mirror of
https://github.com/cloudnative-pg/plugin-barman-cloud.git
synced 2026-01-13 22:23:11 +01:00
5bc006b035
Some checks failed
release-please / release-please (push) Failing after 2s
Pin all e2e test emulator images to specific SHA256 digests to ensure immutability and prevent unexpected breakage from upstream changes. The three emulators (Azurite for Azure, MinIO for S3, and fake-gcs-server for GCS) were previously using the :latest tag, which could cause test failures when new versions with breaking changes or bugs were released. Using SHA256 digests instead of version tags provides immutability (ensures we always pull the exact same image), transparency (easy to verify what's running via digest comparison), and Renovate compatibility (can still track and propose updates). All pinned SHAs match the current :latest tag, confirming we're using the same images that were previously tested. Updated Renovate configuration to track digest-based updates while preserving version information in comments for human readability. Fixed Renovate to scan test directories and handle multi-line regex patterns for .go files. Also fixed Azurite compatibility issue by adding the --skipApiVersionCheck flag. Tests were failing because the PostgreSQL container images install Python dependencies without version pinning, which resulted in azure-storage-blob 12.28.0 (released January 6, 2026) being installed. This version uses API version 2026-02-06 which Azurite 3.35.0 doesn't support yet. The flag allows Azurite to accept any API version in the test environment. Note that MinIO is now in maintenance mode and will not receive further updates, but it has been included for completeness. Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
232 lines
6.0 KiB
Go
232 lines
6.0 KiB
Go
/*
|
|
Copyright © contributors to CloudNativePG, established as
|
|
CloudNativePG a Series of LF Projects, LLC.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
package objectstore
|
|
|
|
import (
|
|
"net"
|
|
|
|
barmanapi "github.com/cloudnative-pg/barman-cloud/pkg/api"
|
|
"github.com/cloudnative-pg/machinery/pkg/api"
|
|
appsv1 "k8s.io/api/apps/v1"
|
|
corev1 "k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/api/resource"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/util/intstr"
|
|
"k8s.io/utils/ptr"
|
|
|
|
pluginBarmanCloudV1 "github.com/cloudnative-pg/plugin-barman-cloud/api/v1"
|
|
)
|
|
|
|
// NewMinioObjectStoreResources creates the resources required to create a Minio object store.
|
|
func NewMinioObjectStoreResources(namespace, name string) *Resources {
|
|
return &Resources{
|
|
Deployment: newMinioDeployment(namespace, name),
|
|
Service: newMinioService(namespace, name),
|
|
PVC: newMinioPVC(namespace, name),
|
|
Secret: newMinioSecret(namespace, name),
|
|
}
|
|
}
|
|
|
|
func newMinioDeployment(namespace, name string) *appsv1.Deployment {
|
|
return &appsv1.Deployment{
|
|
TypeMeta: metav1.TypeMeta{
|
|
Kind: "Deployment",
|
|
APIVersion: "apps/v1",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
Namespace: namespace,
|
|
},
|
|
Spec: appsv1.DeploymentSpec{
|
|
Replicas: ptr.To(int32(1)),
|
|
Selector: &metav1.LabelSelector{
|
|
MatchLabels: map[string]string{
|
|
"app": name,
|
|
},
|
|
},
|
|
Template: corev1.PodTemplateSpec{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Labels: map[string]string{
|
|
"app": name,
|
|
},
|
|
},
|
|
Spec: corev1.PodSpec{
|
|
Containers: []corev1.Container{
|
|
{
|
|
Name: name,
|
|
// renovate: datasource=docker depName=minio/minio versioning=docker
|
|
// Version: RELEASE.2025-09-07T16-13-09Z
|
|
Image: "minio/minio@sha256:14cea493d9a34af32f524e538b8346cf79f3321eff8e708c1e2960462bd8936e",
