From 515d025466740130b176f52cb1ee4fcfd9ede723 Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Fri, 24 Oct 2025 16:09:57 +0000 Subject: [PATCH] chore(chart-deps): update plugin-barman-cloud to version 0.2.0 --- chart/chart-index/Chart.yaml | 2 +- .../Chart.yaml | 58 +- .../README.md | 26 +- .../templates/_helpers.tpl | 62 -- .../additional-rbac/leader_election.yaml | 9 +- .../additional-rbac/metrics_auth.yaml | 48 -- .../additional-rbac/metrics_reader_role.yaml | 27 - .../objectstore_editor_role.yaml | 44 -- .../objectstore_viewer_role.yaml | 40 - .../templates/certificate-issuer.yaml | 5 +- .../templates/client-certificate.yaml | 9 +- .../templates/configmap.yaml | 6 +- .../templates/crds/crds.yaml | 76 +- .../templates/deployment.yaml | 5 +- .../templates/rbac.yaml | 68 +- .../templates/server-certificate.yaml | 9 +- .../templates/service.yaml | 5 +- .../01-simple_deployment-assert.yaml | 254 +++++++ .../01-simple_deployment.yaml | 7 + .../test/simple-deployment/chainsaw-test.yaml | 31 + .../values.schema.json | 692 ++++++++++++------ .../values.yaml | 69 +- 22 files changed, 1010 insertions(+), 542 deletions(-) delete mode 100644 charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/metrics_auth.yaml delete mode 100644 charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/metrics_reader_role.yaml delete mode 100644 charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/objectstore_editor_role.yaml delete mode 100644 charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/objectstore_viewer_role.yaml create mode 100644 charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/01-simple_deployment-assert.yaml create mode 100644 charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/01-simple_deployment.yaml create mode 100644 charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/chainsaw-test.yaml diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 2baed1fa3c..9cf60820f2 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -16,7 +16,7 @@ dependencies: repository: https://cloudnative-pg.github.io/charts - name: plugin-barman-cloud alias: cloudnative-pg-plugin-barman-cloud - version: 0.1.0 + version: 0.2.0 repository: https://cloudnative-pg.github.io/charts - name: external-dns version: 1.19.0 diff --git a/charts/cloudnative-pg-plugin-barman-cloud/Chart.yaml b/charts/cloudnative-pg-plugin-barman-cloud/Chart.yaml index 2ad803c72b..9d410b4199 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/Chart.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/Chart.yaml @@ -1,40 +1,26 @@ -# -# Copyright The CloudNativePG Contributors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# apiVersion: v2 -name: plugin-barman-cloud -description: CloudNativePG plugin for barman cloud Helm Chart +appVersion: v0.7.0 +description: Helm Chart for CloudNativePG's CNPG-I backup plugin using Barman Cloud +home: https://cloudnative-pg.io icon: https://raw.githubusercontent.com/cloudnative-pg/artwork/main/cloudnativepg-logo.svg -type: application -version: "0.1.0" -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning, they should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "v0.5.0" -sources: - - https://github.com/cloudnative-pg/plugin-barman-cloud keywords: - - barman - - backup - - postgresql - - postgres - - database -home: https://cloudnative-pg.io +- barman +- cloud +- backup +- postgresql +- postgres +- database +- cloudnativepg +- cloudnative-pg maintainers: - - name: quantumenigmaa - email: thibaud.vaisseau@gmail.com - - name: quentinbisson - email: quentin.bisson@gmail.com +- email: itay@verito.digital + name: itay-grudev +- email: thibaud.vaisseau@gmail.com + name: quantumenigmaa +- email: quentin.bisson@gmail.com + name: quentinbisson +name: plugin-barman-cloud +sources: +- https://github.com/cloudnative-pg/plugin-barman-cloud +type: application +version: 0.2.0 diff --git a/charts/cloudnative-pg-plugin-barman-cloud/README.md b/charts/cloudnative-pg-plugin-barman-cloud/README.md index ec4b0a50bc..94c6463c7d 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/README.md +++ b/charts/cloudnative-pg-plugin-barman-cloud/README.md @@ -1,11 +1,19 @@ # plugin-barman-cloud -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.0](https://img.shields.io/badge/AppVersion-0.4.0-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.5.0](https://img.shields.io/badge/AppVersion-v0.5.0-informational?style=flat-square) -CloudNativePG plugin for barman cloud Helm Chart +Helm Chart for CloudNativePG's CNPG-I backup plugin using Barman Cloud **Homepage:** +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| itay-grudev | | | +| quantumenigmaa | | | +| quentinbisson | | | + ## Source Code * @@ -40,21 +48,19 @@ CloudNativePG plugin for barman cloud Helm Chart | podLabels | object | `{}` | Labels to be added to the pod. | | podSecurityContext | object | `{"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context for the whole pod. | | priorityClassName | string | `""` | Priority indicates the importance of a Pod relative to other Pods. | -| rbac.additional.leaderElection.create | bool | `true` | Specifies whether the leader election Role and RoleBinding should be created. | -| rbac.additional.metricsAuth.create | bool | `true` | Specifies whether the metrics auth ClusterRole and ClusterRoleBinding should be created. | -| rbac.additional.metricsReader.create | bool | `true` | Specifies whether the metrics reader ClusterRole should be created. | -| rbac.additional.objectStore.editor.create | bool | `true` | Specifies whether the object store editor ClusterRole should be created. | -| rbac.additional.objectStore.viewer.create | bool | `true` | Specifies whether the object store viewer ClusterRole should be created. | -| rbac.create | bool | `true` | Specifies whether ClusterRole and ClusterRoleBinding should be created. | +| rbac.create | bool | `true` | Specifies whether Role and RoleBinding should be created. | | replicaCount | int | `1` | | | resources | object | `{}` | | | service.ipFamilies | list | `[]` | Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | | service.ipFamilyPolicy | string | `""` | Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | -| service.name | string | `"cnpg-webhook-service"` | DO NOT CHANGE THE SERVICE NAME as it is currently used to generate the certificate and can not be configured | +| service.name | string | `"barman-cloud"` | DO NOT CHANGE THE SERVICE NAME as it is currently used to generate the certificate and can not be configured | | service.port | int | `9090` | | | serviceAccount.create | bool | `true` | Specifies whether the service account should be created. | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | +| sidecarImage.registry | string | `"ghcr.io"` | | +| sidecarImage.repository | string | `"cloudnative-pg/plugin-barman-cloud-sidecar"` | | +| sidecarImage.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | tolerations | list | `[]` | Tolerations for the operator to be installed. | | topologySpreadConstraints | list | `[]` | Topology Spread Constraints for the operator to be installed. | -| updateStrategy | object | `{}` | Update strategy for the operator. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy For example: type: RollingUpdate rollingUpdate: maxSurge: 25% maxUnavailable: 25% | +| updateStrategy | object | `{}` | Update strategy for the operator. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy For example: type: RollingUpdate rollingUpdate: maxSurge: 25% maxUnavailable: 25% WARNING: the RollingUpdate strategy is not supported by the operator yet so it can currently. only use the Recreate strategy. | diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/_helpers.tpl b/charts/cloudnative-pg-plugin-barman-cloud/templates/_helpers.tpl index b71f659409..150573ae92 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/_helpers.tpl +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/_helpers.tpl @@ -71,65 +71,3 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} - -{{/* -Define the set of rules that must be applied clusterwide -*/}} -{{- define "plugin-barman-cloud.clusterwideRules" }} -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - barmancloud.cnpg.io - resources: - - objectstores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - barmancloud.cnpg.io - resources: - - objectstores/finalizers - verbs: - - update -- apiGroups: - - barmancloud.cnpg.io - resources: - - objectstores/status - verbs: - - get - - patch - - update -- apiGroups: - - postgresql.cnpg.io - resources: - - backups - verbs: - - get - - list - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - get - - list - - patch - - update - - watch -{{- end }} diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/leader_election.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/leader_election.yaml index 6aad2f6114..524af3e19b 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/leader_election.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/leader_election.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,8 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# # permissions to do leader election. -{{- if .Values.rbac.additional.leaderElection.create }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -22,6 +24,7 @@ metadata: labels: {{- include "plugin-barman-cloud.labels" . | nindent 4 }} name: {{ include "plugin-barman-cloud.fullname" . }}-leader-election-role + namespace: {{ include "plugin-barman-cloud.namespace" . }} rules: - apiGroups: - "" @@ -61,6 +64,7 @@ metadata: labels: {{- include "plugin-barman-cloud.labels" . | nindent 4 }} name: {{ include "plugin-barman-cloud.fullname" . }}-leader-election-rolebinding + namespace: {{ include "plugin-barman-cloud.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -69,4 +73,3 @@ subjects: - kind: ServiceAccount name: {{ include "plugin-barman-cloud.serviceAccountName" . }} namespace: {{ include "plugin-barman-cloud.namespace" . }} -{{- end }} diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/metrics_auth.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/metrics_auth.yaml deleted file mode 100644 index 145c03f55b..0000000000 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/metrics_auth.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright The CloudNativePG Contributors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -{{- if .Values.rbac.additional.metricsAuth.