feat: port features from cnpg chart

Signed-off-by: Niccolò Fei <[email protected]>

charts/edb-postgres-for-kubernetes/templates/deployment.yaml

@@ -30,24 +30,38 @@ spec:
       {{- include "edb-postgres-for-kubernetes.selectorLabels" . | nindent 6 }}
   template:
     metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
       {{- with .Values.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
         {{- include "edb-postgres-for-kubernetes.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.hostNetwork }}
+      hostNetwork: {{ .Values.hostNetwork }}
+      {{- end }}
+      {{- if .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy }}
+      {{- end }}
       containers:
       - args:
         - controller
         - --leader-elect
-        {{- with .Values.config.name }}
-        - --config-map-name={{ . }}
-        - --secret-name={{ . }}
+        {{- if .Values.config.name }}
+        {{- if not .Values.config.secret }}
+        - --config-map-name={{ .Values.config.name }}
+        {{- else }}
+        - --secret-name={{ .Values.config.name }}
+        {{- end }}
         {{- end }}
         - --webhook-port={{ .Values.webhook.port }}
         {{- range .Values.additionalArgs }}
@@ -68,6 +82,9 @@ spec:
         - name: WATCH_NAMESPACE
           value: "{{ .Release.Namespace }}"
         {{- end }}
+        {{- if .Values.additionalEnv }}
+        {{- tpl (.Values.additionalEnv | toYaml) . | nindent 8 }}
+        {{- end }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         livenessProbe:

charts/edb-postgres-for-kubernetes/templates/rbac.yaml

@@ -106,4 +106,54 @@ subjects:
   name: {{ include "edb-postgres-for-kubernetes.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
 {{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "edb-postgres-for-kubernetes.fullname" . }}-view
+  labels:
+    {{- include "edb-postgres-for-kubernetes.labels" . | nindent 4 }}
+    {{- if .Values.rbac.aggregateClusterRoles }}
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- end }}
+rules:
+- apiGroups:
+  - postgresql.k8s.enterprisedb.io
+  resources:
+  - backups
+  - clusters
+  - poolers
+  - scheduledbackups
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "edb-postgres-for-kubernetes.fullname" . }}-edit
+  labels:
+    {{- include "edb-postgres-for-kubernetes.labels" . | nindent 4 }}
+    {{- if .Values.rbac.aggregateClusterRoles }}
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- end }}
+rules:
+- apiGroups:
+  - postgresql.k8s.enterprisedb.io
+  resources:
+  - backups
+  - clusters
+  - poolers
+  - scheduledbackups
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+---
 {{- end }}

charts/edb-postgres-for-kubernetes/values.schema.json

@@ -5,6 +5,9 @@
         "additionalArgs": {
             "type": "array"
         },
+        "additionalEnv": {
+            "type": "array"
+        },
         "affinity": {
             "type": "object"
         },
@@ -75,9 +78,15 @@
                 }
             }
         },
+        "dnsPolicy": {
+            "type": "string"
+        },
         "fullnameOverride": {
             "type": "string"
         },
+        "hostNetwork": {
+            "type": "boolean"
+        },
         "image": {
             "type": "object",
             "properties": {
@@ -115,6 +124,23 @@
         "imagePullSecrets": {
             "type": "array"
         },
+        "monitoring": {
+            "type": "object",
+            "properties": {
+                "podMonitorAdditionalLabels": {
+                    "type": "object"
+                },
+                "podMonitorEnabled": {
+                    "type": "boolean"
+                },
+                "podMonitorMetricRelabelings": {
+                    "type": "array"
+                },
+                "podMonitorRelabelings": {
+                    "type": "array"
+                }
+            }
+        },
         "monitoringQueriesConfigMap": {
             "type": "object",
             "properties": {
@@ -135,6 +161,9 @@
         "podAnnotations": {
             "type": "object"
         },
+        "podLabels": {
+            "type": "object"
+        },
         "podSecurityContext": {
             "type": "object",
             "properties": {
@@ -157,6 +186,9 @@
         "rbac": {
             "type": "object",
             "properties": {
+                "aggregateClusterRoles": {
+                    "type": "boolean"
+                },
                 "create": {
                     "type": "boolean"
                 }
@@ -193,25 +225,6 @@
                 }
             }
         },
-        "test": {
-            "type": "object",
-            "properties": {
-                "image": {
-                    "type": "object",
-                    "properties": {
-                        "pullPolicy": {
-                            "type": "string"
-                        },
-                        "repository": {
-                            "type": "string"
-                        },
-                        "tag": {
-                            "type": "string"
-                        }
-                    }
-                }
-            }
-        },
         "tolerations": {
             "type": "array"
         },

