Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

K8SPSMDB-850 - Server Side Encryption Support #1198

Merged
merged 14 commits into from
Sep 19, 2023
Merged

K8SPSMDB-850 - Server Side Encryption Support #1198

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
da4007b
K8SPSMDB-850 - Server Side Encryption Support
mertgonul Mar 27, 2023
fa21127
Merge branch 'main' into main
mertgonul Apr 19, 2023
a67f22b
Merge branch 'main' into main
mertgonul Apr 24, 2023
45186ba
Merge branch 'main' into main
hors May 5, 2023
ef654a9
Merge branch 'main' into main
mertgonul Jun 18, 2023
ea433a9
Merge branch 'main' into main
hors Jul 31, 2023
9af89b2
Merge branch 'main' into main
hors Aug 16, 2023
3ea4596
Merge branch 'main' into main
egegunes Sep 6, 2023
a82b91c
Merge remote-tracking branch 'origin/main' into pr/mertgonul/1198
pooknull Sep 18, 2023
315d56e
fmt
pooknull Sep 18, 2023
ec23d88
manifests
pooknull Sep 18, 2023
b17b75d
update `cr.yamll`
pooknull Sep 19, 2023
22d7c5c
update `restore.yaml`
pooknull Sep 19, 2023
60ffce6
Merge branch 'main' into main
pooknull Sep 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions deploy/crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,17 @@ spec:
type: string
insecureSkipTLSVerify:
type: boolean
serverSideEncryption:
properties:
sseAlgorithm:
type: string
kmsKeyID:
type: string
sseCustomerAlgorithm:
type: string
sseCustomerKey:
type: string
type: object
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mertgonul Could you please add this new section to https://github.com/percona/percona-server-mongodb-operator/blob/main/deploy/cr.yaml . Also, please check https://github.com/percona/percona-server-mongodb-operator/blob/main/Makefile to understand the correct way of adding new fields to all needed CRDs.

maxUploadParts:
type: integer
prefix:
Expand Down Expand Up @@ -225,6 +236,17 @@ spec:
type: string
insecureSkipTLSVerify:
type: boolean
serverSideEncryption:
properties:
sseAlgorithm:
type: string
kmsKeyID:
type: string
sseCustomerAlgorithm:
type: string
sseCustomerKey:
type: string
type: object
maxUploadParts:
type: integer
prefix:
Expand Down Expand Up @@ -853,6 +875,17 @@ spec:
type: string
insecureSkipTLSVerify:
type: boolean
serverSideEncryption:
properties:
sseAlgorithm:
type: string
kmsKeyID:
type: string
sseCustomerAlgorithm:
type: string
sseCustomerKey:
type: string
type: object
maxUploadParts:
type: integer
prefix:
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/psmdb/v1/psmdb_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
v "github.com/hashicorp/go-version"
"github.com/percona/percona-backup-mongodb/pbm"
"github.com/percona/percona-backup-mongodb/pbm/compress"
"github.com/percona/percona-backup-mongodb/pbm/storage/s3"
"github.com/pkg/errors"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -760,6 +761,7 @@ type BackupStorageS3Spec struct {
Region string `json:"region,omitempty"`
EndpointURL string `json:"endpointUrl,omitempty"`
CredentialsSecret string `json:"credentialsSecret,omitempty"`
ServerSideEncryption s3.AWSsse `json:"serverSideEncryption,omitempty"`
UploadPartSize int `json:"uploadPartSize,omitempty"`
MaxUploadParts int `json:"maxUploadParts,omitempty"`
StorageClass string `json:"storageClass,omitempty"`
Expand Down
9 changes: 9 additions & 0 deletions pkg/controller/perconaservermongodbbackup/perconaservermongodbbackup_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,15 @@ func (r *ReconcilePerconaServerMongoDBBackup) getPBMStorage(ctx context.Context,
return nil, errors.Wrap(err, "getting s3 credentials secret name")
}

if len(cr.Status.S3.ServerSideEncryption.SseAlgorithm) != 0 || len(cr.Status.S3.ServerSideEncryption.SseCustomerAlgorithm) != 0 {
s3Conf.ServerSideEncryption = &s3.AWSsse{
SseAlgorithm: cr.Status.S3.ServerSideEncryption.SseAlgorithm,
KmsKeyID: cr.Status.S3.ServerSideEncryption.KmsKeyID,
SseCustomerAlgorithm: cr.Status.S3.ServerSideEncryption.SseCustomerAlgorithm,
SseCustomerKey: cr.Status.S3.ServerSideEncryption.SseCustomerKey,
}
}

s3Conf.Credentials = s3.Credentials{
AccessKeyID: string(s3secret.Data[backup.AWSAccessKeySecretKey]),
SecretAccessKey: string(s3secret.Data[backup.AWSSecretAccessKeySecretKey]),
Expand Down
9 changes: 9 additions & 0 deletions pkg/psmdb/backup/pbm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,15 @@ func GetPBMConfig(ctx context.Context, k8sclient client.Client, cluster *api.Per
},
}

if len(stg.S3.ServerSideEncryption.SseAlgorithm) != 0 || len(stg.S3.ServerSideEncryption.SseCustomerAlgorithm) != 0 {
conf.Storage.S3.ServerSideEncryption = &s3.AWSsse{
SseAlgorithm: stg.S3.ServerSideEncryption.SseAlgorithm,
KmsKeyID: stg.S3.ServerSideEncryption.KmsKeyID,
SseCustomerAlgorithm: stg.S3.ServerSideEncryption.SseCustomerAlgorithm,
SseCustomerKey: stg.S3.ServerSideEncryption.SseCustomerKey,
}
}

if len(stg.S3.CredentialsSecret) != 0 {
s3secret, err := getSecret(ctx, k8sclient, cluster.Namespace, stg.S3.CredentialsSecret)
if err != nil {
Expand Down