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "plugin-barman-cloud.fullname" . }}-metrics-auth-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "plugin-barman-cloud.fullname" . }}-metrics-auth-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "plugin-barman-cloud.fullname" . }}-metrics-auth-role -subjects: -- kind: ServiceAccount - name: {{ include "plugin-barman-cloud.serviceAccountName" . }} - namespace: {{ include "plugin-barman-cloud.namespace" . }} -{{- end }} diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/metrics_reader_role.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/metrics_reader_role.yaml deleted file mode 100644 index 38a6b3cadd..0000000000 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/metrics_reader_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright The CloudNativePG Contributors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -{{- if .Values.rbac.additional.metricsReader.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "plugin-barman-cloud.fullname" . }}-metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get -{{- end }} diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/objectstore_editor_role.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/objectstore_editor_role.yaml deleted file mode 100644 index aec85fd934..0000000000 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/objectstore_editor_role.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# -# Copyright The CloudNativePG Contributors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# permissions for end users to edit objectstores. -{{- if .Values.rbac.additional.objectStore.editor.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "plugin-barman-cloud.labels" . | nindent 4 }} - name: {{ include "plugin-barman-cloud.fullname" . }}-objectstore-editor-role -rules: -- apiGroups: - - barmancloud.cnpg.io - resources: - - objectstores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - barmancloud.cnpg.io - resources: - - objectstores/status - verbs: - - get -{{- end }} diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/objectstore_viewer_role.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/objectstore_viewer_role.yaml deleted file mode 100644 index 14214cbc7a..0000000000 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/additional-rbac/objectstore_viewer_role.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright The CloudNativePG Contributors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# permissions for end users to view objectstores. -{{- if .Values.rbac.additional.objectStore.viewer.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "plugin-barman-cloud.labels" . | nindent 4 }} - name: {{ include "plugin-barman-cloud.fullname" . }}-objectstore-viewer-role -rules: -- apiGroups: - - barmancloud.cnpg.io - resources: - - objectstores - verbs: - - get - - list - - watch -- apiGroups: - - barmancloud.cnpg.io - resources: - - objectstores/status - verbs: - - get -{{- end }} diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/certificate-issuer.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/certificate-issuer.yaml index 193e2f7580..64f078e8e6 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/certificate-issuer.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/certificate-issuer.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# --- apiVersion: cert-manager.io/v1 kind: Issuer diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/client-certificate.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/client-certificate.yaml index 912fdaf5e0..5f4aeafe76 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/client-certificate.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/client-certificate.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# {{- if .Values.certificate.createClientCertificate }} --- apiVersion: cert-manager.io/v1 @@ -31,5 +34,7 @@ spec: renewBefore: {{ .Values.certificate.renewBefore | default "360h" }} secretName: barman-cloud-client-tls usages: - - client auth + - client auth + privateKey: + rotationPolicy: Always {{- end }} diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/configmap.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/configmap.yaml index 6d2e6c86c4..c52bbaca07 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/configmap.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/configmap.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# --- apiVersion: v1 data: @@ -21,4 +24,3 @@ kind: ConfigMap metadata: name: plugin-barman-cloud-config namespace: {{ include "plugin-barman-cloud.namespace" . }} - diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/crds/crds.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/crds/crds.yaml index abc1e4041e..ce78fe3283 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/crds/crds.