From 0af6d066be3a0c2c4b61414bb5eff5d218154567 Mon Sep 17 00:00:00 2001 From: "Ben Scholzen (DASPRiD)" Date: Thu, 29 Feb 2024 23:34:44 +0100 Subject: [PATCH] feat: allow using existing secret for backup and restore Signed-off-by: Ben Scholzen (DASPRiD) --- charts/cluster/templates/_backup.tpl | 2 +- .../cluster/templates/_barman_object_store.tpl | 17 ++++++++++------- .../cluster/templates/backup-azure-creds.yaml | 8 ++++++-- .../templates/backup-azure-recovery-creds.yaml | 8 ++++++-- .../cluster/templates/backup-google-creds.yaml | 8 ++++++-- .../templates/backup-google-recovery-creds.yaml | 8 ++++++-- charts/cluster/templates/backup-s3-creds.yaml | 6 +++++- .../templates/backup-s3-recovery-creds.yaml | 8 ++++++-- charts/cluster/values.yaml | 16 +++++++++++----- 9 files changed, 57 insertions(+), 24 deletions(-) diff --git a/charts/cluster/templates/_backup.tpl b/charts/cluster/templates/_backup.tpl index cb76d9b74c..287e88aea9 100644 --- a/charts/cluster/templates/_backup.tpl +++ b/charts/cluster/templates/_backup.tpl @@ -12,7 +12,7 @@ backup: encryption: AES256 jobs: 2 - {{- $d := dict "chartFullname" (include "cluster.fullname" .) "scope" .Values.backups }} + {{- $d := dict "chartFullname" (include "cluster.fullname" .) "scope" .Values.backups "secretSuffix" "" }} {{- include "cluster.barmanObjectStoreConfig" $d | nindent 2 }} {{- end }} {{- end }} diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl index 96278f11a5..a79f3d1e68 100644 --- a/charts/cluster/templates/_barman_object_store.tpl +++ b/charts/cluster/templates/_barman_object_store.tpl @@ -15,33 +15,35 @@ {{- if empty .scope.destinationPath }} destinationPath: "s3://{{ required "You need to specify S3 bucket if destinationPath is not specified." .scope.s3.bucket }}{{ .scope.s3.path }}" {{- end }} + {{ $secretName := coalesce .scope.secret.name (printf "%s-backup-s3%s-creds" .chartFullname .secretSuffix) }} s3Credentials: accessKeyId: - name: {{ .chartFullname }}-backup-s3{{ .secretSuffix }}-creds + name: {{ $secretName }} key: ACCESS_KEY_ID secretAccessKey: - name: {{ .chartFullname }}-backup-s3{{ .secretSuffix }}-creds + name: {{ $secretName }} key: ACCESS_SECRET_KEY {{- else if eq .scope.provider "azure" }} {{- if empty .scope.destinationPath }} destinationPath: "https://{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}" {{- end }} azureCredentials: + {{ $secretName := coalesce .scope.secret.name (printf "%s-backup-azure%s-creds" .chartFullname .secretSuffix) }} {{- if .scope.azure.connectionString }} connectionString: - name: {{ .chartFullname }}-backup-azure{{ .secretSuffix }}-creds + name: {{ $secretName }} key: AZURE_CONNECTION_STRING {{- else }} storageAccount: - name: {{ .chartFullname }}-backup-azure{{ .secretSuffix }}-creds + name: {{ $secretName }} key: AZURE_STORAGE_ACCOUNT {{- if .scope.azure.storageKey }} storageKey: - name: {{ .chartFullname }}-backup-azure{{ .secretSuffix }}-creds + name: {{ $secretName }} key: AZURE_STORAGE_KEY {{- else }} storageSasToken: - name: {{ .chartFullname }}-backup-azure{{ .secretSuffix }}-creds + name: {{ $secretName }} key: AZURE_STORAGE_SAS_TOKEN {{- end }} {{- end }} @@ -49,10 +51,11 @@ {{- if empty .scope.destinationPath }} destinationPath: "gs://{{ required "You need to specify Google storage bucket if destinationPath is not specified." .scope.google.bucket }}{{ .scope.google.path }}" {{- end }} + {{ $secretName := coalesce .scope.secret.name (printf "%s-backup-google%s-creds" .chartFullname .secretSuffix) }} googleCredentials: gkeEnvironment: {{ .scope.google.gkeEnvironment }} applicationCredentials: - name: {{ .chartFullname }}-backup-google{{ .secretSuffix }}-creds + name: {{ $secretName }} key: APPLICATION_CREDENTIALS {{- end -}} {{- end -}} diff --git a/charts/cluster/templates/backup-azure-creds.yaml b/charts/cluster/templates/backup-azure-creds.yaml index 19a651eb35..b9a49c16ab 100644 --- a/charts/cluster/templates/backup-azure-creds.yaml +++ b/charts/cluster/templates/backup-azure-creds.yaml @@ -1,11 +1,15 @@ -{{- if and .Values.backups.enabled (eq .Values.backups.provider "azure") }} +{{- if and .Values.backups.enabled (eq .Values.backups.provider "azure") .Values.backups.secret.create }} apiVersion: v1 kind: Secret metadata: + {{- if empty .Values.backups.secret.name }} name: {{ include "cluster.fullname" . }}-backup-azure-creds + {{- else }} + name: {{ .Values.backups.secret.name }} + {{- end }} data: AZURE_CONNECTION_STRING: {{ .Values.backups.azure.connectionString | b64enc | quote }} AZURE_STORAGE_ACCOUNT: {{ .Values.backups.azure.storageAccount | b64enc | quote }} AZURE_STORAGE_KEY: {{ .Values.backups.azure.storageKey | b64enc | quote }} AZURE_STORAGE_SAS_TOKEN: {{ .Values.backups.azure.storageSasToken | b64enc | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cluster/templates/backup-azure-recovery-creds.yaml b/charts/cluster/templates/backup-azure-recovery-creds.yaml index b4aecb5589..a54ed853ff 100644 --- a/charts/cluster/templates/backup-azure-recovery-creds.yaml +++ b/charts/cluster/templates/backup-azure-recovery-creds.yaml @@ -1,11 +1,15 @@ -{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "azure") }} +{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "azure") .Values.recovery.secret.create }} apiVersion: v1 kind: Secret metadata: + {{- if empty .Values.recovery.secret.name }} name: {{ include "cluster.fullname" . }}-backup-azure-recovery-creds + {{- else }} + name: {{ .Values.recovery.secret.name }} + {{- end }} data: AZURE_CONNECTION_STRING: {{ .Values.recovery.azure.connectionString | b64enc | quote }} AZURE_STORAGE_ACCOUNT: {{ .Values.recovery.azure.storageAccount | b64enc | quote }} AZURE_STORAGE_KEY: {{ .Values.recovery.azure.storageKey | b64enc | quote }} AZURE_STORAGE_SAS_TOKEN: {{ .Values.recovery.azure.storageSasToken | b64enc | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cluster/templates/backup-google-creds.yaml b/charts/cluster/templates/backup-google-creds.yaml index 252a27064f..cb4fd85a5d 100644 --- a/charts/cluster/templates/backup-google-creds.yaml +++ b/charts/cluster/templates/backup-google-creds.yaml @@ -1,8 +1,12 @@ -{{- if and .Values.backups.enabled (eq .Values.backups.provider "google") }} +{{- if and .Values.backups.enabled (eq .Values.backups.provider "google") .Values.backups.secret.create }} apiVersion: v1 kind: Secret metadata: + {{- if empty .Values.backups.secret.name }} name: {{ include "cluster.fullname" . }}-backup-google-creds + {{- else }} + name: {{ .Values.backups.secret.name }} + {{- end }} data: APPLICATION_CREDENTIALS: {{ .Values.backups.google.applicationCredentials | b64enc | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cluster/templates/backup-google-recovery-creds.yaml b/charts/cluster/templates/backup-google-recovery-creds.yaml index 942bb897bc..4a462d8c1a 100644 --- a/charts/cluster/templates/backup-google-recovery-creds.yaml +++ b/charts/cluster/templates/backup-google-recovery-creds.yaml @@ -1,8 +1,12 @@ -{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "google") }} +{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "google") .Values.recovery.secret.create }} apiVersion: v1 kind: Secret metadata: + {{- if empty .Values.recovery.secret.name }} name: {{ include "cluster.fullname" . }}-backup-google-recovery-creds + {{- else }} + name: {{ .Values.recovery.secret.name }} + {{- end }} data: APPLICATION_CREDENTIALS: {{ .Values.recovery.google.applicationCredentials | b64enc | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cluster/templates/backup-s3-creds.yaml b/charts/cluster/templates/backup-s3-creds.yaml index b906d24539..c2846f514a 100644 --- a/charts/cluster/templates/backup-s3-creds.yaml +++ b/charts/cluster/templates/backup-s3-creds.yaml @@ -1,8 +1,12 @@ -{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") }} +{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") .Values.backups.secret.create }} apiVersion: v1 kind: Secret metadata: + {{- if empty .Values.backups.secret.name }} name: {{ include "cluster.fullname" . }}-backup-s3-creds + {{- else }} + name: {{ .Values.backups.secret.name }} + {{- end }} data: ACCESS_KEY_ID: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }} ACCESS_SECRET_KEY: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }} diff --git a/charts/cluster/templates/backup-s3-recovery-creds.yaml b/charts/cluster/templates/backup-s3-recovery-creds.yaml index 9cc615fcd7..35c099e87d 100644 --- a/charts/cluster/templates/backup-s3-recovery-creds.yaml +++ b/charts/cluster/templates/backup-s3-recovery-creds.yaml @@ -1,9 +1,13 @@ -{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "s3") }} +{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "s3") .Values.recovery.secret.create }} apiVersion: v1 kind: Secret metadata: + {{- if empty .Values.recovery.secret.name }} name: {{ include "cluster.fullname" . }}-backup-s3-recovery-creds + {{- else }} + name: {{ .Values.recovery.secret.name }} + {{- end }} data: ACCESS_KEY_ID: {{ required ".Values.recovery.s3.accessKey is required, but not specified." .Values.recovery.s3.accessKey | b64enc | quote }} ACCESS_SECRET_KEY: {{ required ".Values.recovery.s3.secretKey is required, but not specified." .Values.recovery.s3.secretKey | b64enc | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml index 02f9671331..fb7bf222d8 100644 --- a/charts/cluster/values.yaml +++ b/charts/cluster/values.yaml @@ -48,6 +48,9 @@ recovery: destinationPath: "" # -- One of `s3`, `azure` or `google` provider: s3 + secret: + create: true + name: "" s3: region: "" bucket: "" @@ -169,7 +172,7 @@ cluster: backups: # -- You need to configure backups manually, so backups are disabled by default. - enabled: false + enabled: true # -- Overrides the provider specific default endpoint. Defaults to: # S3: https://s3..amazonaws.com" @@ -182,12 +185,15 @@ backups: destinationPath: "" # -- One of `s3`, `azure` or `google` provider: s3 + secret: + create: true + name: "" s3: - region: "" - bucket: "" + region: "test" + bucket: "test" path: "/" - accessKey: "" - secretKey: "" + accessKey: "test" + secretKey: "test" azure: path: "/" connectionString: ""