feat: ✨ handle cnpg restore mode in console chart

charts/dso-cnpg/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/dso-cnpg/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: cpn-cnpg
+description: A Helm Chart to deploy easily a CNPG cluster
+type: application
+version: 1.0.0
+appVersion: 1.0.0
+keywords: []
+home: https://cloud-pi-native.fr
+sources:
+  - https://github.com/cloud-pi-native/helm-charts
+deprecated: false
+annotations: {}
+maintainers:
+  - name: this-is-tobi
+    email: [email protected]
+    url: https://this-is-tobi.com

charts/dso-cnpg/README.md

@@ -0,0 +1,53 @@
+# cpn-cnpg
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+
+A Helm Chart to deploy easily a CNPG cluster
+
+**Homepage:** <https://cloud-pi-native.fr>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| this-is-tobi | <[email protected]> | <https://this-is-tobi.com> |
+
+## Source Code
+
+* <https://github.com/cloud-pi-native/helm-charts>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| annotations | object | `{}` | Additional cnpg cluster annotations. |
+| backup.cron | string | `"0 0 */6 * * *"` | The cron rule used for cnpg backups. By default it runs every 6 hours. |
+| backup.destinationPath | string | `""` | S3 destination path for cnpg backups (it should be set like `s3://<bucket_name>/<path>`). |
+| backup.enabled | bool | `false` | Whether or not cnpg cluster deployment should be enabled. |
+| backup.endpointCA.key | string | `""` | The secret key containing S3 CA for cnpg backups. |
+| backup.endpointCA.name | string | `""` | The secret name containing S3 CA for cnpg backups. |
+| backup.endpointURL | string | `""` | S3 endpoint for cnpg backups. |
+| backup.retentionPolicy | string | `"14d"` | Retention policy for cnpg backups recurrences. |
+| backup.s3Credentials.accessKeyId.key | string | `"accessKeyId"` | S3 accessKeyId kubernetes secret key used for cnpg backups. |
+| backup.s3Credentials.accessKeyId.value | string | `""` | S3 accessKeyId value used for cnpg backups. Only needed if `backup.s3Credentials.create` is set to `true`. |
+| backup.s3Credentials.create | bool | `false` | Whether or not to create kuebernetes secret used for cnpg backups. It will use `name`, `accessKeyId.key`, `accessKeyId.value`, `secretAccessKey.key` and `secretAccessKey.value` to create the secret. |
+| backup.s3Credentials.secretAccessKey.key | string | `"secretAccessKey"` | S3 secretAccessKey kubernetes secret key used for cnpg backups. |
+| backup.s3Credentials.secretAccessKey.value | string | `""` | S3 secretAccessKey value used for cnpg backups. Only needed if `backup.s3Credentials.create` is set to `true`. |
+| backup.s3Credentials.secretName | string | `""` | S3 kuebernetes secret name used for cnpg backups. |
+| dbName | string | `"dbname"` | Name of the database. |
+| enableSuperuserAccess | bool | `true` | Enable superuser access. |
+| exposed | bool | `false` | Whether or not a NodePort service should be created to exposed the database. |
+| fullnameOverride | string | `""` | String to fully override the default application name. |
+| imageName | string | `""` | Name of the image used for database.  By default (empty string), the operator will install the latest available minor version of the latest major version of PostgreSQL when the operator was released |
+| instances | int | `3` | Number of instances to spawn in the cluster. |
+| mode | string | `"primary"` | Mode used to deploy the cnpg cluster, it should be `primary`, `replica` or `restore`. |
+| nameOverride | string | `""` | Provide a name in place of the default application name. |
+| nodePort | string | `nil` | Port used for NodePort service. Needs `exposed` tu be true. |
+| primaryUpdateStrategy | string | `"unsupervised"` | Rolling update strategy used : unsupervised: automated update of the primary once all replicas have been upgraded (default) supervised: requires manual supervision to perform the switchover of the primary |
+| pvcSize | string | `"10Gi"` | Size of the PVC used by each cnpg instance. |
+| replica.host | string | `""` | Primary cnpg cluster host used for replica mode. |
+| replica.port | int | `5432` | Primary cnpg cluster port used for replica mode. |
+| username | string | `"username"` | Username of the database user. |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/dso-cnpg/templates/_helpers.tpl

@@ -0,0 +1,106 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cpnCnpg.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cpnCnpg.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+
+{{/*
+Create image pull secret
+*/}}
+{{- define "cpnCnpg.imagePullSecret" }}
+{{- with .Values.imageCredentials }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Create container environment variables from configmap
+*/}}
+{{- define "cpnCnpg.env" -}}
+{{ range $key, $val := .env }}
+{{ $key }}: {{ $val | quote }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Create container environment variables from secret
+*/}}
+{{- define "cpnCnpg.secret" -}}
+{{ range $key, $val := .secrets }}
+{{ $key }}: {{ $val | b64enc | quote }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Define a file checksum to trigger rollout on configmap of secret change
+*/}}
+{{- define "checksum" -}}
+{{- $ := index . 0 }}
+{{- $path := index . 1 }}
+{{- $resourceType := include (print $.Template.BasePath $path) $ | fromYaml -}}
+{{- if $resourceType -}}
+checksum/{{ $resourceType.metadata.name }}: {{ $resourceType.data | toYaml | sha256sum }}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cpnCnpg.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Common labels
+*/}}
+{{- define "cpnCnpg.common.labels" -}}
+helm.sh/chart: {{ include "cpnCnpg.chart" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+
+{{/*
+Selector labels
+*/}}
+{{- define "cpnCnpg.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cpnCnpg.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
+{{/*
+Labels
+*/}}
+{{- define "cpnCnpg.labels" -}}
+{{ include "cpnCnpg.common.labels" . }}
+{{ include "cpnCnpg.selectorLabels" . }}
+{{- end }}

charts/dso-cnpg/templates/backup-secret.yaml

@@ -0,0 +1,11 @@
+{{- if and .Values.backup.enabled .Values.backup.s3Credentials.create }}
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnConsole.fullname" .) "pg-cluster") }}
+  labels:
+    {{- include "cpnCnpg.labels" . | nindent 4 }}
+data:
+  {{ .Values.backup.s3Credentials.accessKeyId.key | indent 2 -}}: {{ .Values.backup.s3Credentials.accessKeyId.value | b64enc }}
+  {{ .Values.backup.s3Credentials.secretAccessKey.key | indent 2 -}}: {{ .Values.backup.s3Credentials.secretAccessKey.value | b64enc }}
+{{- end -}}

charts/dso-cnpg/templates/pg-cluster.yaml

@@ -0,0 +1,92 @@
+apiVersion: postgresql.io/v1
+kind: Cluster
+metadata:
+  name: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+  labels:
+    {{- include "cpnCnpg.labels" . | nindent 4 }}
+  annotations:
+    {{- with .Values.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  instances: {{ .Values.instances }}
+  {{- if .Values.imageName }}
+  imageName: {{ .Values.imageName }}
+  {{- end }}
+  postgresql:
+    {{- end }}
+    parameters:
+      max_worker_processes: "60"
+    pg_hba:
+      - {{ printf "%s %s %s %s %s" "host" .Values.dbName .Values.username "all" "md5" }}
+      - {{ printf "%s %s %s %s %s" "host" .Values.dbName "streaming_replica" "all" "md5" }}
+  bootstrap:
+  {{- if eq .Values.mode "primary" }}
+    initdb:
+      database: {{ .Values.dbName }}
+      owner: {{ .Values.username }}
+  {{- else if or (eq .Values.mode "replica") (eq .Values.mode "restore") }}
+    recovery:
+      source: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+  externalClusters:
+  - name: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+    {{- if or (.Values.backup.enabled) (eq .Values.mode "restore") }}
+    barmanObjectStore:
+      destinationPath: {{ .Values.backup.destinationPath }}
+      endpointURL: {{ .Values.backup.endpointURL }}
+      {{- if .Values.backup.endpointCA.name }}
+      endpointCA:
+        name: {{ .Values.backup.endpointCA.name }}
+        key: {{ .Values.backup.endpointCA.key }}
+      {{- end }}
+      s3Credentials:
+        accessKeyId:
+          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+          key: {{ .Values.backup.s3Credentials.accessKeyId.key }}
+        secretAccessKey:
+          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+          key: {{ .Values.backup.s3Credentials.secretAccessKey.key }}
+    {{- end }}
+    {{- if eq .Values.mode "replica" }}
+    connectionParameters:
+      host: {{ .Values.replica.host }}
+      port: {{ .Values.replica.port }}
+      dbname: {{ .Values.dbName }}
+      sslmode: prefer
+    sslKey:
+      name: {{ (printf "%s-%s" .Values.nameOverride "replication") | default (printf "%s-%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster" "replication") }}
+      key: tls.key
+    sslCert:
+      name: {{ (printf "%s-%s" .Values.nameOverride "replication") | default (printf "%s-%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster" "replication") }}
+      key: tls.crt
+    sslRootCert:
+      name: {{ (printf "%s-%s" .Values.nameOverride "ca") | default (printf "%s-%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster" "ca") }}
+      key: ca.crt
+    {{- end }}
+  {{- end }}
+  {{- if eq .Values.mode "replica" }}
+  replica:
+    enabled: true
+    source: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+  {{- end }}
+  enableSuperuserAccess: {{ .Values.enableSuperuserAccess }}
+  primaryUpdateStrategy: {{ .Values.primaryUpdateStrategy }}
+  storage:
+    size: {{ .Values.pvcSize }}
+  {{- if .Values.backup.enabled }}
+  backup:
+    barmanObjectStore:
+      destinationPath: {{ .Values.backup.destinationPath }}
+      endpointURL: {{ .Values.backup.endpointURL }}
+      endpointCA:
+        name: {{ .Values.backup.endpointCA.name }}
+        key: {{ .Values.backup.endpointCA.key }}
+      s3Credentials:
+        accessKeyId:
+          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+          key: {{ .Values.backup.s3Credentials.accessKeyId.key }}
+        secretAccessKey:
+          name: {{ .Values.backup.s3Credentials.secretName | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+          key: {{ .Values.backup.s3Credentials.secretAccessKey.key }}
+    retentionPolicy: {{ .Values.backup.retentionPolicy }}
+  {{- end }}

charts/dso-cnpg/templates/scheduled-backup.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.backup.enabled }}
+apiVersion: postgresql.io/v1
+kind: ScheduledBackup
+metadata:
+  name: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+  labels:
+    {{- include "cpnCnpg.labels" . | nindent 4 }}
+spec:
+  schedule: {{ .Values.backup.cron }}
+  backupOwnerReference: self
+  cluster:
+    name: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+{{- end }}

charts/dso-cnpg/templates/service-nodeport.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.exposed }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ (printf "%s-%s" .Values.nameOverride "rw-nodeport") | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+  labels:
+    {{- include "cpnCnpg.labels" . | nindent 4 }}
+  annotations:
+    {{- with .Values.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  ports:
+  - name: postgres
+    port: 5432
+    protocol: TCP
+    nodePort: {{ .Values.nodePort }}
+  selector:
+    cnpg.io/cluster: {{ .Values.nameOverride | default (printf "%s-%s" (include "cpnCnpg.fullname" .) "pg-cluster") }}
+    role: primary
+  type: NodePort
+{{- end }}