feat: align several changes with PG4K chart (#180)

Signed-off-by: Tao Li <[email protected]>

charts/edb-postgres-distributed-for-kubernetes/README.md

@@ -31,6 +31,7 @@ EDB Postgres Distributed for Kubernetes Helm Chart
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | additionalArgs | list | `[]` | Additional arguments to be added to the operator's args list |
+| additionalEnv | list | `[]` | Array containing extra environment variables which can be templated. For example:  - name: RELEASE_NAME    value: "{{ .Release.Name }}"  - name: MY_VAR    value: "mySpecialKey" |
 | affinity | object | `{}` | Affinity for the operator to be installed |
 | cert-manager.enabled | bool | `true` |  |
 | cert-manager.installCRDs | bool | `true` |  |
@@ -43,16 +44,16 @@ EDB Postgres Distributed for Kubernetes Helm Chart
 | config.secret | bool | `false` | Specifies whether it should be stored in a secret, instead of a configmap |
 | containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":10001,"runAsUser":10001}` | Container Security Context |
 | crds.create | bool | `true` |  |
+| dnsPolicy | string | `""` |  |
 | edb-postgres-for-kubernetes-lts.crds.create | bool | `true` |  |
 | edb-postgres-for-kubernetes-lts.enabled | bool | `true` |  |
 | edb-postgres-for-kubernetes-lts.image.repository | string | `""` |  |
 | fullnameOverride | string | `""` |  |
 | global | object | `{"repository":"docker.enterprisedb.com/k8s_enterprise_pgd"}` | Global values |
-| global.repository | string | `"docker.enterprisedb.com/k8s_enterprise_pgd"` | Specifies the repository where the operator image to be downloaded from. Another repository is: docker.enterprisedb.com/k8s_standard_pgd |
 | global.pgdImageName | string | `"postgresql-pgd:16.4-5.5.1-1"` | Specifies the name of pgd image to be used for the operator, this image will be downloaded from
-global repository |
 | global.proxyImageName | string | `"edb-pgd-proxy:5.5.0"` | Specifies the name of pgd-proxy image to be used for the operator, this image will be downloaded from
-global repository |
+| global.repository | string | `"docker.enterprisedb.com/k8s_enterprise_pgd"` | Specifies the repository where the operator image to be downloaded from. Another repository is: docker.enterprisedb.com/k8s_standard_pgd |
+| hostNetwork | bool | `false` |  |
 | image.imageCredentials.create | bool | `true` | Specifies if an imagePullSecret should be created |
 | image.imageCredentials.name | string | `"edb-pull-secret"` |  |
 | image.imageCredentials.password | string | `""` |  |
@@ -71,8 +72,10 @@ global repository |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` | Nodeselector for the operator to be installed |
 | podAnnotations | object | `{}` | Annotations to be added to the pod |
+| podLabels | object | `{}` | Labels to be added to the pod |
 | podSecurityContext | object | `{"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context for the whole pod |
 | priorityClassName | string | `""` | Priority indicates the importance of a Pod relative to other Pods. |
+| rbac.aggregateClusterRoles | bool | `false` | Aggregate ClusterRoles to Kubernetes default user-facing roles. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles |
 | rbac.create | bool | `true` | Specifies whether ClusterRole, ClusterRoleBinding, RoleBinding and Role should be created |
 | replicaCount | int | `1` |  |
 | resources | object | `{}` |  |
@@ -91,4 +94,3 @@ global repository |
 | webhook.readinessProbe.periodSeconds | int | `20` |  |
 | webhook.validating.create | bool | `true` |  |
 | webhook.validating.failurePolicy | string | `"Fail"` |  |
-

charts/edb-postgres-distributed-for-kubernetes/charts/edb-postgres-for-kubernetes-lts/templates/deployment.yaml

@@ -78,7 +78,7 @@ spec:
         - name: MONITORING_QUERIES_CONFIGMAP
           value: "{{ .Values.monitoringQueriesConfigMap.name }}"
         {{- if .Values.additionalEnv }}
-        {{- tpl (.Values.additionalEnvVars | toYaml) . | nindent 8 }}
+        {{- tpl (.Values.additionalEnv | toYaml) . | nindent 8 }}
         {{- end }}
         {{ if not .Values.config.clusterWide -}}
         - name: WATCH_NAMESPACE

