diff --git a/control-plane/roles/auditing-meili/defaults/main/main.yaml b/control-plane/roles/auditing-meili/defaults/main/main.yaml index 2dab145f..22c9235d 100644 --- a/control-plane/roles/auditing-meili/defaults/main/main.yaml +++ b/control-plane/roles/auditing-meili/defaults/main/main.yaml @@ -24,6 +24,12 @@ auditing_meili_backup_restore_sidecar_gcp_backup_location: auditing_meili_backup_restore_sidecar_gcp_project_id: auditing_meili_backup_restore_sidecar_gcp_serviceaccount_json: +auditing_meili_backup_restore_sidecar_s3_bucket_name: +auditing_meili_backup_restore_sidecar_s3_region: +auditing_meili_backup_restore_sidecar_s3_endpoint: +auditing_meili_backup_restore_sidecar_s3_access_key: +auditing_meili_backup_restore_sidecar_s3_secret_key: + auditing_meili_resources: requests: memory: "256Mi" diff --git a/control-plane/roles/auditing-meili/tasks/main.yaml b/control-plane/roles/auditing-meili/tasks/main.yaml index fe69d289..01cb7556 100644 --- a/control-plane/roles/auditing-meili/tasks/main.yaml +++ b/control-plane/roles/auditing-meili/tasks/main.yaml @@ -39,6 +39,11 @@ meilisearch_backup_restore_sidecar_gcp_backup_location: "{{ auditing_meili_backup_restore_sidecar_gcp_backup_location }}" meilisearch_backup_restore_sidecar_gcp_project_id: "{{ auditing_meili_backup_restore_sidecar_gcp_project_id }}" meilisearch_backup_restore_sidecar_gcp_serviceaccount_json: "{{ auditing_meili_backup_restore_sidecar_gcp_serviceaccount_json }}" + meilisearch_backup_restore_sidecar_s3_bucket_name: "{{ auditing_meili_backup_restore_sidecar_s3_bucket_name }}" + meilisearch_backup_restore_sidecar_s3_region: "{{ auditing_meili_backup_restore_sidecar_s3_region }}" + meilisearch_backup_restore_sidecar_s3_endpoint: "{{ auditing_meili_backup_restore_sidecar_s3_endpoint }}" + meilisearch_backup_restore_sidecar_s3_access_key: "{{ auditing_meili_backup_restore_sidecar_s3_access_key }}" + meilisearch_backup_restore_sidecar_s3_secret_key: "{{ auditing_meili_backup_restore_sidecar_s3_secret_key }}" meilisearch_resources: "{{ auditing_meili_resources }}" meilisearch_backup_restore_sidecar_object_max_keep: "{{ auditing_meili_backup_restore_sidecar_object_max_keep }}" meilisearch_backup_restore_sidecar_encryption_key: "{{ auditing_meili_backup_restore_sidecar_encryption_key }}" diff --git a/control-plane/roles/headscale/defaults/main/db.yaml b/control-plane/roles/headscale/defaults/main/db.yaml index f96f2e09..3604d775 100644 --- a/control-plane/roles/headscale/defaults/main/db.yaml +++ b/control-plane/roles/headscale/defaults/main/db.yaml @@ -19,6 +19,12 @@ headscale_db_backup_restore_sidecar_gcp_backup_location: headscale_db_backup_restore_sidecar_gcp_project_id: headscale_db_backup_restore_sidecar_gcp_serviceaccount_json: +headscale_db_backup_restore_sidecar_s3_bucket_name: +headscale_db_backup_restore_sidecar_s3_region: +headscale_db_backup_restore_sidecar_s3_endpoint: +headscale_db_backup_restore_sidecar_s3_access_key: +headscale_db_backup_restore_sidecar_s3_secret_key: + headscale_db_resources: requests: memory: "256Mi" diff --git a/control-plane/roles/headscale/tasks/main.yaml b/control-plane/roles/headscale/tasks/main.yaml index d395e70e..618067c2 100644 --- a/control-plane/roles/headscale/tasks/main.yaml +++ b/control-plane/roles/headscale/tasks/main.yaml @@ -50,6 +50,11 @@ postgres_backup_restore_sidecar_gcp_backup_location: "{{ headscale_db_backup_restore_sidecar_gcp_backup_location }}" postgres_backup_restore_sidecar_gcp_project_id: "{{ headscale_db_backup_restore_sidecar_gcp_project_id }}" postgres_backup_restore_sidecar_gcp_serviceaccount_json: "{{ headscale_db_backup_restore_sidecar_gcp_serviceaccount_json }}" + postgres_backup_restore_sidecar_s3_bucket_name: "{{ headscale_db_backup_restore_sidecar_s3_bucket_name }}" + postgres_backup_restore_sidecar_s3_region: "{{ headscale_db_backup_restore_sidecar_s3_region }}" + postgres_backup_restore_sidecar_s3_endpoint: "{{ headscale_db_backup_restore_sidecar_s3_endpoint }}" + postgres_backup_restore_sidecar_s3_access_key: "{{ headscale_db_backup_restore_sidecar_s3_access_key }}" + postgres_backup_restore_sidecar_s3_secret_key: "{{ headscale_db_backup_restore_sidecar_s3_secret_key }}" postgres_backup_restore_sidecar_encryption_key: "{{ headscale_db_backup_restore_sidecar_encryption_key }}" postgres_resources: "{{ headscale_db_resources }}" diff --git a/control-plane/roles/ipam-db/defaults/main/main.yaml b/control-plane/roles/ipam-db/defaults/main/main.yaml index b5134a94..a3458021 100644 --- a/control-plane/roles/ipam-db/defaults/main/main.yaml +++ b/control-plane/roles/ipam-db/defaults/main/main.yaml @@ -24,6 +24,12 @@ ipam_db_backup_restore_sidecar_gcp_backup_location: ipam_db_backup_restore_sidecar_gcp_project_id: ipam_db_backup_restore_sidecar_gcp_serviceaccount_json: +ipam_db_backup_restore_sidecar_s3_bucket_name: +ipam_db_backup_restore_sidecar_s3_region: +ipam_db_backup_restore_sidecar_s3_endpoint: +ipam_db_backup_restore_sidecar_s3_access_key: +ipam_db_backup_restore_sidecar_s3_secret_key: + ipam_db_resources: requests: memory: "128Mi" diff --git a/control-plane/roles/ipam-db/tasks/main.yaml b/control-plane/roles/ipam-db/tasks/main.yaml index 23b068f6..da3d32e3 100644 --- a/control-plane/roles/ipam-db/tasks/main.yaml +++ b/control-plane/roles/ipam-db/tasks/main.yaml @@ -40,6 +40,11 @@ postgres_backup_restore_sidecar_gcp_backup_location: "{{ ipam_db_backup_restore_sidecar_gcp_backup_location }}" postgres_backup_restore_sidecar_gcp_project_id: "{{ ipam_db_backup_restore_sidecar_gcp_project_id }}" postgres_backup_restore_sidecar_gcp_serviceaccount_json: "{{ ipam_db_backup_restore_sidecar_gcp_serviceaccount_json }}" + postgres_backup_restore_sidecar_s3_bucket_name: "{{ ipam_db_backup_restore_sidecar_s3_bucket_name }}" + postgres_backup_restore_sidecar_s3_region: "{{ ipam_db_backup_restore_sidecar_s3_region }}" + postgres_backup_restore_sidecar_s3_endpoint: "{{ ipam_db_backup_restore_sidecar_s3_endpoint }}" + postgres_backup_restore_sidecar_s3_access_key: "{{ ipam_db_backup_restore_sidecar_s3_access_key }}" + postgres_backup_restore_sidecar_s3_secret_key: "{{ ipam_db_backup_restore_sidecar_s3_secret_key }}" postgres_resources: "{{ ipam_db_resources }}" postgres_backup_restore_sidecar_object_max_keep: "{{ ipam_db_backup_restore_sidecar_object_max_keep }}" postgres_backup_restore_sidecar_encryption_key: "{{ ipam_db_backup_restore_sidecar_encryption_key }}" diff --git a/control-plane/roles/masterdata-db/defaults/main/main.yaml b/control-plane/roles/masterdata-db/defaults/main/main.yaml index ccb43843..f0921a52 100644 --- a/control-plane/roles/masterdata-db/defaults/main/main.yaml +++ b/control-plane/roles/masterdata-db/defaults/main/main.yaml @@ -24,6 +24,12 @@ masterdata_db_backup_restore_sidecar_gcp_backup_location: masterdata_db_backup_restore_sidecar_gcp_project_id: masterdata_db_backup_restore_sidecar_gcp_serviceaccount_json: +masterdata_db_backup_restore_sidecar_s3_bucket_name: +masterdata_db_backup_restore_sidecar_s3_region: +masterdata_db_backup_restore_sidecar_s3_endpoint: +masterdata_db_backup_restore_sidecar_s3_access_key: +masterdata_db_backup_restore_sidecar_s3_secret_key: + masterdata_db_resources: requests: memory: "128Mi" diff --git a/control-plane/roles/masterdata-db/tasks/main.yaml b/control-plane/roles/masterdata-db/tasks/main.yaml index 5326673b..890b05cf 100644 --- a/control-plane/roles/masterdata-db/tasks/main.yaml +++ b/control-plane/roles/masterdata-db/tasks/main.yaml @@ -40,6 +40,11 @@ postgres_backup_restore_sidecar_gcp_backup_location: "{{ masterdata_db_backup_restore_sidecar_gcp_backup_location }}" postgres_backup_restore_sidecar_gcp_project_id: "{{ masterdata_db_backup_restore_sidecar_gcp_project_id }}" postgres_backup_restore_sidecar_gcp_serviceaccount_json: "{{ masterdata_db_backup_restore_sidecar_gcp_serviceaccount_json }}" + postgres_backup_restore_sidecar_s3_bucket_name: "{{ masterdata_db_backup_restore_sidecar_s3_bucket_name }}" + postgres_backup_restore_sidecar_s3_region: "{{ masterdata_db_backup_restore_sidecar_s3_region }}" + postgres_backup_restore_sidecar_s3_endpoint: "{{ masterdata_db_backup_restore_sidecar_s3_endpoint }}" + postgres_backup_restore_sidecar_s3_access_key: "{{ masterdata_db_backup_restore_sidecar_s3_access_key }}" + postgres_backup_restore_sidecar_s3_secret_key: "{{ masterdata_db_backup_restore_sidecar_s3_secret_key }}" postgres_resources: "{{ masterdata_db_resources }}" postgres_backup_restore_sidecar_object_max_keep: "{{ masterdata_db_backup_restore_sidecar_object_max_keep }}" postgres_backup_restore_sidecar_encryption_key: "{{ masterdata_db_backup_restore_sidecar_encryption_key }}" diff --git a/control-plane/roles/meili-backup-restore/README.md b/control-plane/roles/meili-backup-restore/README.md index 965ab6a5..b82d6894 100644 --- a/control-plane/roles/meili-backup-restore/README.md +++ b/control-plane/roles/meili-backup-restore/README.md @@ -24,13 +24,18 @@ You can look up all the default values of this role [here](defaults/main/main.ya | meilisearch_no_analytics | | Sets the no analytics configuration for meilisearch | | meilisearch_backup_restore_sidecar_image_name | yes | Image version of the backup-restore-sidecar | | meilisearch_backup_restore_sidecar_image_tag | yes | Image tag of the backup-restore-sidecar | -| meilisearch_backup_restore_sidecar_provider | | The backup provider | +| meilisearch_backup_restore_sidecar_provider | | The backup provider . One of `local`, `gcp` or `s3` | | meilisearch_backup_restore_sidecar_backup_cron_schedule | | The backup cron schedule | | meilisearch_backup_restore_sidecar_log_level | | The log level of the sidecar | | meilisearch_backup_restore_sidecar_gcp_bucket_name | | Bucket name of the GCP bucket | | meilisearch_backup_restore_sidecar_gcp_backup_location | | Location of the GCP bucket | | meilisearch_backup_restore_sidecar_gcp_project_id | | GCP project name | | meilisearch_backup_restore_sidecar_gcp_serviceaccount_json | | GCP Serviceaccount JSON string (service account requires bucket access) | +| meilisearch_backup_restore_sidecar_s3_bucket_name | | The name of the S3 bucket | +| meilisearch_backup_restore_sidecar_s3_region | | The region where the S3 bucket is located | +| meilisearch_backup_restore_sidecar_s3_endpoint | | The endpoint URL for the S3 storage service | +| meilisearch_backup_restore_sidecar_s3_access_key | | The access key for authenticating with S3 | +| meilisearch_backup_restore_sidecar_s3_secret_key | | The secret key for authenticating with S3 | | meilisearch_resources | | The