Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-2779

native kubernetes tls secrets incompatible with backup/exporter

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.3.2
    • None
    • None
    • 28: Upgrades, small fixes, 30: Maintenance, CMOS, ARM
    • 1

    Description

      The backup sidecar expect a secret to contain a ca.crt field (cert-manager style). The secret specified by serverSecretName is automatically mounted to the backup pod and the `/path/ca.crt` argument is passed to backup.

      Native kubernetes tls secrets only contain `tls.key` and `tls.crt` fields so backup errors for file not found. To store the root CA an additional secret is required (rootCAs).

      Currently, the secret specified by serverSecretName must be cert-manager style, and backup is unable to use the cert pool created by rootCAs otherwise backup will not function.
      It's also likely exporter is affected.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          Hi Alex Emery / Tommie McAfee Just checking on this one - are we happy that this fix fits in 2.3.2 alongside the other changes? How much does it add to the testing?

          malarky Chris Malarky added a comment - Hi Alex Emery / Tommie McAfee Just checking on this one - are we happy that this fix fits in 2.3.2 alongside the other changes? How much does it add to the testing?
          tommie Tommie McAfee added a comment - - edited

          Yes to 2.3.2 and Alex has already added tests.

          tommie Tommie McAfee added a comment - - edited Yes to 2.3.2 and Alex has already added tests.

          Build couchbase-operator-2.3.2-101 contains couchbase-operator commit 3533192 with commit message:
          K8S-2779: TLS breaks backup

          build-team Couchbase Build Team added a comment - Build couchbase-operator-2.3.2-101 contains couchbase-operator commit 3533192 with commit message: K8S-2779 : TLS breaks backup

          Build couchbase-operator-2.4.0-110 contains couchbase-operator commit 3533192 with commit message:
          K8S-2779: TLS breaks backup

          build-team Couchbase Build Team added a comment - Build couchbase-operator-2.4.0-110 contains couchbase-operator commit 3533192 with commit message: K8S-2779 : TLS breaks backup

          People

            Alex.emery Alex Emery
            Alex.emery Alex Emery
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty