rpm/velero
SHA256
1
0
Fork 0
forked from pool/velero
Code Pull Requests Activity
velero/0001-Add-cacert-flag-for-velero-backup-location-create.patch

70 lines
2.4 KiB
Diff
Raw Normal View History

Accepting request 841106 from home:jenting:branches:devel:kubic - Add patch: add a flag cacert for velero backup-location create - Update to version v1.4.2 - v1.4.2 * log a warning instead of erroring if an additional item returned from a plugin can't be found in the Kubernetes API (#2595, @skriss) * Adjust restic default time out to 4 hours and base pod resource requests to 500m CPU/512Mi memory. (#2696, @nrb) * capture version of the CRD prior before invoking the remap_crd_version backup item action (#2683, @ashish-amarnath) - v1.4.0 * increment restic volumesnapshot count after successful pvb create (#2542, @ashish-amarnath) * Add details of CSI volumesnapshotcontents associated with a backup to velero backup describe when the EnableCSI feature flag is given on the velero client. (#2448, @nrb) * Allow users the option to retrieve all versions of a given resource (instead of just the preferred version) from the API server with the EnableAPIGroupVersions feature flag. (#2373, @brito-rafa) * Changed backup tarball format to store all versions of a given resource, updated backup tarball format to 1.1.0. (#2373, @brito-rafa) * allow feature flags to be passed from install CLI (#2503, @ashish-amarnath) * sync backups' CSI API objects into the cluster as part of the backup sync controller (#2496, @ashish-amarnath) * bug fix: in error location logging hook, if the item logged under the error key doesn't implement the error interface, don't return an error since this is a valid scenario (#2487, @skriss) * bug fix: in CRD restore plugin, don't use runtime.DefaultUnstructuredConverter.FromUnstructured(...) to avoid conversion issues when float64 fields contain int values (#2484, @skriss) * during backup deletion also delete CSI volumesnapshotcontents that were created as a part of the backup but the associated volumesnapshot object does not exist (#2480, @ashish-amarnath) * If plugins don't support the --features flag, don't pass it to them. Also, update the standard plugin server to ignore unknown flags. (#2479, @skriss) * At backup time, if a CustomResourceDefinition appears to have been created via the v1beta1 endpoint, retrieve it from the v1beta1 endpoint instead of simply changing the APIVersion. (#2478, @nrb) * update container base images from ubuntu:bionic to ubuntu:focal (#2471, @skriss) * bug fix: when a resource includes/excludes list contains unresolvable items, don't remove them from the list, so that the list doesn't inadvertently end up matching all resources. (#2462, @skriss) * Azure: add support for getting storage account key for restic directly from an environment variable (#2455, @jaygridley) * Support to skip VSL validation for the backup having SnapshotVolumes set to false or created with --snapshot-volumes=false (#2450, @mynktl) * report backup progress (number of items backed up so far out of an estimated total number of items) during backup in the logs and as status fields on the Backup custom resource (#2440, @skriss) * bug fix: populate namespace in logs for backup errors (#2438, @skriss) * during backup deletion also delete CSI volumesnapshots that were created as a part of the backup (#2411, @ashish-amarnath) * bump Kubernetes module dependencies to v0.17.4 to get fix for kubernetes/kubernetes#86149 (#2407, @skriss) * bug fix: save PodVolumeBackup manifests to object storage even if the volume was empty, so that on restore, the PV is dynamically reprovisioned if applicable (#2390, @skriss) * Adding new restoreItemAction for PVC to update the selected-node annotation (#2377, @mynktl) * Added a --cacert flag to the install command to provide the CA bundle to use when verifying TLS connections to object storage (#2368, @mansam) * Added a --cacert flag to the velero client describe, download, and logs commands to allow passing a path to a certificate to use when verifying TLS connections to object