[ADD] Adding new resource definitions for e2e test in TLS and mTls mode

These definitions contain below:
- Adding archive
Adding restore
Adding backup
Adding nginx for use reverse proxy in TLS and mTls mode
Adding cert-manager for genrate self-signed issuer

Signed-off-by: poyaz <pooya_azarpour@yahoo.com>

e2e/definitions/annotated-subject/deployment.yaml

@@ -20,6 +20,7 @@ spec:
     spec:
       containers:
       - image: busybox
+        imagePullPolicy: IfNotPresent
         name: dummy-container-blocking-first-position
         command:
         - "/bin/sh"

e2e/definitions/annotated-subject/pod.yaml

@@ -10,6 +10,7 @@ metadata:
 spec:
   containers:
     - image: busybox
+      imagePullPolicy: IfNotPresent
       name: dummy-container-blocking-first-position
       command:
         - "/bin/sh"

e2e/definitions/archive/s3-mtls-archive-mtls.yaml

@@ -0,0 +1,50 @@
+apiVersion: k8up.io/v1
+kind: Archive
+metadata:
+  name: k8up-s3-mtls-archive-mtls
+  namespace: k8up-e2e-subject
+spec:
+  failedJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: 1
+  restoreMethod:
+    options:
+      caCert: /mnt/tls/ca.crt
+      clientCert: /mnt/tls/tls.crt
+      clientKey: /mnt/tls/tls.key
+    s3:
+      endpoint: https://minio-mtls.minio-e2e.svc.cluster.local
+      bucket: archive
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+  backend:
+    repoPasswordSecretRef:
+      name: backup-repo
+      key: password
+    options:
+      caCert: /mnt/tls/ca.crt
+      clientCert: /mnt/tls/tls.crt
+      clientKey: /mnt/tls/tls.key
+    s3:
+      endpoint: https://minio-mtls.minio-e2e.svc.cluster.local
+      bucket: backup
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+    volumeMounts:
+      - name: minio-client-mtls
+        mountPath: /mnt/tls/
+  podSecurityContext:
+    fsGroup: $ID
+    runAsUser: $ID
+  volumes:
+    - name: minio-client-mtls
+      secret:
+        secretName: minio-client-mtls
+        defaultMode: 420

e2e/definitions/archive/s3-mtls-archive-tls.yaml

@@ -0,0 +1,55 @@
+apiVersion: k8up.io/v1
+kind: Archive
+metadata:
+  name: k8up-s3-mtls-archive-tls
+  namespace: k8up-e2e-subject
+spec:
+  failedJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: 1
+  restoreMethod:
+    options:
+      caCert: /mnt/tls/ca.crt
+      clientCert: /mnt/tls/tls.crt
+      clientKey: /mnt/tls/tls.key
+    s3:
+      endpoint: https://minio-mtls.minio-e2e.svc.cluster.local
+      bucket: archive
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+    volumeMounts:
+      - name: minio-client-mtls
+        mountPath: /mnt/tls/
+  backend:
+    repoPasswordSecretRef:
+      name: backup-repo
+      key: password
+    options:
+      caCert: /mnt/ca/ca.crt
+    s3:
+      endpoint: https://minio-tls.minio-e2e.svc.cluster.local
+      bucket: backup
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+    volumeMounts:
+      - name: minio-ca-tls
+        mountPath: /mnt/ca/
+  podSecurityContext:
+    fsGroup: $ID
+    runAsUser: $ID
+  volumes:
+    - name: minio-ca-tls
+      secret:
+        secretName: minio-ca-tls
+        defaultMode: 420
+    - name: minio-client-mtls
+      secret:
+        secretName: minio-client-mtls
+        defaultMode: 420

e2e/definitions/archive/s3-tls-archive-mtls.yaml

@@ -0,0 +1,55 @@
+apiVersion: k8up.io/v1
+kind: Archive
+metadata:
+  name: k8up-s3-tls-archive-mtls
+  namespace: k8up-e2e-subject
+spec:
+  failedJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: 1
+  restoreMethod:
+    options:
+      caCert: /mnt/ca/ca.crt
+    s3:
+      endpoint: https://minio-tls.minio-e2e.svc.cluster.local
+      bucket: archive
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+    volumeMounts:
+      - name: minio-ca-tls
+        mountPath: /mnt/ca/
+  backend:
+    repoPasswordSecretRef:
+      name: backup-repo
+      key: password
+    options:
+      caCert: /mnt/tls/ca.crt
+      clientCert: /mnt/tls/tls.crt
+      clientKey: /mnt/tls/tls.key
+    s3:
+      endpoint: https://minio-mtls.minio-e2e.svc.cluster.local
+      bucket: backup
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+    volumeMounts:
+      - name: minio-client-mtls
+        mountPath: /mnt/tls/
+  podSecurityContext:
+    fsGroup: $ID
+    runAsUser: $ID
+  volumes:
+    - name: minio-ca-tls
+      secret:
+        secretName: minio-ca-tls
+        defaultMode: 420
+    - name: minio-client-mtls
+      secret:
+        secretName: minio-client-mtls
+        defaultMode: 420

e2e/definitions/archive/s3-tls-archive-tls.yaml

@@ -0,0 +1,46 @@
+apiVersion: k8up.io/v1
+kind: Archive
+metadata:
+  name: k8up-s3-tls-archive-tls
+  namespace: k8up-e2e-subject
+spec:
+  failedJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: 1
+  restoreMethod:
+    options:
+      caCert: /mnt/ca/ca.crt
+    s3:
+      endpoint: https://minio-tls.minio-e2e.svc.cluster.local
+      bucket: archive
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+  backend:
+    repoPasswordSecretRef:
+      name: backup-repo
+      key: password
+    options:
+      caCert: /mnt/ca/ca.crt
+    s3:
+      endpoint: https://minio-tls.minio-e2e.svc.cluster.local
+      bucket: backup
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+    volumeMounts:
+      - name: minio-ca-tls
+        mountPath: /mnt/ca/
+  podSecurityContext:
+    fsGroup: $ID
+    runAsUser: $ID
+  volumes:
+    - name: minio-ca-tls
+      secret:
+        secretName: minio-ca-tls
+        defaultMode: 420

e2e/definitions/backup/backup-mtls.yaml

@@ -0,0 +1,36 @@
+apiVersion: k8up.io/v1
+kind: Backup
+metadata:
+  name: k8up-backup-mtls
+  namespace: k8up-e2e-subject
+spec:
+  failedJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: 1
+  backend:
+    repoPasswordSecretRef:
+      name: backup-repo
+      key: password
+    options:
+      caCert: /mnt/tls/ca.crt
+      clientCert: /mnt/tls/tls.crt
+      clientKey: /mnt/tls/tls.key
+    s3:
+      endpoint: https://minio-mtls.minio-e2e.svc.cluster.local
+      bucket: backup
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+    volumeMounts:
+      - name: minio-client-mtls
+        mountPath: /mnt/tls/
+  podSecurityContext:
+    fsGroup: $ID
+    runAsUser: $ID
+  volumes:
+    - name: minio-client-mtls
+      secret:
+        secretName: minio-client-mtls
+        defaultMode: 420

e2e/definitions/backup/backup-tls.yaml

@@ -0,0 +1,34 @@
+apiVersion: k8up.io/v1
+kind: Backup
+metadata:
+  name: k8up-backup-tls
+  namespace: k8up-e2e-subject
+spec:
+  failedJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: 1
+  backend:
+    repoPasswordSecretRef:
+      name: backup-repo
+      key: password
+    options:
+      caCert: /mnt/ca/ca.crt
+    s3:
+      endpoint: https://minio-tls.minio-e2e.svc.cluster.local
+      bucket: backup
+      accessKeyIDSecretRef:
+        name: backup-credentials
+        key: username
+      secretAccessKeySecretRef:
+        name: backup-credentials
+        key: password
+    volumeMounts:
+      - name: minio-ca-tls
+        mountPath: /mnt/ca/
+  podSecurityContext:
+    fsGroup: $ID
+    runAsUser: $ID
+  volumes:
+    - name: minio-ca-tls
+      secret:
+        secretName: minio-ca-tls
+        defaultMode: 420

e2e/definitions/backup/backup.yaml

@@ -11,7 +11,7 @@ spec:
       name: backup-repo
       key: password
     s3:
-      endpoint: http://minio.minio.svc.cluster.local:9000
+      endpoint: http://minio.minio-e2e.svc.cluster.local:9000
       bucket: backup
       accessKeyIDSecretRef:
         name: backup-credentials

e2e/definitions/cert/issure.yaml

@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+  namespace: minio-e2e
+spec:
+  selfSigned: { }

e2e/definitions/cert/minio-ca.yaml

@@ -0,0 +1,30 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: minio-root-ca
+  namespace: minio-e2e
+spec:
+  isCA: true
+  commonName: minio-root-ca
+  subject:
+    organizations:
+      - Minio
+  secretName: minio-root-ca
+  duration: 17520h0m0s
+  renewBefore: 2190h0m0s
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-issuer
+    kind: Issuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: minio-intermediate-ca
+  namespace: minio-e2e
+spec:
+  ca:
+    secretName: minio-root-ca

e2e/definitions/cert/minio-mtls.yaml

@@ -0,0 +1,36 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: minio-server-mtls
+  namespace: minio-e2e
+spec:
+  isCA: false
+  secretName: minio-server-mtls
+  dnsNames:
+    - minio-mtls.minio-e2e.svc.cluster.local
+    - minio-mtls.minio-e2e
+    - minio-mtls
+  issuerRef:
+    name: minio-intermediate-ca
+  duration: 8760h
+  renewBefore: 2190h
+  usages:
+    - server auth
+    - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: minio-client-mtls
+  namespace: minio-e2e
+spec:
+  secretName: minio-client-mtls
+  isCA: false
+  duration: 2160h
+  renewBefore: 720m
+  usages:
+    - server auth
+    - client auth
+  commonName: "minio-mtls"
+  issuerRef:
+    name: minio-intermediate-ca