@@ -277,6 +277,15 @@ type ClusterSpec struct {
277277 // +optional
278278 PostgresConfiguration PostgresConfiguration `json:"postgresql,omitempty"`
279279
280+ // PodSelectorRefs defines named pod label selectors that can be referenced
281+ // in pg_hba rules using the ${podselector:NAME} syntax in the address field.
282+ // The operator resolves matching pod IPs and the instance manager expands
283+ // pg_hba lines accordingly. Only pods in the Cluster's own namespace are considered.
284+ // +optional
285+ // +listType=map
286+ // +listMapKey=name
287+ PodSelectorRefs []PodSelectorRef `json:"podSelectorRefs,omitempty"`
288+
280289 // Replication slots management configuration
281290 // +kubebuilder:default:={"highAvailability":{"enabled":true}}
282291 // +optional
@@ -842,6 +851,13 @@ type ClusterStatus struct {
842851 // +optional
843852 TablespacesStatus []TablespaceState `json:"tablespacesStatus,omitempty"`
844853
854+ // PodSelectorRefs contains the resolved pod IPs for each named selector
855+ // defined in spec.podSelectorRefs.
856+ // +optional
857+ // +listType=map
858+ // +listMapKey=name
859+ PodSelectorRefs []PodSelectorRefStatus `json:"podSelectorRefs,omitempty"`
860+
845861 // The timeline of the Postgres cluster
846862 // +optional
847863 TimelineID int `json:"timelineID,omitempty"`
@@ -1421,6 +1437,33 @@ type SynchronousReplicaConfiguration struct {
14211437 FailoverQuorum bool `json:"failoverQuorum"`
14221438}
14231439
1440+ // PodSelectorRef defines a named pod label selector for use in pg_hba rules.
1441+ // Pods matching the selector in the Cluster's namespace will have their IPs
1442+ // resolved and made available for pg_hba address expansion via the
1443+ // ${podselector:NAME} syntax.
1444+ type PodSelectorRef struct {
1445+ // Name is the identifier used to reference this selector in pg_hba rules
1446+ // via the ${podselector:NAME} syntax in the address field.
1447+ // +kubebuilder:validation:MinLength=1
1448+ // +kubebuilder:validation:Pattern=`^[a-z]([a-z0-9_-]*[a-z0-9])?$`
1449+ Name string `json:"name"`
1450+
1451+ // Selector is a label selector that identifies the pods whose IPs
1452+ // should be resolved. Only pods in the Cluster's namespace are considered.
1453+ Selector metav1.LabelSelector `json:"selector"`
1454+ }
1455+
1456+ // PodSelectorRefStatus contains the resolved pod IPs for a named selector.
1457+ type PodSelectorRefStatus struct {
1458+ // Name corresponds to the name in the spec's PodSelectorRef.
1459+ Name string `json:"name"`
1460+
1461+ // IPs is the list of pod IPs matching the selector.
1462+ // Each IP is a single address (no CIDR notation).
1463+ // +optional
1464+ IPs []string `json:"ips,omitempty"`
1465+ }
1466+
14241467// PostgresConfiguration defines the PostgreSQL configuration
14251468type PostgresConfiguration struct {
14261469 // PostgreSQL configuration options (postgresql.conf)
@@ -1432,7 +1475,9 @@ type PostgresConfiguration struct {
14321475 Synchronous * SynchronousReplicaConfiguration `json:"synchronous,omitempty"`
14331476
14341477 // PostgreSQL Host Based Authentication rules (lines to be appended
1435- // to the pg_hba.conf file)
1478+ // to the pg_hba.conf file).
1479+ // Use the ${podselector:NAME} syntax to reference a pod selector;
1480+ // the rule will be expanded for each Pod IP matching that selector.
14361481 // +optional
14371482 PgHBA []string `json:"pg_hba,omitempty"`
14381483
0 commit comments