Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 2.3.2
Affects Version/s: None
Component/s: None
Labels:
None

Sprint:
28: Upgrades, small fixes, 30: Maintenance, CMOS, ARM
Story Points:
1

Description

The backup sidecar expect a secret to contain a ca.crt field (cert-manager style). The secret specified by serverSecretName is automatically mounted to the backup pod and the `/path/ca.crt` argument is passed to backup.

Native kubernetes tls secrets only contain `tls.key` and `tls.crt` fields so backup errors for file not found. To store the root CA an additional secret is required (rootCAs).

Currently, the secret specified by serverSecretName must be cert-manager style, and backup is unable to use the cert pool created by rootCAs otherwise backup will not function.
It's also likely exporter is affected.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: K8S-2779
#	Subject	Branch	Project	Status	CR	V
177147,5	K8S-2779: TLS breaks backup	2.3.x	couchbase-operator	Status: MERGED	+2	+1
177802,3	K8S-2779: Test for mtls upgrading with sidecars	2.3.x	couchbase-operator	Status: ABANDONED	0	+1

Activity

People

Assignee:: Alex Emery (Inactive)

Reporter:: Alex Emery (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 05/Jul/22 5:15 AM

Updated:: 09/Sep/22 2:27 PM

Resolved:: 03/Aug/22 9:55 AM

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

K8S-2779: TLS breaks backup: Gerrit Review:

K8S-2779: Test for mtls upgrading with sidecars: Gerrit Review:

native kubernetes tls secrets incompatible with backup/exporter

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty