UNCLASSIFIED - NO CUI

Skip to content

cacert deployment scope fix

Cody Williams requested to merge caCert-error into main

General MR

Summary

.Values.configuration.backupStorageLocation[*].caCert was not able to be set to a value. This would cause the following error:

% kubectl get hr velero -n bigbang
NAME     AGE   READY   STATUS
velero   37m   False   Helm upgrade failed for release velero/velero-velero with chart velero@5.2.2-bb.0: template: velero/templates/deployment.yaml:293:27: executing "velero/templates/deployment.yaml" at <include "velero.secretName" .>: error calling include: template: velero/templates/_helpers.tpl:49:14: executing "velero.secretName" at <.Values.credentials.existingSecret>: nil pointer evaluating interface {}.credentials

This prevented interaction with any S3 source that requires caCert to validate connection.

The issue is caused when the deployment attempts to add a cacert volume, which calls out to {{ include "velero.secretName" . }}, which attempts to use the .Values.credentials key-map. This would normally not be an issue, but around Velero chart 4.0.3-bb.0 we changed backupStorageLocation to a map and and everything got a bit out of wack.

There are a decent few places that this is occurring

Relevant logs/screenshots

Sample overrides

addons:
      velero:
        enabled: true
        git:
          branch: caCert-error
        plugins:
          - aws
        values:
          networkPolicies:
            enabled: false
          pluginImages:
            aws:
              pullPolicy: IfNotPresent
              repository: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws
          credentials:
            useSecret: true
            name: velero-aws-creds
            secretContents:
              cloud: |
                [default]
                aws_access_key_id={ACCESS_KEY_ID}
                aws_secret_access_key={SECRET_KEY}
          configuration:
            #provider: aws
            backupStorageLocation:
            - name: default
              provider: aws
              bucket: velero-backups
              caCert: "d2hhdHN1cGZyYW5kCg=="
              prefix: test
              config:
                region: "us-gov-west-1"
                insecureSkipTLSVerify: "true"
                s3ForcePathStyle: "true"
                s3Url: "http://minio.minio.svc"
            volumeSnapshotLocation:
            - name: default
              config:
                region: "us-gov-west-1"
              provider: aws
          schedules:
           test-daily-argocd:
              schedule: "0 1 * * *"
              template:
                ttl: "168h"
                includedResources:
                - pv
                - pvc
                includedNamespaces:
                - argocd

Linked Issue

#69 (closed)

Upgrade Notices

N/A

Edited by Cody Williams

Merge request reports

Loading