-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Parameter *insecureTLS* for kanister functions using restic #2589
New Parameter *insecureTLS* for kanister functions using restic #2589
Conversation
…nsecure-tls flag Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@r4rajat can you also update related docs?
We were planning to deprecate these functions in favor of kopia-based functions. Not sure how much value this will add going forward. |
…nctions-using-restic
@hairyhum Will add the documentation in a follow up PR |
…ecureTLS-in-kanister-functions-using-restic # Conflicts: # docker/cassandra/Dockerfile # docker/postgres-kanister-tools/Dockerfile
Documentation for same #2610 |
@pavannd1 we've got requests from customers to support this. The kopia-based functions cannot be used unless we have server setup in place. Since this was straightforward to fix, and not much efforts were needed, I think we should add this feature. |
…nctions-using-restic
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems straightforward. Let's wait for @pavannd1's feedback
…nctions-using-restic
Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com>
@hairyhum could you please review and approve? The merge kueue is blocking because you have "requested changes". |
…nctions-using-restic
…sterio#2589) * Update Dockerfiles to use latest version of the restic to support --insecure-tls flag Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update restic wrappers to support insecureTLS Flag Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update function BackupData for insecureTLS support Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update function BackupDataAll for insecureTLS support Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update function CheckRepository for insecureTLS support Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update function CopyVolumeData for insecureTLS support Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update function DeleteData for insecureTLS support Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update function DeleteDataAll for insecureTLS support Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update function RestoreData for insecureTLS support Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update function RestoreDataAll for insecureTLS support Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update tests for Restore Data Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> * Update Documentation for Kanister Functions (kanisterio#2610) Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> --------- Signed-off-by: Rajat Gupta <rajat.gupta@veeam.com> Co-authored-by: Pavan Navarathna <6504783+pavannd1@users.noreply.github.com>
Change Overview
This PR will enable the support for the insecureTLS flags for Kanister Functions which are using
restic
as the Datamover.Since we support the
s3Compliant
profiles and sometimes those locations are not secured by a TLS so when we create an actionset using named profile, we get the following error:Fatal: unable to open config file: Stat: Get \"https://test-bucket/s3-cxk41004-kanister-backup/?location=\": x509: certificate signed by unknown authority"
Changes have also been made for some of the Dockerfiles so that CI builds the images with latest version of restic since the current in use version doesn't support
--insecure-tls
flag.Pull request type
Please check the type of change your PR introduces:
Issues
Test Plan
Manual Testing Steps
1) Build the kanister-controller and cassandra images using goreleaser and push the images
2) Deployed cassandra and kanister applications on the cluster using helm
3) Created Blueprint and Profile
4) Create backup, restore and delete Actionsets