diff --git a/common/mariadb/CHANGELOG.md b/common/mariadb/CHANGELOG.md index 4381da5aa7d..19bdf8d5cfb 100644 --- a/common/mariadb/CHANGELOG.md +++ b/common/mariadb/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## v0.34.0 - 2026/03/13 +* Add Ceph S3 storage backend support for `maria-back-me-up` backup configuration + * new `backup_v2.ceph_s3` section with dedicated credential paths, custom endpoint, and path-style URL support + * enables Ceph-only, Ceph + AWS dual-write, and other flexible storage combinations +* Make AWS SSE-C fields conditional. `sse_customer_algorithm` and `sse_customer_key` are only rendered when `sse_customer_key` is configured +* Fix Swift template to use `values.yaml` fields instead of hardcoded values (`user_name`, `user_domain_name`, `project_name`, `project_domain_name`) + ## v0.33.0 - 2026/03/03 * Add InnoDB buffer pool Prometheus alerts: `MariaDBBufferPoolNearlyFull` (warning, < 10% free) and `MariaDBBufferPoolExhausted` (critical, < 2.5% free) diff --git a/common/mariadb/Chart.yaml b/common/mariadb/Chart.yaml index 54ac3e4fd1b..0e5d24c5685 100644 --- a/common/mariadb/Chart.yaml +++ b/common/mariadb/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 description: A Helm chart for Kubernetes name: mariadb -version: 0.33.0 +version: 0.34.0 # scripts/docker-entyrpoint.sh should be updated when appVersion is updated appVersion: 10.11.16 dependencies: diff --git a/common/mariadb/ci/test-values.yaml b/common/mariadb/ci/test-values.yaml index 3af7ed3595a..10e6bec663b 100644 --- a/common/mariadb/ci/test-values.yaml +++ b/common/mariadb/ci/test-values.yaml @@ -11,11 +11,16 @@ global: backup_v2: aws_access_key_id: superSecret aws_secret_access_key: superSecret + ceph_s3_access_key_id: superSecret + ceph_s3_secret_access_key: superSecret mariadb: backup_v2: aws: region: local sse_customer_key: superSecret + ceph_s3: + endpoint: "https://ceph-s3.local.example.com" + region: default test_db_host: testRelease-mariadb.svc root_password: secret123 @@ -29,6 +34,8 @@ backup_v2: enabled: true swift: password: superSecret + ceph_s3: + enabled: true users: test: diff --git a/common/mariadb/templates/config/_backup_config.yaml.tpl b/common/mariadb/templates/config/_backup_config.yaml.tpl index 077443d1145..7ee7f6f8e9e 100644 --- a/common/mariadb/templates/config/_backup_config.yaml.tpl +++ b/common/mariadb/templates/config/_backup_config.yaml.tpl @@ -31,25 +31,41 @@ database: - "{{$tl}}" {{- end }} storages: - {{- if .Values.backup_v2.aws.enabled }} + {{- if or .Values.backup_v2.aws.enabled .Values.backup_v2.ceph_s3.enabled }} s3: + {{- if .Values.backup_v2.aws.enabled }} - name: aws-{{ .Values.global.mariadb.backup_v2.aws.region }} aws_access_key_id: {{ include "mariadb.resolve_secret_squote" .Values.global.backup_v2.aws_access_key_id }} aws_secret_access_key: {{ include "mariadb.resolve_secret_squote" .Values.global.backup_v2.aws_secret_access_key }} region: {{ .Values.global.mariadb.backup_v2.aws.region }} bucket_name: "mariadb-backup-{{ .Values.global.region }}" + {{- if .Values.global.mariadb.backup_v2.aws.sse_customer_key }} sse_customer_algorithm: "AES256" sse_customer_key: {{ include "mariadb.resolve_secret_squote" .Values.global.mariadb.backup_v2.aws.sse_customer_key }} + {{- end }} + {{- end }} + {{- if .Values.backup_v2.ceph_s3.enabled }} + - name: ceph-{{ .Values.global.region }} + aws_access_key_id: {{ include "mariadb.resolve_secret_squote" .Values.global.backup_v2.ceph_s3_access_key_id }} + aws_secret_access_key: {{ include "mariadb.resolve_secret_squote" .Values.global.backup_v2.ceph_s3_secret_access_key }} + aws_endpoint: {{ .Values.global.mariadb.backup_v2.ceph_s3.endpoint | required "global.mariadb.backup_v2.ceph_s3.endpoint is required when ceph_s3 is enabled" | quote }} + s3_force_path_style: {{ .Values.backup_v2.ceph_s3.force_path_style }} + region: {{ .Values.global.mariadb.backup_v2.ceph_s3.region | default "default" }} + bucket_name: {{ .Values.global.mariadb.backup_v2.ceph_s3.bucket_name | default (printf "mariadb-backup-%s" .Values.global.region) | quote }} + {{- if .Values.backup_v2.ceph_s3.verify }} + verify: true + {{- end }} + {{- end }} {{- end }} {{- if .Values.backup_v2.swift.enabled }} swift: - name: swift-{{ .Values.global.region }} - auth_version: 3 + auth_version: {{ .Values.backup_v2.swift.auth_version }} auth_url: "https://identity-3.{{ .Values.global.region }}.cloud.sap/v3" - user_name: db_backup - user_domain_name: Default - project_name: master - project_domain_name: ccadmin + user_name: {{ .Values.backup_v2.swift.user_name }} + user_domain_name: {{ .Values.backup_v2.swift.user_domain_name }} + project_name: {{ .Values.backup_v2.swift.project_name }} + project_domain_name: {{ .Values.backup_v2.swift.project_domain_name }} password: {{ include "mariadb.resolve_secret_squote" .Values.backup_v2.swift.password | required "Please set .Values.backup_v2.swift.password" }} region: {{ .Values.global.region }} container_name: "mariadb-backup-{{ .Values.global.region }}" diff --git a/common/mariadb/values.yaml b/common/mariadb/values.yaml index 5af2495f591..ec81c2f74e4 100644 --- a/common/mariadb/values.yaml +++ b/common/mariadb/values.yaml @@ -212,6 +212,10 @@ backup_v2: run_after_inc_backups: 12 aws: enabled: true + ceph_s3: + enabled: false + force_path_style: true + verify: false swift: enabled: true user_name: db_backup