diff --git a/charts/cluster/README.md b/charts/cluster/README.md index 85094a2ce..b21feedfe 100644 --- a/charts/cluster/README.md +++ b/charts/cluster/README.md @@ -125,6 +125,8 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | backups.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. | | backups.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3:// Azure: https://..core.windows.net/ Google: gs:// | | backups.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. | +| backups.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. | +| backups.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. | | backups.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3..amazonaws.com" | | backups.google.applicationCredentials | string | `""` | | | backups.google.bucket | string | `""` | | @@ -190,6 +192,8 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | recovery.backupName | string | `""` | Backup Recovery Method | | recovery.clusterName | string | `""` | Object Store Recovery Method | | recovery.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3:// Azure: https://..core.windows.net/ Google: gs:// | +| recovery.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. | +| recovery.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. | | recovery.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3..amazonaws.com" Leave empty if using the default S3 endpoint | | recovery.google.applicationCredentials | string | `""` | | | recovery.google.bucket | string | `""` | | diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl index 96278f11a..f002800e5 100644 --- a/charts/cluster/templates/_barman_object_store.tpl +++ b/charts/cluster/templates/_barman_object_store.tpl @@ -4,6 +4,12 @@ endpointURL: {{ .scope.endpointURL }} {{- end }} +{{- if or (.scope.endpointCA.create) (.scope.endpointCA.name) }} + endpointCA: + name: {{ .chartFullname }}-ca-bundle + key: ca-bundle.crt +{{- end }} + {{- if .scope.destinationPath }} destinationPath: {{ .scope.destinationPath }} {{- end }} diff --git a/charts/cluster/templates/ca-bundle.yaml b/charts/cluster/templates/ca-bundle.yaml new file mode 100644 index 000000000..12991c163 --- /dev/null +++ b/charts/cluster/templates/ca-bundle.yaml @@ -0,0 +1,9 @@ +{{- if .Values.backups.endpointCA.create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.backups.endpointCA.name | default (printf "%s-ca-bundle" (include "cluster.fullname" .)) | quote }} +data: + {{ .Values.backups.endpointCA.key | default "ca-bundle.crt" | quote }}: {{ .Values.backups.endpointCA.value }} + +{{- end }} diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json index 3ee174fdc..5a1c46e28 100644 --- a/charts/cluster/values.schema.json +++ b/charts/cluster/values.schema.json @@ -54,6 +54,23 @@ "enabled": { "type": "boolean" }, + "endpointCA": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, "endpointURL": { "type": "string" }, @@ -335,6 +352,23 @@ "destinationPath": { "type": "string" }, + "endpointCA": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, "endpointURL": { "type": "string" }, diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml index 07d979a4c..d4db49e32 100644 --- a/charts/cluster/values.yaml +++ b/charts/cluster/values.yaml @@ -41,6 +41,13 @@ recovery: # S3: https://s3..amazonaws.com" # Leave empty if using the default S3 endpoint endpointURL: "" + # -- Specifies a CA bundle to validate a privately signed certificate. + endpointCA: + # -- Creates a secret with the given value if true, otherwise uses an existing secret. + create: false + name: "" + key: "" + value: "" # -- Overrides the provider specific default path. Defaults to: # S3: s3:// # Azure: https://..core.windows.net/ @@ -184,6 +191,13 @@ backups: # -- Overrides the provider specific default endpoint. Defaults to: # S3: https://s3..amazonaws.com" endpointURL: "" # Leave empty if using the default S3 endpoint + # -- Specifies a CA bundle to validate a privately signed certificate. + endpointCA: + # -- Creates a secret with the given value if true, otherwise uses an existing secret. + create: false + name: "" + key: "" + value: "" # -- Overrides the provider specific default path. Defaults to: # S3: s3://