If you are using an S3-Compatible storage provider that is secured with a self-signed certificate, connections to the object store may fail with a certificate signed by unknown authority
message.
To proceed, provide a certificate bundle when adding the storage provider.
When using the velero install
command, you can use the --cacert
flag to provide a path
to a PEM-encoded certificate bundle to trust.
velero install \
--plugins <PLUGIN_CONTAINER_IMAGE [PLUGIN_CONTAINER_IMAGE]>
--provider <YOUR_PROVIDER> \
--bucket <YOUR_BUCKET> \
--secret-file <PATH_TO_FILE> \
--cacert <PATH_TO_CA_BUNDLE>
Velero will then automatically use the provided CA bundle to verify TLS connections to that storage provider when backing up and restoring.
To use the describe, download, or logs commands to access a backup or restore contained
in storage secured by a self-signed certificate as in the above example, you must use
the --cacert
flag to provide a path to the certificate to be trusted.
velero backup describe my-backup --cacert <PATH_TO_CA_BUNDLE>
To help you get started, see the documentation.