From 344b8eaf412c864344411de0d6a62ef01e6f7485 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Fri, 1 Mar 2024 19:03:51 -0500 Subject: [PATCH] feat: initial uds postgres operator with optional database deployment chart (#2) * slimmed down postgres operator package * wip * wip: udsify postgres operator package * still very wip postgres things * add uds postgres operator with config chart for deploying postgres server and databases * remove commented out code from testing * fix package name in publish step * fix mismatch in db/username in test uds-config variables * update readme, test task and add renovate config * add ci for pr and issue templates, fix test-package task * point Enivronment setup step to correct common action * update ci step to use vendored zarf * fix missing ocmmon import on registry1 flavored component * fix missing value for spilo image in registry1 flavor and add note about that image to readme * fix registry1 image ref issue and add longer timeout for cluster to come up * Add release workflow and add clean runner step to try to fix registry1 workflow working locally * add release please config files, commitlint workflow and milestoned type pr trigger * add CODEOWNERS * fix linting errors, add linting workflow, update readme per review feedback, remove extraneous renovate comments * fix missed lint error from adding lint check to workflow * fix invalid job from lint check resolution * fix job indentations * remove extra renovate regex managers * update direct zarf command to be uds zarf * Update chart/templates/uds-package.yaml Co-authored-by: Micah Nagel * fix uds-package cr templating, update task imports, update example values for less permissive netpol to postgres --------- Co-authored-by: Mikael Vanhemert Co-authored-by: Micah Nagel --- .github/.gitkeep | 0 .github/ISSUE_TEMPLATE/bug_report.md | 27 ++++++ .github/ISSUE_TEMPLATE/feature_request.md | 22 +++++ .github/ISSUE_TEMPLATE/tech_debt.md | 16 ++++ .github/pull_request_template.md | 20 +++++ .github/workflows/commitlint.yaml | 11 +++ .github/workflows/pull-requests.yaml | 84 +++++++++++++++++++ .github/workflows/scorecard.yaml | 50 +++++++++++ .github/workflows/tag-and-release.yaml | 58 +++++++++++++ .release-please-manifest.json | 3 + .vscode/settings.json | 16 ++++ .yamllint | 37 ++++++++ CODEOWNERS | 1 + README.md | 42 +++++----- SECURITY.md | 9 ++ bundle/uds-bundle.yaml | 27 ++++++ bundle/uds-config.yaml | 19 +++++ chart/.helmignore | 23 +++++ chart/Chart.yaml | 18 ++++ chart/templates/peer-auth-exception.yaml | 16 ++++ chart/templates/postgres-minimal.yaml | 18 ++++ chart/templates/postgres-svc.yaml | 17 ++++ chart/templates/uds-package.yaml | 25 ++++++ chart/values.yaml | 21 +++++ common/zarf.yaml | 31 +++++++ manifests/.gitkeep | 0 release-please-config.json | 24 ++++++ renovate.json | 26 ++++++ src/namespace/gitlab-ns.yaml | 4 + src/namespace/mattermost-ns.yaml | 4 + src/namespace/sonarqube-ns.yaml | 4 + src/namespace/zarf.yaml | 15 ++++ .../postgres/db-seed-cross-namespace.yaml | 52 ++++++++++++ src/test/postgres/db-seed.yaml | 52 ++++++++++++ src/test/postgres/postgres-minimal.yaml | 21 +++++ src/test/postgres/postgres-svc.yaml | 15 ++++ src/test/zarf.yaml | 69 +++++++++++++++ tasks.yaml | 54 ++++++++++++ tasks/cleanup.yaml | 10 +++ tasks/create.yaml | 27 ++++++ tasks/lint.yaml | 8 ++ tasks/publish.yaml | 28 +++++++ tasks/test.yaml | 14 ++++ values/.gitkeep | 0 values/registry1-values.yaml | 10 +++ values/upstream-values.yaml | 9 ++ values/values.yaml | 43 ++++++++++ version.txt | 1 + zarf.yaml | 61 +++++++++++--- 49 files changed, 1132 insertions(+), 30 deletions(-) delete mode 100644 .github/.gitkeep create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/ISSUE_TEMPLATE/tech_debt.md create mode 100644 .github/pull_request_template.md create mode 100644 .github/workflows/commitlint.yaml create mode 100644 .github/workflows/pull-requests.yaml create mode 100644 .github/workflows/scorecard.yaml create mode 100644 .github/workflows/tag-and-release.yaml create mode 100644 .release-please-manifest.json create mode 100644 .vscode/settings.json create mode 100644 .yamllint create mode 100644 SECURITY.md create mode 100644 bundle/uds-bundle.yaml create mode 100644 bundle/uds-config.yaml create mode 100644 chart/.helmignore create mode 100644 chart/Chart.yaml create mode 100644 chart/templates/peer-auth-exception.yaml create mode 100644 chart/templates/postgres-minimal.yaml create mode 100644 chart/templates/postgres-svc.yaml create mode 100644 chart/templates/uds-package.yaml create mode 100644 chart/values.yaml create mode 100644 common/zarf.yaml delete mode 100644 manifests/.gitkeep create mode 100644 release-please-config.json create mode 100644 renovate.json create mode 100644 src/namespace/gitlab-ns.yaml create mode 100644 src/namespace/mattermost-ns.yaml create mode 100644 src/namespace/sonarqube-ns.yaml create mode 100644 src/namespace/zarf.yaml create mode 100644 src/test/postgres/db-seed-cross-namespace.yaml create mode 100644 src/test/postgres/db-seed.yaml create mode 100644 src/test/postgres/postgres-minimal.yaml create mode 100644 src/test/postgres/postgres-svc.yaml create mode 100644 src/test/zarf.yaml create mode 100644 tasks.yaml create mode 100644 tasks/cleanup.yaml create mode 100644 tasks/create.yaml create mode 100644 tasks/lint.yaml create mode 100644 tasks/publish.yaml create mode 100644 tasks/test.yaml delete mode 100644 values/.gitkeep create mode 100644 values/registry1-values.yaml create mode 100644 values/upstream-values.yaml create mode 100644 values/values.yaml create mode 100644 version.txt diff --git a/.github/.gitkeep b/.github/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..d35438a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: 'possible-bug 🐛' +assignees: '' +--- + +### Environment +Device and OS: +App/package versions: +Kubernetes distro being used: +Other: + +### Steps to reproduce +1. + +### Expected result + +### Actual Result + +### Visual Proof (screenshots, videos, text, etc) + +### Severity/Priority + +### Additional Context +Add any other context or screenshots about the technical debt here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..b25e1c3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,22 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: 'enhancement ✨' +assignees: '' +--- + +### Is your feature request related to a problem? Please describe. +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +### Describe the solution you'd like + +- **Given** a state +- **When** an action is taken +- **Then** something happens + +### Describe alternatives you've considered +(optional) A clear and concise description of any alternative solutions or features you've considered. + +### Additional context +Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/tech_debt.md b/.github/ISSUE_TEMPLATE/tech_debt.md new file mode 100644 index 0000000..052f5ff --- /dev/null +++ b/.github/ISSUE_TEMPLATE/tech_debt.md @@ -0,0 +1,16 @@ +--- +name: Tech debt +about: Record something that should be investigated or refactored in the future. +title: '' +labels: 'tech-debt 💳' +assignees: '' +--- + +### Describe what should be investigated or refactored +A clear and concise description of what should be changed/researched. Ex. This piece of the code is not DRY enough [...] + +### Links to any relevant code +(optional) i.e. - https://github.com/defenseunicorns/uds-package-postgres-operator/blob/main/README.md?plain=1#L1 + +### Additional context +Add any other context or screenshots about the technical debt here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..120927e --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,20 @@ +## Description + +... + +## Related Issue + +Fixes # + +Relates to # + +## Type of change + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Other (security config, docs update, etc) + +## Checklist before merging + +- [ ] Test, docs, adr added or updated as needed +- [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-package-postgres-operator/blob/main/CONTRIBUTING.md#developer-workflow) followed diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml new file mode 100644 index 0000000..c83ce2b --- /dev/null +++ b/.github/workflows/commitlint.yaml @@ -0,0 +1,11 @@ +name: Metadata + +on: + pull_request: + branches: [main] + types: [milestoned, opened, edited, synchronize] + +jobs: + validate: + name: Validate + uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@417b9c2bc088f664c616c9929a2b3ce448d251f7 diff --git a/.github/workflows/pull-requests.yaml b/.github/workflows/pull-requests.yaml new file mode 100644 index 0000000..e63752e --- /dev/null +++ b/.github/workflows/pull-requests.yaml @@ -0,0 +1,84 @@ +name: Test + +# This workflow is triggered on pull requests to the main branch. +on: + pull_request: + paths: + - ".github/**" + - "bundle/**" + - "values/**" + - "tasks/**" + - "src/**" + - "chart/**" + - "tasks.yaml" + - "zarf.yaml" + # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow). + types: [milestoned, opened, reopened, synchronize] + + +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + id-token: write # Needed for OIDC-related operations. + contents: read # Allows reading the content of the repository. + pull-requests: read # Allows reading pull request metadata. + +# Default settings for all run commands in the workflow jobs. +defaults: + run: + shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set. + +jobs: + lint-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - name: Set up Homebrew + uses: Homebrew/actions/setup-homebrew@master + - name: Install UDS CLI + shell: bash + # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver + run: brew install defenseunicorns/tap/uds@0.9.0 + - name: Run Formatting Checks + run: uds run lint-check + + deploy: + needs: lint-check + runs-on: "ubuntu-latest" + timeout-minutes: 20 + strategy: + matrix: + flavor: [upstream, registry1] + name: Deploy ${{ matrix.flavor }} + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Environment setup + uses: defenseunicorns/uds-common/.github/actions/setup@417b9c2bc088f664c616c9929a2b3ce448d251f7 + + - name: Iron Bank Login + if: ${{ matrix.flavor == 'registry1' }} + run: uds zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil + + - name: Clean Runner + if: ${{ matrix.flavor == 'registry1' }} + uses: defenseunicorns/uds-common/.github/actions/clean-runner@417b9c2bc088f664c616c9929a2b3ce448d251f7 + + - name: Create test bundle + run: uds run create-test-bundle --set FLAVOR=${{ matrix.flavor }} + + - name: Setup cluster + run: uds run setup-cluster + + - name: Deploy test bundle + run: uds run deploy-test-bundle + + - name: Test package + run: uds run test-package + + - name: Save logs + if: always() + uses: defenseunicorns/uds-common/.github/actions/save-logs@417b9c2bc088f664c616c9929a2b3ce448d251f7 + with: + suffix: '${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}' diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml new file mode 100644 index 0000000..23a9619 --- /dev/null +++ b/.github/workflows/scorecard.yaml @@ -0,0 +1,50 @@ +name: Scorecards supply-chain security +on: + # Only the default branch is supported. + branch_protection_rule: + schedule: + - cron: '30 1 * * 6' + push: + branches: ["main"] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecards analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Used to receive a badge. + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + with: + results_file: results.sarif + results_format: sarif + repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + with: + sarif_file: results.sarif diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml new file mode 100644 index 0000000..b7d87e7 --- /dev/null +++ b/.github/workflows/tag-and-release.yaml @@ -0,0 +1,58 @@ +name: Publish UDS Package Postgres Operator + +on: + push: + branches: + - main + +jobs: + tag-new-version: + name: Tag New Version + permissions: write-all + runs-on: ubuntu-latest + outputs: + release_created: ${{ steps.release-flag.outputs.release_created }} + steps: + - name: Create release tag + id: tag + uses: google-github-actions/release-please-action@cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e # v4 + - id: release-flag + run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT + + publish-package: + strategy: + matrix: + flavor: [upstream, registry1] + needs: tag-new-version + if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} + runs-on: ubuntu-latest + name: Publish package + + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Environment setup + uses: defenseunicorns/uds-common/.github/actions/setup@417b9c2bc088f664c616c9929a2b3ce448d251f7 + + - name: Iron Bank Login + run: zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: dummy + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish Package + run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }} + + - name: Save logs + if: always() + uses: defenseunicorns/uds-common/.github/actions/save-logs@417b9c2bc088f664c616c9929a2b3ce448d251f7 + with: + suffix: '${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}' diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 0000000..02bd5e7 --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "1.10.1-uds.0" +} \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..96d39af --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,16 @@ +{ + "yaml.schemas": { + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/uds.schema.json": [ + "uds-bundle.yaml" + ], + + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/tasks.schema.json": [ + "tasks.yaml", + "tasks/**/*.yaml", + "src/**/validate.yaml" + ], + "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.32.3/zarf.schema.json": [ + "zarf.yaml" + ] + }, + } \ No newline at end of file diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..0b01b80 --- /dev/null +++ b/.yamllint @@ -0,0 +1,37 @@ +yaml-files: + - '**/*.y*ml' + - '.yamllint' + +# Ignore files from upstream +ignore: + - '**/chart/templates**' + + +rules: + anchors: enable + braces: enable + brackets: enable + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: disable + float-values: disable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: enable + new-lines: enable + octal-values: disable + quoted-strings: disable + trailing-spaces: enable + truthy: + level: warning diff --git a/CODEOWNERS b/CODEOWNERS index e69de29..e605720 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -0,0 +1 @@ +/* @defenseunicorns/uds \ No newline at end of file diff --git a/README.md b/README.md index 9686786..1ee88e3 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,35 @@ -## Welcome to the UDS Capability Template! +# uds-package-postgres-operator -1. Update [CHANGELOG.md](CHANGELOG.md), [CONTRIBUTING.md](CONTRIBUTING.md), [DEVELOPMENT_MAINTENANCE.md](docs/DEVELOPMENT_MAINTENANCE.md) -1. Populate [CODEOWNERS](CODEOWNERS), [README.md](README.md) -1. Verify [LICENSE](LICENSE) -1. Add [manifests](manifests/), [values](values/), and [docs](docs/) -1. Complete [zarf.yaml](zarf.yaml) -1. Flesh out the [pipeline](.github/) -1. Delete this section +> [!WARNING] +> uds-package-postgres-operator is in early alpha and is not ready for general consumption. -*** +## Prerequisites -# [CAPABILITY REPOSITORY NAME] +- [K3D](https://k3d.io/) for dev & test environments or any [CNCF Certified Kubernetes Cluster](https://www.cncf.io/training/certification/software-conformance/#logos) for production environments. -[Short description] +- [UDS CLI](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) v0.9.2 or later -## Prerequisites +## Flavors + +| Flavor | Description | Example Creation | +| ------ | ----------- | ---------------- | +| upstream | Uses upstream images within the package. | `uds zarf package create . -f upstream` | +| registry1 | Uses images from registry1.dso.mil within the package. | `uds zarf package create . -f registry1` | + +Note: the registry1 flavor uses `ghcr.io/zalando/spilo-15:3.0-p1` published from GHCR as there is not a spilo image in Iron Bank + +## Releases -[Bulleted-list, commands, etc; describing expected versions, deployed software, and other requirements] +The released packages can be found in [ghcr](https://github.com/defenseunicorns/uds-package-postgres-operator/pkgs/container/packages%2Fuds%2Fpostgres-operator). -## Create +## UDS Tasks (for local dev and CI) -[Steps used to build the UDS Capability] +*For local dev, this requires installing [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) -## Deploy +After installing uds-cli, for a list of available tasks that can be run in this repository execute the following command: - [Steps used to deploy the UDS Capability] +`uds run --list` -## Remove +## Contributing -[Steps used to remove the UDS Capability] +Please see the [CONTRIBUTING.md](./CONTRIBUTING.md) \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..fa5b27e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Supported Versions + +As [UDS Software Factory](https://github.com/defenseunicorns/uds-package-postgres-operator) has not yet reached v1.0.0, only the current latest minor release is supported. + +## Reporting a Vulnerability + +Please email `security-notice [at] defenseunicorns.com` to report a vulnerability. If you are unable to disclose details via email, please let us know and we can coordinate alternate communications. diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml new file mode 100644 index 0000000..2cdc8ee --- /dev/null +++ b/bundle/uds-bundle.yaml @@ -0,0 +1,27 @@ +kind: UDSBundle +metadata: + name: postgres-operator-test + description: A UDS bundle for deploying Zalando Postgres Operator and on a development cluster + # x-release-please-start-version + version: 1.10.1-uds.0 + # x-release-please-end + +packages: + - name: dev-namespaces + path: ../ + ref: 0.1.0 + - name: postgres-operator + path: ../ + # x-release-please-start-version + ref: 1.10.1-uds.0 + # x-release-please-end + overrides: + postgres-operator: + uds-postgres-config: + variables: + - name: POSTGRESQL + description: "Configure postgres using CRs via the uds-postgres-config chart" + path: postgresql + - name: postgres-test + path: ../ + ref: 0.1.0 diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml new file mode 100644 index 0000000..11b058f --- /dev/null +++ b/bundle/uds-config.yaml @@ -0,0 +1,19 @@ +variables: + postgres-operator: + postgresql: + enabled: true # Set to false to not create the PostgreSQL resource + teamId: "uds" + volume: + size: "10Gi" + numberOfInstances: 2 + users: + gitlab.gitlab: [] # database owner + sonarqube.sonarqube: [] # database owner + mattermost.mattermost: [] # database owner + databases: + gitlabdb: gitlab.gitlab + mattermostdb: mattermost.mattermost + sonarqubedb: sonarqube.sonarqube + version: "13" + ingress: + remoteGenerated: Anywhere diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 0000000..efcbf0c --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: chart +description: uds-postgres-config + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 diff --git a/chart/templates/peer-auth-exception.yaml b/chart/templates/peer-auth-exception.yaml new file mode 100644 index 0000000..5e38e2c --- /dev/null +++ b/chart/templates/peer-auth-exception.yaml @@ -0,0 +1,16 @@ +{{- if .Capabilities.APIVersions.Has "security.istio.io/v1beta1" }} +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: postgres-istio-exceptions + namespace: {{ .Release.Namespace }} +spec: + mtls: + mode: STRICT + selector: + matchLabels: + cluster-name: pg-cluster + portLevelMtls: + "5432": + mode: PERMISSIVE +{{- end }} \ No newline at end of file diff --git a/chart/templates/postgres-minimal.yaml b/chart/templates/postgres-minimal.yaml new file mode 100644 index 0000000..e5d704a --- /dev/null +++ b/chart/templates/postgres-minimal.yaml @@ -0,0 +1,18 @@ +{{- if .Values.postgresql.enabled }} +apiVersion: acid.zalan.do/v1 +kind: postgresql +metadata: + name: pg-cluster + namespace: {{ .Release.Namespace }} +spec: + teamId: {{ .Values.postgresql.teamId | quote }} + volume: + size: {{ .Values.postgresql.volume.size | quote }} + numberOfInstances: {{ .Values.postgresql.numberOfInstances }} + users: + {{- toYaml .Values.postgresql.users | nindent 4 }} # database owner + databases: + {{- toYaml .Values.postgresql.databases | nindent 4 }} + postgresql: + version: {{ .Values.postgresql.version | quote }} +{{- end }} \ No newline at end of file diff --git a/chart/templates/postgres-svc.yaml b/chart/templates/postgres-svc.yaml new file mode 100644 index 0000000..cd82ae6 --- /dev/null +++ b/chart/templates/postgres-svc.yaml @@ -0,0 +1,17 @@ +{{- if .Values.postgresql.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: pg-cluster-headless + namespace: {{ .Release.Namespace }} +spec: + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + protocol: TCP + targetPort: 5432 + type: ClusterIP + selector: + cluster-name: pg-cluster +{{- end }} \ No newline at end of file diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml new file mode 100644 index 0000000..a6a5231 --- /dev/null +++ b/chart/templates/uds-package.yaml @@ -0,0 +1,25 @@ +{{- if .Values.postgresql.enabled }} +apiVersion: uds.dev/v1alpha1 +kind: Package +metadata: + name: postgres + namespace: {{ .Release.Namespace }} +spec: + network: + allow: + - direction: Ingress + remoteGenerated: IntraNamespace + - direction: Egress + remoteGenerated: IntraNamespace + {{- if .Values.postgresql.ingress }} + - direction: Ingress + selector: + cluster-name: pg-cluster + {{- .Values.postgresql.ingress | toYaml | nindent 8 }} + {{- end }} + - direction: Egress + selector: + cluster-name: pg-cluster + remoteGenerated: KubeAPI +{{- end }} + diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 0000000..3cc79d9 --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,21 @@ +postgresql: + enabled: false + +# teamId: "uds" +# volume: +# size: "1Gi" +# numberOfInstances: 2 +# users: +# myuser: [] # database owner +# # youruser: [] # database owner +# databases: +# mydb: myuser +# yourdb: youruser +# version: "13" +# ingress: +# remoteGenerated: Anywhere +# or +# ingress: +# remoteNamespace: tempo +# remoteSelector: +# app.kubernetes.io/name: tempo diff --git a/common/zarf.yaml b/common/zarf.yaml new file mode 100644 index 0000000..f788194 --- /dev/null +++ b/common/zarf.yaml @@ -0,0 +1,31 @@ +kind: ZarfPackageConfig +metadata: + name: uds-postgres-operator-common + description: "UDS Postgres Operator Common" + url: https://github.com/zalando/postgres-operator + +components: + - name: postgres-operator + required: true + charts: + - name: uds-postgres-config + namespace: postgres + version: 0.1.0 + localPath: ../chart + - name: postgres-operator + version: v1.10.1 + namespace: postgres-operator + url: https://opensource.zalando.com/postgres-operator/charts/postgres-operator + valuesFiles: + - ../values/values.yaml + actions: + onDeploy: + after: + - description: Postgres Operator to be Healthy + maxTotalSeconds: 90 + wait: + cluster: + kind: pod + name: app.kubernetes.io/name=postgres-operator + namespace: postgres-operator + condition: Ready diff --git a/manifests/.gitkeep b/manifests/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 0000000..41dbdcb --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,24 @@ +{ + "packages": { + ".": { + "changelog-path": "CHANGELOG.md", + "changelog-sections": [ + { "type": "feat", "section": "Features", "hidden": false }, + { "type": "fix", "section": "Bug Fixes", "hidden": false }, + { "type": "chore", "section": "Miscellaneous", "hidden": false } + ], + "release-type": "simple", + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "draft": false, + "versioning": "prerelease", + "prerelease-type": "uds", + "extra-files": [ + "bundle/uds-bundle.yaml", + "tasks/publish.yaml", + "zarf.yaml" + ] + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" + } \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..2e05988 --- /dev/null +++ b/renovate.json @@ -0,0 +1,26 @@ +{ + "enabled": true, + "forkProcessing": "enabled", + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "github>defenseunicorns/uds-common//config/renovate.json5", + ":semanticCommits", + ":semanticCommitTypeAll(chore)" + ], + "branchConcurrentLimit": 0, + "prConcurrentLimit": 0, + "prHourlyLimit": 0, + "separateMajorMinor": false, + "regexManagers":[ + ], + "packageRules": [ + { + "matchFileNames": [".github/**"], + "excludePackageNames": ["defenseunicorns/uds-cli"], + "groupName": "githubactions", + "commitMessageTopic": "githubactions", + "pinDigests": true + } + ] + } + \ No newline at end of file diff --git a/src/namespace/gitlab-ns.yaml b/src/namespace/gitlab-ns.yaml new file mode 100644 index 0000000..e686029 --- /dev/null +++ b/src/namespace/gitlab-ns.yaml @@ -0,0 +1,4 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: gitlab diff --git a/src/namespace/mattermost-ns.yaml b/src/namespace/mattermost-ns.yaml new file mode 100644 index 0000000..2761c1b --- /dev/null +++ b/src/namespace/mattermost-ns.yaml @@ -0,0 +1,4 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: mattermost diff --git a/src/namespace/sonarqube-ns.yaml b/src/namespace/sonarqube-ns.yaml new file mode 100644 index 0000000..2dc6f40 --- /dev/null +++ b/src/namespace/sonarqube-ns.yaml @@ -0,0 +1,4 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: sonarqube diff --git a/src/namespace/zarf.yaml b/src/namespace/zarf.yaml new file mode 100644 index 0000000..e75998d --- /dev/null +++ b/src/namespace/zarf.yaml @@ -0,0 +1,15 @@ +kind: ZarfPackageConfig +metadata: + name: dev-namespaces + description: "create namespaces for cross-ns secret functionality" + version: 0.1.0 + +components: + - name: deploy-namespace-for-cross-ns-secrets-test + required: true + manifests: + - name: dev-namespaces + files: + - gitlab-ns.yaml + - mattermost-ns.yaml + - sonarqube-ns.yaml diff --git a/src/test/postgres/db-seed-cross-namespace.yaml b/src/test/postgres/db-seed-cross-namespace.yaml new file mode 100644 index 0000000..189a2da --- /dev/null +++ b/src/test/postgres/db-seed-cross-namespace.