[Feature] Extend DebugPackage with Debug files (#1929)

Author: ajanikow

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## [master](https://github.com/arangodb/kube-arangodb/tree/master) (N/A)
 - (Feature) (Platform) Storage Debug
+- (Feature) Extend DebugPackage with Debug files
 
 ## [1.2.50](https://github.com/arangodb/kube-arangodb/tree/1.2.50) (2025-07-04)
 - (Feature) (Platform) MetaV1 Integration Service

docs/cli/arangodb_operator_ops.md

@@ -101,6 +101,7 @@ Usage:
   arangodb_operator_ops debug-package [flags]
 
 Flags:
+      --debug-package-files                     Collect Debug files from Storage
       --generator.arango-analytics-gae          Define if generator arango-analytics-gae is enabled (default true)
       --generator.arango-backup-backup          Define if generator arango-backup-backup is enabled (default true)
       --generator.arango-backup-backuppolicy    Define if generator arango-backup-backuppolicy is enabled (default true)

integrations/shutdown/v1/impl.go

@@ -103,6 +103,7 @@ func (i *impl) Close() error {
 				k := goStrings.TrimPrefix(p, i.cfg.Debug.Path)
 
 				prefix := []string{
+					"debug",
 					"pod",
 				}
 

integrations/storage/v2/object.go

@@ -0,0 +1,113 @@
+//
+// DISCLAIMER
+//
+// Copyright 2025 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v2
+
+import (
+	"context"
+	"net/url"
+
+	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	pbImplStorageV2Shared "github.com/arangodb/kube-arangodb/integrations/storage/v2/shared"
+	pbImplStorageV2SharedS3 "github.com/arangodb/kube-arangodb/integrations/storage/v2/shared/s3"
+	platformApi "github.com/arangodb/kube-arangodb/pkg/apis/platform/v1alpha1"
+	awsHelper "github.com/arangodb/kube-arangodb/pkg/util/aws"
+	"github.com/arangodb/kube-arangodb/pkg/util/constants"
+	"github.com/arangodb/kube-arangodb/pkg/util/errors"
+	"github.com/arangodb/kube-arangodb/pkg/util/kclient"
+)
+
+func NewIOFromObject(ctx context.Context, client kclient.Client, in *platformApi.ArangoPlatformStorage) (pbImplStorageV2Shared.IO, error) {
+	if err := in.Spec.Validate(); err != nil {
+		return nil, err
+	}
+
+	if backend := in.Spec.Backend; backend != nil {
+		if s3Spec := backend.S3; s3Spec != nil {
+			var config awsHelper.Config
+
+			if v := s3Spec.CASecret; v != nil {
+				secret, err := client.Kubernetes().CoreV1().Secrets(v.GetNamespace(in)).Get(ctx, v.GetName(), meta.GetOptions{})
+				if err != nil {
+					return nil, errors.WithMessage(err, "Failed to get S3 secret")
+				}
+
+				q, ok := secret.Data[constants.SecretCACertificate]
+				if !ok {
+					return nil, errors.WithMessagef(err, "Failed to get S3 secret %s data: Key %s not found", secret.GetName(), constants.SecretCACertificate)
+				}
+
+				config.TLS.CABytes = [][]byte{q}
+			}
+
+			if v := s3Spec.CredentialsSecret; v != nil {
+				secret, err := client.Kubernetes().CoreV1().Secrets(v.GetNamespace(in)).Get(ctx, v.GetName(), meta.GetOptions{})
+				if err != nil {
+					return nil, errors.WithMessage(err, "Failed to get S3 secret")
+				}
+
+				sk, ok := secret.Data[constants.SecretCredentialsSecretKey]
+				if !ok {
+					return nil, errors.Errorf("Failed to get S3 secret %s data: Key %s not found", secret.GetName(), constants.SecretCredentialsSecretKey)
+				}
+
+				ak, ok := secret.Data[constants.SecretCredentialsAccessKey]
+				if !ok {
+					return nil, errors.Errorf("Failed to get S3 secret %s data: Key %s not found", secret.GetName(), constants.SecretCredentialsAccessKey)
+				}
+
+				config.Provider.Static.AccessKeyID = string(ak)
+				config.Provider.Static.SecretAccessKey = string(sk)
+				config.Provider.Type = awsHelper.ProviderTypeStatic
+			}
+
+			if v := s3Spec.AllowInsecure; v != nil {
+				config.TLS.Insecure = *v
+			}
+
+			{
+				if e := s3Spec.GetEndpoint(); e != "" {
+					endpointURL, err := url.Parse(s3Spec.GetEndpoint())
+
+					if err != nil {
+						return nil, errors.WithMessagef(err, "Failed to parse url: %s", s3Spec.GetEndpoint())
+					}
+					disableSSL := endpointURL.Scheme == "http"
+
+					config.DisableSSL = disableSSL
+				}
+			}
+
+			config.Endpoint = s3Spec.GetEndpoint()
+			config.Region = s3Spec.GetRegion()
+
+			var cfg pbImplStorageV2SharedS3.Configuration
+
+			cfg.BucketName = s3Spec.GetBucketName()
+			cfg.BucketPrefix = s3Spec.GetBucketPrefix()
+			cfg.Client = config
+
+			return cfg.New()
+		}
+	}
+
+	return nil, errors.Errorf("Unable to init the storage")
+}

