fix test app and docs

.github/workflows/ci-helm-lint-test.yml

@@ -22,6 +22,10 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@v3.5
 
+      - name: Add dependency chart repos
+        run: |
+          helm repo add cnpg https://cloudnative-pg.github.io/charts
+
       - name: Set up chart-testing
         uses: helm/chart-testing-action@v2.6.1
 
@@ -49,7 +53,7 @@ jobs:
           kubectl get pods -A
           pwd
           ls -hal
-          
+
       - name: Install Certmanager
         run: |
           helm repo add jetstack https://charts.jetstack.io
@@ -60,7 +64,7 @@ jobs:
             --set installCRDs=true \
             --set prometheus.enabled=false \
             --wait
-            
+
       - name: Install CNPG Operator
         run: |
           helm repo add cnpg-operator https://cloudnative-pg.github.io/charts
@@ -95,7 +99,7 @@ jobs:
               replicationTLSSecret: ""
             user:
               enabled: true
-              username: 
+              username:
                 - "app"
           monitoring:
             enablePodMonitor: false
@@ -114,7 +118,7 @@ jobs:
           testApp:
             enabled: false
           EOF
-            
+
       - name: Install CNPG cluster
         working-directory: ./charts/cloudnative-pg-cluster
         run: |
@@ -139,7 +143,7 @@ jobs:
             echo "$STATUS"
             (( ++ITER ))
           done
-          
+
       - name: Run chart-testing (install)
         id: install
         if: steps.list-changed.outputs.changed == 'true'

README.md

@@ -70,8 +70,6 @@ cnpgCluster:
   # All other values here are passed directly to the their chart. See:
   # https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/values.yaml
   enabled: true
-  type: postgresql
-  mode: standalone
   # -- see: https://cloudnative-pg.io/docs/1.28/certificates#client-certificate
   certificates:
     ## examples if using our certificates features of this chart.
@@ -80,21 +78,52 @@ cnpgCluster:
     serverCASecret: "app-postgres-server-ca-key-pair"
     clientCASecret: "app-postgres-client-ca-key-pair"
     replicationTLSSecret: "app-postgres-client-cert"
-
-  postgresql:
-    # -- records for the pg_hba.conf file. ref: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
-    # this states that certs are required for access to the cluster,
-    # but you can change it to still allow passwords if you'd like
-    pg_hba:
-      - hostnossl all all 0.0.0.0/0 reject
-      - hostssl all all 0.0.0.0/0 cert clientcert=verify-full
+
+  cluster:
+    initdb:
+      # -- replace this with your database name
+      database: app
+      # -- replace this with your database username
+      owner: app
+
+    postgresql:
+      # -- records for the pg_hba.conf file. ref: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
+      # this states that certs are required for access to the cluster,
+      # but you can change it to still allow passwords if you'd like
+      pg_hba:
+        - hostnossl all all 0.0.0.0/0 reject
+        - hostssl all all 0.0.0.0/0 cert clientcert=verify-full
 ```
 
 ### Using the test app
 
 The test app may be enabled by certificates as well as setting `testApp.enabled=true` in your helm parameters or in the `values.yaml` like this:
 ```yaml
+# -- name to use for templating certs
+name: "app-postgres"
+
 testApp:
   enabled: true
+
+cnpgCluster:
+  # -- enable this to deploy the official CNPG cluster helm chart dep
+  # All other values here are passed directly to the their chart. See:
+  # https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/values.yaml
+  enabled: true
+  # -- see: https://cloudnative-pg.io/docs/1.28/certificates#client-certificate
+  certificates:
+    ## examples if using our certificates features of this chart.
+    ## NOTE: app-postgres should be replaced with whatever you set Values.name to
+    serverTLSSecret: "app-postgres-server-cert"
+    serverCASecret: "app-postgres-server-ca-key-pair"
+    clientCASecret: "app-postgres-client-ca-key-pair"
+    replicationTLSSecret: "app-postgres-client-cert"
+
+  cluster:
+    initdb:
+      # -- replace this with your database name
+      database: app
+      # -- replace this with your database username
+      owner: app
 ```
 This will create a very basic Deployment of `ghcr.io/cloudnative-pg/webtest` [as described in the official docs](https://cloudnative-pg.io/docs/1.28/ssl_connections#testing-the-connection-via-a-tls-certificate) that attempts to connect to your postgres cluster using full mTLS.

charts/cloudnative-pg-cluster/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: cluster
+  repository: https://cloudnative-pg.github.io/charts
+  version: 0.5.0
+digest: sha256:267917b68a642fca0e337cd78580f656a5084d3a84aa2df12a9291bee6ccbc56
+generated: "2026-01-18T10:52:01.555554815+01:00"

charts/cloudnative-pg-cluster/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: cnpg-cluster
 description: Create postgres tenant clusters managed by the CNPG Operator
 type: application
-version: 1.0.0
+version: 1.0.1
 
 dependencies:
   - name: cluster

charts/cloudnative-pg-cluster/README.md

@@ -1,6 +1,6 @@
 # cnpg-cluster
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 Create postgres tenant clusters managed by the CNPG Operator
 
@@ -36,10 +36,12 @@ Create postgres tenant clusters managed by the CNPG Operator
 | cnpgCluster.additionalEnv[1].name | string | `"AWS_RESPONSE_CHECKSUM_VALIDATION"` |  |
 | cnpgCluster.additionalEnv[1].value | string | `"when_required"` |  |
 | cnpgCluster.certificates | object | `{}` | see: https://cloudnative-pg.io/docs/1.28/certificates#client-certificate |
+| cnpgCluster.cluster.initdb.database | string | `"app"` |  |
+| cnpgCluster.cluster.initdb.owner | string | `"app"` |  |
 | cnpgCluster.cluster.instances | int | `3` | Number of instances |
+| cnpgCluster.cluster.postgresql.pg_hba | list | `["hostnossl all all 0.0.0.0/0 reject","hostssl all all 0.0.0.0/0 cert clientcert=verify-full"]` | records for the pg_hba.conf file. ref: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html |
 | cnpgCluster.enabled | bool | `false` | enable this to deploy the official CNPG cluster helm chart dep All other values here are passed directly to the their chart. See: https://github.com/cloudnative-pg/charts/blob/main/charts/cluster/values.yaml |
 | cnpgCluster.mode | string | `"standalone"` |  |
-| cnpgCluster.postgresql.pg_hba | list | `["hostnossl all all 0.0.0.0/0 reject","hostssl all all 0.0.0.0/0 cert clientcert=verify-full"]` | records for the pg_hba.conf file. ref: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html |
 | cnpgCluster.primaryUpdateStrategy | string | `"unsupervised"` |  |
 | cnpgCluster.type | string | `"postgresql"` |  |
 | cnpgCluster.version.postgresql | string | `"16"` |  |

charts/cloudnative-pg-cluster/templates/test-app.yaml

@@ -30,8 +30,8 @@ spec:
                 sslcert=/etc/secrets/app/tls.crt
                 sslrootcert=/etc/secrets/ca/ca.crt
                 host={{ .Values.name }}-rw.{{ .Release.Namespace }}.svc
-                dbname={{ .Values.bootstrap.initdb.database }}
-                user={{ .Values.bootstrap.initdb.owner }}
+                dbname={{ .Values.cnpgCluster.cluster.initdb.database }}
+                user={{ .Values.cnpgCluster.cluster.initdb.owner }}
                 sslmode=verify-full
             - name: SQL_QUERY
               value: SELECT 1
@@ -50,6 +50,6 @@ spec:
             defaultMode: 0600
         - name: secret-volume-app
           secret:
-            secretName: "{{ .Values.name }}-{{ .Values.bootstrap.initdb.owner }}-cert"
+            secretName: "{{ .Values.name }}-{{ .Values.cnpgCluster.cluster.initdb.owner }}-cert"
             defaultMode: 0600
 {{- end }}

charts/cloudnative-pg-cluster/values.yaml

@@ -65,11 +65,15 @@ cnpgCluster:
     # -- Number of instances
     instances: 3
 
-  postgresql:
-    # -- records for the pg_hba.conf file. ref: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
-    pg_hba:
-      - hostnossl all all 0.0.0.0/0 reject
-      - hostssl all all 0.0.0.0/0 cert clientcert=verify-full
+    initdb:
+      database: app
+      owner: app
+
+    postgresql:
+      # -- records for the pg_hba.conf file. ref: https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
+      pg_hba:
+        - hostnossl all all 0.0.0.0/0 reject
+        - hostssl all all 0.0.0.0/0 cert clientcert=verify-full
 
   primaryUpdateStrategy: unsupervised