percona · gkech · Jul 8, 2025 · Jul 8, 2025 · Jul 8, 2025 · Jul 8, 2025
@@ -8340,8 +8340,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -16,6 +16,14 @@ if [[ -n $STORAGE_ENDPOINT ]]; then
 	args+=(-endpoint "$STORAGE_ENDPOINT")
 fi
 
+if [[ ${STORAGE_DISABLE_SSL} == "true" ]]; then
+	args+=(-disable-ssl)
+fi
+
+if [[ ${STORAGE_FORCE_PATH_STYLE} == "true" ]]; then
+	args+=(-force-path-style)
+fi
+
 for key in "${extensions[@]}"; do
 	if [ -f "${PGDATA_EXTENSIONS}"/"${key}".installed ]; then
 		echo "Extension ${key} already installed"

@@ -12,7 +12,7 @@ import (
 
 func main() {
 	var storageType, endpoint, region, bucket, key, extensionPath string
-	var install, uninstall bool
+	var install, uninstall, forcePathStyle, disableSSL bool
 
 	flag.StringVar(&storageType, "type", "", "Storage type")
 	flag.StringVar(&endpoint, "endpoint", "", "Storage endpoint")
@@ -23,6 +23,8 @@ func main() {
 
 	flag.BoolVar(&install, "install", false, "Install extension")
 	flag.BoolVar(&uninstall, "uninstall", false, "Uninstall extension")
+	flag.BoolVar(&forcePathStyle, "force-path-style", false, "Force path style")
+	flag.BoolVar(&disableSSL, "disable-ssl", false, "Disable SSL")
 	flag.Parse()
 
 	if (install && uninstall) || (!install && !uninstall) {
@@ -31,7 +33,7 @@ func main() {
 
 	log.Printf("starting extension installer for %s/%s (%s) in %s", bucket, key, storageType, region)
 
-	storage := initStorage(extensions.StorageType(storageType), endpoint, bucket, region)
+	storage := initStorage(extensions.StorageType(storageType), endpoint, bucket, region, forcePathStyle, disableSSL)
 
 	packageName := key + ".tar.gz"
 
@@ -70,10 +72,10 @@ func main() {
 	}
 }
 
-func initStorage(storageType extensions.StorageType, endpoint, bucket, region string) extensions.ObjectGetter {
+func initStorage(storageType extensions.StorageType, endpoint, bucket, region string, s3ForcePathStyle, disableSSL bool) extensions.ObjectGetter {
 	switch storageType {
 	case extensions.StorageTypeS3:
-		return extensions.NewS3(endpoint, region, bucket)
+		return extensions.NewS3(endpoint, region, bucket, s3ForcePathStyle, disableSSL)
 	default:
 		log.Fatalf("unknown storage type: %s", os.Getenv("STORAGE_TYPE"))
 	}

@@ -8747,8 +8747,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -9044,8 +9044,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -629,6 +629,8 @@ spec:
 #      bucket: pg-extensions
 #      region: eu-central-1
 #      endpoint: s3.eu-central-1.amazonaws.com
+#      forcePathStyle: false
+#      disableSSL: false
 #      secret:
 #        name: cluster1-extensions-secret
 #    builtin:

@@ -9044,8 +9044,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -9044,8 +9044,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -125,6 +125,56 @@ get_operator_pod() {
 	echo $(kubectl get pods -n "${OPERATOR_NS:-$NAMESPACE}" --selector=app.kubernetes.io/name=percona-postgresql-operator -o jsonpath='{.items[].metadata.name}')
 }
 
+retry() {
+	local max=$1
+	local delay=$2
+	shift 2 # cut delay and max args
+	local n=1
+
+	until "$@"; do
+		if [[ $n -ge $max ]]; then
+			echo "The command ${*} has failed after $n attempts."
+			exit 1
+		fi
+		((n++))
+		sleep $delay
+	done
+}
+
+deploy_minio() {
+	local access_key
+	local secret_key
+	access_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 -d)"
+	secret_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 -d)"
+
+	helm uninstall -n "${NAMESPACE}" minio-service || :
+	helm repo remove minio || :
+	helm repo add minio https://charts.min.io/
+	retry 10 60 helm install minio-service \
+		-n "${NAMESPACE}" \
+		--version "${MINIO_VER}" \
+		--set replicas=1 \
+		--set mode=standalone \
+		--set resources.requests.memory=256Mi \
+		--set rootUser=rootuser \
+		--set rootPassword=rootpass123 \
+		--set "users[0].accessKey"="$(printf '%q' "$(printf '%q' "$access_key")")" \
+		--set "users[0].secretKey"="$(printf '%q' "$(printf '%q' "$secret_key")")" \
+		--set "users[0].policy"=consoleAdmin \
+		--set service.type=ClusterIP \
+		--set configPathmc=/tmp/.minio/ \
+		--set persistence.size=2G \
+		--set securityContext.enabled=false \
+		minio/minio
+	MINIO_POD=$(kubectl -n "${NAMESPACE}" get pods --selector=release=minio-service -o 'jsonpath={.items[].metadata.name}')
+	wait_pod $MINIO_POD
+
+	# create bucket
+	kubectl -n "${NAMESPACE}" run -i --rm aws-cli --image=perconalab/awscli --restart=Never -- \
+		bash -c "AWS_ACCESS_KEY_ID='$access_key' AWS_SECRET_ACCESS_KEY='$secret_key' AWS_DEFAULT_REGION=us-east-1 \
+		/usr/bin/aws --endpoint-url http://minio-service:9000 s3 mb s3://operator-testing"
+}
+
 deploy_s3_secrets() {
 	set +o xtrace
 	printf "[global]\nrepo1-s3-key=%s\nrepo1-s3-key-secret=%s\n" \
@@ -147,6 +197,7 @@ deploy_s3_secrets() {
 			;;
 		"custom-extensions" | "major-upgrade")
 			kubectl -n "${NAMESPACE}" apply -f "${TESTS_CONFIG_DIR}/cloud-secret.yml"
+			kubectl -n "${NAMESPACE}" apply -f "${TESTS_CONFIG_DIR}/minio-secret.yml"
 			;;
 		*)
 			kubectl -n "${NAMESPACE}" create secret generic "${test_name}-pgbackrest-secrets" --from-file=cloud.conf="${TEMP_DIR}/pgbackrest-secret.ini"
@@ -229,13 +280,20 @@ get_cr() {
 				.spec.backups.pgbackrest.repos += [{"name":"repo3","azure":{"container":"'$BUCKET'"}}]
 				' $TEMP_DIR/cr.yaml
 			;;
-		"custom-extensions" | "major-upgrade")
+		"major-upgrade")
 			yq eval -i '
 				.spec.extensions.image = "'$IMAGE'" |
 				.spec.extensions.imagePullPolicy = "Always" |
 				.spec.extensions.storage = {"type": "s3", "bucket": "pg-extensions", "region": "eu-central-1", "secret": {"name": "aws-s3-secret"}}
 			    ' $TEMP_DIR/cr.yaml
 			;;
+		"custom-extensions")
+			yq eval -i '
+				.spec.extensions.image = "'$IMAGE'" |
+				.spec.extensions.imagePullPolicy = "Always" |
+				.spec.extensions.storage = {"type": "s3", "bucket": "operator-testing", "region": "us-east-1", "endpoint": "http://minio-service:9000", "forcePathStyle": "true", "disableSSL": "true", "secret": {"name": "minio-secret"}}
+			    ' $TEMP_DIR/cr.yaml
+			;;
 	esac
 	cat $TEMP_DIR/cr.yaml
 }
@@ -276,12 +334,52 @@ get_psql_user_host() {
 	kubectl -n ${NAMESPACE} get "secret/${secret_name}" --template='{{.data.host | base64decode }}'
 }
 
+get_aws_access_key() {
+	local secret_name=${1}
+
+	kubectl -n ${NAMESPACE} get "secret/${secret_name}" --template='{{.data.AWS_SECRET_ACCESS_KEY | base64decode }}'
+}
+
+get_aws_access_key_id() {
+	local secret_name=${1}
+
+	kubectl -n ${NAMESPACE} get "secret/${secret_name}" --template='{{.data.AWS_ACCESS_KEY_ID | base64decode }}'
+}
+
+get_psql_user_host() {
+	local secret_name=${1}
+
+	kubectl -n ${NAMESPACE} get "secret/${secret_name}" --template='{{.data.host | base64decode }}'
+}
 get_instance_set_pods() {
 	local instance=${1:-instance1}
 
 	kubectl get pods -n ${NAMESPACE} --selector postgres-operator.crunchydata.com/instance-set=${instance} -o custom-columns='NAME:.metadata.name' --no-headers
 }
 
+copy_custom_extensions_form_aws() {
+	set +o xtrace
+
+	access_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 -d)"
+	secret_key="$(kubectl -n "${NAMESPACE}" get secret minio-secret -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 -d)"
+
+	kubectl -n "${NAMESPACE}" run -i --rm aws-cli \
+		--image=perconalab/awscli \
+		--restart=Never -- \
+		bash -c "
+		AWS_ACCESS_KEY_ID=$(get_aws_access_key_id aws-s3-secret) \
+		AWS_SECRET_ACCESS_KEY=$(get_aws_access_key aws-s3-secret) \
+		AWS_DEFAULT_REGION=eu-central-1 \
+		/usr/bin/aws --endpoint-url https://s3.amazonaws.com s3 cp s3://pg-extensions/ /tmp/ --recursive &&
+
+		AWS_ACCESS_KEY_ID='${access_key}' \
+		AWS_SECRET_ACCESS_KEY='${secret_key}' \
+		AWS_DEFAULT_REGION=us-east-1 \
+		/usr/bin/aws --endpoint-url http://minio-service:9000 s3 cp /tmp/ s3://operator-testing/ --recursive
+	  "
+	set -o xtrace
+}
+
 get_psql_pod_host() {
 	local pod=${1}
 

@@ -12,3 +12,5 @@ commands:
       deploy_operator
       deploy_client
       deploy_s3_secrets
+      deploy_minio
+      copy_custom_extensions_form_aws
@@ -35,15 +35,19 @@ spec:
           value: s3
         - name: STORAGE_ENDPOINT
         - name: STORAGE_REGION
-          value: eu-central-1
+          value: us-east-1
         - name: STORAGE_BUCKET
-          value: pg-extensions
+          value: operator-testing
         - name: INSTALL_EXTENSIONS
         - name: PG_VERSION
         - name: PGDATA_EXTENSIONS
+        - name: STORAGE_DISABLE_SSL
+          value: "true"
+        - name: STORAGE_FORCE_PATH_STYLE
+          value: "true"
         envFrom:
         - secretRef:
-            name: aws-s3-secret
+            name: minio-secret
         resources: {}
         volumeMounts:
         - mountPath: /pgdata

@@ -11,4 +11,4 @@ spec:
     dynamicConfiguration:
       postgresql:
         parameters:
-          shared_preload_libraries: pg_cron
+          shared_preload_libraries: pg_cron
@@ -35,15 +35,19 @@ spec:
           value: s3
         - name: STORAGE_ENDPOINT
         - name: STORAGE_REGION
-          value: eu-central-1
+          value: us-east-1
         - name: STORAGE_BUCKET
-          value: pg-extensions
+          value: operator-testing
         - name: INSTALL_EXTENSIONS
         - name: PG_VERSION
         - name: PGDATA_EXTENSIONS
+        - name: STORAGE_DISABLE_SSL
+          value: "true"
+        - name: STORAGE_FORCE_PATH_STYLE
+          value: "true"
         envFrom:
         - secretRef:
-            name: aws-s3-secret
+            name: minio-secret
         resources: {}
         volumeMounts:
         - mountPath: /pgdata

@@ -37,15 +37,19 @@ spec:
           value: s3
         - name: STORAGE_ENDPOINT
         - name: STORAGE_REGION
-          value: eu-central-1
+          value: us-east-1
         - name: STORAGE_BUCKET
-          value: pg-extensions
+          value: operator-testing
         - name: INSTALL_EXTENSIONS
         - name: PG_VERSION
         - name: PGDATA_EXTENSIONS
+        - name: STORAGE_DISABLE_SSL
+          value: "true"
+        - name: STORAGE_FORCE_PATH_STYLE
+          value: "true"
         envFrom:
         - secretRef:
-            name: aws-s3-secret
+            name: minio-secret
         resources: {}
         volumeMounts:
         - mountPath: /pgdata