updating containers and enabling restic support for azure

[anthonysomerset]

Pulling the list of changes from CHANGELOG

• Feat: Provide existing secret for restic backups #191 enable use of secret for restic environment variables
• Feat: enable use of Azure Blob Storage including AKS Workload Identity for Restic Backups
• Fix: Update Restic Container to v0.17.3
• Fix: Update PuppetBoard container to v6.0.0
• Fix: Update PuppetServer reference to new URL due to deprecating old location and new version schema - v7.17.3-main
• Fix: Update PuppetDB reference to new URL due to deprecating old location and new version schema - v7.20.0-main
• Fix: Update curl, busybox container versions for security patches
• Fix: Does the Helm Chart support puppetserver 8? #210 Readme updates for Puppet 8 upgrade
• Fix: Readme updates for Backup instructions
• Fix: Puppetboard readme image #240 Readme updates to match corrected versions and container image locations
• Fix: fix typo on README.md about .Values.singleCA.enable #235, Update README.md #236 Cosmetic typo about singleCA.enables

the various updates should be self explanatory but to specifically point out the changing container URL and version format for puppetserver/puppetdb as VoxPupuli are deprecating the old container URL in 2025-02

Restic now supports defining an existingSecret (but the chart will not provision it if you do) so that you can securely define the access parameters in a secret going forwards rather than Helm Chart values, the old method still works today (for S3 buckets only!), README is updated to show this with examples

Restic now also supports Azure Workload Identity and Azure Blob storage for backup repo, readme is updated to show an example but configuring workload identity e.g. the configuration of a managed identity and assigning permissions is not detailed in the readme

I have also made some additional notes in the readme to talk about upgrading puppet to v8 as well as clarify the previous notes related to updating the Helm Chart version to avoid confusion

In theory (but untested) the new existingSecret method for restic config allows a user to set any compatible environment value for restic and could therefore support additional backend repos, I have only tested Azure Blob Storage

as all of these changes remain backwards compatible i have only bumped version to 9.6.0 rather than 10.0.0

[ldaneliukas]

I've added some small things to review, great work 👍

[anthonysomerset]

Are we good to get this merged?

i'd like to move on to potential restic restore capabilities as well as formally bumping puppet version to 8 but i don't want to start working without a clean branch to avoid conflicts

[alagoutte]

any news ?

[anthonysomerset]

@alagoutte this is merged over in the new openvox helm chart OpenVoxProject/openvox-helm-chart#1

i suspect that given that Puppet OSS is essentially "dead" this repo is unlikely to get much more meaningful updates going forwards - i have already moved my efforts over to the openvox side of this