Cloud native postgres

charts/cnpg/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+description: Cloud Native Postgres
+name: cnpg
+version: 0.1.0
+appVersion: 0.1.0
+maintainers:
+  - name: Developer
+    email: dev@opsta.in.th

charts/cnpg/templates/cluster.yaml

@@ -0,0 +1,69 @@
+{{- if .Values.enabled }}
+#{{- $cnpg := .Values.cnpg -}}
+{{- $backup := .Values.backup -}}
+{{- $bos := $backup.barmanObjectStore -}}
+{{- $s3 := $bos.s3Credentials -}}
+{{- $defaultS3Secret := printf "%s-cnpg-s3-creds" .Release.Name | trunc 63 | trimSuffix "-" -}}
+
+
+{{- $s3SecretName := $defaultS3Secret -}}
+
+{{- if and $backup.enabled (not $s3SecretName) -}}
+{{- fail "backup.enabled=true but S3 secret name resolved empty (unexpected)" -}}
+{{ end }}
+
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ printf "%s-cnpg" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+spec:
+  imageName: {{ .Values.cluster.imageName | quote }}
+  instances: {{ .Values.cluster.instances }}
+
+  {{- if .Values.superuser.enabled }}
+  enableSuperuserAccess: true
+  superuserSecret:
+    name: {{ printf "%s-cnpg-superuser-secret" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+  {{ end }}
+
+  {{- with .Values.cluster.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+
+  storage:
+    size: {{ .Values.cluster.storage.size | quote }}
+    storageClass: {{ .Values.cluster.storage.storageClass | quote }}
+
+  walStorage:
+    size: {{ .Values.cluster.walStorage.size | quote }}
+    storageClass: {{ .Values.cluster.walStorage.storageClass | quote }}
+
+  {{- if $backup.enabled }}
+  backup:
+    retentionPolicy: {{ $backup.retentionPolicy | quote }}
+    barmanObjectStore:
+      serverName: {{ printf "%s-cnpg-backup" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+      destinationPath: {{ $bos.destinationPath | quote }}
+      endpointURL: {{ $bos.endpointURL | quote }}
+      s3Credentials:
+        accessKeyId:
+          name: {{ $s3SecretName | quote }}
+          key: {{ default "S3_ACCESS_KEY" $s3.accessKeyKey | quote }}
+        secretAccessKey:
+          name: {{ $s3SecretName | quote }}
+          key: {{ default "S3_SECRET_KEY" $s3.secretKeyKey | quote }}
+      data:
+        compression: {{ $bos.compression.data | quote }}
+      wal:
+        compression: {{ $bos.compression.wal | quote }}
+  {{ end }}
+
+  {{- if .Values.bootstrap.enabled }}
+  bootstrap:
+    initdb:
+      {{- toYaml .Values.bootstrap.initdb | nindent 6 }}
+      secret:
+        name: {{ printf "%s-cnpg-app-creds" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+  {{ end }}
+{{ end }}

charts/cnpg/templates/scheduled-backup.yaml

@@ -0,0 +1,13 @@
+{{- if and .Values.enabled .Values.scheduledBackup.enabled }}
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: {{ printf "%s-scheduled-backup" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+spec:
+  schedule: {{ .Values.scheduledBackup.schedule | quote }}
+  backupOwnerReference: {{ .Values.scheduledBackup.backupOwnerReference | quote }}
+  cluster:
+    name: {{ printf "%s-cnpg" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+  immediate: {{ .Values.scheduledBackup.immediate }}
+{{- end }}
+

charts/cnpg/templates/secret-admin-postgres.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.enabled .Values.superuser.enabled }}
+{{- $secretName := printf "%s-cnpg-superuser-secret" .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- $existing := lookup "v1" "Secret" .Release.Namespace $secretName }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName | quote }}
+type: {{ default "kubernetes.io/basic-auth" }}
+stringData:
+  username: postgres
+  password: {{- if .Values.superuser.password }}
+    {{ .Values.superuser.password | quote }}
+  {{- else if $existing }}
+    {{ index $existing.data "password" | b64dec | quote }}
+  {{- else }}
+    {{ randAlphaNum 32 | quote }}
+  {{- end }}
+{{- end }}

