feat(383) Define keyNames to backups.secrets

Author: ercpereda

charts/cluster/README.md

@@ -145,6 +145,13 @@ refer to  the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat
 | backups.scheduledBackups[0].schedule | string | `"0 0 0 * * *"` | Schedule in cron format |
 | backups.secret.create | bool | `true` | Whether to create a secret for the backup credentials |
 | backups.secret.name | string | `""` | Name of the backup credentials secret |
+| backups.secret.keyNames.accessKey | string | `"ACCESS_KEY_ID"` | Name of the s3 accessKey secret key |
+| backups.secret.keyNames.secretKey | string | `"ACCESS_SECRET_KEY"` | Name of the s3 secretKey secret key |
+| backups.secret.keyNames.applicationCredentials | string | `"APPLICATION_CREDENTIALS"` | Name of the google applicationCredentials secret key |
+| backups.secret.keyNames.connectionString | string | `"AZURE_CONNECTION_STRING"` | Name of the azure connectionString secret key |
+| backups.secret.keyNames.storageAccount | string | `"AZURE_STORAGE_ACCOUNT"` | Name of the azure storageAccount secret key |
+| backups.secret.keyNames.storageKey | string | `"AZURE_STORAGE_KEY"` | Name of the azure storageKey secret key |
+| backups.secret.keyNames.storageSasToken | string | `"AZURE_STORAGE_SAS_TOKEN"` | Name of the azure storageSasToken secret key |
 | backups.wal.compression | string | `"gzip"` | WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`. |
 | backups.wal.encryption | string | `"AES256"` | Whether to instruct the storage provider to encrypt WAL files. One of `` (use the storage container default), `AES256` or `aws:kms`. |
 | backups.wal.maxParallel | int | `1` | Number of WAL files to be archived or restored in parallel. |

charts/cluster/templates/_barman_object_store.tpl

@@ -25,10 +25,10 @@
   s3Credentials:
     accessKeyId:
       name: {{ $secretName }}
-      key: ACCESS_KEY_ID
+      key: {{ required ".Values.backups.secret.keyNames.accessKey is required, but not specified" .scope.secret.keyNames.accessKey }}
     secretAccessKey:
       name: {{ $secretName }}
-      key: ACCESS_SECRET_KEY
+      key: {{ required ".Values.backups.secret.keyNames.secretKey is required, but not specified" .scope.secret.keyNames.secretKey }}
 {{- else if eq .scope.provider "azure" }}
   {{- if empty .scope.destinationPath }}
   destinationPath: "https://{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}"
@@ -40,19 +40,19 @@
   {{- else if .scope.azure.connectionString }}
     connectionString:
       name: {{ $secretName }}
-      key: AZURE_CONNECTION_STRING
+      key: {{ required ".Values.backups.secret.keyNames.connectionString is required, but not specified" .scope.secret.keyNames.connectionString }}
   {{- else }}
     storageAccount:
       name: {{ $secretName }}
-      key: AZURE_STORAGE_ACCOUNT
+      key: {{ required ".Values.backups.secret.keyNames.storageAccount is required, but not specified" .scope.secret.keyNames.storageAccount }}
     {{- if .scope.azure.storageKey }}
     storageKey:
       name: {{ $secretName }}
-      key: AZURE_STORAGE_KEY
+      key: {{ required ".Values.backups.secret.keyNames.storageKey is required, but not specified" .scope.secret.keyNames.storageKey }}
     {{- else }}
     storageSasToken:
       name: {{ $secretName }}
-      key: AZURE_STORAGE_SAS_TOKEN
+      key: {{ required ".Values.backups.secret.keyNames.storageSasToken is required, but not specified" .scope.secret.keyNames.storageSasToken }}
     {{- end }}
   {{- end }}
 {{- else if eq .scope.provider "google" }}
@@ -65,7 +65,7 @@
 {{- if not .scope.google.gkeEnvironment }}
     applicationCredentials:
       name: {{ $secretName }}
-      key: APPLICATION_CREDENTIALS
+      key: {{ required ".Values.backups.secret.keyNames.applicationCredentials is required, but not specified" .scope.secret.keyNames.applicationCredentials }}
 {{- end }}
 {{- end -}}
 {{- end -}}

