feat: [CPCAP-9519] integrate Backup Daemon with Cloud Backuper

docs/public/installation.md

@@ -418,7 +418,15 @@ This sections describes all possible deploy parameters for PostgreSQL Backup Dae
 | backupDaemon.externalPv.storageClass   | string                                                                          | no        | n/a           | Specifies StorageClass of External PV.                                                                                                                                                                                                                                                                 |
 | backupDaemon.priorityClassName         | string                                                                          | no        | n/a           | Specifies [Priority Class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass).                                                                                                                                                                            |
 | backupDaemon.affinity                  | json                                                                            | no        | n/a           | Specifies the affinity scheduling rules.                                                                                                                                                                                                                                                               |
-| backupDaemon.podLabels                 | yaml                                                                            | no        | n/a           | Specifies custom pod labels.                                                                                                                                                                                                                                                                           |
+| backupDaemon.podLabels                 | yaml                                                                            | no        | n/a           | Specifies custom pod labels.                                                                                                                                                                                                                                                               |
+| backupDaemon.s3Aliases                 | list                                                                            | no        | []            | Array of S3 storage alias configurations. All entries are stored in a single Kubernetes Secret named s3-aliases, where each alias name is a separate data key with a JSON payload describing the S3 connection. Automatically filled from CLOUD_BACKUP_STORAGE_LOCATION if global.cloudIntegrationEnabled is enabled. |
+| backupDaemon.s3Aliases[].name          | string                                                                          | yes | n/a       | Unique alias name. Used as a top-level key inside `s3_aliases.json`. |
+| backupDaemon.s3Aliases[].spec.storageBucket | string | yes | n/a | Specifies the name of the S3 bucket. |
+| backupDaemon.s3Aliases[].spec.storageProvider | string | no | n/a | Specifies the storage provider type, for example `aws` or `minio`. |
+| backupDaemon.s3Aliases[].spec.storageRegion | string | no | us-east-1 | Specifies the name of the region associated with the client. |
+| backupDaemon.s3Aliases[].spec.storageServerUrl | string | yes | n/a | Specifies the URL address to S3 storage. |
+| backupDaemon.s3Aliases[].spec.storageUsername | string | yes | n/a | Specifies S3 accessKeyId credential. |
+| backupDaemon.s3Aliases[].secretContent.storagePassword | string | yes | n/a | Specifies S3 secretAccessKey credential. |
 
 ## metricCollector
 

operator/api/apps/v1/postgresservice_types.go

@@ -300,6 +300,7 @@ type BackupDaemon struct {
 	SecurityContext        v1.PodSecurityContext    `json:"securityContext,omitempty"`
 	PriorityClassName      string                   `json:"priorityClassName,omitempty"`
 	S3Storage              *S3Storage               `json:"s3Storage,omitempty"`
+	S3AliasesUsed          bool                     `json:"s3AliasesUsed,omitempty"`
 	PodLabels              map[string]string        `json:"podLabels,omitempty"`
 	ExternalPv             *ExternalPv              `json:"externalPv,omitempty"`
 	SslMode                string                   `json:"sslMode,omitempty"`

operator/charts/patroni-services/crds/netcracker.com_patroniservices.yaml

@@ -1073,6 +1073,8 @@ spec:
                     type: object
                   retainArchiveSettings:
                     type: boolean
+                  s3AliasesUsed:
+                    type: boolean
                   s3Storage:
                     properties:
                       accessKeyId:

operator/charts/patroni-services/templates/_helpers.tpl

@@ -265,6 +265,22 @@ pg-{{ default "patroni" .Values.patroni.clusterName }}-direct
 {{- end }}
 {{- end -}}
 
+{{/*
+Effective backup daemon S3 aliases wrapped in a map: { items: [...] }.
+When CLOUD_BACKUP_STORAGE_LOCATION is set and global.cloudIntegrationEnabled is true,
+use cloud payload; otherwise use backupDaemon.s3Aliases from values.
+Usage: (fromYaml (include "backupDaemon.s3Aliases" .)).items
+*/}}
+{{- define "backupDaemon.s3Aliases" -}}
+{{- if and .Values.CLOUD_BACKUP_STORAGE_LOCATION .Values.global.cloudIntegrationEnabled -}}
+items: {{ toYaml .Values.CLOUD_BACKUP_STORAGE_LOCATION | nindent 2 }}
+{{- else if .Values.backupDaemon.s3Aliases -}}
+items: {{ toYaml .Values.backupDaemon.s3Aliases | nindent 2 }}
+{{- else -}}
+items: []
+{{- end -}}
+{{- end -}}
+
 {{/*
 Postgres host for DBaaS adapter
 */}}

