feat: allow using existing secret for S3 credentials

cloudnative-pg · Feb 29, 2024 · 1f5b472 · 1f5b472
1 parent 001d787
commit 1f5b472
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl
@@ -15,13 +15,23 @@
   {{- if empty .scope.destinationPath }}
   destinationPath: "s3://{{ required "You need to specify S3 bucket if destinationPath is not specified." .scope.s3.bucket }}{{ .scope.s3.path }}"
   {{- end }}
+  {{- if .scope.s3.secret }}
+  s3Credentials:
+    accessKeyId:
+      name: {{ .scope.s3.secret }}
+      key: ACCESS_KEY_ID
+    secretAccessKey:
+      name: {{ .scope.s3.secret }}
+      key: ACCESS_SECRET_KEY
+  {{- else }}
   s3Credentials:
     accessKeyId:
       name: {{ .chartFullname }}-backup-s3{{ .secretSuffix }}-creds
       key: ACCESS_KEY_ID
     secretAccessKey:
       name: {{ .chartFullname }}-backup-s3{{ .secretSuffix }}-creds
       key: ACCESS_SECRET_KEY
+  {{- end }}
 {{- else if eq .scope.provider "azure" }}
   {{- if empty .scope.destinationPath }}
   destinationPath: "https://{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}"

diff --git a/charts/cluster/templates/backup-s3-creds.yaml b/charts/cluster/templates/backup-s3-creds.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") }}
+{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") (empty .Values.backups.s3.secret) }}
 apiVersion: v1
 kind: Secret
 metadata:

diff --git a/charts/cluster/templates/backup-s3-recovery-creds.yaml b/charts/cluster/templates/backup-s3-recovery-creds.yaml
@@ -1,9 +1,9 @@
-{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "s3") }}
+{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "s3") (empty .Values.recovery.s3.secret) }}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "cluster.fullname" . }}-backup-s3-recovery-creds
 data:
   ACCESS_KEY_ID: {{ required ".Values.recovery.s3.accessKey is required, but not specified." .Values.recovery.s3.accessKey | b64enc | quote }}
   ACCESS_SECRET_KEY: {{ required ".Values.recovery.s3.secretKey is required, but not specified." .Values.recovery.s3.secretKey | b64enc | quote }}
-{{- end }}
+{{- end }}
diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml
@@ -54,6 +54,7 @@ recovery:
     path: "/"
     accessKey: ""
     secretKey: ""
+    secret: ""
   azure:
     path: "/"
     connectionString: ""
@@ -183,6 +184,7 @@ backups:
     path: "/"
     accessKey: ""
     secretKey: ""
+    secret: ""
   azure:
     path: "/"
     connectionString: ""