- if .Values.backup.endpointCA.secretName }}
       endpointCA:
-        name: {{ .Values.backup.endpointCA.name }}
+        name: {{ .Values.backup.endpointCA.secretName | default (printf "%s-%s" (include "template.fullname" .) "backup-ca") }}
         key: {{ .Values.backup.endpointCA.key }}
       {{- end }}
       s3Credentials:
         accessKeyId:
-          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
+          name: {{ .Values.backup.s3Credentials.secretName | default (include "template.fullname" .) }}
           key: {{ .Values.backup.s3Credentials.accessKeyId.key }}
         secretAccessKey:
-          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
+          name: {{ .Values.backup.s3Credentials.secretName | default (include "template.fullname" .) }}
           key: {{ .Values.backup.s3Credentials.secretAccessKey.key }}
     {{- end }}
     {{- if eq .Values.mode "replica" }}
@@ -66,20 +78,20 @@ spec:
       dbname: {{ .Values.dbName }}
       sslmode: prefer
     sslKey:
-      name: {{ (printf "%s-%s" .Values.nameOverride "replication") | default (printf "%s-%s-%s" (include "template.fullname" .) "pg-cluster" "replication") }}
+      name: {{ printf "%s-%s" (include "template.fullname" .) "replication" }}
       key: tls.key
     sslCert:
-      name: {{ (printf "%s-%s" .Values.nameOverride "replication") | default (printf "%s-%s-%s" (include "template.fullname" .) "pg-cluster" "replication") }}
+      name: {{ printf "%s-%s" (include "template.fullname" .) "replication" }}
       key: tls.crt
     sslRootCert:
-      name: {{ (printf "%s-%s" .Values.nameOverride "ca") | default (printf "%s-%s-%s" (include "template.fullname" .) "pg-cluster" "ca") }}
+      name: {{ printf "%s-%s" (include "template.fullname" .) "ca" }}
       key: ca.crt
     {{- end }}
   {{- end }}
   {{- if eq .Values.mode "replica" }}
   replica:
     enabled: true
-    source: {{ .Values.nameOverride | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
+    source: {{ include "template.fullname" . }}
   {{- end }}
   enableSuperuserAccess: {{ .Values.enableSuperuserAccess }}
   primaryUpdateStrategy: {{ .Values.primaryUpdateStrategy }}
@@ -89,20 +101,23 @@ spec:
   walStorage:
     size: {{ .Values.pvcSize.wal }}
   {{- end }}
+  resources: {{- toYaml .Values.resources | nindent 4 }}
   {{- if .Values.backup.enabled }}
   backup:
     barmanObjectStore:
       destinationPath: {{ .Values.backup.destinationPath }}
       endpointURL: {{ .Values.backup.endpointURL }}
+      {{- if .Values.backup.endpointCA.secretName }}
       endpointCA:
-        name: {{ .Values.backup.endpointCA.name }}
+        name: {{ .Values.backup.endpointCA.secretName | default (printf "%s-%s" (include "template.fullname" .) "backup-ca") }}
         key: {{ .Values.backup.endpointCA.key }}
+      {{- end }}
       s3Credentials:
         accessKeyId:
-          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
+          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "template.fullname" .) "backup-creds") }}
           key: {{ .Values.backup.s3Credentials.accessKeyId.key }}
         secretAccessKey:
-          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
+          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "template.fullname" .) "backup-creds") }}
           key: {{ .Values.backup.s3Credentials.secretAccessKey.key }}
       {{- if .Values.backup.compression }}
       data:

diff --git a/charts/cnpg-cluster/templates/scheduled-backup.yaml b/charts/cnpg-cluster/templates/scheduled-backup.yaml
@@ -2,12 +2,14 @@
 apiVersion: postgresql.io/v1
 kind: ScheduledBackup
 metadata:
-  name: {{ .Values.nameOverride | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
-  labels:
-    {{- include "template.labels" . | nindent 4 }}
+  name: {{ include "template.fullname" . }}
+  labels: {{- include "template.labels" . | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations: {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
 spec:
   schedule: {{ .Values.backup.cron }}
   backupOwnerReference: self
   cluster:
-    name: {{ .Values.nameOverride | default (printf "%s-%s" (include "template.fullname" .) "pg-cluster") }}
+    name: {{ include "template.fullname" . }}
 {{- end }}