kubernetes resources for the actual meilisearch container | | meilisearch_backup_restore_sidecar_object_max_keep | | The number of objects to keep at the cloud provider bucket | | meilisearch_backup_restore_sidecar_encryption_key | | An optional encryption key to AES-encrypt the backups before uploading them to the backup provider (length == 32) | diff --git a/control-plane/roles/meili-backup-restore/defaults/main/main.yaml b/control-plane/roles/meili-backup-restore/defaults/main/main.yaml index 16fa8567..00aa18f7 100644 --- a/control-plane/roles/meili-backup-restore/defaults/main/main.yaml +++ b/control-plane/roles/meili-backup-restore/defaults/main/main.yaml @@ -24,6 +24,12 @@ meilisearch_backup_restore_sidecar_gcp_backup_location: meilisearch_backup_restore_sidecar_gcp_project_id: meilisearch_backup_restore_sidecar_gcp_serviceaccount_json: +meilisearch_backup_restore_sidecar_s3_bucket_name: +meilisearch_backup_restore_sidecar_s3_region: +meilisearch_backup_restore_sidecar_s3_endpoint: +meilisearch_backup_restore_sidecar_s3_access_key: +meilisearch_backup_restore_sidecar_s3_secret_key: + meilisearch_resources: requests: memory: "256Mi" diff --git a/control-plane/roles/meili-backup-restore/tasks/main.yml b/control-plane/roles/meili-backup-restore/tasks/main.yml index 3db47b4a..db0a76b6 100644 --- a/control-plane/roles/meili-backup-restore/tasks/main.yml +++ b/control-plane/roles/meili-backup-restore/tasks/main.yml @@ -12,6 +12,7 @@ - meilisearch_backup_restore_sidecar_image_name is defined - meilisearch_backup_restore_sidecar_image_tag is defined - meilisearch_backup_restore_sidecar_encryption_key is none or meilisearch_backup_restore_sidecar_encryption_key | length == 32 + - meilisearch_backup_restore_sidecar_provider in ["local", "gcp", "s3"] - name: Deploy meilisearch (backup-restore) k8s: diff --git a/control-plane/roles/meili-backup-restore/templates/meilisearch.yaml b/control-plane/roles/meili-backup-restore/templates/meilisearch.yaml index 49067dc4..8558ca3e 100644 --- a/control-plane/roles/meili-backup-restore/templates/meilisearch.yaml +++ b/control-plane/roles/meili-backup-restore/templates/meilisearch.yaml @@ -130,6 +130,32 @@ spec: name: backup-restore-sidecar-backup-provider-config-{{ meilisearch_name }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /gcp/credentials/serviceaccount.json +{% elif meilisearch_backup_restore_sidecar_provider == "s3" %} + - name: BACKUP_RESTORE_SIDECAR_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucketName + name: backup-restore-sidecar-backup-provider-config-{{ meilisearch_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_REGION + valueFrom: + secretKeyRef: + key: region + name: backup-restore-sidecar-backup-provider-config-{{ meilisearch_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: backup-restore-sidecar-backup-provider-config-{{ meilisearch_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accessKey + name: backup-restore-sidecar-backup-provider-config-{{ meilisearch_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretKey + name: backup-restore-sidecar-backup-provider-config-{{ meilisearch_name }} {% endif %} volumeMounts: - name: data @@ -249,6 +275,12 @@ data: bucketLocation: {{ meilisearch_backup_restore_sidecar_gcp_backup_location | b64encode }} projectID: {{ meilisearch_backup_restore_sidecar_gcp_project_id | b64encode }} serviceaccount.json: {{ meilisearch_backup_restore_sidecar_gcp_serviceaccount_json | to_json | b64encode }} +{% elif meilisearch_backup_restore_sidecar_provider == "s3" %} + bucketName: {{ meilisearch_backup_restore_sidecar_s3_bucket_name | b64encode }} + region: {{ meilisearch_backup_restore_sidecar_s3_region | b64encode }} + endpoint: {{ meilisearch_backup_restore_sidecar_s3_endpoint | b64encode }} + accessKey: {{ meilisearch_backup_restore_sidecar_s3_access_key | b64encode }} + secretKey: {{ meilisearch_backup_restore_sidecar_s3_secret_key | b64encode }} {% endif %} --- apiVersion: v1 diff --git a/control-plane/roles/metal-db/defaults/main/main.yaml b/control-plane/roles/metal-db/defaults/main/main.yaml index b7ee9ef0..4f83ab7d 100644 --- a/control-plane/roles/metal-db/defaults/main/main.yaml +++ b/control-plane/roles/metal-db/defaults/main/main.yaml @@ -21,6 +21,12 @@ metal_db_backup_restore_sidecar_gcp_backup_location: metal_db_backup_restore_sidecar_gcp_project_id: metal_db_backup_restore_sidecar_gcp_serviceaccount_json: +metal_db_backup_restore_sidecar_s3_bucket_name: +metal_db_backup_restore_sidecar_s3_region: +metal_db_backup_restore_sidecar_s3_endpoint: +metal_db_backup_restore_sidecar_s3_access_key: +metal_db_backup_restore_sidecar_s3_secret_key: + metal_db_expose_frontend: no metal_db_ingress_dns: rethinkdb.{{ metal_control_plane_ingress_dns }} diff --git a/control-plane/roles/metal-db/tasks/main.yaml b/control-plane/roles/metal-db/tasks/main.yaml index 5381ef1f..7635d28b 100644 --- a/control-plane/roles/metal-db/tasks/main.yaml +++ b/control-plane/roles/metal-db/tasks/main.yaml @@ -36,6 +36,11 @@ rethinkdb_backup_restore_sidecar_gcp_backup_location: "{{ metal_db_backup_restore_sidecar_gcp_backup_location }}" rethinkdb_backup_restore_sidecar_gcp_project_id: "{{ metal_db_backup_restore_sidecar_gcp_project_id }}" rethinkdb_backup_restore_sidecar_gcp_serviceaccount_json: "{{ metal_db_backup_restore_sidecar_gcp_serviceaccount_json }}" + rethinkdb_backup_restore_sidecar_s3_bucket_name: "{{ metal_db_backup_restore_sidecar_s3_bucket_name }}" + rethinkdb_backup_restore_sidecar_s3_region: "{{ metal_db_backup_restore_sidecar_s3_region }}" + rethinkdb_backup_restore_sidecar_s3_endpoint: "{{ metal_db_backup_restore_sidecar_s3_endpoint }}" + rethinkdb_backup_restore_sidecar_s3_access_key: "{{ metal_db_backup_restore_sidecar_s3_access_key }}" + rethinkdb_backup_restore_sidecar_s3_secret_key: "{{ metal_db_backup_restore_sidecar_s3_secret_key }}" rethinkdb_expose_frontend: "{{ metal_db_expose_frontend }}" rethinkdb_ingress_dns: "{{ metal_db_ingress_dns }}" rethinkdb_resources: "{{ metal_db_resources }}" diff --git a/control-plane/roles/postgres-backup-restore/README.md b/control-plane/roles/postgres-backup-restore/README.md index 4c6ab642..b4c35705 100644 --- a/control-plane/roles/postgres-backup-restore/README.md +++ b/control-plane/roles/postgres-backup-restore/README.md @@ -25,13 +25,18 @@ You can look up all the default values of this role [here](defaults/main/main.ya | postgres_max_connections | | The amount of max. connections possible, defaults to 100 | | postgres_backup_restore_sidecar_image_name | yes | Image version of the backup-restore-sidecar | | postgres_backup_restore_sidecar_image_tag | yes | Image tag of the backup-restore-sidecar | -| postgres_backup_restore_sidecar_provider | | The backup provider | +| postgres_backup_restore_sidecar_provider | | The backup provider. One of `local`, `gcp` or `s3` | | postgres_backup_restore_sidecar_backup_cron_schedule | | The backup cron schedule | | postgres_backup_restore_sidecar_log_level | | The log level of the sidecar | | postgres_backup_restore_sidecar_gcp_bucket_name | | Bucket name of the GCP bucket | | postgres_backup_restore_sidecar_gcp_backup_location | | Location of the GCP bucket | | postgres_backup_restore_sidecar_gcp_project_id | | GCP project name | | postgres_backup_restore_sidecar_gcp_serviceaccount_json | | GCP Serviceaccount JSON string (service account requires bucket access) | +| postgres_backup_restore_sidecar_s3_bucket_name | | The name of the S3 bucket | +| postgres_backup_restore_sidecar_s3_region | | The region where the S3 bucket is located | +| postgres_backup_restore_sidecar_s3_endpoint | | The endpoint URL for the S3 storage service | +| postgres_backup_restore_sidecar_s3_access_key | | The access key for authenticating with S3 | +| postgres_backup_restore_sidecar_s3_secret_key | | The secret key for authenticating with S3 | | postgres_expose_frontend | | Exposes the postgres over ingress (only use for dev environments) | | postgres_ingress_dns | | The virtual host to reach the postgres frontend when exposed via ingress | | postgres_resources | | The kubernetes resources for the actual postgres container | diff --git a/control-plane/roles/postgres-backup-restore/defaults/main/main.yaml b/control-plane/roles/postgres-backup-restore/defaults/main/main.yaml index ac7b9084..11f01187 100644 --- a/control-plane/roles/postgres-backup-restore/defaults/main/main.yaml +++ b/control-plane/roles/postgres-backup-restore/defaults/main/main.yaml @@ -30,6 +30,12 @@ postgres_backup_restore_sidecar_gcp_backup_location: postgres_backup_restore_sidecar_gcp_project_id: postgres_backup_restore_sidecar_gcp_serviceaccount_json: +postgres_backup_restore_sidecar_s3_bucket_name: +postgres_backup_restore_sidecar_s3_region: +postgres_backup_restore_sidecar_s3_endpoint: +postgres_backup_restore_sidecar_s3_access_key: +postgres_backup_restore_sidecar_s3_secret_key: + postgres_resources: requests: memory: "128Mi" diff --git a/control-plane/roles/postgres-backup-restore/tasks/main.yml b/control-plane/roles/postgres-backup-restore/tasks/main.yml index 3cb86531..6351fd4b 100644 --- a/control-plane/roles/postgres-backup-restore/tasks/main.yml +++ b/control-plane/roles/postgres-backup-restore/tasks/main.yml @@ -12,6 +12,7 @@ - postgres_backup_restore_sidecar_image_name is defined - postgres_backup_restore_sidecar_image_tag is defined - postgres_backup_restore_sidecar_encryption_key is none or postgres_backup_restore_sidecar_encryption_key | length == 32 + - postgres_backup_restore_sidecar_provider in ["local", "gcp", "s3"] - name: Deploy postgres (backup-restore) k8s: diff --git a/control-plane/roles/postgres-backup-restore/templates/postgres.yaml b/control-plane/roles/postgres-backup-restore/templates/postgres.yaml index a6b1e464..93e9bde7 100644 --- a/control-plane/roles/postgres-backup-restore/templates/postgres.yaml +++ b/control-plane/roles/postgres-backup-restore/templates/postgres.yaml @@ -154,6 +154,32 @@ spec: name: backup-restore-sidecar-backup-provider-config-{{ postgres_name }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /gcp/credentials/serviceaccount.json +{% elif postgres_backup_restore_sidecar_provider == "s3" %} + - name: BACKUP_RESTORE_SIDECAR_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucketName + name: backup-restore-sidecar-backup-provider-config-{{ postgres_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_REGION + valueFrom: + secretKeyRef: + key: region + name: backup-restore-sidecar-backup-provider-config-{{ postgres_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: backup-restore-sidecar-backup-provider-config-{{ postgres_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accessKey + name: backup-restore-sidecar-backup-provider-config-{{ postgres_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretKey + name: backup-restore-sidecar-backup-provider-config-{{ postgres_name }} {% endif %} volumeMounts: - name: {{ postgres_name }} @@ -268,6 +294,12 @@ data: bucketLocation: {{ postgres_backup_restore_sidecar_gcp_backup_location | b64encode }} projectID: {{ postgres_backup_restore_sidecar_gcp_project_id | b64encode }} serviceaccount.json: {{ postgres_backup_restore_sidecar_gcp_serviceaccount_json | to_json | b64encode }} +{% elif postgres_backup_restore_sidecar_provider == "s3" %} + bucketName: {{ postgres_backup_restore_sidecar_s3_bucket_name | b64encode }} + region: {{ postgres_backup_restore_sidecar_s3_region | b64encode }} + endpoint: {{ postgres_backup_restore_sidecar_s3_endpoint | b64encode }} + accessKey: {{ postgres_backup_restore_sidecar_s3_access_key | b64encode }} + secretKey: {{ postgres_backup_restore_sidecar_s3_secret_key | b64encode }} {% endif %} --- apiVersion: v1 diff --git a/control-plane/roles/rethinkdb-backup-restore/README.md b/control-plane/roles/rethinkdb-backup-restore/README.md index 5fef449b..d4659cb5 100644 --- a/control-plane/roles/rethinkdb-backup-restore/README.md +++ b/control-plane/roles/rethinkdb-backup-restore/README.md @@ -22,13 +22,18 @@ You can look up all the default values of this role [here](defaults/main/main.ya | rethinkdb_password | | The password of the rethinkdb | | rethinkdb_backup_restore_sidecar_image_name | yes | Image version of the backup-restore-sidecar | | rethinkdb_backup_restore_sidecar_image_tag | yes | Image tag of the backup-restore-sidecar | -| rethinkdb_backup_restore_sidecar_provider | | The backup provider | +| rethinkdb_backup_restore_sidecar_provider | | The backup provider. One of `local`, `gcp` or `s3` | | rethinkdb_backup_restore_sidecar_backup_cron_schedule | | The backup cron schedule | | rethinkdb_backup_restore_sidecar_log_level | | The log level of the sidecar | | rethinkdb_backup_restore_sidecar_gcp_bucket_name | | Bucket name of the GCP bucket | | rethinkdb_backup_restore_sidecar_gcp_backup_location | | Location of the GCP bucket | | rethinkdb_backup_restore_sidecar_gcp_project_id | | GCP project name | | rethinkdb_backup_restore_sidecar_gcp_serviceaccount_json | | GCP Serviceaccount JSON string (service account requires bucket access) | +| rethinkdb_backup_restore_sidecar_s3_bucket_name | | The name of the S3 bucket | +| rethinkdb_backup_restore_sidecar_s3_region | | The region where the S3 bucket is located | +| rethinkdb_backup_restore_sidecar_s3_endpoint | | The endpoint URL for the S3 storage service | +| rethinkdb_backup_restore_sidecar_s3_access_key | | The access key for authenticating with S3 | +| rethinkdb_backup_restore_sidecar_s3_secret_key | | The secret key for authenticating with S3 | | rethinkdb_expose_frontend | | Exposes the rethinkdb over ingress (only use for dev environments) | | rethinkdb_ingress_dns | | The virtual host to reach the rethinkdb frontend when exposed via ingress | | rethinkdb_resources | | The kubernetes resources for the actual rethinkdb container | diff --git a/control-plane/roles/rethinkdb-backup-restore/defaults/main/main.yaml b/control-plane/roles/rethinkdb-backup-restore/defaults/main/main.yaml index 852d536b..30940c01 100644 --- a/control-plane/roles/rethinkdb-backup-restore/defaults/main/main.yaml +++ b/control-plane/roles/rethinkdb-backup-restore/defaults/main/main.yaml @@ -18,6 +18,12 @@ rethinkdb_backup_restore_sidecar_gcp_backup_location: rethinkdb_backup_restore_sidecar_gcp_project_id: rethinkdb_backup_restore_sidecar_gcp_serviceaccount_json: +rethinkdb_backup_restore_sidecar_s3_bucket_name: +rethinkdb_backup_restore_sidecar_s3_region: +rethinkdb_backup_restore_sidecar_s3_endpoint: +rethinkdb_backup_restore_sidecar_s3_access_key: +rethinkdb_backup_restore_sidecar_s3_secret_key: + rethinkdb_backup_restore_sidecar_object_max_keep: rethinkdb_backup_restore_sidecar_encryption_key: diff --git a/control-plane/roles/rethinkdb-backup-restore/tasks/main.yml b/control-plane/roles/rethinkdb-backup-restore/tasks/main.yml index dff0c699..b0691273 100644 --- a/control-plane/roles/rethinkdb-backup-restore/tasks/main.yml +++ b/control-plane/roles/rethinkdb-backup-restore/tasks/main.yml @@ -12,6 +12,7 @@ - rethinkdb_backup_restore_sidecar_image_name is defined - rethinkdb_backup_restore_sidecar_image_tag is defined - rethinkdb_backup_restore_sidecar_encryption_key is none or rethinkdb_backup_restore_sidecar_encryption_key | length == 32 + - rethinkdb_backup_restore_sidecar_provider in ["local", "gcp", "s3"] - name: Check mandatory variables for this role are set assert: diff --git a/control-plane/roles/rethinkdb-backup-restore/templates/rethinkdb.yaml b/control-plane/roles/rethinkdb-backup-restore/templates/rethinkdb.yaml index ab0c7fa1..e1f7dd7c 100644 --- a/control-plane/roles/rethinkdb-backup-restore/templates/rethinkdb.yaml +++ b/control-plane/roles/rethinkdb-backup-restore/templates/rethinkdb.yaml @@ -85,6 +85,32 @@ spec: name: backup-restore-sidecar-backup-provider-config-{{ rethinkdb_name }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /gcp/credentials/serviceaccount.json +{% elif rethinkdb_backup_restore_sidecar_provider == "s3" %} + - name: BACKUP_RESTORE_SIDECAR_S3_BUCKET_NAME + valueFrom: + secretKeyRef: + key: bucketName + name: backup-restore-sidecar-backup-provider-config-{{ rethinkdb_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_REGION + valueFrom: + secretKeyRef: + key: region + name: backup-restore-sidecar-backup-provider-config-{{ rethinkdb_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: backup-restore-sidecar-backup-provider-config-{{ rethinkdb_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accessKey + name: backup-restore-sidecar-backup-provider-config-{{ rethinkdb_name }} + - name: BACKUP_RESTORE_SIDECAR_S3_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretKey + name: backup-restore-sidecar-backup-provider-config-{{ rethinkdb_name }} {% endif %} volumeMounts: - mountPath: /data @@ -236,6 +262,12 @@ data: bucketLocation: {{ rethinkdb_backup_restore_sidecar_gcp_backup_location | b64encode }} projectID: {{ rethinkdb_backup_restore_sidecar_gcp_project_id | b64encode }} serviceaccount.json: {{ rethinkdb_backup_restore_sidecar_gcp_serviceaccount_json | to_json | b64encode }} +{% elif rethinkdb_backup_restore_sidecar_provider == "s3" %} + bucketName: {{ rethinkdb_backup_restore_sidecar_s3_bucket_name | b64encode }} + region: {{ rethinkdb_backup_restore_sidecar_s3_region | b64encode }} + endpoint: {{ rethinkdb_backup_restore_sidecar_s3_endpoint | b64encode }} + accessKey: {{ rethinkdb_backup_restore_sidecar_s3_access_key | b64encode }} + secretKey: {{ rethinkdb_backup_restore_sidecar_s3_secret_key | b64encode }} {% endif %} {% if rethinkdb_expose_frontend %} ---