UNCLASSIFIED - NO CUI

Skip to content

Velero caCert errors

Bug

Description

Having issues when attempting to add caCerts to Velero. If I set the override for caCert to 'null', there are no issues. If I attepmt to add a caCert into that field I get the following error.

Warning  error   3m38s (x4 over 3m47s)  helm-controller  Helm upgrade failed: template: velero/templates/deployment.yaml:287:27: executing "velero/templates/deployment.yaml" at <include "velero.secretName" .>: error calling include: template: velero/templates/_helpers.tpl:49:14: executing "velero.secretName" at <.Values.credentials.existingSecret>: nil pointer evaluating interface {}.credentials

If the caCert field is left empty, you get another error

Helm install failed: template: velero/templates/deployment.yaml:184:36: executing "velero/templates/deployment.yaml" at <$value.caCert>: can't evaluate field caCert in type interface {}

Velero seems to be working fine with the 'null' field added in, but does NOT work on high side deployments because it is unable to communicate with AWS.

Here are my current "working" overrides.

  values.yaml: |
    addons:
      velero:
        enabled: true
        git:
          repo: ssh://{REPO}/home/git/big-bang/velero
        plugins:
          - aws
        values:
          networkPolicies:
            enabled: false
          image:
            repository: registry1.dso.mil/ironbank/opensource/velero/velero
            pullPolicy: IfNotPresent
            imagePullSecrets:
          pluginImages:
            aws:
              pullPolicy: IfNotPresent
              repository: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws
          credentials:
            useSecret: true
            name: velero-aws-creds
            secretContents:
              cloud: |
                [default]
                aws_access_key_id=<ACCESS KEY>
                aws_secret_access_key=<SECRET>
          configuration:
            logLevel: debug
            backupStorageLocation:
            - name: default
              provider: aws
              bucket: odin-velero-backups
              caCert: null
              prefix: dsop-test
              config: {}
            volumeSnapshotLocation:
            - name: default
              config:
                region: "us-gov-west-1"
              provider: aws
          schedules:
            dsop-test-daily-anchore:
              schedule: "0 1 * * *"
              template:
                ttl: "168h"
                includedResources:
                - pv
                - pvc
                includedNamespaces:
                - anchore

When the field caCert is configured like below, it doesn't work.

            backupStorageLocation:
            - name: default
              provider: aws
              bucket: odin-velero-backups
              caCert: |
                <BASE64 ENCODED CERT>
              prefix: dsop-test
              config: {}

BigBang Version

Big Bang 2.14.0

Edited by sean.deprefontaine

UNCLASSIFIED - NO CUI