Merge branch 'main' into phil/configure

.github/workflows/tests-cluster-chainsaw.yaml

@@ -26,7 +26,7 @@ jobs:
           helm install prometheus-crds prometheus-community/prometheus-operator-crds
 
       - name: Install Chainsaw
-        uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
+        uses: kyverno/action-install-chainsaw@b2f61a8d0459a65c476ac802514d88e1612b3396 # v0.2.9
 
       - name: Setup MinIO
         run: |

charts/cluster/README.md

@@ -153,6 +153,7 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | cluster.annotations | object | `{}` |  |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
 | cluster.enableSuperuserAccess | bool | `true` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
+| cluster.imageCatalogRef | object | `{}` | Reference to `ImageCatalog` of `ClusterImageCatalog`, if specified takes precedence over `cluster.imageName` |
 | cluster.imageName | string | `""` | Name of the container image, supporting both tags (<image>:<tag>) and digests for deterministic and repeatable deployments: <image>:<tag>@sha256:<digestValue> |
 | cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
@@ -164,10 +165,12 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
 | cluster.monitoring.prometheusRule.enabled | bool | `true` | Whether to enable the PrometheusRule automated alerts |
 | cluster.monitoring.prometheusRule.excludeRules | list | `[]` | Exclude specified rules |
-| cluster.postgresGID | int | `26` | The GID of the postgres user inside the image, defaults to 26 |
-| cluster.postgresUID | int | `26` | The UID of the postgres user inside the image, defaults to 26 |
+| cluster.postgresGID | int | `-1` | The GID of the postgres user inside the image, defaults to 26 |
+| cluster.postgresUID | int | `-1` | The UID of the postgres user inside the image, defaults to 26 |
 | cluster.postgresql.parameters | object | `{}` | PostgreSQL configuration options (postgresql.conf) |
 | cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
+| cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
+| cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
 | cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
 | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
 | cluster.priorityClassName | string | `""` |  |
@@ -180,6 +183,8 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | cluster.walStorage.size | string | `"1Gi"` |  |
 | cluster.walStorage.storageClass | string | `""` |  |
 | fullnameOverride | string | `""` | Override the full name of the chart |
+| imageCatalog.create | bool | `true` | Whether to provision an image catalog. If imageCatalog.images is empty this option will be ignored. |
+| imageCatalog.images | list | `[]` | List of images to be provisioned in an image catalog. |
 | mode | string | `"standalone"` | Cluster mode of operation. Available modes: * `standalone` - default mode. Creates new or updates an existing CNPG cluster. * `replica` - Creates a replica cluster from an existing CNPG cluster. # TODO * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup. |
 | nameOverride | string | `""` | Override the name of the chart |
 | pooler.enabled | bool | `false` | Whether to enable PgBouncer |
@@ -236,7 +241,11 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | recovery.s3.secretKey | string | `""` |  |
 | recovery.secret.create | bool | `true` | Whether to create a secret for the backup credentials |
 | recovery.secret.name | string | `""` | Name of the backup credentials secret |
-| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` |
+| type | string | `"postgresql"` | Type of the CNPG database. Available types: * `postgresql` * `postgis` * `timescaledb` * `paradedb` |
+| version.paradedb | string | `"0.9.3"` | If using ParadeDB, specify the version |
+| version.postgis | string | `"3.4"` | If using PostGIS, specify the version |
+| version.postgresql | string | `"16"` | PostgreSQL major version to use |
+| version.timescaledb | string | `"2.15"` | If using TimescaleDB, specify the version |
 
 ## Maintainers
 

charts/cluster/README.md.gotmpl

@@ -69,6 +69,8 @@ Cluster Configuration
 Currently the chart supports two database types. These are configured via the `type` parameter. These are:
 * `postgresql` - A standard PostgreSQL database.
 * `postgis` - A PostgreSQL database with the PostGIS extension installed.
+* `timescaledb` - A PostgreSQL database with the TimescaleDB extension installed.
+* `paradedb` - A PostgreSQL database with the ParadeDB extensions (`pg_search` and `pg_analytics`) installed.
 
