Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
-
28: Upgrades, small fixes, 30: Maintenance, CMOS, ARM
-
1
Description
The backup sidecar expect a secret to contain a ca.crt field (cert-manager style). The secret specified by serverSecretName is automatically mounted to the backup pod and the `/path/ca.crt` argument is passed to backup.
Native kubernetes tls secrets only contain `tls.key` and `tls.crt` fields so backup errors for file not found. To store the root CA an additional secret is required (rootCAs).
Currently, the secret specified by serverSecretName must be cert-manager style, and backup is unable to use the cert pool created by rootCAs otherwise backup will not function.
It's also likely exporter is affected.
Attachments
For Gerrit Dashboard: K8S-2779 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
177147,5 | K8S-2779: TLS breaks backup | 2.3.x | couchbase-operator | Status: MERGED | +2 | +1 |
177802,3 | K8S-2779: Test for mtls upgrading with sidecars | 2.3.x | couchbase-operator | Status: ABANDONED | 0 | +1 |