Allow Passing Additional Flags to Restic about k8up HOT 6 OPEN

@sebt3

I'm chaning the issue a bit so that it's about a more generic "Allow Passing Additional Flags to Restic" use-case.

from k8up.

How about using a similar environment variable as $BACKUP_RESTIC_OPTIONS, let's say $BACKUP_RESTIC_FLAGS and adding those flags to the restic command?

from k8up.

Hi @sebt3
Thanks for opening this issue and the interest and sorry for the late response.
I've allowed myself to change the title to a generic feature request where one can specify to ignore TLS verification. However, TLS verification being enabled by default is by design and the skipping verification is not a bug.

As of now, there's no possibility to backup to a Restic repository with a self-signed certificate. You might be able to backup using an alternative backend, e.g. non-TLS S3 backend (http) or using the Restic REST server without TLS.

from k8up.

It can also but used as http, but then restic use a minio compatibility mode which doesnt suit QuObjects and restic fail with "The Content-MD5 you specified was invalid".

Just extending up this. I'm not sure what exactly you mean with "minio compatibility mode".
Restic is indeed using the S3 client by Minio, regardless whether TLS is enabled or not. See here: https://github.com/restic/restic/blob/f5f13f6648528906e1ce73a5b0773a2a0f0a1509/internal/backend/s3/s3.go#L28. So, I'm not entirely convinced if a --insecure-tls flag is actually going to solve your "Content-MD5" issue with QNAP even with TLS, it sounds more like QNAP "QuObjects" itself is actually the incompatible part (or it is working but the error is completely unrelated to QNAP/Minio).

from k8up.

As of now, there's no possibility to backup to a Restic repository with a self-signed certificate. You might be able to backup using an alternative backend, e.g. non-TLS S3 backend (http) or using the Restic REST server without TLS.

I went that road : installed minio on my NAS using the qpkg alternative store, and got backup working even before oping this issue ;)

So, I'm not entirely convinced if a --insecure-tls flag is actually going to solve your "Content-MD5" issue with QNAP even with TLS, it sounds more like QNAP "QuObjects" itself is actually the incompatible part (or it is working but the error is completely unrelated to QNAP/Minio).

I was more speculating than anything but since QuOjbects is close source, i'll side with your guess.

Still, being able to propagate restic specific arguments (including --insecure-tls) would be a great addition to k8up

from k8up.

How about using a similar environment variable as $BACKUP_RESTIC_OPTIONS, let's say $BACKUP_RESTIC_FLAGS and adding those flags to the restic command?

This would totally solve my problem, and could be a answer to this one : #317

I need to exclude the "lost+found" folder from the backup because i use longhorn volume.

i would like the pass the "--exclude /**/lost+found" flag...

EDIT : I managed to use the BACKUP_COMMAND_RESTIC env var to pass the flag but the actual k8up binary seems to not support it yet.

from k8up.