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-seed-script + namespace: gitlab +data: + seed.sql: | + CREATE TABLE tasks ( + id SERIAL PRIMARY KEY, + name TEXT NOT NULL, + description TEXT + ); +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: db-seed-job + namespace: gitlab +spec: + template: + spec: + containers: + - name: db-seed + image: docker.io/postgres:13 + command: + - sh + - -c + - psql -h $DB_HOST -U $DB_USER -d $DB_NAME -a -f /seed.sql + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: gitlab.gitlab.pg-cluster.credentials.postgresql.acid.zalan.do + key: username + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: gitlab.gitlab.pg-cluster.credentials.postgresql.acid.zalan.do + key: password + - name: DB_HOST + value: pg-cluster.postgres.svc.cluster.local + - name: DB_NAME + value: gitlabdb + volumeMounts: + - name: seed-data + mountPath: /seed.sql + subPath: seed.sql + volumes: + - name: seed-data + configMap: + name: db-seed-script + restartPolicy: OnFailure diff --git a/src/test/postgres/db-seed.yaml b/src/test/postgres/db-seed.yaml new file mode 100644 index 0000000..c9d540a --- /dev/null +++ b/src/test/postgres/db-seed.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: db-seed-script + namespace: acid +data: + seed.sql: | + CREATE TABLE tasks ( + id SERIAL PRIMARY KEY, + name TEXT NOT NULL, + description TEXT + ); +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: db-seed-job + namespace: acid +spec: + template: + spec: + containers: + - name: db-seed + image: docker.io/postgres:13 + command: + - sh + - -c + - psql -h $DB_HOST -U $DB_USER -d $DB_NAME -a -f /seed.sql + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: myuser.pg-cluster.credentials.postgresql.acid.zalan.do + key: username + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: myuser.pg-cluster.credentials.postgresql.acid.zalan.do + key: password + - name: DB_HOST + value: pg-cluster + - name: DB_NAME + value: mydb + volumeMounts: + - name: seed-data + mountPath: /seed.sql + subPath: seed.sql + volumes: + - name: seed-data + configMap: + name: db-seed-script + restartPolicy: OnFailure diff --git a/src/test/postgres/postgres-minimal.yaml b/src/test/postgres/postgres-minimal.yaml new file mode 100644 index 0000000..46d2289 --- /dev/null +++ b/src/test/postgres/postgres-minimal.yaml @@ -0,0 +1,21 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: acid +--- +apiVersion: acid.zalan.do/v1 +kind: postgresql +metadata: + name: pg-cluster + namespace: acid +spec: + teamId: "myteam" + volume: + size: 1Gi + numberOfInstances: 2 + users: + myuser: [] # database owner + databases: + mydb: myuser + postgresql: + version: "13" diff --git a/src/test/postgres/postgres-svc.yaml b/src/test/postgres/postgres-svc.yaml new file mode 100644 index 0000000..84911b7 --- /dev/null +++ b/src/test/postgres/postgres-svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: pg-cluster-headless + namespace: acid +spec: + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + protocol: TCP + targetPort: 5432 + type: ClusterIP + selector: + cluster-name: pg-cluster diff --git a/src/test/zarf.yaml b/src/test/zarf.yaml new file mode 100644 index 0000000..017f943 --- /dev/null +++ b/src/test/zarf.yaml @@ -0,0 +1,69 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: postgres-test + description: "A test deployment of zalando postgres" + version: 0.1.0 + +components: + - name: test-cross-namespace-chart-deployed-postgres + required: true + manifests: + - name: db-seed + files: + - postgres/db-seed-cross-namespace.yaml + images: + - docker.io/postgres:13 + actions: + onDeploy: + before: + - wait: + cluster: + kind: Postgresql + name: pg-cluster + namespace: postgres + condition: "'{.status.PostgresClusterStatus}'=Running" + maxTotalSeconds: 600 + after: + - wait: + cluster: + kind: Job + name: db-seed-job + namespace: gitlab + condition: "'{.status.succeeded}'=1" + + + - name: deploy-postgres-standalone + required: true + manifests: + - name: postgres + files: + - postgres/postgres-svc.yaml + - postgres/postgres-minimal.yaml + actions: + onDeploy: + after: + - wait: + cluster: + kind: Postgresql + name: pg-cluster + namespace: acid + condition: "'{.status.PostgresClusterStatus}'=Running" + maxTotalSeconds: 600 + - name: test-standalone-postgres-deployment + required: true + manifests: + - name: db-seed + files: + - postgres/db-seed.yaml + images: + - docker.io/postgres:13 + actions: + onDeploy: + after: + - wait: + cluster: + kind: Job + name: db-seed-job + namespace: acid + condition: "'{.status.succeeded}'=1" diff --git a/tasks.yaml b/tasks.yaml new file mode 100644 index 0000000..dd7c982 --- /dev/null +++ b/tasks.yaml @@ -0,0 +1,54 @@ +includes: + - cleanup: ./tasks/cleanup.yaml + - create: ./tasks/create.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.1/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.1/tasks/setup.yaml + - test: ./tasks/test.yaml + - lint: ./tasks/lint.yaml + +tasks: + - name: default + description: Create K3D Cluster with UDS-Core-Istio + Zalando Postgres Operator + actions: + - task: create-test-bundle + - task: setup-cluster + - task: deploy-test-bundle + + - name: setup-cluster + description: Deploy k3d cluster using uds-common-tasks + actions: + - task: setup:k3d-test-cluster + + - name: create-package + description: Create UDS Poostgres Operator Package, No dependencies included + actions: + - task: create:postgres-operator-package + + - name: create-test-bundle + description: Create UDS Postgres Operator bundle with dependencies + actions: + - task: create:postgres-operator-test-bundle + + - name: deploy-test-bundle + description: Deploy UDS Postgres Operator bundle with dependencies using uds-common-tasks + actions: + - task: deploy:test-bundle + + - name: test-package + description: Run health checks and ingress tests + actions: + - task: test:health-check + + - name: cleanup + description: Destroy k3d Cluster + actions: + - task: cleanup:cluster + + - name: cleanup-bundle + description: Remove the Deployed UDS Postgres Operator Bundle + actions: + - task: cleanup:bundle + + - name: lint-check + actions: + - task: lint:check diff --git a/tasks/cleanup.yaml b/tasks/cleanup.yaml new file mode 100644 index 0000000..db52bc6 --- /dev/null +++ b/tasks/cleanup.yaml @@ -0,0 +1,10 @@ +tasks: + - name: cluster + actions: + - description: Destroy k3d cluster + cmd: k3d cluster delete uds + + - name: bundle + actions: + - description: Remove the Deployed UDS Gitlab Bundle + cmd: uds remove ./bundle/uds-bundle-postgres-operator-test*.tar.zst --confirm --no-progress diff --git a/tasks/create.yaml b/tasks/create.yaml new file mode 100644 index 0000000..4cd6eff --- /dev/null +++ b/tasks/create.yaml @@ -0,0 +1,27 @@ +variables: + - name: FLAVOR + default: "upstream" + +tasks: + - name: postgres-operator-test-bundle + description: Create the UDS bundle with Postgres Operator and its dependencies + actions: + - task: postgres-operator-package + - task: test-package + - task: dev-namespaces + - cmd: uds create bundle --confirm --no-progress --architecture=${UDS_ARCH} + + - name: postgres-operator-package + description: Create the UDS Postgres Operator Zarf Package + actions: + - cmd: uds zarf package create --confirm --no-progress --architecture=${UDS_ARCH} --flavor ${FLAVOR} + + - name: test-package + description: Create the Postgres Operator test package + actions: + - cmd: uds zarf package create src/test --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom + + - name: dev-namespaces + description: Create the namespaces for secrets + actions: + - cmd: uds zarf package create src/namespace --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom diff --git a/tasks/lint.yaml b/tasks/lint.yaml new file mode 100644 index 0000000..c83a3fc --- /dev/null +++ b/tasks/lint.yaml @@ -0,0 +1,8 @@ +tasks: + - name: check + description: "Run linting checks" + actions: + - description: install yamllint deps + cmd: CMD=pip && which $CMD || CMD=pip3 && $CMD install yamllint + - description: yaml lint + cmd: yamllint . -c .yamllint --no-warnings diff --git a/tasks/publish.yaml b/tasks/publish.yaml new file mode 100644 index 0000000..71bd42f --- /dev/null +++ b/tasks/publish.yaml @@ -0,0 +1,28 @@ +includes: + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.1.2/tasks/publish.yaml + +variables: + - name: TARGET_REPO + default: oci://ghcr.io/defenseunicorns/packages/uds + + - name: VERSION + description: The version of the package to build + # x-release-please-start-version + default: "1.10.1-uds.0" + # x-release-please-end + + - name: FLAVOR + default: "registry1" + +tasks: + - name: package + description: Build and publish the packages + actions: + - description: Create the packages + cmd: | + set -e + ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml postgres-operator --no-progress --set FLAVOR=${FLAVOR} + ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml postgres-operator --no-progress --set FLAVOR=${FLAVOR} + + - description: Publish the packages + task: publish:package diff --git a/tasks/test.yaml b/tasks/test.yaml new file mode 100644 index 0000000..186e5a9 --- /dev/null +++ b/tasks/test.yaml @@ -0,0 +1,14 @@ +tasks: + - name: test + actions: + - description: Test deployment of a postgres instance + cmd: "uds zarf package deploy ../build/zarf-package-postgres-test-* --confirm" + - name: health-check + actions: + - description: Postgresql Cluster Status + wait: + cluster: + kind: Postgresql + name: pg-cluster + namespace: acid + condition: "'{.status.PostgresClusterStatus}'=Running" diff --git a/values/.gitkeep b/values/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/values/registry1-values.yaml