|
|
Args: []string{"server", "/data"},
|
|
Ports: []corev1.ContainerPort{
|
|
{
|
|
ContainerPort: 9000,
|
|
Name: name,
|
|
},
|
|
},
|
|
Env: []corev1.EnvVar{
|
|
{
|
|
Name: "MINIO_ACCESS_KEY",
|
|
ValueFrom: &corev1.EnvVarSource{
|
|
SecretKeyRef: &corev1.SecretKeySelector{
|
|
LocalObjectReference: corev1.LocalObjectReference{
|
|
Name: name,
|
|
},
|
|
Key: "ACCESS_KEY_ID",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
Name: "MINIO_SECRET_KEY",
|
|
ValueFrom: &corev1.EnvVarSource{
|
|
SecretKeyRef: &corev1.SecretKeySelector{
|
|
LocalObjectReference: corev1.LocalObjectReference{
|
|
Name: name,
|
|
},
|
|
Key: "ACCESS_SECRET_KEY",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
VolumeMounts: []corev1.VolumeMount{
|
|
{
|
|
Name: "data",
|
|
MountPath: "/data",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
Volumes: []corev1.Volume{
|
|
{
|
|
Name: "data",
|
|
VolumeSource: corev1.VolumeSource{
|
|
PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{
|
|
ClaimName: name,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func newMinioService(namespace, name string) *corev1.Service {
|
|
return &corev1.Service{
|
|
TypeMeta: metav1.TypeMeta{
|
|
Kind: "Service",
|
|
APIVersion: "v1",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
Namespace: namespace,
|
|
},
|
|
Spec: corev1.ServiceSpec{
|
|
Selector: map[string]string{
|
|
"app": name,
|
|
},
|
|
Ports: []corev1.ServicePort{
|
|
{
|
|
Port: 9000,
|
|
TargetPort: intstr.FromInt32(9000),
|
|
Protocol: corev1.ProtocolTCP,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func newMinioSecret(namespace, name string) *corev1.Secret {
|
|
return &corev1.Secret{
|
|
TypeMeta: metav1.TypeMeta{
|
|
Kind: "Secret",
|
|
APIVersion: "v1",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
Namespace: namespace,
|
|
},
|
|
Data: map[string][]byte{
|
|
"ACCESS_KEY_ID": []byte("minio"),
|
|
"ACCESS_SECRET_KEY": []byte("minio123"),
|
|
},
|
|
}
|
|
}
|
|
|
|
func newMinioPVC(namespace, name string) *corev1.PersistentVolumeClaim {
|
|
return &corev1.PersistentVolumeClaim{
|
|
TypeMeta: metav1.TypeMeta{
|
|
Kind: "PersistentVolumeClaim",
|
|
APIVersion: "v1",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
Namespace: namespace,
|
|
},
|
|
Spec: corev1.PersistentVolumeClaimSpec{
|
|
AccessModes: []corev1.PersistentVolumeAccessMode{
|
|
corev1.ReadWriteOnce,
|
|
},
|
|
Resources: corev1.VolumeResourceRequirements{
|
|
Requests: corev1.ResourceList{
|
|
corev1.ResourceStorage: resource.MustParse(DefaultSize),
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
// NewMinioObjectStore creates a new Minio object store.
|
|
func NewMinioObjectStore(namespace, name, minioOSName string) *pluginBarmanCloudV1.ObjectStore {
|
|
return &pluginBarmanCloudV1.ObjectStore{
|
|
TypeMeta: metav1.TypeMeta{
|
|
Kind: "ObjectStore",
|
|
APIVersion: "barmancloud.cnpg.io/v1",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: name,
|
|
Namespace: namespace,
|
|
},
|
|
Spec: pluginBarmanCloudV1.ObjectStoreSpec{
|
|
Configuration: barmanapi.BarmanObjectStoreConfiguration{
|
|
BarmanCredentials: barmanapi.BarmanCredentials{
|
|
AWS: &barmanapi.S3Credentials{
|
|
AccessKeyIDReference: &api.SecretKeySelector{
|
|
LocalObjectReference: api.LocalObjectReference{
|
|
Name: minioOSName,
|
|
},
|
|
Key: "ACCESS_KEY_ID",
|
|
},
|
|
SecretAccessKeyReference: &api.SecretKeySelector{
|
|
LocalObjectReference: api.LocalObjectReference{
|
|
Name: minioOSName,
|
|
},
|
|
Key: "ACCESS_SECRET_KEY",
|
|
},
|
|
},
|
|
},
|
|
EndpointURL: "http://" + net.JoinHostPort(minioOSName, "9000"),
|
|
DestinationPath: "s3://backups/",
|
|
},
|
|
},
|
|
}
|
|
}
|