From 6a695334a7b2ec8cea20c5a7bf8d5d765f3f084d Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Thu, 14 Aug 2025 00:51:03 +0000 Subject: [PATCH 1/6] chore(chart-deps): update cloudnative-pg to version 0.26.0 --- apps.yaml | 2 +- chart/chart-index/Chart.yaml | 2 +- charts/cloudnative-pg/Chart.yaml | 4 +- charts/cloudnative-pg/README.md | 2 +- charts/cloudnative-pg/templates/_helpers.tpl | 11 + .../cloudnative-pg/templates/crds/crds.yaml | 321 ++++++++++++++---- charts/cloudnative-pg/templates/rbac.yaml | 6 + 7 files changed, 277 insertions(+), 71 deletions(-) diff --git a/apps.yaml b/apps.yaml index c9bd52fbf7..effd14cd18 100644 --- a/apps.yaml +++ b/apps.yaml @@ -33,7 +33,7 @@ appsInfo: integration: Cert-manager is used by APL to automatically create and rotate TLS certificates for service endpoints. You may bring your own CA, or let APL create one for you (default). It is recommended to use Let's Encrypt for production certificates. Setting cert-manager to use Let's Encrypt requires DNS availability of the requesting domains, and forces APL to install external-dns. Because a lot of DNS settings are used by other APL contexts, most DNS configuration is found under settings/dns. cnpg: title: CloudNative PostgreSQL Operator - appVersion: 1.26.0 + appVersion: 1.27.0 repo: https://github.com/cloudnative-pg/cloudnative-pg maintainers: EDB relatedLinks: diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index d6807bbd96..1d76dbb2c1 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -12,7 +12,7 @@ dependencies: version: v1.18.2 repository: https://charts.jetstack.io - name: cloudnative-pg - version: 0.24.0 + version: 0.26.0 repository: https://cloudnative-pg.github.io/charts - name: external-dns version: 8.7.8 diff --git a/charts/cloudnative-pg/Chart.yaml b/charts/cloudnative-pg/Chart.yaml index 871cc51e28..36c9d14c5a 100644 --- a/charts/cloudnative-pg/Chart.yaml +++ b/charts/cloudnative-pg/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.26.0 +appVersion: 1.27.0 dependencies: - alias: monitoring condition: monitoring.grafanaDashboard.create @@ -22,4 +22,4 @@ name: cloudnative-pg sources: - https://github.com/cloudnative-pg/charts type: application -version: 0.24.0 +version: 0.26.0 diff --git a/charts/cloudnative-pg/README.md b/charts/cloudnative-pg/README.md index cbdcb7b06b..7d1e3aaad7 100644 --- a/charts/cloudnative-pg/README.md +++ b/charts/cloudnative-pg/README.md @@ -1,6 +1,6 @@ # cloudnative-pg -![Version: 0.24.0](https://img.shields.io/badge/Version-0.24.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.26.0](https://img.shields.io/badge/AppVersion-1.26.0-informational?style=flat-square) +![Version: 0.26.0](https://img.shields.io/badge/Version-0.26.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.27.0](https://img.shields.io/badge/AppVersion-1.27.0-informational?style=flat-square) CloudNativePG Operator Helm Chart diff --git a/charts/cloudnative-pg/templates/_helpers.tpl b/charts/cloudnative-pg/templates/_helpers.tpl index 191e745f43..045b06d9da 100644 --- a/charts/cloudnative-pg/templates/_helpers.tpl +++ b/charts/cloudnative-pg/templates/_helpers.tpl @@ -209,6 +209,16 @@ namespace scope or clusterwide - patch - update - watch +- apiGroups: + - postgresql.cnpg.io + resources: + - failoverquorums + verbs: + - create + - delete + - get + - list + - watch - apiGroups: - postgresql.cnpg.io resources: @@ -241,6 +251,7 @@ namespace scope or clusterwide resources: - clusters/status - poolers/status + - failoverquorums/status verbs: - get - patch diff --git a/charts/cloudnative-pg/templates/crds/crds.yaml b/charts/cloudnative-pg/templates/crds/crds.yaml index 865d79ace3..3674cebf53 100644 --- a/charts/cloudnative-pg/templates/crds/crds.yaml +++ b/charts/cloudnative-pg/templates/crds/crds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: backups.postgresql.cnpg.io spec: @@ -143,6 +143,9 @@ spec: required: - cluster type: object + x-kubernetes-validations: + - message: BackupSpec is immutable once set + rule: oldSelf == self status: description: |- Most recently observed status of the backup. This data may not be up to @@ -446,7 +449,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: clusterimagecatalogs.postgresql.cnpg.io spec: @@ -528,7 +531,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: clusters.postgresql.cnpg.io spec: @@ -672,7 +675,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -687,7 +689,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -853,7 +854,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -868,7 +868,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1031,7 +1030,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1046,7 +1044,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1212,7 +1209,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1227,7 +1223,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2778,6 +2773,7 @@ spec: sources to the pods to be used by Env items: description: EnvFromSource represents the source of a set of ConfigMaps + or Secrets properties: configMapRef: description: The ConfigMap to select from @@ -2797,8 +2793,8 @@ spec: type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. + description: Optional text to prepend to the name of each environment + variable. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from @@ -4164,13 +4160,12 @@ spec: type: object trafficDistribution: description: |- - TrafficDistribution offers a way to express preferences for how traffic is - distributed to Service endpoints. Implementations can use this field as a - hint, but are not required to guarantee strict adherence. If the field is - not set, the implementation will apply its default routing strategy. If set - to "PreferClose", implementations should prioritize endpoints that are - topologically close (e.g., same zone). - This is a beta field and requires enabling ServiceTrafficDistribution feature. + TrafficDistribution offers a way to express preferences for how traffic + is distributed to Service endpoints. Implementations can use this field + as a hint, but are not required to guarantee strict adherence. If the + field is not set, the implementation will apply its default routing + strategy. If set to "PreferClose", implementations should prioritize + endpoints that are in the same zone. type: string type: description: |- @@ -4545,6 +4540,67 @@ spec: This should only be used for debugging and troubleshooting. Defaults to false. type: boolean + extensions: + description: The configuration of the extensions to be added + items: + description: |- + ExtensionConfiguration is the configuration used to add + PostgreSQL extensions to the Cluster. + properties: + dynamic_library_path: + description: |- + The list of directories inside the image which should be added to dynamic_library_path. + If not defined, defaults to "/lib". + items: + type: string + type: array + extension_control_path: + description: |- + The list of directories inside the image which should be added to extension_control_path. + If not defined, defaults to "/share". + items: + type: string + type: array + image: + description: The image containing the extension, required + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + x-kubernetes-validations: + - message: An image reference is required + rule: has(self.reference) + ld_library_path: + description: The list of directories inside the image which + should be added to ld_library_path. + items: + type: string + type: array + name: + description: The name of the extension, required + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - image + - name + type: object + type: array ldap: description: Options to specify LDAP configuration properties: @@ -4783,6 +4839,30 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer + isolationCheck: + description: |- + Configure the feature that extends the liveness probe for a primary + instance. In addition to the basic checks, this verifies whether the + primary is isolated from the Kubernetes API server and from its + replicas, ensuring that it can be safely shut down if network + partition or API unavailability is detected. Enabled by default. + properties: + connectionTimeout: + default: 1000 + description: Timeout in milliseconds for connections during + the primary isolation check + type: integer + enabled: + default: true + description: Whether primary isolation checking is enabled + for the liveness probe + type: boolean + requestTimeout: + default: 1000 + description: Timeout in milliseconds for requests during + the primary isolation check + type: integer + type: object periodSeconds: description: |- How often (in seconds) to perform the probe. @@ -5354,6 +5434,15 @@ spec: This can only be set at