feat(cortex-postgres): add suffix gX to postgresql

Tiltfile

@@ -196,7 +196,7 @@ k8s_yaml(helm('./helm/bundles/cortex-crds', name='cortex-crds', set=crd_extra_va
 if 'nova' in ACTIVE_DEPLOYMENTS:
     print("Activating Cortex Nova bundle")
     k8s_yaml(helm('./helm/bundles/cortex-nova', name='cortex-nova', values=tilt_values, set=env_set_overrides))
-    k8s_resource('cortex-nova-postgresql-v18', labels=['Cortex-Nova'], port_forwards=[
+    k8s_resource('cortex-nova-postgresql-v18-g0', labels=['Cortex-Nova'], port_forwards=[
         port_forward(8000, 5432),
     ])
     k8s_resource('cortex-nova-scheduling-controller-manager', labels=['Cortex-Nova'], port_forwards=[
@@ -221,7 +221,7 @@ if 'nova' in ACTIVE_DEPLOYMENTS:
 if 'manila' in ACTIVE_DEPLOYMENTS:
     print("Activating Cortex Manila bundle")
     k8s_yaml(helm('./helm/bundles/cortex-manila', name='cortex-manila', values=tilt_values, set=env_set_overrides))
-    k8s_resource('cortex-manila-postgresql-v18', labels=['Cortex-Manila'], port_forwards=[
+    k8s_resource('cortex-manila-postgresql-v18-g0', labels=['Cortex-Manila'], port_forwards=[
         port_forward(8002, 5432),
     ])
     k8s_resource('cortex-manila-scheduling-controller-manager', labels=['Cortex-Manila'], port_forwards=[
@@ -238,7 +238,7 @@ if 'manila' in ACTIVE_DEPLOYMENTS:
 
 if 'cinder' in ACTIVE_DEPLOYMENTS:
     k8s_yaml(helm('./helm/bundles/cortex-cinder', name='cortex-cinder', values=tilt_values, set=env_set_overrides))
-    k8s_resource('cortex-cinder-postgresql-v18', labels=['Cortex-Cinder'], port_forwards=[
+    k8s_resource('cortex-cinder-postgresql-v18-g0', labels=['Cortex-Cinder'], port_forwards=[
         port_forward(8004, 5432),
     ])
     k8s_resource('cortex-cinder-scheduling-controller-manager', labels=['Cortex-Cinder'], port_forwards=[

helm/bundles/cortex-cinder/templates/secrets.yaml

@@ -4,7 +4,7 @@ kind: Secret
 metadata:
   name: cortex-cinder-postgres
 data:
-  host: {{ printf "%s-v%s" (index .Values "cortex-postgres" "fullnameOverride") (index .Values "cortex-postgres" "major") | b64enc | quote }}
+  host: {{ printf "%s-v%s-%s" (index .Values "cortex-postgres" "fullnameOverride") (index .Values "cortex-postgres" "major") (index .Values "cortex-postgres" "instanceSuffix") | b64enc | quote }}
   user: {{ .Values.postgres.user | b64enc | quote }}
   password: {{ .Values.postgres.password | b64enc | quote }}
   database: {{ .Values.postgres.database | b64enc | quote }}

helm/bundles/cortex-cinder/values.yaml

@@ -38,7 +38,7 @@ sharedSSOCert: &sharedSSOCert
   selfSigned: "false"
 
 postgres:
-  host: cortex-cinder-postgresql-v18
+  host: cortex-cinder-postgresql-v18-g0
   user: postgres
   password: secret
   database: postgres

helm/bundles/cortex-manila/templates/secrets.yaml

@@ -4,7 +4,7 @@ kind: Secret
 metadata:
   name: cortex-manila-postgres
 data:
-  host: {{ printf "%s-v%s" (index .Values "cortex-postgres" "fullnameOverride") (index .Values "cortex-postgres" "major") | b64enc | quote }}
+  host: {{ printf "%s-v%s-%s" (index .Values "cortex-postgres" "fullnameOverride") (index .Values "cortex-postgres" "major") (index .Values "cortex-postgres" "instanceSuffix") | b64enc | quote }}
   user: {{ .Values.postgres.user | b64enc | quote }}
   password: {{ .Values.postgres.password | b64enc | quote }}
   database: {{ .Values.postgres.database | b64enc | quote }}

helm/bundles/cortex-manila/values.yaml

@@ -38,7 +38,7 @@ sharedSSOCert: &sharedSSOCert
   selfSigned: "false"
 
 postgres:
-  host: cortex-manila-postgresql-v18
+  host: cortex-manila-postgresql-v18-g0
   user: postgres
   password: secret
   database: postgres

helm/bundles/cortex-nova/templates/secrets.yaml

@@ -4,7 +4,7 @@ kind: Secret
 metadata:
   name: cortex-nova-postgres
 data:
-  host: {{ printf "%s-v%s" (index .Values "cortex-postgres" "fullnameOverride") (index .Values "cortex-postgres" "major") | b64enc | quote }}
+  host: {{ printf "%s-v%s-%s" (index .Values "cortex-postgres" "fullnameOverride") (index .Values "cortex-postgres" "major") (index .Values "cortex-postgres" "instanceSuffix") | b64enc | quote }}
   user: {{ .Values.postgres.user | b64enc | quote }}
   password: {{ .Values.postgres.password | b64enc | quote }}
   database: {{ .Values.postgres.database | b64enc | quote }}

helm/bundles/cortex-nova/values.yaml

@@ -43,7 +43,7 @@ sharedSSOCert: &sharedSSOCert
   selfSigned: "false"
 
 postgres:
-  host: cortex-nova-postgresql-v18
+  host: cortex-nova-postgresql-v18-g0
   user: postgres
   password: secret
   database: postgres

helm/library/cortex-postgres/templates/_helpers.tpl

@@ -65,11 +65,13 @@ Create the name of the service account to use
 {{- end }}
 
 {{/*
-Versioned fully qualified app name (appends -v<major> to the fullname).
+Versioned fully qualified app name (appends -v<major>-<instanceSuffix> to the fullname).
+The instanceSuffix is a rotation token: bumping it forces a new StatefulSet and PVC
+to be provisioned, which re-runs initdb with the (rotated) POSTGRES_PASSWORD.
 Truncates the base name to leave room for the suffix within the 63-char DNS limit.
 */}}
 {{- define "cortex-postgres.versionedFullname" -}}
-{{- $suffix := printf "-v%s" .Values.major -}}
+{{- $suffix := printf "-v%s-%s" .Values.major .Values.instanceSuffix -}}
 {{- $base := include "cortex-postgres.fullname" . -}}
 {{- printf "%s%s" ($base | trunc (int (sub 63 (len $suffix)))) $suffix | trimSuffix "-" }}
 {{- end }}

helm/library/cortex-postgres/templates/service.yaml

@@ -17,3 +17,4 @@ spec:
   selector:
     {{- include "cortex-postgres.selectorLabels" . | nindent 4 }}
     app.kubernetes.io/pg-major: {{ .Values.major | quote }}
+    app.kubernetes.io/instance-suffix: {{ .Values.instanceSuffix | quote }}

helm/library/cortex-postgres/templates/statefulset.yaml

@@ -13,13 +13,15 @@ spec:
     matchLabels:
       {{- include "cortex-postgres.selectorLabels" . | nindent 6 }}
       app.kubernetes.io/pg-major: {{ .Values.major | quote }}
+      app.kubernetes.io/instance-suffix: {{ .Values.instanceSuffix | quote }}
   serviceName: {{ include "cortex-postgres.versionedFullname" . }}
   template:
     metadata:
       labels:
         app: {{ include "cortex-postgres.versionedFullname" . }}
         {{- include "cortex-postgres.labels" . | nindent 8 }}
         app.kubernetes.io/pg-major: {{ .Values.major | quote }}
+        app.kubernetes.io/instance-suffix: {{ .Values.instanceSuffix | quote }}
     spec:
       terminationGracePeriodSeconds: 10
       containers:

helm/library/cortex-postgres/values.yaml

@@ -5,6 +5,13 @@ fullnameOverride: cortex-postgresql
 
 major: "18"
 
+# Rotation token (generation). Bump to g1, g2, ... to provision a fresh
+# StatefulSet + PVC, which causes initdb to run again and apply the (rotated)
+# POSTGRES_PASSWORD from vault. The "g" prefix keeps the suffix visually
+# distinct from the trailing StatefulSet pod ordinal (e.g. -g0-0 vs -0-0).
+# The Postgres major version is independent and lives in `major` above.
+instanceSuffix: "g0"
+
 image:
   repository: ghcr.io/cobaltcore-dev/cortex-postgres
   pullPolicy: IfNotPresent