initial commit

.github/workflows/cd-helm-release.yml

@@ -0,0 +1,39 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    environment: helm-release
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/[email protected]
+        id: helm-install
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run chart-releaser
+        id: helm-release
+        uses: helm/[email protected]
+        with:
+          skip_existing: true
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_GENERATE_RELEASE_NOTES: true

.github/workflows/ci-helm-lint-test.yml

@@ -0,0 +1,51 @@
+name: Lint and Test Chart
+
+on:
+  pull_request:
+    paths:
+      - '.'
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: "0"
+
+      - name: Install Helm
+        uses: azure/[email protected]
+
+      - name: Add dependency chart repos
+        run: |
+          helm repo add cnpg https://cloudnative-pg.github.io/charts
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        id: lint
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+      - name: Create kind cluster
+        uses: helm/[email protected]
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install)
+        id: install
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }}

Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: cnpg-tenant
+description: Create postgres tenant clusters managed by the CNPG Operator
+type: application
+version: 0.0.1
+
+maintainers:
+  - name: "cloudymax"
+    url: "https://github.com/cloudymax/"

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Max!
+Copyright (c) 2023 Small Hack
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -0,0 +1,35 @@
+# cnpg-tenant
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+Create postgres tenant clusters managed by the CNPG Operator
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| cloudymax |  | <https://github.com/cloudymax/> |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| backup.destinationPath | string | `"backups"` |  |
+| backup.retentionPolicy | string | `"30d"` |  |
+| backup.s3Credentials.accessKeyId.key | string | `"ACCESS_KEY_ID"` |  |
+| backup.s3Credentials.accessKeyId.name | string | `"aws-creds"` |  |
+| backup.s3Credentials.secretAccessKey.key | string | `"ACCESS_SECRET_KEY"` |  |
+| backup.s3Credentials.secretAccessKey.name | string | `"aws-creds"` |  |
+| instances | int | `3` |  |
+| monitoring.enablePodMonitor | bool | `true` |  |
+| name | string | `"example"` |  |
+| postgresql.pg_hba[0] | string | `"hostnossl all all 0.0.0.0/0 reject"` |  |
+| postgresql.pg_hba[1] | string | `"hostssl all all 0.0.0.0/0 cert clientcert=verify-full"` |  |
+| scheduledBackup.name | string | `"example-backup"` |  |
+| scheduledBackup.spec.backupOwnerReference | string | `"self"` |  |
+| scheduledBackup.spec.cluster.name | string | `"pg-backup"` |  |
+| scheduledBackup.spec.schedule | string | `"0 0 0 * * *"` |  |
+| storage.size | string | `"1Gi"` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)

templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cnpg-tenant.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cnpg-tenant.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cnpg-tenant.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cnpg-tenant.labels" -}}
+helm.sh/chart: {{ include "cnpg-tenant.chart" . }}
+{{ include "cnpg-tenant.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cnpg-tenant.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cnpg-tenant.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cnpg-tenant.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cnpg-tenant.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

templates/tenant.yaml

@@ -0,0 +1,36 @@
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: cluster-example
+spec:
+  instances: {{ .Values.instances}}
+  backup:
+    barmanObjectStore:
+      destinationPath: {{ .Values.destinationPath }}
+      s3Credentials:
+        accessKeyId:
+          name: {{ .Values.backup.s3Credentials.accessKeyId.name }}
+          key: {{ .Values.backup.s3Credentials.accessKeyId.key }}
+        secretAccessKey:
+          name: {{ .Values.backup.s3Credentials.secretAccessKey.name }}
+          key: {{ .Values.backup.s3Credentials.secretAccessKey.key }}
+    retentionPolicy: {{ .Values.backup.retentionPolicy }}
+  monitoring:
+    enablePodMonitor: {{ .Values.monitoring.enablePodMonitor }}
+  postgresql:
+    pg_hba:
+      - hostnossl all all 0.0.0.0/0 reject
+      - hostssl all all 0.0.0.0/0 cert clientcert=verify-full
+  storage:
+    size: {{ .Values.storage.size }}
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: {{ .Values.scheduledBackup.name }}
+spec:
+  schedule: {{ .Values.scheduledBackup.spec.schedule }}
+  backupOwnerReference: {{ .Values.scheduledBackup.spec.backupOwnerReference }} 
+  cluster:
+    name: {{ .Values.scheduledBackup.spec.cluster.name }}

values.yaml

@@ -0,0 +1,35 @@
+name: "example"
+
+instances: 3
+
+backup:
+  destinationPath: "backups"
+  retentionPolicy: "30d"
+  s3Credentials:
+    accessKeyId:
+      name: "aws-creds"
+      key : "ACCESS_KEY_ID"
+    secretAccessKey:
+      name: "aws-creds"
+      key : "ACCESS_SECRET_KEY"
+
+scheduledBackup:
+  name: example-backup
+  spec:
+    schedule: "0 0 0 * * *" 
+    backupOwnerReference: self
+    cluster:
+      name: pg-backup
+
+monitoring:
+  enablePodMonitor: true
+
+postgresql:
+  pg_hba: 
+    - hostnossl all all 0.0.0.0/0 reject
+    - hostssl all all 0.0.0.0/0 cert clientcert=verify-full
+
+storage: 
+  size: 1Gi
+
+