doc: Initial documentation for the MultisitePostgreSQL module

Cargo.lock

@@ -1835,21 +1835,6 @@ dependencies = [
  "url",
 ]
 
-[[package]]
-name = "example-operatorhub-catalogsource"
-version = "0.1.0"
-dependencies = [
- "cidr",
- "env_logger",
- "harmony",
- "harmony_cli",
- "harmony_macros",
- "harmony_types",
- "log",
- "tokio",
- "url",
-]
-
 [[package]]
 name = "example-opnsense"
 version = "0.1.0"

adr/015-higher-order-topologies.md

@@ -1,114 +0,0 @@
-# Architecture Decision Record: Higher-Order Topologies
-
-**Initial Author:** Jean-Gabriel Gill-Couture  
-**Initial Date:** 2025-12-08  
-**Last Updated Date:** 2025-12-08  
-
-## Status
-
-Implemented
-
-## Context
-
-Harmony models infrastructure as **Topologies** (deployment targets like `K8sAnywhereTopology`, `LinuxHostTopology`) implementing **Capabilities** (tech traits like `PostgreSQL`, `Docker`).
-
-**Higher-Order Topologies** (e.g., `FailoverTopology<T>`) compose/orchestrate capabilities *across* multiple underlying topologies (e.g., primary+replica `T`).
-
-Naive design requires manual `impl Capability for HigherOrderTopology<T>` *per T per capability*, causing:
-- **Impl explosion**: N topologies × M capabilities = N×M boilerplate.
-- **ISP violation**: Topologies forced to impl unrelated capabilities.
-- **Maintenance hell**: New topology needs impls for *all* orchestrated capabilities; new capability needs impls for *all* topologies/higher-order.
-- **Barrier to extension**: Users can't easily add topologies without todos/panics.
-
-This makes scaling Harmony impractical as ecosystem grows.
-
-## Decision
-
-Use **blanket trait impls** on higher-order topologies to *automatically* derive orchestration:
-
-````rust
-/// Higher-Order Topology: Orchestrates capabilities across sub-topologies.
-pub struct FailoverTopology<T> {
-    /// Primary sub-topology.
-    primary: T,
-    /// Replica sub-topology.
-    replica: T,
-}
-
-/// Automatically provides PostgreSQL failover for *any* `T: PostgreSQL`.
-/// Delegates to primary for queries; orchestrates deploy across both.
-#[async_trait]
-impl<T: PostgreSQL> PostgreSQL for FailoverTopology<T> {
-    async fn deploy(&self, config: &PostgreSQLConfig) -> Result<String, String> {
-        // Deploy primary; extract certs/endpoint;
-        // deploy replica with pg_basebackup + TLS passthrough.
-        // (Full impl logged/elaborated.)
-    }
-
-    // Delegate queries to primary.
-    async fn get_replication_certs(&self, cluster_name: &str) -> Result<ReplicationCerts, String> {
-        self.primary.get_replication_certs(cluster_name).await
-    }
-    // ...
-}
-
-/// Similarly for other capabilities.
-#[async_trait]
-impl<T: Docker> Docker for FailoverTopology<T> {
-    // Failover Docker orchestration.
-}
-````
-
-**Key properties:**
-- **Auto-derivation**: `Failover<K8sAnywhere>` gets `PostgreSQL` iff `K8sAnywhere: PostgreSQL`.
-- **No boilerplate**: One blanket impl per capability *per higher-order type*.
-
-## Rationale
-
-- **Composition via generics**: Rust trait solver auto-selects impls; zero runtime cost.
-- **Compile-time safety**: Missing `T: Capability` → compile error (no panics).
-- **Scalable**: O(capabilities) impls per higher-order; new `T` auto-works.
-- **ISP-respecting**: Capabilities only surface if sub-topology provides.
-- **Centralized logic**: Orchestration (e.g., cert propagation) in one place.
-
-**Example usage:**
-````rust
-// ✅ Works: K8sAnywhere: PostgreSQL → Failover provides failover PG
-let pg_failover: FailoverTopology<K8sAnywhereTopology> = ...;
-pg_failover.deploy_pg(config).await;
-
-// ✅ Works: LinuxHost: Docker → Failover provides failover Docker
-let docker_failover: FailoverTopology<LinuxHostTopology> = ...;
-docker_failover.deploy_docker(...).await;
-
-// ❌ Compile fail: K8sAnywhere !: Docker
-let invalid: FailoverTopology<K8sAnywhereTopology>;
-invalid.deploy_docker(...); // `T: Docker` bound unsatisfied
-````
-
-## Consequences
-
-**Pros:**
-- **Extensible**: New topology `AWSTopology: PostgreSQL` → instant `Failover<AWSTopology>: PostgreSQL`.
-- **Lean**: No useless impls (e.g., no `K8sAnywhere: Docker`).
-- **Observable**: Logs trace every step.
-
-**Cons:**
-- **Monomorphization**: Generics generate code per T (mitigated: few Ts).
-- **Delegation opacity**: Relies on rustdoc/logs for internals.
-
-## Alternatives considered
-
-| Approach | Pros | Cons |
-|----------|------|------|
-| **Manual per-T impls**<br>`impl PG for Failover<K8s> {..}`<br>`impl PG for Failover<Linux> {..}` | Explicit control | N×M explosion; violates ISP; hard to extend. |
-| **Dynamic trait objects**<br>`Box<dyn AnyCapability>` | Runtime flex | Perf hit; type erasure; error-prone dispatch. |
-| **Mega-topology trait**<br>All-in-one `OrchestratedTopology` | Simple wiring | Monolithic; poor composition. |
-| **Registry dispatch**<br>Runtime capability lookup | Decoupled | Complex; no compile safety; perf/debug overhead. |
-
-**Selected**: Blanket impls leverage Rust generics for safe, zero-cost composition.
-
-## Additional Notes
-
-- Applies to `MultisiteTopology<T>`, `ShardedTopology<T>`, etc.
-- `FailoverTopology` in `failover.rs` is first implementation.

adr/015-higher-order-topologies/example.rs

@@ -1,153 +0,0 @@
-//! Example of Higher-Order Topologies in Harmony.
-//! Demonstrates how `FailoverTopology<T>` automatically provides failover for *any* capability
-//! supported by a sub-topology `T` via blanket trait impls.
-//! 
-//! Key insight: No manual impls per T or capability -- scales effortlessly.
-//! Users can:
-//! - Write new `Topology` (impl capabilities on a struct).
-//! - Compose with `FailoverTopology` (gets capabilities if T has them).
-//! - Compile fails if capability missing (safety).
-
-use async_trait::async_trait;
-use tokio;
-
-/// Capability trait: Deploy and manage PostgreSQL.
-#[async_trait]
-pub trait PostgreSQL {
-    async fn deploy(&self, config: &PostgreSQLConfig) -> Result<String, String>;
-    async fn get_replication_certs(&self, cluster_name: &str) -> Result<ReplicationCerts, String>;
-}
-
-/// Capability trait: Deploy Docker.
-#[async_trait]
-pub trait Docker {
-    async fn deploy_docker(&self) -> Result<String, String>;
-}
-
-/// Configuration for PostgreSQL deployments.
-#[derive(Clone)]
-pub struct PostgreSQLConfig;
-
-/// Replication certificates.
-#[derive(Clone)]
-pub struct ReplicationCerts;
-
-/// Concrete topology: Kubernetes Anywhere (supports PostgreSQL).
-#[derive(Clone)]
-pub struct K8sAnywhereTopology;
-
-#[async_trait]
-impl PostgreSQL for K8sAnywhereTopology {
-    async fn deploy(&self, _config: &PostgreSQLConfig) -> Result<String, String> {
-        // Real impl: Use k8s helm chart, operator, etc.
-        Ok("K8sAnywhere PostgreSQL deployed".to_string())
-    }
-
-    async fn get_replication_certs(&self, _cluster_name: &str) -> Result<ReplicationCerts, String> {
-        Ok(ReplicationCerts)
-    }
-}
-
-/// Concrete topology: Linux Host (supports Docker).
-#[derive(Clone)]
-pub struct LinuxHostTopology;
-
-#[async_trait]
-impl Docker for LinuxHostTopology {
-    async fn deploy_docker(&self) -> Result<String, String> {
-        // Real impl: Install/configure Docker on host.
-        Ok("LinuxHost Docker deployed".to_string())
-    }
-}
-
-/// Higher-Order Topology: Composes multiple sub-topologies (primary + replica).
-/// Automatically derives *all* capabilities of `T` with failover orchestration.
-/// 
-/// - If `T: PostgreSQL`, then `FailoverTopology<T>: PostgreSQL` (blanket impl).
-/// - Same for `Docker`, etc. No boilerplate!
-/// - Compile-time safe: Missing `T: Capability` → error.
-#[derive(Clone)]
-pub struct FailoverTopology<T> {
-    /// Primary sub-topology.
-    pub primary: T,
-    /// Replica sub-topology.
-    pub replica: T,
-}
-
-/// Blanket impl: Failover PostgreSQL if T provides PostgreSQL.
-/// Delegates reads to primary; deploys to both.
-#[async_trait]
-impl<T: PostgreSQL + Send + Sync + Clone> PostgreSQL for FailoverTopology<T> {
-    async fn deploy(&self, config: &PostgreSQLConfig) -> Result<String, String> {
-        // Orchestrate: Deploy primary first, then replica (e.g., via pg_basebackup).
-        let primary_result = self.primary.deploy(config).await?;
-        let replica_result = self.replica.deploy(config).await?;
-        Ok(format!("Failover PG deployed: {} | {}", primary_result, replica_result))
-    }
-
-    async fn get_replication_certs(&self, cluster_name: &str) -> Result<ReplicationCerts, String> {
-        // Delegate to primary (replica follows).
