You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the problem/challenge you have
Some plugins would like to be able to directly write additional data to the object storage bucket used by Velero. However, there's not necessarily a natural place to put this data today.
Describe the solution you'd like
Allow a plugins/ top-level directory within the Velero backup storage location. Plugins can then write data to subdirectories within this directory.
Environment:
Velero version (use velero version): v1.3.x
Kubernetes version (use kubectl version): n/a
Kubernetes installer & version: n/a
Cloud provider or hardware configuration: n/a
OS (e.g. from /etc/os-release): n/a
The text was updated successfully, but these errors were encountered:
Would plugins be allowed to access other top level directories such as backups and restores?
Plugins can already make use of the credentials mounted into the Velero pod, so they're already able to write/delete arbitrary data from the Velero bucket. This proposal wouldn't really change that. We could look at doing further segregation down the road but I think that's probably independent of this change.
Is this restricted to ObjectStorage plugins? Could a RestoreItemAction use it for something?
Any plugin could write data here; to be clear, any plugin can already write data to this location, it's just that currently it will cause Velero to crashloop on the next restart, since the contents of the Velero BSL would no longer be "valid".
Could we allow the client to download contents of this? Does that open the door to velero client plugins?
In theory yes, if that's something that's useful for users. The current use case doesn't require this.
True - given that the plugins could just access the BSLs and the credentials if they wanted to do something nefarious anyway, I think for now scoping this to giving them a logical place to put their data makes sense.
Describe the problem/challenge you have
Some plugins would like to be able to directly write additional data to the object storage bucket used by Velero. However, there's not necessarily a natural place to put this data today.
Describe the solution you'd like
Allow a
plugins/
top-level directory within the Velero backup storage location. Plugins can then write data to subdirectories within this directory.Environment:
velero version
): v1.3.xkubectl version
): n/a/etc/os-release
): n/aThe text was updated successfully, but these errors were encountered: