Allow specifying sidecars and env vars for the repo host

internal/controller/postgrescluster/pgbackrest.go

@@ -732,6 +732,25 @@ func (r *Reconciler) generateRepoHostIntent(ctx context.Context, postgresCluster
 	}
 	sizeLimit := getTMPSizeLimit(repo.Labels[naming.LabelVersion], resources)
 
+	// Apply custom environment variables to the pgBackRest repo host container if specified
+	if repoHost := postgresCluster.Spec.Backups.PGBackRest.RepoHost; repoHost != nil && len(repoHost.Env) > 0 {
+		for i, container := range repo.Spec.Template.Spec.Containers {
+			if container.Name == naming.PGBackRestRepoContainerName {
+				repo.Spec.Template.Spec.Containers[i].Env = append(
+					repo.Spec.Template.Spec.Containers[i].Env,
+					repoHost.Env...)
+				break
+			}
+		}
+	}
+
+	// Add any custom sidecar containers to the repo host pod if specified
+	if repoHost := postgresCluster.Spec.Backups.PGBackRest.RepoHost; repoHost != nil && len(repoHost.Containers) > 0 {
+		repo.Spec.Template.Spec.Containers = append(
+			repo.Spec.Template.Spec.Containers,
+			repoHost.Containers...)
+	}
+
 	addTMPEmptyDir(&repo.Spec.Template, sizeLimit)
 
 	// set ownership references

internal/controller/postgrescluster/pgbackrest_test.go

@@ -2739,6 +2739,84 @@ func TestGenerateRepoHostIntent(t *testing.T) {
 		assert.NilError(t, err)
 		assert.Equal(t, *sts.Spec.Replicas, int32(0))
 	})
+
+	t.Run("With custom environment variables", func(t *testing.T) {
+		cluster := &v1beta1.PostgresCluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "testcluster",
+				Labels: map[string]string{
+					naming.LabelVersion: "2.4.0",
+				},
+			},
+			Spec: v1beta1.PostgresClusterSpec{
+				Backups: v1beta1.Backups{
+					PGBackRest: v1beta1.PGBackRestArchive{
+						RepoHost: &v1beta1.PGBackRestRepoHost{
+							Env: []corev1.EnvVar{
+								{
+									Name:  "TEST_ENV_VAR",
+									Value: "test-value",
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+		sts, err := r.generateRepoHostIntent(ctx, cluster, "", &RepoResources{}, &observedInstances{})
+		assert.NilError(t, err)
+
+		// Find pgbackrest container and check for env var
+		var found bool
+		for _, container := range sts.Spec.Template.Spec.Containers {
+			if container.Name == naming.PGBackRestRepoContainerName {
+				for _, env := range container.Env {
+					if env.Name == "TEST_ENV_VAR" && env.Value == "test-value" {
+						found = true
+						break
+					}
+				}
+			}
+		}
+		assert.Assert(t, found, "expected environment variable TEST_ENV_VAR not found")
+	})
+
+	t.Run("With custom sidecar containers", func(t *testing.T) {
+		cluster := &v1beta1.PostgresCluster{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "testcluster",
+				Labels: map[string]string{
+					naming.LabelVersion: "2.4.0",
+				},
+			},
+			Spec: v1beta1.PostgresClusterSpec{
+				Backups: v1beta1.Backups{
+					PGBackRest: v1beta1.PGBackRestArchive{
+						RepoHost: &v1beta1.PGBackRestRepoHost{
+							Containers: []corev1.Container{
+								{
+									Name:  "sidecar-test",
+									Image: "test-image:latest",
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+		sts, err := r.generateRepoHostIntent(ctx, cluster, "", &RepoResources{}, &observedInstances{})
+		assert.NilError(t, err)
+
+		// Check sidecar container is added
+		var found bool
+		for _, container := range sts.Spec.Template.Spec.Containers {
+			if container.Name == "sidecar-test" {
+				found = true
+				break
+			}
+		}
+		assert.Assert(t, found, "expected sidecar container 'sidecar-test' not found")
+	})
 }
 
 func TestGenerateRestoreJobIntent(t *testing.T) {

pkg/apis/postgres-operator.crunchydata.com/v1beta1/pgbackrest_types.go

@@ -231,6 +231,15 @@ type PGBackRestRepoHost struct {
 	// +optional
 	TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
 
+	// Custom sidecar containers for the pgBackRest repo host pod. Changing this
+	// value causes the repo host to restart.
+	// +optional
+	Containers []corev1.Container `json:"containers,omitempty"`
+
+	// Environment variables to be set in the pgBackRest repo host container.
+	// +optional
+	Env []corev1.EnvVar `json:"env,omitempty"`
+
 	// ConfigMap containing custom SSH configuration.
 	// Deprecated: Repository hosts use mTLS for encryption, authentication, and authorization.
 	// +optional