Merge branch 'main' into main

cloudnative-pg · Dec 7, 2024 · 04ce7a2 · 04ce7a2
2 parents 878913d + 665396d
commit 04ce7a2
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 2 deletions.
diff --git a/.github/workflows/tests-cluster-chainsaw.yaml b/.github/workflows/tests-cluster-chainsaw.yaml
@@ -29,7 +29,7 @@ jobs:
           helm install prometheus-crds prometheus-community/prometheus-operator-crds
 
       - name: Install Chainsaw
-        uses: kyverno/action-install-chainsaw@d311eacde764f806c9658574ff64c9c3b21f8397 # v0.2.11
+        uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12
         with:
           verify: true
 

diff --git a/charts/cluster/README.md b/charts/cluster/README.md
@@ -180,6 +180,7 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | cluster.priorityClassName | string | `""` |  |
 | cluster.resources | object | `{}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
 | cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
+| cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
 | cluster.storage.size | string | `"8Gi"` |  |
 | cluster.storage.storageClass | string | `""` |  |
 | cluster.superuserSecret | string | `""` |  |

diff --git a/charts/cluster/templates/cluster.yaml b/charts/cluster/templates/cluster.yaml
@@ -28,7 +28,7 @@ spec:
   walStorage:
     size: {{ .Values.cluster.walStorage.size }}
     storageClass: {{ .Values.cluster.walStorage.storageClass }}
-{{- end }}  
+{{- end }}
   {{- with .Values.cluster.resources }}
   resources:
     {{- toYaml . | nindent 4 }}
@@ -51,6 +51,7 @@ spec:
   superuserSecret:
     name: {{ . }}
   {{ end }}
+  enablePDB: {{ .Values.cluster.enablePDB }}
   postgresql:
     shared_preload_libraries:
       {{- if eq .Values.type "timescaledb" }}
@@ -74,6 +75,11 @@ spec:
       {{- toYaml . | nindent 6 }}
     {{ end }}
 
+  {{- with .Values.cluster.serviceAccountTemplate }}
+  serviceAccountTemplate:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+
   monitoring:
     enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
     disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}

diff --git a/...er/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml b/...er/test/postgresql-cluster-configuration/01-non_default_configuration_cluster-assert.yaml
@@ -36,6 +36,7 @@ spec:
   superuserSecret:
     name: supersecret-secret
   enableSuperuserAccess: true
+  enablePDB: false
   certificates:
     serverCASecret: ca-secret
     serverTLSSecret: tls-secret
@@ -80,3 +81,7 @@ spec:
         inRoles:
           - pg_monitor
           - pg_signal_backend
+  serviceAccountTemplate:
+    metadata:
+      annotations:
+        my-annotation: my-service-account
diff --git a/...s/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml b/...s/cluster/test/postgresql-cluster-configuration/01-non_default_configuration_cluster.yaml
@@ -44,6 +44,7 @@ cluster:
     clientCASecret: client-ca-secret
   enableSuperuserAccess: true
   superuserSecret: supersecret-secret
+  enablePDB: false
   roles:
      - name: dante
        ensure: present
@@ -76,6 +77,10 @@ cluster:
     foo: bar
   annotations:
     foo: bar
+  serviceAccountTemplate:
+    metadata:
+      annotations:
+        my-annotation: my-service-account
 
 backups:
   enabled: false
diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json
@@ -288,6 +288,9 @@
                 "roles": {
                     "type": "array"
                 },
+                "serviceAccountTemplate": {
+                    "type": "object"
+                },
                 "storage": {
                     "type": "object",
                     "properties": {

diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml
@@ -201,6 +201,10 @@ cluster:
   enableSuperuserAccess: true
   superuserSecret: ""
 
+  # -- Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes
+  # See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets
+  enablePDB: true
+
   # -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
   # already present in the database.
   # See: https://cloudnative-pg.io/documentation/current/declarative_role_management/
@@ -281,6 +285,9 @@ cluster:
     # postInitApplicationSQL: []
     # postInitTemplateSQL: []
 
+  # -- Configure the metadata of the generated service account
+  serviceAccountTemplate: {}
+
   additionalLabels: {}
   annotations: {}