Merge pull request #159 from projectsyn/fix/support-tlsoption

DebakelOrakel · web-flow · commit 130ce00c8d9f · 2025-08-29T11:32:53.000+02:00
Fix definition of TLS Options
diff --git a/lib/backup-k8up.libjsonnet b/lib/backup-k8up.libjsonnet
@@ -24,7 +24,7 @@ local secret_key_ref(s3secret) =
       key: s3secret.secretkeyname,
     };
 
-local Backend(backupkey, bucket, s3secret, create_bucket=true, tls_options=null) =
+local Backend(backupkey, bucket, s3secret, create_bucket=true, caConfigMap=null) =
   local bsecret =
     if s3secret == null && bucket != null then
       {
@@ -63,8 +63,17 @@ local Backend(backupkey, bucket, s3secret, create_bucket=true, tls_options=null)
         accessKeyIDSecretRef: access_key_ref(bsecret),
         secretAccessKeySecretRef: secret_key_ref(bsecret),
       },
-      [if tls_options != null then 'tlsOptions']: tls_options,
-    },
+    } + if caConfigMap != null then {
+      tlsOptions: {
+        caCert: '/mnt/ca/ca.crt',
+      },
+      volumeMounts: [
+        {
+          name: 'ca',
+          mountPath: '/mnt/ca/',
+        },
+      ],
+    } else {},
   };
 
 /**
@@ -143,8 +152,8 @@ local PruneSpec(schedule, keepDaily, keepLast) =
  * \returns an object with keys 'bucket' and 'job'. 'bucket' can be `null`, if
  *          the global bucket or an externally-managed bucket is used.
  */
-local Job(name, keep_jobs=3, backupkey=null, bucket=null, s3secret=null, create_bucket=true, tls_options=null) =
-  local backend = Backend(backupkey, bucket, s3secret, create_bucket, tls_options);
+local Job(name, keep_jobs=3, backupkey=null, bucket=null, s3secret=null, create_bucket=true, caConfigMap=null) =
+  local backend = Backend(backupkey, bucket, s3secret, create_bucket, caConfigMap);
   local thejob = {
     apiVersion: 'k8up.io/v1',
     kind: 'Backup',
@@ -169,12 +178,12 @@ local Job(name, keep_jobs=3, backupkey=null, bucket=null, s3secret=null, create_
  *
  * See the documentation for \ref Job for definitions of the other arguments.
  */
-local Schedule(name, schedule, keep_jobs=3, backupkey=null, bucket=null, s3secret=null, create_bucket=true, tls_options=null) =
+local Schedule(name, schedule, keep_jobs=3, backupkey=null, bucket=null, s3secret=null, create_bucket=true, caConfigMap=null) =
   // prune backups daily, keep last 5 and 30 daily backups
   local pspec = PruneSpec('30 2 * * *', 30, 5);
   // check backup repo dalily
   local cspec = CheckSpec('30 3 * * *');
-  local backend = Backend(backupkey, bucket, s3secret, create_bucket, tls_options);
+  local backend = Backend(backupkey, bucket, s3secret, create_bucket, caConfigMap);
   local theschedule =
     {
       apiVersion: 'k8up.io/v1',
@@ -189,6 +198,14 @@ local Schedule(name, schedule, keep_jobs=3, backupkey=null, bucket=null, s3secre
             k8up_params.prometheus_push_gateway,
           keepJobs: keep_jobs,
           schedule: schedule,
+          [if caConfigMap != null then 'volumes']: [
+            {
+              name: 'ca',
+              secret: {
+                secretName: caConfigMap,
+              },
+            },
+          ],
         },
       },
     } + pspec + cspec;
