Skip to content

Deploy releases/k8s-manifests ad4db8b#140

Merged
themightychris merged 3 commits into
deploys/k8s-manifestsfrom
releases/k8s-manifests
May 6, 2026
Merged

Deploy releases/k8s-manifests ad4db8b#140
themightychris merged 3 commits into
deploys/k8s-manifestsfrom
releases/k8s-manifests

Conversation

@github-actions
Copy link
Copy Markdown

@github-actions github-actions Bot commented May 6, 2026

kubectl diff reports that applying ad4db8b will change:

diff too big; review locally

themightychris and others added 3 commits May 6, 2026 00:33
@themightychris @claude
fix(cnpg): switch shared-cluster to PG 18 with PostGIS + pgvector image
45b7a4c 
The Cluster CR was being rejected by the cnpg validating webhook:

  spec.postgresql.parameters.shared_preload_libraries: Invalid value: "vector":
    Can't set fixed configuration parameter

Two issues with that field: cnpg manages shared_preload_libraries itself
(it's a "fixed" parameter), and the user-facing field is at
spec.postgresql.shared_preload_libraries (top-level array), not under
parameters. pgvector doesn't actually require preloading — it loads on
CREATE EXTENSION — so dropping the line entirely.

Switch the operand image to ghcr.io/cloudnative-pg/postgis:18-3-system-trixie,
the cnpg-maintained image that bundles PostGIS, pgvector, pgaudit, and
barman-cloud (for backups). Bump the cnpg helm chart from v0.23.1
(operator 1.25.0) to v0.28.0 (operator 1.29.0) — required because PG 18
needs cnpg ≥ 1.26. Validated with `kubectl diff` against the current
1.25 webhook (exit 0, spec accepted).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@themightychris
Merge pull request #139 from CodeForPhilly/fix/cnpg-shared-cluster-pg18
8280e9c 
fix(cnpg): use PG 18 PostGIS+pgvector image on shared-cluster
@themightychris
☀ projected k8s-manifests-github from 8280e9c
ad4db8b 
Source-holobranch: k8s-manifests-github
Source-commit: 8280e9c
Source: 8280e9c
@themightychris themightychris merged commit e55874e into deploys/k8s-manifests May 6, 2026
1 check passed
@github-actions
Copy link
Copy Markdown
Author

github-actions Bot commented May 6, 2026

kubectl apply output (excluding unchanged) for e55874e was:

customresourcedefinition.apiextensions.k8s.io/backups.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusterimagecatalogs.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusters.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/databases.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/failoverquorums.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/imagecatalogs.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/poolers.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/publications.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/scheduledbackups.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/sealedsecrets.bitnami.com serverside-applied
customresourcedefinition.apiextensions.k8s.io/subscriptions.postgresql.cnpg.io serverside-applied
clusterrole.rbac.authorization.k8s.io/cloudnative-pg-edit configured
clusterrole.rbac.authorization.k8s.io/cloudnative-pg-view configured
clusterrole.rbac.authorization.k8s.io/cloudnative-pg configured
clusterrole.rbac.authorization.k8s.io/grafana-clusterrole configured
clusterrole.rbac.authorization.k8s.io/prometheus-alertmanager configured
clusterrole.rbac.authorization.k8s.io/prometheus-pushgateway configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews configured
clusterrolebinding.rbac.authorization.k8s.io/cloudnative-pg configured
clusterrolebinding.rbac.authorization.k8s.io/sealed-secrets configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/cnpg-mutating-webhook-configuration configured
validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
validatingwebhookconfiguration.admissionregistration.k8s.io/cnpg-validating-webhook-configuration configured
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission configured
configmap/cert-manager-webhook configured
configmap/cert-manager configured
rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving configured
deployment.apps/choose-native-plants configured
cluster.postgresql.cnpg.io/shared-cluster created
configmap/cnpg-controller-manager-config configured
configmap/cnpg-default-monitoring configured
deployment.apps/cloudnative-pg configured
service/cnpg-webhook-service configured
serviceaccount/cloudnative-pg configured
statefulset.apps/data-warehouse-postgresql configured
configmap/grafana-dashboards-default configured
deployment.apps/grafana configured
deployment.apps/ingress-nginx-controller configured
deployment.apps/metrics-server configured
rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection configured
secret/promtail configured
statefulset.apps/loki configured
statefulset.apps/database configured
deployment.apps/prometheus-alertmanager configured
deployment.apps/prometheus-kube-state-metrics configured
deployment.apps/prometheus-pushgateway configured
deployment.apps/prometheus-server configured
serviceaccount/prometheus-kube-state-metrics configured
deployment.apps/sealed-secrets configured
rolebinding.rbac.authorization.k8s.io/sealed-secrets-key-admin configured
service/sealed-secrets configured

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@themightychris