Skip to content

Commit

Permalink
feat(383) Define keyNames to backups.secrets
Browse files Browse the repository at this point in the history
Signed-off-by: Ernesto R. C. Pereda <[email protected]>
  • Loading branch information
ercpereda committed Sep 17, 2024
1 parent f4a74a3 commit 7dbef4d
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 15 deletions.
7 changes: 7 additions & 0 deletions charts/cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,13 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
| backups.scheduledBackups[0].schedule | string | `"0 0 0 * * *"` | Schedule in cron format |
| backups.secret.create | bool | `true` | Whether to create a secret for the backup credentials |
| backups.secret.name | string | `""` | Name of the backup credentials secret |
| backups.secret.keyNames.accessKey | string | `"ACCESS_KEY_ID"` | Name of the s3 accessKey secret key |
| backups.secret.keyNames.secretKey | string | `"ACCESS_SECRET_KEY"` | Name of the s3 secretKey secret key |
| backups.secret.keyNames.applicationCredentials | string | `"APPLICATION_CREDENTIALS"` | Name of the google applicationCredentials secret key |
| backups.secret.keyNames.connectionString | string | `"AZURE_CONNECTION_STRING"` | Name of the azure connectionString secret key |
| backups.secret.keyNames.storageAccount | string | `"AZURE_STORAGE_ACCOUNT"` | Name of the azure storageAccount secret key |
| backups.secret.keyNames.storageKey | string | `"AZURE_STORAGE_KEY"` | Name of the azure storageKey secret key |
| backups.secret.keyNames.storageSasToken | string | `"AZURE_STORAGE_SAS_TOKEN"` | Name of the azure storageSasToken secret key |
| backups.wal.compression | string | `"gzip"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
| backups.wal.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
| backups.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |
Expand Down
14 changes: 7 additions & 7 deletions charts/cluster/templates/_barman_object_store.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@
s3Credentials:
accessKeyId:
name: {{ $secretName }}
key: ACCESS_KEY_ID
key: {{ required ".Values.backups.secret.keyNames.accessKey is required, but not specified" .scope.secret.keyNames.accessKey }}
secretAccessKey:
name: {{ $secretName }}
key: ACCESS_SECRET_KEY
key: {{ required ".Values.backups.secret.keyNames.secretKey is required, but not specified" .scope.secret.keyNames.secretKey }}
{{- else if eq .scope.provider "azure" }}
{{- if empty .scope.destinationPath }}
destinationPath: "https://{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}"
Expand All @@ -40,19 +40,19 @@
{{- else if .scope.azure.connectionString }}
connectionString:
name: {{ $secretName }}
key: AZURE_CONNECTION_STRING
key: {{ required ".Values.backups.secret.keyNames.connectionString is required, but not specified" .scope.secret.keyNames.connectionString }}
{{- else }}
storageAccount:
name: {{ $secretName }}
key: AZURE_STORAGE_ACCOUNT
key: {{ required ".Values.backups.secret.keyNames.storageAccount is required, but not specified" .scope.secret.keyNames.storageAccount }}
{{- if .scope.azure.storageKey }}
storageKey:
name: {{ $secretName }}
key: AZURE_STORAGE_KEY
key: {{ required ".Values.backups.secret.keyNames.storageKey is required, but not specified" .scope.secret.keyNames.storageKey }}
{{- else }}
storageSasToken:
name: {{ $secretName }}
key: AZURE_STORAGE_SAS_TOKEN
key: {{ required ".Values.backups.secret.keyNames.storageSasToken is required, but not specified" .scope.secret.keyNames.storageSasToken }}
{{- end }}
{{- end }}
{{- else if eq .scope.provider "google" }}
Expand All @@ -65,7 +65,7 @@
{{- if not .scope.google.gkeEnvironment }}
applicationCredentials:
name: {{ $secretName }}
key: APPLICATION_CREDENTIALS
key: {{ required ".Values.backups.secret.keyNames.applicationCredentials is required, but not specified" .scope.secret.keyNames.applicationCredentials }}
{{- end }}
{{- end -}}
{{- end -}}
8 changes: 4 additions & 4 deletions charts/cluster/templates/backup-azure-creds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ kind: Secret
metadata:
name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
data:
AZURE_CONNECTION_STRING: {{ .Values.backups.azure.connectionString | b64enc | quote }}
AZURE_STORAGE_ACCOUNT: {{ .Values.backups.azure.storageAccount | b64enc | quote }}
AZURE_STORAGE_KEY: {{ .Values.backups.azure.storageKey | b64enc | quote }}
AZURE_STORAGE_SAS_TOKEN: {{ .Values.backups.azure.storageSasToken | b64enc | quote }}
{{ required ".Values.backups.secret.keyNames.connectionString is required, but not specified" .Values.backups.secret.keyNames.connectionString }}: {{ .Values.backups.azure.connectionString | b64enc | quote }}
{{ required ".Values.backups.secret.keyNames.storageAccount is required, but not specified" .Values.backups.secret.keyNames.storageAccount }}: {{ .Values.backups.azure.storageAccount | b64enc | quote }}
{{ required ".Values.backups.secret.keyNames.storageKey is required, but not specified" .Values.backups.secret.keyNames.storageKey }}: {{ .Values.backups.azure.storageKey | b64enc | quote }}
{{ required ".Values.backups.secret.keyNames.storageSasToken is required, but not specified" .Values.backups.secret.keyNames.storageSasToken }}: {{ .Values.backups.azure.storageSasToken | b64enc | quote }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/cluster/templates/backup-google-creds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ kind: Secret
metadata:
name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
data:
APPLICATION_CREDENTIALS: {{ .Values.backups.google.applicationCredentials | b64enc | quote }}
{{ required ".Values.backups.secret.keyNames.applicationCredentials is required, but not specified" .Values.backups.secret.keyNames.applicationCredentials }}: {{ .Values.backups.google.applicationCredentials | b64enc | quote }}
{{- end }}
4 changes: 2 additions & 2 deletions charts/cluster/templates/backup-s3-creds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ kind: Secret
metadata:
name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
data:
ACCESS_KEY_ID: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }}
ACCESS_SECRET_KEY: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }}
{{ required ".Values.backups.secret.keyNames.accessKey is required, but not specified" .Values.backups.secret.keyNames.accessKey }}: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }}
{{ required ".Values.backups.secret.keyNames.secretKey is required, but not specified" .Values.backups.secret.keyNames.secretKey }}: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }}
{{- end }}
22 changes: 21 additions & 1 deletion charts/cluster/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,27 @@
},
"name": {
"type": "string"
}
},
"keyNames": {
"type": "object",
"properties": {
"accessKey": {
"type": "string"
},
"secretKey": {
"type": "string"
},
"applicationCredentials": {
"type": "string"
},
"connectionString": {
"type": "string"
},
"storageAccount": {
"type": "string"
}
}
}
}
},
"wal": {
Expand Down
9 changes: 9 additions & 0 deletions charts/cluster/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,15 @@ backups:
create: true
# -- Name of the backup credentials secret
name: ""
# -- Name of the keys inside the secret
keyNames:
accessKey: ACCESS_KEY_ID
secretKey: ACCESS_SECRET_KEY
applicationCredentials: APPLICATION_CREDENTIALS
connectionString: AZURE_CONNECTION_STRING
storageAccount: AZURE_STORAGE_ACCOUNT
storageKey: AZURE_STORAGE_KEY
storageSasToken: AZURE_STORAGE_SAS_TOKEN

wal:
# -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
Expand Down

0 comments on commit 7dbef4d

Please sign in to comment.