From 5155c967d4bdfa3952fae76f63f90904070102d4 Mon Sep 17 00:00:00 2001
From: fraliv13 <5892139+fraliv13@users.noreply.github.com>
Date: Fri, 22 Nov 2024 15:58:22 +0200
Subject: [PATCH 1/2] S3 custom backend support

---
 helm/templates/provisioner-deployment.yaml | 29 +++++++++++++++++++++-
 helm/values.yaml                           |  7 ++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/helm/templates/provisioner-deployment.yaml b/helm/templates/provisioner-deployment.yaml
index ed7f9ec..a7be699 100644
--- a/helm/templates/provisioner-deployment.yaml
+++ b/helm/templates/provisioner-deployment.yaml
@@ -22,6 +22,12 @@ spec:
         app.kubernetes.io/version: {{ .Values.global.tag }}
         app.kubernetes.io/managed-by: "helm"
     spec:
+      {{- if .Values.global.s3.enabled }}
+      volumes:
+        - name: provisioner-secrets
+          secret:
+            secretName: provisioner-secrets
+      {{- end }}
       containers:
       - name: provisioning-controller
         image: "{{ .Values.global.registry }}/platform-controllers:{{ .Values.global.tag }}"
@@ -85,11 +91,21 @@ spec:
               name: azure-config
               key: tenantId
         {{- end }}
+        {{- if eq .Values.global.backend.type "cloud" }}
         - name: PULUMI_ACCESS_TOKEN
           valueFrom:
             secretKeyRef:
               name: provisioner-secrets
               key: pulumiAccessToken
+        {{- else if eq .Values.global.backend.type "custom" }}
+        - name: PULUMI_BACKEND_URL
+          value: {{ .Values.global.backend.customBackedUrl | quote }}
+        - name: PULUMI_CONFIG_PASSPHRASE
+          valueFrom:
+            secretKeyRef:
+              name: provisioner-secrets
+              key: pulumiConfigPassphrase
+        {{- end }}
         {{- if .Values.global.vault.enabled }}
         - name: VAULT_ADDR
           value: "{{ .Values.global.vault.address }}"
@@ -99,8 +115,19 @@ spec:
               name:  provisioner-secrets
               key: vaultAccessToken
         {{- end }}
+        {{- if .Values.global.s3.enabled }}
+        - name: AWS_PROFILE
+          value: "{{ .Values.global.s3.profile }}"
+        {{- end }}
         - name: RUSI_ENABLED
-          value: "{{ .Values.global.rusi.enabled }}"            
+          value: "{{ .Values.global.rusi.enabled }}"
+        {{- if .Values.global.s3.enabled }}
+        volumeMounts:
+          - mountPath: "/home/nonroot/.aws/credentials"
+            name: provisioner-secrets
+            subPath: s3Credentials
+            readOnly: true
+        {{- end }}
         command:
         - "/tenant-provisioner"
         args:
diff --git a/helm/values.yaml b/helm/values.yaml
index 482a8a0..234d83e 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -11,4 +11,11 @@ global:
     enabled: true
   azure:
     enabled: true
+  backend:
+    type: cloud # cloud | custom
+    customBackedUrl: http://minio.minio:9000
+  s3:
+    enabled: false
+    profile: minio
+
 

From d67301bbeae51bb58e51bd90101bc918f6d4b48a Mon Sep 17 00:00:00 2001
From: fraliv13 <5892139+fraliv13@users.noreply.github.com>
Date: Fri, 22 Nov 2024 16:00:35 +0200
Subject: [PATCH 2/2] s3 backend example

---
 helm/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm/values.yaml b/helm/values.yaml
index 234d83e..3dbe8af 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -13,7 +13,7 @@ global:
     enabled: true
   backend:
     type: cloud # cloud | custom
-    customBackedUrl: http://minio.minio:9000
+    customBackedUrl: s3://my-bucket?region=ro&endpoint=http://my-minio-server:9000&disableSSL=true&s3ForcePathStyle=true
   s3:
     enabled: false
     profile: minio