 Depending on the type the chart will use a different Docker image and fill in some initial setup, like extension installation.
 

charts/cluster/examples/basic.yaml

@@ -1,4 +1,6 @@
 mode: standalone
+version:
+  postgresql: "16"
 cluster:
   instances: 1
 backups:

charts/cluster/examples/image-catalog-ref.yaml

@@ -0,0 +1,12 @@
+type: postgresql
+mode: standalone
+version:
+  major: "16"
+  timescaledb: "2.15"
+cluster:
+  instances: 1
+  imageCatalogRef:
+    kind: ImageCatalog
+    name: my-image-catalog
+backups:
+  enabled: false

charts/cluster/examples/image-catalog.yaml

@@ -0,0 +1,14 @@
+type: postgresql
+mode: standalone
+version:
+  major: "16"
+  timescaledb: "2.15"
+cluster:
+  instances: 1
+backups:
+  enabled: false
+imageCatalog:
+  create: true
+  images:
+    - major: 16
+      image: my-custom-postgres-image:mytag

charts/cluster/examples/postgis.yaml

@@ -1,6 +1,9 @@
 type: postgis
 mode: standalone
+version:
+  postgresql: "16"
+  postgis: "3.4"
 cluster:
   instances: 1
 backups:
-  enabled: false
+  enabled: false

charts/cluster/examples/timescaledb.yaml

@@ -0,0 +1,9 @@
+type: timescaledb
+mode: standalone
+version:
+  postgresql: "15.7"
+  timescaledb: "2.15"
+cluster:
+  instances: 1
+backups:
+  enabled: false

charts/cluster/templates/NOTES.txt

@@ -37,7 +37,7 @@ Configuration
   {{- $redundancyColor = "ok" -}}
 {{- end }}
 
-{{ $scheduledBackups := (first .Values.backups.scheduledBackups).name }}
+{{- $scheduledBackups := (first .Values.backups.scheduledBackups).name -}}
 {{- range (rest .Values.backups.scheduledBackups) -}}
   {{ $scheduledBackups = printf "%s, %s" $scheduledBackups .name }}
 {{- end -}}
@@ -54,12 +54,19 @@ Configuration
   {{- end -}}
 {{- end -}}
 
+{{- $image := (include "cluster.image" .) | fromYaml -}}
+{{- if $image.imageCatalogRef -}}
+  {{- $image = printf "%s: %s(%s)" $image.imageCatalogRef.kind $image.imageCatalogRef.name (include "cluster.postgresqlMajor" .) -}}
+{{- else if $image.imageName -}}
+  {{- $image = $image.imageName -}}
+{{- end }}
+
 ╭───────────────────┬──────────────────────────────────────────────────────────╮
 │ Configuration     │ Value                                                    │
 ┝━━━━━━━━━━━━━━━━━━━┿━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┥
 │ Cluster mode      │ {{ printf "%-56s" $mode }} │
 │ Type              │ {{ printf "%-56s" .Values.type }} │
-│ Image             │ {{ include "cluster.color-info" (printf "%-56s" (include "cluster.imageName" .)) }} │
+│ Image             │ {{ include "cluster.color-info" (printf "%-56s" $image) }} │
 {{- if eq .Values.mode "recovery" }}
 │ Source            │ {{ printf "%-56s" $source }} │
 {{- end }}

charts/cluster/templates/_bootstrap.tpl

@@ -3,7 +3,7 @@
 bootstrap:
   initdb:
     {{- with .Values.cluster.initdb }}
-        {{- with (omit . "postInitApplicationSQL") }}
+        {{- with (omit . "postInitApplicationSQL" "postInitTemplateSQL") }}
             {{- . | toYaml | nindent 4 }}
         {{- end }}
     {{- end }}
@@ -15,11 +15,32 @@ bootstrap:
       - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
       {{- else if eq .Values.type "timescaledb" }}
       - CREATE EXTENSION IF NOT EXISTS timescaledb;
+      {{- else if eq .Values.type "paradedb" }}
+      - CREATE EXTENSION IF NOT EXISTS pg_search;
+      - CREATE EXTENSION IF NOT EXISTS pg_analytics;
+      - CREATE EXTENSION IF NOT EXISTS pg_ivm;
+      - CREATE EXTENSION IF NOT EXISTS vector;
+      - CREATE EXTENSION IF NOT EXISTS vectorscale;
+      - ALTER DATABASE "{{ default "app" .Values.cluster.initdb.database }}" SET search_path TO public,paradedb;
       {{- end }}
       {{- with .Values.cluster.initdb }}
-          {{- range .postInitApplicationSQL }}
-            {{- printf "- %s" . | nindent 6 }}
-          {{- end -}}
+        {{- range .postInitApplicationSQL }}
+          {{- printf "- %s" . | nindent 6 }}
+        {{- end -}}
+      {{- end }}
+    postInitTemplateSQL:
+      {{- if eq .Values.type "paradedb" }}
+      - CREATE EXTENSION IF NOT EXISTS pg_search;
+      - CREATE EXTENSION IF NOT EXISTS pg_analytics;
+      - CREATE EXTENSION IF NOT EXISTS pg_ivm;
+      - CREATE EXTENSION IF NOT EXISTS vector;
+      - CREATE EXTENSION IF NOT EXISTS vectorscale;
+      - ALTER DATABASE template1 SET search_path TO public,paradedb;
+      {{- end }}
+      {{- with .Values.cluster.initdb }}
+        {{- range .postInitTemplateSQL }}
+          {{- printf "- %s" . | nindent 6 }}
+        {{- end -}}
       {{- end -}}
 {{- else if eq .Values.mode "recovery" -}}
 bootstrap:

charts/cluster/templates/_helpers.tpl

@@ -51,6 +51,20 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: cloudnative-pg
 {{- end }}
 
+{{/*
+Whether we need to use TimescaleDB defaults
+*/}}
+{{- define "cluster.useTimescaleDBDefaults" -}}
+{{ and (eq .Values.type "timescaledb") .Values.imageCatalog.create (empty .Values.cluster.imageCatalogRef.name) (empty .Values.imageCatalog.images) (empty .Values.cluster.imageName) }}
+{{- end -}}
+
+{{/*
+Get the PostgreSQL major version from .Values.version.postgresql
+*/}}
+{{- define "cluster.postgresqlMajor" -}}
+{{ index (regexSplit "\\." (toString .Values.version.postgresql) 2) 0 }}
+{{- end -}}
+
 {{/*
 Cluster Image Name
 If a custom imageName is available, use it, otherwise use the defaults based on the .Values.type
@@ -59,12 +73,65 @@ If a custom imageName is available, use it, otherwise use the defaults based on
     {{- if .Values.cluster.imageName -}}
         {{- .Values.cluster.imageName -}}
     {{- else if eq .Values.type "postgresql" -}}
-        {{- "ghcr.io/cloudnative-pg/postgresql:15.2" -}}
+        {{- printf "ghcr.io/cloudnative-pg/postgresql:%s" .Values.version.postgresql -}}
     {{- else if eq .Values.type "postgis" -}}
-        {{- "ghcr.io/cloudnative-pg/postgis:14" -}}
-    {{- else if eq .Values.type "timescaledb" -}}
-        {{ fail "You need to provide your own cluster.imageName as an official timescaledb image doesn't exist yet." }}
+        {{- printf "ghcr.io/cloudnative-pg/postgis:%s-%s" .Values.version.postgresql .Values.version.postgis -}}
+    {{- else if eq .Values.type "paradedb" -}}
+        {{- printf "paradedb/paradedb:%s-v%s" .Values.version.postgresql .Values.version.paradedb -}}
     {{- else -}}
         {{ fail "Invalid cluster type!" }}
     {{- end }}
 {{- end -}}
+
+{{/*
+Cluster Image
+If imageCatalogRef defined, use it, otherwice calculate ordinary imageName.
+*/}}
+{{- define "cluster.image" }}
+{{- if .Values.cluster.imageCatalogRef.name }}
+imageCatalogRef:
+  apiGroup: postgresql.cnpg.io
+  {{- toYaml .Values.cluster.imageCatalogRef | nindent 2 }}
+  major: {{ include "cluster.postgresqlMajor" . }}
+{{- else if and .Values.imageCatalog.create (not (empty .Values.imageCatalog.images )) }}
+imageCatalogRef:
+  apiGroup: postgresql.cnpg.io
+  kind: ImageCatalog
+  name: {{ include "cluster.fullname" . }}
+  major: {{ include "cluster.postgresqlMajor" . }}
+{{- else if eq (include "cluster.useTimescaleDBDefaults" .) "true" -}}
+imageCatalogRef:
+  apiGroup: postgresql.cnpg.io
+  kind: ImageCatalog
+  name: {{ include "cluster.fullname" . }}-timescaledb-ha
+  major: {{ include "cluster.postgresqlMajor" . }}
+{{- else }}
+imageName: {{ include "cluster.imageName" . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Postgres UID
+*/}}
+{{- define "cluster.postgresUID" -}}
+  {{- if ge (int .Values.cluster.postgresUID) 0 -}}
+    {{- .Values.cluster.postgresUID }}
+  {{- else if and (eq (include "cluster.useTimescaleDBDefaults" .) "true") (eq .Values.type "timescaledb") -}}
+    {{- 1000 -}}
+  {{- else -}}
+    {{- 26 -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Postgres GID
+*/}}
+{{- define "cluster.postgresGID" -}}
+  {{- if ge (int .Values.cluster.postgresGID) 0 -}}
+    {{- .Values.cluster.postgresGID }}
+  {{- else if and (eq (include "cluster.useTimescaleDBDefaults" .) "true") (eq .Values.type "timescaledb") -}}
+    {{- 1000 -}}
+  {{- else -}}
+    {{- 26 -}}
+  {{- end -}}
+{{- end -}}

