Merge pull request #841 from MetaCell/feature/CH-256-postgres-operator

CH-256 feat: add PostgreSQL operator support

Author: filippomc

.devcontainer/.env.example

@@ -0,0 +1,12 @@
+# Dev container user configuration
+# Copy this file to .env and customize as needed
+# These values will bind the container user to your host user for seamless file sharing
+
+# Your username (defaults to 'devuser' if not set)
+USERNAME=${USER}
+
+# Your user ID (run 'id -u' on host to get this)
+USER_UID=1000
+
+# Your group ID (run 'id -g' on host to get this)
+USER_GID=1000

.devcontainer/.gitignore

@@ -0,0 +1 @@
+home

deployment-configuration/helm/templates/auto-database-postgres-operator.yaml

@@ -0,0 +1,86 @@
+{{- define "deploy_utils.database.postgres.operator" }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-credentials" .app.harness.database.name | quote }}
+  namespace: {{ .root.Values.namespace }}
+  labels:
+    app: {{ .app.harness.database.name | quote }}
+{{ include "deploy_utils.labels" .root | indent 4 }}
+type: kubernetes.io/basic-auth
+stringData:
+  username: {{ .app.harness.database.user | quote }}
+  password: {{ .app.harness.database.pass | quote }}
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ .app.harness.database.name | quote }}
+  namespace: {{ .root.Values.namespace }}
+  labels:
+    app: {{ .app.harness.database.name | quote }}
+{{ include "deploy_utils.labels" .root | indent 4 }}
+spec:
+  instances: {{ .app.harness.database.postgres.instances | default 1 }}
+
+  inheritedMetadata:
+    labels:
+      app: {{ .app.harness.database.name | quote }}
+      service: db
+
+  bootstrap:
+    initdb:
+      database: {{ .app.harness.database.postgres.initialdb | quote }}
+      owner: {{ .app.harness.database.user | quote }}
+      secret:
+        name: {{ printf "%s-credentials" .app.harness.database.name | quote }}
+
+  storage:
+    size: {{ .app.harness.database.size }}
+
+  {{- with .app.harness.database.resources }}
+  resources:
+    {{- with .requests }}
+    requests:
+      {{- with .memory }}
+      memory: {{ . | quote }}
+      {{- end }}
+      {{- with .cpu }}
+      cpu: {{ . | quote }}
+      {{- end }}
+    {{- end }}
+    {{- with .limits }}
+    limits:
+      {{- with .memory }}
+      memory: {{ . | quote }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+
+  {{- if .app.harness.database.image_ref }}
+  imageName: {{ index (index .app "task-images") .app.harness.database.image_ref | default ("Image ref not found!" | quote) }}
+  {{- else if .app.harness.database.postgres.image }}
+  imageName: {{ .app.harness.database.postgres.image | quote }}
+  {{- end }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .app.harness.database.name | quote }}
+  namespace: {{ .root.Values.namespace }}
+  labels:
+    app: {{ .app.harness.deployment.name | quote }}
+{{ include "deploy_utils.labels" .root | indent 4 }}
+spec:
+  type: {{ if .app.harness.database.expose }}LoadBalancer{{ else }}ClusterIP{{ end }}
+  selector:
+    app: {{ .app.harness.database.name | quote }}
+    cnpg.io/instanceRole: primary
+  ports:
+  {{- range $port := .app.harness.database.postgres.ports }}
+  - name: {{ $port.name }}
+    port: {{ $port.port }}
+    targetPort: 5432
+  {{- end }}
+{{- end }}

deployment-configuration/helm/templates/auto-database.yaml

@@ -14,6 +14,9 @@ spec:
 ---
 {{- end }}
 {{- define "deploy_utils.database" }}
+{{- if and (eq .app.harness.database.type "postgres") .app.harness.database.postgres.operator }}
+{{- include "deploy_utils.database.postgres.operator" . }}
+{{- else }}
 ---
 kind: PersistentVolumeClaim
 apiVersion: v1
@@ -105,6 +108,7 @@ spec:
   - name: {{ $port.name }}
     port: {{ $port.port }}
   {{- end }}
+{{- end }}
 ---
 {{- include "deploy_utils.database_network_policy" (dict "root" .root "app" .app) }}
 {{ end }}

deployment-configuration/helm/templates/auto-network-policies.yaml

@@ -117,6 +117,38 @@ spec:
           protocol: UDP
         - port: 53
           protocol: TCP
+    {{- if and (eq .app.harness.database.type "postgres") .app.harness.database.postgres.operator }}
+    # Allow CNPG pods to reach the Kubernetes API server
+    {{- $apiCidrs := list }}
+    {{- $kubeSvc := (lookup "v1" "Service" "default" "kubernetes") }}
+    {{- $kubeEp := (lookup "v1" "Endpoints" "default" "kubernetes") }}
+    {{- if $kubeSvc }}
+      {{- if $kubeSvc.spec }}
+        {{- if $kubeSvc.spec.clusterIP }}
+          {{- $apiCidrs = append $apiCidrs (printf "%s/32" $kubeSvc.spec.clusterIP) }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+    {{- if and $kubeEp $kubeEp.subsets }}
+      {{- range $subset := $kubeEp.subsets }}
+        {{- range $addr := $subset.addresses }}
+          {{- $apiCidrs = append $apiCidrs (printf "%s/32" $addr.ip) }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+    {{- /* Fall back to configured CIDRs when lookup returns nothing (e.g. helm template) */ -}}
+    {{- if not $apiCidrs }}
+      {{- $apiCidrs = .app.harness.database.postgres.apiServerCidr }}
+    {{- end }}
+    {{- range $cidr := $apiCidrs }}
+    - to:
+        - ipBlock:
+            cidr: {{ $cidr }}
+      ports:
+        - port: 443
+          protocol: TCP
+    {{- end }}
+    {{- end }}
     {{- range $ns := $allowedNamespaces }}
     # Allow traffic to whitelisted namespace
     - to:

deployment-configuration/helm/values.yaml

@@ -14,9 +14,9 @@ registry:
   # -- Optional secret used for pulling from docker registry.
   secret:
     # -- Secret name used for pulling from docker registry.
-    name:
+    name: e
     # -- Value of the secret used for pulling from docker registry in json encoded format.
-    value:
+    value: sd
 # -- Docker tag used to pull images.
 tag: latest
 # -- List of applications.

deployment-configuration/value-template.yaml

@@ -95,8 +95,15 @@ harness:
           port: 27017
     # -- settings for postgers database (for type==postgres)
     postgres:
-      image: postgres:13
+      image:
       initialdb: cloudharness
+      # -- Use the CloudNative-PG operator instead of a plain Deployment. Requires the CNPG operator to be installed in the cluster.
+      operator: false
+      # -- Number of PostgreSQL instances managed by the CNPG operator (only used when operator is true)
+      instances: 1
+      # -- CIDR(s) allowed for CNPG pods to reach the Kubernetes API server (port 443).
+      # -- Resolved automatically at deploy time via cluster lookup. Set explicitly only as a fallback for helm-template or air-gapped use.
+      apiServerCidr: []
       ports:
         - name: http
           port: 5432