Add configuration to support running WAL-E.

- Set WAL_S3_BUCKET to point WAL-E where to fetch/store WAL files
- Set annotations/iam.amazonaws.com/role to set the role to access AWS"

The new env vairables are PGOP_WAL_S3_BUCKET and PGOP_KUBE_IAM_ROLE.

pkg/cluster/k8sres.go

@@ -105,6 +105,9 @@ bootstrap:
   - hostssl   all all all md5`, pgVersion, c.OpConfig.PamRoleName, c.OpConfig.PamRoleName),
 		},
 	}
+	if c.OpConfig.WALES3Bucket != "" {
+		envVars = append(envVars, v1.EnvVar{Name:  "WAL_S3_BUCKET", Value: c.OpConfig.WALES3Bucket})
+	}
 	privilegedMode := bool(true)
 	container := v1.Container{
 		Name:            c.Metadata.Name,
@@ -153,6 +156,9 @@ bootstrap:
 		},
 		Spec: podSpec,
 	}
+	if c.OpConfig.KubeIAMRole != "" {
+		template.Annotations = map[string]string{constants.KubeIAmAnnotation: c.OpConfig.KubeIAMRole}
+	}
 
 	return &template
 }

pkg/util/config/config.go

@@ -41,6 +41,8 @@ type Config struct {
 	ServiceAccountName string `split_words:"true" default:"operator"`
 	DbHostedZone       string `split_words:"true" default:"db.example.com"`
 	EtcdScope          string `split_words:"true" default:"service"`
+	WALES3Bucket       string `envconfig: "wale_s3_bucket"`
+	KubeIAMRole  	   string `envconfig: "kube_iam_role"`
 	DebugLogging       bool   `split_words:"true" default:"false"`
 }
 

pkg/util/constants/constants.go

@@ -10,5 +10,6 @@ const (
 	PasswordLength           = 64
 	UserSecretTemplate       = "%s.%s.credentials.%s.%s" // Username, ClusterName, TPRName, TPRVendor
 	ZalandoDnsNameAnnotation = "zalando.org/dnsname"
+	KubeIAmAnnotation 		 = "iam.amazonaws.com/role"
 	ResourceName             = TPRName + "s"
 )