Velero: Install velero with Minio running behind proxy
I would like to install velero with my minio server accessible using my proxy server.
so is there a way to specify http proxy argument(http_proxy=MY_PROXY_URL ) while installing velero like below.
velero install --provider aws --bucket <bucket name> --secret-file /opt/ibm/media/icp-backup/velero-v1.0.0-linux-amd64/credentials-velero --use-volume-snapshots=false --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://IP:PORT **http_proxy=MY_PROXY_URL** --velero-pod-mem-limit 2Gi --velero-pod-mem-request 2Gi --use-restic
Or may be there is a way to configure BackupStorageLocation crds with proxy arguments
adityagu0910
All 5 comments
@adityagu0910 I believe you'll need to manually edit your velero deployment/daemonset to include this env var.
skriss
on 2 Dec 2019
Thanks
I tried with env variables and I am getting below error
An error occurred: some backup storage locations are invalid: backup store for location "default" is invalid: rpc error: code = Unknown desc = RequestError: send request failed
caused by: Get https://s3.service.gocloud.domain/minio/sus-icp-uat-backup?delimiter=%2F&list-type=2&prefix=: x509: certificate signed by unknown authority
and when i add flag insecureSkipTLSVerify: "true" in backupstoragelocation, it gives below error
An error occurred: some backup storage locations are invalid: backup store for location "default" is invalid: rpc error: code = Unknown desc = RequestError: send request failed
caused by: Get https://s3.service.gocloud.domain/minio/sus-icp-uat-backup?delimiter=%2F&list-type=2&prefix=: dial tcp: lookup s3.service.gocloud.domain on 172.16.128.10:53: no such host
Any suggestion on why it is not able to redirect properly to ingress url of minio while using insecureSkipTLSVerify ?
adityagu0910
on 2 Dec 2019
I was able to connect by mounting my ingress cert in velero deployment and restic daemonset.
Create cert -
kubectl --namespace=velero create secret generic velero-minio-cert --from-file=minio.crt
Add volume mounts -
- mountPath: /etc/ssl/certs/minio.crt
name: velero-minio-cert
subPath: minio.crt
Add volumes -
- name: velero-minio-cert
secret:
defaultMode: 420
secretName: velero-minio-cert
For proxy, I added variables - no proxy is required, if you want to connect to your pod.
- name: HTTP_PROXY
value: http://MYPROXYHOST:80
- name: HTTPS_PROXY
value: http://MYPROXYHOST:80
- name: NO_PROXY
value: 172.16.128.1
adityagu0910
on 4 Dec 2019
xref #1027
skriss
on 6 Dec 2019
closing out.
skriss
on 6 Dec 2019
Related issues
MeghanaSrinath
路
4Comments
archmangler
路
3Comments
skriss
路
4Comments
nrb
路
4Comments
abh
路
4Comments
Most helpful comment
I was able to connect by mounting my ingress cert in velero deployment and restic daemonset.
Create cert -
kubectl --namespace=velero create secret generic velero-minio-cert --from-file=minio.crtAdd volume mounts -
- mountPath: /etc/ssl/certs/minio.crt name: velero-minio-cert subPath: minio.crtAdd volumes -
- name: velero-minio-cert secret: defaultMode: 420 secretName: velero-minio-certFor proxy, I added variables - no proxy is required, if you want to connect to your pod.
- name: HTTP_PROXY value: http://MYPROXYHOST:80 - name: HTTPS_PROXY value: http://MYPROXYHOST:80 - name: NO_PROXY value: 172.16.128.1