-
Bug
-
Resolution: Unresolved
-
Critical
-
OADP 1.2.0, OADP 1.3.0
-
False
-
-
False
-
ToDo
-
-
-
0
-
0
-
Very Likely
-
0
-
None
-
Unset
-
Unknown
-
No
Background - https://redhat-internal.slack.com/archives/C0144ECKUJ0/p1714577996520399
AWS - DPA ( THIS WORKS ) apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: dpa-sample namespace: openshift-adp spec: backupLocations: - velero: config: customerKeyEncryptionFile: /credentials/customer-key profile: default region: us-west-2 credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: cvpbucketuswest2 prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: kopia velero: defaultPlugins: - openshift - aws - csi featureFlags: - EnableCSI snapshotLocations: - velero: config: profile: default region: us-west-2 provider: aws
Credentials are mounted on the velero pod in /credentials !! WIN !!
A Minio setup behaves slightly different, the aws creds are copied to /tmp/
apiVersion: oadp.openshift.io/v1alpha1 kind: DataProtectionApplication metadata: name: dpa-sample namespace: openshift-adp spec: backupLocations: - velero: config: customerKeyEncryptionFile: /credentials/customer-key insecureSkipTLSVerify: "true" profile: default region: minio s3ForcePathStyle: "true" s3Url: http://10.131.0.140:9000 credential: key: cloud name: cloud-credentials default: true objectStorage: bucket: velero prefix: velero provider: aws configuration: nodeAgent: enable: true uploaderType: kopia velero: defaultPlugins: - openshift - aws - csi featureFlags: - EnableCSI
The additional cred `customerKeyEncryptionFile` is never copied nor mounted to the velero pod.
At this moment having both cloud-credentials/[cloud, customerKeyEncryptionFile] only works when using AWS S3 buckets, and does NOT work w/ s3 aws compatible storage.
- Nooba may work, I need to retest.
WORKAROUND: include a snapshotLocation config:
snapshotLocations:
- velero:
config:
profile: default
region: minio
provider: aws