charts/cnpg/templates/secret-postgres.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.enabled .Values.postgresAuth.create }}
+{{- $secretName := printf "%s-cnpg-app-creds" .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- $existing := lookup "v1" "Secret" .Release.Namespace $secretName }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName | quote }}
+type: {{ .Values.postgresAuth.type | default "kubernetes.io/basic-auth" }}
+stringData:
+  username: {{ .Values.postgresAuth.username | quote }}
+  password: {{- if .Values.postgresAuth.password }}
+    {{ .Values.postgresAuth.password | quote }}
+  {{- else if $existing }}
+    {{ index $existing.data "password" | b64dec | quote }}
+  {{- else }}
+    {{ randAlphaNum 32 | quote }}
+  {{- end }}
+{{- end }}

charts/cnpg/templates/secret-s3.yaml

@@ -0,0 +1,11 @@
+{{- $s3 := .Values.backup.barmanObjectStore.s3Credentials -}}
+{{- if and .Values.enabled .Values.backup.enabled ($s3.create) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-cnpg-s3-creds" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+type: Opaque
+stringData:
+  {{ default "S3_ACCESS_KEY" $s3.accessKeyKey }}: {{ required "accessKeyValue required when create=true" $s3.accessKeyValue | quote }}
+  {{ default "S3_SECRET_KEY" $s3.secretKeyKey }}: {{ required "secretKeyValue required when create=true" $s3.secretKeyValue | quote }}
+{{- end }}

charts/cnpg/values.yaml

@@ -0,0 +1,53 @@
+enabled: true
+
+superuser:
+  enabled: true
+
+cluster:
+  imageName: ghcr.io/cloudnative-pg/postgresql:16.8-13-bullseye
+  instances: 3
+  storage:
+    size: 5Gi
+    storageClass: standard
+  walStorage:
+    size: 2Gi
+    storageClass: standard
+  resources:
+    requests:
+      cpu: "500m"
+      memory: "1Gi"
+    limits:
+      cpu: "2"
+      memory: "4Gi"
+
+postgresAuth:
+  create: true
+  username: 
+  password: 
+
+backup:
+  enabled: true
+  retentionPolicy: "7d"
+  barmanObjectStore:
+    destinationPath: s3://postgres-backups/
+    endpointURL: https://opsta.in.th/buckets/
+    s3Credentials:
+      create: false
+      accessKeyValue: 
+      secretKeyValue: 
+    compression:
+      data: gzip
+      wal: gzip
+
+scheduledBackup:
+  enabled: true
+  schedule: "0 0 * * *"
+  backupOwnerReference: self
+  immediate: true
+
+bootstrap:
+  enabled: true
+  initdb: 
+    database: cnpg
+    owner: cnpg
+

charts/onechart/Chart.lock

@@ -2,5 +2,8 @@ dependencies:
 - name: common
   repository: file://../common
   version: 0.9.0
-digest: sha256:c691781bff5490003ec6b84de1a1f71ab89d193325e5f5fe1c83b8c1398e2273
-generated: "2026-02-09T14:47:43.892718793+07:00"
+- name: cnpg
+  repository: file://../cnpg
+  version: 0.1.0
+digest: sha256:31c485857050d6ca5163882dcea296372d4b86d751ba56579102dde793cbeddd
+generated: "2026-03-27T17:18:51.484489+07:00"

charts/onechart/Chart.yaml

@@ -21,3 +21,7 @@ dependencies:
   - name: common
     version: 0.9.0
     repository: file://../common
+
+  - name: cnpg
+    version: 0.1.0
+    repository: file://../cnpg

values.yaml

@@ -30,3 +30,31 @@ probe:
 
 podSpec:
   hostNetwork: true
+
+cnpg:
+  enabled: false
+
+  cluster:
+    instances: 3
+    storage:
+      size: 5Gi
+      storageClass: external-nfs
+    walStorage:
+      size: 2Gi
+      storageClass: external-nfs
+
+  postgresAuth:
+    username: 
+    password: 
+
+  backup:
+    retentionPolicy: "7d"
+    barmanObjectStore:
+      endpointURL: https://seaweedfs-admin.mea-poc.opsta.in.th/buckets/
+      s3Credentials:
+        accessKeyValue: 
+        secretKeyValue: 
+  bootstrap:
+    initdb: 
+      database: cnpg
+      owner: cnpg