creation time. By default set to `_cnpg_`. pattern: ^[0-9a-z_]*$ type: string + synchronizeLogicalDecoding: + description: |- + When enabled, the operator automatically manages synchronization of logical + decoding (replication) slots across high-availability clusters. + + Requires one of the following conditions: + - PostgreSQL version 17 or later + - PostgreSQL version < 17 with pg_failover_slots extension enabled + type: boolean type: object synchronizeReplicas: description: Configures the synchronization of the user defined @@ -6149,7 +6238,6 @@ spec: - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string nodeTaintsPolicy: description: |- @@ -6160,7 +6248,6 @@ spec: - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string topologyKey: description: |- @@ -6613,14 +6700,18 @@ spec: firstRecoverabilityPoint: description: |- The first recoverability point, stored as a date in RFC3339 format. - This field is calculated from the content of FirstRecoverabilityPointByMethod + This field is calculated from the content of FirstRecoverabilityPointByMethod. + + Deprecated: the field is not set for backup plugins. type: string firstRecoverabilityPointByMethod: additionalProperties: format: date-time type: string - description: The first recoverability point, stored as a date in RFC3339 - format, per backup method type + description: |- + The first recoverability point, stored as a date in RFC3339 format, per backup method type. + + Deprecated: the field is not set for backup plugins. type: object healthyPVC: description: List of all the PVCs not dangling nor initializing @@ -6678,7 +6769,10 @@ spec: format: int32 type: integer lastFailedBackup: - description: Stored as a date in RFC3339 format + description: |- + Last failed backup, stored as a date in RFC3339 format. + + Deprecated: the field is not set for backup plugins. type: string lastPromotionToken: description: |- @@ -6687,15 +6781,19 @@ spec: type: string lastSuccessfulBackup: description: |- - Last successful backup, stored as a date in RFC3339 format - This field is calculated from the content of LastSuccessfulBackupByMethod + Last successful backup, stored as a date in RFC3339 format. + This field is calculated from the content of LastSuccessfulBackupByMethod. + + Deprecated: the field is not set for backup plugins. type: string lastSuccessfulBackupByMethod: additionalProperties: format: date-time type: string - description: Last successful backup, stored as a date in RFC3339 format, - per backup method type + description: |- + Last successful backup, stored as a date in RFC3339 format, per backup method type. + + Deprecated: the field is not set for backup plugins. type: object latestGeneratedNode: description: ID of the latest generated node (used to avoid node name @@ -6912,6 +7010,9 @@ spec: of switching a cluster to a replica cluster. type: boolean type: object + systemID: + description: SystemID is the latest detected PostgreSQL SystemID + type: string tablespacesStatus: description: TablespacesStatus reports the state of the declarative tablespaces in the cluster @@ -7001,7 +7102,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: databases.postgresql.cnpg.io spec: @@ -7374,7 +7475,85 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 + helm.sh/resource-policy: keep + name: failoverquorums.postgresql.cnpg.io +spec: + group: postgresql.cnpg.io + names: + kind: FailoverQuorum + listKind: FailoverQuorumList + plural: failoverquorums + singular: failoverquorum + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + FailoverQuorum contains the information about the current failover + quorum status of a PG cluster. It is updated by the instance manager + of the primary node and reset to zero by the operator to trigger + an update. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + status: + description: Most recently observed status of the failover quorum. + properties: + method: + description: Contains the latest reported Method value. + type: string + primary: + description: |- + Primary is the name of the primary instance that updated + this object the latest time. + type: string + standbyNames: + description: |- + StandbyNames is the list of potentially synchronous + instance names. + items: + type: string + type: array + standbyNumber: + description: |- + StandbyNumber is the number of synchronous standbys that transactions + need to wait for replies from. + type: integer + type: object + required: + - metadata + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: imagecatalogs.postgresql.cnpg.io spec: @@ -7455,7 +7634,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: poolers.postgresql.cnpg.io spec: @@ -8154,13 +8333,12 @@ spec: type: object trafficDistribution: description: |- - TrafficDistribution offers a way to express preferences for how traffic is - distributed to Service endpoints. Implementations can use this field as a - hint, but are not required to guarantee strict adherence. If the field is - not set, the implementation will apply its default routing strategy. If set - to "PreferClose", implementations should prioritize endpoints that are - topologically close (e.g., same zone). - This is a beta field and requires enabling ServiceTrafficDistribution feature. + TrafficDistribution offers a way to express preferences for how traffic + is distributed to Service endpoints. Implementations can use this field + as a hint, but are not required to guarantee strict adherence. If the + field is not set, the implementation will apply its default routing + strategy. If set to "PreferClose", implementations should prioritize + endpoints that are in the same zone. type: string type: description: |- @@ -8514,7 +8692,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8529,7 +8706,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8697,7 +8873,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8712,7 +8887,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8878,7 +9052,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8893,7 +9066,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9061,7 +9233,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9076,7 +9247,6 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9338,7 +9508,7 @@ spec: Cannot be updated. items: description: EnvFromSource represents the source of - a set of ConfigMaps + a set of ConfigMaps or Secrets properties: configMapRef: description: The ConfigMap to select from @@ -9359,8 +9529,8 @@ spec: type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: Optional text to prepend to the name + of each environment variable. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from @@ -9626,6 +9796,12 @@ spec: - port type: object type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string type: object livenessProbe: description: |- @@ -10852,7 +11028,7 @@ spec: Cannot be updated. items: description: EnvFromSource represents the source of - a set of ConfigMaps + a set of ConfigMaps or Secrets properties: configMapRef: description: The ConfigMap to select from @@ -10873,8 +11049,8 @@ spec: type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: Optional text to prepend to the name + of each environment variable. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from @@ -11137,6 +11313,12 @@ spec: - port type: object type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string type: object livenessProbe: description: Probes are not allowed for ephemeral containers. @@ -12184,7 +12366,7 @@ spec: Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of - of that value or the sum of the normal containers. Limits are applied to init containers + that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. @@ -12359,7 +12541,7 @@ spec: Cannot be updated. items: description: EnvFromSource represents the source of - a set of ConfigMaps + a set of ConfigMaps or Secrets properties: configMapRef: description: The ConfigMap to select from @@ -12380,8 +12562,8 @@ spec: type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. + description: Optional text to prepend to the name + of each environment variable. Must be a C_IDENTIFIER. type: string secretRef: description: The Secret to select from @@ -12647,6 +12829,12 @@ spec: - port type: object type: object + stopSignal: + description: |- + StopSignal defines which signal will be sent to a container when it is being stopped. + If not specified, the default is defined by the container runtime in use. + StopSignal can only be set for Pods with a non-empty .spec.os.name + type: string type: object livenessProbe: description: |- @@ -14361,7 +14549,6 @@ spec: - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string nodeTaintsPolicy: description: |- @@ -14372,7 +14559,6 @@ spec: - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string topologyKey: description: |- @@ -15351,7 +15537,7 @@ spec: The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). - Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. properties: pullPolicy: @@ -16315,7 +16501,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: publications.postgresql.cnpg.io spec: @@ -16511,7 +16697,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: scheduledbackups.postgresql.cnpg.io spec: @@ -16703,7 +16889,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.3 + controller-gen.kubebuilder.io/version: v0.18.0 helm.sh/resource-policy: keep name: subscriptions.postgresql.cnpg.io spec: @@ -16794,8 +16980,11 @@ spec: additionalProperties: type: string description: |- - Subscription parameters part of the `WITH` clause as expected by - PostgreSQL `CREATE SUBSCRIPTION` command + Subscription parameters included in the `WITH` clause of the PostgreSQL + `CREATE SUBSCRIPTION` command. Most parameters cannot be changed + after the subscription is created and will be ignored if modified + later, except for a limited set documented at: + https://www.postgresql.org/docs/current/sql-altersubscription.html#SQL-ALTERSUBSCRIPTION-PARAMS-SET type: object publicationDBName: description: |- diff --git a/charts/cloudnative-pg/templates/rbac.yaml b/charts/cloudnative-pg/templates/rbac.yaml index 683fb0e483..67039ee7e7 100644 --- a/charts/cloudnative-pg/templates/rbac.yaml +++ b/charts/cloudnative-pg/templates/rbac.yaml @@ -129,9 +129,12 @@ rules: - backups - clusters - databases + - failoverquorums - poolers - publications - scheduledbackups + - imagecatalogs + - clusterimagecatalogs - subscriptions verbs: - get @@ -155,9 +158,12 @@ rules: - backups - clusters - databases + - failoverquorums - poolers - publications - scheduledbackups + - imagecatalogs + - clusterimagecatalogs - subscriptions verbs: - create From 9a103ddfe4c3ce4047f99607d48c6fe4ad2237b5 Mon Sep 17 00:00:00 2001 From: Matthias Erll Date: Tue, 9 Sep 2025 18:12:10 +0200 Subject: [PATCH 2/6] feat: updated PG image tags --- values/cloudnative-pg/cloudnative-pg-raw.gotmpl | 4 ++-- values/gitea/gitea-otomi-db.gotmpl | 4 ++-- values/harbor/harbor-otomi-db.gotmpl | 4 ++-- values/keycloak/keycloak-otomi-db.gotmpl | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/values/cloudnative-pg/cloudnative-pg-raw.gotmpl b/values/cloudnative-pg/cloudnative-pg-raw.gotmpl index 7ae654ab79..9e1bbd2c56 100644 --- a/values/cloudnative-pg/cloudnative-pg-raw.gotmpl +++ b/values/cloudnative-pg/cloudnative-pg-raw.gotmpl @@ -8,6 +8,6 @@ resources: spec: images: - major: 15 - image: "{{- if $v.otomi.linodeLkeImageRepository }}{{- $v.otomi.linodeLkeImageRepository }}/ghcr{{- else }}ghcr.io{{- end }}/cloudnative-pg/postgresql:15.13" + image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/cloudnative-pg/postgresql:15.14" - major: 17 - image: "{{- if $v.otomi.linodeLkeImageRepository }}{{- $v.otomi.linodeLkeImageRepository }}/ghcr{{- else }}ghcr.io{{- end }}/cloudnative-pg/postgresql:17.5" + image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/cloudnative-pg/postgresql:17.6" diff --git a/values/gitea/gitea-otomi-db.gotmpl b/values/gitea/gitea-otomi-db.gotmpl index 431be79823..d4554665ac 100644 --- a/values/gitea/gitea-otomi-db.gotmpl +++ b/values/gitea/gitea-otomi-db.gotmpl @@ -21,9 +21,9 @@ imageName: {{ regexReplaceAll "^ghcr\\.io" $gdb.imageName (printf "%s/ghcr" $v.o imageName: {{ $gdb.imageName }} {{- end }} {{- else if $v.otomi.linodeLkeImageRepository }} -imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.13 +imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.14 {{- else }} -imageName: ghcr.io/cloudnative-pg/postgresql:15.13 +imageName: ghcr.io/cloudnative-pg/postgresql:15.14 {{- end }} postgresql: diff --git a/values/harbor/harbor-otomi-db.gotmpl b/values/harbor/harbor-otomi-db.gotmpl index d2842450b9..0f5699c951 100644 --- a/values/harbor/harbor-otomi-db.gotmpl +++ b/values/harbor/harbor-otomi-db.gotmpl @@ -20,9 +20,9 @@ imageName: {{ regexReplaceAll "^ghcr\\.io" $hdb.imageName (printf "%s/ghcr" $v.o imageName: {{ $hdb.imageName }} {{- end }} {{- else if $v.otomi.linodeLkeImageRepository }} -imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.13 +imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.14 {{- else }} -imageName: ghcr.io/cloudnative-pg/postgresql:15.13 +imageName: ghcr.io/cloudnative-pg/postgresql:15.14 {{- end }} postgresql: diff --git a/values/keycloak/keycloak-otomi-db.gotmpl b/values/keycloak/keycloak-otomi-db.gotmpl index 22797a1c01..310ed04d4b 100644 --- a/values/keycloak/keycloak-otomi-db.gotmpl +++ b/values/keycloak/keycloak-otomi-db.gotmpl @@ -22,9 +22,9 @@ imageName: {{ regexReplaceAll "^ghcr\\.io" $kdb.imageName (printf "%s/ghcr" $v.o imageName: {{ $kdb.imageName }} {{- end }} {{- else if $v.otomi.linodeLkeImageRepository }} -imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.13 +imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.14 {{- else }} -imageName: ghcr.io/cloudnative-pg/postgresql:15.13 +imageName: ghcr.io/cloudnative-pg/postgresql:15.14 {{- end }} From adad4ecf1aa4a4051bf5e3c949c2568c876fe16b Mon Sep 17 00:00:00 2001 From: Matthias Erll Date: Wed, 10 Sep 2025 10:59:43 +0200 Subject: [PATCH 3/6] fix: adjust to new image tags --- helmfile.d/snippets/derived.gotmpl | 10 ++++++++++ values/cloudnative-pg/cloudnative-pg-raw.gotmpl | 5 +++-- values/gitea/gitea-otomi-db.gotmpl | 4 ++-- values/harbor/harbor-otomi-db.gotmpl | 4 ++-- values/keycloak/keycloak-otomi-db.gotmpl | 4 ++-- 5 files changed, 19 insertions(+), 8 deletions(-) diff --git a/helmfile.d/snippets/derived.gotmpl b/helmfile.d/snippets/derived.gotmpl index 4906b14a41..8fea39af71 100644 --- a/helmfile.d/snippets/derived.gotmpl +++ b/helmfile.d/snippets/derived.gotmpl @@ -68,6 +68,13 @@ {{- $istioEgressReleaseName := print "istio-egressgateway-" $istioCanaryRevision }} {{- $istioEgressReleaseLabel := print "egressgateway-" $istioCanaryRevision }} +# Set default platform database image for CloudnativePG +{{- $cnpgImageSuffix := "-system-trixie" }} +{{- if $v.apps.cnpg.useBackupPlugin }} + {{- $cnpgImageSuffix = "-standard-trixie" }} +{{- end }} +{{- $cnpgDefaultPlatformImage := print "cloudnative-pg/postgresql:15.14" $cnpgImageSuffix }} + {{- if and (not (env "CI")) (not (env "VALUES_INPUT")) (hasKey $v.cluster "k8sContext") }} helmDefaults: kubeContext: {{ $v.cluster.k8sContext }} @@ -202,6 +209,9 @@ environments: apps: argocd: enabled: true + cnpg: + pgImageSuffix: {{ $cnpgImageSuffix | quote }} + pgDefaultPlatformImage: {{ $cnpgDefaultPlatformImage }} cert-manager: enabled: true {{- if and (eq $issuer "letsencrypt") (not (hasKey $cm "stage")) }} diff --git a/values/cloudnative-pg/cloudnative-pg-raw.gotmpl b/values/cloudnative-pg/cloudnative-pg-raw.gotmpl index 9e1bbd2c56..e9bd0deb76 100644 --- a/values/cloudnative-pg/cloudnative-pg-raw.gotmpl +++ b/values/cloudnative-pg/cloudnative-pg-raw.gotmpl @@ -1,4 +1,5 @@ {{- $v := .Values }} +{{- $cnpg := $v.apps.cnpg }} resources: - apiVersion: postgresql.cnpg.io/v1 @@ -8,6 +9,6 @@ resources: spec: images: - major: 15 - image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/cloudnative-pg/postgresql:15.14" + image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/cloudnative-pg/postgresql:15.14{{ $cnpg.pgImageSuffix }}" - major: 17 - image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/cloudnative-pg/postgresql:17.6" + image: "{{ with $v.otomi.linodeLkeImageRepository }}{{ . }}/ghcr{{ else }}ghcr.io{{ end }}/cloudnative-pg/postgresql:17.6{{ $cnpg.pgImageSuffix }}" diff --git a/values/gitea/gitea-otomi-db.gotmpl b/values/gitea/gitea-otomi-db.gotmpl index d4554665ac..3bd7b47b84 100644 --- a/values/gitea/gitea-otomi-db.gotmpl +++ b/values/gitea/gitea-otomi-db.gotmpl @@ -21,9 +21,9 @@ imageName: {{ regexReplaceAll "^ghcr\\.io" $gdb.imageName (printf "%s/ghcr" $v.o imageName: {{ $gdb.imageName }} {{- end }} {{- else if $v.otomi.linodeLkeImageRepository }} -imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.14 +imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/{{ $cnpg.pgDefaultPlatformImage }} {{- else }} -imageName: ghcr.io/cloudnative-pg/postgresql:15.14 +imageName: ghcr.io/{{ $cnpg.pgDefaultPlatformImage }} {{- end }} postgresql: diff --git a/values/harbor/harbor-otomi-db.gotmpl b/values/harbor/harbor-otomi-db.gotmpl index 0f5699c951..8db0b02208 100644 --- a/values/harbor/harbor-otomi-db.gotmpl +++ b/values/harbor/harbor-otomi-db.gotmpl @@ -20,9 +20,9 @@ imageName: {{ regexReplaceAll "^ghcr\\.io" $hdb.imageName (printf "%s/ghcr" $v.o imageName: {{ $hdb.imageName }} {{- end }} {{- else if $v.otomi.linodeLkeImageRepository }} -imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.14 +imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/{{ $cnpg.pgDefaultPlatformImage }} {{- else }} -imageName: ghcr.io/cloudnative-pg/postgresql:15.14 +imageName: ghcr.io/{{ $cnpg.pgDefaultPlatformImage }} {{- end }} postgresql: diff --git a/values/keycloak/keycloak-otomi-db.gotmpl b/values/keycloak/keycloak-otomi-db.gotmpl index 310ed04d4b..543ff267ed 100644 --- a/values/keycloak/keycloak-otomi-db.gotmpl +++ b/values/keycloak/keycloak-otomi-db.gotmpl @@ -22,9 +22,9 @@ imageName: {{ regexReplaceAll "^ghcr\\.io" $kdb.imageName (printf "%s/ghcr" $v.o imageName: {{ $kdb.imageName }} {{- end }} {{- else if $v.otomi.linodeLkeImageRepository }} -imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/cloudnative-pg/postgresql:15.14 +imageName: {{ $v.otomi.linodeLkeImageRepository }}/ghcr/{{ $cnpg.pgDefaultPlatformImage }} {{- else }} -imageName: ghcr.io/cloudnative-pg/postgresql:15.14 +imageName: ghcr.io/{{ $cnpg.pgDefaultPlatformImage }} {{- end }} From 7a04bce0c6fdb79b94409ccc8bcdbf816f5f91ab Mon Sep 17 00:00:00 2001 From: Matthias Erll Date: Wed, 10 Sep 2025 11:15:17 +0200 Subject: [PATCH 4/6] fix: keep bookwork based images for avoiding warnings on collation --- helmfile.d/snippets/derived.gotmpl | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/helmfile.d/snippets/derived.gotmpl b/helmfile.d/snippets/derived.gotmpl index 8fea39af71..e4324a0785 100644 --- a/helmfile.d/snippets/derived.gotmpl +++ b/helmfile.d/snippets/derived.gotmpl @@ -68,11 +68,13 @@ {{- $istioEgressReleaseName := print "istio-egressgateway-" $istioCanaryRevision }} {{- $istioEgressReleaseLabel := print "egressgateway-" $istioCanaryRevision }} -# Set default platform database image for CloudnativePG -{{- $cnpgImageSuffix := "-system-trixie" }} +# Set image tag suffix added to minor version, according to +# https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql +{{- $cnpgImageSuffix := "-system-oldstable" }} {{- if $v.apps.cnpg.useBackupPlugin }} - {{- $cnpgImageSuffix = "-standard-trixie" }} + {{- $cnpgImageSuffix = "-standard-oldstable" }} {{- end }} +# Set default platform database image for CloudnativePG {{- $cnpgDefaultPlatformImage := print "cloudnative-pg/postgresql:15.14" $cnpgImageSuffix }} {{- if and (not (env "CI")) (not (env "VALUES_INPUT")) (hasKey $v.cluster "k8sContext") }} From 5869ba531911a3e754dc345cf20c816227de889c Mon Sep 17 00:00:00 2001 From: Matthias Erll Date: Wed, 10 Sep 2025 13:01:34 +0200 Subject: [PATCH 5/6] fix: image tag --- helmfile.d/snippets/derived.gotmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helmfile.d/snippets/derived.gotmpl b/helmfile.d/snippets/derived.gotmpl index e4324a0785..912ae539b4 100644 --- a/helmfile.d/snippets/derived.gotmpl +++ b/helmfile.d/snippets/derived.gotmpl @@ -70,9 +70,9 @@ # Set image tag suffix added to minor version, according to # https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql -{{- $cnpgImageSuffix := "-system-oldstable" }} +{{- $cnpgImageSuffix := "-system-bookworm" }} {{- if $v.apps.cnpg.useBackupPlugin }} - {{- $cnpgImageSuffix = "-standard-oldstable" }} + {{- $cnpgImageSuffix = "-standard-bookworm" }} {{- end }} # Set default platform database image for CloudnativePG {{- $cnpgDefaultPlatformImage := print "cloudnative-pg/postgresql:15.14" $cnpgImageSuffix }} From 8991afa6fc19e844b33c54cbe464167a426920d6 Mon Sep 17 00:00:00 2001 From: Matthias Erll Date: Thu, 11 Sep 2025 09:36:49 +0200 Subject: [PATCH 6/6] fix: former images are based on old release --- helmfile.d/snippets/derived.gotmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helmfile.d/snippets/derived.gotmpl b/helmfile.d/snippets/derived.gotmpl index 912ae539b4..bbbf841df2 100644 --- a/helmfile.d/snippets/derived.gotmpl +++ b/helmfile.d/snippets/derived.gotmpl @@ -70,9 +70,9 @@ # Set image tag suffix added to minor version, according to # https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql -{{- $cnpgImageSuffix := "-system-bookworm" }} +{{- $cnpgImageSuffix := "-system-bullseye" }} {{- if $v.apps.cnpg.useBackupPlugin }} - {{- $cnpgImageSuffix = "-standard-bookworm" }} + {{- $cnpgImageSuffix = "-standard-bullseye" }} {{- end }} # Set default platform database image for CloudnativePG {{- $cnpgDefaultPlatformImage := print "cloudnative-pg/postgresql:15.14" $cnpgImageSuffix }}