Allow the `spec.backend.s3.endpoint` and `spec.backend.s3.bucket` values to be taken from secrets

akosma commented 1 year ago

Summary

As an AppCat and K8up user I want to be able to specify the S3 endpoint and bucket name from secrets So that I can reuse the information provided by AppCat when provisioning S3 buckets.

Context

Right now the spec.backend.s3.endpoint and spec.backend.s3.bucket values must be strings. This feature would allow users to specify them as objects, getting their values from pre-existing secrets, similarly to how one can specify the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values.

The YAML below (invalid at the time of this writing) describes how this feature would allow grabbing the S3 endpoint and bucket name values from pre-existing secrets (in this case named objectbucket-creds):

apiVersion: k8up.io/v1
kind: Backup
metadata:
  name: backup-test
spec:
  backend:
    repoPasswordSecretRef:
      name: restic-repo
      key: password
    s3:
      endpoint:
        valueFrom:
          secretKeyRef:
            name: objectbucket-creds
            key: ENDPOINT_URL
      bucket:
        valueFrom:
          secretKeyRef:
            name: objectbucket-creds
            key: BUCKET_NAME
      accessKeyIDSecretRef:
        name: objectbucket-creds
        key: AWS_ACCESS_KEY_ID
      secretAccessKeySecretRef:
        name: objectbucket-creds
        key: AWS_SECRET_ACCESS_KEY

Out of Scope

No response

Further links

AppCat: https://docs.appuio.cloud/appcat/index.html

Acceptance Criteria

No response

Implementation Ideas

No response

gunishmatta commented 1 year ago

@akosma I would like to work on this

Kidswiss commented 1 year ago

@gunishmatta Have you started working on this?

We have this in our backlog, so I'd like to avoid having two implementations for this :)

akosma commented 10 months ago

Any news about this one?

M0NsTeRRR commented 8 months ago

Hello, it would be cool if this feature is implemented for other backends too.

k8up-io / k8up