charts/edb-postgres-distributed-for-kubernetes/templates/deployment.yaml

@@ -41,11 +41,20 @@ spec:
       labels:
         control-plane: controller-manager
         {{- include "edb-postgres-distributed-for-kubernetes.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.hostNetwork }}
+      hostNetwork: {{ .Values.hostNetwork }}
+      {{- end }}
+      {{- if .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy }}
+      {{- end }}
       containers:
       - args:
         - controller
@@ -70,6 +79,9 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
+        {{- if .Values.additionalEnv }}
+        {{- tpl (.Values.additionalEnv | toYaml) . | nindent 8 }}
+        {{- end }}
         image: "{{- include "edb-postgres-distributed-for-kubernetes.operatorImageName" . }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         livenessProbe:

charts/edb-postgres-distributed-for-kubernetes/templates/rbac.yaml

@@ -425,4 +425,75 @@ subjects:
 - kind: ServiceAccount
   name: {{ include "edb-postgres-distributed-for-kubernetes.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "edb-postgres-distributed-for-kubernetes.fullname" . }}-view
+  labels:
+    {{- include "edb-postgres-distributed-for-kubernetes.labels" . | nindent 4 }}
+    {{- if .Values.rbac.aggregateClusterRoles }}
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- end }}
+rules:
+- apiGroups:
+  - postgresql.k8s.enterprisedb.io
+  resources:
+  - backups
+  - clusters
+  - poolers
+  - scheduledbackups
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - pgd.k8s.enterprisedb.io
+  resources:
+  - pgdgroups
+  - pgdgroupcleanups
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "edb-postgres-distributed-for-kubernetes.fullname" . }}-edit
+  labels:
+    {{- include "edb-postgres-distributed-for-kubernetes.labels" . | nindent 4 }}
+    {{- if .Values.rbac.aggregateClusterRoles }}
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- end }}
+rules:
+- apiGroups:
+  - postgresql.k8s.enterprisedb.io
+  resources:
+  - backups
+  - clusters
+  - poolers
+  - scheduledbackups
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - pgd.k8s.enterprisedb.io
+  resources:
+  - pgdgroups
+  - pgdgroupcleanups
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+---
 {{- end }}

charts/edb-postgres-distributed-for-kubernetes/values.schema.json

@@ -5,6 +5,9 @@
         "additionalArgs": {
             "type": "array"
         },
+        "additionalEnv": {
+            "type": "array"
+        },
         "affinity": {
             "type": "object"
         },
@@ -86,6 +89,9 @@
                 }
             }
         },
+        "dnsPolicy": {
+            "type": "string"
+        },
         "edb-postgres-for-kubernetes-lts": {
             "type": "object",
             "properties": {
@@ -127,6 +133,9 @@
                 }
             }
         },
+        "hostNetwork": {
+            "type": "boolean"
+        },
         "image": {
             "type": "object",
             "properties": {
@@ -224,6 +233,9 @@
         "podAnnotations": {
             "type": "object"
         },
+        "podLabels": {
+            "type": "object"
+        },
         "podSecurityContext": {
             "type": "object",
             "properties": {
@@ -246,6 +258,9 @@
         "rbac": {
             "type": "object",
             "properties": {
+                "aggregateClusterRoles": {
+                    "type": "boolean"
+                },
                 "create": {
                     "type": "boolean"
                 }

charts/edb-postgres-distributed-for-kubernetes/values.yaml

@@ -55,6 +55,9 @@ imagePullSecrets:
 nameOverride: ""
 fullnameOverride: ""
 
+hostNetwork: false
+dnsPolicy: ""
+
 crds:
   create: true
 
@@ -105,6 +108,14 @@ config:
 # -- Additional arguments to be added to the operator's args list
 additionalArgs: []
 
+# -- Array containing extra environment variables which can be templated.
+# For example:
+#  - name: RELEASE_NAME
+#    value: "{{ .Release.Name }}"
+#  - name: MY_VAR
+#    value: "mySpecialKey"
+additionalEnv: []
+
 serviceAccount:
   # -- Specifies whether the service account should be created
   create: true
@@ -115,11 +126,16 @@ serviceAccount:
 rbac:
   # -- Specifies whether ClusterRole, ClusterRoleBinding, RoleBinding and Role should be created
   create: true
+  # -- Aggregate ClusterRoles to Kubernetes default user-facing roles.
+  # Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
+  aggregateClusterRoles: false
 
-# -- Annotations to be added to the pod
-podAnnotations: {}
 # -- Annotations to be added to all other resources
 commonAnnotations: {}
+# -- Annotations to be added to the pod
+podAnnotations: {}
+# -- Labels to be added to the pod
+podLabels: {}
 
 # -- Container Security Context
 containerSecurityContext: