search

gardener / etcd-backup-restore

Collection of components to backup and restore the etcd of a Kubernetes cluster.
Apache License 2.0
288 stars 100 forks source link

Stop using `*_STORAGE_API_ENDPOINT` environment variables #759

Closed shreyas-s-rao closed 2 months ago

shreyas-s-rao commented 3 months ago

What this PR does / why we need it: As mentioned in #727, it is not secure to be passing credential (secret) information to the etcdbr process via environment variables. This is ok while running locally, but when running on a k8s cluster (deployed by etcd-druid), it becomes important for etcdbrctl to be able to fetch the information about endpoint overrides directly from the mounted secret file, where the other default credentials already exist today.

This PR does two things:

  1. For provider GCP, adds support for specifying storageAPIEndpoint via file path, while still supporting the environment variable GOOGLE_STORAGE_API_ENDPOINT env var (for users who may already be using it.
  2. For provider Azure, removes support for AZURE_STORAGE_API_ENDPOINT and now uses field domain, in-line with #756 . This now allows users to use custom domains for accessing special Azure region services, like this.

Which issue(s) this PR fixes: Fixes #727

Special notes for your reviewer: /assign @renormalize @unmarshall /cc @AleksandarSavchev

Release note:

Add support for specifying Google storage API endpoint via file `~/.gcp/storageAPIEndpoint`. Environment variable `GOOGLE_STORAGE_API_ENDPOINT` is deprecated, and will be removed shortly.
Add support for specifying custom domains for Azure storage. 
Remove support for specifying Azure custom endpoint via environment variable `AZURE_STORAGE_API_ENDPOINT`. Please use the new `domain` field (via JSON or file) instead.