Merge pull request #40812 from apinnick/oadp206-bsl-vsl-credentials

OADP-206: BSL and VSL secrets

Author: apinnick

_topic_maps/_topic_map.yml

@@ -2095,30 +2095,26 @@ Topics:
   File: graceful-cluster-shutdown
 - Name: Restarting a cluster gracefully
   File: graceful-cluster-restart
-# OADP features/plugins is not commented out because commenting it out causes a build fail.
-# Cause: Travis tries to validate commented out xref to OADP features in index file.
 # - Name: Application backup and restore
 #   Dir: application_backup_and_restore
 #   Topics:
 #   - Name: OADP features and plugins
 #     File: oadp-features-plugins
-#   - Name: Installing OADP
+#   - Name: Installing and configuring OADP
 #     Dir: installing
 #     Topics:
 #     - Name: About installing OADP
 #       File: about-installing-oadp
-#     - Name: Installing OADP with AWS
+#     - Name: Installing and configuring OADP with AWS
 #       File: installing-oadp-aws
-#     - Name: Installing OADP with Azure
+#     - Name: Installing and configuring OADP with Azure
 #       File: installing-oadp-azure
-#     - Name: Installing OADP with GCP
+#     - Name: Installing and configuring OADP with GCP
 #       File: installing-oadp-gcp
-#     - Name: Installing OADP with MCG
+#     - Name: Installing and configuring OADP with MCG
 #       File: installing-oadp-mcg
-#     - Name: Installing OADP with OCS
+#     - Name: Installing and configuring OADP with OCS
 #       File: installing-oadp-ocs
-#   - Name: Configuring OADP
-#     File: configuring-oadp
 #   - Name: Backing up and restoring
 #     Dir: backing_up_and_restoring
 #     Topics:

backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc

@@ -5,21 +5,23 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-You back up applications by creating a xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-creating-backup-cr_backing-up-applications[`Backup` custom resource (CR)].
+You back up applications by creating a xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-creating-backup-cr_backing-up-applications[`Backup`] custom resource (CR).
 
-The `Backup` CR creates backup files for Kubernetes resources and internal images, on S3 object storage, and snapshots for persistent volumes (PVs), if the cloud provider uses a native snapshot API or the xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-pvs-csi_backing-up-applications[Container Snapshot Interface (CSI)] to create snapshots, such as OpenShift Container Storage 4. For more information, see xref:../../../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots[CSI volume snapshots].
+The `Backup` CR backs up Kubernetes resources and internal images by saving them as an archive file on S3 object storage.
 
-:FeatureName: The CloudStorage API for S3 storage
+:FeatureName: The `CloudStorage` API for S3 storage
 include::modules/technology-preview.adoc[]
 
+If your cloud provider has a native snapshot API or supports xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-pvs-csi_backing-up-applications[Container Storage Interface (CSI) snapshots], the `Backup` CR backs up persistent volumes by creating snapshots. For more information, see the xref:../../../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots-overview_persistent-storage-csi-snapshots[Overview of CSI volume snapshots] in the {product-title} documentation.
+
+If your cloud provider does not support snapshots or if your applications are on NFS data volumes, you can create backups by using xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Restic].
+
 You can create xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-creating-backup-hooks_backing-up-applications[backup hooks] to run commands before or after the backup operation.
 
 You can schedule backups by creating a xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-scheduling-backups_backing-up-applications[`Schedule` CR] instead of a `Backup` CR.
 
-If your cloud provider does not support snapshots or if your applications run on NFS data volumes, you can back up applications by using xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Restic].
-
 include::modules/oadp-creating-backup-cr.adoc[leveloffset=+1]
 include::modules/oadp-backing-up-pvs-csi.adoc[leveloffset=+1]
+include::modules/oadp-backing-up-applications-restic.adoc[leveloffset=+1]
 include::modules/oadp-creating-backup-hooks.adoc[leveloffset=+1]
 include::modules/oadp-scheduling-backups.adoc[leveloffset=+1]
-include::modules/oadp-backing-up-applications-restic.adoc[leveloffset=+1]

backup_and_restore/application_backup_and_restore/configuring-oadp.adoc

@@ -5,28 +5,33 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-As a cluster administrator, you install the Openshift API for Data Protection (OADP) by installing the OADP Operator and then installing the Data Protection Application. The OADP Operator installs link:https://velero.io/docs/v1.7/[Velero 1.7].
+As a cluster administrator, you install the Openshift API for Data Protection (OADP) by installing the OADP Operator. The OADP Operator installs link:https://velero.io/docs/v1.7/[Velero 1.7].
 
