Merge pull request #19 from small-hack/add-test-deployment

add a test deployment for validation, bump chart

Author: cloudymax

charts/cloudnative-pg-cluster/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: cnpg-cluster
 description: Create postgres tenant clusters managed by the CNPG Operator
 type: application
-version: 0.3.0
+version: 0.3.1
 
 maintainers:
   - name: "cloudymax"

charts/cloudnative-pg-cluster/README.md

@@ -1,6 +1,6 @@
 # cnpg-cluster
 
-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 Create postgres tenant clusters managed by the CNPG Operator
 
@@ -33,7 +33,7 @@ Create postgres tenant clusters managed by the CNPG Operator
 | certificates.server.serverCASecret | string | `""` | name of existing Kubernetes Secret for the postgresql server Certificate Authority cert, ignored if certificates.generate is true |
 | certificates.server.serverTLSSecret | string | `""` | name of existing Kubernetes Secret for the postgresql server TLS cert, ignored if certificates.generate is true |
 | certificates.user.enabled | bool | `false` | create a certificate for a user to connect to postgres using CertManager requires server and client certificate generation enabled |
-| certificates.user.username | string | `"app"` | name of the user to create a cert for, eg: the DbOwner specified earlier.  This data populated into the commonName field of the certificate. |
+| certificates.user.username | string | `"app"` | name of the user to create a cert for, eg: the DbOwner specified earlier. This data populated into the commonName field of the certificate. |
 | instances | int | `3` |  |
 | monitoring.enablePodMonitor | bool | `false` | enable monitoring via Prometheus |
 | name | string | `"cnpg"` |  |
@@ -44,6 +44,8 @@ Create postgres tenant clusters managed by the CNPG Operator
 | scheduledBackup.spec.schedule | string | `"0 0 0 * * *"` | crontab style schedule to run the backups |
 | storage.size | string | `"1Gi"` | how much storage to allocate to the postgresql cluster |
 | superuserSecret.name | string | `"superuser-secret"` |  |
+| testApp.enabled | bool | `false` |  |
+| testApp.namespace | string | `"default"` |  |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)

charts/cloudnative-pg-cluster/templates/test-app.yaml

@@ -0,0 +1,51 @@
+{{- if and .Values.testApp.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Values.name }}-cert-test"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ .Values.name}}-webtest"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Values.name}}-webtest"
+    spec:
+      containers:
+        - image: ghcr.io/cloudnative-pg/webtest:1.6.0
+          name: cert-test
+          volumeMounts:
+            - name: secret-volume-root-ca
+              mountPath: /etc/secrets/ca
+            - name: secret-volume-app
+              mountPath: /etc/secrets/app
+          ports:
+            - containerPort: 8080
+          env:
+            - name: DATABASE_URL
+              value: >
+                sslkey=/etc/secrets/app/tls.key
+                sslcert=/etc/secrets/app/tls.crt
+                sslrootcert=/etc/secrets/ca/ca.crt
+                host={{ .Values.name }}-rw.{{ .Values.testApp.namespace }}.svc
+                dbname={{ .Values.bootstrap.initdb.database }}
+                user={{ .Values.bootstrap.initdb.owner }}
+                sslmode=verify-full
+            - name: SQL_QUERY
+              value: SELECT 1
+          readinessProbe:
+            httpGet:
+              port: 8080
+              path: /tx
+      volumes:
+        - name: secret-volume-root-ca
+          secret:
+            secretName: "{{ .Values.name }}-server-cert"
+            defaultMode: 0600
+        - name: secret-volume-app
+          secret:
+            secretName: "{{ .Values.name }}-{{ .Values.bootstrap.initdb.owner }}-cert"
+            defaultMode: 0600
+{{- end }}

charts/cloudnative-pg-cluster/values.yaml

@@ -90,3 +90,11 @@ postgresql:
 storage:
   # -- how much storage to allocate to the postgresql cluster
   size: 1Gi
+
+testApp:
+  ## -- create a test deployment to verify db connectivity.
+  # Populates user and DB from the Initdb owner and database values
+  # Requires server, client, and user certificate generation to be enabled.
+  enabled: false
+  ## -- namespace where the read-write postgres service exists
+  namespace: "default"