-
Bug
-
Resolution: Unresolved
-
Major
-
OADP 1.0.0, OADP 1.1.0, OADP 1.0.1, OADP 1.0.2, OADP 1.0.3
-
4
-
False
-
-
False
-
ToDo
-
0
-
0.000
-
Very Likely
-
0
-
None
-
Unset
-
Unknown
-
No
Description of problem:
https://github.com/openshift/oadp-operator/issues/742
Version-Release number of selected component (if applicable):
How reproducible:
everytime
Steps to Reproduce:
1. Use a storage provider with a self-signed certificate such as minio
2. Backup images.
Actual results:
x509: certificate signed by unknown authority
Expected results:
Successful
Additional info:
We should support self-signed certificate in a similar manner to velero
https://velero.io/docs/v1.9/self-signed-certificates/#docs
dev notes:
Installed minio (Rhmp - Red Hat Marketplace) operators in openshift-operators namespace
Deploy MinIO Operator on RedHat OpenShift — MinIO Hybrid Cloud Documentation
then Deploy a MinIO Tenant on RedHat OpenShift — MinIO Hybrid Cloud Documentation
oc krew install minio # install minio plugin, pre-req: kubectl has krew installed
oc create ns tk-tenant
# secret from minio example
echo 'apiVersion: v1
kind: Secret
metadata:
name: minio-creds-secret
type: Opaque
data:
accesskey: bWluaW8=
secretkey: bWluaW8xMjM=
' | oc create -n tk-tenant -f -
oc minio tenant create tk-tenant --servers 1 --volumes 1 --namespace tk-tenant --capacity 100Gi
# minio displays username/password
# edit tenant secret name
oc edit tenant tk-tenant
# spec:
# credsSecret:
# name: minio-creds-secret
# minio eventually generated TLS certs stored in secret named tk-tenant-tls in ns tk-tenant.
# we would want to mount this in velero pod configured via dpa
# create BSL
# backup internal image
we can make use of Configuring a custom PKI - Networking - OpenShift Container Platform 4.10 Certificate injection using Operators
