percona · gkech · Jul 8, 2025 · Jul 8, 2025 · Jul 8, 2025 · Jul 8, 2025
@@ -8340,8 +8340,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -16,6 +16,14 @@ if [[ -n $STORAGE_ENDPOINT ]]; then
 	args+=(-endpoint "$STORAGE_ENDPOINT")
 fi
 
+if [[ ${STORAGE_DISABLE_SSL} == "true" ]]; then
+	args+=(-disable-ssl)
+fi
+
+if [[ ${STORAGE_FORCE_PATH_STYLE} == "true" ]]; then
+	args+=(-force-path-style)
+fi
+
 for key in "${extensions[@]}"; do
 	if [ -f "${PGDATA_EXTENSIONS}"/"${key}".installed ]; then
 		echo "Extension ${key} already installed"

@@ -12,7 +12,7 @@ import (
 
 func main() {
 	var storageType, endpoint, region, bucket, key, extensionPath string
-	var install, uninstall bool
+	var install, uninstall, forcePathStyle, disableSSL bool
 
 	flag.StringVar(&storageType, "type", "", "Storage type")
 	flag.StringVar(&endpoint, "endpoint", "", "Storage endpoint")
@@ -23,6 +23,8 @@ func main() {
 
 	flag.BoolVar(&install, "install", false, "Install extension")
 	flag.BoolVar(&uninstall, "uninstall", false, "Uninstall extension")
+	flag.BoolVar(&forcePathStyle, "force-path-style", false, "Force path style")
+	flag.BoolVar(&disableSSL, "disable-ssl", false, "Disable SSL")
 	flag.Parse()
 
 	if (install && uninstall) || (!install && !uninstall) {
@@ -31,7 +33,7 @@ func main() {
 
 	log.Printf("starting extension installer for %s/%s (%s) in %s", bucket, key, storageType, region)
 
-	storage := initStorage(extensions.StorageType(storageType), endpoint, bucket, region)
+	storage := initStorage(extensions.StorageType(storageType), endpoint, bucket, region, forcePathStyle, disableSSL)
 
 	packageName := key + ".tar.gz"
 
@@ -70,10 +72,10 @@ func main() {
 	}
 }
 
-func initStorage(storageType extensions.StorageType, endpoint, bucket, region string) extensions.ObjectGetter {
+func initStorage(storageType extensions.StorageType, endpoint, bucket, region string, s3ForcePathStyle, disableSSL bool) extensions.ObjectGetter {
 	switch storageType {
 	case extensions.StorageTypeS3:
-		return extensions.NewS3(endpoint, region, bucket)
+		return extensions.NewS3(endpoint, region, bucket, s3ForcePathStyle, disableSSL)
 	default:
 		log.Fatalf("unknown storage type: %s", os.Getenv("STORAGE_TYPE"))
 	}

@@ -8747,8 +8747,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -9044,8 +9044,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -629,6 +629,8 @@ spec:
 #      bucket: pg-extensions
 #      region: eu-central-1
 #      endpoint: s3.eu-central-1.amazonaws.com
+#      forcePathStyle: false
+#      disableSSL: false
 #      secret:
 #        name: cluster1-extensions-secret
 #    builtin:

@@ -9044,8 +9044,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -9044,8 +9044,12 @@ spec:
                     properties:
                       bucket:
                         type: string
+                      disableSSL:
+                        type: string
                       endpoint:
                         type: string
+                      forcePathStyle:
+                        type: string
                       region:
                         type: string
                       secret:

@@ -806,17 +806,17 @@ func (r *PGClusterReconciler) reconcileCustomExtensions(ctx context.Context, cr
 
 	for i := 0; i < len(cr.Spec.InstanceSets); i++ {
 		set := &cr.Spec.InstanceSets[i]
-		set.InitContainers = append(set.InitContainers, extensions.ExtensionRelocatorContainer(
+		set.InitContainers = append(set.InitContainers, extensions.RelocatorContainer(
 			cr, cr.PostgresImage(), cr.Spec.ImagePullPolicy, cr.Spec.PostgresVersion,
 		))
-		set.InitContainers = append(set.InitContainers, extensions.ExtensionInstallerContainer(
+		set.InitContainers = append(set.InitContainers, extensions.InstallerContainer(
 			cr,
 			cr.Spec.PostgresVersion,
 			&cr.Spec.Extensions,
 			strings.Join(extensionKeys, ","),
 			cr.Spec.OpenShift,
 		))
-		set.VolumeMounts = append(set.VolumeMounts, extensions.ExtensionVolumeMounts(cr.Spec.PostgresVersion)...)
+		set.VolumeMounts = append(set.VolumeMounts, extensions.VolumeMounts(cr.Spec.PostgresVersion)...)
 	}
 	return nil
 }

@@ -180,11 +180,11 @@ func (r *PGUpgradeReconciler) createPGUpgrade(ctx context.Context, cluster *pgv2
 			extensionKeys = append(extensionKeys, key)
 		}
 
-		pgUpgrade.Spec.InitContainers = append(pgUpgrade.Spec.InitContainers, extensions.ExtensionRelocatorContainer(
+		pgUpgrade.Spec.InitContainers = append(pgUpgrade.Spec.InitContainers, extensions.RelocatorContainer(
 			cluster, *perconaPGUpgrade.Spec.Image, cluster.Spec.ImagePullPolicy, pgVersion,
 		))
 
-		pgUpgrade.Spec.InitContainers = append(pgUpgrade.Spec.InitContainers, extensions.ExtensionInstallerContainer(
+		pgUpgrade.Spec.InitContainers = append(pgUpgrade.Spec.InitContainers, extensions.InstallerContainer(
 			cluster,
 			pgVersion,
 			&cluster.Spec.Extensions,
@@ -194,7 +194,7 @@ func (r *PGUpgradeReconciler) createPGUpgrade(ctx context.Context, cluster *pgv2
 	}
 
 	// we're only adding the volume mounts for target version since current volume mounts are already mounted
-	pgUpgrade.Spec.VolumeMounts = append(pgUpgrade.Spec.VolumeMounts, extensions.ExtensionVolumeMounts(
+	pgUpgrade.Spec.VolumeMounts = append(pgUpgrade.Spec.VolumeMounts, extensions.VolumeMounts(
 		perconaPGUpgrade.Spec.ToPostgresVersion)...,
 	)
 

@@ -13,16 +13,11 @@ func GetExtensionKey(pgMajor int, name, version string) string {
 	return fmt.Sprintf("%s-pg%d-%s", name, pgMajor, version)
 }
 
-// ExtensionRelocatorContainer returns a container that will relocate extensions from the base image (i.e. pg_stat_monitor, pg_audit)
+// RelocatorContainer returns a container that will relocate extensions from the base image (i.e. pg_stat_monitor, pg_audit)
 // to the data directory so we don't lose them when user adds a custom extension.
-func ExtensionRelocatorContainer(cr *pgv2.PerconaPGCluster, image string, imagePullPolicy corev1.PullPolicy, postgresVersion int) corev1.Container {
-	containerName := "extension-relocator"
-	if cr.CompareVersion("2.4.0") >= 0 {
-		containerName = fmt.Sprintf("extension-relocator-%d", postgresVersion)
-	}
-
+func RelocatorContainer(_ *pgv2.PerconaPGCluster, image string, imagePullPolicy corev1.PullPolicy, postgresVersion int) corev1.Container {
 	return corev1.Container{
-		Name:            containerName,
+		Name:            fmt.Sprintf("extension-relocator-%d", postgresVersion),
 		Image:           image,
 		ImagePullPolicy: imagePullPolicy,
 		Command:         []string{"/usr/local/bin/relocate-extensions.sh"},
@@ -41,22 +36,17 @@ func ExtensionRelocatorContainer(cr *pgv2.PerconaPGCluster, image string, imageP
 	}
 }
 
-func ExtensionInstallerContainer(cr *pgv2.PerconaPGCluster, postgresVersion int, spec *pgv2.ExtensionsSpec, extensions string, openshift *bool) corev1.Container {
+func InstallerContainer(cr *pgv2.PerconaPGCluster, postgresVersion int, spec *pgv2.ExtensionsSpec, extensions string, openshift *bool) corev1.Container {
 	mounts := []corev1.VolumeMount{
 		{
 			Name:      "postgres-data",
 			MountPath: "/pgdata",
 		},
 	}
-	mounts = append(mounts, ExtensionVolumeMounts(postgresVersion)...)
-
-	containerName := "extension-installer"
-	if cr.CompareVersion("2.4.0") >= 0 {
-		containerName = fmt.Sprintf("extension-installer-%d", postgresVersion)
-	}
+	mounts = append(mounts, VolumeMounts(postgresVersion)...)
 
 	container := corev1.Container{
-		Name:            containerName,
+		Name:            fmt.Sprintf("extension-installer-%d", postgresVersion),
 		Image:           spec.Image,
 		ImagePullPolicy: spec.ImagePullPolicy,
 		Command:         []string{"/usr/local/bin/install-extensions.sh"},
@@ -100,6 +90,24 @@ func ExtensionInstallerContainer(cr *pgv2.PerconaPGCluster, postgresVersion int,
 		VolumeMounts: mounts,
 	}
 
+	if cr.CompareVersion("2.8.0") >= 0 {
+		// Check whether the configuration exists so that existing e2e tests
+		// that do not set these values are not affected.
+		if spec.Storage.DisableSSL != "" {
+			container.Env = append(container.Env, corev1.EnvVar{
+				Name:  "STORAGE_DISABLE_SSL",
+				Value: spec.Storage.DisableSSL,
+			})
+		}
+
+		if spec.Storage.ForcePathStyle != "" {
+			container.Env = append(container.Env, corev1.EnvVar{
+				Name:  "STORAGE_FORCE_PATH_STYLE",
+				Value: spec.Storage.ForcePathStyle,
+			})
+		}
+	}
+
 	if openshift == nil || !*openshift {
 		container.SecurityContext = &corev1.SecurityContext{
 			RunAsUser: func() *int64 {
@@ -112,7 +120,7 @@ func ExtensionInstallerContainer(cr *pgv2.PerconaPGCluster, postgresVersion int,
 	return container
 }
 
-func ExtensionVolumeMounts(postgresVersion int) []corev1.VolumeMount {
+func VolumeMounts(postgresVersion int) []corev1.VolumeMount {
 	return []corev1.VolumeMount{
 		{
 			Name:      "postgres-data",

@@ -15,8 +15,11 @@ type S3 struct {
 	svc *s3.S3
 }
 
-func NewS3(endpoint, region, bucket string) *S3 {
-	cfg := aws.NewConfig().WithRegion(region)
+func NewS3(endpoint, region, bucket string, s3ForcePathStyle, disableSSL bool) *S3 {
+	cfg := aws.NewConfig().
+		WithRegion(region).
+		WithDisableSSL(disableSSL).
+		WithS3ForcePathStyle(s3ForcePathStyle)
 
 	if endpoint != "" {
 		cfg = cfg.WithEndpoint(endpoint)

@@ -12,7 +12,5 @@ type ObjectGetter interface {
 type StorageType string
 
 const (
-	StorageTypeS3    StorageType = "s3"
-	StorageTypeGCS   StorageType = "gcs"
-	StorageTypeAzure StorageType = "azure"
+	StorageTypeS3 StorageType = "s3"
 )
@@ -628,11 +628,13 @@ type CustomExtensionSpec struct {
 
 type CustomExtensionsStorageSpec struct {
 	// +kubebuilder:validation:Enum={s3,gcs,azure}
-	Type     string                   `json:"type,omitempty"`
-	Bucket   string                   `json:"bucket,omitempty"`
-	Region   string                   `json:"region,omitempty"`
-	Endpoint string                   `json:"endpoint,omitempty"`
-	Secret   *corev1.SecretProjection `json:"secret,omitempty"`
+	Type           string                   `json:"type,omitempty"`
+	Bucket         string                   `json:"bucket,omitempty"`
+	Region         string                   `json:"region,omitempty"`
+	Endpoint       string                   `json:"endpoint,omitempty"`
+	ForcePathStyle string                   `json:"forcePathStyle,omitempty"`
+	DisableSSL     string                   `json:"disableSSL,omitempty"`
+	Secret         *corev1.SecretProjection `json:"secret,omitempty"`
 }
 
 type BuiltInExtensionsSpec struct {