Update CNPG postgres-operator v1.25.0

[kvaps]

Signed-off-by: Andrei Kvapil kvapss@gmail.com

Summary by CodeRabbit

• New Features

  • Enhanced CloudNativePG Operator configuration with new options for cluster-wide monitoring and namespace control
  • Added support for IP family configuration in service settings
  • Increased flexibility for concurrent reconciliation processes

• Version Updates

  • Upgraded CloudNativePG Operator from version 1.24.0 to 1.25.0
  • Updated Helm chart version from 0.22.0 to 0.23.0

• Configuration Improvements

  • Introduced new options for namespace override and cluster-wide event observation
  • Added maximum concurrent reconciles setting
  • Expanded service networking configuration capabilities

[coderabbitai]

Walkthrough

This pull request introduces significant updates to the CloudNativePG Operator Helm Chart, enhancing its configuration and deployment flexibility. The changes include version upgrades from 1.24.0 to 1.25.0, new configuration options for cluster-wide operations, concurrent reconciliation, namespace overrides, and improved service networking settings. The modifications span multiple configuration files, expanding the chart's capabilities for more granular Kubernetes operator management.

Changes

File	Change Summary
Chart.yaml	- Upgraded appVersion from 1.24.0 to 1.25.0 - Upgraded chart version from 0.22.0 to 0.23.0
README.md	- Updated version information - Added new configuration fields: clusterWide, maxConcurrentReconciles, namespaceOverride - Introduced service.ipFamilies and service.ipFamilyPolicy
templates/*	- Added dynamic namespace handling - Implemented conditional RBAC rules - Enhanced deployment configuration - Added checksum annotations
values.yaml	- Added namespaceOverride - Introduced clusterWide and maxConcurrentReconciles - Added ipFamilyPolicy and ipFamilies
values.schema.json	- Updated schema to include new configuration options

Possibly related PRs

• workloadmonitor #563: Introduces WorkloadMonitor resources, potentially complementing the enhanced workload management capabilities in this PR

Suggested labels

enhancement, size:L

Poem

🐰 Hop, hop, through Kubernetes' maze,
CloudNativePG's chart now blazes new ways!
Clusters wide, reconciles neat,
Namespaces dancing to a flexible beat 🎉
Configuration magic, rabbit's delight! 🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

packages/system/postgres-operator/charts/cloudnative-pg/templates/NOTES.txt (1)

20-20: Consider adding a note about the scope of the command.

The command now lists clusters across all namespaces, which is appropriate for the new cluster-wide capabilities. However, it might be helpful to add a comment explaining this behavior to users.

-kubectl get -A cluster
+# List PostgreSQL clusters across all namespaces
+kubectl get -A cluster

packages/system/postgres-operator/charts/cloudnative-pg/values.schema.json (1)

20-22: Add validation constraints for numeric fields.

While the schema correctly defines the new properties, consider adding validation constraints for maxConcurrentReconciles to ensure reasonable values.

                 "maxConcurrentReconciles": {
-                    "type": "integer"
+                    "type": "integer",
+                    "minimum": 1,
+                    "maximum": 100,
+                    "default": 10
                 },

Also applies to: 29-31, 167-169, 218-223

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 34d6ab0 and 40eb844.

📒 Files selected for processing (12)

• packages/system/postgres-operator/charts/cloudnative-pg/Chart.yaml (2 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/README.md (4 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/templates/NOTES.txt (1 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/templates/_helpers.tpl (2 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/templates/config.yaml (2 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/templates/deployment.yaml (4 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/templates/monitoring-configmap.yaml (1 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/templates/podmonitor.yaml (1 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/templates/rbac.yaml (5 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/templates/service.yaml (2 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/values.schema.json (3 hunks)
• packages/system/postgres-operator/charts/cloudnative-pg/values.yaml (3 hunks)

🧰 Additional context used

🪛 Markdownlint (0.37.0)

packages/system/postgres-operator/charts/cloudnative-pg/README.md

35-35: null
Bare URL used

(MD034, no-bare-urls)

🪛 LanguageTool

packages/system/postgres-operator/charts/cloudnative-pg/README.md

[style] ~72-~72: To form a complete sentence, be sure to include a subject or ‘there’.
Context: ...should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | | service.ipFami...

(MISSING_IT_THERE)

🪛 yamllint (1.35.1)

packages/system/postgres-operator/charts/cloudnative-pg/templates/podmonitor.yaml

[error] 16-16: syntax error: expected the node content, but found '-'

(syntax)

🔇 Additional comments (18)

packages/system/postgres-operator/charts/cloudnative-pg/templates/NOTES.txt (1)

11-13: LGTM! Well-structured conditional namespace specification.

The conditional block correctly implements namespace specification based on the clusterWide configuration, which aligns with the operator's new cluster-wide capabilities.

packages/system/postgres-operator/charts/cloudnative-pg/templates/_helpers.tpl (3)

1-10: Namespace override helper function implemented correctly

The new helper function cloudnative-pg.namespace correctly allows overriding the release namespace, enhancing flexibility for multi-namespace deployments in combined charts.

---

74-271: Common RBAC rules are appropriately defined

The cloudnative-pg.commonRules function defines a comprehensive set of RBAC rules for namespace-scoped operations. The resources and verbs specified align well with the operator's requirements.

---

276-301: Cluster-wide RBAC rules are appropriately defined

The cloudnative-pg.clusterwideRules function specifies necessary cluster-wide permissions, including access to nodes and webhook configurations, which are essential for the operator's cluster-wide functionalities.

packages/system/postgres-operator/charts/cloudnative-pg/Chart.yaml (1)

2-2: Verify the correctness of updated appVersion and chart version

The appVersion has been updated to 1.25.0, and the chart version to 0.23.0. Please verify that these versions correspond to valid and stable releases of the CloudNativePG operator and Helm chart.

Run the following script to confirm the availability of these versions:

Also applies to: 25-25

✅ Verification successful

✓ Version updates are correct and correspond to stable releases

Both the CloudNativePG operator version 1.25.0 and Helm chart version 0.23.0 are verified as valid, stable releases available in their respective official repositories.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the availability of specified versions.

# Confirm CloudNativePG operator release v1.25.0 exists
curl -s https://api.github.com/repos/cloudnative-pg/cloudnative-pg/releases/tags/v1.25.0 | jq '.tag_name'

# Confirm Helm chart version 0.23.0 exists on Artifact Hub
curl -s https://artifacthub.io/api/v1/packages/helm/cloudnative-pg/cloudnative-pg | jq -r '.version' | grep '0\.23\.0'

Length of output: 241

packages/system/postgres-operator/charts/cloudnative-pg/templates/monitoring-configmap.yaml (1)

21-21: Namespace inclusion in ConfigMap metadata is correctly implemented

Adding namespace: {{ include "cloudnative-pg.namespace" . }} ensures the ConfigMap is deployed in the correct namespace, especially when namespaceOverride is used.

packages/system/postgres-operator/charts/cloudnative-pg/templates/service.yaml (1)

21-21: LGTM! Enhanced service configuration capabilities.

The changes appropriately add namespace configuration and flexible IP family settings, improving the service's networking capabilities.

Also applies to: 30-35

packages/system/postgres-operator/charts/cloudnative-pg/templates/config.yaml (1)

22-22: LGTM! Verify the configuration merge behavior.

The changes correctly implement conditional configuration based on cluster-wide deployment mode. The merge operation preserves existing configuration while adding namespace-specific settings when needed.

Also applies to: 30-36, 50-56

✅ Verification successful

✅ Configuration merge behavior verified and correct

The implementation correctly handles both cluster-wide and namespace-scoped configurations:

• Preserves existing configuration when merging WATCH_NAMESPACE
• Consistently applies namespace restrictions across config and deployment
• Properly documented in values.yaml with multi-namespace support

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the configuration merge behavior
# Check for any existing configurations that might conflict with the new merge logic

rg -l 'WATCH_NAMESPACE' --type yaml

Length of output: 752

---

Script:

#!/bin/bash
# Check the specific implementation in relevant files
echo "=== Config Implementation ==="
rg "WATCH_NAMESPACE" packages/system/postgres-operator/charts/cloudnative-pg/templates/config.yaml -B 2 -A 2

echo -e "\n=== Deployment Implementation ==="
rg "WATCH_NAMESPACE" packages/system/postgres-operator/charts/cloudnative-pg/templates/deployment.yaml -B 2 -A 2

echo -e "\n=== Values Configuration ==="
cat packages/system/postgres-operator/charts/cloudnative-pg/values.yaml | grep -A 5 -B 5 "WATCH_NAMESPACE\|clusterWide"

Length of output: 2143

packages/system/postgres-operator/charts/cloudnative-pg/templates/rbac.yaml (1)

22-22: LGTM! Enhanced RBAC configuration with proper scope separation.

The changes correctly implement:

1. Proper RBAC separation for cluster-wide vs namespace-scoped deployments
2. Addition of new resources to view/edit roles
3. Appropriate namespace-specific role bindings

Also applies to: 44-51, 71-112, 131-135, 157-161

✅ Verification successful

RBAC changes verified - proper implementation of namespace scoping and resource access

The changes correctly implement:

1. Proper namespace scoping through template variables
2. Separation of cluster-wide vs namespace-scoped permissions
3. Least-privilege access for new resources (databases, publications, subscriptions)
4. Correct RBAC aggregation for admin/edit/view roles

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify RBAC changes don't introduce over-privileged access
# Check for any existing cluster roles that might conflict

# Check for existing cluster roles
rg -A 5 'kind:\s+ClusterRole' --type yaml

# Check for references to the new resources
rg -A 3 'databases|publications|subscriptions' --type yaml

Length of output: 67099

---

Script:

#!/bin/bash
# Examine RBAC rules in cloudnative-pg operator's rbac.yaml
cat packages/system/postgres-operator/charts/cloudnative-pg/templates/rbac.yaml

# Also check for any Role (namespace-scoped) definitions
rg -A 5 'kind:\s+Role\s*$' --type yaml packages/system/postgres-operator/charts/cloudnative-pg/templates/rbac.yaml

Length of output: 5210

packages/system/postgres-operator/charts/cloudnative-pg/templates/deployment.yaml (1)

21-21: LGTM! Enhanced deployment configuration with proper change detection.

The changes add:

1. Configuration checksums for proper pod updates
2. Concurrent reconciliation control
3. Proper namespace scoping

Also applies to: 36-38, 62-62, 85-88

✅ Verification successful

Configuration parameters are properly implemented and aligned with operator patterns

The max-concurrent-reconciles value of 10 and namespace-scoped watching are consistent with other operators in the system, following established patterns for Kubernetes operators.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the impact of max-concurrent-reconciles parameter
# Check for any existing reconciliation configurations

# Check for existing reconciliation settings
rg -A 3 'concurrent.*reconcile' --type yaml

# Check for existing namespace configurations
rg -A 3 'WATCH_NAMESPACE' --type yaml

Length of output: 8561

packages/system/postgres-operator/charts/cloudnative-pg/README.md (3)

3-3: Version updates look good.

The version updates align with the changes in Chart.yaml:

• Chart version: 0.22.0 → 0.23.0
• App version: 1.24.0 → 1.25.0

---

33-36: New configuration options enhance operator flexibility.

The new configuration options provide better control over the operator's behavior:

• config.clusterWide: Controls cluster-wide vs namespace-scoped operation
• config.maxConcurrentReconciles: Controls concurrent reconciliation limit

🧰 Tools

🪛 Markdownlint (0.37.0)

35-35: null
Bare URL used

(MD034, no-bare-urls)

---

72-73: Verify dual-stack configuration documentation.

The documentation for dual-stack configuration should include examples of valid values for ipFamilies and ipFamilyPolicy.

Consider adding examples like:

 | service.ipFamilyPolicy | string | `""` | Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) |
+| | | | Example values: SingleStack, PreferDualStack, RequireDualStack |
 | service.ipFamilies | list | `[]` | Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. |
+| | | | Example values: ["IPv4"], ["IPv6"], ["IPv4", "IPv6"], ["IPv6", "IPv4"] |

✅ Verification successful

Documentation examples would improve clarity and usability

The suggested examples are accurate and would be valuable additions to the documentation. The values match the Kubernetes implementation as verified in the CRDs, and currently, there are no examples in the documentation to guide users.

🏁 Scripts executed

The following scripts were executed for the analysis:

Error: No shell scripts found

---

Script:

#!/bin/bash
# Search for documentation and configuration files
echo "=== Searching for relevant documentation files ==="
fd -e md -e yaml . packages/system/postgres-operator/charts/cloudnative-pg/

echo -e "\n=== Searching for ipFamilies and ipFamilyPolicy mentions ==="
rg -i "ipfamil(y|ies)" packages/system/postgres-operator/charts/cloudnative-pg/ -A 2 -B 2

echo -e "\n=== Checking values.yaml for default configurations ==="
cat packages/system/postgres-operator/charts/cloudnative-pg/values.yaml | grep -A 5 -B 5 "ipFamil"

Length of output: 18417

🧰 Tools

🪛 LanguageTool

[style] ~72-~72: To form a complete sentence, be sure to include a subject or ‘there’.
Context: ...should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | | service.ipFami...

(MISSING_IT_THERE)

packages/system/postgres-operator/charts/cloudnative-pg/values.yaml (3)

31-31: LGTM: Namespace override option added.

The namespaceOverride option provides flexibility in deployment namespace configuration.

---

54-74: Operator configuration enhancements look good.

The operator configuration section has been enhanced with:

• Clear documentation for cluster-wide operation
• Configurable concurrent reconciliation limit
• Well-structured comments explaining each option

---

136-139: Service networking configuration looks good.

The service configuration has been enhanced with dual-stack support:

• ipFamilyPolicy for dual-stack configuration
• ipFamilies for IP family order preference

packages/system/postgres-operator/charts/cloudnative-pg/templates/podmonitor.yaml (2)

1-15: LGTM: Copyright notice added.

The Apache 2.0 license header has been properly added to the file.

---

21-21: LGTM: Dynamic namespace configuration.

The namespace is correctly set using the cloudnative-pg.namespace template function.