From 5cd73c272e24ac82a26db045531a1c7e36df15d0 Mon Sep 17 00:00:00 2001 From: IvanJosipovic <9521987+IvanJosipovic@users.noreply.github.com> Date: Thu, 5 Feb 2026 16:17:30 +0000 Subject: [PATCH] feat: Update CRDs --- crds/backups.postgresql.cnpg.io.yaml | 14 +++- ...usterimagecatalogs.postgresql.cnpg.io.yaml | 2 +- crds/clusters.postgresql.cnpg.io.yaml | 47 ++++++++++-- crds/databases.postgresql.cnpg.io.yaml | 2 +- crds/failoverquorums.postgresql.cnpg.io.yaml | 2 +- crds/imagecatalogs.postgresql.cnpg.io.yaml | 2 +- crds/poolers.postgresql.cnpg.io.yaml | 73 +++++++++++++++++-- crds/publications.postgresql.cnpg.io.yaml | 2 +- crds/scheduledbackups.postgresql.cnpg.io.yaml | 2 +- crds/subscriptions.postgresql.cnpg.io.yaml | 2 +- 10 files changed, 125 insertions(+), 23 deletions(-) diff --git a/crds/backups.postgresql.cnpg.io.yaml b/crds/backups.postgresql.cnpg.io.yaml index ccc87e1..1652d49 100644 --- a/crds/backups.postgresql.cnpg.io.yaml +++ b/crds/backups.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: backups.postgresql.cnpg.io spec: @@ -211,6 +211,11 @@ spec: - key - name type: object + useDefaultAzureCredentials: + description: |- + Use the default Azure authentication flow, which includes DefaultAzureCredential. + This allows authentication using environment variables and managed identities. + type: boolean type: object backupId: description: The ID of the Barman backup @@ -304,6 +309,13 @@ spec: podName: description: The pod name type: string + sessionID: + description: |- + The instance manager session ID. This is a unique identifier generated at instance manager + startup and changes on every restart (including container reboots). Used to detect if + the instance manager was restarted during long-running operations like backups, which + would terminate any running backup process. + type: string type: object majorVersion: description: |- diff --git a/crds/clusterimagecatalogs.postgresql.cnpg.io.yaml b/crds/clusterimagecatalogs.postgresql.cnpg.io.yaml index bf9728b..07db337 100644 --- a/crds/clusterimagecatalogs.postgresql.cnpg.io.yaml +++ b/crds/clusterimagecatalogs.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: clusterimagecatalogs.postgresql.cnpg.io spec: diff --git a/crds/clusters.postgresql.cnpg.io.yaml b/crds/clusters.postgresql.cnpg.io.yaml index 48f20cf..10e94cb 100644 --- a/crds/clusters.postgresql.cnpg.io.yaml +++ b/crds/clusters.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: clusters.postgresql.cnpg.io spec: @@ -984,9 +984,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -1077,6 +1078,11 @@ spec: - key - name type: object + useDefaultAzureCredentials: + description: |- + Use the default Azure authentication flow, which includes DefaultAzureCredential. + This allows authentication using environment variables and managed identities. + type: boolean type: object data: description: |- @@ -1908,7 +1914,9 @@ spec: description: The target timeline ("latest" or a positive integer) type: string targetTime: - description: The target time as a timestamp in the RFC3339 standard + description: |- + The target time as a timestamp in RFC3339 format or PostgreSQL timestamp format. + Timestamps without an explicit timezone are interpreted as UTC. type: string targetXID: description: The target transaction ID @@ -2410,7 +2418,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -2607,6 +2615,11 @@ spec: - key - name type: object + useDefaultAzureCredentials: + description: |- + Use the default Azure authentication flow, which includes DefaultAzureCredential. + This allows authentication using environment variables and managed identities. + type: boolean type: object data: description: |- @@ -4267,7 +4280,7 @@ spec: name: description: The name of the extension, required minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + pattern: ^[a-z0-9]([-a-z0-9_]*[a-z0-9])?$ type: string required: - image @@ -5020,6 +5033,24 @@ spec: signerName: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName @@ -5645,7 +5676,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -5892,7 +5923,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -6291,7 +6322,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources diff --git a/crds/databases.postgresql.cnpg.io.yaml b/crds/databases.postgresql.cnpg.io.yaml index 79abfcb..2a3687b 100644 --- a/crds/databases.postgresql.cnpg.io.yaml +++ b/crds/databases.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: databases.postgresql.cnpg.io spec: diff --git a/crds/failoverquorums.postgresql.cnpg.io.yaml b/crds/failoverquorums.postgresql.cnpg.io.yaml index a356718..ab3f433 100644 --- a/crds/failoverquorums.postgresql.cnpg.io.yaml +++ b/crds/failoverquorums.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: failoverquorums.postgresql.cnpg.io spec: diff --git a/crds/imagecatalogs.postgresql.cnpg.io.yaml b/crds/imagecatalogs.postgresql.cnpg.io.yaml index 5848c97..0a3c9e3 100644 --- a/crds/imagecatalogs.postgresql.cnpg.io.yaml +++ b/crds/imagecatalogs.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: imagecatalogs.postgresql.cnpg.io spec: diff --git a/crds/poolers.postgresql.cnpg.io.yaml b/crds/poolers.postgresql.cnpg.io.yaml index 404d52c..5bf8311 100644 --- a/crds/poolers.postgresql.cnpg.io.yaml +++ b/crds/poolers.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: poolers.postgresql.cnpg.io spec: @@ -2519,7 +2519,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. properties: @@ -5592,7 +5594,9 @@ spec: type: integer type: object resizePolicy: - description: Resources resize policy for the container. + description: |- + Resources resize policy for the container. + This field cannot be set on ephemeral containers. items: description: ContainerResizePolicy represents resource resize policy for the container. properties: @@ -6353,8 +6357,8 @@ spec: will be made available to those containers which consume them by name. - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. + This is a stable field but requires that the + DynamicResourceAllocation feature gate is enabled. This field is immutable. items: @@ -6806,9 +6810,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -7563,7 +7568,7 @@ spec: resources: description: |- resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -8398,6 +8403,24 @@ spec: signerName: description: Kubelet's generated CSRs will be addressed to this signer. type: string + userAnnotations: + additionalProperties: + type: string + description: |- + userAnnotations allow pod authors to pass additional information to + the signer implementation. Kubernetes does not restrict or validate this + metadata in any way. + + These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of + the PodCertificateRequest objects that Kubelet creates. + + Entries are subject to the same validation as object metadata annotations, + with the addition that all keys must be domain-prefixed. No restrictions + are placed on values, except an overall size limitation on the entire field. + + Signers should document the keys and values they support. Signers should + deny requests that contain keys they do not recognize. + type: object required: - keyType - signerName @@ -8807,6 +8830,42 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + workloadRef: + description: |- + WorkloadRef provides a reference to the Workload object that this Pod belongs to. + This field is used by the scheduler to identify the PodGroup and apply the + correct group scheduling policies. The Workload object referenced + by this field may not exist at the time the Pod is created. + This field is immutable, but a Workload object with the same name + may be recreated with different policies. Doing this during pod scheduling + may result in the placement not conforming to the expected policies. + properties: + name: + description: |- + Name defines the name of the Workload object this Pod belongs to. + Workload must be in the same namespace as the Pod. + If it doesn't match any existing Workload, the Pod will remain unschedulable + until a Workload object is created and observed by the kube-scheduler. + It must be a DNS subdomain. + type: string + podGroup: + description: |- + PodGroup is the name of the PodGroup within the Workload that this Pod + belongs to. If it doesn't match any existing PodGroup within the Workload, + the Pod will remain unschedulable until the Workload object is recreated + and observed by the kube-scheduler. It must be a DNS label. + type: string + podGroupReplicaKey: + description: |- + PodGroupReplicaKey specifies the replica key of the PodGroup to which this + Pod belongs. It is used to distinguish pods belonging to different replicas + of the same pod group. The pod group policy is applied separately to each replica. + When set, it must be a DNS label. + type: string + required: + - name + - podGroup + type: object required: - containers type: object diff --git a/crds/publications.postgresql.cnpg.io.yaml b/crds/publications.postgresql.cnpg.io.yaml index d0e3db2..5ae01ea 100644 --- a/crds/publications.postgresql.cnpg.io.yaml +++ b/crds/publications.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: publications.postgresql.cnpg.io spec: diff --git a/crds/scheduledbackups.postgresql.cnpg.io.yaml b/crds/scheduledbackups.postgresql.cnpg.io.yaml index 40e2c58..ee60301 100644 --- a/crds/scheduledbackups.postgresql.cnpg.io.yaml +++ b/crds/scheduledbackups.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: scheduledbackups.postgresql.cnpg.io spec: diff --git a/crds/subscriptions.postgresql.cnpg.io.yaml b/crds/subscriptions.postgresql.cnpg.io.yaml index e114a48..c1f07de 100644 --- a/crds/subscriptions.postgresql.cnpg.io.yaml +++ b/crds/subscriptions.postgresql.cnpg.io.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 helm.sh/resource-policy: keep name: subscriptions.postgresql.cnpg.io spec: