diff --git a/charts/s3proxy/Chart.yaml b/charts/s3proxy/Chart.yaml index 6150fce..0d8147d 100644 --- a/charts/s3proxy/Chart.yaml +++ b/charts/s3proxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.5 +version: 0.0.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/s3proxy/override-values.example.yaml b/charts/s3proxy/override-values.example.yaml index c2b9fa8..4878908 100644 --- a/charts/s3proxy/override-values.example.yaml +++ b/charts/s3proxy/override-values.example.yaml @@ -67,57 +67,54 @@ config: region: "us-west-2" # endpoint: "https://s3.amazonaws.com" # Optional custom endpoint (e.g., MinIO, Ceph) accessKeyID: "AKIAIOSFODNN7EXAMPLE" - secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + secretAccessKey: + value: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + # existingSecret: "my-s3-secret" + # secretKey: "secretAccessKey" # Azure Blob Storage backend azureblob: enabled: false # Set to true to use Azure Blob backend provider: "azureblob" # Can be "azureblob" or "azureblob-sdk" account: "mystorageaccount" - key: "base64encodedkey==" + key: + value: "base64encodedkey==" + # existingSecret: "my-azure-secret" + # secretKey: "accountKey" # endpoint: "https://mystorageaccount.blob.core.windows.net" # Optional - # sasToken: "" # Optional SAS token + sasToken: + value: "" # Optional SAS token + # existingSecret: "my-azure-sas-secret" + # secretKey: "sasToken" # Google Cloud Storage backend googleCloudStorage: enabled: false # Set to true to use GCS backend projectID: "my-project" - # Service account email or user email (required for both authentication methods) + # Service account email or user email clientEmail: "service-account@my-project.iam.gserviceaccount.com" - # Option 1: Using privateKey directly - privateKey: "-----BEGIN RSA PRIVATE KEY-----\n..." - - # Option 2: Using JSON credentials file (preferred for GCP) - # This provides the credential (privateKey) via a mounted file - jsonCredentials: - enabled: false # Set to true to use JSON credentials - - # Either provide the JSON content directly: - # jsonContent: | - # { - # "type": "service_account", - # "project_id": "my-project", - # "private_key_id": "key-id", - # "private_key": "-----BEGIN RSA PRIVATE KEY-----\n...", - # "client_email": "service-account@my-project.iam.gserviceaccount.com", - # "client_id": "...", - # "auth_uri": "https://accounts.google.com/o/oauth2/auth", - # "token_uri": "https://oauth2.googleapis.com/token", - # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - # "client_x509_cert_url": "..." - # } - - # Or reference an existing secret containing the JSON: - # existingSecret: "my-gcp-credentials-secret" - # secretKey: "credentials.json" # Key in the secret containing the JSON (default: credentials.json) + # Private key configuration + privateKey: + # Option 1: Provide private key directly + # value: |- + # -----BEGIN RSA PRIVATE KEY----- + # ... + # -----END RSA PRIVATE KEY----- + + # Option 2: Reference an existing secret containing the private key + # existingSecret: "my-gcs-privatekey-secret" + # secretKey: "privateKey" # Backblaze B2 backend b2: enabled: false # Set to true to use B2 backend account: "account-id" - applicationKey: "application-key" + applicationKey: + value: "application-key" + # existingSecret: "my-b2-secret" + # secretKey: "applicationKey" # OpenStack Swift backend openstackSwift: @@ -125,7 +122,10 @@ config: authURL: "https://auth.cloud.com/v2.0" tenantName: "my-tenant" userName: "my-user" - password: "my-password" + password: + value: "my-password" + # existingSecret: "my-swift-secret" + # secretKey: "password" region: "RegionOne" # Rackspace Cloud Files backend @@ -133,7 +133,10 @@ config: enabled: false # Set to true to use Rackspace Cloud Files backend region: "us" # Region: "us" or "uk" userName: "my-user" - apiKey: "my-api-key" + apiKey: + value: "my-api-key" + # existingSecret: "my-rackspace-secret" + # secretKey: "apiKey" # Persistence settings for filesystem backend persistence: @@ -233,4 +236,3 @@ extraEnvVars: # values: # - s3proxy # topologyKey: kubernetes.io/hostname - diff --git a/charts/s3proxy/templates/configmap.yaml b/charts/s3proxy/templates/configmap.yaml index 1c7fd8a..3e0dbdc 100644 --- a/charts/s3proxy/templates/configmap.yaml +++ b/charts/s3proxy/templates/configmap.yaml @@ -1,67 +1,66 @@ {{- define "s3proxy.main.config" -}} - # S3Proxy configuration - s3proxy.endpoint=http://0.0.0.0:{{ .Values.service.targetPort }} - s3proxy.authorization={{ .Values.config.auth.type }} -{{- if .Values.config.virtualHost }} - s3proxy.virtual-host={{ .Values.config.virtualHost }} -{{- end }} - -{{- if ne .Values.config.auth.type "none" }} - # Authentication credentials will be merged from the secret properties file - # s3proxy.identity and s3proxy.credential will be provided by the secret -{{- end }} - -{{- if .Values.config.cors.enabled }} - # CORS configuration - {{- if .Values.config.cors.allowOrigins }} - s3proxy.cors-allow-origins={{ join " " .Values.config.cors.allowOrigins }} +# S3Proxy configuration +s3proxy.endpoint=http://0.0.0.0:{{ .Values.service.targetPort }} +s3proxy.authorization={{ .Values.config.auth.type }} + {{- if .Values.config.virtualHost }} +s3proxy.virtual-host={{ .Values.config.virtualHost }} {{- end }} - {{- if .Values.config.cors.allowMethods }} - s3proxy.cors-allow-methods={{ join " " .Values.config.cors.allowMethods }} + + {{- if ne .Values.config.auth.type "none" }} +# Authentication credentials will be merged from the secret properties file +# s3proxy.identity and s3proxy.credential will be provided by the secret {{- end }} - {{- if .Values.config.cors.allowHeaders }} - s3proxy.cors-allow-headers={{ join " " .Values.config.cors.allowHeaders }} + + {{- if .Values.config.cors.enabled }} +# CORS configuration + {{- if .Values.config.cors.allowOrigins }} +s3proxy.cors-allow-origins={{ join " " .Values.config.cors.allowOrigins }} + {{- end }} + {{- if .Values.config.cors.allowMethods }} +s3proxy.cors-allow-methods={{ join " " .Values.config.cors.allowMethods }} + {{- end }} + {{- if .Values.config.cors.allowHeaders }} +s3proxy.cors-allow-headers={{ join " " .Values.config.cors.allowHeaders }} + {{- end }} +s3proxy.cors-allow-credential={{ .Values.config.cors.allowCredential }} {{- end }} - s3proxy.cors-allow-credential={{ .Values.config.cors.allowCredential }} -{{- end }} -{{- if .Values.config.buckets.alias }} - # Bucket aliasing - {{- range $key, $value := .Values.config.buckets.alias }} - s3proxy.alias.{{ $key }}={{ $value }} + {{- if .Values.config.buckets.alias }} +# Bucket aliasing + {{- range $key, $value := .Values.config.buckets.alias }} +s3proxy.alias.{{ $key }}={{ $value }} + {{- end }} {{- end }} -{{- end }} -{{- if .Values.config.buckets.locator }} - # Bucket locator - {{- range $index, $bucket := .Values.config.buckets.locator }} - s3proxy.bucket-locator.{{ add $index 1 }}={{ $bucket }} + {{- if .Values.config.buckets.locator }} +# Bucket locator + {{- range $index, $bucket := .Values.config.buckets.locator }} +s3proxy.bucket-locator.{{ add $index 1 }}={{ $bucket }} + {{- end }} {{- end }} -{{- end }} -{{- if .Values.config.middlewares.readOnly }} - # Read-only middleware - s3proxy.read-only-blobstore=true -{{- end }} + {{- if .Values.config.middlewares.readOnly }} +# Read-only middleware +s3proxy.read-only-blobstore=true + {{- end }} -{{- if .Values.config.middlewares.eventualConsistency }} - # Eventual consistency middleware - s3proxy.eventual-consistency=true -{{- end }} + {{- if .Values.config.middlewares.eventualConsistency }} +# Eventual consistency middleware +s3proxy.eventual-consistency=true + {{- end }} -{{- if .Values.config.middlewares.shardedBackend }} - # Sharded backend middleware - s3proxy.sharded-blobstore=true - s3proxy.sharded-blobstore.prefix=2 - s3proxy.sharded-blobstore.levels=2 -{{- end }} + {{- if .Values.config.middlewares.shardedBackend }} +# Sharded backend middleware +s3proxy.sharded-blobstore=true +s3proxy.sharded-blobstore.prefix=2 +s3proxy.sharded-blobstore.levels=2 + {{- end }} -{{- if .Values.config.middlewares.largeObjectMocking }} - # Large object mocking middleware - s3proxy.large-object-mocking=true -{{- end }} + {{- if .Values.config.middlewares.largeObjectMocking }} +# Large object mocking middleware +s3proxy.large-object-mocking=true + {{- end }} {{- end }} - apiVersion: v1 kind: ConfigMap metadata: @@ -70,8 +69,8 @@ metadata: {{- include "s3proxy.labels" . | nindent 4 }} data: {{- if .Values.config.backends.filesystem.enabled }} - backend-filesystem.properties: | -{{- include "s3proxy.main.config" . | nindent 4 }} + backend-filesystem.properties: |- +{{ include "s3proxy.main.config" . | nindent 4 }} # Filesystem backend configuration {{- if .Values.config.backends.filesystem.nio2 }} @@ -83,8 +82,8 @@ data: {{- end }} {{- if .Values.config.backends.transient.enabled }} - backend-transient.properties: | -{{- include "s3proxy.main.config" . | nindent 4 }} + backend-transient.properties: |- +{{ include "s3proxy.main.config" . | nindent 4 }} # Transient backend configuration {{- if .Values.config.backends.transient.nio2 }} @@ -95,8 +94,8 @@ data: {{- end }} {{- if .Values.config.backends.s3.enabled }} - backend-s3.properties: | -{{- include "s3proxy.main.config" . | nindent 4 }} + backend-s3.properties: |- +{{ include "s3proxy.main.config" . | nindent 4 }} # S3 backend configuration {{- if .Values.config.backends.s3.aws }} @@ -110,49 +109,69 @@ data: {{- if .Values.config.backends.s3.endpoint }} jclouds.endpoint={{ .Values.config.backends.s3.endpoint }} {{- end }} - # Credentials will be merged from the secret properties file - # jclouds.identity and jclouds.credential will be provided by the secret + {{- if .Values.config.backends.s3.accessKeyID }} + jclouds.identity={{ .Values.config.backends.s3.accessKeyID }} + {{- end }} + {{- if .Values.config.backends.s3.secretAccessKey.value }} + # Credential will be merged from the secret properties file + {{- end }} {{- end }} {{- if .Values.config.backends.azureblob.enabled }} - backend-azureblob.properties: | -{{- include "s3proxy.main.config" . | nindent 4 }} + backend-azureblob.properties: |- +{{ include "s3proxy.main.config" . | nindent 4 }} # Azure Blob backend configuration jclouds.provider={{ .Values.config.backends.azureblob.provider }} {{- if .Values.config.backends.azureblob.endpoint }} jclouds.azureblob.endpoint={{ .Values.config.backends.azureblob.endpoint }} {{- end }} + {{- if .Values.config.backends.azureblob.account }} + jclouds.identity={{ .Values.config.backends.azureblob.account }} + {{- end }} + {{- if or .Values.config.backends.azureblob.key.value .Values.config.backends.azureblob.sasToken.value }} # Credentials will be merged from the secret properties file - # jclouds.identity, jclouds.credential, and jclouds.azureblob.sas will be provided by the secret + {{- end }} {{- end }} {{- if .Values.config.backends.googleCloudStorage.enabled }} - backend-google-cloud-storage.properties: | -{{- include "s3proxy.main.config" . | nindent 4 }} + backend-google-cloud-storage.properties: |- +{{ include "s3proxy.main.config" . | nindent 4 }} # Google Cloud Storage backend configuration jclouds.provider=google-cloud-storage {{- if .Values.config.backends.googleCloudStorage.projectID }} jclouds.project-id={{ .Values.config.backends.googleCloudStorage.projectID }} {{- end }} - # Credentials will be merged from the secret properties file - # jclouds.identity and jclouds.credential will be provided by the secret + {{- if .Values.config.backends.googleCloudStorage.clientEmail }} + jclouds.identity={{ .Values.config.backends.googleCloudStorage.clientEmail }} + {{- end }} + {{- if .Values.config.backends.googleCloudStorage.privateKey.existingSecret }} + # Using privateKey from mounted secret file + jclouds.credential=/credentials/gcs-private.key + {{- else if .Values.config.backends.googleCloudStorage.privateKey.value }} + # Private key credential will be merged from the secret properties file + # jclouds.credential will be provided by the secret + {{- end }} {{- end }} {{- if .Values.config.backends.b2.enabled }} - backend-b2.properties: | -{{- include "s3proxy.main.config" . | nindent 4 }} + backend-b2.properties: |- +{{ include "s3proxy.main.config" . | nindent 4 }} # Backblaze B2 backend configuration jclouds.provider=b2 - # Credentials will be merged from the secret properties file - # jclouds.identity and jclouds.credential will be provided by the secret + {{- if .Values.config.backends.b2.account }} + jclouds.identity={{ .Values.config.backends.b2.account }} + {{- end }} + {{- if .Values.config.backends.b2.applicationKey.value }} + # Credential will be merged from the secret properties file + {{- end }} {{- end }} {{- if .Values.config.backends.openstackSwift.enabled }} - backend-openstack-swift.properties: | -{{- include "s3proxy.main.config" . | nindent 4 }} + backend-openstack-swift.properties: |- +{{ include "s3proxy.main.config" . | nindent 4 }} # OpenStack Swift backend configuration jclouds.provider=openstack-swift @@ -162,13 +181,17 @@ data: {{- if .Values.config.backends.openstackSwift.region }} jclouds.region={{ .Values.config.backends.openstackSwift.region }} {{- end }} - # Credentials will be merged from the secret properties file - # jclouds.identity and jclouds.credential will be provided by the secret + {{- if and .Values.config.backends.openstackSwift.tenantName .Values.config.backends.openstackSwift.userName }} + jclouds.identity={{ printf "%s:%s" .Values.config.backends.openstackSwift.tenantName .Values.config.backends.openstackSwift.userName }} + {{- end }} + {{- if .Values.config.backends.openstackSwift.password.value }} + # Credential will be merged from the secret properties file + {{- end }} {{- end }} {{- if .Values.config.backends.rackspaceCloudfiles.enabled }} - backend-rackspace-cloudfiles.properties: | -{{- include "s3proxy.main.config" . | nindent 4 }} + backend-rackspace-cloudfiles.properties: |- +{{ include "s3proxy.main.config" . | nindent 4 }} # Rackspace Cloud Files backend configuration {{- if eq .Values.config.backends.rackspaceCloudfiles.region "uk" }} @@ -176,6 +199,10 @@ data: {{- else }} jclouds.provider=rackspace-cloudfiles-us {{- end }} - # Credentials will be merged from the secret properties file - # jclouds.identity and jclouds.credential will be provided by the secret + {{- if .Values.config.backends.rackspaceCloudfiles.userName }} + jclouds.identity={{ .Values.config.backends.rackspaceCloudfiles.userName }} + {{- end }} + {{- if .Values.config.backends.rackspaceCloudfiles.apiKey.value }} + # Credential will be merged from the secret properties file + {{- end }} {{- end }} diff --git a/charts/s3proxy/templates/deployment.yaml b/charts/s3proxy/templates/deployment.yaml index df62c26..1cf30d4 100644 --- a/charts/s3proxy/templates/deployment.yaml +++ b/charts/s3proxy/templates/deployment.yaml @@ -157,9 +157,10 @@ spec: mountPath: {{ .Values.config.backends.filesystem.basedir }} {{- end }} {{- end }} -{{- if and .Values.config.backends.googleCloudStorage.enabled .Values.config.backends.googleCloudStorage.jsonCredentials.enabled }} - - name: gcp-json-credentials - mountPath: /gcp-credentials +{{- if and .Values.config.backends.googleCloudStorage.enabled .Values.config.backends.googleCloudStorage.privateKey.existingSecret }} + - name: gcp-private-key + mountPath: /credentials/gcs-private.key + subPath: gcs-private.key readOnly: true {{- end }} {{- with .Values.extraVolumeMounts }} @@ -181,14 +182,13 @@ spec: claimName: {{ .Values.persistence.existingClaim | default (include "s3proxy.fullname" .) }} {{- end }} {{- end }} -{{- if and .Values.config.backends.googleCloudStorage.enabled .Values.config.backends.googleCloudStorage.jsonCredentials.enabled }} - - name: gcp-json-credentials +{{- if and .Values.config.backends.googleCloudStorage.enabled .Values.config.backends.googleCloudStorage.privateKey.existingSecret }} + - name: gcp-private-key secret: - {{- if .Values.config.backends.googleCloudStorage.jsonCredentials.jsonContent }} - secretName: {{ include "s3proxy.fullname" . }}-gcp-json - {{- else if .Values.config.backends.googleCloudStorage.jsonCredentials.existingSecret }} - secretName: {{ .Values.config.backends.googleCloudStorage.jsonCredentials.existingSecret }} - {{- end }} + secretName: {{ .Values.config.backends.googleCloudStorage.privateKey.existingSecret }} + items: + - key: {{ .Values.config.backends.googleCloudStorage.privateKey.secretKey }} + path: gcs-private.key {{- end }} {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} diff --git a/charts/s3proxy/templates/secret-gcp-json.yaml b/charts/s3proxy/templates/secret-gcp-json.yaml deleted file mode 100644 index 522a4d8..0000000 --- a/charts/s3proxy/templates/secret-gcp-json.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and .Values.config.backends.googleCloudStorage.enabled .Values.config.backends.googleCloudStorage.jsonCredentials.enabled .Values.config.backends.googleCloudStorage.jsonCredentials.jsonContent }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "s3proxy.fullname" . }}-gcp-json - labels: - {{- include "s3proxy.labels" . | nindent 4 }} -type: Opaque -stringData: - {{ .Values.config.backends.googleCloudStorage.jsonCredentials.secretKey }}: | - {{- .Values.config.backends.googleCloudStorage.jsonCredentials.jsonContent | nindent 4 }} -{{- end }} diff --git a/charts/s3proxy/templates/secret.yaml b/charts/s3proxy/templates/secret.yaml index cdadb0f..6031792 100644 --- a/charts/s3proxy/templates/secret.yaml +++ b/charts/s3proxy/templates/secret.yaml @@ -16,62 +16,38 @@ stringData: {{- end }} {{- if .Values.config.backends.s3.enabled }} + {{- if .Values.config.backends.s3.secretAccessKey.value }} # S3 backend credentials - {{- if .Values.config.backends.s3.accessKeyID }} - jclouds.identity={{ .Values.config.backends.s3.accessKeyID }} - {{- end }} - {{- if .Values.config.backends.s3.secretAccessKey }} - jclouds.credential={{ .Values.config.backends.s3.secretAccessKey }} + jclouds.credential={{ .Values.config.backends.s3.secretAccessKey.value }} {{- end }} {{- else if .Values.config.backends.azureblob.enabled }} + {{- if or .Values.config.backends.azureblob.key.value .Values.config.backends.azureblob.sasToken.value }} # Azure Blob backend credentials - {{- if .Values.config.backends.azureblob.account }} - jclouds.identity={{ .Values.config.backends.azureblob.account }} {{- end }} - {{- if .Values.config.backends.azureblob.key }} - jclouds.credential={{ .Values.config.backends.azureblob.key }} + {{- if .Values.config.backends.azureblob.key.value }} + jclouds.credential={{ .Values.config.backends.azureblob.key.value }} {{- end }} - {{- if .Values.config.backends.azureblob.sasToken }} - jclouds.azureblob.sas={{ .Values.config.backends.azureblob.sasToken }} + {{- if .Values.config.backends.azureblob.sasToken.value }} + jclouds.azureblob.sas={{ .Values.config.backends.azureblob.sasToken.value }} {{- end }} {{- else if .Values.config.backends.googleCloudStorage.enabled }} - # Google Cloud Storage backend credentials - {{- if .Values.config.backends.googleCloudStorage.clientEmail }} - jclouds.identity={{ .Values.config.backends.googleCloudStorage.clientEmail }} - {{- end }} - {{- if .Values.config.backends.googleCloudStorage.jsonCredentials.enabled }} - # Using JSON credentials file - jclouds.credential=/gcp-credentials/{{ .Values.config.backends.googleCloudStorage.jsonCredentials.secretKey }} - {{- else }} - # Using privateKey directly - {{- if .Values.config.backends.googleCloudStorage.privateKey }} - jclouds.credential={{ .Values.config.backends.googleCloudStorage.privateKey }} - {{- end }} + {{- if .Values.config.backends.googleCloudStorage.privateKey.value }} + # Google Cloud Storage backend credentials (privateKey stored in secret) + jclouds.credential=jclouds.credential={{ .Values.config.backends.googleCloudStorage.privateKey.value | trim | replace "\n" "\\n\\" }} {{- end }} {{- else if .Values.config.backends.b2.enabled }} + {{- if .Values.config.backends.b2.applicationKey.value }} # Backblaze B2 backend credentials - {{- if .Values.config.backends.b2.account }} - jclouds.identity={{ .Values.config.backends.b2.account }} - {{- end }} - {{- if .Values.config.backends.b2.applicationKey }} - jclouds.credential={{ .Values.config.backends.b2.applicationKey }} + jclouds.credential={{ .Values.config.backends.b2.applicationKey.value }} {{- end }} {{- else if .Values.config.backends.openstackSwift.enabled }} + {{- if .Values.config.backends.openstackSwift.password.value }} # OpenStack Swift backend credentials - {{- if .Values.config.backends.openstackSwift.tenantName }} - {{- if .Values.config.backends.openstackSwift.userName }} - jclouds.identity={{ printf "%s:%s" .Values.config.backends.openstackSwift.tenantName .Values.config.backends.openstackSwift.userName }} - {{- end }} - {{- end }} - {{- if .Values.config.backends.openstackSwift.password }} - jclouds.credential={{ .Values.config.backends.openstackSwift.password }} + jclouds.credential={{ .Values.config.backends.openstackSwift.password.value }} {{- end }} {{- else if .Values.config.backends.rackspaceCloudfiles.enabled }} + {{- if .Values.config.backends.rackspaceCloudfiles.apiKey.value }} # Rackspace Cloud Files backend credentials - {{- if .Values.config.backends.rackspaceCloudfiles.userName }} - jclouds.identity={{ .Values.config.backends.rackspaceCloudfiles.userName }} - {{- end }} - {{- if .Values.config.backends.rackspaceCloudfiles.apiKey }} - jclouds.credential={{ .Values.config.backends.rackspaceCloudfiles.apiKey }} + jclouds.credential={{ .Values.config.backends.rackspaceCloudfiles.apiKey.value }} {{- end }} {{- end }} diff --git a/charts/s3proxy/values.yaml b/charts/s3proxy/values.yaml index d192f54..8d6fbe4 100644 --- a/charts/s3proxy/values.yaml +++ b/charts/s3proxy/values.yaml @@ -183,8 +183,14 @@ config: endpoint: "" # -- S3 Access Key ID for backend accessKeyID: "" - # -- S3 Secret Access Key for backend - secretAccessKey: "" + # -- S3 Secret Access Key configuration + secretAccessKey: + # -- Secret access key value + value: "" + # -- Name of existing secret containing the secret access key + existingSecret: "" + # -- Key in the existing secret containing the secret access key + secretKey: "secretAccessKey" azureblob: # -- Enable Azure Blob Storage backend @@ -193,40 +199,54 @@ config: provider: "azureblob" # -- Storage account name account: "" - # -- Storage account key - key: "" + # -- Storage account key configuration + key: + # -- Storage account key value + value: "" + # -- Name of existing secret containing the storage account key + existingSecret: "" + # -- Key in the existing secret containing the storage account key + secretKey: "accountKey" # -- Azure endpoint endpoint: "" - # -- SAS token - sasToken: "" + # -- SAS token configuration + sasToken: + # -- SAS token value + value: "" + # -- Name of existing secret containing the SAS token + existingSecret: "" + # -- Key in the existing secret containing the SAS token + secretKey: "sasToken" googleCloudStorage: # -- Enable Google Cloud Storage backend enabled: false # -- GCP project ID projectID: "" - # -- Private key (only used when jsonCredentials.enabled is false) - privateKey: "" - # -- Service account email or user email (used with both privateKey and jsonCredentials methods) + # -- Service account email or user email clientEmail: "" - # -- JSON credentials configuration - jsonCredentials: - # -- Use JSON credentials file instead of privateKey - enabled: false - # -- JSON content for creating a new secret (takes precedence over existingSecret) - jsonContent: "" - # -- Name of existing secret containing GCP credentials JSON + # -- Private key configuration + privateKey: + # -- Private key value (in PEM format) + value: "" + # -- Name of existing secret containing the private key existingSecret: "" - # -- Key in the secret containing the JSON credentials (default: credentials.json) - secretKey: "credentials.json" + # -- Key in the existing secret containing the private key (in PEM format) + secretKey: "private.key" b2: # -- Enable Backblaze B2 backend enabled: false # -- B2 account ID account: "" - # -- B2 application key - applicationKey: "" + # -- B2 application key configuration + applicationKey: + # -- Application key value + value: "" + # -- Name of existing secret containing the application key + existingSecret: "" + # -- Key in the existing secret containing the application key + secretKey: "applicationKey" openstackSwift: # -- Enable OpenStack Swift backend @@ -237,8 +257,14 @@ config: tenantName: "" # -- Username userName: "" - # -- Password - password: "" + # -- Password configuration + password: + # -- Password value + value: "" + # -- Name of existing secret containing the password + existingSecret: "" + # -- Key in the existing secret containing the password + secretKey: "password" # -- Region region: "" @@ -249,8 +275,14 @@ config: region: "us" # -- Username userName: "" - # -- API key - apiKey: "" + # -- API key configuration + apiKey: + # -- API key value + value: "" + # -- Name of existing secret containing the API key + existingSecret: "" + # -- Key in the existing secret containing the API key + secretKey: "apiKey" persistence: # -- Enable persistence using PVC