feat(cluster): Make roles configurable (#247)

Signed-off-by: Guillaume Pothier <gpothier@gmail.com> Co-authored-by: Itay Grudev <itay.grudev@essentim.com>
cloudnative-pg · Apr 20, 2024 · 2728793 · 2728793
1 parent a6fa967
commit 2728793
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 0 deletions.
diff --git a/charts/cluster/README.md b/charts/cluster/README.md
@@ -168,6 +168,7 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
 | cluster.priorityClassName | string | `""` |  |
 | cluster.resources | object | `{}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
+| cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
 | cluster.storage.size | string | `"8Gi"` |  |
 | cluster.storage.storageClass | string | `""` |  |
 | cluster.superuserSecret | string | `""` |  |

diff --git a/charts/cluster/templates/cluster.yaml b/charts/cluster/templates/cluster.yaml
@@ -57,6 +57,12 @@ spec:
       {{- toYaml . | nindent 6 }}
     {{ end }}
 
+  managed:
+    {{- with .Values.cluster.roles }}
+    roles:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+
   monitoring:
     enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
     {{- if not (empty .Values.cluster.monitoring.customQueries) }}

diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json
@@ -242,6 +242,9 @@
                 "resources": {
                     "type": "object"
                 },
+                "roles": {
+                    "type": "array"
+                },
                 "storage": {
                     "type": "object",
                     "properties": {

diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml
@@ -144,6 +144,19 @@ cluster:
   enableSuperuserAccess: true
   superuserSecret: ""
 
+  # -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
+  # already present in the database.
+  # See: https://cloudnative-pg.io/documentation/current/declarative_role_management/
+  roles: []
+    # - name: dante
+    #   ensure: present
+    #   comment: Dante Alighieri
+    #   login: true
+    #   superuser: false
+    #   inRoles:
+    #     - pg_monitor
+    #     - pg_signal_backend
+
   monitoring:
     # -- Whether to enable monitoring
     enabled: false