b/values/registry1-values.yaml new file mode 100644 index 0000000..4ad6a2d --- /dev/null +++ b/values/registry1-values.yaml @@ -0,0 +1,10 @@ +image: + registry: registry1.dso.mil + repository: ironbank/opensource/zalando/postgres-operator +configConnectionPooler: + connection_pooler_image: "registry1.dso.mil/ironbank/opensource/zalando/pgbouncer:1.21.0" +configLogicalBackup: + logical_backup_docker_image: "registry1.dso.mil/ironbank/opensource/zalando/logical-backup:v1.8.2" +# Note there is not a spilo image in registry1 +configGeneral: + docker_image: "ghcr.io/zalando/spilo-15:3.0-p1" diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml new file mode 100644 index 0000000..13c9999 --- /dev/null +++ b/values/upstream-values.yaml @@ -0,0 +1,9 @@ +image: + registry: registry.opensource.zalan.do + repository: acid/postgres-operator +configConnectionPooler: + connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-27" +configLogicalBackup: + logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.10.1" +configGeneral: + docker_image: "ghcr.io/zalando/spilo-15:3.0-p1" diff --git a/values/values.yaml b/values/values.yaml new file mode 100644 index 0000000..e1d2f6c --- /dev/null +++ b/values/values.yaml @@ -0,0 +1,43 @@ +configGeneral: + # Without enable_lazy_spilo_upgrade set to true the pods will do a rolling upgrade every resync_period. We have + # experienced issues with database corruption when this happens. Deciding instead to do lazy upgrading which means the + # StatefulSet is modified but a rolling update is not automatically triggered. + enable_lazy_spilo_upgrade: true + resync_period: "5m" +configPostgresPodResources: + default_cpu_request: "100m" + default_memory_request: "100Mi" + default_cpu_limit: "500m" + default_memory_limit: "500Mi" + min_cpu_limit: "250m" + min_memory_limit: "250Mi" +configConnectionPooler: + connection_pooler_default_cpu_request: "100m" + connection_pooler_default_cpu_limit: "500m" + connection_pooler_default_memory_request: "100Mi" + connection_pooler_default_memory_limit: "100Mi" +configKubernetes: + spilo_allow_privilege_escalation: false + inherited_labels: + - "sidecar.istio.io/inject" + # If you are specifying a storage class backed by EFS, ensure it is configured with uid: 101, gid: 103 + spilo_runasuser: 101 + spilo_runasgroup: 103 + spilo_fsgroup: 103 + enable_cross_namespace_secret: true +resources: + requests: + cpu: "100m" + memory: "250Mi" + limits: + cpu: "1" + memory: "2000Mi" +securityContext: + runAsUser: 1000 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false +configLogicalBackup: +configUsers: + enable_password_rotation: false # False for now, pepr-bae needed to cycle applications using the creds + password_rotation_interval: 90 diff --git a/version.txt b/version.txt new file mode 100644 index 0000000..d901a09 --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ +1.10.1-uds.0 \ No newline at end of file diff --git a/zarf.yaml b/zarf.yaml index ea0270c..a62e427 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -1,17 +1,56 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json - kind: ZarfPackageConfig metadata: - name: example - description: "Example description" + name: postgres-operator + description: "A deployment of zalando postgres operator" + url: https://github.com/zalando/postgres-operator # x-release-please-start-version - version: "0.0.1" + version: "1.10.1-uds.0" # x-release-please-end - components: - - name: test - actions: - onCreate: - after: - - cmd: echo "What can Doug do for you?" + # CRD lifecycle is managed outside of the main chart to support upgrades + - name: crds + required: true + manifests: + - name: crds + files: + - https://github.com/zalando/postgres-operator/raw/v1.10.1/charts/postgres-operator/crds/operatorconfigurations.yaml + - https://github.com/zalando/postgres-operator/raw/v1.10.1/charts/postgres-operator/crds/postgresqls.yaml + - https://github.com/zalando/postgres-operator/raw/v1.10.1/charts/postgres-operator/crds/postgresteams.yaml + + - name: postgres-operator + required: true + only: + flavor: registry1 + cluster: + architecture: amd64 + import: + path: common + charts: + - name: postgres-operator + valuesFiles: + - ./values/registry1-values.yaml + images: + # Iron Bank + - registry1.dso.mil/ironbank/opensource/zalando/postgres-operator:v1.10.1 + - registry1.dso.mil/ironbank/opensource/zalando/logical-backup:v1.8.2 + - registry1.dso.mil/ironbank/opensource/zalando/pgbouncer:1.21.0 + # Docker image that provides PostgreSQL and Patroni bundled together for PostgreSQL HA + - ghcr.io/zalando/spilo-15:3.0-p1 + + - name: postgres-operator + required: true + only: + flavor: upstream + import: + path: common + charts: + - name: postgres-operator + valuesFiles: + - ./values/upstream-values.yaml + images: + - registry.opensource.zalan.do/acid/postgres-operator:v1.10.1 + - registry.opensource.zalan.do/acid/logical-backup:v1.10.1 + - registry.opensource.zalan.do/acid/pgbouncer:master-27 + # Docker image that provides PostgreSQL and Patroni bundled together for PostgreSQL HA + - ghcr.io/zalando/spilo-15:3.0-p1