在 CNPG 部署中配置 BarmanBackupConfig 时出现 SSL 证书验证失败错误

问题

我正在尝试为我的云原生 PostgreSQL (CNPG) 部署配置

BarmanObjectStoreConfiguration

“SSL 验证失败 [SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败：无法获取颁发者证书 (_ssl.c:1123)”

版本

• PostgreSQL：

  imageName: ghcr.io/cloudnative-pg/postgresql:16.0

• CNPG 操作员头盔图表：

  0.19.1

• CNPG 操作员：

  1.21.1

我做了什么？

我已在 CNPG 集群 YAML 文件中设置了 barmanObjectStore 配置，如下所示：

apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: cnpg-db
spec:
    backup:
    barmanObjectStore:
      destinationPath: "s3://<BUCKET_NAME>"
      endpointURL: https://<ENDPOINT>
      endpointCA: # Seems doing nothing ?
        name: cnpg-s3-cred-password
        key: CA_CERT
      s3Credentials:
        accessKeyId:
          name: cnpg-s3-cred-password
          key: ACCESS_KEY_ID
        secretAccessKey:
          name: cnpg-s3-cred-password
          key: ACCESS_SECRET_KEY
      wal:
        compression: gzip
        encryption: AES256
      data:
        compression: gzip
        encryption: AES256
    retentionPolicy: 30d
  env: # Trying to manually set CA_BUNDLE because params doesn't work
    - name: REQUESTS_CA_BUNDLE # Supposed to be used with Azure Blob Storage
      valueFrom:
        secretKeyRef:
          name: cnpg-s3-cred-password
          key: CA_CERT
    - name: AWS_CA_BUNDLE # Supposed to be used with AWS S3 (or compatible services)
      valueFrom:
        secretKeyRef:
          name: cnpg-s3-cred-password
          key: CA_CERT

已验证 cnpg-s3-cred-password 机密包含正确的 CA 证书、访问密钥 ID 和秘密访问密钥。我不确定我错过了什么或做错了什么。

有人可以帮助我解决此 SSL 验证错误并为我的 CNPG 部署成功配置 barmanBackupConfig 吗？任何帮助将不胜感激。谢谢！