storage. Also added a corresponding client config option called cacert which takes a path to a certificate bundle to use as a default when --cacert is not specified. (#2364, @mansam) * support setting a custom CA certificate on a BSL to use when verifying TLS connections (#2353, @mansam) * adding annotations on backup CRD for k8s major, minor and git versions (#2346, @brito-rafa) * When the EnableCSI feature flag is provided, upload CSI VolumeSnapshots and VolumeSnapshotContents to object storage as gzipped JSON. (#2323, @nrb) * add CSI snapshot API types into default restore priorities (#2318, @ashish-amarnath) * refactoring: wait for all informer caches to sync before running controllers (#2299, @skriss) * refactor restore code to lazily resolve resources via discovery and eliminate second restore loop for instances of restored CRDs (#2248, @skriss) * upgrade to go 1.14 and migrate from dep to go modules (#2214, @skriss) * clarify the wording for restore describe for namespaces included - v1.3.2 * Allow plugins/ as a valid top-level directory within backup storage locations. This directory is a place for plugin authors to store arbitrary data as needed. It is recommended to create an additional subdirectory under plugins/ specifically for your plugin, e.g. plugins/my-plugin-data/. (#2350, @skriss) * bug fix: don't panic in velero restic repo get when last maintenance time is nil (#2315, @skriss) - Pass git tree status = clean to fix `velero version` output Git commit with trailing dash - Bump version 1.3.1 - Bump version 1.3.0 - Simplify rpm spec - fix velero-restic-restore-helper package name - Initial package v1.2.0 OBS-URL: https://build.opensuse.org/request/show/841106 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/velero?expand=0&rev=5
2020-10-12 07:07:20 +00:00
From 9f97fb0e1c53047cddf22b8ba05a2966062fe650 Mon Sep 17 00:00:00 2001
From: JenTing Hsiao <jenting.hsiao@suse.com>
Date: Fri, 31 Jul 2020 02:33:45 +0800
Subject: [PATCH] Add cacert flag for velero backup-location create (#2778)
Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
---
pkg/cmd/cli/backuplocation/create.go | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/pkg/cmd/cli/backuplocation/create.go b/pkg/cmd/cli/backuplocation/create.go
index a4dfd5ad..b76d0149 100644
--- a/pkg/cmd/cli/backuplocation/create.go
+++ b/pkg/cmd/cli/backuplocation/create.go
@@ -18,6 +18,8 @@ package backuplocation
import (
"fmt"
+ "io/ioutil"
+ "path/filepath"
"strings"
"time"
@@ -62,6 +64,7 @@ type CreateOptions struct {
BackupSyncPeriod time.Duration
Config flag.Map
Labels flag.Map
+ CACertFile string
AccessMode *flag.Enum
}
@@ -83,6 +86,7 @@ func (o *CreateOptions) BindFlags(flags *pflag.FlagSet) {
flags.DurationVar(&o.BackupSyncPeriod, "backup-sync-period", o.BackupSyncPeriod, "how often to ensure all Velero backups in object storage exist as Backup API objects in the cluster. Optional. Set this to `0s` to disable sync")
flags.Var(&o.Config, "config", "configuration key-value pairs")
flags.Var(&o.Labels, "labels", "labels to apply to the backup storage location")
+ flags.StringVar(&o.CACertFile, "cacert", o.CACertFile, "file containing a certificate bundle to use when verifying TLS connections to the object store. Optional.")
flags.Var(
o.AccessMode,
"access-mode",
@@ -118,6 +122,18 @@ func (o *CreateOptions) Complete(args []string, f client.Factory) error {
func (o *CreateOptions) Run(c *cobra.Command, f client.Factory) error {
var backupSyncPeriod *metav1.Duration
+ var caCertData []byte
+ if o.CACertFile != "" {
+ realPath, err := filepath.Abs(o.CACertFile)
+ if err != nil {
+ return err
+ }
+ caCertData, err = ioutil.ReadFile(realPath)
+ if err != nil {
+ return err
+ }
+ }
+
if c.Flags().Changed("backup-sync-period") {
backupSyncPeriod = &metav1.Duration{Duration: o.BackupSyncPeriod}
}
@@ -134,6 +150,7 @@ func (o *CreateOptions) Run(c *cobra.Command, f client.Factory) error {
ObjectStorage: &velerov1api.ObjectStorageLocation{
Bucket: o.Bucket,
Prefix: o.Prefix,
+ CACert: caCertData,
},
},
Config: o.Config.Data(),
--
2.26.2
Copy Permalink