diff --git a/.github/workflows/cd-helm-release.yml b/.github/workflows/cd-helm-release.yml new file mode 100644 index 0000000..6bbba62 --- /dev/null +++ b/.github/workflows/cd-helm-release.yml @@ -0,0 +1,39 @@ +name: Release + +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + release: + environment: helm-release + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3.5 + id: helm-install + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Run chart-releaser + id: helm-release + uses: helm/chart-releaser-action@v1.5.0 + with: + skip_existing: true + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_GENERATE_RELEASE_NOTES: true diff --git a/.github/workflows/ci-helm-lint-test.yml b/.github/workflows/ci-helm-lint-test.yml new file mode 100644 index 0000000..0abf514 --- /dev/null +++ b/.github/workflows/ci-helm-lint-test.yml @@ -0,0 +1,51 @@ +name: Lint and Test Chart + +on: + pull_request: + paths: + - '.' + +permissions: + contents: read + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: "0" + + - name: Install Helm + uses: azure/setup-helm@v3.5 + + - name: Add dependency chart repos + run: | + helm repo add cnpg https://cloudnative-pg.github.io/charts + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.5.0 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + id: lint + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + + - name: Create kind cluster + uses: helm/kind-action@v1.8.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + id: install + if: steps.list-changed.outputs.changed == 'true' + run: ct install --target-branch ${{ github.event.repository.default_branch }} diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..8591394 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: cnpg-tenant +description: Create postgres tenant clusters managed by the CNPG Operator +type: application +version: 0.0.1 + +maintainers: + - name: "cloudymax" + url: "https://github.com/cloudymax/" diff --git a/LICENSE b/LICENSE index 6026c9c..2bab21b 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2023 Max! +Copyright (c) 2023 Small Hack Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md new file mode 100644 index 0000000..9aa7968 --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +# cnpg-tenant + +![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Create postgres tenant clusters managed by the CNPG Operator + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| cloudymax | | | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| backup.destinationPath | string | `"backups"` | | +| backup.retentionPolicy | string | `"30d"` | | +| backup.s3Credentials.accessKeyId.key | string | `"ACCESS_KEY_ID"` | | +| backup.s3Credentials.accessKeyId.name | string | `"aws-creds"` | | +| backup.s3Credentials.secretAccessKey.key | string | `"ACCESS_SECRET_KEY"` | | +| backup.s3Credentials.secretAccessKey.name | string | `"aws-creds"` | | +| instances | int | `3` | | +| monitoring.enablePodMonitor | bool | `true` | | +| name | string | `"example"` | | +| postgresql.pg_hba[0] | string | `"hostnossl all all 0.0.0.0/0 reject"` | | +| postgresql.pg_hba[1] | string | `"hostssl all all 0.0.0.0/0 cert clientcert=verify-full"` | | +| scheduledBackup.name | string | `"example-backup"` | | +| scheduledBackup.spec.backupOwnerReference | string | `"self"` | | +| scheduledBackup.spec.cluster.name | string | `"pg-backup"` | | +| scheduledBackup.spec.schedule | string | `"0 0 0 * * *"` | | +| storage.size | string | `"1Gi"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..fe8be18 --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cnpg-tenant.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cnpg-tenant.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cnpg-tenant.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cnpg-tenant.labels" -}} +helm.sh/chart: {{ include "cnpg-tenant.chart" . }} +{{ include "cnpg-tenant.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cnpg-tenant.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cnpg-tenant.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cnpg-tenant.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "cnpg-tenant.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/templates/tenant.yaml b/templates/tenant.yaml new file mode 100644 index 0000000..23846b4 --- /dev/null +++ b/templates/tenant.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: cluster-example +spec: + instances: {{ .Values.instances}} + backup: + barmanObjectStore: + destinationPath: {{ .Values.destinationPath }} + s3Credentials: + accessKeyId: + name: {{ .Values.backup.s3Credentials.accessKeyId.name }} + key: {{ .Values.backup.s3Credentials.accessKeyId.key }} + secretAccessKey: + name: {{ .Values.backup.s3Credentials.secretAccessKey.name }} + key: {{ .Values.backup.s3Credentials.secretAccessKey.key }} + retentionPolicy: {{ .Values.backup.retentionPolicy }} + monitoring: + enablePodMonitor: {{ .Values.monitoring.enablePodMonitor }} + postgresql: + pg_hba: + - hostnossl all all 0.0.0.0/0 reject + - hostssl all all 0.0.0.0/0 cert clientcert=verify-full + storage: + size: {{ .Values.storage.size }} +--- +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: {{ .Values.scheduledBackup.name }} +spec: + schedule: {{ .Values.scheduledBackup.spec.schedule }} + backupOwnerReference: {{ .Values.scheduledBackup.spec.backupOwnerReference }} + cluster: + name: {{ .Values.scheduledBackup.spec.cluster.name }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..67d0557 --- /dev/null +++ b/values.yaml @@ -0,0 +1,35 @@ +name: "example" + +instances: 3 + +backup: + destinationPath: "backups" + retentionPolicy: "30d" + s3Credentials: + accessKeyId: + name: "aws-creds" + key : "ACCESS_KEY_ID" + secretAccessKey: + name: "aws-creds" + key : "ACCESS_SECRET_KEY" + +scheduledBackup: + name: example-backup + spec: + schedule: "0 0 0 * * *" + backupOwnerReference: self + cluster: + name: pg-backup + +monitoring: + enablePodMonitor: true + +postgresql: + pg_hba: + - hostnossl all all 0.0.0.0/0 reject + - hostssl all all 0.0.0.0/0 cert clientcert=verify-full + +storage: + size: 1Gi + +