From 0ec1c6711df5a82b3241738d2dabff909d5e296d Mon Sep 17 00:00:00 2001
From: PseudoResonance <kaio11604@gmail.com>
Date: Tue, 26 Mar 2024 04:17:51 -0700
Subject: [PATCH 1/2] Add config value endpointCA for private S3 such as MinIO

Signed-off-by: PseudoResonance <kaio11604@gmail.com>
---
 .../templates/_barman_object_store.tpl        |  6 ++++
 charts/cluster/templates/ca-bundle.yaml       |  9 +++++
 charts/cluster/values.schema.json             | 34 +++++++++++++++++++
 charts/cluster/values.yaml                    | 14 ++++++++
 4 files changed, 63 insertions(+)
 create mode 100644 charts/cluster/templates/ca-bundle.yaml

diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl
index 96278f11a..f002800e5 100644
--- a/charts/cluster/templates/_barman_object_store.tpl
+++ b/charts/cluster/templates/_barman_object_store.tpl
@@ -4,6 +4,12 @@
   endpointURL: {{ .scope.endpointURL }}
 {{- end }}
 
+{{- if or (.scope.endpointCA.create) (.scope.endpointCA.name) }}
+  endpointCA:
+    name: {{ .chartFullname }}-ca-bundle
+    key: ca-bundle.crt
+{{- end }}
+
 {{- if .scope.destinationPath }}
   destinationPath: {{ .scope.destinationPath }}
 {{- end }}
diff --git a/charts/cluster/templates/ca-bundle.yaml b/charts/cluster/templates/ca-bundle.yaml
new file mode 100644
index 000000000..12991c163
--- /dev/null
+++ b/charts/cluster/templates/ca-bundle.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.backups.endpointCA.create }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.backups.endpointCA.name | default (printf "%s-ca-bundle" (include "cluster.fullname" .)) | quote }}
+data:
+  {{ .Values.backups.endpointCA.key | default "ca-bundle.crt" | quote }}: {{ .Values.backups.endpointCA.value }}
+  
+{{- end }}
diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json
index 3ee174fdc..027dd8bb3 100644
--- a/charts/cluster/values.schema.json
+++ b/charts/cluster/values.schema.json
@@ -57,6 +57,23 @@
                 "endpointURL": {
                     "type": "string"
                 },
+                "endpointCA": {
+                    "type": "object",
+                    "properties": {
+                        "createSecret": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        },
+                        "key": {
+                            "type": "string"
+                        },
+                        "value": {
+                            "type": "string"
+                        }
+                    }
+                },
                 "google": {
                     "type": "object",
                     "properties": {
@@ -338,6 +355,23 @@
                 "endpointURL": {
                     "type": "string"
                 },
+                "endpointCA": {
+                    "type": "object",
+                    "properties": {
+                        "createSecret": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        },
+                        "key": {
+                            "type": "string"
+                        },
+                        "value": {
+                            "type": "string"
+                        }
+                    }
+                },
                 "google": {
                     "type": "object",
                     "properties": {
diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml
index 07d979a4c..d4db49e32 100644
--- a/charts/cluster/values.yaml
+++ b/charts/cluster/values.yaml
@@ -41,6 +41,13 @@ recovery:
   # S3: https://s3.<region>.amazonaws.com"
   # Leave empty if using the default S3 endpoint
   endpointURL: ""
+  # -- Specifies a CA bundle to validate a privately signed certificate.
+  endpointCA:
+    # -- Creates a secret with the given value if true, otherwise uses an existing secret.
+    create: false
+    name: ""
+    key: ""
+    value: ""
   # -- Overrides the provider specific default path. Defaults to:
   # S3: s3://<bucket><path>
   # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path>
@@ -184,6 +191,13 @@ backups:
   # -- Overrides the provider specific default endpoint. Defaults to:
   # S3: https://s3.<region>.amazonaws.com"
   endpointURL: ""  # Leave empty if using the default S3 endpoint
+  # -- Specifies a CA bundle to validate a privately signed certificate.
+  endpointCA:
+    # -- Creates a secret with the given value if true, otherwise uses an existing secret.
+    create: false
+    name: ""
+    key: ""
+    value: ""
 
   # -- Overrides the provider specific default path. Defaults to:
   # S3: s3://<bucket><path>

From 4ac7be4f0f6c33fff3279610a4353dc117ecda89 Mon Sep 17 00:00:00 2001
From: PseudoResonance <kaio11604@gmail.com>
Date: Tue, 26 Mar 2024 05:49:01 -0700
Subject: [PATCH 2/2] Update schema/docs

Signed-off-by: PseudoResonance <kaio11604@gmail.com>
---
 charts/cluster/README.md          |  4 ++++
 charts/cluster/values.schema.json | 24 ++++++++++++------------
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/charts/cluster/README.md b/charts/cluster/README.md
index 85094a2ce..b21feedfe 100644
--- a/charts/cluster/README.md
+++ b/charts/cluster/README.md
@@ -125,6 +125,8 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | backups.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. |
 | backups.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path> Google: gs://<bucket><path> |
 | backups.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. |
+| backups.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. |
+| backups.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
 | backups.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" |
 | backups.google.applicationCredentials | string | `""` |  |
 | backups.google.bucket | string | `""` |  |
@@ -190,6 +192,8 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | recovery.backupName | string | `""` | Backup Recovery Method |
 | recovery.clusterName | string | `""` | Object Store Recovery Method |
 | recovery.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path> Google: gs://<bucket><path> |
+| recovery.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. |
+| recovery.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. |
 | recovery.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint |
 | recovery.google.applicationCredentials | string | `""` |  |
 | recovery.google.bucket | string | `""` |  |
diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json
index 027dd8bb3..5a1c46e28 100644
--- a/charts/cluster/values.schema.json
+++ b/charts/cluster/values.schema.json
@@ -54,19 +54,16 @@
                 "enabled": {
                     "type": "boolean"
                 },
-                "endpointURL": {
-                    "type": "string"
-                },
                 "endpointCA": {
                     "type": "object",
                     "properties": {
-                        "createSecret": {
+                        "create": {
                             "type": "boolean"
                         },
-                        "name": {
+                        "key": {
                             "type": "string"
                         },
-                        "key": {
+                        "name": {
                             "type": "string"
                         },
                         "value": {
@@ -74,6 +71,9 @@
                         }
                     }
                 },
+                "endpointURL": {
+                    "type": "string"
+                },
                 "google": {
                     "type": "object",
                     "properties": {
@@ -352,19 +352,16 @@
                 "destinationPath": {
                     "type": "string"
                 },
-                "endpointURL": {
-                    "type": "string"
-                },
                 "endpointCA": {
                     "type": "object",
                     "properties": {
-                        "createSecret": {
+                        "create": {
                             "type": "boolean"
                         },
-                        "name": {
+                        "key": {
                             "type": "string"
                         },
-                        "key": {
+                        "name": {
                             "type": "string"
                         },
                         "value": {
@@ -372,6 +369,9 @@
                         }
                     }
                 },
+                "endpointURL": {
+                    "type": "string"
+                },
                 "google": {
                     "type": "object",
                     "properties": {