Port CloudNative-PG off Helm to direct release manifest (#268)

## Summary
- Point ArgoCD app directly at forge-mirrored upstream repo (`mirrors/cloudnative-pg`) instead of the Helm charts repo
- Use `directory.include` to select the specific release manifest (`cnpg-1.27.1.yaml`) from the `releases/` directory
- No vendored files, no Helm — upgrades are a two-line change (`targetRevision` + `directory.include`)
- Delete unused `values.yaml` (was empty, all Helm defaults)

## Deployment and Testing
- [ ] Register mirror repo in ArgoCD: `argocd repo add ssh://forgejo@forge.ops.eblu.me:2222/mirrors/cloudnative-pg.git --ssh-private-key-path <key>`
- [ ] `argocd app set cloudnative-pg --revision feature/cnpg-direct-source && argocd app sync cloudnative-pg`
- [ ] Verify operator pod running: `kubectl get pods -n cnpg-system --context=minikube-indri`
- [ ] Verify CRDs exist: `kubectl get crd --context=minikube-indri | grep cnpg`
- [ ] Verify existing clusters healthy: `kubectl get clusters -A --context=minikube-indri`
- [ ] After merge: `argocd app set cloudnative-pg --revision main && argocd app sync cloudnative-pg`

## Notes
- The forge mirror was created via `mise run mirror-create` from `https://github.com/cloudnative-pg/cloudnative-pg.git`
- ArgoCD may need the mirror repo added to its known repositories if the credential template doesn't already match `mirrors/*`

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/268

argocd/apps/cloudnative-pg.yaml

@@ -1,7 +1,7 @@
 # CloudNativePG Operator - PostgreSQL for Kubernetes
 # Deploys the operator only; PostgreSQL clusters are created separately
 #
-# Chart mirrored from https://github.com/cloudnative-pg/charts to forge
+# Mirror of https://github.com/cloudnative-pg/cloudnative-pg
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -9,19 +9,12 @@ metadata:
   namespace: argocd
 spec:
   project: default
-  sources:
+  source:
-    # Helm chart from forge mirror (SSH via egress)
+    repoURL: ssh://forgejo@forge.ops.eblu.me:2222/mirrors/cloudnative-pg.git
-    - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/mirrors/cloudnative-pg-charts.git
+    targetRevision: v1.27.1
-      targetRevision: cloudnative-pg-v0.27.1
+    path: releases
-      path: charts/cloudnative-pg
+    directory:
-      helm:
+      include: 'cnpg-1.27.1.yaml'
-        releaseName: cloudnative-pg
-        valueFiles:
-          - $values/argocd/manifests/cloudnative-pg/values.yaml
-    # Values from our git repo
-    - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git
-      targetRevision: main
-      ref: values
   destination:
     server: https://kubernetes.default.svc
     namespace: cnpg-system

argocd/manifests/cloudnative-pg/README.md

@@ -4,13 +4,23 @@ Kubernetes operator for managing PostgreSQL clusters with high availability.
 
 ## Source
 
-- Helm chart: `cloudnative-pg` from https://cloudnative-pg.github.io/charts
+- Upstream mirror: `mirrors/cloudnative-pg` on forge (from https://github.com/cloudnative-pg/cloudnative-pg)
 - Documentation: https://cloudnative-pg.io/documentation/
 
 ## Deployment
 
-Managed via ArgoCD Application using Helm source (not kustomize).
+Managed via ArgoCD Application pointing directly at the upstream release
-The Application points directly to the upstream Helm repository.
+manifest in the forge-mirrored repo. No Helm chart or vendored manifests —
+ArgoCD applies the release YAML from the `releases/` directory using a
+`directory.include` filter.
+
+## Upgrading
+
+To upgrade the operator, edit `argocd/apps/cloudnative-pg.yaml`:
+
+1. Update `targetRevision` to the new tag (e.g. `v1.28.0`)
+2. Update `directory.include` to match (e.g. `cnpg-1.28.0.yaml`)
+3. Commit and sync via ArgoCD
 
 ## ArgoCD CLI Commands
 
@@ -29,24 +39,25 @@ argocd app history cloudnative-pg
 
 ```bash
 # Check operator pod is running
-kubectl get pods -n cnpg-system
+kubectl get pods -n cnpg-system --context=minikube-indri
 
 # Check operator logs
-kubectl logs -n cnpg-system -l app.kubernetes.io/name=cloudnative-pg
+kubectl logs -n cnpg-system -l app.kubernetes.io/name=cloudnative-pg --context=minikube-indri
 
 # Check CRDs are installed
-kubectl get crd | grep cnpg
+kubectl get crd --context=minikube-indri | grep cnpg
 ```
 
 ## Files
 
 | File | Description |
 |------|-------------|
-| `values.yaml` | Helm values for customization |
 | `README.md` | This file |
 
 ## Notes
 
 - The operator is deployed to `cnpg-system` namespace
-- PostgreSQL clusters are created separately using the `Cluster` CRD (see Step 7)
+- PostgreSQL clusters are created separately using the `Cluster` CRD
 - No secrets required for the operator itself
+- `ServerSideApply=true` is required for the large CRDs
+- The `values.yaml` was removed — no Helm customization was in use

argocd/manifests/cloudnative-pg/values.yaml

@@ -1,4 +0,0 @@
-# CloudNativePG Helm values
-# See: https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
-
-# Using defaults for now - customize as needed

docs/changelog.d/feature-cnpg-direct-source.infra.md

@@ -0,0 +1 @@
+Port CloudNative-PG operator from Helm chart to direct upstream release manifest via forge mirror.

docs/reference/kubernetes/apps.md

@@ -1,6 +1,6 @@
 ---
 title: Apps
-modified: 2026-02-12
+modified: 2026-02-25
 tags:
   - kubernetes
   - argocd
@@ -20,7 +20,7 @@ Registry of all applications deployed via [[argocd]].
 | `1password-connect` | 1password | `argocd/manifests/1password-connect/` | [[1password]] |
 | `external-secrets` | external-secrets | Helm chart | [[1password]] |
 | `external-secrets-config` | external-secrets | `argocd/manifests/external-secrets-config/` | [[1password]] |
-| `cloudnative-pg` | cnpg-system | Helm chart (forge mirror) | PostgreSQL operator |
+| `cloudnative-pg` | cnpg-system | `mirrors/cloudnative-pg` release manifest | PostgreSQL operator |
 | `blumeops-pg` | databases | `argocd/manifests/databases/` | [[postgresql]] |
 | `prometheus` | monitoring | `argocd/manifests/prometheus/` | [[prometheus]] |
 | `loki` | monitoring | `argocd/manifests/loki/` | [[loki]] |