Add CNPG default values to prevent ArgoCD drift

CloudNativePG operator fills in connectionLimit, ensure, and inherit defaults on managed roles. Adding these explicitly keeps ArgoCD in sync. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-19 18:02:42 -08:00 · 2026-01-19 18:02:42 -08:00 · 0c6f0a13c3
commit 0c6f0a13c3
parent eb952aae01
1 changed files with 7 additions and 1 deletions
--- a/argocd/manifests/databases/blumeops-pg.yaml
+++ b/argocd/manifests/databases/blumeops-pg.yaml
@ -19,6 +19,7 @@ spec:
      owner: miniflux

  # Managed roles - additional users beyond the bootstrap owner
+  # Note: connectionLimit, ensure, inherit are CNPG defaults added to prevent ArgoCD drift
  managed:
    roles:
      # eblume superuser for admin access (matches current brew pg setup)
@ -27,12 +28,17 @@ spec:
        superuser: true
        createdb: true
        createrole: true
+        connectionLimit: -1
+        ensure: present
+        inherit: true
        passwordSecret:
          name: blumeops-pg-eblume
      # borgmatic read-only user for backups
      - name: borgmatic
        login: true
-        superuser: false
+        connectionLimit: -1
+        ensure: present
+        inherit: true
        inRoles:
          - pg_read_all_data
        passwordSecret: