Comments (6)
I'm chaning the issue a bit so that it's about a more generic "Allow Passing Additional Flags to Restic" use-case.
from k8up.
How about using a similar environment variable as $BACKUP_RESTIC_OPTIONS, let's say $BACKUP_RESTIC_FLAGS and adding those flags to the restic command?
from k8up.
Hi @sebt3
Thanks for opening this issue and the interest and sorry for the late response.
I've allowed myself to change the title to a generic feature request where one can specify to ignore TLS verification. However, TLS verification being enabled by default is by design and the skipping verification is not a bug.
As of now, there's no possibility to backup to a Restic repository with a self-signed certificate. You might be able to backup using an alternative backend, e.g. non-TLS S3 backend (http
) or using the Restic REST server without TLS.
from k8up.
It can also but used as http, but then restic use a minio compatibility mode which doesnt suit QuObjects and restic fail with "The Content-MD5 you specified was invalid".
Just extending up this. I'm not sure what exactly you mean with "minio compatibility mode".
Restic is indeed using the S3 client by Minio, regardless whether TLS is enabled or not. See here: https://github.com/restic/restic/blob/f5f13f6648528906e1ce73a5b0773a2a0f0a1509/internal/backend/s3/s3.go#L28. So, I'm not entirely convinced if a --insecure-tls
flag is actually going to solve your "Content-MD5" issue with QNAP even with TLS, it sounds more like QNAP "QuObjects" itself is actually the incompatible part (or it is working but the error is completely unrelated to QNAP/Minio).
from k8up.
As of now, there's no possibility to backup to a Restic repository with a self-signed certificate. You might be able to backup using an alternative backend, e.g. non-TLS S3 backend (
http
) or using the Restic REST server without TLS.
I went that road : installed minio on my NAS using the qpkg alternative store, and got backup working even before oping this issue ;)
So, I'm not entirely convinced if a
--insecure-tls
flag is actually going to solve your "Content-MD5" issue with QNAP even with TLS, it sounds more like QNAP "QuObjects" itself is actually the incompatible part (or it is working but the error is completely unrelated to QNAP/Minio).
I was more speculating than anything but since QuOjbects is close source, i'll side with your guess.
Still, being able to propagate restic specific arguments (including --insecure-tls
) would be a great addition to k8up
from k8up.
How about using a similar environment variable as $BACKUP_RESTIC_OPTIONS, let's say $BACKUP_RESTIC_FLAGS and adding those flags to the restic command?
This would totally solve my problem, and could be a answer to this one : #317
I need to exclude the "lost+found" folder from the backup because i use longhorn volume.
i would like the pass the "--exclude /**/lost+found" flag...
EDIT : I managed to use the BACKUP_COMMAND_RESTIC env var to pass the flag but the actual k8up binary seems to not support it yet.
from k8up.
Related Issues (20)
- Helm Chart: Please allow service account annotations HOT 2
- Add global flag to skip all PVC backups HOT 1
- How to add insecureSkipTLSVerify=true for S3 bucket connection in K8up backup.yaml resource? HOT 1
- k8up backup doesn't support backing up openebs storage class PVs with RWO access HOT 4
- Docs: k8up.io seems to be defaulting to version 2.7 and does not show versions after 2.7 HOT 1
- Custom Annotations for Backup-Jobs
- Post-Backup-Action HOT 1
- Cold Storage Support HOT 2
- Use image.registry for kubectl image HOT 1
- Bucket creation in recently opened AWS regions fails HOT 3
- Allow to attach dynamic tags to snapshots
- Env variable BACKUP_GLOBALRESTORES3ACCESKEYID contains typo
- Allow using custom CA certificates HOT 2
- Support container Security Context HOT 1
- Improve external Contributor Experience
- Archive is Not Created HOT 1
- Include K8s objects in backup
- Failed backup stated as succeeded HOT 5
- Longhorn & Wordpress - k8up changes directory permission HOT 3
- Create PVC Backups via CSI Snapshots or CSI Cloned Volumes
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8up.