Add support for Google Cloud

.github/workflows/conductor.yaml

@@ -32,7 +32,7 @@ jobs:
       fail-fast: false
       matrix:
         kube_version:
-          - "1.25.8"
+          - "1.29.8"
     steps:
       - uses: actions/checkout@v4
       - name: Install system dependencies

.github/workflows/operator.yaml

@@ -16,14 +16,14 @@ on:
     branches:
       - main
     paths:
-    - '.github/workflows/operator.yaml'
-    - 'tembo-operator/**'
+      - ".github/workflows/operator.yaml"
+      - "tembo-operator/**"
   push:
     branches:
       - main
     paths:
-    - '.github/workflows/operator.yaml'
-    - 'tembo-operator/**'
+      - ".github/workflows/operator.yaml"
+      - "tembo-operator/**"
 
 jobs:
   functional_test:
@@ -39,7 +39,7 @@ jobs:
         # Go here for a list of versions:
         # https://github.com/kubernetes-sigs/kind/releases
         kube_version:
-          - '1.25.8'
+          - "1.29.8"
     steps:
       - uses: actions/checkout@v4
       - name: Install system dependencies

charts/tembo-operator/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: cloudnative-pg
   repository: https://cloudnative-pg.github.io/charts
-  version: 0.20.1
-digest: sha256:8b7ed89dc3d149784f369ed4035d79268e9348f232b5cbebd5096c2d29e9ded7
-generated: "2024-02-12T14:57:18.051558882-06:00"
+  version: 0.21.6
+digest: sha256:3922d990e9dec07c6dda1f7b8799e9cfd2ef28450357f5a3f260a3d4773e5db2
+generated: "2024-09-04T09:47:10.610286988-05:00"

charts/tembo-operator/Chart.yaml

@@ -3,7 +3,7 @@ name: tembo-operator
 description: "Helm chart to deploy the tembo-operator"
 type: application
 icon: https://cloud.tembo.io/images/TemboElephant.png
-version: 0.7.2
+version: 0.7.3
 home: https://tembo.io
 sources:
   - https://github.com/tembo-io/tembo
@@ -17,6 +17,6 @@ maintainers:
     url: https://tembocommunity.slack.com
 dependencies:
   - name: cloudnative-pg
-    version: 0.20.1
+    version: 0.21.6
     repository: https://cloudnative-pg.github.io/charts
     condition: cloudnative-pg.enabled

charts/tembo-operator/templates/crd.yaml

@@ -1930,8 +1930,8 @@ spec:
                   retentionPolicy: '30'
                   schedule: 0 0 * * *
                   endpointURL: null
-                  s3Credentials:
-                    inheritFromIAMRole: true
+                  s3Credentials: null
+                  googleCredentials: null
                   volumeSnapshot:
                     enabled: false
                 description: |-
@@ -1953,14 +1953,33 @@ spec:
                     description: The S3 compatable endpoint URL
                     nullable: true
                     type: string
+                  googleCredentials:
+                    description: 'GoogleCredentials is the type for the credentials to be used to upload files to Google Cloud Storage. It can be provided in two alternative ways: * The secret containing the Google Cloud Storage JSON file with the credentials (applicationCredentials) * inheriting the role from the pod (GKE) environment by setting gkeEnvironment to true'
+                    nullable: true
+                    properties:
+                      applicationCredentials:
+                        description: The reference to the secret containing the Google Cloud Storage JSON file with the credentials
+                        nullable: true
+                        properties:
+                          key:
+                            type: string
+                          name:
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      gkeEnvironment:
+                        description: Use the role based authentication without providing explicitly the keys.
+                        nullable: true
+                        type: boolean
+                    type: object
                   retentionPolicy:
                     default: '30'
                     description: The number of days to retain backups for
                     nullable: true
                     type: string
                   s3Credentials:
-                    default:
-                      inheritFromIAMRole: true
                     description: The S3 credentials to use for backups (if not using IAM Role)
                     nullable: true
                     properties:
@@ -2383,6 +2402,27 @@ spec:
                     description: endpointURL is the S3 compatable endpoint URL
                     nullable: true
                     type: string
+                  googleCredentials:
+                    description: s3Credentials is the S3 credentials to use for backups.
+                    nullable: true
+                    properties:
+                      applicationCredentials:
+                        description: The reference to the secret containing the Google Cloud Storage JSON file with the credentials
+                        nullable: true
+                        properties:
+                          key:
+                            type: string
+                          name:
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      gkeEnvironment:
+                        description: Use the role based authentication without providing explicitly the keys.
+                        nullable: true
+                        type: boolean
+                    type: object
                   recoveryTargetTime:
                     description: recovery_target_time is the time base target for point-in-time recovery.
                     nullable: true

conductor/justfile

@@ -2,17 +2,15 @@ NAME := "conductor"
 VERSION := `git rev-parse HEAD`
 SEMVER_VERSION := `grep version Cargo.toml | awk -F"\"" '{print $2}' | head -n 1`
 NAMESPACE := "default"
-KUBE_VERSION := env_var_or_default('KUBE_VERSION', '1.25.8')
+KUBE_VERSION := env_var_or_default('KUBE_VERSION', '1.29.8')
 RUST_LOG := "info"
 
 default:
   @just --list --unsorted --color=always | rg -v "    default"
 
 install-traefik:
 	kubectl create namespace traefik || true
-	helm upgrade --install --namespace=traefik --version=20.8.0 --values=./testdata/traefik-values.yaml traefik traefik/traefik
-	# https://github.com/traefik/traefik-helm-chart/issues/757#issuecomment-1753995542
-	kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0.0-beta2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+	helm upgrade --install --namespace=traefik --version=29.0.1 --values=./testdata/traefik-values.yaml traefik traefik/traefik
 
 install-operator:
   just install-cert-manager

conductor/testdata/traefik-values.yaml

@@ -1,5 +1,7 @@
 image:
-  tag: v3.0.0-beta2
+  tag: v3.0.3-tembo.1
+  registry: quay.io/tembo
+  repository: traefik
 logs:
   general:
     level: DEBUG
@@ -15,22 +17,38 @@ additionalArguments:
   - "--api.debug=true"
 ports:
   postgresql:
-    expose: true
+    expose:
+      default: true
     port: 5432
     exposedPort: 5432
     nodePort: 32432
     protocol: TCP
-  web:
-    expose: true
-    port: 8080
-    exposedPort: 8080
-    nodePort: 32430
+  # web:
+  #   expose: true
+  #   port: 8080
+  #   exposedPort: 8080
+  #   nodePort: 32430
+  #   protocol: TCP
+  websecure:
+    expose:
+      default: true
+    port: 8443
+    exposedPort: 8443
+    nodePort: 32443
     protocol: TCP
   traefik:
-    expose: true
+    expose:
+      default: true
     port: 9000
     exposedPort: 9000
     nodePort: 32431
     protocol: TCP
 deployment:
   replicas: 1
+resources:
+  requests:
+    cpu: "200m"
+    memory: "100Mi"
+  limits:
+    cpu: "400m"
+    memory: "300Mi"

tembo-operator/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "controller"
 description = "Tembo Operator for Postgres"
-version = "0.49.10"
+version = "0.50.0"
 edition = "2021"
 default-run = "controller"
 license = "Apache-2.0"

tembo-operator/src/apis/coredb_types.rs

@@ -160,6 +160,36 @@ pub struct S3CredentialsSessionToken {
     pub name: String,
 }
 
+/// GoogleCredentials is the type for the credentials to be used to upload files to Google Cloud Storage.
+/// It can be provided in two alternative ways:
+/// * The secret containing the Google Cloud Storage JSON file with the credentials (applicationCredentials)
+/// * inheriting the role from the pod (GKE) environment by setting gkeEnvironment to true
+#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
+pub struct GoogleCredentials {
+    /// The reference to the secret containing the Google Cloud Storage JSON file with the credentials
+    #[serde(
+        default,
+        skip_serializing_if = "Option::is_none",
+        rename = "applicationCredentials"
+    )]
+    pub application_credentials: Option<GoogleCredentialsApplicationCredentials>,
+
+    /// Use the role based authentication without providing explicitly the keys.
+    #[serde(
+        default,
+        skip_serializing_if = "Option::is_none",
+        rename = "gkeEnvironment"
+    )]
+    pub gke_environment: Option<bool>,
+}
+
+/// GoogleCredentialsApplicationCredentials is the type for the reference to the secret containing the Google Cloud Storage JSON file with the credentials
+#[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema)]
+pub struct GoogleCredentialsApplicationCredentials {
+    pub key: String,
+    pub name: String,
+}
+
 /// VolumeSnapshots is the type for the configuration of the volume snapshots
 /// to be used for backups instead of object storage
 #[derive(Serialize, Deserialize, Clone, Debug, Default, JsonSchema, PartialEq)]
@@ -227,9 +257,12 @@ pub struct Backup {
     pub endpoint_url: Option<String>,
 
     /// The S3 credentials to use for backups (if not using IAM Role)
-    #[serde(default = "defaults::default_s3_credentials", rename = "s3Credentials")]
+    #[serde(rename = "s3Credentials")]
     pub s3_credentials: Option<S3Credentials>,
 
+    #[serde(rename = "googleCredentials")]
+    pub google_credentials: Option<GoogleCredentials>,
+
     /// Enable using Volume Snapshots for backups instead of Object Storage
     #[serde(
         default = "defaults::default_volume_snapshot",
@@ -290,6 +323,10 @@ pub struct Restore {
     #[serde(rename = "s3Credentials")]
     pub s3_credentials: Option<S3Credentials>,
 
+    /// s3Credentials is the S3 credentials to use for backups.
+    #[serde(rename = "googleCredentials")]
+    pub google_credentials: Option<GoogleCredentials>,
+
     /// volumeSnapshot is a boolean to enable restoring from a Volume Snapshot
     #[serde(rename = "volumeSnapshot")]
     pub volume_snapshot: Option<bool>,