feat: adds cert issuer and cloudnative-pg

manifest/charts/cloudnative-pg/helm-release-cloudnative-pg.yaml

@@ -0,0 +1,77 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cnpg
+  namespace: cnpg-system
+spec:
+  interval: 10m
+  releaseName: cnpg
+  chart:
+    spec:
+      chart: cloudnative-pg
+      sourceRef:
+        kind: HelmRepository
+        name: cloudnative-pg
+        namespace: flux-system
+  install:
+    createNamespace: true
+  values:
+    # CloudNative-PG Operator resource limits
+    operator:
+      resources:
+        limits:
+          cpu: 100m
+          memory: 128Mi
+        requests:
+          cpu: 50m
+          memory: 64Mi
+      # Security context
+      securityContext:
+        allowPrivilegeEscalation: false
+        readOnlyRootFilesystem: true
+        runAsNonRoot: true
+        runAsUser: 65534
+        capabilities:
+          drop:
+            - ALL
+      # Pod security context
+      podSecurityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        fsGroup: 65534
+        seccompProfile:
+          type: RuntimeDefault
+    
+    # Webhook configuration
+    webhook:
+      resources:
+        limits:
+          cpu: 50m
+          memory: 64Mi
+        requests:
+          cpu: 25m
+          memory: 32Mi
+      securityContext:
+        allowPrivilegeEscalation: false
+        readOnlyRootFilesystem: true
+        runAsNonRoot: true
+        runAsUser: 65534
+        capabilities:
+          drop:
+            - ALL
+    
+    # Monitoring configuration
+    monitoring:
+      enabled: true
+      # Set to true if you have Prometheus
+      serviceMonitor:
+        enabled: false
+    
+    # Additional configuration
+    config:
+      # Default storage class for PostgreSQL clusters
+      # storageClass: ""
+      
+      # Default monitoring configuration
+      monitoring:
+        enabled: true