From 4994a17ae87971bc85d4824e25930573a165a291 Mon Sep 17 00:00:00 2001 From: QuantumEnigmaa Date: Wed, 28 May 2025 11:03:21 +0200 Subject: [PATCH] Feature: create helm chart Signed-off-by: QuantumEnigmaa --- CHANGELOG.md | 4 + helm/plugin-barman-cloud/.helmignore | 23 ++ helm/plugin-barman-cloud/Chart.yaml | 35 +++ helm/plugin-barman-cloud/LICENSE | 202 ++++++++++++++ helm/plugin-barman-cloud/README.md | 60 +++++ .../barmancloud.cnpg.io_objectstores.yaml | 1 + .../templates/_helpers.tpl | 135 ++++++++++ .../additional-rbac/leader_election.yaml | 72 +++++ .../additional-rbac/metrics_auth.yaml | 48 ++++ .../additional-rbac/metrics_reader_role.yaml | 27 ++ .../objectstore_editor_role.yaml | 44 ++++ .../objectstore_viewer_role.yaml | 40 +++ .../templates/certificate-issuer.yaml | 23 ++ .../templates/client-certificate.yaml | 35 +++ helm/plugin-barman-cloud/templates/crd.yaml | 21 ++ .../templates/deployment.yaml | 113 ++++++++ helm/plugin-barman-cloud/templates/rbac.yaml | 53 ++++ .../plugin-barman-cloud/templates/secret.yaml | 26 ++ .../templates/server-certificate.yaml | 37 +++ .../templates/service.yaml | 44 ++++ helm/plugin-barman-cloud/values.schema.json | 246 ++++++++++++++++++ helm/plugin-barman-cloud/values.yaml | 161 ++++++++++++ 22 files changed, 1450 insertions(+) create mode 100644 helm/plugin-barman-cloud/.helmignore create mode 100644 helm/plugin-barman-cloud/Chart.yaml create mode 100644 helm/plugin-barman-cloud/LICENSE create mode 100644 helm/plugin-barman-cloud/README.md create mode 120000 helm/plugin-barman-cloud/files/crds/barmancloud.cnpg.io_objectstores.yaml create mode 100644 helm/plugin-barman-cloud/templates/_helpers.tpl create mode 100644 helm/plugin-barman-cloud/templates/additional-rbac/leader_election.yaml create mode 100644 helm/plugin-barman-cloud/templates/additional-rbac/metrics_auth.yaml create mode 100644 helm/plugin-barman-cloud/templates/additional-rbac/metrics_reader_role.yaml create mode 100644 helm/plugin-barman-cloud/templates/additional-rbac/objectstore_editor_role.yaml create mode 100644 helm/plugin-barman-cloud/templates/additional-rbac/objectstore_viewer_role.yaml create mode 100644 helm/plugin-barman-cloud/templates/certificate-issuer.yaml create mode 100644 helm/plugin-barman-cloud/templates/client-certificate.yaml create mode 100644 helm/plugin-barman-cloud/templates/crd.yaml create mode 100644 helm/plugin-barman-cloud/templates/deployment.yaml create mode 100644 helm/plugin-barman-cloud/templates/rbac.yaml create mode 100644 helm/plugin-barman-cloud/templates/secret.yaml create mode 100644 helm/plugin-barman-cloud/templates/server-certificate.yaml create mode 100644 helm/plugin-barman-cloud/templates/service.yaml create mode 100644 helm/plugin-barman-cloud/values.schema.json create mode 100644 helm/plugin-barman-cloud/values.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 47556ad..7680ec5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +### Features + +* Add Helm chart ([#351](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/351)) + ## [0.4.0](https://github.com/cloudnative-pg/plugin-barman-cloud/compare/v0.3.0...v0.4.0) (2025-05-12) diff --git a/helm/plugin-barman-cloud/.helmignore b/helm/plugin-barman-cloud/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/plugin-barman-cloud/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/plugin-barman-cloud/Chart.yaml b/helm/plugin-barman-cloud/Chart.yaml new file mode 100644 index 0000000..7df5722 --- /dev/null +++ b/helm/plugin-barman-cloud/Chart.yaml @@ -0,0 +1,35 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v2 +name: plugin-barman-cloud +description: CloudNativePG plugin for barman cloud Helm Chart +icon: https://raw.githubusercontent.com/cloudnative-pg/artwork/main/cloudnativepg-logo.svg +type: application +version: "0.1.0" +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning, they should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.4.0" +sources: + - https://github.com/cloudnative-pg/plugin-barman-cloud +keywords: + - barman + - backup + - postgresql + - postgres + - database +home: https://cloudnative-pg.io diff --git a/helm/plugin-barman-cloud/LICENSE b/helm/plugin-barman-cloud/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/helm/plugin-barman-cloud/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/helm/plugin-barman-cloud/README.md b/helm/plugin-barman-cloud/README.md new file mode 100644 index 0000000..ec4b0a5 --- /dev/null +++ b/helm/plugin-barman-cloud/README.md @@ -0,0 +1,60 @@ +# plugin-barman-cloud + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.0](https://img.shields.io/badge/AppVersion-0.4.0-informational?style=flat-square) + +CloudNativePG plugin for barman cloud Helm Chart + +**Homepage:** + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalArgs | list | `[]` | Additional arguments to be added to the operator's args list. | +| additionalEnv | list | `[]` | Array containing extra environment variables which can be templated. For example: - name: RELEASE_NAME value: "{{ .Release.Name }}" - name: MY_VAR value: "mySpecialKey" | +| affinity | object | `{}` | Affinity for the operator to be installed. | +| certificate.createClientCertificate | bool | `true` | Specifies whether the client certificate should be created. | +| certificate.createServerCertificate | bool | `true` | Specifies whether the server certificate should be created. | +| certificate.duration | string | `"2160h"` | The duration of the certificates. | +| certificate.issuerName | string | `"selfsigned-issuer"` | The name of the issuer to use for the certificates. | +| certificate.renewBefore | string | `"360h"` | The renew before time for the certificates. | +| commonAnnotations | object | `{}` | Annotations to be added to all other resources. | +| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | Container Security Context. | +| crds.create | bool | `true` | Specifies whether the CRDs should be created when installing the chart. | +| dnsPolicy | string | `""` | | +| fullnameOverride | string | `""` | | +| hostNetwork | bool | `false` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.registry | string | `"ghcr.io"` | | +| image.repository | string | `"cloudnative-pg/plugin-barman-cloud"` | | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | | +| nameOverride | string | `""` | | +| namespaceOverride | string | `""` | | +| nodeSelector | object | `{}` | Nodeselector for the operator to be installed. | +| podAnnotations | object | `{}` | Annotations to be added to the pod. | +| podLabels | object | `{}` | Labels to be added to the pod. | +| podSecurityContext | object | `{"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context for the whole pod. | +| priorityClassName | string | `""` | Priority indicates the importance of a Pod relative to other Pods. | +| rbac.additional.leaderElection.create | bool | `true` | Specifies whether the leader election Role and RoleBinding should be created. | +| rbac.additional.metricsAuth.create | bool | `true` | Specifies whether the metrics auth ClusterRole and ClusterRoleBinding should be created. | +| rbac.additional.metricsReader.create | bool | `true` | Specifies whether the metrics reader ClusterRole should be created. | +| rbac.additional.objectStore.editor.create | bool | `true` | Specifies whether the object store editor ClusterRole should be created. | +| rbac.additional.objectStore.viewer.create | bool | `true` | Specifies whether the object store viewer ClusterRole should be created. | +| rbac.create | bool | `true` | Specifies whether ClusterRole and ClusterRoleBinding should be created. | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| service.ipFamilies | list | `[]` | Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | +| service.ipFamilyPolicy | string | `""` | Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | +| service.name | string | `"cnpg-webhook-service"` | DO NOT CHANGE THE SERVICE NAME as it is currently used to generate the certificate and can not be configured | +| service.port | int | `9090` | | +| serviceAccount.create | bool | `true` | Specifies whether the service account should be created. | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | +| tolerations | list | `[]` | Tolerations for the operator to be installed. | +| topologySpreadConstraints | list | `[]` | Topology Spread Constraints for the operator to be installed. | +| updateStrategy | object | `{}` | Update strategy for the operator. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy For example: type: RollingUpdate rollingUpdate: maxSurge: 25% maxUnavailable: 25% | + diff --git a/helm/plugin-barman-cloud/files/crds/barmancloud.cnpg.io_objectstores.yaml b/helm/plugin-barman-cloud/files/crds/barmancloud.cnpg.io_objectstores.yaml new file mode 120000 index 0000000..d5a933a --- /dev/null +++ b/helm/plugin-barman-cloud/files/crds/barmancloud.cnpg.io_objectstores.yaml @@ -0,0 +1 @@ +../../../../config/crd/bases/barmancloud.cnpg.io_objectstores.yaml \ No newline at end of file diff --git a/helm/plugin-barman-cloud/templates/_helpers.tpl b/helm/plugin-barman-cloud/templates/_helpers.tpl new file mode 100644 index 0000000..b71f659 --- /dev/null +++ b/helm/plugin-barman-cloud/templates/_helpers.tpl @@ -0,0 +1,135 @@ +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "plugin-barman-cloud.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "plugin-barman-cloud.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "plugin-barman-cloud.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "plugin-barman-cloud.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "plugin-barman-cloud.labels" -}} +helm.sh/chart: {{ include "plugin-barman-cloud.chart" . }} +{{ include "plugin-barman-cloud.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "plugin-barman-cloud.selectorLabels" -}} +app.kubernetes.io/name: {{ include "plugin-barman-cloud.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "plugin-barman-cloud.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "plugin-barman-cloud.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Define the set of rules that must be applied clusterwide +*/}} +{{- define "plugin-barman-cloud.clusterwideRules" }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/finalizers + verbs: + - update +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/status + verbs: + - get + - patch + - update +- apiGroups: + - postgresql.cnpg.io + resources: + - backups + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/additional-rbac/leader_election.yaml b/helm/plugin-barman-cloud/templates/additional-rbac/leader_election.yaml new file mode 100644 index 0000000..6aad2f6 --- /dev/null +++ b/helm/plugin-barman-cloud/templates/additional-rbac/leader_election.yaml @@ -0,0 +1,72 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# permissions to do leader election. +{{- if .Values.rbac.additional.leaderElection.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "plugin-barman-cloud.labels" . | nindent 4 }} + name: {{ include "plugin-barman-cloud.fullname" . }}-leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "plugin-barman-cloud.labels" . | nindent 4 }} + name: {{ include "plugin-barman-cloud.fullname" . }}-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "plugin-barman-cloud.fullname" . }}-leader-election-role +subjects: +- kind: ServiceAccount + name: {{ include "plugin-barman-cloud.serviceAccountName" . }} + namespace: {{ include "plugin-barman-cloud.namespace" . }} +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/additional-rbac/metrics_auth.yaml b/helm/plugin-barman-cloud/templates/additional-rbac/metrics_auth.yaml new file mode 100644 index 0000000..145c03f --- /dev/null +++ b/helm/plugin-barman-cloud/templates/additional-rbac/metrics_auth.yaml @@ -0,0 +1,48 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +{{- if .Values.rbac.additional.metricsAuth.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "plugin-barman-cloud.fullname" . }}-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "plugin-barman-cloud.fullname" . }}-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "plugin-barman-cloud.fullname" . }}-metrics-auth-role +subjects: +- kind: ServiceAccount + name: {{ include "plugin-barman-cloud.serviceAccountName" . }} + namespace: {{ include "plugin-barman-cloud.namespace" . }} +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/additional-rbac/metrics_reader_role.yaml b/helm/plugin-barman-cloud/templates/additional-rbac/metrics_reader_role.yaml new file mode 100644 index 0000000..38a6b3c --- /dev/null +++ b/helm/plugin-barman-cloud/templates/additional-rbac/metrics_reader_role.yaml @@ -0,0 +1,27 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +{{- if .Values.rbac.additional.metricsReader.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "plugin-barman-cloud.fullname" . }}-metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/additional-rbac/objectstore_editor_role.yaml b/helm/plugin-barman-cloud/templates/additional-rbac/objectstore_editor_role.yaml new file mode 100644 index 0000000..aec85fd --- /dev/null +++ b/helm/plugin-barman-cloud/templates/additional-rbac/objectstore_editor_role.yaml @@ -0,0 +1,44 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# permissions for end users to edit objectstores. +{{- if .Values.rbac.additional.objectStore.editor.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "plugin-barman-cloud.labels" . | nindent 4 }} + name: {{ include "plugin-barman-cloud.fullname" . }}-objectstore-editor-role +rules: +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/status + verbs: + - get +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/additional-rbac/objectstore_viewer_role.yaml b/helm/plugin-barman-cloud/templates/additional-rbac/objectstore_viewer_role.yaml new file mode 100644 index 0000000..14214cb --- /dev/null +++ b/helm/plugin-barman-cloud/templates/additional-rbac/objectstore_viewer_role.yaml @@ -0,0 +1,40 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# permissions for end users to view objectstores. +{{- if .Values.rbac.additional.objectStore.viewer.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "plugin-barman-cloud.labels" . | nindent 4 }} + name: {{ include "plugin-barman-cloud.fullname" . }}-objectstore-viewer-role +rules: +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores + verbs: + - get + - list + - watch +- apiGroups: + - barmancloud.cnpg.io + resources: + - objectstores/status + verbs: + - get +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/certificate-issuer.yaml b/helm/plugin-barman-cloud/templates/certificate-issuer.yaml new file mode 100644 index 0000000..193e2f7 --- /dev/null +++ b/helm/plugin-barman-cloud/templates/certificate-issuer.yaml @@ -0,0 +1,23 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ include "plugin-barman-cloud.fullname" . }}-selfsigned-issuer + namespace: {{ include "plugin-barman-cloud.namespace" . }} +spec: + selfSigned: {} diff --git a/helm/plugin-barman-cloud/templates/client-certificate.yaml b/helm/plugin-barman-cloud/templates/client-certificate.yaml new file mode 100644 index 0000000..912fdaf --- /dev/null +++ b/helm/plugin-barman-cloud/templates/client-certificate.yaml @@ -0,0 +1,35 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +{{- if .Values.certificate.createClientCertificate }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: barman-cloud-client + namespace: {{ include "plugin-barman-cloud.namespace" . }} +spec: + commonName: barman-cloud-client + duration: {{ .Values.certificate.duration | default "2160h" }} + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: {{ include "plugin-barman-cloud.fullname" . }}-selfsigned-issuer + renewBefore: {{ .Values.certificate.renewBefore | default "360h" }} + secretName: barman-cloud-client-tls + usages: + - client auth +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/crd.yaml b/helm/plugin-barman-cloud/templates/crd.yaml new file mode 100644 index 0000000..651cd07 --- /dev/null +++ b/helm/plugin-barman-cloud/templates/crd.yaml @@ -0,0 +1,21 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +{{- if .Values.crds.create }} +{{ range $path, $_ := .Files.Glob "files/crds/*" }} +--- +{{ $.Files.Get $path }} +{{ end }} +{{ end }} diff --git a/helm/plugin-barman-cloud/templates/deployment.yaml b/helm/plugin-barman-cloud/templates/deployment.yaml new file mode 100644 index 0000000..0d22bdb --- /dev/null +++ b/helm/plugin-barman-cloud/templates/deployment.yaml @@ -0,0 +1,113 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "plugin-barman-cloud.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "plugin-barman-cloud.fullname" . }} + namespace: {{ include "plugin-barman-cloud.namespace" . }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "plugin-barman-cloud.selectorLabels" . | nindent 6 }} + {{- if .Values.updateStrategy }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + template: + metadata: + labels: + {{- include "plugin-barman-cloud.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - args: + - operator + - --server-cert=/server/tls.crt + - --server-key=/server/tls.key + - --client-cert=/client/tls.crt + - --server-address=:9090 + - --leader-elect + - --log-level=debug + {{- range .Values.additionalArgs }} + - {{ . }} + {{- end }} + env: + - name: SIDECAR_IMAGE + valueFrom: + secretKeyRef: + key: SIDECAR_IMAGE + name: plugin-barman-cloud-m76km67hd7 + {{- if .Values.additionalEnv }} + {{- tpl (.Values.additionalEnv | toYaml) . | nindent 8 }} + {{- end }} + image: "{{ .Values.image.registry }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + name: barman-cloud + ports: + - containerPort: 9090 + protocol: TCP + readinessProbe: + initialDelaySeconds: 10 + periodSeconds: 10 + tcpSocket: + port: 9090 + resources: + {{- toYaml .Values.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 10 }} + volumeMounts: + - mountPath: /server + name: server + - mountPath: /client + name: client + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + serviceAccountName: plugin-barman-cloud + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: server + secret: + secretName: barman-cloud-server-tls + - name: client + secret: + secretName: barman-cloud-client-tls diff --git a/helm/plugin-barman-cloud/templates/rbac.yaml b/helm/plugin-barman-cloud/templates/rbac.yaml new file mode 100644 index 0000000..7ba96d8 --- /dev/null +++ b/helm/plugin-barman-cloud/templates/rbac.yaml @@ -0,0 +1,53 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +{{- if .Values.serviceAccount.create }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "plugin-barman-cloud.labels" . | nindent 4 }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "plugin-barman-cloud.serviceAccountName" . }} + namespace: {{ include "plugin-barman-cloud.namespace" . }} +{{- end }} +{{- if .Values.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "plugin-barman-cloud.fullname" . }} +rules: +{{- include "plugin-barman-cloud.clusterwideRules" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "plugin-barman-cloud.labels" . | nindent 4 }} + name: {{ include "plugin-barman-cloud.fullname" . }}-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "plugin-barman-cloud.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "plugin-barman-cloud.serviceAccountName" . }} + namespace: {{ include "plugin-barman-cloud.namespace" . }} +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/secret.yaml b/helm/plugin-barman-cloud/templates/secret.yaml new file mode 100644 index 0000000..865596f --- /dev/null +++ b/helm/plugin-barman-cloud/templates/secret.yaml @@ -0,0 +1,26 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: v1 +data: + SIDECAR_IMAGE: | + Z2hjci5pby9jbG91ZG5hdGl2ZS1wZy9wbHVnaW4tYmFybWFuLWNsb3VkLXNpZGVjYXI6dj + AuNC4w +kind: Secret +metadata: + name: plugin-barman-cloud-m76km67hd7 + namespace: {{ include "plugin-barman-cloud.namespace" . }} +type: Opaque diff --git a/helm/plugin-barman-cloud/templates/server-certificate.yaml b/helm/plugin-barman-cloud/templates/server-certificate.yaml new file mode 100644 index 0000000..ddaaf4a --- /dev/null +++ b/helm/plugin-barman-cloud/templates/server-certificate.yaml @@ -0,0 +1,37 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +{{- if .Values.certificate.createServerCertificate }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: barman-cloud-server + namespace: {{ include "plugin-barman-cloud.namespace" . }} +spec: + commonName: barman-cloud + dnsNames: + - barman-cloud + duration: {{ .Values.certificate.duration | default "2160h" }} + isCA: false + issuerRef: + group: cert-manager.io + kind: Issuer + name: {{ include "plugin-barman-cloud.fullname" . }}-selfsigned-issuer + renewBefore: {{ .Values.certificate.renewBefore | default "360h" }} + secretName: barman-cloud-server-tls + usages: + - server auth +{{- end }} diff --git a/helm/plugin-barman-cloud/templates/service.yaml b/helm/plugin-barman-cloud/templates/service.yaml new file mode 100644 index 0000000..e9ddf4a --- /dev/null +++ b/helm/plugin-barman-cloud/templates/service.yaml @@ -0,0 +1,44 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "plugin-barman-cloud.labels" . | nindent 4 }} + cnpg.io/pluginName: barman-cloud.cloudnative-pg.io + {{- with .Values.commonAnnotations }} + annotations: + cnpg.io/pluginClientSecret: barman-cloud-client-tls + cnpg.io/pluginPort: "9090" + cnpg.io/pluginServerSecret: barman-cloud-server-tls + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ .Values.service.name }} + namespace: {{ include "plugin-barman-cloud.namespace" . }} +spec: + {{- if .Values.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} + {{- end }} + {{- if .Values.service.ipFamilies }} + ipFamilies: {{ .Values.service.ipFamilies | toYaml | nindent 2 }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: 9090 + selector: + {{- include "plugin-barman-cloud.selectorLabels" . | nindent 4 }} diff --git a/helm/plugin-barman-cloud/values.schema.json b/helm/plugin-barman-cloud/values.schema.json new file mode 100644 index 0000000..d4e9b53 --- /dev/null +++ b/helm/plugin-barman-cloud/values.schema.json @@ -0,0 +1,246 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "additionalArgs": { + "type": "array" + }, + "additionalEnv": { + "type": "array" + }, + "affinity": { + "type": "object" + }, + "certificate": { + "type": "object", + "properties": { + "createClientCertificate": { + "type": "boolean" + }, + "createServerCertificate": { + "type": "boolean" + }, + "duration": { + "type": "string" + }, + "issuerName": { + "type": "string" + }, + "renewBefore": { + "type": "string" + } + } + }, + "commonAnnotations": { + "type": "object" + }, + "containerSecurityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsUser": { + "type": "integer" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "crds": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "dnsPolicy": { + "type": "string" + }, + "fullnameOverride": { + "type": "string" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "nameOverride": { + "type": "string" + }, + "namespaceOverride": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "runAsNonRoot": { + "type": "boolean" + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "type": "object", + "properties": { + "additional": { + "type": "object", + "properties": { + "leaderElection": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "metricsAuth": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "metricsReader": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "objectStore": { + "type": "object", + "properties": { + "editor": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + }, + "viewer": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + } + } + } + } + } + } + }, + "create": { + "type": "boolean" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object" + }, + "service": { + "type": "object", + "properties": { + "ipFamilies": { + "type": "array" + }, + "ipFamilyPolicy": { + "type": "string" + }, + "name": { + "type": "string" + }, + "port": { + "type": "integer" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "updateStrategy": { + "type": "object" + } + } +} diff --git a/helm/plugin-barman-cloud/values.yaml b/helm/plugin-barman-cloud/values.yaml new file mode 100644 index 0000000..c8c9c3e --- /dev/null +++ b/helm/plugin-barman-cloud/values.yaml @@ -0,0 +1,161 @@ +# +# Copyright The CloudNativePG Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Default values for CloudNativePG. +# This is a YAML-formatted file. +# Please declare variables to be passed to your templates. + +replicaCount: 1 + +image: + registry: ghcr.io + repository: cloudnative-pg/plugin-barman-cloud + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +hostNetwork: false +dnsPolicy: "" + +# -- Update strategy for the operator. +# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +# For example: +# type: RollingUpdate +# rollingUpdate: +# maxSurge: 25% +# maxUnavailable: 25% +updateStrategy: {} + +crds: + # -- Specifies whether the CRDs should be created when installing the chart. + create: true + +# -- Additional arguments to be added to the operator's args list. +additionalArgs: [] + +# -- Array containing extra environment variables which can be templated. +# For example: +# - name: RELEASE_NAME +# value: "{{ .Release.Name }}" +# - name: MY_VAR +# value: "mySpecialKey" +additionalEnv: [] + +serviceAccount: + # -- Specifies whether the service account should be created. + create: true + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template. + name: "" + +rbac: + # -- Specifies whether ClusterRole and ClusterRoleBinding should be created. + create: true + additional: + leaderElection: + # -- Specifies whether the leader election Role and RoleBinding should be created. + create: true + metricsAuth: + # -- Specifies whether the metrics auth ClusterRole and ClusterRoleBinding should be created. + create: true + metricsReader: + # -- Specifies whether the metrics reader ClusterRole should be created. + create: true + objectStore: + editor: + # -- Specifies whether the object store editor ClusterRole should be created. + create: true + viewer: + # -- Specifies whether the object store viewer ClusterRole should be created. + create: true + +# -- Annotations to be added to all other resources. +commonAnnotations: {} +# -- Annotations to be added to the pod. +podAnnotations: {} +# -- Labels to be added to the pod. +podLabels: {} + +# -- Container Security Context. +containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 10001 + runAsGroup: 10001 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - "ALL" + +# -- Security Context for the whole pod. +podSecurityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + # fsGroup: 2000 + +# -- Priority indicates the importance of a Pod relative to other Pods. +priorityClassName: "" + +service: + # -- DO NOT CHANGE THE SERVICE NAME as it is currently used to generate the certificate + # and can not be configured + name: cnpg-webhook-service + port: 9090 + # -- Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + ipFamilyPolicy: "" + # -- Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + +resources: {} + # If you want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # limits: + # cpu: 100m + # memory: 200Mi + # requests: + # cpu: 100m + # memory: 100Mi + +# -- Nodeselector for the operator to be installed. +nodeSelector: {} + +# -- Topology Spread Constraints for the operator to be installed. +topologySpreadConstraints: [] + +# -- Tolerations for the operator to be installed. +tolerations: [] + +# -- Affinity for the operator to be installed. +affinity: {} + +certificate: + # -- Specifies whether the client certificate should be created. + createClientCertificate: true + # -- Specifies whether the server certificate should be created. + createServerCertificate: true + # -- The name of the issuer to use for the certificates. + issuerName: selfsigned-issuer + # -- The duration of the certificates. + duration: 2160h + # -- The renew before time for the certificates. + renewBefore: 360h