Use envFrom for Wal-G-Exporter

controllers/postgres_controller.go

@@ -249,14 +249,8 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 		log.V(debugLogLevel).Info("finalizer added")
 	}
 
-	backupConfig, err := r.getBackupConfig(ctx, instance.Namespace, instance.Spec.BackupSecretRef)
-	if err != nil {
-		r.recorder.Eventf(instance, "Warning", "Self-Reconciliation", "failed to fetch backupConfig: %v", err)
-		return ctrl.Result{}, fmt.Errorf("failed to fetch backupConfig: %w", err)
-	}
-
 	// Check if zalando dependencies are installed. If not, install them.
-	if err := r.ensureZalandoDependencies(log, ctx, instance, backupConfig); err != nil {
+	if err := r.ensureZalandoDependencies(log, ctx, instance); err != nil {
 		r.recorder.Eventf(instance, "Warning", "Error", "failed to install operator: %v", err)
 		return ctrl.Result{}, fmt.Errorf("error while ensuring Zalando dependencies: %w", err)
 	}
@@ -312,7 +306,7 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	}
 
 	// Add service monitor for our exporter sidecar
-	err = r.createOrUpdateExporterSidecarServiceMonitor(log, ctx, namespace, instance)
+	err := r.createOrUpdateExporterSidecarServiceMonitor(log, ctx, namespace, instance)
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("error while creating sidecars servicemonitor %v: %w", namespace, err)
 	}
@@ -345,7 +339,7 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	}
 
 	if r.EnableWalGExporter {
-		if err := r.createOrUpdateWalGExporterDeployment(log, ctx, namespace, instance, backupConfig); err != nil {
+		if err := r.createOrUpdateWalGExporterDeployment(log, ctx, namespace, instance); err != nil {
 			r.recorder.Eventf(instance, "Warning", "Error", "failed to deploy wal-g-exporter: %v", err)
 			return ctrl.Result{}, fmt.Errorf("error while deploying wal-g-exporter %v: %w", namespace, err)
 		}
@@ -483,7 +477,7 @@ func (r *PostgresReconciler) deleteUserPasswordsSecret(ctx context.Context, inst
 }
 
 // ensureZalandoDependencies makes sure Zalando resources are installed in the service-cluster.
-func (r *PostgresReconciler) ensureZalandoDependencies(log logr.Logger, ctx context.Context, p *pg.Postgres, b *pg.BackupConfig) error {
+func (r *PostgresReconciler) ensureZalandoDependencies(log logr.Logger, ctx context.Context, p *pg.Postgres) error {
 	namespace := p.ToPeripheralResourceNamespace()
 	isInstalled, err := r.OperatorManager.IsOperatorInstalled(ctx, namespace)
 	if err != nil {
@@ -496,7 +490,7 @@ func (r *PostgresReconciler) ensureZalandoDependencies(log logr.Logger, ctx cont
 		}
 	}
 
-	if err := r.updatePodEnvironmentConfigMap(log, ctx, p, b); err != nil {
+	if err := r.updatePodEnvironmentConfigMap(log, ctx, p); err != nil {
 		return fmt.Errorf("error while updating backup config: %w", err)
 	}
 
@@ -507,13 +501,18 @@ func (r *PostgresReconciler) ensureZalandoDependencies(log logr.Logger, ctx cont
 	return nil
 }
 
-func (r *PostgresReconciler) updatePodEnvironmentConfigMap(log logr.Logger, ctx context.Context, p *pg.Postgres, b *pg.BackupConfig) error {
-	if b == nil {
-		log.Info("No backupConfig found, skipping configuration of postgres backup")
+func (r *PostgresReconciler) updatePodEnvironmentConfigMap(log logr.Logger, ctx context.Context, p *pg.Postgres) error {
+	if p.Spec.BackupSecretRef == "" {
+		log.Info("No configured backupSecretRef found, skipping configuration of postgres backup")
 		return nil
 	}
 
-	s3url, err := url.Parse(b.S3Endpoint)
+	backupConfig, err := r.getBackupConfig(ctx, p.Namespace, p.Spec.BackupSecretRef)
+	if err != nil {
+		return err
+	}
+
+	s3url, err := url.Parse(backupConfig.S3Endpoint)
 	if err != nil {
 		return fmt.Errorf("error while parsing the s3 endpoint url in the backup secret: %w", err)
 	}
@@ -524,7 +523,7 @@ func (r *PostgresReconciler) updatePodEnvironmentConfigMap(log logr.Logger, ctx
 	// use the modified s3 endpoint
 	walES3Endpoint := s3url.String()
 	// region
-	region := b.S3Region
+	region := backupConfig.S3Region
 
 	// set the WALG_UPLOAD_DISK_CONCURRENCY based on the configured cpu limits
 	q, err := resource.ParseQuantity(p.Spec.Size.CPU)
@@ -541,9 +540,9 @@ func (r *PostgresReconciler) updatePodEnvironmentConfigMap(log logr.Logger, ctx
 	downloadConcurrency := "32"
 
 	// use the rest as provided in the secret
-	bucketName := b.S3BucketName
-	backupSchedule := b.Schedule
-	backupNumToRetain := b.Retention
+	bucketName := backupConfig.S3BucketName
+	backupSchedule := backupConfig.Schedule
+	backupNumToRetain := backupConfig.Retention
 
 	// s3 server side encryption SSE is disabled
 	// we use client side encryption
@@ -2030,12 +2029,7 @@ func (r *PostgresReconciler) createOrUpdateCertificate(log logr.Logger, ctx cont
 }
 
 // createOrUpdateWalGExporterDeployment ensures the deployment for the wal-g-exporter
-func (r *PostgresReconciler) createOrUpdateWalGExporterDeployment(log logr.Logger, ctx context.Context, namespace string, instance *pg.Postgres, b *pg.BackupConfig) error {
-	if b == nil {
-		log.Info("No backupConfig found, skipping configuration of wa-l-exporter")
-		return nil
-	}
-
+func (r *PostgresReconciler) createOrUpdateWalGExporterDeployment(log logr.Logger, ctx context.Context, namespace string, instance *pg.Postgres) error {
 	labels := map[string]string{
 		"app.kubernetes.io/name": walGExporterName,
 		pg.UIDLabelName:          string(instance.UID),
@@ -2050,9 +2044,8 @@ func (r *PostgresReconciler) createOrUpdateWalGExporterDeployment(log logr.Logge
 	matchLabels := labels
 
 	var replicas int32 = 1
-
-	var uid int64 = 65534
-	var gid int64 = 65534
+	var uid int64 = 65534 // nobody
+	var gid int64 = 65534 // nobody
 
 	deploy := &appsv1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
@@ -2106,53 +2099,25 @@ func (r *PostgresReconciler) createOrUpdateWalGExporterDeployment(log logr.Logge
 									},
 								},
 								{
-									Name: "AWS_ACCESS_KEY_ID",
-									ValueFrom: &corev1.EnvVarSource{
-										SecretKeyRef: &corev1.SecretKeySelector{
-											Key: "AWS_ACCESS_KEY_ID",
-											LocalObjectReference: corev1.LocalObjectReference{
-												Name: operatormanager.PodEnvSecretName,
-											},
-										},
-									},
-								},
-								{
-									Name: "AWS_SECRET_ACCESS_KEY",
-									ValueFrom: &corev1.EnvVarSource{
-										SecretKeyRef: &corev1.SecretKeySelector{
-											Key: "AWS_SECRET_ACCESS_KEY",
-											LocalObjectReference: corev1.LocalObjectReference{
-												Name: operatormanager.PodEnvSecretName,
-											},
-										},
-									},
+									Name:  "SCOPE",
+									Value: instance.ToPeripheralResourceName(),
 								},
+							},
+							EnvFrom: []corev1.EnvFromSource{
 								{
-									Name: "AWS_ENDPOINT",
-									ValueFrom: &corev1.EnvVarSource{
-										ConfigMapKeyRef: &corev1.ConfigMapKeySelector{
-											Key: "AWS_ENDPOINT",
-											LocalObjectReference: corev1.LocalObjectReference{
-												Name: operatormanager.PodEnvCMName,
-											},
+									ConfigMapRef: &corev1.ConfigMapEnvSource{
+										LocalObjectReference: corev1.LocalObjectReference{
+											Name: operatormanager.PodEnvCMName,
 										},
 									},
 								},
 								{
-									Name: "AWS_S3_FORCE_PATH_STYLE",
-									ValueFrom: &corev1.EnvVarSource{
-										ConfigMapKeyRef: &corev1.ConfigMapKeySelector{
-											Key: "AWS_S3_FORCE_PATH_STYLE",
-											LocalObjectReference: corev1.LocalObjectReference{
-												Name: operatormanager.PodEnvCMName,
-											},
+									SecretRef: &corev1.SecretEnvSource{
+										LocalObjectReference: corev1.LocalObjectReference{
+											Name: operatormanager.PodEnvSecretName,
 										},
 									},
 								},
-								{
-									Name:  "WALG_S3_PREFIX",
-									Value: "s3://" + b.S3BucketName + "/" + instance.ToPeripheralResourceName(),
-								},
 							},
 							Image: r.WalGExporterImage,
 							Name:  walGExporterName,