Commit Graph

9 Commits

Author SHA1 Message Date
Marco Nenciarini
0475daa589
fix: read owner GVK from object metadata instead of scheme
The operator does not know the CNPG API group at runtime (it is
not a sidecar injected by the CNPG operator, so CUSTOM_CNPG_GROUP
and CUSTOM_CNPG_VERSION are not available). Move SetControllerReference
to the specs package and read the GVK from the decoded Cluster's
TypeMeta rather than looking it up in the scheme.

Remove CNPG types from the operator's scheme and the env var bindings
from cmd/operator since they are no longer needed.

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
2026-04-10 11:23:35 +02:00
Marco Nenciarini
8b4fac41d0 fix: discover affected Roles by label instead of listing Clusters
The ObjectStore controller now lists Roles by a label
(barmancloud.cnpg.io/cluster) set by the Pre hook, inspects their
rules to find which ObjectStores they reference, then fetches those
ObjectStores and rebuilds the rules. This removes the clusters
get/list/watch permission. Conflict handling uses RetryOnConflict to
match the existing project pattern, and partial failures across Roles
are aggregated with errors.Join instead of failing on the first one.

Pre-existing Roles without the label won't be found by the ObjectStore
controller until the Pre hook adds it on the next Cluster
reconciliation. Same staleness window as the current main branch.

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
2026-04-10 10:03:00 +02:00
Armando Ruocco
2c134eafe4
feat: add support for DefaultAzureCredential authentication mechanism (#681)
Some checks failed
Deploy Docusaurus to GitHub Pages / build (push) Failing after 2s
Deploy Docusaurus to GitHub Pages / deploy (push) Has been skipped
release-please / release-please (push) Failing after 1s
This commit adds support for the DefaultAzureCredential authentication
mechanism in Azure Blob Storage. Users can now use the
`useDefaultAzureCredentials` option to enable Azure's default credential
chain, which automatically discovers and uses available credentials in
the following order

1. Environment Variables (Service Principal)
2. Managed Identity
3. Azure CLI
4. Azure PowerShell

This is particularly useful when running on Azure Kubernetes Service
(AKS) with Workload Identity, eliminating the need to explicitly store
credentials in Kubernetes Secrets.

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
2026-01-08 14:58:27 +01:00
Marco Nenciarini
1be34fe13e
feat(ip): assign copyright to the Linux Foundation (#571)
Adopt the new attribution information for contributions to
CloudNativePG:

```
Copyright © contributors to CloudNativePG, established as
CloudNativePG a Series of LF Projects, LLC.
```

Adopt the SPDX format for Apache License 2.0

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
2025-10-07 18:06:06 +02:00
Leonardo Cecchi
fecd1e9513
feat: retention policy (#191)
This commit makes the Barman cloud plugin support the enforcement of
retention policy as provided by the barman-cloud tool suite.

The first recoverability point and the last successful backup are
shown in the status of the ObjectStore resource for each involved
server name.

Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
2025-03-18 17:35:22 +01:00
Leonardo Cecchi
e4735a2f85
feat: separate recovery object store from replica source (#83)
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
2024-12-09 13:29:20 +01:00
Leonardo Cecchi
e30edd2318
feat: separate recovery and cluster object store (#76)
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
2024-12-05 12:05:14 +01:00
Armando Ruocco
240077c771
feat(spike): restore (#29)
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
2024-11-06 16:01:56 +01:00
Leonardo Cecchi
76383a30af
feat: grant permissions to read secrets (#25)
Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>
2024-10-03 16:58:56 +02:00