charts/edb-postgres-for-kubernetes/values.yaml

@@ -36,9 +36,14 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+hostNetwork: false
+dnsPolicy: ""
+
 crds:
+  # -- Specifies whether the CRDs should be created when installing the chart.
   create: true
 
+# -- The webhook configuration.
 webhook:
   port: 9443
   mutating:
@@ -56,23 +61,34 @@ webhook:
 config:
   # -- Specifies whether the secret should be created
   create: true
-  # -- Specifies whether it should be stored in a secret, instead of a configmap
+  # -- The name of the configmap/secret to use.
+  name: postgresql-operator-controller-manager-config
+  # -- Specifies whether it should be stored in a secret, instead of a configmap.
   secret: false
   # -- This option determines if the operator is responsible for observing
   # events across the entire Kubernetes cluster or if its focus should be
   # narrowed down to the specific namespace within which it has been deployed.
   clusterWide: true
-  # Examples:
+  # -- The content of the configmap/secret, see
+  # https://www.enterprisedb.com/docs/postgres_for_kubernetes/latest/operator_conf/#available-options
+  # for all the available options.
+  data: {}
   # INHERITED_ANNOTATIONS: categories
   # INHERITED_LABELS: environment, workload, app
+  # WATCH_NAMESPACE: namespace-a,namespace-b
   # EDB_LICENSE_KEY: <YOUR_EDB_LICENSE_KEY_HERE>
 
-  data: {}
-  name: postgresql-operator-controller-manager-config
-
 # -- Additional arguments to be added to the operator's args list
 additionalArgs: []
 
+# -- Array containing extra environment variables which can be templated.
+# For example:
+#  - name: RELEASE_NAME
+#    value: "{{ .Release.Name }}"
+#  - name: MY_VAR
+#    value: "mySpecialKey"
+additionalEnv: []
+
 serviceAccount:
   # -- Specifies whether the service account should be created
   create: true
@@ -83,11 +99,16 @@ serviceAccount:
 rbac:
   # -- Specifies whether ClusterRole and ClusterRoleBinding should be created
   create: true
+  # -- Aggregate ClusterRoles to Kubernetes default user-facing roles.
+  # Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
+  aggregateClusterRoles: false
 
-# -- Annotations to be added to the pod
-podAnnotations: {}
-# -- Annotations to be added to all other resources
+# -- Annotations to be added to all other resources.
 commonAnnotations: {}
+# -- Annotations to be added to the pod.
+podAnnotations: {}
+# -- Labels to be added to the pod.
+podLabels: {}
 
 # -- Container Security Context
 containerSecurityContext:
@@ -138,12 +159,16 @@ tolerations: []
 # -- Affinity for the operator to be installed
 affinity: {}
 
-# -- Test related configurations
-test:
-  image:
-    repository: busybox
-    pullPolicy: IfNotPresent
-    tag: "latest"
+monitoring:
+
+  # -- Specifies whether the monitoring should be enabled. Requires Prometheus Operator CRDs.
+  podMonitorEnabled: false
+  # -- Metrics relabel configurations to apply to samples before ingestion.
+  podMonitorMetricRelabelings: []
+  # -- Relabel configurations to apply to samples before scraping.
+  podMonitorRelabelings: []
+  # -- Additional labels for the podMonitor
+  podMonitorAdditionalLabels: {}
 
 # Default monitoring queries
 monitoringQueriesConfigMap: