feat(cluster): allow using existing secret for backup and restore

Co-authored-by: Ben Scholzen (DASPRiD) <[email protected]> Signed-off-by: Itay Grudev <[email protected]>
cloudnative-pg · Mar 28, 2024 · 5a516ea · 5a516ea
1 parent d673403
commit 5a516ea
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 17 deletions.
diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl
@@ -21,25 +21,27 @@
   {{- if empty .scope.destinationPath -}}
   {{ "  destinationPath: \"s3://" }}{{ required "You need to specify S3 bucket if destinationPath is not specified." .scope.s3.bucket }}{{ .scope.s3.path }}"
   {{- end }}
+  {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-s3-creds" .chartFullname .secretSuffix) -}}
   s3Credentials:
     accessKeyId:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-s3-creds
+      name: {{ $secretName }}
       key: ACCESS_KEY_ID
     secretAccessKey:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-s3-creds
+      name: {{ $secretName }}
       key: ACCESS_SECRET_KEY
 {{- else if eq .scope.provider "azure" }}
   {{- if empty .scope.destinationPath -}}
   {{ "  destinationPath: \"https://" }}{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}"
   {{- end }}
+  {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-azure-creds" .chartFullname .secretSuffix) -}}
   azureCredentials:
   {{- if .scope.azure.connectionString }}
     connectionString:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-azure-creds
+      name: {{ $secretName }}
       key: AZURE_CONNECTION_STRING
   {{- else }}
     storageAccount:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-azure-creds
+      name: {{ $secretName }}
       key: AZURE_STORAGE_ACCOUNT
     {{- if .scope.azure.storageKey }}
     storageKey:
@@ -55,10 +57,11 @@
   {{- if empty .scope.destinationPath -}}
   {{ "  destinationPath: \"gs://" }}{{ required "You need to specify Google storage bucket if destinationPath is not specified." .scope.google.bucket }}{{ .scope.google.path }}"
   {{- end }}
+  {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-google-creds" .chartFullname .secretSuffix) -}}
   googleCredentials:
     gkeEnvironment: {{ .scope.google.gkeEnvironment }}
     applicationCredentials:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-google-creds
+      name: {{ $secretName }}
       key: APPLICATION_CREDENTIALS
 {{- end -}}
 {{- end -}}
diff --git a/charts/cluster/templates/backup-azure-creds.yaml b/charts/cluster/templates/backup-azure-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "azure") }}
+{{- if and .Values.backups.enabled (eq .Values.backups.provider "azure") .Values.backups.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-backup-azure-creds
+  name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
   AZURE_CONNECTION_STRING: {{ .Values.backups.azure.connectionString | b64enc | quote }}
   AZURE_STORAGE_ACCOUNT: {{ .Values.backups.azure.storageAccount | b64enc | quote }}

diff --git a/charts/cluster/templates/backup-google-creds.yaml b/charts/cluster/templates/backup-google-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "google") }}
+{{- if and .Values.backups.enabled (eq .Values.backups.provider "google") .Values.backups.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-backup-google-creds
+  name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
   APPLICATION_CREDENTIALS: {{ .Values.backups.google.applicationCredentials | b64enc | quote }}
 {{- end }}
diff --git a/charts/cluster/templates/backup-s3-creds.yaml b/charts/cluster/templates/backup-s3-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") }}
+{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") .Values.backups.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-backup-s3-creds
+  name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
   ACCESS_KEY_ID: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }}
   ACCESS_SECRET_KEY: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }}

diff --git a/charts/cluster/templates/recovery-azure-creds.yaml b/charts/cluster/templates/recovery-azure-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "azure") }}
+{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "azure") .Values.recovery.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-recovery-azure-creds
+  name: {{ default (printf "%s-recovery-azure-creds" (include "cluster.fullname" .)) .Values.recovery.secret.name }}
 data:
   AZURE_CONNECTION_STRING: {{ .Values.recovery.azure.connectionString | b64enc | quote }}
   AZURE_STORAGE_ACCOUNT: {{ .Values.recovery.azure.storageAccount | b64enc | quote }}

diff --git a/charts/cluster/templates/recovery-google-creds.yaml b/charts/cluster/templates/recovery-google-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "google") }}
+{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "google") .Values.recovery.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-recovery-google-creds
+  name: {{ default (printf "%s-recovery-google-creds" (include "cluster.fullname" .)) .Values.recovery.secret.name }}
 data:
   APPLICATION_CREDENTIALS: {{ .Values.recovery.google.applicationCredentials | b64enc | quote }}
 {{- end }}
diff --git a/charts/cluster/templates/recovery-s3-creds.yaml b/charts/cluster/templates/recovery-s3-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "s3") }}
+{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "s3") .Values.recovery.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-recovery-s3-creds
+  name: {{ default (printf "%s-recovery-s3-creds" (include "cluster.fullname" .)) .Values.recovery.secret.name }}
 data:
   ACCESS_KEY_ID: {{ required ".Values.recovery.s3.accessKey is required, but not specified." .Values.recovery.s3.accessKey | b64enc | quote }}
   ACCESS_SECRET_KEY: {{ required ".Values.recovery.s3.secretKey is required, but not specified." .Values.recovery.s3.secretKey | b64enc | quote }}

diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml
@@ -75,6 +75,11 @@ recovery:
     bucket: ""
     gkeEnvironment: false
     applicationCredentials: ""
+  secret:
+    # -- Whether to create a secret for the backup credentials
+    create: true
+    # -- Name of the backup credentials secret
+    name: ""
 
 
 cluster:
@@ -229,6 +234,11 @@ backups:
     bucket: ""
     gkeEnvironment: false
     applicationCredentials: ""
+  secret:
+    # -- Whether to create a secret for the backup credentials
+    create: true
+    # -- Name of the backup credentials secret
+    name: ""
 
   wal:
     # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.