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/crds/crds.yaml @@ -1,9 +1,11 @@ {{- if .Values.crds.create }} +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.18.0 + helm.sh/resource-policy: keep name: objectstores.barmancloud.cnpg.io spec: group: barmancloud.cnpg.io @@ -391,6 +393,19 @@ spec: description: The configuration for the sidecar that runs in the instance pods properties: + additionalContainerArgs: + description: |- + AdditionalContainerArgs is an optional list of command-line arguments + to be passed to the sidecar container when it starts. + The provided arguments are appended to the container’s default arguments. + items: + type: string + type: array + x-kubernetes-validations: + - message: do not set --log-level in additionalContainerArgs; + use spec.instanceSidecarConfiguration.logLevel + reason: FieldValueForbidden + rule: '!self.exists(a, a.startsWith(''--log-level''))' env: description: The environment to be explicitly passed to the sidecar items: @@ -398,8 +413,9 @@ spec: in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -457,6 +473,43 @@ spec: - fieldPath type: object x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -511,6 +564,17 @@ spec: - name type: object type: array + logLevel: + default: info + description: 'The log level for PostgreSQL instances. Valid values + are: `error`, `warning`, `info` (default), `debug`, `trace`' + enum: + - error + - warning + - info + - debug + - trace + type: string resources: description: Resources define cpu/memory requests and limits for the sidecar that runs in the instance pods. @@ -520,7 +584,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -609,7 +673,11 @@ spec: restored. format: date-time type: string - lastSuccussfulBackupTime: + lastFailedBackupTime: + description: The last failed backup time + format: date-time + type: string + lastSuccessfulBackupTime: description: The last successful backup time format: date-time type: string diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/deployment.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/deployment.yaml index 701e10416f..f80ef36781 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/deployment.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/deployment.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# --- apiVersion: apps/v1 kind: Deployment diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/rbac.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/rbac.yaml index 7ba96d87bc..6a550c136f 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/rbac.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/rbac.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# {{- if .Values.serviceAccount.create }} --- apiVersion: v1 @@ -34,7 +37,68 @@ kind: ClusterRole metadata: name: {{ include "plugin-barman-cloud.fullname" . }} rules: -{{- include "plugin-barman-cloud.clusterwideRules" . }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/finalizers + verbs: + - update +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/status + verbs: + - get + - patch + - update +- apiGroups: + - postgresql.cnpg.io + resources: + - backups + verbs: + - get + - list + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - clusters/finalizers + verbs: + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/server-certificate.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/server-certificate.yaml index 184f850df8..e82eaa34ba 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/server-certificate.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/server-certificate.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# {{- if .Values.certificate.createServerCertificate }} --- apiVersion: cert-manager.io/v1 @@ -33,5 +36,7 @@ spec: renewBefore: {{ .Values.certificate.renewBefore | default "360h" }} secretName: barman-cloud-server-tls usages: - - server auth + - server auth + privateKey: + rotationPolicy: Always {{- end }} diff --git a/charts/cloudnative-pg-plugin-barman-cloud/templates/service.yaml b/charts/cloudnative-pg-plugin-barman-cloud/templates/service.yaml index e5288625a2..d98f55fbac 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/templates/service.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/templates/service.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# --- apiVersion: v1 kind: Service diff --git a/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/01-simple_deployment-assert.yaml b/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/01-simple_deployment-assert.yaml new file mode 100644 index 0000000000..37e11d27bf --- /dev/null +++ b/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/01-simple_deployment-assert.yaml @@ -0,0 +1,254 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plugin-barman-cloud +spec: + replicas: 1 + template: + spec: + containers: + - name: barman-cloud + args: + - operator + - --server-cert=/server/tls.crt + - --server-key=/server/tls.key + - --client-cert=/client/tls.crt + - --server-address=:9090 + - --leader-elect + - --log-level=debug + ports: + - containerPort: 9090 + protocol: TCP + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + tcpSocket: + port: 9090 + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 10001 + runAsGroup: 10001 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - "ALL" + volumeMounts: + - mountPath: /server + name: server + - mountPath: /client + name: client + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: plugin-barman-cloud + volumes: + - name: server + secret: + secretName: barman-cloud-server-tls + - name: client + secret: + secretName: barman-cloud-client-tls +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnpg.io/pluginClientSecret: barman-cloud-client-tls + cnpg.io/pluginPort: "9090" + cnpg.io/pluginServerSecret: barman-cloud-server-tls + name: barman-cloud +spec: + ports: + - port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: plugin-barman-cloud + app.kubernetes.io/instance: plugin-barman-cloud +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: plugin-barman-cloud-selfsigned-issuer +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: barman-cloud-client +spec: + commonName: barman-cloud-client + duration: 2160h + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: plugin-barman-cloud-selfsigned-issuer + renewBefore: 360h + secretName: barman-cloud-client-tls + usages: + - client auth +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: barman-cloud-server +spec: + commonName: barman-cloud + dnsNames: + - barman-cloud + duration: 2160h + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: plugin-barman-cloud-selfsigned-issuer + renewBefore: 360h + secretName: barman-cloud-server-tls + usages: + - server auth +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plugin-barman-cloud +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: plugin-barman-cloud +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/finalizers + verbs: + - update +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/status + verbs: + - get + - patch + - update +- apiGroups: + - postgresql.cnpg.io + resources: + - backups + verbs: + - get + - list + - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - clusters/finalizers + verbs: + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: plugin-barman-cloud-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: plugin-barman-cloud +subjects: +- kind: ServiceAccount + name: plugin-barman-cloud +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: plugin-barman-cloud-leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: plugin-barman-cloud-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plugin-barman-cloud-leader-election-role +subjects: +- kind: ServiceAccount + name: plugin-barman-cloud diff --git a/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/01-simple_deployment.yaml b/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/01-simple_deployment.yaml new file mode 100644 index 0000000000..3ea0a66150 --- /dev/null +++ b/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/01-simple_deployment.yaml @@ -0,0 +1,7 @@ +resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi diff --git a/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/chainsaw-test.yaml b/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/chainsaw-test.yaml new file mode 100644 index 0000000000..d77b7c8d5d --- /dev/null +++ b/charts/cloudnative-pg-plugin-barman-cloud/test/simple-deployment/chainsaw-test.yaml @@ -0,0 +1,31 @@ +## +# This is a test that checks if all resources are correctly provisioned when requested. +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + name: simple-deployment +spec: + timeouts: + apply: 1s + exec: 30s + assert: 10s + cleanup: 30s + steps: + - name: Install barman cloud plugin + try: + - script: + content: | + helm upgrade \ + --install \ + --namespace $NAMESPACE \ + --values ./01-simple_deployment.yaml \ + --wait \ + plugin-barman-cloud ../../ + - assert: + file: ./01-simple_deployment-assert.yaml + - name: Cleanup + try: + - script: + content: | + helm uninstall --namespace $NAMESPACE plugin-barman-cloud + kubectl delete customresourcedefinitions.apiextensions.k8s.io objectstores.barmancloud.cnpg.io diff --git a/charts/cloudnative-pg-plugin-barman-cloud/values.schema.json b/charts/cloudnative-pg-plugin-barman-cloud/values.schema.json index c36585a51b..fdeb819cd4 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/values.schema.json +++ b/charts/cloudnative-pg-plugin-barman-cloud/values.schema.json @@ -1,260 +1,482 @@ { - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "additionalArgs": { - "type": "array" + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "additionalArgs": { + "additionalProperties": true, + "description": "Additional arguments to be added to the operator's args list.", + "items": { + "required": [] + }, + "required": [], + "title": "additionalArgs" + }, + "additionalEnv": { + "additionalProperties": true, + "description": "Array containing extra environment variables which can be templated.\nFor example:\n - name: RELEASE_NAME\n value: \"{{ .Release.Name }}\"\n - name: MY_VAR\n value: \"mySpecialKey\"", + "items": { + "required": [] + }, + "required": [], + "title": "additionalEnv" + }, + "affinity": { + "additionalProperties": true, + "description": "Affinity for the operator to be installed.", + "required": [], + "title": "affinity" + }, + "certificate": { + "properties": { + "createClientCertificate": { + "default": true, + "description": "Specifies whether the client certificate should be created.", + "required": [], + "title": "createClientCertificate", + "type": "boolean" }, - "additionalEnv": { - "type": "array" + "createServerCertificate": { + "default": true, + "description": "Specifies whether the server certificate should be created.", + "required": [], + "title": "createServerCertificate", + "type": "boolean" }, - "affinity": { - "type": "object" + "duration": { + "default": "2160h", + "description": "The duration of the certificates.", + "required": [], + "title": "duration", + "type": "string" }, - "certificate": { - "type": "object", - "properties": { - "createClientCertificate": { - "type": "boolean" - }, - "createServerCertificate": { - "type": "boolean" - }, - "duration": { - "type": "string" - }, - "issuerName": { - "type": "string" - }, - "renewBefore": { - "type": "string" - } - } - }, - "commonAnnotations": { - "type": "object" - }, - "containerSecurityContext": { - "type": "object", - "properties": { - "allowPrivilegeEscalation": { - "type": "boolean" - }, - "capabilities": { - "type": "object", - "properties": { - "drop": { - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "readOnlyRootFilesystem": { - "type": "boolean" - }, - "runAsGroup": { - "type": "integer" - }, - "runAsUser": { - "type": "integer" - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - } - } - } - }, - "crds": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - } - } + "issuerName": { + "default": "selfsigned-issuer", + "description": "The name of the issuer to use for the certificates.", + "required": [], + "title": "issuerName", + "type": "string" }, - "dnsPolicy": { - "type": "string" - }, - "fullnameOverride": { - "type": "string" - }, - "hostNetwork": { - "type": "boolean" + "renewBefore": { + "default": "360h", + "description": "The renew before time for the certificates.", + "required": [], + "title": "renewBefore", + "type": "string" + } + }, + "required": [ + "createClientCertificate", + "createServerCertificate", + "issuerName", + "duration", + "renewBefore" + ], + "title": "certificate", + "type": "object" + }, + "commonAnnotations": { + "additionalProperties": true, + "description": "Annotations to be added to all other resources.", + "required": [], + "title": "commonAnnotations" + }, + "containerSecurityContext": { + "description": "Container Security Context.", + "properties": { + "allowPrivilegeEscalation": { + "default": false, + "required": [], + "title": "allowPrivilegeEscalation", + "type": "boolean" }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "registry": { - "type": "string" - }, - "repository": { + "capabilities": { + "properties": { + "drop": { + "items": { + "anyOf": [ + { + "required": [], "type": "string" - }, - "tag": { - "type": "string" - } + } + ], + "required": [] + }, + "required": [], + "title": "drop", + "type": "array" } + }, + "required": [ + "drop" + ], + "title": "capabilities", + "type": "object" }, - "imagePullSecrets": { - "type": "array" - }, - "nameOverride": { - "type": "string" - }, - "namespaceOverride": { - "type": "string" - }, - "nodeSelector": { - "type": "object" + "readOnlyRootFilesystem": { + "default": true, + "required": [], + "title": "readOnlyRootFilesystem", + "type": "boolean" }, - "podAnnotations": { - "type": "object" + "runAsGroup": { + "default": 10001, + "required": [], + "title": "runAsGroup", + "type": "integer" }, - "podLabels": { - "type": "object" + "runAsUser": { + "default": 10001, + "required": [], + "title": "runAsUser", + "type": "integer" }, - "podSecurityContext": { - "type": "object", - "properties": { - "runAsNonRoot": { - "type": "boolean" - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - } - } + "seccompProfile": { + "properties": { + "type": { + "default": "RuntimeDefault", + "required": [], + "title": "type", + "type": "string" } + }, + "required": [ + "type" + ], + "title": "seccompProfile", + "type": "object" + } + }, + "required": [ + "allowPrivilegeEscalation", + "readOnlyRootFilesystem", + "runAsUser", + "runAsGroup", + "seccompProfile", + "capabilities" + ], + "title": "containerSecurityContext", + "type": "object" + }, + "crds": { + "properties": { + "create": { + "default": true, + "description": "Specifies whether the CRDs should be created when installing the chart.", + "required": [], + "title": "create", + "type": "boolean" + } + }, + "required": [ + "create" + ], + "title": "crds", + "type": "object" + }, + "dnsPolicy": { + "default": "", + "required": [], + "title": "dnsPolicy", + "type": "string" + }, + "fullnameOverride": { + "default": "", + "required": [], + "title": "fullnameOverride", + "type": "string" + }, + "global": { + "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.", + "required": [], + "title": "global", + "type": "object" + }, + "hostNetwork": { + "default": false, + "required": [], + "title": "hostNetwork", + "type": "boolean" + }, + "image": { + "properties": { + "pullPolicy": { + "default": "IfNotPresent", + "required": [], + "title": "pullPolicy", + "type": "string" }, - "priorityClassName": { - "type": "string" + "registry": { + "default": "ghcr.io", + "required": [], + "title": "registry", + "type": "string" }, - "rbac": { - "type": "object", - "properties": { - "additional": { - "type": "object", - "properties": { - "leaderElection": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - } - } - }, - "metricsAuth": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - } - } - }, - "metricsReader": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - } - } - }, - "objectStore": { - "type": "object", - "properties": { - "editor": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - } - } - }, - "viewer": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - } - } - } - } - } - } - }, - "create": { - "type": "boolean" - } - } + "repository": { + "default": "cloudnative-pg/plugin-barman-cloud", + "required": [], + "title": "repository", + "type": "string" }, - "replicaCount": { - "type": "integer" - }, - "resources": { - "type": "object" + "tag": { + "default": "", + "description": "Overrides