charts/cluster/templates/cluster.yaml

@@ -13,14 +13,14 @@ metadata:
   {{- end }}
 spec:
   instances: {{ .Values.cluster.instances }}
-  imageName: {{ include "cluster.imageName" . }}
+  {{- include "cluster.image" . | nindent 2 }}
   imagePullPolicy: {{ .Values.cluster.imagePullPolicy }}
-  {{- with .Values.cluster.imagePullSecrets}}
+  {{- with .Values.cluster.imagePullSecrets }}
   imagePullSecrets:
     {{- . | toYaml | nindent 4 }}
   {{- end }}
-  postgresUID: {{ .Values.cluster.postgresUID }}
-  postgresGID: {{ .Values.cluster.postgresGID }}
+  postgresUID: {{ include "cluster.postgresUID" . }}
+  postgresGID: {{ include "cluster.postgresGID" . }}
   storage:
     size: {{ .Values.cluster.storage.size }}
     storageClass: {{ .Values.cluster.storage.storageClass }}
@@ -55,12 +55,21 @@ spec:
     shared_preload_libraries:
       {{- if eq .Values.type "timescaledb" }}
       - timescaledb
+      {{- else if eq .Values.type "paradedb" }}
+      - pg_search
+      - pg_analytics
+      - pg_cron
+      {{- end }}
+      {{- with .Values.cluster.postgresql.shared_preload_libraries }}
+      {{- toYaml . | nindent 6 }}
       {{- end }}
     {{- with .Values.cluster.postgresql }}
     parameters:
       {{- toYaml .parameters | nindent 6 }}
     pg_hba:
       {{- toYaml .pg_hba | nindent 6 }}
+    pg_ident:
+      {{- toYaml .pg_ident | nindent 6 }}
     {{ end }}
 
   managed:

charts/cluster/templates/image-catalog-timescaledb-ha.yaml

@@ -0,0 +1,18 @@
+{{- if eq (include "cluster.useTimescaleDBDefaults" .) "true" -}}
+apiVersion: postgresql.cnpg.io/v1
+kind: ImageCatalog
+metadata:
+  name: {{ include "cluster.fullname" . }}-timescaledb-ha
+spec:
+  images:
+    - major: 12
+      image: timescale/timescaledb-ha:pg15-ts{{ .Values.version.timescaledb }}
+    - major: 13
+      image: timescale/timescaledb-ha:pg15-ts{{ .Values.version.timescaledb }}
+    - major: 14
+      image: timescale/timescaledb-ha:pg15-ts{{ .Values.version.timescaledb }}
+    - major: 15
+      image: timescale/timescaledb-ha:pg15-ts{{ .Values.version.timescaledb }}
+    - major: 16
+      image: timescale/timescaledb-ha:pg16-ts{{ .Values.version.timescaledb }}
+{{ end }}

charts/cluster/templates/image-catalog.yaml

@@ -0,0 +1,12 @@
+{{ if and .Values.imageCatalog.create (not (empty .Values.imageCatalog.images )) }}
+apiVersion: postgresql.cnpg.io/v1
+kind: ImageCatalog
+metadata:
+  name: {{ include "cluster.fullname" . }}
+spec:
+  images:
+    {{- range $image := .Values.imageCatalog.images }}
+    - image: {{ $image.image }}
+      major: {{ $image.major }}
+    {{- end }}
+{{- end }}

charts/cluster/test/paradedb-minio-backup-restore/00-minio_cleanup-assert.yaml

@@ -0,0 +1,6 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: minio-cleanup
+status:
+  succeeded: 1

charts/cluster/test/paradedb-minio-backup-restore/00-minio_cleanup.yaml

@@ -0,0 +1,16 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: minio-cleanup
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: minio-cleanup
+        image: minio/mc
+        command: ['sh', '-c']
+        args:
+         - |
+           mc alias set myminio https://minio.minio.svc.cluster.local minio minio123
+           mc rm --recursive --force myminio/mybucket/paradedb

charts/cluster/test/paradedb-minio-backup-restore/01-paradedb_cluster-assert.yaml

@@ -0,0 +1,6 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: paradedb-cluster
+status:
+  readyInstances: 2