Merge branch 'main' into pgadmin-oauth-secrets

Author: philrhurst

.github/workflows/test.yaml

@@ -67,9 +67,9 @@ jobs:
         with:
           k3s-channel: "${{ matrix.kubernetes }}"
           prefetch-images: |
-            registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-0
-            registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-3
-            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.6-2
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-1
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-4
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.8-0
 
       - run: make createnamespaces check-envtest-existing
         env:
@@ -101,16 +101,16 @@ jobs:
         with:
           k3s-channel: "${{ matrix.kubernetes }}"
           prefetch-images: |
-            registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-34
-            registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-0
-            registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-3
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-35
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-1
+            registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-4
             registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:latest
             registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:latest
-            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.6-2
-            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.6-3.3-2
-            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.6-3.4-2
-            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-17.2-2
-            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-17.2-3.4-2
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.8-0
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.8-3.3-0
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.8-3.4-0
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-17.4-0
+            registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-17.4-3.4-0
       - run: go mod download
       - name: Build executable
         run: PGO_VERSION='${{ github.sha }}' make build-postgres-operator
@@ -132,17 +132,17 @@ jobs:
             --env 'CHECK_FOR_UPGRADES=false' \
             --env 'QUERIES_CONFIG_DIR=/mnt/hack/tools/queries' \
             --env 'KUBECONFIG=hack/.kube/postgres-operator/pgo' \
-            --env 'RELATED_IMAGE_PGADMIN=registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-34' \
-            --env 'RELATED_IMAGE_PGBACKREST=registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-0' \
-            --env 'RELATED_IMAGE_PGBOUNCER=registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-3' \
+            --env 'RELATED_IMAGE_PGADMIN=registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-35' \
+            --env 'RELATED_IMAGE_PGBACKREST=registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-1' \
+            --env 'RELATED_IMAGE_PGBOUNCER=registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-4' \
             --env 'RELATED_IMAGE_PGEXPORTER=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:latest' \
             --env 'RELATED_IMAGE_PGUPGRADE=registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:latest' \
-            --env 'RELATED_IMAGE_POSTGRES_16=registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.6-2' \
-            --env 'RELATED_IMAGE_POSTGRES_16_GIS_3.3=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.6-3.3-2' \
-            --env 'RELATED_IMAGE_POSTGRES_16_GIS_3.4=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.6-3.4-2' \
-            --env 'RELATED_IMAGE_POSTGRES_17=registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-17.2-2' \
-            --env 'RELATED_IMAGE_POSTGRES_17_GIS_3.4=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-17.2-3.4-2' \
-            --env 'RELATED_IMAGE_STANDALONE_PGADMIN=registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-8.14-1' \
+            --env 'RELATED_IMAGE_POSTGRES_16=registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.8-0' \
+            --env 'RELATED_IMAGE_POSTGRES_16_GIS_3.3=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.8-3.3-0' \
+            --env 'RELATED_IMAGE_POSTGRES_16_GIS_3.4=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.8-3.4-0' \
+            --env 'RELATED_IMAGE_POSTGRES_17=registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-17.4-0' \
+            --env 'RELATED_IMAGE_POSTGRES_17_GIS_3.4=registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-17.4-3.4-0' \
+            --env 'RELATED_IMAGE_STANDALONE_PGADMIN=registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-8.14-2' \
             --env 'RELATED_IMAGE_COLLECTOR=ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.119.0' \
             --env 'PGO_FEATURE_GATES=TablespaceVolumes=true' \
             --name 'postgres-operator' ubuntu \

Makefile

@@ -229,7 +229,7 @@ generate-kuttl: export KUTTL_PG_UPGRADE_FROM_VERSION ?= 15
 generate-kuttl: export KUTTL_PG_UPGRADE_TO_VERSION ?= 16
 generate-kuttl: export KUTTL_PG_VERSION ?= 16
 generate-kuttl: export KUTTL_POSTGIS_VERSION ?= 3.4
-generate-kuttl: export KUTTL_PSQL_IMAGE ?= registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.6-2
+generate-kuttl: export KUTTL_PSQL_IMAGE ?= registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.8-0
 generate-kuttl: export KUTTL_TEST_DELETE_NAMESPACE ?= kuttl-test-delete-namespace
 generate-kuttl: ## Generate kuttl tests
 	[ ! -d testing/kuttl/e2e-generated ] || rm -r testing/kuttl/e2e-generated

config/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml

@@ -1584,6 +1584,12 @@ spec:
                       backing this claim.
                     type: string
                 type: object
+                x-kubernetes-map-type: atomic
+                x-kubernetes-validations:
+                - message: missing accessModes
+                  rule: 0 < size(self.accessModes)
+                - message: missing storage request
+                  rule: has(self.resources.requests.storage)
               image:
                 description: The image name to use for pgAdmin instance.
                 type: string

config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml

@@ -39,6 +39,86 @@ spec:
           spec:
             description: PostgresClusterSpec defines the desired state of PostgresCluster
             properties:
+              authentication:
+                properties:
+                  rules:
+                    description: 'More info: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html'
+                    items:
+                      properties:
+                        connection:
+                          description: |-
+                            The connection transport this rule matches. Typical values are:
+                             1. "host" for network connections that may or may not be encrypted.
+                             2. "hostssl" for network connections encrypted using TLS.
+                             3. "hostgssenc" for network connections encrypted using GSSAPI.
+                          maxLength: 20
+                          minLength: 1
+                          pattern: ^[-a-z0-9]+$
+                          type: string
+                        databases:
+                          description: Which databases this rule matches. When omitted
+                            or empty, this rule matches all databases.
+                          items:
+                            maxLength: 63
+                            minLength: 1
+                            type: string
+                          maxItems: 20
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        hba:
+                          description: One line of the "pg_hba.conf" file. Changes
+                            to this value will be automatically reloaded without validation.
+                          maxLength: 100
+                          minLength: 1
+                          pattern: ^[[:print:]]+$
+                          type: string
+                          x-kubernetes-validations:
+                          - message: cannot include other files
+                            rule: '!self.trim().startsWith("include")'
+                        method:
+                          description: |-
+                            The authentication method to use when a connection matches this rule.
+                            The special value "reject" refuses connections that match this rule.
+                            More info: https://www.postgresql.org/docs/current/auth-methods.html
+                          maxLength: 20
+                          minLength: 1
+                          pattern: ^[-a-z0-9]+$
+                          type: string
+                          x-kubernetes-validations:
+                          - message: the "trust" method is unsafe
+                            rule: self != "trust"
+                        options:
+                          additionalProperties:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            x-kubernetes-int-or-string: true
+                          maxProperties: 20
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        users:
+                          description: Which user names this rule matches. When omitted
+                            or empty, this rule matches all users.
+                          items:
+                            maxLength: 63
+                            minLength: 1
+                            type: string
+                          maxItems: 20
+                          type: array
+                          x-kubernetes-list-type: atomic
+                      type: object
+                      x-kubernetes-map-type: atomic
+                      x-kubernetes-validations:
+                      - message: '"hba" cannot be combined with other fields'
+                        rule: 'has(self.hba) ? !has(self.connection) && !has(self.databases)
+                          && !has(self.method) && !has(self.options) && !has(self.users)
+                          : true'
+                      - message: '"connection" and "method" are required'
+                        rule: 'has(self.hba) ? true : has(self.connection) && has(self.method)'
+                    maxItems: 10
+                    type: array
+                    x-kubernetes-list-type: atomic
+                type: object
               backups:
                 description: PostgreSQL backup configuration
                 properties:
@@ -3117,13 +3197,12 @@ spec:
                                         to the PersistentVolume backing this claim.
                                       type: string
                                   type: object
+                                  x-kubernetes-map-type: atomic
                                   x-kubernetes-validations:
                                   - message: missing accessModes
-                                    rule: has(self.accessModes) && size(self.accessModes)
-                                      > 0
+                                    rule: 0 < size(self.accessModes)
                                   - message: missing storage request
-                                    rule: has(self.resources) && has(self.resources.requests)
-                                      && has(self.resources.requests.storage)
+                                    rule: has(self.resources.requests.storage)
                               required:
                               - volumeClaimSpec
                               type: object
@@ -6444,13 +6523,12 @@ spec:
                                       to the PersistentVolume backing this claim.
                                     type: string
                                 type: object
+                                x-kubernetes-map-type: atomic
                                 x-kubernetes-validations:
                                 - message: missing accessModes
-                                  rule: has(self.accessModes) && size(self.accessModes)
-                                    > 0
+                                  rule: 0 < size(self.accessModes)
                                 - message: missing storage request
-                                  rule: has(self.resources) && has(self.resources.requests)
-                                    && has(self.resources.requests.storage)
+                                  rule: has(self.resources.requests.storage)
                             required:
                             - volumeClaimSpec
                             type: object
@@ -10332,12 +10410,12 @@ spec:
                             PersistentVolume backing this claim.
                           type: string
                       type: object
+                      x-kubernetes-map-type: atomic
                       x-kubernetes-validations:
                       - message: missing accessModes
-                        rule: has(self.accessModes) && size(self.accessModes) > 0
+                        rule: 0 < size(self.accessModes)
                       - message: missing storage request
-                        rule: has(self.resources) && has(self.resources.requests)
-                          && has(self.resources.requests.storage)
+                        rule: has(self.resources.requests.storage)
                     metadata:
                       description: Metadata contains metadata for custom resources
                       properties:
@@ -10717,13 +10795,12 @@ spec:
                                   the PersistentVolume backing this claim.
                                 type: string
                             type: object
+                            x-kubernetes-map-type: atomic
                             x-kubernetes-validations:
                             - message: missing accessModes
-                              rule: has(self.accessModes) && size(self.accessModes)
-                                > 0
+                              rule: 0 < size(self.accessModes)
                             - message: missing storage request
-                              rule: has(self.resources) && has(self.resources.requests)
-                                && has(self.resources.requests.storage)
+                              rule: has(self.resources.requests.storage)
                           name:
                             description: |-
                               The name for the tablespace, used as the path name for the volume.
@@ -11158,12 +11235,12 @@ spec:
                             PersistentVolume backing this claim.
                           type: string
                       type: object
+                      x-kubernetes-map-type: atomic
                       x-kubernetes-validations:
                       - message: missing accessModes
-                        rule: has(self.accessModes) && size(self.accessModes) > 0
+                        rule: 0 < size(self.accessModes)
                       - message: missing storage request
-                        rule: has(self.resources) && has(self.resources.requests)
-                          && has(self.resources.requests.storage)
+                        rule: has(self.resources.requests.storage)
                   required:
                   - dataVolumeClaimSpec
                   type: object
@@ -17248,6 +17325,12 @@ spec:
                               PersistentVolume backing this claim.
                             type: string
                         type: object
+                        x-kubernetes-map-type: atomic
+                        x-kubernetes-validations:
+                        - message: missing accessModes
+                          rule: 0 < size(self.accessModes)
+                        - message: missing storage request
+                          rule: has(self.resources.requests.storage)
                       image:
                         description: |-
                           Name of a container image that can run pgAdmin 4. Changing this value causes

config/manager/manager.yaml

@@ -23,27 +23,27 @@ spec:
         - name: CRUNCHY_DEBUG
           value: "true"
         - name: RELATED_IMAGE_POSTGRES_16
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.6-2"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-16.8-0"
         - name: RELATED_IMAGE_POSTGRES_16_GIS_3.3
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.6-3.3-2"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.8-3.3-0"
         - name: RELATED_IMAGE_POSTGRES_16_GIS_3.4
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.6-3.4-2"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-16.8-3.4-0"
         - name: RELATED_IMAGE_POSTGRES_17
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-17.2-2"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-17.4-0"
         - name: RELATED_IMAGE_POSTGRES_17_GIS_3.4
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-17.2-3.4-2"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-17.4-3.4-0"
         - name: RELATED_IMAGE_PGADMIN
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-34"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-35"
         - name: RELATED_IMAGE_PGBACKREST
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-0"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.54.1-1"
         - name: RELATED_IMAGE_PGBOUNCER
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-3"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.23-4"
         - name: RELATED_IMAGE_PGEXPORTER
           value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:latest"
         - name: RELATED_IMAGE_PGUPGRADE
           value: "registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:latest"
         - name: RELATED_IMAGE_STANDALONE_PGADMIN
-          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-8.14-1"
+          value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-8.14-2"
         - name: RELATED_IMAGE_COLLECTOR
           value: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.119.0"
         securityContext: