From a4d75342251bf70cbd424c52cc28109fbbf72f6d Mon Sep 17 00:00:00 2001 From: "Ernesto R. C. Pereda" Date: Mon, 9 Sep 2024 23:04:55 -0400 Subject: [PATCH] feat(383) Define keyNames to backups.secrets --- charts/cluster/README.md | 7 ++++++ .../templates/_barman_object_store.tpl | 14 ++++++------ .../cluster/templates/backup-azure-creds.yaml | 8 +++---- .../templates/backup-google-creds.yaml | 2 +- charts/cluster/templates/backup-s3-creds.yaml | 4 ++-- charts/cluster/values.schema.json | 22 ++++++++++++++++++- charts/cluster/values.yaml | 9 ++++++++ 7 files changed, 51 insertions(+), 15 deletions(-) diff --git a/charts/cluster/README.md b/charts/cluster/README.md index 5b3fcd204..28619d3d6 100644 --- a/charts/cluster/README.md +++ b/charts/cluster/README.md @@ -145,6 +145,13 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | backups.scheduledBackups[0].schedule | string | `"0 0 0 * * *"` | Schedule in cron format | | backups.secret.create | bool | `true` | Whether to create a secret for the backup credentials | | backups.secret.name | string | `""` | Name of the backup credentials secret | +| backups.secret.keyNames.accessKey | string | `"ACCESS_KEY_ID"` | Name of the s3 accessKey secret key | +| backups.secret.keyNames.secretKey | string | `"ACCESS_SECRET_KEY"` | Name of the s3 secretKey secret key | +| backups.secret.keyNames.applicationCredentials | string | `"APPLICATION_CREDENTIALS"` | Name of the google applicationCredentials secret key | +| backups.secret.keyNames.connectionString | string | `"AZURE_CONNECTION_STRING"` | Name of the azure connectionString secret key | +| backups.secret.keyNames.storageAccount | string | `"AZURE_STORAGE_ACCOUNT"` | Name of the azure storageAccount secret key | +| backups.secret.keyNames.storageKey | string | `"AZURE_STORAGE_KEY"` | Name of the azure storageKey secret key | +| backups.secret.keyNames.storageSasToken | string | `"AZURE_STORAGE_SAS_TOKEN"` | Name of the azure storageSasToken secret key | | backups.wal.compression | string | `"gzip"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. | | backups.wal.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. | | backups.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. | diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl index 881047655..081aafe09 100644 --- a/charts/cluster/templates/_barman_object_store.tpl +++ b/charts/cluster/templates/_barman_object_store.tpl @@ -25,10 +25,10 @@ s3Credentials: accessKeyId: name: {{ $secretName }} - key: ACCESS_KEY_ID + key: {{ required ".Values.backups.secret.keyNames.accessKey is required, but not specified" .scope.secret.keyNames.accessKey }} secretAccessKey: name: {{ $secretName }} - key: ACCESS_SECRET_KEY + key: {{ required ".Values.backups.secret.keyNames.secretKey is required, but not specified" .scope.secret.keyNames.secretKey }} {{- else if eq .scope.provider "azure" }} {{- if empty .scope.destinationPath }} destinationPath: "https://{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}" @@ -40,19 +40,19 @@ {{- else if .scope.azure.connectionString }} connectionString: name: {{ $secretName }} - key: AZURE_CONNECTION_STRING + key: {{ required ".Values.backups.secret.keyNames.connectionString is required, but not specified" .scope.secret.keyNames.connectionString }} {{- else }} storageAccount: name: {{ $secretName }} - key: AZURE_STORAGE_ACCOUNT + key: {{ required ".Values.backups.secret.keyNames.storageAccount is required, but not specified" .scope.secret.keyNames.storageAccount }} {{- if .scope.azure.storageKey }} storageKey: name: {{ $secretName }} - key: AZURE_STORAGE_KEY + key: {{ required ".Values.backups.secret.keyNames.storageKey is required, but not specified" .scope.secret.keyNames.storageKey }} {{- else }} storageSasToken: name: {{ $secretName }} - key: AZURE_STORAGE_SAS_TOKEN + key: {{ required ".Values.backups.secret.keyNames.storageSasToken is required, but not specified" .scope.secret.keyNames.storageSasToken }} {{- end }} {{- end }} {{- else if eq .scope.provider "google" }} @@ -65,7 +65,7 @@ {{- if not .scope.google.gkeEnvironment }} applicationCredentials: name: {{ $secretName }} - key: APPLICATION_CREDENTIALS + key: {{ required ".Values.backups.secret.keyNames.applicationCredentials is required, but not specified" .scope.secret.keyNames.applicationCredentials }} {{- end }} {{- end -}} {{- end -}} diff --git a/charts/cluster/templates/backup-azure-creds.yaml b/charts/cluster/templates/backup-azure-creds.yaml index 6c84308dd..6d718081a 100644 --- a/charts/cluster/templates/backup-azure-creds.yaml +++ b/charts/cluster/templates/backup-azure-creds.yaml @@ -4,8 +4,8 @@ kind: Secret metadata: name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }} data: - AZURE_CONNECTION_STRING: {{ .Values.backups.azure.connectionString | b64enc | quote }} - AZURE_STORAGE_ACCOUNT: {{ .Values.backups.azure.storageAccount | b64enc | quote }} - AZURE_STORAGE_KEY: {{ .Values.backups.azure.storageKey | b64enc | quote }} - AZURE_STORAGE_SAS_TOKEN: {{ .Values.backups.azure.storageSasToken | b64enc | quote }} + {{ required ".Values.backups.secret.keyNames.connectionString is required, but not specified" .Values.backups.secret.keyNames.connectionString }}: {{ .Values.backups.azure.connectionString | b64enc | quote }} + {{ required ".Values.backups.secret.keyNames.storageAccount is required, but not specified" .Values.backups.secret.keyNames.storageAccount }}: {{ .Values.backups.azure.storageAccount | b64enc | quote }} + {{ required ".Values.backups.secret.keyNames.storageKey is required, but not specified" .Values.backups.secret.keyNames.storageKey }}: {{ .Values.backups.azure.storageKey | b64enc | quote }} + {{ required ".Values.backups.secret.keyNames.storageSasToken is required, but not specified" .Values.backups.secret.keyNames.storageSasToken }}: {{ .Values.backups.azure.storageSasToken | b64enc | quote }} {{- end }} diff --git a/charts/cluster/templates/backup-google-creds.yaml b/charts/cluster/templates/backup-google-creds.yaml index cc05c4c59..f83ea2764 100644 --- a/charts/cluster/templates/backup-google-creds.yaml +++ b/charts/cluster/templates/backup-google-creds.yaml @@ -4,5 +4,5 @@ kind: Secret metadata: name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }} data: - APPLICATION_CREDENTIALS: {{ .Values.backups.google.applicationCredentials | b64enc | quote }} + {{ required ".Values.backups.secret.keyNames.applicationCredentials is required, but not specified" .Values.backups.secret.keyNames.applicationCredentials }}: {{ .Values.backups.google.applicationCredentials | b64enc | quote }} {{- end }} diff --git a/charts/cluster/templates/backup-s3-creds.yaml b/charts/cluster/templates/backup-s3-creds.yaml index ddd8e2717..b71ff7131 100644 --- a/charts/cluster/templates/backup-s3-creds.yaml +++ b/charts/cluster/templates/backup-s3-creds.yaml @@ -4,6 +4,6 @@ kind: Secret metadata: name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }} data: - ACCESS_KEY_ID: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }} - ACCESS_SECRET_KEY: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }} + {{ required ".Values.backups.secret.keyNames.accessKey is required, but not specified" .Values.backups.secret.keyNames.accessKey }}: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }} + {{ required ".Values.backups.secret.keyNames.secretKey is required, but not specified" .Values.backups.secret.keyNames.secretKey }}: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }} {{- end }} diff --git a/charts/cluster/values.schema.json b/charts/cluster/values.schema.json index 9e35d7a90..3de8b81ec 100644 --- a/charts/cluster/values.schema.json +++ b/charts/cluster/values.schema.json @@ -145,7 +145,27 @@ }, "name": { "type": "string" - } + }, + "keyNames": { + "type": "object", + "properties": { + "accessKey": { + "type": "string" + }, + "secretKey": { + "type": "string" + }, + "applicationCredentials": { + "type": "string" + }, + "connectionString": { + "type": "string" + }, + "storageAccount": { + "type": "string" + } + } + } } }, "wal": { diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml index 8398c74d1..27c4f5ee3 100644 --- a/charts/cluster/values.yaml +++ b/charts/cluster/values.yaml @@ -316,6 +316,15 @@ backups: create: true # -- Name of the backup credentials secret name: "" + # -- Name of the keys inside the secret + keyNames: + accessKey: ACCESS_KEY_ID + secretKey: ACCESS_SECRET_KEY + applicationCredentials: APPLICATION_CREDENTIALS + connectionString: AZURE_CONNECTION_STRING + storageAccount: AZURE_STORAGE_ACCOUNT + storageKey: AZURE_STORAGE_KEY + storageSasToken: AZURE_STORAGE_SAS_TOKEN wal: # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.