Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-2779

native kubernetes tls secrets incompatible with backup/exporter

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 2.3.2
    • None
    • None
    • None
    • 28: Upgrades, small fixes, 30: Maintenance, CMOS, ARM
    • 1

    Description

      The backup sidecar expect a secret to contain a ca.crt field (cert-manager style). The secret specified by serverSecretName is automatically mounted to the backup pod and the `/path/ca.crt` argument is passed to backup.

      Native kubernetes tls secrets only contain `tls.key` and `tls.crt` fields so backup errors for file not found. To store the root CA an additional secret is required (rootCAs).

      Currently, the secret specified by serverSecretName must be cert-manager style, and backup is unable to use the cert pool created by rootCAs otherwise backup will not function.
      It's also likely exporter is affected.

      Attachments

        Activity

          People

            Alex.emery Alex Emery (Inactive)
            Alex.emery Alex Emery (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              PagerDuty