operator/charts/patroni-services/templates/cr.yaml

@@ -120,6 +120,9 @@ spec:
       untrustedCert: {{ default "true" .Values.backupDaemon.s3Storage.untrustedCert }}
       region: {{ default "us-east-1" .Values.backupDaemon.s3Storage.region }}
   {{ end }}
+  {{- if (fromYaml (include "backupDaemon.s3Aliases" .)).items }}
+    s3AliasesUsed: true
+  {{- end }}
   {{ if .Values.backupDaemon.externalPv }}
     externalPv: {{ toYaml .Values.backupDaemon.externalPv | nindent 6 }}
   {{ end }}

operator/charts/patroni-services/templates/secrets/s3-aliases-secret.yaml

@@ -0,0 +1,37 @@
+{{- if .Values.backupDaemon.install }}
+{{- $s3Data := fromYaml (include "backupDaemon.s3Aliases" .) }}
+{{- if $s3Data.items }}
+{{- $aliases := dict }}
+{{- range $s3Data.items }}
+{{- $out := dict }}
+
+{{- if .spec }}
+{{- $out = merge $out (omit .spec "storageBucket" "storageUsername" "storageRegion" "storageServerUrl") }}
+{{- if .spec.storageBucket }}{{- $out = set $out "bucketName" .spec.storageBucket }}{{- end }}
+{{- if .spec.storageUsername }}{{- $out = set $out "accessKeyId" .spec.storageUsername }}{{- end }}
+{{- $out = set $out "region" (default "us-east-1" .spec.storageRegion) }}
+{{- if .spec.storageServerUrl }}{{- $out = set $out "s3Url" .spec.storageServerUrl }}{{- end }}
+{{- end }}
+
+{{- if .secretContent }}
+{{- $out = merge $out (omit .secretContent "storagePassword") }}
+{{- if .secretContent.storagePassword }}{{- $out = set $out "accessKeySecret" .secretContent.storagePassword }}{{- end }}
+{{- end }}
+
+{{- $aliases = set $aliases .name $out }}
+{{- end }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-aliases
+  labels:
+    app: postgres-backup-daemon
+    name: postgres-backup-daemon
+    {{- include "kubernetes.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  s3_aliases.json: |
+{{ $aliases | toPrettyJson | indent 4 }}
+{{- end }}
+{{- end }}

operator/charts/patroni-services/values.yaml

@@ -224,6 +224,7 @@ backupDaemon:
     #      - postgresql-backup-pv-1
     # The array of node-selectors that will be used for deployment.
     # storage.nodes can be used only if storage.type is set to PV
+  s3Aliases: []
 #    nodes:
 #      - db-backup-node1
 

operator/pkg/deployment/backup.go

@@ -296,6 +296,36 @@ func NewBackupDaemonDeployment(backupDaemon *netcrackerv1.BackupDaemon, pgCluste
 			},
 		}
 	}
+	if backupDaemon.S3AliasesUsed {
+		deployment.Spec.Template.Spec.Containers[0].Env = append(
+			deployment.Spec.Template.Spec.Containers[0].Env,
+			corev1.EnvVar{
+				Name:  "S3_ALIASES_USED",
+				Value: "true",
+			},
+		)
+
+		deployment.Spec.Template.Spec.Volumes = append(
+			deployment.Spec.Template.Spec.Volumes,
+			corev1.Volume{
+				Name: "s3-aliases",
+				VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName: "s3-aliases",
+					},
+				},
+			},
+		)
+
+		deployment.Spec.Template.Spec.Containers[0].VolumeMounts = append(
+			deployment.Spec.Template.Spec.Containers[0].VolumeMounts,
+			corev1.VolumeMount{
+				Name:      "s3-aliases",
+				MountPath: "/aliases/",
+				ReadOnly:  true,
+			},
+		)
+	}
 	if backupDaemon.ExternalPv != nil {
 		deployment.Spec.Template.Spec.Volumes =
 			append(deployment.Spec.Template.Spec.Volumes, getExternalBackupVolume())

operator/pkg/reconciler/backup_daemon.go

@@ -92,7 +92,12 @@ func (r *BackupDaemonReconciler) Reconcile() error {
 	}
 
 	// Add Secret Hash
-	err := manager.AddCredHashToPodTemplate(credentials.PostgresSecretNames, &backupDaemonDeployment.Spec.Template)
+	secretNames := append([]string{}, credentials.PostgresSecretNames...)
+
+	if bdSpec.S3AliasesUsed {
+		secretNames = append(secretNames, "s3-aliases")
+	}
+	err := manager.AddCredHashToPodTemplate(secretNames, &backupDaemonDeployment.Spec.Template)
 	if err != nil {
 		logger.Error(fmt.Sprintf("can't add secret HASH to annotations for %s", backupDaemonDeployment.Name), zap.Error(err))
 		return err