Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to Velero 1.9.0 breaks restic with custom CA #5140

Closed
timbuchwaldt opened this issue Jul 21, 2022 · 0 comments · Fixed by #5145
Closed

Update to Velero 1.9.0 breaks restic with custom CA #5140

timbuchwaldt opened this issue Jul 21, 2022 · 0 comments · Fixed by #5145
Assignees
@blackpiglet
Labels
Bug target/v1.9.1
Milestone
v1.9.1

Comments

@timbuchwaldt
Copy link

timbuchwaldt commented Jul 21, 2022
edited
Loading

What steps did you take and what happened:
After updating to Velero 1.9.0 via the Helm chart we saw all Restic backups fail. We use a custom CA Cert for the internal S3 compliant backup stoarge.
The following error is reported:

stderr=unable to read root certificate: open /tmp/cacert-default3164165714: no such file or directory
github.com/restic/restic/internal/backend.Transport
/restic/internal/backend/http_transport.go:110
main.open
    /restic/cmd/restic/global.go:687
main.OpenRepository
    /restic/cmd/restic/global.go:421
main.runBackup
    /restic/cmd/restic/cmd_backup.go:524
main.glob..func2
    /restic/cmd/restic/cmd_backup.go:61
github.com/spf13/cobra.(*Command).execute
    /home/build/go/pkg/mod/github.com/spf13/[email protected]/command.go:856
github.com/spf13/cobra.(*Command).ExecuteC
    /home/build/go/pkg/mod/github.com/spf13/[email protected]/command.go:974
github.com/spf13/cobra.(*Command).Execute
    /home/build/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
main.main
    /restic/cmd/restic/main.go:98
runtime.main
    /usr/local/go/src/runtime/proc.go:250
runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1571
: exit status 1

A rollback to the 1.8.1 release works perfectly.

The config looks something like this:

          configuration:
              provider: aws
              backupStorageLocation:
                bucket: k8s-backups
                caCert: <base64 crt>
                config:
                  region: us-east-1
                  s3ForcePathStyle: "true"
                  s3Url: https://my-funny-s3.local
              volumeSnapshotLocation:
                config:
                  region: us-east-1
              defaultVolumesToRestic: true

What did you expect to happen:
Succesful backups with our custom CA.

Environment:

Client:
	Version: v1.9.0
	Git commit: 6021f148c4d7721285e815a3e1af761262bff029
Server:
	Version: v1.8.1
  • Velero features (use velero client config get features): NOT SET
  • Kubernetes version (use kubectl version): 1.23.7/1.22

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

  • 👍 for "I would like to see this bug fixed as soon as possible"
  • 👎 for "There are more important bugs to focus on right now"
@blackpiglet blackpiglet self-assigned this Jul 21, 2022
blackpiglet pushed a commit to blackpiglet/velero that referenced this issue Jul 22, 2022
Delay CA file deletion in PVB controller
21f50ce 
Fix vmware-tanzu#5140.

Signed-off-by: Xun Jiang <[email protected]>
@blackpiglet blackpiglet mentioned this issue Jul 22, 2022
Merged
3 tasks
blackpiglet pushed a commit to blackpiglet/velero that referenced this issue Jul 22, 2022
Delay CA file deletion in PVB controller
e9c3666 
Fix vmware-tanzu#5140.

Signed-off-by: Xun Jiang <[email protected]>
blackpiglet pushed a commit to blackpiglet/velero that referenced this issue Jul 22, 2022
Delay CA file deletion in PVB controller
82ac228 
Fix vmware-tanzu#5140.

Signed-off-by: Xun Jiang <[email protected]>
@reasonerjt reasonerjt added this to the v1.9.1 milestone Jul 25, 2022
@blackpiglet blackpiglet modified the milestones: v1.9.1, 1.9.0 Jul 25, 2022
blackpiglet pushed a commit to blackpiglet/velero that referenced this issue Jul 26, 2022
Delay CA file deletion in PVB controller
1fa6f3c 
Fix vmware-tanzu#5140.

Signed-off-by: Xun Jiang <[email protected]>
@blackpiglet blackpiglet mentioned this issue Jul 26, 2022
Merged
3 tasks
blackpiglet pushed a commit to blackpiglet/velero that referenced this issue Jul 26, 2022
Delay CA file deletion in PVB controller
4d20c5a 
Fix vmware-tanzu#5140.

Signed-off-by: Xun Jiang <[email protected]>
sseago pushed a commit to sseago/velero that referenced this issue Jul 26, 2022
@sseago
Delay CA file deletion in PVB controller
034d38b 
Fix vmware-tanzu#5140.

Signed-off-by: Xun Jiang <[email protected]>
@sseago sseago mentioned this issue Jul 26, 2022
Merged
@nwakalka nwakalka mentioned this issue Aug 9, 2022
Closed
danfengliu pushed a commit to danfengliu/velero that referenced this issue Sep 13, 2022
@danfengliu
Delay CA file deletion in PVB controller
5b63233 
Fix vmware-tanzu#5140.

Signed-off-by: Xun Jiang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@blackpiglet blackpiglet

Labels
Bug target/v1.9.1
Projects
None yet
Milestone
v1.9.1
Development

Successfully merging a pull request may close this issue.

Delay CA file deletion in PVB controller blackpiglet/velero
3 participants
@timbuchwaldt @reasonerjt @blackpiglet