the image tag whose default is the chart appVersion.", + "required": [], + "title": "tag", + "type": "string" + } + }, + "required": [ + "registry", + "repository", + "pullPolicy", + "tag" + ], + "title": "image", + "type": "object" + }, + "imagePullSecrets": { + "additionalProperties": true, + "items": { + "required": [] + }, + "required": [], + "title": "imagePullSecrets" + }, + "nameOverride": { + "default": "", + "required": [], + "title": "nameOverride", + "type": "string" + }, + "namespaceOverride": { + "default": "", + "required": [], + "title": "namespaceOverride", + "type": "string" + }, + "nodeSelector": { + "additionalProperties": true, + "description": "Nodeselector for the operator to be installed.", + "required": [], + "title": "nodeSelector" + }, + "podAnnotations": { + "additionalProperties": true, + "description": "Annotations to be added to the pod.", + "required": [], + "title": "podAnnotations" + }, + "podLabels": { + "additionalProperties": true, + "description": "Labels to be added to the pod.", + "required": [], + "title": "podLabels" + }, + "podSecurityContext": { + "description": "Security Context for the whole pod.", + "properties": { + "runAsNonRoot": { + "default": true, + "required": [], + "title": "runAsNonRoot", + "type": "boolean" }, - "service": { - "type": "object", - "properties": { - "ipFamilies": { - "type": "array" - }, - "ipFamilyPolicy": { - "type": "string" - }, - "name": { - "type": "string" - }, - "port": { - "type": "integer" - } + "seccompProfile": { + "properties": { + "type": { + "default": "RuntimeDefault", + "required": [], + "title": "type", + "type": "string" } + }, + "required": [ + "type" + ], + "title": "seccompProfile", + "type": "object" + } + }, + "required": [ + "runAsNonRoot", + "seccompProfile" + ], + "title": "podSecurityContext", + "type": "object" + }, + "priorityClassName": { + "default": "", + "description": "Priority indicates the importance of a Pod relative to other Pods.", + "required": [], + "title": "priorityClassName", + "type": "string" + }, + "rbac": { + "properties": { + "create": { + "default": true, + "description": "Specifies whether Role and RoleBinding should be created.", + "required": [], + "title": "create", + "type": "boolean" + } + }, + "required": [ + "create" + ], + "title": "rbac", + "type": "object" + }, + "replicaCount": { + "default": 1, + "required": [], + "title": "replicaCount", + "type": "integer" + }, + "resources": { + "additionalProperties": true, + "required": [], + "title": "resources" + }, + "service": { + "properties": { + "ipFamilies": { + "description": "Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.", + "items": { + "enum": [ + "IPv4", + "IPv6" + ], + "required": [] + }, + "required": [], + "title": "ipFamilies", + "type": "array" }, - "serviceAccount": { - "type": "object", - "properties": { - "create": { - "type": "boolean" - }, - "name": { - "type": "string" - } - } + "ipFamilyPolicy": { + "default": "", + "description": "Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)", + "required": [], + "title": "ipFamilyPolicy", + "type": "string" }, - "sidecarImage": { - "type": "object", - "properties": { - "registry": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } + "name": { + "default": "barman-cloud", + "description": "DO NOT CHANGE THE SERVICE NAME as it is currently used to generate the certificate\nand can not be configured", + "required": [], + "title": "name", + "type": "string" + }, + "port": { + "default": 9090, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [ + "name", + "port", + "ipFamilyPolicy" + ], + "title": "service", + "type": "object" + }, + "serviceAccount": { + "properties": { + "create": { + "default": true, + "description": "Specifies whether the service account should be created.", + "required": [], + "title": "create", + "type": "boolean" }, - "tolerations": { - "type": "array" + "name": { + "default": "", + "description": "The name of the service account to use.\nIf not set and create is true, a name is generated using the fullname template.", + "required": [], + "title": "name", + "type": "string" + } + }, + "required": [ + "create", + "name" + ], + "title": "serviceAccount", + "type": "object" + }, + "sidecarImage": { + "properties": { + "registry": { + "default": "ghcr.io", + "required": [], + "title": "registry", + "type": "string" }, - "topologySpreadConstraints": { - "type": "array" + "repository": { + "default": "cloudnative-pg/plugin-barman-cloud-sidecar", + "required": [], + "title": "repository", + "type": "string" }, - "updateStrategy": { - "type": "object" + "tag": { + "default": "", + "description": "Overrides the image tag whose default is the chart appVersion.", + "required": [], + "title": "tag", + "type": "string" } + }, + "required": [ + "registry", + "repository", + "tag" + ], + "title": "sidecarImage", + "type": "object" + }, + "tolerations": { + "additionalProperties": true, + "description": "Tolerations for the operator to be installed.", + "items": { + "required": [] + }, + "required": [], + "title": "tolerations" + }, + "topologySpreadConstraints": { + "additionalProperties": true, + "description": "Topology Spread Constraints for the operator to be installed.", + "items": { + "required": [] + }, + "required": [], + "title": "topologySpreadConstraints" + }, + "updateStrategy": { + "additionalProperties": true, + "description": "Update strategy for the operator.