Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-1945 caCert support for imagestream backup
  3. OADP-2519

[IBM QE-P] Verify Bug OADP-1945 - caCert support for imagestream backup

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • OADP 1.2.2
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ToDo
    • 0
    • 0
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown

      Description of problem:

       

      Following DPA spec with caCert should use provided caCert to communicate with s3 for imagestream backup.

      spec:
  backupLocations:
  - velero:
      objectStorage:
        caCert: <base64-of-caCert>

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:
      1.
      2.
      3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Tiger's Notes:

      Two solutions

      • PR to openshift/docker-distribution and distribution/distribution such that s3 driver code accepts CustomCABundle option.
        • Cleaner result, can accept updated BSL's customca without restarting velero pod
      • Set ENV in velero pod AWS_CA_BUNDLE by OADP Operator
        • Less changes, faster to implement, may require pod restart for new ENV to take effect, and will require that CACert be specified in DPA, and won't work for BSL outside DPA.

      References

            sgarudi Sonia Garudi
            akarol@redhat.com Aziza Karol
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: