diff --git a/CHANGELOG.md b/CHANGELOG.md index 8de192768..4a1f56433 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +### Added +- Add tls settings for BackupPolicy [#580](https://github.com/cybozu-go/moco/pull/580) + ## [0.17.0] - 2023-09-11 ### Breaking Changes diff --git a/api/v1beta1/job_types.go b/api/v1beta1/job_types.go index 9f220de78..cf7d790e3 100644 --- a/api/v1beta1/job_types.go +++ b/api/v1beta1/job_types.go @@ -208,6 +208,7 @@ type BucketConfig struct { // +optional BackendType string `json:"backendType,omitempty"` + // Path to SSL CA certificate file instead of system default. // +optional - CaCertFilePath string `json:"caCertFilePath,omitempty"` + CaCerts string `json:"caCerts,omitempty"` } diff --git a/api/v1beta1/zz_generated.conversion.go b/api/v1beta1/zz_generated.conversion.go index ed0eddaa5..b84388816 100644 --- a/api/v1beta1/zz_generated.conversion.go +++ b/api/v1beta1/zz_generated.conversion.go @@ -433,7 +433,7 @@ func autoConvert__BucketConfig_To_v1beta2_BucketConfig(in *BucketConfig, out *v1 out.EndpointURL = in.EndpointURL out.UsePathStyle = in.UsePathStyle out.BackendType = in.BackendType - out.CaCertFilePath = in.CaCertFilePath + out.CaCerts = in.CaCerts return nil } @@ -448,7 +448,7 @@ func autoConvert_v1beta2_BucketConfig_To__BucketConfig(in *v1beta2.BucketConfig, out.EndpointURL = in.EndpointURL out.UsePathStyle = in.UsePathStyle out.BackendType = in.BackendType - out.CaCertFilePath = in.CaCertFilePath + out.CaCerts = in.CaCerts return nil } diff --git a/api/v1beta2/job_types.go b/api/v1beta2/job_types.go index fae864004..4070a02e5 100644 --- a/api/v1beta2/job_types.go +++ b/api/v1beta2/job_types.go @@ -191,8 +191,9 @@ type BucketConfig struct { // +optional BackendType string `json:"backendType,omitempty"` + // Path to SSL CA certificate file instead of system default. // +optional - CaCertFilePath string `json:"caCertFilePath,omitempty"` + CaCerts string `json:"caCerts,omitempty"` } // AffinityApplyConfiguration is the type defined to implement the DeepCopy method. diff --git a/charts/moco/templates/generated/crds/moco_crds.yaml b/charts/moco/templates/generated/crds/moco_crds.yaml index 197d93338..5ff95125a 100644 --- a/charts/moco/templates/generated/crds/moco_crds.yaml +++ b/charts/moco/templates/generated/crds/moco_crds.yaml @@ -421,7 +421,8 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead of system ' type: string endpointURL: description: The API endpoint URL. @@ -2436,7 +2437,8 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead of system ' type: string endpointURL: description: The API endpoint URL. @@ -7690,7 +7692,8 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead of system ' type: string endpointURL: description: The API endpoint URL. @@ -13559,7 +13562,8 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead of system ' type: string endpointURL: description: The API endpoint URL. diff --git a/cmd/moco-backup/cmd/root.go b/cmd/moco-backup/cmd/root.go index 2abf72113..22830fa3a 100644 --- a/cmd/moco-backup/cmd/root.go +++ b/cmd/moco-backup/cmd/root.go @@ -119,5 +119,5 @@ func init() { pf.StringVar(&commonArgs.endpointURL, "endpoint", "", "Object storage API endpoint URL") pf.BoolVar(&commonArgs.usePathStyle, "use-path-style", false, "Use path-style S3 API") pf.StringVar(&commonArgs.backendType, "backend-type", "s3", "The identifier for the object storage to be used.") - pf.StringVar(&commonArgs.caCertFilePath, "ca-cert-file-path", "", "The file path using ca-certs") + pf.StringVar(&commonArgs.caCertFilePath, "ca-certs", "", "Path to SSL CA certificate file instead of system default") } diff --git a/config/crd/bases/moco.cybozu.com_backuppolicies.yaml b/config/crd/bases/moco.cybozu.com_backuppolicies.yaml index 3af6403cf..4e2328f10 100644 --- a/config/crd/bases/moco.cybozu.com_backuppolicies.yaml +++ b/config/crd/bases/moco.cybozu.com_backuppolicies.yaml @@ -461,7 +461,8 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead of system ' type: string endpointURL: description: The API endpoint URL. @@ -2633,7 +2634,8 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead of system ' type: string endpointURL: description: The API endpoint URL. diff --git a/config/crd/bases/moco.cybozu.com_mysqlclusters.yaml b/config/crd/bases/moco.cybozu.com_mysqlclusters.yaml index d146c2b7c..36cbd2824 100644 --- a/config/crd/bases/moco.cybozu.com_mysqlclusters.yaml +++ b/config/crd/bases/moco.cybozu.com_mysqlclusters.yaml @@ -3998,7 +3998,9 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead + of system ' type: string endpointURL: description: The API endpoint URL. @@ -10414,7 +10416,9 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead + of system ' type: string endpointURL: description: The API endpoint URL. diff --git a/config/crd/tests/apiextensions.k8s.io_v1_customresourcedefinition_backuppolicies.moco.cybozu.com.yaml b/config/crd/tests/apiextensions.k8s.io_v1_customresourcedefinition_backuppolicies.moco.cybozu.com.yaml index 59900b35a..3fd47baf0 100644 --- a/config/crd/tests/apiextensions.k8s.io_v1_customresourcedefinition_backuppolicies.moco.cybozu.com.yaml +++ b/config/crd/tests/apiextensions.k8s.io_v1_customresourcedefinition_backuppolicies.moco.cybozu.com.yaml @@ -460,7 +460,8 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead of system ' type: string endpointURL: description: The API endpoint URL. @@ -2632,7 +2633,8 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead of system ' type: string endpointURL: description: The API endpoint URL. diff --git a/config/crd/tests/apiextensions.k8s.io_v1_customresourcedefinition_mysqlclusters.moco.cybozu.com.yaml b/config/crd/tests/apiextensions.k8s.io_v1_customresourcedefinition_mysqlclusters.moco.cybozu.com.yaml index 4bdb5ed71..946541515 100644 --- a/config/crd/tests/apiextensions.k8s.io_v1_customresourcedefinition_mysqlclusters.moco.cybozu.com.yaml +++ b/config/crd/tests/apiextensions.k8s.io_v1_customresourcedefinition_mysqlclusters.moco.cybozu.com.yaml @@ -4008,7 +4008,9 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead + of system ' type: string endpointURL: description: The API endpoint URL. @@ -10424,7 +10426,9 @@ spec: description: The name of the bucket minLength: 1 type: string - caCertFilePath: + caCerts: + description: 'Path to SSL CA certificate file instead + of system ' type: string endpointURL: description: The API endpoint URL. diff --git a/controllers/mysqlcluster_controller.go b/controllers/mysqlcluster_controller.go index 813a67bbb..15c1f5e1f 100644 --- a/controllers/mysqlcluster_controller.go +++ b/controllers/mysqlcluster_controller.go @@ -1112,8 +1112,8 @@ func bucketArgs(bc mocov1beta2.BucketConfig) []string { if bc.BackendType != "" { args = append(args, "--backend-type="+bc.BackendType) } - if bc.CaCertFilePath != "" { - args = append(args, "--ca-cert-file-path="+bc.CaCertFilePath) + if bc.CaCerts != "" { + args = append(args, "--ca-certs="+bc.CaCerts) } return append(args, bc.BucketName) diff --git a/docs/crd_backuppolicy_v1beta1.md b/docs/crd_backuppolicy_v1beta1.md index 39492be5b..c7841b33f 100644 --- a/docs/crd_backuppolicy_v1beta1.md +++ b/docs/crd_backuppolicy_v1beta1.md @@ -60,7 +60,7 @@ BucketConfig is a set of parameter to access an object storage bucket. | endpointURL | The API endpoint URL. Set this for non-S3 object storages. | string | false | | usePathStyle | Allows you to enable the client to use path-style addressing, i.e., https?://ENDPOINT/BUCKET/KEY. By default, a virtual-host addressing is used (https?://BUCKET.ENDPOINT/KEY). | bool | false | | backendType | BackendType is an identifier for the object storage to be used. | string | false | -| caCertFilePath | | string | false | +| caCerts | Path to SSL CA certificate file instead of system default. | string | false | [Back to Custom Resources](#custom-resources) diff --git a/docs/crd_backuppolicy_v1beta2.md b/docs/crd_backuppolicy_v1beta2.md index 39492be5b..c7841b33f 100644 --- a/docs/crd_backuppolicy_v1beta2.md +++ b/docs/crd_backuppolicy_v1beta2.md @@ -60,7 +60,7 @@ BucketConfig is a set of parameter to access an object storage bucket. | endpointURL | The API endpoint URL. Set this for non-S3 object storages. | string | false | | usePathStyle | Allows you to enable the client to use path-style addressing, i.e., https?://ENDPOINT/BUCKET/KEY. By default, a virtual-host addressing is used (https?://BUCKET.ENDPOINT/KEY). | bool | false | | backendType | BackendType is an identifier for the object storage to be used. | string | false | -| caCertFilePath | | string | false | +| caCerts | Path to SSL CA certificate file instead of system default. | string | false | [Back to Custom Resources](#custom-resources) diff --git a/docs/crd_mysqlcluster_v1beta1.md b/docs/crd_mysqlcluster_v1beta1.md index 629a5f4a8..9cc24f537 100644 --- a/docs/crd_mysqlcluster_v1beta1.md +++ b/docs/crd_mysqlcluster_v1beta1.md @@ -181,7 +181,7 @@ BucketConfig is a set of parameter to access an object storage bucket. | endpointURL | The API endpoint URL. Set this for non-S3 object storages. | string | false | | usePathStyle | Allows you to enable the client to use path-style addressing, i.e., https?://ENDPOINT/BUCKET/KEY. By default, a virtual-host addressing is used (https?://BUCKET.ENDPOINT/KEY). | bool | false | | backendType | BackendType is an identifier for the object storage to be used. | string | false | -| caCertFilePath | | string | false | +| caCerts | Path to SSL CA certificate file instead of system default. | string | false | [Back to Custom Resources](#custom-resources) diff --git a/docs/crd_mysqlcluster_v1beta2.md b/docs/crd_mysqlcluster_v1beta2.md index e01021266..5bbab1107 100644 --- a/docs/crd_mysqlcluster_v1beta2.md +++ b/docs/crd_mysqlcluster_v1beta2.md @@ -195,7 +195,7 @@ BucketConfig is a set of parameter to access an object storage bucket. | endpointURL | The API endpoint URL. Set this for non-S3 object storages. | string | false | | usePathStyle | Allows you to enable the client to use path-style addressing, i.e., https?://ENDPOINT/BUCKET/KEY. By default, a virtual-host addressing is used (https?://BUCKET.ENDPOINT/KEY). | bool | false | | backendType | BackendType is an identifier for the object storage to be used. | string | false | -| caCertFilePath | | string | false | +| caCerts | Path to SSL CA certificate file instead of system default. | string | false | [Back to Custom Resources](#custom-resources) diff --git a/docs/moco-backup.md b/docs/moco-backup.md index 6e5315110..9f307d08f 100644 --- a/docs/moco-backup.md +++ b/docs/moco-backup.md @@ -19,6 +19,7 @@ Global Flags: --threads int The number of threads to be used (default 4) --use-path-style Use path-style S3 API --work-dir string The writable working directory (default "/work") + --ca-certs string Path to SSL CA certificate file instead of system default. ``` ## Subcommands diff --git a/e2e/testdata/backup.yaml b/e2e/testdata/backup.yaml index f868abed1..f67556b8d 100644 --- a/e2e/testdata/backup.yaml +++ b/e2e/testdata/backup.yaml @@ -42,7 +42,7 @@ spec: bucketName: moco endpointURL: https://minio.default.svc:9000 usePathStyle: true - caCertFilePath: /minio-cert/ca.crt + caCerts: /minio-cert/ca.crt workVolume: emptyDir: {} --- diff --git a/e2e/testdata/restore.yaml b/e2e/testdata/restore.yaml index 912e64b1f..c4b745882 100644 --- a/e2e/testdata/restore.yaml +++ b/e2e/testdata/restore.yaml @@ -28,7 +28,7 @@ spec: bucketName: moco endpointURL: https://minio.default.svc:9000 usePathStyle: true - caCertFilePath: /minio-cert/ca.crt + caCerts: /minio-cert/ca.crt workVolume: emptyDir: {} podTemplate: