Added support for generic s3 endpoints and deprecate MinIO specific config

Bledi Feshti · Bledi Feshti · commit 4bfdc44a848b · 2025-01-20T22:43:42.000+01:00
diff --git a/modules/ROOT/pages/kubernetes/operations/backup-restore.adoc b/modules/ROOT/pages/kubernetes/operations/backup-restore.adoc
@@ -287,15 +287,30 @@ You need to create the persistent volume and persistent volume claim before inst
 For more information, see xref:kubernetes/persistent-volumes.adoc[Volume mounts and persistent volumes].
 ====
 
-==== Configure the _backup-values.yaml_ file for using MinIO
+==== Configure S3-compatible Storage Endpoints
 
-MinIO is an AWS S3-compatible object storage API.
-You can specify the `minioEndpoint` parameter in the _backup-values.yaml_ file to push your backups to your MinIO bucket.
-This endpoint must be a s3 API endpoint or else the backup Helm chart will fail.
-Only non-TLS/SSL endpoints are supported.
-For example:
+The backup system supports any S3-compatible storage service. You can configure both TLS and non-TLS endpoints using the following parameters in your _backup-values.yaml_ file:
 
-[source, yaml, role='noheader']
+[source, yaml]
+----
+backup:
+  # Specify your S3-compatible endpoint (e.g., https://s3.amazonaws.com or your custom endpoint)
+  s3Endpoint: "https://s3.custom-provider.com"
+  
+  # Enable TLS for secure connections (default: false)
+  s3EndpointTLS: true
+  
+  # Optional: Provide a base64-encoded CA certificate for custom certificate authorities
+  s3CACert: "base64_encoded_ca_cert_data"
+  
+  # Optional: Skip TLS verification (not recommended for production)
+  s3SkipVerify: false
+----
+
+===== Configuration Examples
+
+.AWS S3 Standard Endpoint
+[source, yaml]
 ----
 neo4j:
   image: "neo4j/helm-charts-backup"
@@ -307,8 +322,9 @@ neo4j:
 
 backup:
   bucketName: "my-bucket"
-  databaseAdminServiceName:  "standalone-admin"
-  minioEndpoint: "http://demo.minio.svc.cluster.local:9000"
+  databaseAdminServiceName: "standalone-admin"
+  s3Endpoint: "https://s3.amazonaws.com"
+  s3EndpointTLS: true
   database: "neo4j,system"
   cloudProvider: "aws"
   secretName: "awscreds"
@@ -318,6 +334,40 @@ consistencyCheck:
   enabled: true
 ----
 
+.Custom S3-compatible Provider with Self-signed Certificate
+[source, yaml]
+----
+backup:
+  bucketName: "my-bucket"
+  s3Endpoint: "https://custom-s3.example.com"
+  s3EndpointTLS: true
+  s3CACert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t..."  # Base64-encoded CA cert
+  cloudProvider: "aws"
+  secretName: "awscreds"
+  secretKeyName: "credentials"
+----
+
+.Legacy MinIO Support (Deprecated)
+[source, yaml]
+----
+backup:
+  bucketName: "my-bucket"
+  databaseAdminServiceName: "standalone-admin"
+  minioEndpoint: "http://minio.example.com:9000"  # Deprecated: Use s3Endpoint instead
+  database: "neo4j,system"
+  cloudProvider: "aws"
+  secretName: "awscreds"
+  secretKeyName: "credentials"
+----
+
+[IMPORTANT]
+====
+* The `s3EndpointTLS` parameter must be set to `true` when using HTTPS endpoints
+* When using custom CA certificates, provide them base64-encoded in the `s3CACert` parameter
+* The `s3SkipVerify` parameter should only be used in development environments
+* Legacy MinIO support through the `minioEndpoint` parameter is deprecated - use `s3Endpoint` instead
+====
+
 
 [[kubernetes-neo4j-backup-on-prem]]
 == Prepare to back up a database(s) to on-premises storage
