Not the answer you need? Try our search, browse our categories, or register and ask your own question!

cloud credentials for backup in k8s operator - feature request

I did not find the Jira project or GitHub repo to ask for a feature request so writing it here...



if storageSpec.S3.CredentialsSecret == "" {
return nil, fmt.Errorf("no credentials specified for the secret name %s", storageName)
}

It would be nice not to return an error in case no s3.credentials is set for the cluster hosted on the cloud providers. AWS has the ability to get temporary credentials using the role attached to a pod. It is a more secure and flexible way of dealing with credentials. The creds should be renewed on every scheduled run using api call to STS. Maybe add another field in storage config, to have something like this:
storages:
s3-backup-bucket:
type: "s3"
s3:
bucket: {{ .Values.backup.storages.s3BackupStorage.s3.bucketName }}
region: {{ .Values.backup.storages.s3BackupStorage.s3.region }}
cloud: "AWS"

and in pkg/psmdb/backup/agent.go

if storageSpec.S3.cloud == "AWS" {
some_logic
}
elif storageSpec.S3.cloud == "Other_cloud" {
some_logic2
}
elif storageSpec.S3.cloud == ""{
if storageSpec.S3.CredentialsSecret == "" {
return nil, fmt.Errorf("no credentials specified for the secret name %s", storageName)
}
}

Comments

Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.