-        self.primary.get_replication_certs(cluster_name).await
-    }
-}
-
-/// Blanket impl: Failover Docker if T provides Docker.
-#[async_trait]
-impl<T: Docker + Send + Sync + Clone> Docker for FailoverTopology<T> {
-    async fn deploy_docker(&self) -> Result<String, String> {
-        // Orchestrate across primary + replica.
-        let primary_result = self.primary.deploy_docker().await?;
-        let replica_result = self.replica.deploy_docker().await?;
-        Ok(format!("Failover Docker deployed: {} | {}", primary_result, replica_result))
-    }
-}
-
-#[tokio::main]
-async fn main() {
-    let config = PostgreSQLConfig;
-
-    println!("=== ✅ PostgreSQL Failover (K8sAnywhere supports PG) ===");
-    let pg_failover = FailoverTopology {
-        primary: K8sAnywhereTopology,
-        replica: K8sAnywhereTopology,
-    };
-    let result = pg_failover.deploy(&config).await.unwrap();
-    println!("Result: {}", result);
-
-    println!("\n=== ✅ Docker Failover (LinuxHost supports Docker) ===");
-    let docker_failover = FailoverTopology {
-        primary: LinuxHostTopology,
-        replica: LinuxHostTopology,
-    };
-    let result = docker_failover.deploy_docker().await.unwrap();
-    println!("Result: {}", result);
-
-    println!("\n=== ❌ Would fail to compile (K8sAnywhere !: Docker) ===");
-    // let invalid = FailoverTopology {
-    //     primary: K8sAnywhereTopology,
-    //     replica: K8sAnywhereTopology,
-    // };
-    // invalid.deploy_docker().await.unwrap(); // Error: `K8sAnywhereTopology: Docker` not satisfied!
-    // Very clear error message :
-    // error[E0599]: the method `deploy_docker` exists for struct `FailoverTopology<K8sAnywhereTopology>`, but its trait bounds were not satisfied
-    //   --> src/main.rs:90:9
-    //    |
-    //  4 | pub struct FailoverTopology<T> {
-    //    | ------------------------------ method `deploy_docker` not found for this struct because it doesn't satisfy `FailoverTopology<K8sAnywhereTopology>: Docker`
-    // ...
-    // 37 | struct K8sAnywhereTopology;
-    //    | -------------------------- doesn't satisfy `K8sAnywhereTopology: Docker`
-    // ...
-    // 90 | invalid.deploy_docker(); // `T: Docker` bound unsatisfied
-    //    |         ^^^^^^^^^^^^^ method cannot be called on `FailoverTopology<K8sAnywhereTopology>` due to unsatisfied trait bounds
-    //    |
-    // note: trait bound `K8sAnywhereTopology: Docker` was not satisfied
-    //   --> src/main.rs:61:9
-    //    |
-    // 61 | impl<T: Docker + Send + Sync> Docker for FailoverTopology<T> {
-    //    |         ^^^^^^                ------     -------------------
-    //    |         |
-    //    |         unsatisfied trait bound introduced here
-    // note: the trait `Docker` must be implemented
-}
-

examples/operatorhub_catalog/Cargo.toml

@@ -1,18 +0,0 @@
-[package]
-name = "example-operatorhub-catalogsource"
-edition = "2024"
-version.workspace = true
-readme.workspace = true
-license.workspace = true
-publish = false
-
-[dependencies]
-harmony = { path = "../../harmony" }
-harmony_cli = { path = "../../harmony_cli" }
-harmony_types = { path = "../../harmony_types" }
-cidr = { workspace = true }
-tokio = { workspace = true }
-harmony_macros = { path = "../../harmony_macros" }
-log = { workspace = true }
-env_logger = { workspace = true }
-url = { workspace = true }

