Restic: Fix breaking typo, add ability for custom CA certs (#197)

* Bugfix: Enabling restic backups breaks the chart Due to a typo in the volumes within the restic backup template, enabling said backups will break the chart rendering it undeployable. Fixing the typo. * Add changelog/bump chart version * Add ability to mount custom ca-certificates.crt * Fix typo in puppetserver-deployment-compilers.yaml Persitence -> Persistence, same as in the Restic template
puppetlabs · Nov 27, 2023 · c73f1ac · c73f1ac
1 parent 470586d
commit c73f1ac
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,11 @@ This file documents all notable changes to Puppet Server Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).
 
 NOTE: The change log until version `v0.2.4` is auto-generated.
-## [v8.1.4](https://github.com/puppetlabs/puppetserver-helm-chart/tree/v8.1.4) (2023-11-17)
+## [v8.1.5](https://github.com/puppetlabs/puppetserver-helm-chart/tree/v8.1.5) (2023-11-22)
+- Fix: Typo in the restic backup template preventing chart from being deployed
+- Feat: Add ability to mount custom ca-certificates.crt from configMap for Restic
+
+## [v8.1.4](https://github.com/puppetlabs/puppetserver-helm-chart/tree/v8.1.4) (2023-11-20)
 - Fix: Utilize `puppetserver` and `puppetdb` containers provided by voxpupuli and bump default versions
 
 ## [v8.1.3](https://github.com/puppetlabs/puppetserver-helm-chart/tree/v8.1.3) (2023-09-24)

diff --git a/Chart.yaml b/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: puppetserver
-version: 8.1.4
+version: 8.1.5
 appVersion: 7.13.0
 description: Puppet automates the delivery and operation of software.
 keywords: ["puppet", "puppetserver", "automation", "iac", "infrastructure", "cm", "ci", "cd"]

diff --git a/README.md b/README.md
@@ -286,6 +286,7 @@ The following table lists the configurable parameters of the Puppetserver chart
 | `puppetserver.masters.backup.image` | puppetserver restic backup CronJob image | `restic/restic`|
 | `puppetserver.masters.backup.tag` | puppetserver restic backup CronJob image tag | `0.13.1`|
 | `puppetserver.masters.backup.pullPolicy` | puppetserver restic backup CronJob image pullPolicy | `IfNotPresent`|
+| `puppetserver.masters.backup.caConfigMap` | puppetserver restic backup CronJob configmap for custom ca-certificates.crt | ``|
 | `puppetserver.masters.backup.restic.keep_last` | puppetserver restic backup CronJob keep last n days | `90`|
 | `puppetserver.masters.backup.restic.repository` | puppetserver restic backup CronJob s3 compatible repository | ``|
 | `puppetserver.masters.backup.restic.access_key_id` | puppetserver restic backup CronJob s3 access_key_id | ``|

diff --git a/templates/puppetserver-ca-backup-cronjob.yaml b/templates/puppetserver-ca-backup-cronjob.yaml
@@ -69,11 +69,22 @@ spec:
               mountPath: /backup/etc/puppetlabs/puppetserver/ca/
             - name: puppet-puppet-storage
               mountPath: /backup/etc/puppetlabs/puppet/
+            {{- if .Values.puppetserver.masters.backup.caConfigMap }}
+            - name: restic-ca-certificates
+              mountPath: /etc/ssl/certs/ca-certificates.crt
+              subPath: ca-certificates.crt
+            {{- end }}
           volumes:
           - name: puppet-ca-storage
             persistentVolumeClaim:
-              claimName: {{ template "puppetserver.persitence.ca.claimName" . }}
+              claimName: {{ template "puppetserver.persistence.ca.claimName" . }}
           - name: puppet-puppet-storage
             persistentVolumeClaim:
               claimName: {{ template "puppetserver.persistence.puppet.claimName" . }}
+          {{- if .Values.puppetserver.masters.backup.caConfigMap }}
+          - name: restic-ca-certificates
+            configMap:
+              name: {{ .Values.puppetserver.masters.backup.caConfigMap }}
+              defaultMode: 0777
+          {{- end }}
 {{- end }}
diff --git a/templates/puppetserver-deployment-compilers.yaml b/templates/puppetserver-deployment-compilers.yaml
@@ -475,7 +475,7 @@ spec:
             claimName: {{ template "puppetserver.persistence.puppet.claimName" . }}
         - name: puppet-serverdata-storage
           persistentVolumeClaim:
-            claimName: {{ template "puppetserver.persitence.data.claimName" . }}
+            claimName: {{ template "puppetserver.persistence.data.claimName" . }}
         {{- if .Values.singleCA.enabled }}
         - name: crl-volume
           configMap:

diff --git a/values.yaml b/values.yaml
@@ -343,6 +343,12 @@ puppetserver:
       tag: 0.13.1
       pullPolicy: IfNotPresent
 
+      ## Replace ca-certificates.crt with your own CA bundle if needed
+      ##
+      caConfigMap: ""
+
+      ## Restric configuration
+      ##
       restic:
         keep_last: 90 # days
         repository: "" # "s3:https://s3.minio.xx/backups/"