I was wrong. pgBackRest uses host as the default path style for S3 (pgBackRest - Configuration Reference).
I also was under the impression that I could use https://hostname:port under spec.backups.pgbackrest.repos.0.s3.endpoint like many other apps, but the port needs to be in a separate parameter (repo1-storage-port, thanks @Superhammer).
We have now migrated to HTTPS, but I think @Superhammer is on to something… I also would appreciate it if the official documentation was more complete on these basic things…
The below works, but now the final boss - how do I import the necessary CAs to trust the connection (Include CAs for backup)?
spec:
backups:
pgbackrest:
...
global:
repo1-s3-uri-style: path
repo1-storage-port: "9000"
repo1-storage-verify-tls: "n"
...
...
repos:
- name: repo1
s3:
bucket: <REDACTED>
endpoint: s3.domain.com # this is just an example
region: minio
...