From 0ec1c6711df5a82b3241738d2dabff909d5e296d Mon Sep 17 00:00:00 2001 From: PseudoResonance <kaio11604@gmail.com> Date: Tue, 26 Mar 2024 04:17:51 -0700 Subject: [PATCH 1/2] Add config value endpointCA for private S3 such as MinIO Signed-off-by: PseudoResonance <kaio11604@gmail.com> --- .../templates/_barman_object_store.tpl | 6 ++++ charts/cluster/templates/ca-bundle.yaml | 9 +++++ charts/cluster/values.schema.json | 34 +++++++++++++++++++ charts/cluster/values.yaml | 14 ++++++++ 4 files changed, 63 insertions(+) create mode 100644 charts/cluster/templates/ca-bundle.yaml diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl index 96278f11a..f002800e5 100644 --- a/charts/cluster/templates/_barman_object_store.tpl +++ b/charts/cluster/templates/_barman_object_store.tpl @@ -4,6 +4,12 @@ endpointURL: {{ .scope.endpointURL }} {{- end }} +{{- if or (.scope.endpointCA.create) (.scope.endpointCA.name) }} + endpointCA: + name: {{ .chartFullname }}-ca-bundle + key: ca-bundle.crt +{{- end }} + {{- if .scope.destinationPath }} destinationPath: {{ .scope.destinationPath }} {{- end }} diff --git a/charts/cluster/templates/ca-bundle.yaml b/charts/cluster/templates/ca-bundle.yaml new file mode 100644 index 000000000..12991c163 --- /dev/null +++ b/charts/cluster/templates/ca-bundle.yaml @@ -0,0 +1,9 @@ +{{- if .Values.backups.endpointCA.create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.backups.endpointCA.name | default (printf "%s-ca-bundle" (include "cluster.fullname" .)) | quote }} +data: + {{ .Values.backups.endpointCA.key | default "ca-bundle.crt" | quote }}: {{ .Values.backups.endpointCA.value }} + +{{- end }} diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json index 3ee174fdc..027dd8bb3 100644 --- a/charts/cluster/values.schema.json +++ b/charts/cluster/values.schema.json @@ -57,6 +57,23 @@ "endpointURL": { "type": "string" }, + "endpointCA": { + "type": "object", + "properties": { + "createSecret": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, "google": { "type": "object", "properties": { @@ -338,6 +355,23 @@ "endpointURL": { "type": "string" }, + "endpointCA": { + "type": "object", + "properties": { + "createSecret": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, "google": { "type": "object", "properties": { diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml index 07d979a4c..d4db49e32 100644 --- a/charts/cluster/values.yaml +++ b/charts/cluster/values.yaml @@ -41,6 +41,13 @@ recovery: # S3: https://s3.<region>.amazonaws.com" # Leave empty if using the default S3 endpoint endpointURL: "" + # -- Specifies a CA bundle to validate a privately signed certificate. + endpointCA: + # -- Creates a secret with the given value if true, otherwise uses an existing secret. + create: false + name: "" + key: "" + value: "" # -- Overrides the provider specific default path. Defaults to: # S3: s3://<bucket><path> # Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path> @@ -184,6 +191,13 @@ backups: # -- Overrides the provider specific default endpoint. Defaults to: # S3: https://s3.<region>.amazonaws.com" endpointURL: "" # Leave empty if using the default S3 endpoint + # -- Specifies a CA bundle to validate a privately signed certificate. + endpointCA: + # -- Creates a secret with the given value if true, otherwise uses an existing secret. + create: false + name: "" + key: "" + value: "" # -- Overrides the provider specific default path. Defaults to: # S3: s3://<bucket><path> From 4ac7be4f0f6c33fff3279610a4353dc117ecda89 Mon Sep 17 00:00:00 2001 From: PseudoResonance <kaio11604@gmail.com> Date: Tue, 26 Mar 2024 05:49:01 -0700 Subject: [PATCH 2/2] Update schema/docs Signed-off-by: PseudoResonance <kaio11604@gmail.com> --- charts/cluster/README.md | 4 ++++ charts/cluster/values.schema.json | 24 ++++++++++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/charts/cluster/README.md b/charts/cluster/README.md index 85094a2ce..b21feedfe 100644 --- a/charts/cluster/README.md +++ b/charts/cluster/README.md @@ -125,6 +125,8 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | backups.data.jobs | int | `2` | Number of data files to be archived or restored in parallel. | | backups.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path> Google: gs://<bucket><path> | | backups.enabled | bool | `false` | You need to configure backups manually, so backups are disabled by default. | +| backups.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. | +| backups.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. | | backups.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" | | backups.google.applicationCredentials | string | `""` | | | backups.google.bucket | string | `""` | | @@ -190,6 +192,8 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | recovery.backupName | string | `""` | Backup Recovery Method | | recovery.clusterName | string | `""` | Object Store Recovery Method | | recovery.destinationPath | string | `""` | Overrides the provider specific default path. Defaults to: S3: s3://<bucket><path> Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path> Google: gs://<bucket><path> | +| recovery.endpointCA | object | `{"create":false,"key":"","name":"","value":""}` | Specifies a CA bundle to validate a privately signed certificate. | +| recovery.endpointCA.create | bool | `false` | Creates a secret with the given value if true, otherwise uses an existing secret. | | recovery.endpointURL | string | `""` | Overrides the provider specific default endpoint. Defaults to: S3: https://s3.<region>.amazonaws.com" Leave empty if using the default S3 endpoint | | recovery.google.applicationCredentials | string | `""` | | | recovery.google.bucket | string | `""` | | diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json index 027dd8bb3..5a1c46e28 100644 --- a/charts/cluster/values.schema.json +++ b/charts/cluster/values.schema.json @@ -54,19 +54,16 @@ "enabled": { "type": "boolean" }, - "endpointURL": { - "type": "string" - }, "endpointCA": { "type": "object", "properties": { - "createSecret": { + "create": { "type": "boolean" }, - "name": { + "key": { "type": "string" }, - "key": { + "name": { "type": "string" }, "value": { @@ -74,6 +71,9 @@ } } }, + "endpointURL": { + "type": "string" + }, "google": { "type": "object", "properties": { @@ -352,19 +352,16 @@ "destinationPath": { "type": "string" }, - "endpointURL": { - "type": "string" - }, "endpointCA": { "type": "object", "properties": { - "createSecret": { + "create": { "type": "boolean" }, - "name": { + "key": { "type": "string" }, - "key": { + "name": { "type": "string" }, "value": { @@ -372,6 +369,9 @@ } } }, + "endpointURL": { + "type": "string" + }, "google": { "type": "object", "properties": {