\nref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\nFor example:\n type: RollingUpdate\n rollingUpdate:\n maxSurge: 25%\n maxUnavailable: 25%\n\nWARNING: the RollingUpdate strategy is not supported by the operator yet so it can\ncurrently. only use the Recreate strategy.", + "required": [], + "title": "updateStrategy" } -} + }, + "required": [ + "replicaCount", + "image", + "sidecarImage", + "nameOverride", + "fullnameOverride", + "namespaceOverride", + "hostNetwork", + "dnsPolicy", + "crds", + "serviceAccount", + "rbac", + "containerSecurityContext", + "podSecurityContext", + "priorityClassName", + "service", + "certificate" + ], + "type": "object" +} \ No newline at end of file diff --git a/charts/cloudnative-pg-plugin-barman-cloud/values.yaml b/charts/cloudnative-pg-plugin-barman-cloud/values.yaml index e9d22ec124..ea37056316 100644 --- a/charts/cloudnative-pg-plugin-barman-cloud/values.yaml +++ b/charts/cloudnative-pg-plugin-barman-cloud/values.yaml @@ -1,5 +1,6 @@ # -# Copyright The CloudNativePG Contributors +# Copyright © contributors to CloudNativePG, established as +# CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# # Default values for CloudNativePG. # This is a YAML-formatted file. # Please declare variables to be passed to your templates. @@ -32,6 +35,9 @@ sidecarImage: # -- Overrides the image tag whose default is the chart appVersion. tag: "" +# @schema +# additionalProperties: true +# @schema imagePullSecrets: [] nameOverride: "" fullnameOverride: "" @@ -40,6 +46,9 @@ namespaceOverride: "" hostNetwork: false dnsPolicy: "" +# @schema +# additionalProperties: true +# @schema # -- Update strategy for the operator. # ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy # For example: @@ -48,17 +57,23 @@ dnsPolicy: "" # maxSurge: 25% # maxUnavailable: 25% # -# WARNING: the RollingUpdate strategy is not supported by the operator yet so it can -# currently. only use the Recreate strategy. +# WARNING: the RollingUpdate strategy is not supported by the operator yet so it can +# currently only use the Recreate strategy. updateStrategy: {} crds: # -- Specifies whether the CRDs should be created when installing the chart. create: true +# @schema +# additionalProperties: true +# @schema # -- Additional arguments to be added to the operator's args list. additionalArgs: [] +# @schema +# additionalProperties: true +# @schema # -- Array containing extra environment variables which can be templated. # For example: # - name: RELEASE_NAME @@ -75,30 +90,22 @@ serviceAccount: name: "" rbac: - # -- Specifies whether ClusterRole and ClusterRoleBinding should be created. + # -- Specifies whether Role and RoleBinding should be created. create: true - additional: - leaderElection: - # -- Specifies whether the leader election Role and RoleBinding should be created. - create: true - metricsAuth: - # -- Specifies whether the metrics auth ClusterRole and ClusterRoleBinding should be created. - create: true - metricsReader: - # -- Specifies whether the metrics reader ClusterRole should be created. - create: true - objectStore: - editor: - # -- Specifies whether the object store editor ClusterRole should be created. - create: true - viewer: - # -- Specifies whether the object store viewer ClusterRole should be created. - create: true +# @schema +# additionalProperties: true +# @schema # -- Annotations to be added to all other resources. commonAnnotations: {} +# @schema +# additionalProperties: true +# @schema # -- Annotations to be added to the pod. podAnnotations: {} +# @schema +# additionalProperties: true +# @schema # -- Labels to be added to the pod. podLabels: {} @@ -131,9 +138,17 @@ service: port: 9090 # -- Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) ipFamilyPolicy: "" + # @schema + # type: array + # items: + # enum: [IPv4, IPv6] + # @schema # -- Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. ipFamilies: [] +# @schema +# additionalProperties: true +# @schema resources: {} # If you want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. @@ -145,15 +160,27 @@ resources: {} # cpu: 100m # memory: 100Mi +# @schema +# additionalProperties: true +# @schema # -- Nodeselector for the operator to be installed. nodeSelector: {} +# @schema +# additionalProperties: true +# @schema # -- Topology Spread Constraints for the operator to be installed. topologySpreadConstraints: [] +# @schema +# additionalProperties: true +# @schema # -- Tolerations for the operator to be installed. tolerations: [] +# @schema +# additionalProperties: true +# @schema # -- Affinity for the operator to be installed. affinity: {}