charts/cluster/templates/backup-azure-creds.yaml

@@ -4,8 +4,8 @@ kind: Secret
 metadata:
   name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
-  AZURE_CONNECTION_STRING: {{ .Values.backups.azure.connectionString | b64enc | quote }}
-  AZURE_STORAGE_ACCOUNT: {{ .Values.backups.azure.storageAccount | b64enc | quote }}
-  AZURE_STORAGE_KEY: {{ .Values.backups.azure.storageKey | b64enc | quote }}
-  AZURE_STORAGE_SAS_TOKEN: {{ .Values.backups.azure.storageSasToken | b64enc | quote }}
+  {{ required ".Values.backups.secret.keyNames.connectionString is required, but not specified" .Values.backups.secret.keyNames.connectionString }}: {{ .Values.backups.azure.connectionString | b64enc | quote }}
+  {{ required ".Values.backups.secret.keyNames.storageAccount is required, but not specified" .Values.backups.secret.keyNames.storageAccount }}: {{ .Values.backups.azure.storageAccount | b64enc | quote }}
+  {{ required ".Values.backups.secret.keyNames.storageKey is required, but not specified" .Values.backups.secret.keyNames.storageKey }}: {{ .Values.backups.azure.storageKey | b64enc | quote }}
+  {{ required ".Values.backups.secret.keyNames.storageSasToken is required, but not specified" .Values.backups.secret.keyNames.storageSasToken }}: {{ .Values.backups.azure.storageSasToken | b64enc | quote }}
 {{- end }}

charts/cluster/templates/backup-google-creds.yaml

@@ -4,5 +4,5 @@ kind: Secret
 metadata:
   name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
-  APPLICATION_CREDENTIALS: {{ .Values.backups.google.applicationCredentials | b64enc | quote }}
+  {{ required ".Values.backups.secret.keyNames.applicationCredentials is required, but not specified" .Values.backups.secret.keyNames.applicationCredentials }}: {{ .Values.backups.google.applicationCredentials | b64enc | quote }}
 {{- end }}

charts/cluster/templates/backup-s3-creds.yaml

@@ -4,6 +4,6 @@ kind: Secret
 metadata:
   name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
-  ACCESS_KEY_ID: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }}
-  ACCESS_SECRET_KEY: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }}
+  {{ required ".Values.backups.secret.keyNames.accessKey is required, but not specified" .Values.backups.secret.keyNames.accessKey }}: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }}
+  {{ required ".Values.backups.secret.keyNames.secretKey is required, but not specified" .Values.backups.secret.keyNames.secretKey }}: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }}
 {{- end }}

charts/cluster/values.schema.json

@@ -145,7 +145,27 @@
                         },
                         "name": {
                             "type": "string"
-                        }
+                        },
+			"keyNames": {
+			    "type": "object",
+			    "properties": {
+			      "accessKey": {
+			        "type": "string"
+			      },
+			      "secretKey": {
+			        "type": "string"
+			      },
+			      "applicationCredentials": {
+			        "type": "string"
+			      },
+			      "connectionString": {
+			        "type": "string"
+			      },
+			      "storageAccount": {
+			        "type": "string"
+			      }
+			    }
+			}
                     }
                 },
                 "wal": {

charts/cluster/values.yaml

@@ -316,6 +316,15 @@ backups:
     create: true
     # -- Name of the backup credentials secret
     name: ""
+    # -- Name of the keys inside the secret
+    keyNames:
+      accessKey: ACCESS_KEY_ID
+      secretKey: ACCESS_SECRET_KEY
+      applicationCredentials: APPLICATION_CREDENTIALS
+      connectionString: AZURE_CONNECTION_STRING
+      storageAccount: AZURE_STORAGE_ACCOUNT
+      storageKey: AZURE_STORAGE_KEY
+      storageSasToken: AZURE_STORAGE_SAS_TOKEN
 
   wal:
     # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.