-To back up Kubernetes resources and internal images, you must have S3-compatible object storage, such as the following storage providers:
+To back up Kubernetes resources and internal images, you must have object storage as a backup location, such as one of the following storage types:
 
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc#installing-oadp-aws[Amazon Web Services]
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc#installing-oadp-azure[Microsoft Azure]
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc#installing-oadp-gcp[Google Cloud Platform]
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc#installing-oadp-mcg[Multicloud Object Gateway]
+* S3-compatible object storage, such as Noobaa or Minio
 
-:FeatureName: The CloudStorage API for S3 storage
+:FeatureName: The `CloudStorage` API for S3 storage
 include::modules/technology-preview.adoc[]
 
-To back up persistent volumes (PVs) with snapshots, your cloud provider must support either a native snapshot API or Container Snapshot Interface (CSI) snapshots, such as the following providers:
+You can back up persistent volumes (PVs) by using snapshots or Restic.
+
+To back up PVs with snapshots, you must have a cloud provider that supports either a native snapshot API or Container Storage Interface (CSI) snapshots, such as one of the following cloud providers:
 
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc#installing-oadp-aws[Amazon Web Services]
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc#installing-oadp-azure[Microsoft Azure]
 * xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc#installing-oadp-gcp[Google Cloud Platform]
-* xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc#oadp-about-vsl_installing-oadp-ocs[Ceph RBD or Ceph FS storage]
+* CSI snapshot-enabled cloud provider, such as xref:../../../backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc#installing-oadp-ocs[OpenShift Container Storage]
+
+If your cloud provider does not support snapshots or if your storage is NFS, you can back up applications with xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#oadp-backing-up-applications-restic_backing-up-applications[Restic].
 
-If your cloud provider does not support snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic].
+You create a `Secret` object for your storage provider credentials and then you install the Data Protection Application.
 
 [discrete]
 == Additional resources
 
-* Overview of backup storage locations and volume snapshot locations in the link:https://velero.io/docs/v1.7/locations/[Velero documentation]
+* Overview of backup locations and snapshot locations in the link:https://velero.io/docs/v1.7/locations/[Velero documentation].

backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.adoc

@@ -1,5 +1,5 @@
 [id="installing-oadp-aws"]
-= Installing the Openshift API for Data Protection with Amazon Web Services
+= Installing and configuring the Openshift API for Data Protection with Amazon Web Services
 include::modules/common-attributes.adoc[]
 :context: installing-oadp-aws
 :installing-oadp-aws:
@@ -10,23 +10,26 @@ toc::[]
 
 You install the Openshift API for Data Protection (OADP) with Amazon Web Services (AWS) by installing the OADP Operator, configuring AWS for Velero, and then installing the Data Protection Application.
 
-:FeatureName: The CloudStorage API for S3 storage
+:FeatureName: The `CloudStorage` API for S3 storage
 include::modules/technology-preview.adoc[]
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
-If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic].
-
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-aws-s3.adoc[leveloffset=+1]
 
+include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
+
 [id="configuring-dpa-aws"]
 == Configuring the Data Protection Application
 
-include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2]
-include::modules/oadp-about-bsl.adoc[leveloffset=+2]
-include::modules/oadp-about-vsl.adoc[leveloffset=+2]
+You can configure Velero resource allocations and enable self-signed CA certificates.
+
+include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
+include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
 include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 :installing-oadp-aws!:

backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc

@@ -1,5 +1,5 @@
 [id="installing-oadp-azure"]
-= Installing the Openshift API for Data Protection with Azure
+= Installing and configuring the Openshift API for Data Protection with Microsoft Azure
 include::modules/common-attributes.adoc[]
 :context: installing-oadp-azure
 :installing-oadp-azure:
@@ -10,23 +10,26 @@ toc::[]
 
 You install the Openshift API for Data Protection (OADP) with Microsoft Azure by installing the OADP Operator, configuring Azure for Velero, and then installing the Data Protection Application.
 