examples/operatorhub_catalog/src/main.rs

@@ -1,22 +0,0 @@
-use std::str::FromStr;
-
-use harmony::{
-    inventory::Inventory,
-    modules::{k8s::apps::OperatorHubCatalogSourceScore, tenant::TenantScore},
-    topology::{K8sAnywhereTopology, tenant::TenantConfig},
-};
-use harmony_types::id::Id;
-
-#[tokio::main]
-async fn main() {
-    let operatorhub_catalog = OperatorHubCatalogSourceScore::default();
-
-    harmony_cli::run(
-        Inventory::autoload(),
-        K8sAnywhereTopology::from_env(),
-        vec![Box::new(operatorhub_catalog)],
-        None,
-    )
-    .await
-    .unwrap();
-}

harmony/src/domain/topology/failover.rs

@@ -1,19 +0,0 @@
-use async_trait::async_trait;
-
-use crate::topology::{PreparationError, PreparationOutcome, Topology};
-
-pub struct FailoverTopology<T> {
-    pub primary: T,
-    pub replica: T,
-}
-
-#[async_trait]
-impl<T: Send + Sync> Topology for FailoverTopology<T> {
-    fn name(&self) -> &str {
-        "FailoverTopology"
-    }
-
-    async fn ensure_ready(&self) -> Result<PreparationOutcome, PreparationError> {
-        todo!()
-    }
-}

harmony/src/domain/topology/mod.rs

@@ -1,7 +1,5 @@
-mod failover;
 mod ha_cluster;
 pub mod ingress;
-pub use failover::*;
 use harmony_types::net::IpAddress;
 mod host_binding;
 mod http;

harmony/src/infra/network_manager.rs

@@ -17,12 +17,6 @@ use crate::{
     topology::{HostNetworkConfig, NetworkError, NetworkManager, k8s::K8sClient},
 };
 
-/// TODO document properly the non-intuitive behavior or "roll forward only" of nmstate in general
-/// It is documented in nmstate official doc, but worth mentionning here :
-///
-/// - You create a bond, nmstate will apply it
-/// - You delete de bond from nmstate, it will NOT delete it
-/// - To delete it you have to update it with configuration set to null
 pub struct OpenShiftNmStateNetworkManager {
     k8s_client: Arc<K8sClient>,
 }
@@ -37,7 +31,6 @@ impl std::fmt::Debug for OpenShiftNmStateNetworkManager {
 impl NetworkManager for OpenShiftNmStateNetworkManager {
     async fn ensure_network_manager_installed(&self) -> Result<(), NetworkError> {
         debug!("Installing NMState controller...");
-        // TODO use operatorhub maybe?
         self.k8s_client.apply_url(url::Url::parse("https://github.com/nmstate/kubernetes-nmstate/releases/download/v0.84.0/nmstate.io_nmstates.yaml
 ").unwrap(), Some("nmstate"))
             .await?;

harmony/src/modules/k8s/apps/crd/catalogsources_operators_coreos_com.rs

@@ -1,157 +0,0 @@
-use std::collections::BTreeMap;
-
-use k8s_openapi::{
-    api::core::v1::{Affinity, Toleration},
-    apimachinery::pkg::apis::meta::v1::ObjectMeta,
-};
-use kube::CustomResource;
-use schemars::JsonSchema;
-use serde::{Deserialize, Serialize};
-use serde_json::Value;
-
-#[derive(CustomResource, Deserialize, Serialize, Clone, Debug)]
-#[kube(
-    group = "operators.coreos.com",
-    version = "v1alpha1",
-    kind = "CatalogSource",
-    plural = "catalogsources",
-    namespaced = true,
-    schema = "disabled"
-)]
-#[serde(rename_all = "camelCase")]
-pub struct CatalogSourceSpec {
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub address: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub config_map: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub description: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub display_name: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub grpc_pod_config: Option<GrpcPodConfig>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub icon: Option<Icon>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub image: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub priority: Option<i64>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub publisher: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub run_as_root: Option<bool>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub secrets: Option<Vec<String>>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub source_type: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub update_strategy: Option<UpdateStrategy>,
-}
-
-#[derive(Deserialize, Serialize, Clone, Debug)]
-#[serde(rename_all = "camelCase")]
-pub struct GrpcPodConfig {
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub affinity: Option<Affinity>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub extract_content: Option<ExtractContent>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub memory_target: Option<Value>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub node_selector: Option<BTreeMap<String, String>>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub priority_class_name: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub security_context_config: Option<String>,
-
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub tolerations: Option<Vec<Toleration>>,
-}
-
-#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct ExtractContent {
-    pub cache_dir: String,
-    pub catalog_dir: String,
-}
-
-#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct Icon {
-    pub base64data: String,
-    pub mediatype: String,
-}
-
-#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct UpdateStrategy {
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub registry_poll: Option<RegistryPoll>,
-}
-
-#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
-#[serde(rename_all = "camelCase")]
-pub struct RegistryPoll {
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub interval: Option<String>,
-}
-
-impl Default for CatalogSource {
-    fn default() -> Self {
-        Self {
-            metadata: ObjectMeta::default(),
-            spec: CatalogSourceSpec {
-                address: None,
-                config_map: None,
-                description: None,
-                display_name: None,
-                grpc_pod_config: None,
-                icon: None,
-                image: None,
-                priority: None,
-                publisher: None,
-                run_as_root: None,
-                secrets: None,
-                source_type: None,
-                update_strategy: None,
-            },
-        }
-    }
-}
-
-impl Default for CatalogSourceSpec {
-    fn default() -> Self {
-        Self {
-            address: None,
-            config_map: None,
-            description: None,
-            display_name: None,
-            grpc_pod_config: None,
-            icon: None,
-            image: None,
-            priority: None,
-            publisher: None,
-            run_as_root: None,
-            secrets: None,
-            source_type: None,
-            update_strategy: None,
-        }
-    }
-}

harmony/src/modules/k8s/apps/crd/mod.rs

@@ -1,2 +0,0 @@
-mod catalogsources_operators_coreos_com;
-pub use catalogsources_operators_coreos_com::*;

harmony/src/modules/k8s/apps/mod.rs

@@ -1,3 +0,0 @@
-mod operatorhub;
-pub use operatorhub::*;
-pub mod crd;

harmony/src/modules/k8s/apps/operatorhub.rs

@@ -1,107 +0,0 @@
-// Write operatorhub catalog score
-// for now this will only support on OKD with the default catalog and operatorhub setup and does not verify OLM state or anything else. Very opinionated and bare-bones to start
-
-use k8s_openapi::apimachinery::pkg::apis::meta::v1::ObjectMeta;
-use serde::Serialize;
-
-use crate::interpret::Interpret;
-use crate::modules::k8s::apps::crd::{
-    CatalogSource, CatalogSourceSpec, RegistryPoll, UpdateStrategy,
-};
-use crate::modules::k8s::resource::K8sResourceScore;
-use crate::score::Score;
-use crate::topology::{K8sclient, Topology};
-
-/// Installs the CatalogSource in a cluster which already has the required services and CRDs installed.
-///
-/// ```rust
-/// use harmony::modules::k8s::apps::OperatorHubCatalogSourceScore;
-///
-/// let score = OperatorHubCatalogSourceScore::default();
-/// ```
-///
-/// Required services:
-/// - catalog-operator
-/// - olm-operator
-///
-/// They are installed by default with OKD/Openshift
-///
-/// **Warning** : this initial implementation does not manage the dependencies. They must already
-/// exist in the cluster.
-#[derive(Debug, Clone, Serialize)]
-pub struct OperatorHubCatalogSourceScore {
-    pub name: String,
-    pub namespace: String,
-    pub image: String,
-}
-
-impl OperatorHubCatalogSourceScore {
-    pub fn new(name: &str, namespace: &str, image: &str) -> Self {
-        Self {
-            name: name.to_string(),
-            namespace: namespace.to_string(),
-            image: image.to_string(),
-        }
-    }
-}
-
-impl Default for OperatorHubCatalogSourceScore {
-    /// This default implementation will create this k8s resource :
-    ///
-    /// ```yaml
-    /// apiVersion: operators.coreos.com/v1alpha1
-    /// kind: CatalogSource
-    /// metadata:
-    ///   name: operatorhubio-catalog
-    ///   namespace: openshift-marketplace
-    /// spec:
-    ///   sourceType: grpc
-    ///   image: quay.io/operatorhubio/catalog:latest
-    ///   displayName: Operatorhub Operators
-    ///   publisher: OperatorHub.io
-    ///   updateStrategy:
-    ///     registryPoll:
-    ///       interval: 60m
-    /// ```
-    fn default() -> Self {
-        OperatorHubCatalogSourceScore {
-            name: "operatorhubio-catalog".to_string(),
-            namespace: "openshift-marketplace".to_string(),
-            image: "quay.io/operatorhubio/catalog:latest".to_string(),
-        }
-    }
-}
-
-impl<T: Topology + K8sclient> Score<T> for OperatorHubCatalogSourceScore {
-    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
-        let metadata = ObjectMeta {
-            name: Some(self.name.clone()),
-            namespace: Some(self.namespace.clone()),
-            ..ObjectMeta::default()
-        };
-
-        let spec = CatalogSourceSpec {
-            source_type: Some("grpc".to_string()),
-            image: Some(self.image.clone()),
-            display_name: Some("Operatorhub Operators".to_string()),
-            publisher: Some("OperatorHub.io".to_string()),
-            update_strategy: Some(UpdateStrategy {
-                registry_poll: Some(RegistryPoll {
-                    interval: Some("60m".to_string()),
-                }),
-            }),
-            ..CatalogSourceSpec::default()
-        };
-
-        let catalog_source = CatalogSource {
-            metadata,
-            spec: spec,
-        };
-
-        K8sResourceScore::single(catalog_source, Some(self.namespace.clone())).create_interpret()
-    }
-
-    fn name(&self) -> String {
-        format!("OperatorHubCatalogSourceScore({})", self.name)
-    }
-}

harmony/src/modules/k8s/mod.rs

@@ -1,4 +1,3 @@
-pub mod apps;
 pub mod deployment;
 pub mod ingress;
 pub mod namespace;

harmony/src/modules/mod.rs

@@ -13,7 +13,6 @@ pub mod load_balancer;
 pub mod monitoring;
 pub mod okd;
 pub mod opnsense;
-pub mod postgresql;
 pub mod prometheus;
 pub mod storage;
 pub mod tenant;

harmony/src/modules/postgresql/capability.rs

@@ -1,85 +0,0 @@
-use async_trait::async_trait;
-use harmony_types::storage::StorageSize;
-use serde::Serialize;
-use std::collections::HashMap;
-
-#[async_trait]
-pub trait PostgreSQL: Send + Sync {
-    async fn deploy(&self, config: &PostgreSQLConfig) -> Result<String, String>;
-
-    /// Extracts PostgreSQL-specific replication certs (PEM format) from a deployed primary cluster.
-    /// Abstracts away storage/retrieval details (e.g., secrets, files).
-    async fn get_replication_certs(&self, cluster_name: &str) -> Result<ReplicationCerts, String>;
-
-    /// Gets the internal/private endpoint (e.g., k8s service FQDN:5432) for the cluster.
-    async fn get_endpoint(&self, cluster_name: &str) -> Result<PostgreSQLEndpoint, String>;
-
-    /// Gets the public/externally routable endpoint if configured (e.g., OKD Route:443 for TLS passthrough).
-    /// Returns None if no public endpoint (internal-only cluster).
-    /// UNSTABLE: This is opinionated for initial multisite use cases. Networking abstraction is complex
-    /// (cf. k8s Ingress -> Gateway API evolution); may move to higher-order Networking/PostgreSQLNetworking trait.
-    async fn get_public_endpoint(
-        &self,
-        cluster_name: &str,
-    ) -> Result<Option<PostgreSQLEndpoint>, String>;
-}
-
-#[derive(Clone, Debug, Serialize)]
-pub struct PostgreSQLConfig {
-    pub cluster_name: String,
-    pub instances: u32,
-    pub storage_size: StorageSize,
-    pub role: PostgreSQLClusterRole,
-}
-
-#[derive(Clone, Debug, Serialize)]
-pub enum PostgreSQLClusterRole {
-    Primary,
-    Replica(ReplicaConfig),
-}
-
-#[derive(Clone, Debug, Serialize)]
-pub struct ReplicaConfig {
-    /// Name of the primary cluster this replica will sync from
-    pub primary_cluster_name: String,
-    /// Certs extracted from primary via Topology::get_replication_certs()
-    pub replication_certs: ReplicationCerts,
-    /// Bootstrap method (e.g., pg_basebackup from primary)
-    pub bootstrap: BootstrapConfig,
-    /// External cluster connection details for CNPG spec.externalClusters
-    pub external_cluster: ExternalClusterConfig,
-}
-
-#[derive(Clone, Debug, Serialize)]
-pub struct BootstrapConfig {
-    pub strategy: BootstrapStrategy,
-}
-
-#[derive(Clone, Debug, Serialize)]
-pub enum BootstrapStrategy {
-    PgBasebackup,
-}
-
-#[derive(Clone, Debug, Serialize)]
-pub struct ExternalClusterConfig {
-    /// Name used in CNPG externalClusters list
-    pub name: String,
-    /// Connection params (host/port set by multisite logic, sslmode='verify-ca', etc.)
-    pub connection_parameters: HashMap<String, String>,
-}
-
-#[derive(Clone, Debug, Serialize)]
-pub struct ReplicationCerts {
-    /// PEM-encoded CA cert from primary
-    pub ca_cert_pem: String,
-    /// PEM-encoded streaming_replica client cert (tls.crt)
-    pub streaming_replica_cert_pem: String,
-    /// PEM-encoded streaming_replica client key (tls.key)
-    pub streaming_replica_key_pem: String,
-}
-
-#[derive(Clone, Debug)]
-pub struct PostgreSQLEndpoint {
-    pub host: String,
-    pub port: u16,
-}

harmony/src/modules/postgresql/failover.rs

@@ -1,125 +0,0 @@
-use async_trait::async_trait;
-use log::debug;
-use log::info;
-use std::collections::HashMap;
-
-use crate::{
-    modules::postgresql::capability::{
-        BootstrapConfig, BootstrapStrategy, ExternalClusterConfig, PostgreSQL,
-        PostgreSQLClusterRole, PostgreSQLConfig, PostgreSQLEndpoint, ReplicaConfig,
-        ReplicationCerts,
-    },
-    topology::FailoverTopology,
-};
-
-#[async_trait]
-impl<T: PostgreSQL> PostgreSQL for FailoverTopology<T> {
-    async fn deploy(&self, config: &PostgreSQLConfig) -> Result<String, String> {
-        info!(
-            "Starting deployment of failover topology '{}'",
-            config.cluster_name
-        );
-
-        let primary_config = PostgreSQLConfig {
-            cluster_name: config.cluster_name.clone(),
-            instances: config.instances,
-            storage_size: config.storage_size.clone(),
-            role: PostgreSQLClusterRole::Primary,
-        };
-
-        info!(
-            "Deploying primary cluster '{{}}' ({} instances, {:?} storage)",
-            primary_config.cluster_name, primary_config.storage_size
-        );
-
-        let primary_cluster_name = self.primary.deploy(&primary_config).await?;
-
-        info!("Primary cluster '{primary_cluster_name}' deployed successfully");
-
-        info!("Retrieving replication certificates for primary '{primary_cluster_name}'");
-
-        let certs = self
-            .primary
-            .get_replication_certs(&primary_cluster_name)
-            .await?;
-
-        info!("Replication certificates retrieved successfully");
-
-        info!("Retrieving public endpoint for primary '{primary_cluster_name}");
-
-        let endpoint = self
-            .primary
-            .get_public_endpoint(&primary_cluster_name)
-            .await?
-            .ok_or_else(|| "No public endpoint configured on primary cluster".to_string())?;
-
-        info!(
-            "Public endpoint '{}:{}' retrieved for primary",
-            endpoint.host, endpoint.port
-        );
-
-        info!("Configuring replica connection parameters and bootstrap");
-
-        let mut connection_parameters = HashMap::new();
-        connection_parameters.insert("host".to_string(), endpoint.host);
-        connection_parameters.insert("port".to_string(), endpoint.port.to_string());
-        connection_parameters.insert("dbname".to_string(), "postgres".to_string());
-        connection_parameters.insert("user".to_string(), "streaming_replica".to_string());
-        connection_parameters.insert("sslmode".to_string(), "verify-ca".to_string());
-        connection_parameters.insert("sslnegotiation".to_string(), "direct".to_string());
-
-        debug!("Replica connection parameters: {:?}", connection_parameters);
-
-        let external_cluster = ExternalClusterConfig {
-            name: primary_cluster_name.clone(),
-            connection_parameters,
-        };
-
-        let bootstrap_config = BootstrapConfig {
-            strategy: BootstrapStrategy::PgBasebackup,
-        };
-
-        let replica_cluster_config = ReplicaConfig {
-            primary_cluster_name: primary_cluster_name.clone(),
-            replication_certs: certs,
-            bootstrap: bootstrap_config,
-            external_cluster,
-        };
-
-        let replica_config = PostgreSQLConfig {
-            cluster_name: format!("{}-replica", primary_cluster_name),
-            instances: config.instances,
-            storage_size: config.storage_size.clone(),
-            role: PostgreSQLClusterRole::Replica(replica_cluster_config),
-        };
-
-        info!(
-            "Deploying replica cluster '{}' ({} instances, {:?} storage) on replica topology",
-            replica_config.cluster_name, replica_config.instances, replica_config.storage_size
-        );
-
-        self.replica.deploy(&replica_config).await?;
-
-        info!(
-            "Replica cluster '{}' deployed successfully; failover topology '{}' ready",
-            replica_config.cluster_name, config.cluster_name
-        );
-
-        Ok(primary_cluster_name)
-    }
-
-    async fn get_replication_certs(&self, cluster_name: &str) -> Result<ReplicationCerts, String> {
-        self.primary.get_replication_certs(cluster_name).await
-    }
-
-    async fn get_endpoint(&self, cluster_name: &str) -> Result<PostgreSQLEndpoint, String> {
-        self.primary.get_endpoint(cluster_name).await
-    }
-
-    async fn get_public_endpoint(
-        &self,
-        cluster_name: &str,
-    ) -> Result<Option<PostgreSQLEndpoint>, String> {
-        self.primary.get_public_endpoint(cluster_name).await
-    }
-}

harmony/src/modules/postgresql/mod.rs

@@ -1,4 +0,0 @@
-pub mod capability;
-mod score;
-
-pub mod failover;

harmony/src/modules/postgresql/score.rs

@@ -1,88 +0,0 @@
-use crate::{
-    domain::{data::Version, interpret::InterpretStatus},
-    interpret::{Interpret, InterpretError, InterpretName, Outcome},
-    inventory::Inventory,
-    modules::postgresql::capability::PostgreSQL,
-    score::Score,
-    topology::Topology,
-};
-
-use super::capability::*;
-
-use harmony_types::id::Id;
-
-use async_trait::async_trait;
-use log::info;
-use serde::Serialize;
-
-#[derive(Clone, Debug, Serialize)]
-pub struct PostgreSQLScore {
-    config: PostgreSQLConfig,
-}
-
-#[derive(Debug, Clone)]
-pub struct PostgreSQLInterpret {
-    config: PostgreSQLConfig,
-    version: Version,
-    status: InterpretStatus,
-}
-
-impl PostgreSQLInterpret {
-    pub fn new(config: PostgreSQLConfig) -> Self {
-        let version = Version::from("1.0.0").expect("Version should be valid");
-        Self {
-            config,
-            version,
-            status: InterpretStatus::QUEUED,
-        }
-    }
-}
-
-impl<T: Topology + PostgreSQL> Score<T> for PostgreSQLScore {
-    fn name(&self) -> String {
-        "PostgreSQLScore".to_string()
-    }
-
-    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
-        Box::new(PostgreSQLInterpret::new(self.config.clone()))
-    }
-}
-
-#[async_trait]
-impl<T: Topology + PostgreSQL> Interpret<T> for PostgreSQLInterpret {
-    fn get_name(&self) -> InterpretName {
-        InterpretName::Custom("PostgreSQLInterpret")
-    }
-
-    fn get_version(&self) -> crate::domain::data::Version {
-        self.version.clone()
-    }
-
-    fn get_status(&self) -> InterpretStatus {
-        self.status.clone()
-    }
-
-    fn get_children(&self) -> Vec<Id> {
-        todo!()
-    }
-
-    async fn execute(
-        &self,
-        _inventory: &Inventory,
-        topology: &T,
-    ) -> Result<Outcome, InterpretError> {
-        info!(
-            "Executing PostgreSQLInterpret with config {:?}",
-            self.config
-        );
-
-        let cluster_name = topology
-            .deploy(&self.config)
-            .await
-            .map_err(|e| InterpretError::from(e))?;
-
-        Ok(Outcome::success(format!(
-            "Deployed PostgreSQL cluster `{cluster_name}`"
-        )))
-    }
-}

harmony_types/src/lib.rs

@@ -1,4 +1,3 @@
 pub mod id;
 pub mod net;
-pub mod storage;
 pub mod switch;

harmony_types/src/storage.rs

@@ -1,6 +0,0 @@
-use serde::{Deserialize, Serialize};
-
-#[derive(Copy, Clone, PartialEq, Eq, Hash, Serialize, Deserialize, PartialOrd, Ord, Debug)]
-pub struct StorageSize {
-    size_bytes: u64,
-}