|
39 | 39 | ---- |
40 | 40 | <1> Specify the Base64-encoded CA certificate string. |
41 | 41 | <2> The `insecureSkipTLSVerify` configuration can be set to either `"true"` or `"false"`. If set to `"true"`, SSL/TLS security is disabled. If set to `"false"`, SSL/TLS security is enabled. |
| 42 | +
|
| 43 | +[id="oadp-using-ca-certificates-with-velero-command-aliased-for-velero-deployment_{context}"] |
| 44 | +== Using CA certificates with the velero command aliased for Velero deployment |
| 45 | + |
| 46 | +You might want to use the Velero CLI without installing it locally on your system by creating an alias for it. |
| 47 | + |
| 48 | +.Prerequisites |
| 49 | + |
| 50 | +* You must be logged in to the OpenShift Container Platform cluster as a user with the `cluster-admin` role. |
| 51 | +* You must have the OpenShift CLI (`oc`) installed. |
| 52 | + |
| 53 | +. To use an aliased Velero command, run the following command: |
| 54 | ++ |
| 55 | +[source,terminal] |
| 56 | +---- |
| 57 | +$ alias velero='oc -n openshift-adp exec deployment/velero -c velero -it -- ./velero' |
| 58 | +---- |
| 59 | +. Check that the alias is working by running the following command: |
| 60 | ++ |
| 61 | +[source,terminal] |
| 62 | +.Example |
| 63 | +---- |
| 64 | +$ velero version |
| 65 | +Client: |
| 66 | + Version: v1.12.1-OADP |
| 67 | + Git commit: - |
| 68 | +Server: |
| 69 | + Version: v1.12.1-OADP |
| 70 | +---- |
| 71 | + |
| 72 | +. To use a CA certificate with this command, you can add a certificate to the Velero deployment by running the following commands: |
| 73 | ++ |
| 74 | +[source,terminal] |
| 75 | +---- |
| 76 | +$ CA_CERT=$(oc -n openshift-adp get dataprotectionapplications.oadp.openshift.io <dpa-name> -o jsonpath='{.spec.backupLocations[0].velero.objectStorage.caCert}') |
| 77 | +
|
| 78 | +$ [[ -n $CA_CERT ]] && echo "$CA_CERT" | base64 -d | oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "cat > /tmp/your-cacert.txt" || echo "DPA BSL has no caCert" |
| 79 | +---- |
| 80 | ++ |
| 81 | +[source,terminal] |
| 82 | +---- |
| 83 | +$ velero -n openshift-adp describe backup <backup-name> --details --cacert /tmp/your-cacert.txt |
| 84 | +---- |
| 85 | ++ |
| 86 | +. If the Velero pod restarts, the `/tmp/your-cacert.txt` file disappears, and you must re-create the `/tmp/your-cacert.txt` file by re-running the commands from the previous step. |
| 87 | + |
| 88 | +. You can check if the `/tmp/your-cacert.txt` file still exists, in the file location where you stored it, by running the following command: |
| 89 | ++ |
| 90 | +[source,terminal] |
| 91 | +---- |
| 92 | +$ oc exec -n openshift-adp -i deploy/velero -c velero -- bash -c "ls /tmp/your-cacert.txt" |
| 93 | +/tmp/your-cacert.txt |
| 94 | +---- |
| 95 | + |
| 96 | +In a future release of OpenShift API for Data Protection (OADP), we plan to mount the certificate to the Velero pod so that this step is not required. |
0 commit comments