-:FeatureName: The CloudStorage API for S3 storage
+:FeatureName: The `CloudStorage` API for S3 storage
 include::modules/technology-preview.adoc[]
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
-If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic].
-
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-azure.adoc[leveloffset=+1]
 
+include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
+
 [id="configuring-dpa-azure"]
 == Configuring the Data Protection Application
 
-include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2]
-include::modules/oadp-about-bsl.adoc[leveloffset=+2]
-include::modules/oadp-about-vsl.adoc[leveloffset=+2]
+You can configure Velero resource allocations and enable self-signed CA certificates.
+
+include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
+include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
 include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 :installing-oadp-azure!:

backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc

@@ -1,5 +1,5 @@
 [id="installing-oadp-gcp"]
-= Installing the Openshift API for Data Protection with Google Cloud Platform
+= Installing and configuring the Openshift API for Data Protection with Google Cloud Platform
 include::modules/common-attributes.adoc[]
 :context: installing-oadp-gcp
 :installing-oadp-gcp:
@@ -10,23 +10,26 @@ toc::[]
 
 You install the Openshift API for Data Protection (OADP) with Google Cloud Platform (GCP) by installing the OADP Operator, configuring GCP for Velero, and then installing the Data Protection Application.
 
-:FeatureName: The CloudStorage API for S3 storage
+:FeatureName: The `CloudStorage` API for S3 storage
 include::modules/technology-preview.adoc[]
 
 To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
 
-If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic].
-
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-gcp.adoc[leveloffset=+1]
 
+include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
+
 [id="configuring-dpa-gcp"]
 == Configuring the Data Protection Application
 
-include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2]
-include::modules/oadp-about-bsl.adoc[leveloffset=+2]
-include::modules/oadp-about-vsl.adoc[leveloffset=+2]
+You can configure Velero resource allocations and enable self-signed CA certificates.
+
+include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
+include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
 include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 :installing-oadp-gcp!:

backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc

@@ -1,5 +1,5 @@
 [id="installing-oadp-mcg"]
-= Installing the Openshift API for Data Protection with Google Cloud Platform
+= Installing and configuring the Openshift API for Data Protection with Google Cloud Platform
 include::modules/common-attributes.adoc[]
 :context: installing-oadp-mcg
 :installing-oadp-mcg:
@@ -8,23 +8,34 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-You install the Openshift API for Data Protection (OADP) with Multicloud Object Gateway (MCG) by installing the OADP Operator, retrieving the MCG credentials, and then installing the Data Protection Application.
+You install the Openshift API for Data Protection (OADP) with Multicloud Object Gateway (MCG) by installing the OADP Operator, creating a `Secret` object, and then installing the Data Protection Application.
 
-MCG is a component of OpenShift Container Storage (OCS). You can configure MCG as a backup location.
+MCG is a component of OpenShift Container Storage (OCS). You configure MCG as a backup location in the `DataProtectionApplication` custom resource (CR).
 
-To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
+:FeatureName: The `CloudStorage` API for S3 storage
+include::modules/technology-preview.adoc[]
 
-If you are not using snapshots or if your storage is NFS, you can create backups with link:https://restic.net/[Restic].
+If your cloud provider has a native snapshot API, configure a snapshot location. If your cloud provider does not support snapshots or if your storage is NFS, you can create backups with Restic.
+
+You do not need to specify a snapshot location in the `DataProtectionApplication` CR for Restic or Container Storage Interface (CSI) snapshots.
+
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
 
 include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-mcg.adoc[leveloffset=+1]
 
+include::modules/oadp-creating-secret.adoc[leveloffset=+1]
+include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+2]
+
 [id="configuring-dpa-mcg"]
 == Configuring the Data Protection Application
 
-include::modules/oadp-configuring-default-plug-ins.adoc[leveloffset=+2]
-include::modules/oadp-about-bsl.adoc[leveloffset=+2]
+You can configure Velero resource allocations and enable self-signed CA certificates.
+
+include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+2]
+include::modules/oadp-self-signed-certificate.adoc[leveloffset=+2]
 
 include::modules/oadp-installing-dpa.adoc[leveloffset=+1]
+include::modules/oadp-enabling-csi-dpa.adoc[leveloffset=+2]
 
 :installing-oadp-mcg!: