WAL-G S3 Endpoint Ignored when using `s3://<endpoint>/<bucket>/<prefix>` in `WALG_S3_PREFIX`

[mykytazadaiannyi]

📝 Description

The WAL-G component within the Spilo container is ignoring the explicitly configured S3 endpoint (WALG_S3_ENDPOINT) and the full URL provided in WALG_S3_PREFIX when attempting a backup push to an S3-compatible provider (Scaleway S3).

Instead of using the configured endpoint for HTTP requests, WAL-G attempts to resolve an AWS-specific domain name, leading to a DNS failure and the inability to upload backups.

The full URL configuration was applied to WALG_S3_PREFIX as a workaround to force the endpoint resolution, but it was unsuccessful.

⚙️ Environment Details

• Spilo Image: ghcr.io/zalando/spilo-17:4.0-p3
• Postgres Version: 17
• S3 Provider: Scaleway S3 (s3.pl-waw.scw.cloud)
• WAL-G Command failing: wal-g backup-push /home/postgres/pgdata/pgroot/data

📄 PostgreSQL CRD (postgres-s3.yaml)

kind: postgresql
apiVersion: acid.zalan.do/v1
metadata:
  name: xme
  namespace: postgres
spec:
# ... (Configuration truncated for brevity)
  env:
    - name: USE_WALG_BACKUP
      value: "true"
    - name: WALG_STORAGE
      value: "s3"
    - name: WALG_S3_FORCE_PATH_STYLE
      value: "true"
    - name: WALG_S3_PREFIX
      value: "s3://s3.pl-waw.scw.cloud/postgrestest/spilo" # Full URL attempt
    - name: WALG_S3_ENDPOINT
      value: "https://s3.pl-waw.scw.cloud"
    - name: LOGICAL_BACKUP_S3_ENDPOINT
      value: "https://s3.pl-waw.scw.cloud"
# ... (Logical backup envs configured correctly)
    - name: AWS_S3_FORCE_PATH_STYLE
      value: "true"
    - name: AWS_ACCESS_KEY_ID
      valueFrom:
        secretKeyRef:
          name: aws-token
          key: AWS_ACCESS_KEY_ID # ***
    - name: AWS_SECRET_ACCESS_KEY
      valueFrom:
        secretKeyRef:
          name: aws-token
          key: AWS_SECRET_ACCESS_KEY # ***
    - name: AWS_DEFAULT_REGION
      valueFrom:
        secretKeyRef:
          name: aws-token
          key: AWS_DEFAULT_REGION # ***
    - name: AWS_REGION
      value: "pl-waw"
# ... (Rest of CRD truncated)

📄 Operator ConfigMap (postgres-operator ConfigMap)

# ... (ConfigMap truncated for brevity)
data:
  aws_region: eu-central-1
  docker_image: ghcr.io/zalando/spilo-17:4.0-p3
  logical_backup_provider: "s3"
  logical_backup_s3_access_key_id: "********************"
  logical_backup_s3_bucket: "postgrestest"
  logical_backup_s3_bucket_prefix: "spilo"
  logical_backup_s3_region: "pl-waw"
  logical_backup_s3_endpoint: "https://s3.pl-waw.scw.cloud"
  logical_backup_s3_force_path_style: "true"
  logical_backup_s3_secret_access_key: "************************************"
# ... (Rest of ConfigMap truncated)

❌ Error Log

ERROR: 2025/11/18 13:46:45.868649 failed to upload 'spilo/basebackups_005/base_000000010000000000000002/tar_partitions/part_001.tar.lz4' to bucket 'postgrestest': RequestError: send request failed
caused by: Put "https://s3.pl-waw.amazonaws.com/postgrestest/spilo/basebackups_005/base_000000010000000000000002/tar_partitions/part_001.tar.lz4": dial tcp: lookup s3.pl-waw.amazonaws.com on 10.96.0.10:53: no such host
ERROR: 2025/11/18 13:46:45.868896 upload: could not upload 'base_000000010000000000000002/tar_partitions/part_001.tar.lz4'

🎯 Expected Behavior

WAL-G should respect the WALG_S3_ENDPOINT (https://s3.pl-waw.scw.cloud) and WALG_S3_FORCE_PATH_STYLE (true) to form a request URL using the Path Style on the custom endpoint:

https://s3.pl-waw.scw.cloud/postgrestest/spilo/.../part_001.tar.lz4

❓ Question

Is there a known configuration parameter that needs to be set to completely disable the AWS SDK's automatic endpoint construction based on region and bucket name when a custom endpoint is provided?