integrations/storage/v2/shared/io.go

@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2024 ArangoDB GmbH, Cologne, Germany
+// Copyright 2024-2025 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -62,3 +62,25 @@ type IO interface {
 	Delete(ctx context.Context, key string) (bool, error)
 	List(ctx context.Context, key string) (util.NextIterator[[]File], error)
 }
+
+func ToIOReader(ctx context.Context, in Reader) io.ReadCloser {
+	return ioReader{
+		ctx:    ctx,
+		reader: in,
+	}
+}
+
+type ioReader struct {
+	ctx context.Context
+
+	reader Reader
+}
+
+func (i ioReader) Read(p []byte) (n int, err error) {
+	return i.reader.Read(p)
+}
+
+func (i ioReader) Close() error {
+	_, _, err := i.reader.Close(i.ctx)
+	return err
+}

integrations/storage/v2/shared/s3/io_test.go

@@ -48,6 +48,8 @@ func getClient(t *testing.T) pbImplStorageV2Shared.IO {
 }
 
 func Test(t *testing.T) {
+	t.Skipf("DATA")
+
 	w := getClient(t)
 
 	data := make([]byte, 1024*1024*64)

pkg/debug_package/cli/cli.go

@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2016-2024 ArangoDB GmbH, Cologne, Germany
+// Copyright 2016-2025 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ func Register(cmd *cobra.Command) {
 	f.StringVarP(&input.Namespace, "namespace", "n", constants.NamespaceWithDefault("default"), "Kubernetes namespace")
 	f.BoolVar(&input.HideSensitiveData, "hide-sensitive-data", true, "Hide sensitive data")
 	f.BoolVar(&input.PodLogs, "pod-logs", true, "Collect pod logs")
+	f.BoolVar(&input.DebugPackageFiles, "debug-package-files", false, "Collect Debug files from Storage")
 }
 
 var input Input
@@ -43,4 +44,5 @@ type Input struct {
 	Namespace         string
 	HideSensitiveData bool
 	PodLogs           bool
+	DebugPackageFiles bool
 }

pkg/debug_package/generators/arango/arango_platform.go

@@ -31,7 +31,7 @@ import (
 
 func Platform(f shared.FactoryGen) {
 	f.AddSection("platform").
-		Register("storage", true, shared.WithKubernetesItems[*platformApi.ArangoPlatformStorage](arangoPlatformV1Alpha1ArangoPlatformStorageList, shared.WithDefinitions[*platformApi.ArangoPlatformStorage])).
+		Register("storage", true, shared.WithKubernetesItems[*platformApi.ArangoPlatformStorage](arangoPlatformV1Alpha1ArangoPlatformStorageList, shared.WithDefinitions[*platformApi.ArangoPlatformStorage], arangoPlatformV1Alpha1ArangoPlatformStorageDebug)).
 		Register("chart", true, shared.WithKubernetesItems[*platformApi.ArangoPlatformChart](arangoPlatformV1Alpha1ArangoPlatformChartList, shared.WithDefinitions[*platformApi.ArangoPlatformChart], arangoPlatformV1Alpha1ArangoPlatformChartExtract)).
 		Register("service", true, shared.WithKubernetesItems[*platformApi.ArangoPlatformService](arangoPlatformV1Alpha1ArangoPlatformServiceList, shared.WithDefinitions[*platformApi.ArangoPlatformService]))
 }

pkg/debug_package/generators/arango/arango_platform_storage.go

@@ -0,0 +1,79 @@
+//
+// DISCLAIMER
+//
+// Copyright 2025 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package arango
+
+import (
+	"context"
+	"io"
+
+	"github.com/rs/zerolog"
+
+	pbImplStorageV2 "github.com/arangodb/kube-arangodb/integrations/storage/v2"
+	platformApi "github.com/arangodb/kube-arangodb/pkg/apis/platform/v1alpha1"
+	"github.com/arangodb/kube-arangodb/pkg/debug_package/cli"
+	"github.com/arangodb/kube-arangodb/pkg/debug_package/shared"
+	"github.com/arangodb/kube-arangodb/pkg/util/kclient"
+)
+
+func arangoPlatformV1Alpha1ArangoPlatformStorageDebug(ctx context.Context, logger zerolog.Logger, client kclient.Client, files chan<- shared.File, item *platformApi.ArangoPlatformStorage) error {
+	if !cli.GetInput().DebugPackageFiles {
+		return nil
+	}
+
+	c, err := pbImplStorageV2.NewIOFromObject(ctx, client, item)
+	if err != nil {
+		return err
+	}
+
+	allFiles, err := c.List(ctx, "debug/")
+	if err != nil {
+		return err
+	}
+
+	for {
+		t, err := allFiles.Next(ctx)
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			return err
+		}
+
+		for _, f := range t {
+			f := f
+			files <- shared.NewFile(f.Key, func() ([]byte, error) {
+				reader, err := c.Read(ctx, f.Key)
+				if err != nil {
+					return nil, err
+				}
+
+				data, err := io.ReadAll(reader)
+				if err != nil {
+					return nil, err
+				}
+
+				return data, nil
+			})
+		}
+	}
+
+	return nil
+}

pkg/util/aws/tls.go

@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2024 ArangoDB GmbH, Cologne, Germany
+// Copyright 2024-2025 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ import (
 type TLS struct {
 	Insecure bool
 	CAFiles  []string
+	CABytes  [][]byte
 }
 
 func (s TLS) configuration() (*tls.Config, error) {
@@ -40,15 +41,23 @@ func (s TLS) configuration() (*tls.Config, error) {
 		r.InsecureSkipVerify = true
 	}
 
-	if len(s.CAFiles) > 0 {
+	if len(s.CAFiles) > 0 || len(s.CABytes) > 0 {
 		caCertPool := x509.NewCertPool()
 
 		for _, file := range s.CAFiles {
 			caCert, err := os.ReadFile(file)
 			if err != nil {
 				return nil, errors.Wrapf(err, "Unable to load CA from %s", file)
 			}
-			caCertPool.AppendCertsFromPEM(caCert)
+			if !caCertPool.AppendCertsFromPEM(caCert) {
+				return nil, errors.Errorf("Unable to add CA from %s", file)
+			}
+		}
+
+		for _, data := range s.CABytes {
+			if !caCertPool.AppendCertsFromPEM(data) {
+				return nil, errors.Errorf("Unable to add CA bytes")
+			}
 		}
 
 		r.RootCAs = caCertPool