Merge 78d02d6803 into 367db3cd66

This PR contains the following updates:

| Package | Type | Update | Change | Age | Confidence |
|---|---|---|---|---|---|
|  |  | lockFileMaintenance | All locks refreshed |  |  |
|
[@easyops-cn/docusaurus-search-local](https://redirect.github.com/easyops-cn/docusaurus-search-local)
([source](https://redirect.github.com/easyops-cn/docusaurus-search-local/tree/HEAD/packages/docusaurus-search-local))
| dependencies | patch | [`0.52.1` ->
`0.52.2`](https://renovatebot.com/diffs/npm/@easyops-cn%2fdocusaurus-search-local/0.52.1/0.52.2)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@easyops-cn%2fdocusaurus-search-local/0.52.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@easyops-cn%2fdocusaurus-search-local/0.52.1/0.52.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

🔧 This Pull Request updates lock files to use the latest dependency
versions.

---

### Release Notes

<details>
<summary>easyops-cn/docusaurus-search-local
(@&#8203;easyops-cn/docusaurus-search-local)</summary>

###
[`v0.52.2`](https://redirect.github.com/easyops-cn/docusaurus-search-local/releases/tag/v0.52.2)

[Compare
Source](https://redirect.github.com/easyops-cn/docusaurus-search-local/compare/v0.52.1...v0.52.2)

##### Bug Fixes

- wrap SearchBar with DocsPreferredVersionContextProvider for Docusaurus
3.9+ compatibility
([5aedc2e](5aedc2e7c4))
- wrap SearchBar with DocsPreferredVersionContextProvider for Docusaurus
3.9+ compatibility
([1b4f011](1b4f01139b))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/cloudnative-pg/plugin-barman-cloud).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOS45IiwidXBkYXRlZEluVmVyIjoiNDIuMTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21hdGVkIiwibm8taXNzdWUiXX0=-->

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.wordlist.txt

@@ -128,6 +128,7 @@ pluginConfiguration
 podName
 postgres
 postgresql
+pprof
 primaryUpdateStrategy
 rbac
 rc

go.mod

@@ -7,7 +7,7 @@ toolchain go1.25.4
 require (
 	github.com/cert-manager/cert-manager v1.19.1
 	github.com/cloudnative-pg/api v1.27.0
-	github.com/cloudnative-pg/barman-cloud v0.3.3
+	github.com/cloudnative-pg/barman-cloud v0.3.4-0.20251203100017-1d476f125c5b
 	github.com/cloudnative-pg/cloudnative-pg v1.27.1
 	github.com/cloudnative-pg/cnpg-i v0.3.0
 	github.com/cloudnative-pg/cnpg-i-machinery v0.4.1

go.sum

@@ -18,8 +18,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudnative-pg/api v1.27.0 h1:uSUkF9X/0UZu1Xn5qI33qHVmzZrDKuuyoiRlsOmSTv4=
 github.com/cloudnative-pg/api v1.27.0/go.mod h1:IWyAmuirffHiw6iIGD1p18BmZNb13TK9Os/wkp8ltDg=
-github.com/cloudnative-pg/barman-cloud v0.3.3 h1:EEcjeV+IUivDpmyF/H/XGY1pGaKJ5LS5MYeB6wgGcak=
+github.com/cloudnative-pg/barman-cloud v0.3.4-0.20251203100017-1d476f125c5b h1:7qpnZpOkmjhs0Prasu8laSaiEQ7eC2qW1xA39mQ/aEc=
-github.com/cloudnative-pg/barman-cloud v0.3.3/go.mod h1:5CM4MncAxAjnqxjDt0I5E/oVd7gsMLL0/o/wQ+vUSgs=
+github.com/cloudnative-pg/barman-cloud v0.3.4-0.20251203100017-1d476f125c5b/go.mod h1:F6JqmFpa3V0/8paxu372tvxH7F6NrfUbtul3zrsoy+k=
 github.com/cloudnative-pg/cloudnative-pg v1.27.1 h1:w+bbtXyEPoaa7sZGXxbb8qJ+/bUGWQ3M48kbNUEpKlk=
 github.com/cloudnative-pg/cloudnative-pg v1.27.1/go.mod h1:XbwCAlCm5fr+/A+v+qvMp8DHzVtJr2m0Y/TpKALw+Bk=
 github.com/cloudnative-pg/cnpg-i v0.3.0 h1:5ayNOG5x68lU70IVbHDZQrv5p+bErCJ0mqRmOpW2jjE=

internal/cmd/instance/main.go

@@ -52,6 +52,13 @@ func NewCmd() *cobra.Command {
 		},
 	}
 
+	cmd.Flags().String("pprof-server",
+		"",
+		"The address where pprof server should be exposed, for example: 0.0.0.0:6061. "+
+			"Empty string means disabled. Disabled by default",
+	)
+	_ = viper.BindPFlag("pprof-server", cmd.Flags().Lookup("pprof-server"))
+
 	_ = viper.BindEnv("namespace", "NAMESPACE")
 	_ = viper.BindEnv("cluster-name", "CLUSTER_NAME")
 	_ = viper.BindEnv("pod-name", "POD_NAME")

internal/cnpgi/instance/manager.go

@@ -52,7 +52,8 @@ func Start(ctx context.Context) error {
 	namespace := viper.GetString("namespace")
 
 	controllerOptions := ctrl.Options{
-		Scheme: scheme,
+		PprofBindAddress: viper.GetString("pprof-server"),
+		Scheme:           scheme,
 		Client: client.Options{
 			// Important: the caching options below are used by
 			// controller-runtime only.

internal/cnpgi/restore/restore.go

@@ -157,7 +157,7 @@ func (impl JobHookImpl) Restore(
 
 	config := getRestoreWalConfig()
 
-	contextLogger.Info("sending restore response", "config", config, "env", env)
+	contextLogger.Info("sending restore response", "config", config)
 	return &restore.RestoreResponse{
 		RestoreConfig: config,
 		Envs:          nil,

web/docs/migration.md

@@ -103,6 +103,10 @@ As you can see, the contents of `barmanObjectStore` have been copied directly
 under the `configuration` field of the `ObjectStore` resource, using the same
 secret references.
 
+### IAM Role for Service Account (IRSA)
+
+If you use IRSA, you need to configure the `ObjectStore` to utilize the correct role as described in the [`Object Store Reference`](object_stores.md#iam-role-for-service-account-irsa).
+
 ## Step 2: Update the `Cluster` for plugin WAL archiving
 
 Once the `ObjectStore` resource is in place, update the `Cluster` resource as

web/docs/misc.md

@@ -74,3 +74,24 @@ spec:
 
 For a complete list of supported options, refer to the
 [official Barman Cloud documentation](https://docs.pgbarman.org/release/latest/).
+
+## Enable the pprof debug server for the sidecar
+
+You can enable the instance sidecar's pprof debug HTTP server by adding the `--pprof-server=<address>` flag to the container's
+arguments via `.spec.instanceSidecarConfiguration.additionalContainerArgs`.
+
+Pass a bind address in the form `<host>:<port>` (for example, `0.0.0.0:6061`).
+An empty value disables the server (disabled by default).
+
+### Example
+
+```yaml
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: my-store
+spec:
+  instanceSidecarConfiguration:
+    additionalContainerArgs:
+      - "--pprof-server=0.0.0.0:6061"
+```

web/docs/object_stores.md

@@ -101,6 +101,19 @@ spec:
         [...]
 ```
 
+In addition, configure the `ObjectStore` to inherit permissions from the IAM role referenced in the service account:
+
+```yaml
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  [...]
+spec:
+  configuration:
+    s3Credentials:
+      inheritFromIAMRole: true
+```
+
 ### S3 Lifecycle Policy
 
 Barman Cloud uploads backup files to S3 but does not modify or delete them afterward.