Correct CLI arguments to match with upstream impl

Makefile

@@ -404,12 +404,12 @@ kind-up: ## Create a kind cluster for local development
 	}
 	@if $(KIND) get clusters | grep -q "^$(KIND_CLUSTER)$$"; then \
 		echo "Kind cluster '$(KIND_CLUSTER)' already exists."; \
+		echo "==> Exporting kubeconfig to $(KIND_KUBECONFIG)"; \
+		$(KIND) get kubeconfig --name $(KIND_CLUSTER) > $(KIND_KUBECONFIG); \
 	else \
 		echo "Creating kind cluster '$(KIND_CLUSTER)'..."; \
-		$(KIND) create cluster --name $(KIND_CLUSTER); \
+		$(KIND) create cluster --name $(KIND_CLUSTER) --kubeconfig $(KIND_KUBECONFIG); \
 	fi
-	@echo "==> Exporting kubeconfig to $(KIND_KUBECONFIG)"
-	@$(KIND) get kubeconfig --name $(KIND_CLUSTER) > $(KIND_KUBECONFIG)
 	@echo "==> Cluster ready. Use: export KUBECONFIG=$(KIND_KUBECONFIG)"
 
 .PHONY: kind-load
@@ -430,7 +430,7 @@ kind-deploy: kind-up manifests kustomize kind-load ## Deploy operator to kind cl
 .PHONY: kind-redeploy
 kind-redeploy: kind-load ## Rebuild image, reload to kind, and restart pods
 	@echo "==> Restarting operator pods..."
-	KUBECONFIG=$(KIND_KUBECONFIG) $(KUBECTL) rollout restart deployment -n multigres-operator-system
+	KUBECONFIG=$(KIND_KUBECONFIG) $(KUBECTL) rollout restart deployment -n multigres-operator
 
 .PHONY: kind-down
 kind-down: ## Delete the kind cluster

config/manager/kustomization.yaml

@@ -5,4 +5,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: ghcr.io/numtide/multigres-operator
-  newTag: e2b8632-dirty
+  newTag: a96d950

pkg/resource-handler/controller/cell/integration_test.go

@@ -114,7 +114,6 @@ func TestCellReconciliation(t *testing.T) {
 											"--pg-port", "15432",
 											"--topo-global-server-addresses", "global-topo:2379",
 											"--topo-global-root", "/multigres/global",
-											"--topo-implementation", "etcd2",
 											"--cell", "zone1",
 										},
 										Ports: []corev1.ContainerPort{
@@ -201,7 +200,6 @@ func TestCellReconciliation(t *testing.T) {
 											"--pg-port", "15432",
 											"--topo-global-server-addresses", "global-topo:2379",
 											"--topo-global-root", "/multigres/global",
-											"--topo-implementation", "etcd2",
 											"--cell", "zone2",
 										},
 										Ports: []corev1.ContainerPort{
@@ -288,7 +286,6 @@ func TestCellReconciliation(t *testing.T) {
 											"--pg-port", "15432",
 											"--topo-global-server-addresses", "global-topo:2379",
 											"--topo-global-root", "/multigres/global",
-											"--topo-implementation", "etcd2",
 											"--cell", "zone3",
 										},
 										Ports: []corev1.ContainerPort{
@@ -392,7 +389,6 @@ func TestCellReconciliation(t *testing.T) {
 											"--pg-port", "15432",
 											"--topo-global-server-addresses", "global-topo:2379",
 											"--topo-global-root", "/multigres/global",
-											"--topo-implementation", "etcd2",
 											"--cell", "zone4",
 										},
 										Ports: []corev1.ContainerPort{

pkg/resource-handler/controller/cell/multigateway.go

@@ -79,7 +79,6 @@ func BuildMultiGatewayDeployment(
 								"--pg-port", fmt.Sprintf("%d", MultiGatewayPostgresPort),
 								"--topo-global-server-addresses", cell.Spec.GlobalTopoServer.Address,
 								"--topo-global-root", cell.Spec.GlobalTopoServer.RootPath,
-								"--topo-implementation", cell.Spec.GlobalTopoServer.Implementation,
 								"--cell", cell.Spec.Name,
 							},
 							Resources: cell.Spec.MultiGateway.Resources,

pkg/resource-handler/controller/cell/multigateway_test.go

@@ -97,7 +97,6 @@ func TestBuildMultiGatewayDeployment(t *testing.T) {
 										"--pg-port", "15432",
 										"--topo-global-server-addresses", "global-topo:2379",
 										"--topo-global-root", "/multigres/global",
-										"--topo-implementation", "etcd2",
 										"--cell", "zone1",
 									},
 									Resources: corev1.ResourceRequirements{},
@@ -200,7 +199,6 @@ func TestBuildMultiGatewayDeployment(t *testing.T) {
 										"--pg-port", "15432",
 										"--topo-global-server-addresses", "global-topo:2379",
 										"--topo-global-root", "/multigres/global",
-										"--topo-implementation", "etcd2",
 										"--cell", "zone2",
 									},
 									Resources: corev1.ResourceRequirements{},
@@ -303,7 +301,6 @@ func TestBuildMultiGatewayDeployment(t *testing.T) {
 										"--pg-port", "15432",
 										"--topo-global-server-addresses", "global-topo:2379",
 										"--topo-global-root", "/multigres/global",
-										"--topo-implementation", "etcd2",
 										"--cell", "zone3",
 									},
 									Resources: corev1.ResourceRequirements{},
@@ -422,7 +419,6 @@ func TestBuildMultiGatewayDeployment(t *testing.T) {
 										"--pg-port", "15432",
 										"--topo-global-server-addresses", "global-topo:2379",
 										"--topo-global-root", "/multigres/global",
-										"--topo-implementation", "etcd2",
 										"--cell", "zone4",
 									},
 									Resources: corev1.ResourceRequirements{},
@@ -551,7 +547,6 @@ func TestBuildMultiGatewayDeployment(t *testing.T) {
 										"--pg-port", "15432",
 										"--topo-global-server-addresses", "global-topo:2379",
 										"--topo-global-root", "/multigres/global",
-										"--topo-implementation", "etcd2",
 										"--cell", "zone5",
 									},
 									Resources: corev1.ResourceRequirements{

pkg/resource-handler/controller/shard/configmap.go

@@ -0,0 +1,55 @@
+package shard
+
+import (
+	_ "embed"
+	"fmt"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+
+	multigresv1alpha1 "github.com/numtide/multigres-operator/api/v1alpha1"
+)
+
+// DefaultPgHbaTemplate is the default pg_hba.conf template for pooler instances.
+// Uses trust authentication for testing/development. Production deployments should
+// override this with proper authentication (scram-sha-256, SSL certificates, etc.).
+//
+//go:embed templates/pg_hba_template.conf
+var DefaultPgHbaTemplate string
+
+// BuildPgHbaConfigMap creates a ConfigMap containing the pg_hba.conf template.
+// This ConfigMap is shared across all pools in a shard and mounted into postgres containers.
+func BuildPgHbaConfigMap(
+	shard *multigresv1alpha1.Shard,
+	scheme *runtime.Scheme,
+) (*corev1.ConfigMap, error) {
+	// TODO: Add Shard.Spec.PgHbaTemplate field to allow custom templates
+	template := DefaultPgHbaTemplate
+
+	labels := map[string]string{
+		"app.kubernetes.io/name":       "multigres",
+		"app.kubernetes.io/instance":   shard.Name,
+		"app.kubernetes.io/component":  "pg-hba-config",
+		"app.kubernetes.io/part-of":    "multigres",
+		"app.kubernetes.io/managed-by": "multigres-operator",
+	}
+
+	cm := &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      PgHbaConfigMapName,
+			Namespace: shard.Namespace,
+			Labels:    labels,
+		},
+		Data: map[string]string{
+			"pg_hba_template.conf": template,
+		},
+	}
+
+	if err := ctrl.SetControllerReference(shard, cm, scheme); err != nil {
+		return nil, fmt.Errorf("failed to set controller reference: %w", err)
+	}
+
+	return cm, nil
+}

pkg/resource-handler/controller/shard/configmap_test.go

@@ -0,0 +1,172 @@
+package shard
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/utils/ptr"
+
+	multigresv1alpha1 "github.com/numtide/multigres-operator/api/v1alpha1"
+)
+
+func TestBuildPgHbaConfigMap(t *testing.T) {
+	defaultScheme := runtime.NewScheme()
+	_ = multigresv1alpha1.AddToScheme(defaultScheme)
+
+	tests := map[string]struct {
+		shard   *multigresv1alpha1.Shard
+		scheme  *runtime.Scheme
+		wantErr bool
+	}{
+		"creates configmap with default template": {
+			shard: &multigresv1alpha1.Shard{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-shard",
+					Namespace: "default",
+					UID:       "test-uid",
+				},
+			},
+			wantErr: false,
+		},
+		"creates configmap with correct embedded template": {
+			shard: &multigresv1alpha1.Shard{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "production-shard",
+					Namespace: "prod",
+					UID:       "prod-uid",
+				},
+			},
+			wantErr: false,
+		},
+		"returns error when scheme is invalid (missing Shard kind)": {
+			shard: &multigresv1alpha1.Shard{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "error-shard",
+					Namespace: "default",
+					UID:       "error-uid",
+				},
+			},
+			scheme:  runtime.NewScheme(), // Empty scheme
+			wantErr: true,
+		},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			scheme := tc.scheme
+			if scheme == nil {
+				scheme = defaultScheme
+			}
+
+			cm, err := BuildPgHbaConfigMap(tc.shard, scheme)
+			if (err != nil) != tc.wantErr {
+				t.Fatalf("BuildPgHbaConfigMap() error = %v, wantErr %v", err, tc.wantErr)
+			}
+
+			if tc.wantErr {
+				return
+			}
+
+			if cm.Name != PgHbaConfigMapName {
+				t.Errorf("ConfigMap name = %v, want %v", cm.Name, PgHbaConfigMapName)
+			}
+			if cm.Namespace != tc.shard.Namespace {
+				t.Errorf("ConfigMap namespace = %v, want %v", cm.Namespace, tc.shard.Namespace)
+			}
+
+			// Verify owner reference
+			if len(cm.OwnerReferences) != 1 {
+				t.Fatalf("Expected 1 owner reference, got %d", len(cm.OwnerReferences))
+			}
+			ownerRef := cm.OwnerReferences[0]
+			if ownerRef.Name != tc.shard.Name || ownerRef.Kind != "Shard" {
+				t.Errorf("Owner reference = %+v, want Shard/%s", ownerRef, tc.shard.Name)
+			}
+			if !ptr.Deref(ownerRef.Controller, false) {
+				t.Error("Expected owner reference to be controller")
+			}
+
+			// Verify labels
+			expectedLabels := map[string]string{
+				"app.kubernetes.io/name":       "multigres",
+				"app.kubernetes.io/instance":   tc.shard.Name,
+				"app.kubernetes.io/component":  "pg-hba-config",
+				"app.kubernetes.io/part-of":    "multigres",
+				"app.kubernetes.io/managed-by": "multigres-operator",
+			}
+			if diff := cmp.Diff(expectedLabels, cm.Labels); diff != "" {
+				t.Errorf("Labels mismatch (-want +got):\n%s", diff)
+			}
+
+			// Verify template content exists
+			template, ok := cm.Data["pg_hba_template.conf"]
+			if !ok {
+				t.Fatal("ConfigMap missing pg_hba_template.conf key")
+			}
+
+			// Verify the template matches what's embedded (source of truth)
+			if template != DefaultPgHbaTemplate {
+				t.Error("Template content doesn't match DefaultPgHbaTemplate")
+			}
+		})
+	}
+}
+
+func TestDefaultPgHbaTemplateEmbedded(t *testing.T) {
+	// Verify the embedded template is not empty
+	if DefaultPgHbaTemplate == "" {
+		t.Error("DefaultPgHbaTemplate is empty - go:embed may have failed")
+	}
+
+	// Verify critical configuration lines exist
+	// We check for the presence of rules, ignoring multiple spaces
+	checks := []struct {
+		desc        string
+		mustContain []string
+	}{
+		{
+			desc:        "header",
+			mustContain: []string{"# PostgreSQL Client Authentication"},
+		},
+		{
+			desc:        "local trust rule",
+			mustContain: []string{"local", "all", "{{.User}}", "trust"},
+		},
+		{
+			desc:        "replication trust rule",
+			mustContain: []string{"host", "replication", "all", "0.0.0.0/0", "trust"},
+		},
+		{
+			desc:        "production warning",
+			mustContain: []string{"PRODUCTION:", "scram-sha-256"},
+		},
+	}
+
+	for _, check := range checks {
+		found := false
+		lines := strings.Split(DefaultPgHbaTemplate, "\n")
+		for _, line := range lines {
+			allMatch := true
+			for _, part := range check.mustContain {
+				if !strings.Contains(line, part) {
+					allMatch = false
+					break
+				}
+			}
+			if allMatch {
+				found = true
+				break
+			}
+		}
+		if !found {
+			t.Errorf(
+				"DefaultPgHbaTemplate missing %s (expected line containing all of: %v)",
+				check.desc,
+				check.mustContain,
+			)
+		}
+	}
+}